Class: ActiveSupport::MessageVerifier
- Defined in:
- activesupport/lib/active_support/message_verifier.rb
Overview
MessageVerifier
makes it easy to generate and verify messages which are signed to prevent tampering.
This is useful for cases like remember-me tokens and auto-unsubscribe links where the session store isn’t suitable or available.
Remember Me:
[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])
In the authentication filter:
id, time = @verifier.verify([:remember_me])
if time < Time.now
self.current_user = User.find(id)
end
By default it uses Marshal to serialize the message. If you want to use another serialization method, you can set the serializer attribute to something that responds to dump and load, e.g.:
@verifier.serializer = YAML
Defined Under Namespace
Classes: InvalidSignature
Instance Method Summary collapse
- #generate(value) ⇒ Object
-
#initialize(secret, options = {}) ⇒ MessageVerifier
constructor
A new instance of MessageVerifier.
- #verify(signed_message) ⇒ Object
Constructor Details
#initialize(secret, options = {}) ⇒ MessageVerifier
Returns a new instance of MessageVerifier.
30 31 32 33 34 35 36 37 38 39 |
# File 'activesupport/lib/active_support/message_verifier.rb', line 30 def initialize(secret, = {}) unless .is_a?(Hash) ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :digest => 'algorithm' to specify the digest algorithm." = { :digest => } end @secret = secret @digest = [:digest] || 'SHA1' @serializer = [:serializer] || Marshal end |
Instance Method Details
#generate(value) ⇒ Object
52 53 54 55 |
# File 'activesupport/lib/active_support/message_verifier.rb', line 52 def generate(value) data = ::Base64.strict_encode64(@serializer.dump(value)) "#{data}--#{generate_digest(data)}" end |
#verify(signed_message) ⇒ Object
41 42 43 44 45 46 47 48 49 50 |
# File 'activesupport/lib/active_support/message_verifier.rb', line 41 def verify() raise InvalidSignature if .blank? data, digest = .split("--") if data.present? && digest.present? && secure_compare(digest, generate_digest(data)) @serializer.load(::Base64.decode64(data)) else raise InvalidSignature end end |