Class: Rack::Bug::ParamsSignature
- Inherits:
-
Object
- Object
- Rack::Bug::ParamsSignature
- Extended by:
- ERB::Util
- Defined in:
- lib/rack/bug/params_signature.rb
Instance Attribute Summary collapse
-
#request ⇒ Object
readonly
Returns the value of attribute request.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(request) ⇒ ParamsSignature
constructor
A new instance of ParamsSignature.
- #secret_key ⇒ Object
- #secret_key_blank? ⇒ Boolean
- #signature(params) ⇒ Object
- #signature_base(params) ⇒ Object
- #validate! ⇒ Object
Constructor Details
#initialize(request) ⇒ ParamsSignature
Returns a new instance of ParamsSignature.
24 25 26 |
# File 'lib/rack/bug/params_signature.rb', line 24 def initialize(request) @request = request end |
Instance Attribute Details
#request ⇒ Object (readonly)
Returns the value of attribute request.
22 23 24 |
# File 'lib/rack/bug/params_signature.rb', line 22 def request @request end |
Class Method Details
.sign(request, hash) ⇒ Object
9 10 11 12 13 14 15 16 17 18 19 20 |
# File 'lib/rack/bug/params_signature.rb', line 9 def self.sign(request, hash) parts = [] hash.keys.sort.each do |key| parts << "#{key}=#{u(hash[key])}" end signature = new(request).signature(hash) parts << "hash=#{u(signature)}" parts.join("&") end |
Instance Method Details
#secret_key ⇒ Object
28 29 30 |
# File 'lib/rack/bug/params_signature.rb', line 28 def secret_key @request.env['rack-bug.secret_key'] end |
#secret_key_blank? ⇒ Boolean
32 33 34 |
# File 'lib/rack/bug/params_signature.rb', line 32 def secret_key_blank? secret_key.nil? || secret_key == "" end |
#signature(params) ⇒ Object
46 47 48 |
# File 'lib/rack/bug/params_signature.rb', line 46 def signature(params) Digest::SHA1.hexdigest(signature_base(params)) end |
#signature_base(params) ⇒ Object
50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/rack/bug/params_signature.rb', line 50 def signature_base(params) signature = [] signature << secret_key params.keys.sort.each do |key| next if key == "hash" signature << params[key].to_s end signature.join(":") end |
#validate! ⇒ Object
36 37 38 39 40 41 42 43 44 |
# File 'lib/rack/bug/params_signature.rb', line 36 def validate! if secret_key_blank? raise SecurityError.new("Missing secret key") end if secret_key_blank? || request.params["hash"] != signature(request.params) raise SecurityError.new("Invalid query hash.") end end |