activesupport 5.1.7 → 5.2.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activesupport might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +303 -617
- data/README.rdoc +1 -1
- data/lib/active_support.rb +3 -12
- data/lib/active_support/all.rb +2 -0
- data/lib/active_support/array_inquirer.rb +2 -0
- data/lib/active_support/backtrace_cleaner.rb +2 -0
- data/lib/active_support/benchmarkable.rb +2 -0
- data/lib/active_support/builder.rb +2 -0
- data/lib/active_support/cache.rb +127 -58
- data/lib/active_support/cache/file_store.rb +4 -3
- data/lib/active_support/cache/mem_cache_store.rb +12 -4
- data/lib/active_support/cache/memory_store.rb +2 -0
- data/lib/active_support/cache/null_store.rb +2 -0
- data/lib/active_support/cache/redis_cache_store.rb +404 -0
- data/lib/active_support/cache/strategy/local_cache.rb +9 -2
- data/lib/active_support/cache/strategy/local_cache_middleware.rb +2 -0
- data/lib/active_support/callbacks.rb +26 -37
- data/lib/active_support/concern.rb +3 -1
- data/lib/active_support/concurrency/share_lock.rb +2 -0
- data/lib/active_support/configurable.rb +2 -0
- data/lib/active_support/core_ext.rb +3 -1
- data/lib/active_support/core_ext/array.rb +2 -0
- data/lib/active_support/core_ext/array/access.rb +4 -2
- data/lib/active_support/core_ext/array/conversions.rb +2 -0
- data/lib/active_support/core_ext/array/extract_options.rb +2 -0
- data/lib/active_support/core_ext/array/grouping.rb +2 -0
- data/lib/active_support/core_ext/array/inquiry.rb +2 -0
- data/lib/active_support/core_ext/array/prepend_and_append.rb +4 -2
- data/lib/active_support/core_ext/array/wrap.rb +2 -0
- data/lib/active_support/core_ext/benchmark.rb +2 -0
- data/lib/active_support/core_ext/big_decimal.rb +2 -0
- data/lib/active_support/core_ext/big_decimal/conversions.rb +2 -0
- data/lib/active_support/core_ext/class.rb +2 -0
- data/lib/active_support/core_ext/class/attribute.rb +34 -16
- data/lib/active_support/core_ext/class/attribute_accessors.rb +2 -0
- data/lib/active_support/core_ext/class/subclasses.rb +1 -2
- data/lib/active_support/core_ext/date.rb +2 -0
- data/lib/active_support/core_ext/date/acts_like.rb +2 -0
- data/lib/active_support/core_ext/date/blank.rb +2 -0
- data/lib/active_support/core_ext/date/calculations.rb +2 -0
- data/lib/active_support/core_ext/date/conversions.rb +10 -9
- data/lib/active_support/core_ext/date/zones.rb +2 -0
- data/lib/active_support/core_ext/date_and_time/calculations.rb +42 -16
- data/lib/active_support/core_ext/date_and_time/compatibility.rb +3 -1
- data/lib/active_support/core_ext/date_and_time/zones.rb +2 -0
- data/lib/active_support/core_ext/date_time.rb +2 -0
- data/lib/active_support/core_ext/date_time/acts_like.rb +2 -0
- data/lib/active_support/core_ext/date_time/blank.rb +2 -0
- data/lib/active_support/core_ext/date_time/calculations.rb +2 -0
- data/lib/active_support/core_ext/date_time/compatibility.rb +6 -4
- data/lib/active_support/core_ext/date_time/conversions.rb +2 -0
- data/lib/active_support/core_ext/digest/uuid.rb +3 -1
- data/lib/active_support/core_ext/enumerable.rb +3 -1
- data/lib/active_support/core_ext/file.rb +2 -0
- data/lib/active_support/core_ext/file/atomic.rb +2 -0
- data/lib/active_support/core_ext/hash.rb +2 -0
- data/lib/active_support/core_ext/hash/compact.rb +2 -0
- data/lib/active_support/core_ext/hash/conversions.rb +2 -0
- data/lib/active_support/core_ext/hash/deep_merge.rb +8 -12
- data/lib/active_support/core_ext/hash/except.rb +2 -0
- data/lib/active_support/core_ext/hash/indifferent_access.rb +2 -0
- data/lib/active_support/core_ext/hash/keys.rb +2 -0
- data/lib/active_support/core_ext/hash/reverse_merge.rb +5 -2
- data/lib/active_support/core_ext/hash/slice.rb +4 -4
- data/lib/active_support/core_ext/hash/transform_values.rb +2 -0
- data/lib/active_support/core_ext/integer.rb +2 -0
- data/lib/active_support/core_ext/integer/inflections.rb +2 -0
- data/lib/active_support/core_ext/integer/multiple.rb +2 -0
- data/lib/active_support/core_ext/integer/time.rb +7 -14
- data/lib/active_support/core_ext/kernel.rb +2 -0
- data/lib/active_support/core_ext/kernel/agnostics.rb +2 -0
- data/lib/active_support/core_ext/kernel/concern.rb +2 -0
- data/lib/active_support/core_ext/kernel/reporting.rb +2 -0
- data/lib/active_support/core_ext/kernel/singleton_class.rb +2 -0
- data/lib/active_support/core_ext/load_error.rb +2 -7
- data/lib/active_support/core_ext/marshal.rb +2 -0
- data/lib/active_support/core_ext/module.rb +3 -0
- data/lib/active_support/core_ext/module/aliasing.rb +2 -0
- data/lib/active_support/core_ext/module/anonymous.rb +2 -0
- data/lib/active_support/core_ext/module/attr_internal.rb +2 -0
- data/lib/active_support/core_ext/module/attribute_accessors.rb +21 -24
- data/lib/active_support/core_ext/module/attribute_accessors_per_thread.rb +2 -0
- data/lib/active_support/core_ext/module/concerning.rb +2 -0
- data/lib/active_support/core_ext/module/delegation.rb +29 -24
- data/lib/active_support/core_ext/module/deprecation.rb +2 -0
- data/lib/active_support/core_ext/module/introspection.rb +2 -0
- data/lib/active_support/core_ext/module/reachable.rb +3 -0
- data/lib/active_support/core_ext/module/redefine_method.rb +49 -0
- data/lib/active_support/core_ext/module/remove_method.rb +5 -23
- data/lib/active_support/core_ext/name_error.rb +2 -0
- data/lib/active_support/core_ext/numeric.rb +2 -0
- data/lib/active_support/core_ext/numeric/bytes.rb +2 -0
- data/lib/active_support/core_ext/numeric/conversions.rb +9 -7
- data/lib/active_support/core_ext/numeric/inquiry.rb +2 -0
- data/lib/active_support/core_ext/numeric/time.rb +7 -15
- data/lib/active_support/core_ext/object.rb +2 -0
- data/lib/active_support/core_ext/object/acts_like.rb +12 -1
- data/lib/active_support/core_ext/object/blank.rb +2 -0
- data/lib/active_support/core_ext/object/conversions.rb +2 -0
- data/lib/active_support/core_ext/object/deep_dup.rb +2 -0
- data/lib/active_support/core_ext/object/duplicable.rb +10 -8
- data/lib/active_support/core_ext/object/inclusion.rb +2 -0
- data/lib/active_support/core_ext/object/instance_variables.rb +2 -0
- data/lib/active_support/core_ext/object/json.rb +8 -0
- data/lib/active_support/core_ext/object/to_param.rb +2 -0
- data/lib/active_support/core_ext/object/to_query.rb +4 -5
- data/lib/active_support/core_ext/object/try.rb +2 -0
- data/lib/active_support/core_ext/object/with_options.rb +3 -1
- data/lib/active_support/core_ext/range.rb +3 -0
- data/lib/active_support/core_ext/range/conversions.rb +9 -1
- data/lib/active_support/core_ext/range/each.rb +5 -1
- data/lib/active_support/core_ext/range/include_range.rb +2 -0
- data/lib/active_support/core_ext/range/include_time_with_zone.rb +23 -0
- data/lib/active_support/core_ext/range/overlaps.rb +2 -0
- data/lib/active_support/core_ext/regexp.rb +2 -0
- data/lib/active_support/core_ext/securerandom.rb +2 -0
- data/lib/active_support/core_ext/string.rb +2 -0
- data/lib/active_support/core_ext/string/access.rb +2 -0
- data/lib/active_support/core_ext/string/behavior.rb +2 -0
- data/lib/active_support/core_ext/string/conversions.rb +2 -0
- data/lib/active_support/core_ext/string/exclude.rb +2 -0
- data/lib/active_support/core_ext/string/filters.rb +2 -0
- data/lib/active_support/core_ext/string/indent.rb +2 -0
- data/lib/active_support/core_ext/string/inflections.rb +26 -12
- data/lib/active_support/core_ext/string/inquiry.rb +2 -0
- data/lib/active_support/core_ext/string/multibyte.rb +2 -0
- data/lib/active_support/core_ext/string/output_safety.rb +6 -7
- data/lib/active_support/core_ext/string/starts_ends_with.rb +2 -0
- data/lib/active_support/core_ext/string/strip.rb +2 -0
- data/lib/active_support/core_ext/string/zones.rb +2 -0
- data/lib/active_support/core_ext/time.rb +2 -0
- data/lib/active_support/core_ext/time/acts_like.rb +2 -0
- data/lib/active_support/core_ext/time/calculations.rb +23 -15
- data/lib/active_support/core_ext/time/compatibility.rb +4 -2
- data/lib/active_support/core_ext/time/conversions.rb +2 -0
- data/lib/active_support/core_ext/time/zones.rb +6 -4
- data/lib/active_support/core_ext/uri.rb +4 -1
- data/lib/active_support/current_attributes.rb +195 -0
- data/lib/active_support/dependencies.rb +15 -25
- data/lib/active_support/dependencies/autoload.rb +2 -0
- data/lib/active_support/dependencies/interlock.rb +2 -0
- data/lib/active_support/deprecation.rb +4 -2
- data/lib/active_support/deprecation/behaviors.rb +23 -8
- data/lib/active_support/deprecation/constant_accessor.rb +3 -1
- data/lib/active_support/deprecation/instance_delegator.rb +2 -0
- data/lib/active_support/deprecation/method_wrappers.rb +2 -7
- data/lib/active_support/deprecation/proxy_wrappers.rb +4 -1
- data/lib/active_support/deprecation/reporting.rb +4 -2
- data/lib/active_support/descendants_tracker.rb +2 -0
- data/lib/active_support/duration.rb +8 -14
- data/lib/active_support/duration/iso8601_parser.rb +4 -2
- data/lib/active_support/duration/iso8601_serializer.rb +4 -2
- data/lib/active_support/encrypted_configuration.rb +48 -0
- data/lib/active_support/encrypted_file.rb +99 -0
- data/lib/active_support/evented_file_update_checker.rb +2 -0
- data/lib/active_support/execution_wrapper.rb +2 -0
- data/lib/active_support/executor.rb +2 -0
- data/lib/active_support/file_update_checker.rb +2 -0
- data/lib/active_support/gem_version.rb +5 -3
- data/lib/active_support/gzip.rb +2 -0
- data/lib/active_support/hash_with_indifferent_access.rb +33 -1
- data/lib/active_support/i18n.rb +3 -1
- data/lib/active_support/i18n_railtie.rb +5 -11
- data/lib/active_support/inflections.rb +2 -0
- data/lib/active_support/inflector.rb +2 -0
- data/lib/active_support/inflector/inflections.rb +19 -3
- data/lib/active_support/inflector/methods.rb +40 -23
- data/lib/active_support/inflector/transliterate.rb +17 -8
- data/lib/active_support/json.rb +2 -0
- data/lib/active_support/json/decoding.rb +2 -0
- data/lib/active_support/json/encoding.rb +2 -0
- data/lib/active_support/key_generator.rb +3 -1
- data/lib/active_support/lazy_load_hooks.rb +2 -0
- data/lib/active_support/log_subscriber.rb +3 -2
- data/lib/active_support/log_subscriber/test_helper.rb +2 -0
- data/lib/active_support/logger.rb +2 -0
- data/lib/active_support/logger_silence.rb +3 -2
- data/lib/active_support/logger_thread_safe_level.rb +2 -0
- data/lib/active_support/message_encryptor.rb +94 -22
- data/lib/active_support/message_verifier.rb +78 -7
- data/lib/active_support/messages/metadata.rb +71 -0
- data/lib/active_support/messages/rotation_configuration.rb +22 -0
- data/lib/active_support/messages/rotator.rb +56 -0
- data/lib/active_support/multibyte.rb +2 -0
- data/lib/active_support/multibyte/chars.rb +2 -0
- data/lib/active_support/multibyte/unicode.rb +3 -1
- data/lib/active_support/notifications.rb +2 -0
- data/lib/active_support/notifications/fanout.rb +2 -0
- data/lib/active_support/notifications/instrumenter.rb +2 -0
- data/lib/active_support/number_helper.rb +2 -0
- data/lib/active_support/number_helper/number_converter.rb +2 -0
- data/lib/active_support/number_helper/number_to_currency_converter.rb +2 -0
- data/lib/active_support/number_helper/number_to_delimited_converter.rb +2 -0
- data/lib/active_support/number_helper/number_to_human_converter.rb +2 -0
- data/lib/active_support/number_helper/number_to_human_size_converter.rb +2 -0
- data/lib/active_support/number_helper/number_to_percentage_converter.rb +2 -0
- data/lib/active_support/number_helper/number_to_phone_converter.rb +3 -1
- data/lib/active_support/number_helper/number_to_rounded_converter.rb +2 -20
- data/lib/active_support/number_helper/rounding_helper.rb +5 -3
- data/lib/active_support/option_merger.rb +2 -0
- data/lib/active_support/ordered_hash.rb +2 -0
- data/lib/active_support/ordered_options.rb +4 -2
- data/lib/active_support/per_thread_registry.rb +2 -0
- data/lib/active_support/proxy_object.rb +2 -0
- data/lib/active_support/rails.rb +2 -0
- data/lib/active_support/railtie.rb +27 -8
- data/lib/active_support/reloader.rb +7 -5
- data/lib/active_support/rescuable.rb +3 -2
- data/lib/active_support/security_utils.rb +15 -11
- data/lib/active_support/string_inquirer.rb +2 -0
- data/lib/active_support/subscriber.rb +2 -0
- data/lib/active_support/tagged_logging.rb +2 -0
- data/lib/active_support/test_case.rb +2 -1
- data/lib/active_support/testing/assertions.rb +6 -4
- data/lib/active_support/testing/autorun.rb +2 -0
- data/lib/active_support/testing/constant_lookup.rb +2 -0
- data/lib/active_support/testing/declarative.rb +2 -0
- data/lib/active_support/testing/deprecation.rb +2 -0
- data/lib/active_support/testing/file_fixtures.rb +2 -0
- data/lib/active_support/testing/isolation.rb +5 -5
- data/lib/active_support/testing/method_call_assertions.rb +2 -0
- data/lib/active_support/testing/setup_and_teardown.rb +2 -0
- data/lib/active_support/testing/stream.rb +2 -0
- data/lib/active_support/testing/tagged_logging.rb +2 -0
- data/lib/active_support/testing/time_helpers.rb +31 -2
- data/lib/active_support/time.rb +2 -0
- data/lib/active_support/time_with_zone.rb +38 -0
- data/lib/active_support/values/time_zone.rb +20 -12
- data/lib/active_support/version.rb +2 -0
- data/lib/active_support/xml_mini.rb +2 -0
- data/lib/active_support/xml_mini/jdom.rb +4 -2
- data/lib/active_support/xml_mini/libxml.rb +3 -1
- data/lib/active_support/xml_mini/libxmlsax.rb +4 -2
- data/lib/active_support/xml_mini/nokogiri.rb +3 -1
- data/lib/active_support/xml_mini/nokogirisax.rb +3 -1
- data/lib/active_support/xml_mini/rexml.rb +3 -1
- metadata +19 -15
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/core_ext/module/attribute_accessors"
|
2
4
|
require "active_support/core_ext/class/attribute"
|
3
5
|
require "active_support/subscriber"
|
@@ -49,8 +51,7 @@ module ActiveSupport
|
|
49
51
|
CYAN = "\e[36m"
|
50
52
|
WHITE = "\e[37m"
|
51
53
|
|
52
|
-
mattr_accessor :colorize_logging
|
53
|
-
self.colorize_logging = true
|
54
|
+
mattr_accessor :colorize_logging, default: true
|
54
55
|
|
55
56
|
class << self
|
56
57
|
def logger
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/concern"
|
2
4
|
require "active_support/core_ext/module/attribute_accessors"
|
3
5
|
require "concurrent"
|
@@ -6,8 +8,7 @@ module LoggerSilence
|
|
6
8
|
extend ActiveSupport::Concern
|
7
9
|
|
8
10
|
included do
|
9
|
-
cattr_accessor :silencer
|
10
|
-
self.silencer = true
|
11
|
+
cattr_accessor :silencer, default: true
|
11
12
|
end
|
12
13
|
|
13
14
|
# Silences the logger for the duration of the block.
|
@@ -1,7 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "openssl"
|
2
4
|
require "base64"
|
3
5
|
require "active_support/core_ext/array/extract_options"
|
4
6
|
require "active_support/message_verifier"
|
7
|
+
require "active_support/messages/metadata"
|
5
8
|
|
6
9
|
module ActiveSupport
|
7
10
|
# MessageEncryptor is a simple way to encrypt values which get stored
|
@@ -13,13 +16,82 @@ module ActiveSupport
|
|
13
16
|
# This can be used in situations similar to the <tt>MessageVerifier</tt>, but
|
14
17
|
# where you don't want users to be able to determine the value of the payload.
|
15
18
|
#
|
16
|
-
#
|
17
|
-
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
# crypt.
|
19
|
+
# len = ActiveSupport::MessageEncryptor.key_len
|
20
|
+
# salt = SecureRandom.random_bytes(len)
|
21
|
+
# key = ActiveSupport::KeyGenerator.new('password').generate_key(salt, len) # => "\x89\xE0\x156\xAC..."
|
22
|
+
# crypt = ActiveSupport::MessageEncryptor.new(key) # => #<ActiveSupport::MessageEncryptor ...>
|
23
|
+
# encrypted_data = crypt.encrypt_and_sign('my secret data') # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..."
|
24
|
+
# crypt.decrypt_and_verify(encrypted_data) # => "my secret data"
|
25
|
+
#
|
26
|
+
# === Confining messages to a specific purpose
|
27
|
+
#
|
28
|
+
# By default any message can be used throughout your app. But they can also be
|
29
|
+
# confined to a specific +:purpose+.
|
30
|
+
#
|
31
|
+
# token = crypt.encrypt_and_sign("this is the chair", purpose: :login)
|
32
|
+
#
|
33
|
+
# Then that same purpose must be passed when verifying to get the data back out:
|
34
|
+
#
|
35
|
+
# crypt.decrypt_and_verify(token, purpose: :login) # => "this is the chair"
|
36
|
+
# crypt.decrypt_and_verify(token, purpose: :shipping) # => nil
|
37
|
+
# crypt.decrypt_and_verify(token) # => nil
|
38
|
+
#
|
39
|
+
# Likewise, if a message has no purpose it won't be returned when verifying with
|
40
|
+
# a specific purpose.
|
41
|
+
#
|
42
|
+
# token = crypt.encrypt_and_sign("the conversation is lively")
|
43
|
+
# crypt.decrypt_and_verify(token, purpose: :scare_tactics) # => nil
|
44
|
+
# crypt.decrypt_and_verify(token) # => "the conversation is lively"
|
45
|
+
#
|
46
|
+
# === Making messages expire
|
47
|
+
#
|
48
|
+
# By default messages last forever and verifying one year from now will still
|
49
|
+
# return the original value. But messages can be set to expire at a given
|
50
|
+
# time with +:expires_in+ or +:expires_at+.
|
51
|
+
#
|
52
|
+
# crypt.encrypt_and_sign(parcel, expires_in: 1.month)
|
53
|
+
# crypt.encrypt_and_sign(doowad, expires_at: Time.now.end_of_year)
|
54
|
+
#
|
55
|
+
# Then the messages can be verified and returned upto the expire time.
|
56
|
+
# Thereafter, verifying returns +nil+.
|
57
|
+
#
|
58
|
+
# === Rotating keys
|
59
|
+
#
|
60
|
+
# MessageEncryptor also supports rotating out old configurations by falling
|
61
|
+
# back to a stack of encryptors. Call +rotate+ to build and add an encryptor
|
62
|
+
# so +decrypt_and_verify+ will also try the fallback.
|
63
|
+
#
|
64
|
+
# By default any rotated encryptors use the values of the primary
|
65
|
+
# encryptor unless specified otherwise.
|
66
|
+
#
|
67
|
+
# You'd give your encryptor the new defaults:
|
68
|
+
#
|
69
|
+
# crypt = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
|
70
|
+
#
|
71
|
+
# Then gradually rotate the old values out by adding them as fallbacks. Any message
|
72
|
+
# generated with the old values will then work until the rotation is removed.
|
73
|
+
#
|
74
|
+
# crypt.rotate old_secret # Fallback to an old secret instead of @secret.
|
75
|
+
# crypt.rotate cipher: "aes-256-cbc" # Fallback to an old cipher instead of aes-256-gcm.
|
76
|
+
#
|
77
|
+
# Though if both the secret and the cipher was changed at the same time,
|
78
|
+
# the above should be combined into:
|
79
|
+
#
|
80
|
+
# crypt.rotate old_secret, cipher: "aes-256-cbc"
|
21
81
|
class MessageEncryptor
|
22
|
-
|
82
|
+
prepend Messages::Rotator::Encryptor
|
83
|
+
|
84
|
+
class << self
|
85
|
+
attr_accessor :use_authenticated_message_encryption #:nodoc:
|
86
|
+
|
87
|
+
def default_cipher #:nodoc:
|
88
|
+
if use_authenticated_message_encryption
|
89
|
+
"aes-256-gcm"
|
90
|
+
else
|
91
|
+
"aes-256-cbc"
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
23
95
|
|
24
96
|
module NullSerializer #:nodoc:
|
25
97
|
def self.load(value)
|
@@ -45,7 +117,7 @@ module ActiveSupport
|
|
45
117
|
OpenSSLCipherError = OpenSSL::Cipher::CipherError
|
46
118
|
|
47
119
|
# Initialize a new MessageEncryptor. +secret+ must be at least as long as
|
48
|
-
# the cipher key size. For the default 'aes-256-
|
120
|
+
# the cipher key size. For the default 'aes-256-gcm' cipher, this is 256
|
49
121
|
# bits. If you are using a user-entered secret, you can generate a suitable
|
50
122
|
# key by using <tt>ActiveSupport::KeyGenerator</tt> or a similar key
|
51
123
|
# derivation function.
|
@@ -57,7 +129,7 @@ module ActiveSupport
|
|
57
129
|
#
|
58
130
|
# Options:
|
59
131
|
# * <tt>:cipher</tt> - Cipher to use. Can be any cipher returned by
|
60
|
-
# <tt>OpenSSL::Cipher.ciphers</tt>. Default is 'aes-256-
|
132
|
+
# <tt>OpenSSL::Cipher.ciphers</tt>. Default is 'aes-256-gcm'.
|
61
133
|
# * <tt>:digest</tt> - String of digest to use for signing. Default is
|
62
134
|
# +SHA1+. Ignored when using an AEAD cipher like 'aes-256-gcm'.
|
63
135
|
# * <tt>:serializer</tt> - Object serializer to use. Default is +Marshal+.
|
@@ -66,32 +138,31 @@ module ActiveSupport
|
|
66
138
|
sign_secret = signature_key_or_options.first
|
67
139
|
@secret = secret
|
68
140
|
@sign_secret = sign_secret
|
69
|
-
@cipher = options[:cipher] ||
|
141
|
+
@cipher = options[:cipher] || self.class.default_cipher
|
70
142
|
@digest = options[:digest] || "SHA1" unless aead_mode?
|
71
143
|
@verifier = resolve_verifier
|
72
144
|
@serializer = options[:serializer] || Marshal
|
73
145
|
end
|
74
146
|
|
75
147
|
# Encrypt and sign a message. We need to sign the message in order to avoid
|
76
|
-
# padding attacks. Reference:
|
77
|
-
def encrypt_and_sign(value)
|
78
|
-
verifier.generate(_encrypt(value))
|
148
|
+
# padding attacks. Reference: https://www.limited-entropy.com/padding-oracle-attacks/.
|
149
|
+
def encrypt_and_sign(value, expires_at: nil, expires_in: nil, purpose: nil)
|
150
|
+
verifier.generate(_encrypt(value, expires_at: expires_at, expires_in: expires_in, purpose: purpose))
|
79
151
|
end
|
80
152
|
|
81
153
|
# Decrypt and verify a message. We need to verify the message in order to
|
82
|
-
# avoid padding attacks. Reference:
|
83
|
-
def decrypt_and_verify(
|
84
|
-
_decrypt(verifier.verify(
|
154
|
+
# avoid padding attacks. Reference: https://www.limited-entropy.com/padding-oracle-attacks/.
|
155
|
+
def decrypt_and_verify(data, purpose: nil, **)
|
156
|
+
_decrypt(verifier.verify(data), purpose)
|
85
157
|
end
|
86
158
|
|
87
159
|
# Given a cipher, returns the key length of the cipher to help generate the key of desired size
|
88
|
-
def self.key_len(cipher =
|
160
|
+
def self.key_len(cipher = default_cipher)
|
89
161
|
OpenSSL::Cipher.new(cipher).key_len
|
90
162
|
end
|
91
163
|
|
92
164
|
private
|
93
|
-
|
94
|
-
def _encrypt(value)
|
165
|
+
def _encrypt(value, **metadata_options)
|
95
166
|
cipher = new_cipher
|
96
167
|
cipher.encrypt
|
97
168
|
cipher.key = @secret
|
@@ -100,15 +171,15 @@ module ActiveSupport
|
|
100
171
|
iv = cipher.random_iv
|
101
172
|
cipher.auth_data = "" if aead_mode?
|
102
173
|
|
103
|
-
encrypted_data = cipher.update(@serializer.dump(value))
|
174
|
+
encrypted_data = cipher.update(Messages::Metadata.wrap(@serializer.dump(value), metadata_options))
|
104
175
|
encrypted_data << cipher.final
|
105
176
|
|
106
177
|
blob = "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
|
107
|
-
blob
|
178
|
+
blob = "#{blob}--#{::Base64.strict_encode64 cipher.auth_tag}" if aead_mode?
|
108
179
|
blob
|
109
180
|
end
|
110
181
|
|
111
|
-
def _decrypt(encrypted_message)
|
182
|
+
def _decrypt(encrypted_message, purpose)
|
112
183
|
cipher = new_cipher
|
113
184
|
encrypted_data, iv, auth_tag = encrypted_message.split("--".freeze).map { |v| ::Base64.strict_decode64(v) }
|
114
185
|
|
@@ -128,7 +199,8 @@ module ActiveSupport
|
|
128
199
|
decrypted_data = cipher.update(encrypted_data)
|
129
200
|
decrypted_data << cipher.final
|
130
201
|
|
131
|
-
|
202
|
+
message = Messages::Metadata.verify(decrypted_data, purpose)
|
203
|
+
@serializer.load(message) if message
|
132
204
|
rescue OpenSSLCipherError, TypeError, ArgumentError
|
133
205
|
raise InvalidMessage
|
134
206
|
end
|
@@ -1,6 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "base64"
|
2
4
|
require "active_support/core_ext/object/blank"
|
3
5
|
require "active_support/security_utils"
|
6
|
+
require "active_support/messages/metadata"
|
7
|
+
require "active_support/messages/rotator"
|
4
8
|
|
5
9
|
module ActiveSupport
|
6
10
|
# +MessageVerifier+ makes it easy to generate and verify messages which are
|
@@ -27,10 +31,76 @@ module ActiveSupport
|
|
27
31
|
#
|
28
32
|
# +MessageVerifier+ creates HMAC signatures using SHA1 hash algorithm by default.
|
29
33
|
# If you want to use a different hash algorithm, you can change it by providing
|
30
|
-
#
|
34
|
+
# +:digest+ key as an option while initializing the verifier:
|
31
35
|
#
|
32
36
|
# @verifier = ActiveSupport::MessageVerifier.new('s3Krit', digest: 'SHA256')
|
37
|
+
#
|
38
|
+
# === Confining messages to a specific purpose
|
39
|
+
#
|
40
|
+
# By default any message can be used throughout your app. But they can also be
|
41
|
+
# confined to a specific +:purpose+.
|
42
|
+
#
|
43
|
+
# token = @verifier.generate("this is the chair", purpose: :login)
|
44
|
+
#
|
45
|
+
# Then that same purpose must be passed when verifying to get the data back out:
|
46
|
+
#
|
47
|
+
# @verifier.verified(token, purpose: :login) # => "this is the chair"
|
48
|
+
# @verifier.verified(token, purpose: :shipping) # => nil
|
49
|
+
# @verifier.verified(token) # => nil
|
50
|
+
#
|
51
|
+
# @verifier.verify(token, purpose: :login) # => "this is the chair"
|
52
|
+
# @verifier.verify(token, purpose: :shipping) # => ActiveSupport::MessageVerifier::InvalidSignature
|
53
|
+
# @verifier.verify(token) # => ActiveSupport::MessageVerifier::InvalidSignature
|
54
|
+
#
|
55
|
+
# Likewise, if a message has no purpose it won't be returned when verifying with
|
56
|
+
# a specific purpose.
|
57
|
+
#
|
58
|
+
# token = @verifier.generate("the conversation is lively")
|
59
|
+
# @verifier.verified(token, purpose: :scare_tactics) # => nil
|
60
|
+
# @verifier.verified(token) # => "the conversation is lively"
|
61
|
+
#
|
62
|
+
# @verifier.verify(token, purpose: :scare_tactics) # => ActiveSupport::MessageVerifier::InvalidSignature
|
63
|
+
# @verifier.verify(token) # => "the conversation is lively"
|
64
|
+
#
|
65
|
+
# === Making messages expire
|
66
|
+
#
|
67
|
+
# By default messages last forever and verifying one year from now will still
|
68
|
+
# return the original value. But messages can be set to expire at a given
|
69
|
+
# time with +:expires_in+ or +:expires_at+.
|
70
|
+
#
|
71
|
+
# @verifier.generate(parcel, expires_in: 1.month)
|
72
|
+
# @verifier.generate(doowad, expires_at: Time.now.end_of_year)
|
73
|
+
#
|
74
|
+
# Then the messages can be verified and returned upto the expire time.
|
75
|
+
# Thereafter, the +verified+ method returns +nil+ while +verify+ raises
|
76
|
+
# <tt>ActiveSupport::MessageVerifier::InvalidSignature</tt>.
|
77
|
+
#
|
78
|
+
# === Rotating keys
|
79
|
+
#
|
80
|
+
# MessageVerifier also supports rotating out old configurations by falling
|
81
|
+
# back to a stack of verifiers. Call +rotate+ to build and add a verifier to
|
82
|
+
# so either +verified+ or +verify+ will also try verifying with the fallback.
|
83
|
+
#
|
84
|
+
# By default any rotated verifiers use the values of the primary
|
85
|
+
# verifier unless specified otherwise.
|
86
|
+
#
|
87
|
+
# You'd give your verifier the new defaults:
|
88
|
+
#
|
89
|
+
# verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA512", serializer: JSON)
|
90
|
+
#
|
91
|
+
# Then gradually rotate the old values out by adding them as fallbacks. Any message
|
92
|
+
# generated with the old values will then work until the rotation is removed.
|
93
|
+
#
|
94
|
+
# verifier.rotate old_secret # Fallback to an old secret instead of @secret.
|
95
|
+
# verifier.rotate digest: "SHA256" # Fallback to an old digest instead of SHA512.
|
96
|
+
# verifier.rotate serializer: Marshal # Fallback to an old serializer instead of JSON.
|
97
|
+
#
|
98
|
+
# Though the above would most likely be combined into one rotation:
|
99
|
+
#
|
100
|
+
# verifier.rotate old_secret, digest: "SHA256", serializer: Marshal
|
33
101
|
class MessageVerifier
|
102
|
+
prepend Messages::Rotator::Verifier
|
103
|
+
|
34
104
|
class InvalidSignature < StandardError; end
|
35
105
|
|
36
106
|
def initialize(secret, options = {})
|
@@ -77,11 +147,12 @@ module ActiveSupport
|
|
77
147
|
#
|
78
148
|
# incompatible_message = "test--dad7b06c94abba8d46a15fafaef56c327665d5ff"
|
79
149
|
# verifier.verified(incompatible_message) # => TypeError: incompatible marshal file format
|
80
|
-
def verified(signed_message)
|
150
|
+
def verified(signed_message, purpose: nil, **)
|
81
151
|
if valid_message?(signed_message)
|
82
152
|
begin
|
83
153
|
data = signed_message.split("--".freeze)[0]
|
84
|
-
|
154
|
+
message = Messages::Metadata.verify(decode(data), purpose)
|
155
|
+
@serializer.load(message) if message
|
85
156
|
rescue ArgumentError => argument_error
|
86
157
|
return if argument_error.message.include?("invalid base64")
|
87
158
|
raise
|
@@ -101,8 +172,8 @@ module ActiveSupport
|
|
101
172
|
#
|
102
173
|
# other_verifier = ActiveSupport::MessageVerifier.new 'd1ff3r3nt-s3Krit'
|
103
174
|
# other_verifier.verify(signed_message) # => ActiveSupport::MessageVerifier::InvalidSignature
|
104
|
-
def verify(
|
105
|
-
verified(
|
175
|
+
def verify(*args)
|
176
|
+
verified(*args) || raise(InvalidSignature)
|
106
177
|
end
|
107
178
|
|
108
179
|
# Generates a signed message for the provided value.
|
@@ -112,8 +183,8 @@ module ActiveSupport
|
|
112
183
|
#
|
113
184
|
# verifier = ActiveSupport::MessageVerifier.new 's3Krit'
|
114
185
|
# verifier.generate 'a private message' # => "BAhJIhRwcml2YXRlLW1lc3NhZ2UGOgZFVA==--e2d724331ebdee96a10fb99b089508d1c72bd772"
|
115
|
-
def generate(value)
|
116
|
-
data = encode(@serializer.dump(value))
|
186
|
+
def generate(value, expires_at: nil, expires_in: nil, purpose: nil)
|
187
|
+
data = encode(Messages::Metadata.wrap(@serializer.dump(value), expires_at: expires_at, expires_in: expires_in, purpose: purpose))
|
117
188
|
"#{data}--#{generate_digest(data)}"
|
118
189
|
end
|
119
190
|
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "time"
|
4
|
+
|
5
|
+
module ActiveSupport
|
6
|
+
module Messages #:nodoc:
|
7
|
+
class Metadata #:nodoc:
|
8
|
+
def initialize(message, expires_at = nil, purpose = nil)
|
9
|
+
@message, @expires_at, @purpose = message, expires_at, purpose
|
10
|
+
end
|
11
|
+
|
12
|
+
def as_json(options = {})
|
13
|
+
{ _rails: { message: @message, exp: @expires_at, pur: @purpose } }
|
14
|
+
end
|
15
|
+
|
16
|
+
class << self
|
17
|
+
def wrap(message, expires_at: nil, expires_in: nil, purpose: nil)
|
18
|
+
if expires_at || expires_in || purpose
|
19
|
+
JSON.encode new(encode(message), pick_expiry(expires_at, expires_in), purpose)
|
20
|
+
else
|
21
|
+
message
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
def verify(message, purpose)
|
26
|
+
extract_metadata(message).verify(purpose)
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
def pick_expiry(expires_at, expires_in)
|
31
|
+
if expires_at
|
32
|
+
expires_at.utc.iso8601(3)
|
33
|
+
elsif expires_in
|
34
|
+
Time.now.utc.advance(seconds: expires_in).iso8601(3)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def extract_metadata(message)
|
39
|
+
data = JSON.decode(message) rescue nil
|
40
|
+
|
41
|
+
if data.is_a?(Hash) && data.key?("_rails")
|
42
|
+
new(decode(data["_rails"]["message"]), data["_rails"]["exp"], data["_rails"]["pur"])
|
43
|
+
else
|
44
|
+
new(message)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
def encode(message)
|
49
|
+
::Base64.strict_encode64(message)
|
50
|
+
end
|
51
|
+
|
52
|
+
def decode(message)
|
53
|
+
::Base64.strict_decode64(message)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def verify(purpose)
|
58
|
+
@message if match?(purpose) && fresh?
|
59
|
+
end
|
60
|
+
|
61
|
+
private
|
62
|
+
def match?(purpose)
|
63
|
+
@purpose.to_s == purpose.to_s
|
64
|
+
end
|
65
|
+
|
66
|
+
def fresh?
|
67
|
+
@expires_at.nil? || Time.now.utc < Time.iso8601(@expires_at)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActiveSupport
|
4
|
+
module Messages
|
5
|
+
class RotationConfiguration # :nodoc:
|
6
|
+
attr_reader :signed, :encrypted
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
@signed, @encrypted = [], []
|
10
|
+
end
|
11
|
+
|
12
|
+
def rotate(kind, *args)
|
13
|
+
case kind
|
14
|
+
when :signed
|
15
|
+
@signed << args
|
16
|
+
when :encrypted
|
17
|
+
@encrypted << args
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|