activesupport 5.1.1 → 6.1.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activesupport might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +360 -442
- data/MIT-LICENSE +1 -1
- data/README.rdoc +5 -4
- data/lib/active_support/actionable_error.rb +48 -0
- data/lib/active_support/all.rb +2 -0
- data/lib/active_support/array_inquirer.rb +6 -2
- data/lib/active_support/backtrace_cleaner.rb +31 -3
- data/lib/active_support/benchmarkable.rb +3 -1
- data/lib/active_support/builder.rb +2 -0
- data/lib/active_support/cache/file_store.rb +37 -36
- data/lib/active_support/cache/mem_cache_store.rb +65 -53
- data/lib/active_support/cache/memory_store.rb +61 -33
- data/lib/active_support/cache/null_store.rb +10 -3
- data/lib/active_support/cache/redis_cache_store.rb +493 -0
- data/lib/active_support/cache/strategy/local_cache.rb +68 -22
- data/lib/active_support/cache/strategy/local_cache_middleware.rb +2 -0
- data/lib/active_support/cache.rb +305 -127
- data/lib/active_support/callbacks.rb +106 -98
- data/lib/active_support/concern.rb +79 -6
- data/lib/active_support/concurrency/load_interlock_aware_monitor.rb +35 -0
- data/lib/active_support/concurrency/share_lock.rb +2 -1
- data/lib/active_support/configurable.rb +12 -14
- data/lib/active_support/configuration_file.rb +46 -0
- data/lib/active_support/core_ext/array/access.rb +21 -7
- data/lib/active_support/core_ext/array/conversions.rb +7 -5
- data/lib/active_support/core_ext/array/extract.rb +21 -0
- data/lib/active_support/core_ext/array/extract_options.rb +2 -0
- data/lib/active_support/core_ext/array/grouping.rb +2 -0
- data/lib/active_support/core_ext/array/inquiry.rb +2 -0
- data/lib/active_support/core_ext/array/wrap.rb +2 -0
- data/lib/active_support/core_ext/array.rb +3 -1
- data/lib/active_support/core_ext/benchmark.rb +4 -2
- data/lib/active_support/core_ext/big_decimal/conversions.rb +2 -0
- data/lib/active_support/core_ext/big_decimal.rb +2 -0
- data/lib/active_support/core_ext/class/attribute.rb +50 -47
- data/lib/active_support/core_ext/class/attribute_accessors.rb +2 -0
- data/lib/active_support/core_ext/class/subclasses.rb +18 -40
- data/lib/active_support/core_ext/class.rb +2 -0
- data/lib/active_support/core_ext/date/acts_like.rb +2 -0
- data/lib/active_support/core_ext/date/blank.rb +2 -0
- data/lib/active_support/core_ext/date/calculations.rb +8 -5
- data/lib/active_support/core_ext/date/conversions.rb +12 -10
- data/lib/active_support/core_ext/date/zones.rb +2 -0
- data/lib/active_support/core_ext/date.rb +2 -0
- data/lib/active_support/core_ext/date_and_time/calculations.rb +61 -37
- data/lib/active_support/core_ext/date_and_time/compatibility.rb +18 -1
- data/lib/active_support/core_ext/date_and_time/zones.rb +2 -1
- data/lib/active_support/core_ext/date_time/acts_like.rb +2 -0
- data/lib/active_support/core_ext/date_time/blank.rb +2 -0
- data/lib/active_support/core_ext/date_time/calculations.rb +3 -1
- data/lib/active_support/core_ext/date_time/compatibility.rb +7 -5
- data/lib/active_support/core_ext/date_time/conversions.rb +2 -1
- data/lib/active_support/core_ext/date_time.rb +2 -0
- data/lib/active_support/core_ext/digest/uuid.rb +3 -1
- data/lib/active_support/core_ext/digest.rb +3 -0
- data/lib/active_support/core_ext/enumerable.rb +174 -71
- data/lib/active_support/core_ext/file/atomic.rb +3 -1
- data/lib/active_support/core_ext/file.rb +2 -0
- data/lib/active_support/core_ext/hash/conversions.rb +7 -5
- data/lib/active_support/core_ext/hash/deep_merge.rb +8 -12
- data/lib/active_support/core_ext/hash/deep_transform_values.rb +46 -0
- data/lib/active_support/core_ext/hash/except.rb +4 -2
- data/lib/active_support/core_ext/hash/indifferent_access.rb +2 -0
- data/lib/active_support/core_ext/hash/keys.rb +3 -30
- data/lib/active_support/core_ext/hash/reverse_merge.rb +5 -2
- data/lib/active_support/core_ext/hash/slice.rb +8 -29
- data/lib/active_support/core_ext/hash.rb +3 -2
- data/lib/active_support/core_ext/integer/inflections.rb +2 -0
- data/lib/active_support/core_ext/integer/multiple.rb +3 -1
- data/lib/active_support/core_ext/integer/time.rb +7 -14
- data/lib/active_support/core_ext/integer.rb +2 -0
- data/lib/active_support/core_ext/kernel/concern.rb +2 -0
- data/lib/active_support/core_ext/kernel/reporting.rb +2 -0
- data/lib/active_support/core_ext/kernel/singleton_class.rb +2 -0
- data/lib/active_support/core_ext/kernel.rb +2 -1
- data/lib/active_support/core_ext/load_error.rb +3 -8
- data/lib/active_support/core_ext/marshal.rb +4 -0
- data/lib/active_support/core_ext/module/aliasing.rb +2 -0
- data/lib/active_support/core_ext/module/anonymous.rb +2 -0
- data/lib/active_support/core_ext/module/attr_internal.rb +4 -2
- data/lib/active_support/core_ext/module/attribute_accessors.rb +44 -56
- data/lib/active_support/core_ext/module/attribute_accessors_per_thread.rb +18 -18
- data/lib/active_support/core_ext/module/concerning.rb +15 -10
- data/lib/active_support/core_ext/module/delegation.rb +103 -58
- data/lib/active_support/core_ext/module/deprecation.rb +2 -0
- data/lib/active_support/core_ext/module/introspection.rb +18 -15
- data/lib/active_support/core_ext/module/redefine_method.rb +40 -0
- data/lib/active_support/core_ext/module/remove_method.rb +5 -23
- data/lib/active_support/core_ext/module.rb +3 -1
- data/lib/active_support/core_ext/name_error.rb +36 -2
- data/lib/active_support/core_ext/numeric/bytes.rb +2 -0
- data/lib/active_support/core_ext/numeric/conversions.rb +131 -129
- data/lib/active_support/core_ext/numeric/time.rb +7 -15
- data/lib/active_support/core_ext/numeric.rb +2 -1
- data/lib/active_support/core_ext/object/acts_like.rb +12 -1
- data/lib/active_support/core_ext/object/blank.rb +13 -3
- data/lib/active_support/core_ext/object/conversions.rb +2 -0
- data/lib/active_support/core_ext/object/deep_dup.rb +3 -1
- data/lib/active_support/core_ext/object/duplicable.rb +6 -101
- data/lib/active_support/core_ext/object/inclusion.rb +2 -0
- data/lib/active_support/core_ext/object/instance_variables.rb +2 -0
- data/lib/active_support/core_ext/object/json.rb +22 -2
- data/lib/active_support/core_ext/object/to_param.rb +2 -0
- data/lib/active_support/core_ext/object/to_query.rb +7 -2
- data/lib/active_support/core_ext/object/try.rb +19 -7
- data/lib/active_support/core_ext/object/with_options.rb +4 -2
- data/lib/active_support/core_ext/object.rb +2 -0
- data/lib/active_support/core_ext/range/compare_range.rb +82 -0
- data/lib/active_support/core_ext/range/conversions.rb +35 -25
- data/lib/active_support/core_ext/range/each.rb +5 -2
- data/lib/active_support/core_ext/range/include_time_with_zone.rb +28 -0
- data/lib/active_support/core_ext/range/overlaps.rb +2 -0
- data/lib/active_support/core_ext/range.rb +4 -1
- data/lib/active_support/core_ext/regexp.rb +10 -5
- data/lib/active_support/core_ext/securerandom.rb +25 -3
- data/lib/active_support/core_ext/string/access.rb +7 -16
- data/lib/active_support/core_ext/string/behavior.rb +2 -0
- data/lib/active_support/core_ext/string/conversions.rb +3 -0
- data/lib/active_support/core_ext/string/exclude.rb +2 -0
- data/lib/active_support/core_ext/string/filters.rb +44 -1
- data/lib/active_support/core_ext/string/indent.rb +2 -0
- data/lib/active_support/core_ext/string/inflections.rb +69 -16
- data/lib/active_support/core_ext/string/inquiry.rb +3 -0
- data/lib/active_support/core_ext/string/multibyte.rb +9 -4
- data/lib/active_support/core_ext/string/output_safety.rb +76 -20
- data/lib/active_support/core_ext/string/starts_ends_with.rb +4 -2
- data/lib/active_support/core_ext/string/strip.rb +5 -1
- data/lib/active_support/core_ext/string/zones.rb +2 -0
- data/lib/active_support/core_ext/string.rb +2 -0
- data/lib/active_support/core_ext/symbol/starts_ends_with.rb +14 -0
- data/lib/active_support/core_ext/symbol.rb +3 -0
- data/lib/active_support/core_ext/time/acts_like.rb +2 -0
- data/lib/active_support/core_ext/time/calculations.rb +73 -18
- data/lib/active_support/core_ext/time/compatibility.rb +4 -2
- data/lib/active_support/core_ext/time/conversions.rb +4 -0
- data/lib/active_support/core_ext/time/zones.rb +6 -4
- data/lib/active_support/core_ext/time.rb +2 -0
- data/lib/active_support/core_ext/uri.rb +11 -6
- data/lib/active_support/core_ext.rb +3 -1
- data/lib/active_support/current_attributes/test_helper.rb +13 -0
- data/lib/active_support/current_attributes.rb +208 -0
- data/lib/active_support/dependencies/autoload.rb +2 -0
- data/lib/active_support/dependencies/interlock.rb +2 -0
- data/lib/active_support/dependencies/zeitwerk_integration.rb +117 -0
- data/lib/active_support/dependencies.rb +135 -60
- data/lib/active_support/deprecation/behaviors.rb +43 -11
- data/lib/active_support/deprecation/constant_accessor.rb +4 -2
- data/lib/active_support/deprecation/disallowed.rb +56 -0
- data/lib/active_support/deprecation/instance_delegator.rb +2 -1
- data/lib/active_support/deprecation/method_wrappers.rb +30 -15
- data/lib/active_support/deprecation/proxy_wrappers.rb +32 -6
- data/lib/active_support/deprecation/reporting.rb +54 -9
- data/lib/active_support/deprecation.rb +9 -2
- data/lib/active_support/descendants_tracker.rb +61 -9
- data/lib/active_support/digest.rb +20 -0
- data/lib/active_support/duration/iso8601_parser.rb +6 -6
- data/lib/active_support/duration/iso8601_serializer.rb +20 -14
- data/lib/active_support/duration.rb +179 -41
- data/lib/active_support/encrypted_configuration.rb +45 -0
- data/lib/active_support/encrypted_file.rb +117 -0
- data/lib/active_support/environment_inquirer.rb +20 -0
- data/lib/active_support/evented_file_update_checker.rb +84 -117
- data/lib/active_support/execution_wrapper.rb +3 -0
- data/lib/active_support/executor.rb +2 -0
- data/lib/active_support/file_update_checker.rb +2 -1
- data/lib/active_support/fork_tracker.rb +62 -0
- data/lib/active_support/gem_version.rb +3 -1
- data/lib/active_support/gzip.rb +2 -0
- data/lib/active_support/hash_with_indifferent_access.rb +134 -37
- data/lib/active_support/i18n.rb +4 -1
- data/lib/active_support/i18n_railtie.rb +20 -11
- data/lib/active_support/inflections.rb +2 -0
- data/lib/active_support/inflector/inflections.rb +19 -8
- data/lib/active_support/inflector/methods.rb +87 -77
- data/lib/active_support/inflector/transliterate.rb +56 -18
- data/lib/active_support/inflector.rb +2 -0
- data/lib/active_support/json/decoding.rb +27 -26
- data/lib/active_support/json/encoding.rb +13 -3
- data/lib/active_support/json.rb +2 -0
- data/lib/active_support/key_generator.rb +3 -33
- data/lib/active_support/lazy_load_hooks.rb +33 -10
- data/lib/active_support/locale/en.rb +33 -0
- data/lib/active_support/locale/en.yml +7 -3
- data/lib/active_support/log_subscriber/test_helper.rb +2 -0
- data/lib/active_support/log_subscriber.rb +46 -13
- data/lib/active_support/logger.rb +4 -17
- data/lib/active_support/logger_silence.rb +13 -20
- data/lib/active_support/logger_thread_safe_level.rb +54 -7
- data/lib/active_support/message_encryptor.rb +101 -33
- data/lib/active_support/message_verifier.rb +85 -14
- data/lib/active_support/messages/metadata.rb +80 -0
- data/lib/active_support/messages/rotation_configuration.rb +23 -0
- data/lib/active_support/messages/rotator.rb +57 -0
- data/lib/active_support/multibyte/chars.rb +12 -68
- data/lib/active_support/multibyte/unicode.rb +17 -327
- data/lib/active_support/multibyte.rb +2 -0
- data/lib/active_support/notifications/fanout.rb +118 -16
- data/lib/active_support/notifications/instrumenter.rb +73 -9
- data/lib/active_support/notifications.rb +74 -8
- data/lib/active_support/number_helper/number_converter.rb +7 -6
- data/lib/active_support/number_helper/number_to_currency_converter.rb +6 -9
- data/lib/active_support/number_helper/number_to_delimited_converter.rb +5 -2
- data/lib/active_support/number_helper/number_to_human_converter.rb +8 -7
- data/lib/active_support/number_helper/number_to_human_size_converter.rb +6 -3
- data/lib/active_support/number_helper/number_to_percentage_converter.rb +5 -1
- data/lib/active_support/number_helper/number_to_phone_converter.rb +5 -2
- data/lib/active_support/number_helper/number_to_rounded_converter.rb +16 -53
- data/lib/active_support/number_helper/rounding_helper.rb +50 -0
- data/lib/active_support/number_helper.rb +41 -12
- data/lib/active_support/option_merger.rb +24 -3
- data/lib/active_support/ordered_hash.rb +3 -1
- data/lib/active_support/ordered_options.rb +17 -5
- data/lib/active_support/parameter_filter.rb +133 -0
- data/lib/active_support/per_thread_registry.rb +3 -1
- data/lib/active_support/proxy_object.rb +2 -0
- data/lib/active_support/rails.rb +3 -10
- data/lib/active_support/railtie.rb +60 -9
- data/lib/active_support/reloader.rb +11 -10
- data/lib/active_support/rescuable.rb +7 -6
- data/lib/active_support/secure_compare_rotator.rb +51 -0
- data/lib/active_support/security_utils.rb +26 -15
- data/lib/active_support/string_inquirer.rb +6 -3
- data/lib/active_support/subscriber.rb +74 -24
- data/lib/active_support/tagged_logging.rb +44 -8
- data/lib/active_support/test_case.rb +94 -2
- data/lib/active_support/testing/assertions.rb +58 -20
- data/lib/active_support/testing/autorun.rb +2 -4
- data/lib/active_support/testing/constant_lookup.rb +2 -0
- data/lib/active_support/testing/declarative.rb +2 -0
- data/lib/active_support/testing/deprecation.rb +2 -1
- data/lib/active_support/testing/file_fixtures.rb +4 -0
- data/lib/active_support/testing/isolation.rb +8 -4
- data/lib/active_support/testing/method_call_assertions.rb +30 -1
- data/lib/active_support/testing/parallelization/server.rb +78 -0
- data/lib/active_support/testing/parallelization/worker.rb +100 -0
- data/lib/active_support/testing/parallelization.rb +51 -0
- data/lib/active_support/testing/setup_and_teardown.rb +12 -7
- data/lib/active_support/testing/stream.rb +3 -2
- data/lib/active_support/testing/tagged_logging.rb +2 -0
- data/lib/active_support/testing/time_helpers.rb +78 -13
- data/lib/active_support/time.rb +2 -0
- data/lib/active_support/time_with_zone.rb +113 -41
- data/lib/active_support/values/time_zone.rb +55 -25
- data/lib/active_support/version.rb +2 -0
- data/lib/active_support/xml_mini/jdom.rb +5 -4
- data/lib/active_support/xml_mini/libxml.rb +4 -2
- data/lib/active_support/xml_mini/libxmlsax.rb +6 -4
- data/lib/active_support/xml_mini/nokogiri.rb +4 -2
- data/lib/active_support/xml_mini/nokogirisax.rb +5 -3
- data/lib/active_support/xml_mini/rexml.rb +12 -3
- data/lib/active_support/xml_mini.rb +5 -11
- data/lib/active_support.rb +18 -13
- metadata +81 -35
- data/lib/active_support/core_ext/array/prepend_and_append.rb +0 -7
- data/lib/active_support/core_ext/hash/compact.rb +0 -27
- data/lib/active_support/core_ext/hash/transform_values.rb +0 -30
- data/lib/active_support/core_ext/kernel/agnostics.rb +0 -11
- data/lib/active_support/core_ext/module/reachable.rb +0 -8
- data/lib/active_support/core_ext/numeric/inquiry.rb +0 -26
- data/lib/active_support/core_ext/range/include_range.rb +0 -23
- data/lib/active_support/values/unicode_tables.dat +0 -0
@@ -1,7 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "openssl"
|
2
4
|
require "base64"
|
3
|
-
require "active_support/core_ext/
|
5
|
+
require "active_support/core_ext/module/attribute_accessors"
|
4
6
|
require "active_support/message_verifier"
|
7
|
+
require "active_support/messages/metadata"
|
5
8
|
|
6
9
|
module ActiveSupport
|
7
10
|
# MessageEncryptor is a simple way to encrypt values which get stored
|
@@ -13,13 +16,82 @@ module ActiveSupport
|
|
13
16
|
# This can be used in situations similar to the <tt>MessageVerifier</tt>, but
|
14
17
|
# where you don't want users to be able to determine the value of the payload.
|
15
18
|
#
|
16
|
-
#
|
17
|
-
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
# crypt.
|
19
|
+
# len = ActiveSupport::MessageEncryptor.key_len
|
20
|
+
# salt = SecureRandom.random_bytes(len)
|
21
|
+
# key = ActiveSupport::KeyGenerator.new('password').generate_key(salt, len) # => "\x89\xE0\x156\xAC..."
|
22
|
+
# crypt = ActiveSupport::MessageEncryptor.new(key) # => #<ActiveSupport::MessageEncryptor ...>
|
23
|
+
# encrypted_data = crypt.encrypt_and_sign('my secret data') # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..."
|
24
|
+
# crypt.decrypt_and_verify(encrypted_data) # => "my secret data"
|
25
|
+
#
|
26
|
+
# === Confining messages to a specific purpose
|
27
|
+
#
|
28
|
+
# By default any message can be used throughout your app. But they can also be
|
29
|
+
# confined to a specific +:purpose+.
|
30
|
+
#
|
31
|
+
# token = crypt.encrypt_and_sign("this is the chair", purpose: :login)
|
32
|
+
#
|
33
|
+
# Then that same purpose must be passed when verifying to get the data back out:
|
34
|
+
#
|
35
|
+
# crypt.decrypt_and_verify(token, purpose: :login) # => "this is the chair"
|
36
|
+
# crypt.decrypt_and_verify(token, purpose: :shipping) # => nil
|
37
|
+
# crypt.decrypt_and_verify(token) # => nil
|
38
|
+
#
|
39
|
+
# Likewise, if a message has no purpose it won't be returned when verifying with
|
40
|
+
# a specific purpose.
|
41
|
+
#
|
42
|
+
# token = crypt.encrypt_and_sign("the conversation is lively")
|
43
|
+
# crypt.decrypt_and_verify(token, purpose: :scare_tactics) # => nil
|
44
|
+
# crypt.decrypt_and_verify(token) # => "the conversation is lively"
|
45
|
+
#
|
46
|
+
# === Making messages expire
|
47
|
+
#
|
48
|
+
# By default messages last forever and verifying one year from now will still
|
49
|
+
# return the original value. But messages can be set to expire at a given
|
50
|
+
# time with +:expires_in+ or +:expires_at+.
|
51
|
+
#
|
52
|
+
# crypt.encrypt_and_sign(parcel, expires_in: 1.month)
|
53
|
+
# crypt.encrypt_and_sign(doowad, expires_at: Time.now.end_of_year)
|
54
|
+
#
|
55
|
+
# Then the messages can be verified and returned up to the expire time.
|
56
|
+
# Thereafter, verifying returns +nil+.
|
57
|
+
#
|
58
|
+
# === Rotating keys
|
59
|
+
#
|
60
|
+
# MessageEncryptor also supports rotating out old configurations by falling
|
61
|
+
# back to a stack of encryptors. Call +rotate+ to build and add an encryptor
|
62
|
+
# so +decrypt_and_verify+ will also try the fallback.
|
63
|
+
#
|
64
|
+
# By default any rotated encryptors use the values of the primary
|
65
|
+
# encryptor unless specified otherwise.
|
66
|
+
#
|
67
|
+
# You'd give your encryptor the new defaults:
|
68
|
+
#
|
69
|
+
# crypt = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
|
70
|
+
#
|
71
|
+
# Then gradually rotate the old values out by adding them as fallbacks. Any message
|
72
|
+
# generated with the old values will then work until the rotation is removed.
|
73
|
+
#
|
74
|
+
# crypt.rotate old_secret # Fallback to an old secret instead of @secret.
|
75
|
+
# crypt.rotate cipher: "aes-256-cbc" # Fallback to an old cipher instead of aes-256-gcm.
|
76
|
+
#
|
77
|
+
# Though if both the secret and the cipher was changed at the same time,
|
78
|
+
# the above should be combined into:
|
79
|
+
#
|
80
|
+
# crypt.rotate old_secret, cipher: "aes-256-cbc"
|
21
81
|
class MessageEncryptor
|
22
|
-
|
82
|
+
prepend Messages::Rotator::Encryptor
|
83
|
+
|
84
|
+
cattr_accessor :use_authenticated_message_encryption, instance_accessor: false, default: false
|
85
|
+
|
86
|
+
class << self
|
87
|
+
def default_cipher #:nodoc:
|
88
|
+
if use_authenticated_message_encryption
|
89
|
+
"aes-256-gcm"
|
90
|
+
else
|
91
|
+
"aes-256-cbc"
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
23
95
|
|
24
96
|
module NullSerializer #:nodoc:
|
25
97
|
def self.load(value)
|
@@ -45,7 +117,7 @@ module ActiveSupport
|
|
45
117
|
OpenSSLCipherError = OpenSSL::Cipher::CipherError
|
46
118
|
|
47
119
|
# Initialize a new MessageEncryptor. +secret+ must be at least as long as
|
48
|
-
# the cipher key size. For the default 'aes-256-
|
120
|
+
# the cipher key size. For the default 'aes-256-gcm' cipher, this is 256
|
49
121
|
# bits. If you are using a user-entered secret, you can generate a suitable
|
50
122
|
# key by using <tt>ActiveSupport::KeyGenerator</tt> or a similar key
|
51
123
|
# derivation function.
|
@@ -57,41 +129,38 @@ module ActiveSupport
|
|
57
129
|
#
|
58
130
|
# Options:
|
59
131
|
# * <tt>:cipher</tt> - Cipher to use. Can be any cipher returned by
|
60
|
-
# <tt>OpenSSL::Cipher.ciphers</tt>. Default is 'aes-256-
|
132
|
+
# <tt>OpenSSL::Cipher.ciphers</tt>. Default is 'aes-256-gcm'.
|
61
133
|
# * <tt>:digest</tt> - String of digest to use for signing. Default is
|
62
134
|
# +SHA1+. Ignored when using an AEAD cipher like 'aes-256-gcm'.
|
63
135
|
# * <tt>:serializer</tt> - Object serializer to use. Default is +Marshal+.
|
64
|
-
def initialize(secret,
|
65
|
-
options = signature_key_or_options.extract_options!
|
66
|
-
sign_secret = signature_key_or_options.first
|
136
|
+
def initialize(secret, sign_secret = nil, cipher: nil, digest: nil, serializer: nil)
|
67
137
|
@secret = secret
|
68
138
|
@sign_secret = sign_secret
|
69
|
-
@cipher =
|
70
|
-
@digest =
|
139
|
+
@cipher = cipher || self.class.default_cipher
|
140
|
+
@digest = digest || "SHA1" unless aead_mode?
|
71
141
|
@verifier = resolve_verifier
|
72
|
-
@serializer =
|
142
|
+
@serializer = serializer || Marshal
|
73
143
|
end
|
74
144
|
|
75
145
|
# Encrypt and sign a message. We need to sign the message in order to avoid
|
76
|
-
# padding attacks. Reference:
|
77
|
-
def encrypt_and_sign(value)
|
78
|
-
verifier.generate(_encrypt(value))
|
146
|
+
# padding attacks. Reference: https://www.limited-entropy.com/padding-oracle-attacks/.
|
147
|
+
def encrypt_and_sign(value, expires_at: nil, expires_in: nil, purpose: nil)
|
148
|
+
verifier.generate(_encrypt(value, expires_at: expires_at, expires_in: expires_in, purpose: purpose))
|
79
149
|
end
|
80
150
|
|
81
151
|
# Decrypt and verify a message. We need to verify the message in order to
|
82
|
-
# avoid padding attacks. Reference:
|
83
|
-
def decrypt_and_verify(
|
84
|
-
_decrypt(verifier.verify(
|
152
|
+
# avoid padding attacks. Reference: https://www.limited-entropy.com/padding-oracle-attacks/.
|
153
|
+
def decrypt_and_verify(data, purpose: nil, **)
|
154
|
+
_decrypt(verifier.verify(data), purpose)
|
85
155
|
end
|
86
156
|
|
87
157
|
# Given a cipher, returns the key length of the cipher to help generate the key of desired size
|
88
|
-
def self.key_len(cipher =
|
158
|
+
def self.key_len(cipher = default_cipher)
|
89
159
|
OpenSSL::Cipher.new(cipher).key_len
|
90
160
|
end
|
91
161
|
|
92
162
|
private
|
93
|
-
|
94
|
-
def _encrypt(value)
|
163
|
+
def _encrypt(value, **metadata_options)
|
95
164
|
cipher = new_cipher
|
96
165
|
cipher.encrypt
|
97
166
|
cipher.key = @secret
|
@@ -100,22 +169,22 @@ module ActiveSupport
|
|
100
169
|
iv = cipher.random_iv
|
101
170
|
cipher.auth_data = "" if aead_mode?
|
102
171
|
|
103
|
-
encrypted_data = cipher.update(@serializer.dump(value))
|
172
|
+
encrypted_data = cipher.update(Messages::Metadata.wrap(@serializer.dump(value), **metadata_options))
|
104
173
|
encrypted_data << cipher.final
|
105
174
|
|
106
175
|
blob = "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
|
107
|
-
blob
|
176
|
+
blob = "#{blob}--#{::Base64.strict_encode64 cipher.auth_tag}" if aead_mode?
|
108
177
|
blob
|
109
178
|
end
|
110
179
|
|
111
|
-
def _decrypt(encrypted_message)
|
180
|
+
def _decrypt(encrypted_message, purpose)
|
112
181
|
cipher = new_cipher
|
113
|
-
encrypted_data, iv, auth_tag = encrypted_message.split("--"
|
182
|
+
encrypted_data, iv, auth_tag = encrypted_message.split("--").map { |v| ::Base64.strict_decode64(v) }
|
114
183
|
|
115
184
|
# Currently the OpenSSL bindings do not raise an error if auth_tag is
|
116
185
|
# truncated, which would allow an attacker to easily forge it. See
|
117
186
|
# https://github.com/ruby/openssl/issues/63
|
118
|
-
raise InvalidMessage if aead_mode? && auth_tag.bytes.length != 16
|
187
|
+
raise InvalidMessage if aead_mode? && (auth_tag.nil? || auth_tag.bytes.length != 16)
|
119
188
|
|
120
189
|
cipher.decrypt
|
121
190
|
cipher.key = @secret
|
@@ -128,7 +197,8 @@ module ActiveSupport
|
|
128
197
|
decrypted_data = cipher.update(encrypted_data)
|
129
198
|
decrypted_data << cipher.final
|
130
199
|
|
131
|
-
|
200
|
+
message = Messages::Metadata.verify(decrypted_data, purpose)
|
201
|
+
@serializer.load(message) if message
|
132
202
|
rescue OpenSSLCipherError, TypeError, ArgumentError
|
133
203
|
raise InvalidMessage
|
134
204
|
end
|
@@ -137,9 +207,7 @@ module ActiveSupport
|
|
137
207
|
OpenSSL::Cipher.new(@cipher)
|
138
208
|
end
|
139
209
|
|
140
|
-
|
141
|
-
@verifier
|
142
|
-
end
|
210
|
+
attr_reader :verifier
|
143
211
|
|
144
212
|
def aead_mode?
|
145
213
|
@aead_mode ||= new_cipher.authenticated?
|
@@ -1,6 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "base64"
|
2
4
|
require "active_support/core_ext/object/blank"
|
3
5
|
require "active_support/security_utils"
|
6
|
+
require "active_support/messages/metadata"
|
7
|
+
require "active_support/messages/rotator"
|
4
8
|
|
5
9
|
module ActiveSupport
|
6
10
|
# +MessageVerifier+ makes it easy to generate and verify messages which are
|
@@ -27,17 +31,83 @@ module ActiveSupport
|
|
27
31
|
#
|
28
32
|
# +MessageVerifier+ creates HMAC signatures using SHA1 hash algorithm by default.
|
29
33
|
# If you want to use a different hash algorithm, you can change it by providing
|
30
|
-
#
|
34
|
+
# +:digest+ key as an option while initializing the verifier:
|
31
35
|
#
|
32
36
|
# @verifier = ActiveSupport::MessageVerifier.new('s3Krit', digest: 'SHA256')
|
37
|
+
#
|
38
|
+
# === Confining messages to a specific purpose
|
39
|
+
#
|
40
|
+
# By default any message can be used throughout your app. But they can also be
|
41
|
+
# confined to a specific +:purpose+.
|
42
|
+
#
|
43
|
+
# token = @verifier.generate("this is the chair", purpose: :login)
|
44
|
+
#
|
45
|
+
# Then that same purpose must be passed when verifying to get the data back out:
|
46
|
+
#
|
47
|
+
# @verifier.verified(token, purpose: :login) # => "this is the chair"
|
48
|
+
# @verifier.verified(token, purpose: :shipping) # => nil
|
49
|
+
# @verifier.verified(token) # => nil
|
50
|
+
#
|
51
|
+
# @verifier.verify(token, purpose: :login) # => "this is the chair"
|
52
|
+
# @verifier.verify(token, purpose: :shipping) # => ActiveSupport::MessageVerifier::InvalidSignature
|
53
|
+
# @verifier.verify(token) # => ActiveSupport::MessageVerifier::InvalidSignature
|
54
|
+
#
|
55
|
+
# Likewise, if a message has no purpose it won't be returned when verifying with
|
56
|
+
# a specific purpose.
|
57
|
+
#
|
58
|
+
# token = @verifier.generate("the conversation is lively")
|
59
|
+
# @verifier.verified(token, purpose: :scare_tactics) # => nil
|
60
|
+
# @verifier.verified(token) # => "the conversation is lively"
|
61
|
+
#
|
62
|
+
# @verifier.verify(token, purpose: :scare_tactics) # => ActiveSupport::MessageVerifier::InvalidSignature
|
63
|
+
# @verifier.verify(token) # => "the conversation is lively"
|
64
|
+
#
|
65
|
+
# === Making messages expire
|
66
|
+
#
|
67
|
+
# By default messages last forever and verifying one year from now will still
|
68
|
+
# return the original value. But messages can be set to expire at a given
|
69
|
+
# time with +:expires_in+ or +:expires_at+.
|
70
|
+
#
|
71
|
+
# @verifier.generate(parcel, expires_in: 1.month)
|
72
|
+
# @verifier.generate(doowad, expires_at: Time.now.end_of_year)
|
73
|
+
#
|
74
|
+
# Then the messages can be verified and returned up to the expire time.
|
75
|
+
# Thereafter, the +verified+ method returns +nil+ while +verify+ raises
|
76
|
+
# <tt>ActiveSupport::MessageVerifier::InvalidSignature</tt>.
|
77
|
+
#
|
78
|
+
# === Rotating keys
|
79
|
+
#
|
80
|
+
# MessageVerifier also supports rotating out old configurations by falling
|
81
|
+
# back to a stack of verifiers. Call +rotate+ to build and add a verifier to
|
82
|
+
# so either +verified+ or +verify+ will also try verifying with the fallback.
|
83
|
+
#
|
84
|
+
# By default any rotated verifiers use the values of the primary
|
85
|
+
# verifier unless specified otherwise.
|
86
|
+
#
|
87
|
+
# You'd give your verifier the new defaults:
|
88
|
+
#
|
89
|
+
# verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA512", serializer: JSON)
|
90
|
+
#
|
91
|
+
# Then gradually rotate the old values out by adding them as fallbacks. Any message
|
92
|
+
# generated with the old values will then work until the rotation is removed.
|
93
|
+
#
|
94
|
+
# verifier.rotate old_secret # Fallback to an old secret instead of @secret.
|
95
|
+
# verifier.rotate digest: "SHA256" # Fallback to an old digest instead of SHA512.
|
96
|
+
# verifier.rotate serializer: Marshal # Fallback to an old serializer instead of JSON.
|
97
|
+
#
|
98
|
+
# Though the above would most likely be combined into one rotation:
|
99
|
+
#
|
100
|
+
# verifier.rotate old_secret, digest: "SHA256", serializer: Marshal
|
33
101
|
class MessageVerifier
|
102
|
+
prepend Messages::Rotator::Verifier
|
103
|
+
|
34
104
|
class InvalidSignature < StandardError; end
|
35
105
|
|
36
|
-
def initialize(secret,
|
106
|
+
def initialize(secret, digest: nil, serializer: nil)
|
37
107
|
raise ArgumentError, "Secret should not be nil." unless secret
|
38
108
|
@secret = secret
|
39
|
-
@digest =
|
40
|
-
@serializer =
|
109
|
+
@digest = digest || "SHA1"
|
110
|
+
@serializer = serializer || Marshal
|
41
111
|
end
|
42
112
|
|
43
113
|
# Checks if a signed message could have been generated by signing an object
|
@@ -52,7 +122,7 @@ module ActiveSupport
|
|
52
122
|
def valid_message?(signed_message)
|
53
123
|
return if signed_message.nil? || !signed_message.valid_encoding? || signed_message.blank?
|
54
124
|
|
55
|
-
data, digest = signed_message.split("--"
|
125
|
+
data, digest = signed_message.split("--")
|
56
126
|
data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data))
|
57
127
|
end
|
58
128
|
|
@@ -77,11 +147,12 @@ module ActiveSupport
|
|
77
147
|
#
|
78
148
|
# incompatible_message = "test--dad7b06c94abba8d46a15fafaef56c327665d5ff"
|
79
149
|
# verifier.verified(incompatible_message) # => TypeError: incompatible marshal file format
|
80
|
-
def verified(signed_message)
|
150
|
+
def verified(signed_message, purpose: nil, **)
|
81
151
|
if valid_message?(signed_message)
|
82
152
|
begin
|
83
|
-
data = signed_message.split("--"
|
84
|
-
|
153
|
+
data = signed_message.split("--")[0]
|
154
|
+
message = Messages::Metadata.verify(decode(data), purpose)
|
155
|
+
@serializer.load(message) if message
|
85
156
|
rescue ArgumentError => argument_error
|
86
157
|
return if argument_error.message.include?("invalid base64")
|
87
158
|
raise
|
@@ -101,19 +172,19 @@ module ActiveSupport
|
|
101
172
|
#
|
102
173
|
# other_verifier = ActiveSupport::MessageVerifier.new 'd1ff3r3nt-s3Krit'
|
103
174
|
# other_verifier.verify(signed_message) # => ActiveSupport::MessageVerifier::InvalidSignature
|
104
|
-
def verify(
|
105
|
-
verified(
|
175
|
+
def verify(*args, **options)
|
176
|
+
verified(*args, **options) || raise(InvalidSignature)
|
106
177
|
end
|
107
178
|
|
108
179
|
# Generates a signed message for the provided value.
|
109
180
|
#
|
110
|
-
# The message is signed with the +MessageVerifier+'s secret.
|
111
|
-
#
|
181
|
+
# The message is signed with the +MessageVerifier+'s secret.
|
182
|
+
# Returns Base64-encoded message joined with the generated signature.
|
112
183
|
#
|
113
184
|
# verifier = ActiveSupport::MessageVerifier.new 's3Krit'
|
114
185
|
# verifier.generate 'a private message' # => "BAhJIhRwcml2YXRlLW1lc3NhZ2UGOgZFVA==--e2d724331ebdee96a10fb99b089508d1c72bd772"
|
115
|
-
def generate(value)
|
116
|
-
data = encode(@serializer.dump(value))
|
186
|
+
def generate(value, expires_at: nil, expires_in: nil, purpose: nil)
|
187
|
+
data = encode(Messages::Metadata.wrap(@serializer.dump(value), expires_at: expires_at, expires_in: expires_in, purpose: purpose))
|
117
188
|
"#{data}--#{generate_digest(data)}"
|
118
189
|
end
|
119
190
|
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "time"
|
4
|
+
|
5
|
+
module ActiveSupport
|
6
|
+
module Messages #:nodoc:
|
7
|
+
class Metadata #:nodoc:
|
8
|
+
def initialize(message, expires_at = nil, purpose = nil)
|
9
|
+
@message, @purpose = message, purpose
|
10
|
+
@expires_at = expires_at.is_a?(String) ? parse_expires_at(expires_at) : expires_at
|
11
|
+
end
|
12
|
+
|
13
|
+
def as_json(options = {})
|
14
|
+
{ _rails: { message: @message, exp: @expires_at, pur: @purpose } }
|
15
|
+
end
|
16
|
+
|
17
|
+
class << self
|
18
|
+
def wrap(message, expires_at: nil, expires_in: nil, purpose: nil)
|
19
|
+
if expires_at || expires_in || purpose
|
20
|
+
JSON.encode new(encode(message), pick_expiry(expires_at, expires_in), purpose)
|
21
|
+
else
|
22
|
+
message
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def verify(message, purpose)
|
27
|
+
extract_metadata(message).verify(purpose)
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
def pick_expiry(expires_at, expires_in)
|
32
|
+
if expires_at
|
33
|
+
expires_at.utc.iso8601(3)
|
34
|
+
elsif expires_in
|
35
|
+
Time.now.utc.advance(seconds: expires_in).iso8601(3)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def extract_metadata(message)
|
40
|
+
data = JSON.decode(message) rescue nil
|
41
|
+
|
42
|
+
if data.is_a?(Hash) && data.key?("_rails")
|
43
|
+
new(decode(data["_rails"]["message"]), data["_rails"]["exp"], data["_rails"]["pur"])
|
44
|
+
else
|
45
|
+
new(message)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def encode(message)
|
50
|
+
::Base64.strict_encode64(message)
|
51
|
+
end
|
52
|
+
|
53
|
+
def decode(message)
|
54
|
+
::Base64.strict_decode64(message)
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
def verify(purpose)
|
59
|
+
@message if match?(purpose) && fresh?
|
60
|
+
end
|
61
|
+
|
62
|
+
private
|
63
|
+
def match?(purpose)
|
64
|
+
@purpose.to_s == purpose.to_s
|
65
|
+
end
|
66
|
+
|
67
|
+
def fresh?
|
68
|
+
@expires_at.nil? || Time.now.utc < @expires_at
|
69
|
+
end
|
70
|
+
|
71
|
+
def parse_expires_at(expires_at)
|
72
|
+
if ActiveSupport.use_standard_json_time_format
|
73
|
+
Time.iso8601(expires_at)
|
74
|
+
else
|
75
|
+
Time.parse(expires_at)
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActiveSupport
|
4
|
+
module Messages
|
5
|
+
class RotationConfiguration # :nodoc:
|
6
|
+
attr_reader :signed, :encrypted
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
@signed, @encrypted = [], []
|
10
|
+
end
|
11
|
+
|
12
|
+
def rotate(kind, *args, **options)
|
13
|
+
args << options unless options.empty?
|
14
|
+
case kind
|
15
|
+
when :signed
|
16
|
+
@signed << args
|
17
|
+
when :encrypted
|
18
|
+
@encrypted << args
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActiveSupport
|
4
|
+
module Messages
|
5
|
+
module Rotator # :nodoc:
|
6
|
+
def initialize(*secrets, on_rotation: nil, **options)
|
7
|
+
super(*secrets, **options)
|
8
|
+
|
9
|
+
@options = options
|
10
|
+
@rotations = []
|
11
|
+
@on_rotation = on_rotation
|
12
|
+
end
|
13
|
+
|
14
|
+
def rotate(*secrets, **options)
|
15
|
+
@rotations << build_rotation(*secrets, @options.merge(options))
|
16
|
+
end
|
17
|
+
|
18
|
+
module Encryptor
|
19
|
+
include Rotator
|
20
|
+
|
21
|
+
def decrypt_and_verify(*args, on_rotation: @on_rotation, **options)
|
22
|
+
super
|
23
|
+
rescue MessageEncryptor::InvalidMessage, MessageVerifier::InvalidSignature
|
24
|
+
run_rotations(on_rotation) { |encryptor| encryptor.decrypt_and_verify(*args, **options) } || raise
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
def build_rotation(secret = @secret, sign_secret = @sign_secret, options)
|
29
|
+
self.class.new(secret, sign_secret, **options)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
module Verifier
|
34
|
+
include Rotator
|
35
|
+
|
36
|
+
def verified(*args, on_rotation: @on_rotation, **options)
|
37
|
+
super || run_rotations(on_rotation) { |verifier| verifier.verified(*args, **options) }
|
38
|
+
end
|
39
|
+
|
40
|
+
private
|
41
|
+
def build_rotation(secret = @secret, options)
|
42
|
+
self.class.new(secret, **options)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
private
|
47
|
+
def run_rotations(on_rotation)
|
48
|
+
@rotations.find do |rotation|
|
49
|
+
if message = yield(rotation) rescue next
|
50
|
+
on_rotation&.call
|
51
|
+
return message
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -1,8 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/json"
|
2
4
|
require "active_support/core_ext/string/access"
|
3
5
|
require "active_support/core_ext/string/behavior"
|
6
|
+
require "active_support/core_ext/symbol/starts_ends_with"
|
4
7
|
require "active_support/core_ext/module/delegation"
|
5
|
-
require "active_support/core_ext/regexp"
|
6
8
|
|
7
9
|
module ActiveSupport #:nodoc:
|
8
10
|
module Multibyte #:nodoc:
|
@@ -16,7 +18,7 @@ module ActiveSupport #:nodoc:
|
|
16
18
|
# through the +mb_chars+ method. Methods which would normally return a
|
17
19
|
# String object now return a Chars object so methods can be chained.
|
18
20
|
#
|
19
|
-
# 'The Perfect String '.mb_chars.downcase.strip
|
21
|
+
# 'The Perfect String '.mb_chars.downcase.strip
|
20
22
|
# # => #<ActiveSupport::Multibyte::Chars:0x007fdc434ccc10 @wrapped_string="the perfect string">
|
21
23
|
#
|
22
24
|
# Chars objects are perfectly interchangeable with String objects as long as
|
@@ -47,7 +49,7 @@ module ActiveSupport #:nodoc:
|
|
47
49
|
alias to_s wrapped_string
|
48
50
|
alias to_str wrapped_string
|
49
51
|
|
50
|
-
delegate :<=>, :=~, :acts_like_string?, to: :wrapped_string
|
52
|
+
delegate :<=>, :=~, :match?, :acts_like_string?, to: :wrapped_string
|
51
53
|
|
52
54
|
# Creates a new Chars instance by wrapping _string_.
|
53
55
|
def initialize(string)
|
@@ -58,7 +60,7 @@ module ActiveSupport #:nodoc:
|
|
58
60
|
# Forward all undefined methods to the wrapped string.
|
59
61
|
def method_missing(method, *args, &block)
|
60
62
|
result = @wrapped_string.__send__(method, *args, &block)
|
61
|
-
if
|
63
|
+
if method.end_with?("!")
|
62
64
|
self if result
|
63
65
|
else
|
64
66
|
result.kind_of?(String) ? chars(result) : result
|
@@ -72,12 +74,6 @@ module ActiveSupport #:nodoc:
|
|
72
74
|
@wrapped_string.respond_to?(method, include_private)
|
73
75
|
end
|
74
76
|
|
75
|
-
# Returns +true+ when the proxy class can handle the string. Returns
|
76
|
-
# +false+ otherwise.
|
77
|
-
def self.consumes?(string)
|
78
|
-
string.encoding == Encoding::UTF_8
|
79
|
-
end
|
80
|
-
|
81
77
|
# Works just like <tt>String#split</tt>, with the exception that the items
|
82
78
|
# in the resulting list are Chars instances instead of String. This makes
|
83
79
|
# chaining methods easier.
|
@@ -107,7 +103,7 @@ module ActiveSupport #:nodoc:
|
|
107
103
|
#
|
108
104
|
# 'Café'.mb_chars.reverse.to_s # => 'éfaC'
|
109
105
|
def reverse
|
110
|
-
chars(
|
106
|
+
chars(@wrapped_string.scan(/\X/).reverse.join)
|
111
107
|
end
|
112
108
|
|
113
109
|
# Limits the byte size of the string to a number of bytes without breaking
|
@@ -116,35 +112,7 @@ module ActiveSupport #:nodoc:
|
|
116
112
|
#
|
117
113
|
# 'こんにちは'.mb_chars.limit(7).to_s # => "こん"
|
118
114
|
def limit(limit)
|
119
|
-
|
120
|
-
end
|
121
|
-
|
122
|
-
# Converts characters in the string to uppercase.
|
123
|
-
#
|
124
|
-
# 'Laurent, où sont les tests ?'.mb_chars.upcase.to_s # => "LAURENT, OÙ SONT LES TESTS ?"
|
125
|
-
def upcase
|
126
|
-
chars Unicode.upcase(@wrapped_string)
|
127
|
-
end
|
128
|
-
|
129
|
-
# Converts characters in the string to lowercase.
|
130
|
-
#
|
131
|
-
# 'VĚDA A VÝZKUM'.mb_chars.downcase.to_s # => "věda a výzkum"
|
132
|
-
def downcase
|
133
|
-
chars Unicode.downcase(@wrapped_string)
|
134
|
-
end
|
135
|
-
|
136
|
-
# Converts characters in the string to the opposite case.
|
137
|
-
#
|
138
|
-
# 'El Cañón'.mb_chars.swapcase.to_s # => "eL cAÑÓN"
|
139
|
-
def swapcase
|
140
|
-
chars Unicode.swapcase(@wrapped_string)
|
141
|
-
end
|
142
|
-
|
143
|
-
# Converts the first character to uppercase and the remainder to lowercase.
|
144
|
-
#
|
145
|
-
# 'über'.mb_chars.capitalize.to_s # => "Über"
|
146
|
-
def capitalize
|
147
|
-
(slice(0) || chars("")).upcase + (slice(1..-1) || chars("")).downcase
|
115
|
+
chars(@wrapped_string.truncate_bytes(limit, omission: nil))
|
148
116
|
end
|
149
117
|
|
150
118
|
# Capitalizes the first letter of every word, when possible.
|
@@ -152,21 +120,10 @@ module ActiveSupport #:nodoc:
|
|
152
120
|
# "ÉL QUE SE ENTERÓ".mb_chars.titleize.to_s # => "Él Que Se Enteró"
|
153
121
|
# "日本語".mb_chars.titleize.to_s # => "日本語"
|
154
122
|
def titleize
|
155
|
-
chars(downcase.to_s.gsub(/\b('?\S)/u) {
|
123
|
+
chars(downcase.to_s.gsub(/\b('?\S)/u) { $1.upcase })
|
156
124
|
end
|
157
125
|
alias_method :titlecase, :titleize
|
158
126
|
|
159
|
-
# Returns the KC normalization of the string by default. NFKC is
|
160
|
-
# considered the best normalization form for passing strings to databases
|
161
|
-
# and validations.
|
162
|
-
#
|
163
|
-
# * <tt>form</tt> - The form you want to normalize in. Should be one of the following:
|
164
|
-
# <tt>:c</tt>, <tt>:kc</tt>, <tt>:d</tt>, or <tt>:kd</tt>. Default is
|
165
|
-
# ActiveSupport::Multibyte::Unicode.default_normalization_form
|
166
|
-
def normalize(form = nil)
|
167
|
-
chars(Unicode.normalize(@wrapped_string, form))
|
168
|
-
end
|
169
|
-
|
170
127
|
# Performs canonical decomposition on all the characters.
|
171
128
|
#
|
172
129
|
# 'é'.length # => 2
|
@@ -188,7 +145,7 @@ module ActiveSupport #:nodoc:
|
|
188
145
|
# 'क्षि'.mb_chars.length # => 4
|
189
146
|
# 'क्षि'.mb_chars.grapheme_length # => 3
|
190
147
|
def grapheme_length
|
191
|
-
|
148
|
+
@wrapped_string.scan(/\X/).length
|
192
149
|
end
|
193
150
|
|
194
151
|
# Replaces all ISO-8859-1 or CP1252 characters by their UTF-8 equivalent
|
@@ -204,27 +161,14 @@ module ActiveSupport #:nodoc:
|
|
204
161
|
to_s.as_json(options)
|
205
162
|
end
|
206
163
|
|
207
|
-
%w(
|
164
|
+
%w(reverse tidy_bytes).each do |method|
|
208
165
|
define_method("#{method}!") do |*args|
|
209
|
-
@wrapped_string =
|
166
|
+
@wrapped_string = public_send(method, *args).to_s
|
210
167
|
self
|
211
168
|
end
|
212
169
|
end
|
213
170
|
|
214
171
|
private
|
215
|
-
|
216
|
-
def translate_offset(byte_offset)
|
217
|
-
return nil if byte_offset.nil?
|
218
|
-
return 0 if @wrapped_string == ""
|
219
|
-
|
220
|
-
begin
|
221
|
-
@wrapped_string.byteslice(0...byte_offset).unpack("U*").length
|
222
|
-
rescue ArgumentError
|
223
|
-
byte_offset -= 1
|
224
|
-
retry
|
225
|
-
end
|
226
|
-
end
|
227
|
-
|
228
172
|
def chars(string)
|
229
173
|
self.class.new(string)
|
230
174
|
end
|