Class: ActiveSupport::MessageVerifier
| Relationships & Source Files | |
| Namespace Children | |
|
Exceptions:
| |
| Inherits: | Object |
| Defined in: | activesupport/lib/active_support/message_verifier.rb |
Overview
MessageVerifier makes it easy to generate and verify messages which are signed to prevent tampering.
This is useful for cases like remember-me tokens and auto-unsubscribe links where the session store isn't suitable or available.
Remember Me:
[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])In the authentication filter:
id, time = @verifier.verify([:remember_me])
if time < Time.now
self.current_user = User.find(id)
endBy default it uses ::Marshal to serialize the message. If you want to use another serialization method, you can set the serializer in the options hash upon initialization:
@verifier = ActiveSupport::MessageVerifier.new('s3Krit', serializer: YAML)Class Method Summary
- .new(secret, options = {}) ⇒ MessageVerifier constructor
Instance Method Summary
Constructor Details
.new(secret, options = {}) ⇒ MessageVerifier
# File 'activesupport/lib/active_support/message_verifier.rb', line 30
def initialize(secret, = {}) raise ArgumentError, 'Secret should not be nil.' unless secret @secret = secret @digest = [:digest] || 'SHA1' @serializer = [:serializer] || Marshal end
Instance Method Details
#generate(value)
[ GitHub ]# File 'activesupport/lib/active_support/message_verifier.rb', line 53
def generate(value) data = encode(@serializer.dump(value)) "#{data}--#{generate_digest(data)}" end
#verify(signed_message)
# File 'activesupport/lib/active_support/message_verifier.rb', line 37
def verify() raise InvalidSignature if .nil? || !.valid_encoding? || .blank? data, digest = .split("--") if data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data)) begin @serializer.load(decode(data)) rescue ArgumentError => argument_error raise InvalidSignature if argument_error. =~ %r{invalid base64} raise end else raise InvalidSignature end end