activesupport 5.2.4.3 → 7.0.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activesupport might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +244 -459
- data/MIT-LICENSE +1 -1
- data/README.rdoc +4 -3
- data/lib/active_support/actionable_error.rb +48 -0
- data/lib/active_support/array_inquirer.rb +2 -2
- data/lib/active_support/backtrace_cleaner.rb +31 -5
- data/lib/active_support/benchmarkable.rb +3 -3
- data/lib/active_support/cache/file_store.rb +47 -41
- data/lib/active_support/cache/mem_cache_store.rb +151 -40
- data/lib/active_support/cache/memory_store.rb +68 -34
- data/lib/active_support/cache/null_store.rb +16 -3
- data/lib/active_support/cache/redis_cache_store.rb +103 -101
- data/lib/active_support/cache/strategy/local_cache.rb +56 -64
- data/lib/active_support/cache.rb +333 -116
- data/lib/active_support/callbacks.rb +244 -128
- data/lib/active_support/code_generator.rb +65 -0
- data/lib/active_support/concern.rb +72 -5
- data/lib/active_support/concurrency/load_interlock_aware_monitor.rb +16 -0
- data/lib/active_support/concurrency/share_lock.rb +2 -3
- data/lib/active_support/configurable.rb +15 -16
- data/lib/active_support/configuration_file.rb +51 -0
- data/lib/active_support/core_ext/array/access.rb +15 -7
- data/lib/active_support/core_ext/array/conversions.rb +18 -17
- data/lib/active_support/core_ext/array/deprecated_conversions.rb +25 -0
- data/lib/active_support/core_ext/array/extract.rb +21 -0
- data/lib/active_support/core_ext/array/grouping.rb +6 -6
- data/lib/active_support/core_ext/array/inquiry.rb +2 -2
- data/lib/active_support/core_ext/array.rb +2 -1
- data/lib/active_support/core_ext/benchmark.rb +2 -2
- data/lib/active_support/core_ext/big_decimal/conversions.rb +1 -1
- data/lib/active_support/core_ext/class/attribute.rb +32 -47
- data/lib/active_support/core_ext/class/subclasses.rb +9 -22
- data/lib/active_support/core_ext/date/blank.rb +1 -1
- data/lib/active_support/core_ext/date/calculations.rb +15 -14
- data/lib/active_support/core_ext/date/conversions.rb +16 -15
- data/lib/active_support/core_ext/date/deprecated_conversions.rb +26 -0
- data/lib/active_support/core_ext/date.rb +1 -0
- data/lib/active_support/core_ext/date_and_time/calculations.rb +41 -51
- data/lib/active_support/core_ext/date_and_time/compatibility.rb +15 -0
- data/lib/active_support/core_ext/date_and_time/zones.rb +0 -1
- data/lib/active_support/core_ext/date_time/blank.rb +1 -1
- data/lib/active_support/core_ext/date_time/calculations.rb +1 -1
- data/lib/active_support/core_ext/date_time/conversions.rb +13 -14
- data/lib/active_support/core_ext/date_time/deprecated_conversions.rb +22 -0
- data/lib/active_support/core_ext/date_time.rb +1 -0
- data/lib/active_support/core_ext/digest/uuid.rb +39 -13
- data/lib/active_support/core_ext/enumerable.rb +241 -76
- data/lib/active_support/core_ext/file/atomic.rb +3 -1
- data/lib/active_support/core_ext/hash/conversions.rb +3 -4
- data/lib/active_support/core_ext/hash/deep_transform_values.rb +46 -0
- data/lib/active_support/core_ext/hash/except.rb +2 -2
- data/lib/active_support/core_ext/hash/indifferent_access.rb +3 -3
- data/lib/active_support/core_ext/hash/keys.rb +2 -31
- data/lib/active_support/core_ext/hash/slice.rb +6 -27
- data/lib/active_support/core_ext/hash.rb +1 -2
- data/lib/active_support/core_ext/integer/multiple.rb +1 -1
- data/lib/active_support/core_ext/kernel/reporting.rb +4 -4
- data/lib/active_support/core_ext/kernel/singleton_class.rb +1 -1
- data/lib/active_support/core_ext/kernel.rb +0 -1
- data/lib/active_support/core_ext/load_error.rb +1 -1
- data/lib/active_support/core_ext/module/attr_internal.rb +2 -2
- data/lib/active_support/core_ext/module/attribute_accessors.rb +32 -39
- data/lib/active_support/core_ext/module/attribute_accessors_per_thread.rb +35 -28
- data/lib/active_support/core_ext/module/concerning.rb +8 -2
- data/lib/active_support/core_ext/module/delegation.rb +70 -33
- data/lib/active_support/core_ext/module/introspection.rb +16 -15
- data/lib/active_support/core_ext/module/redefine_method.rb +8 -17
- data/lib/active_support/core_ext/module.rb +0 -1
- data/lib/active_support/core_ext/name_error.rb +23 -2
- data/lib/active_support/core_ext/numeric/conversions.rb +132 -129
- data/lib/active_support/core_ext/numeric/deprecated_conversions.rb +60 -0
- data/lib/active_support/core_ext/numeric.rb +1 -1
- data/lib/active_support/core_ext/object/acts_like.rb +29 -5
- data/lib/active_support/core_ext/object/blank.rb +3 -4
- data/lib/active_support/core_ext/object/deep_dup.rb +1 -1
- data/lib/active_support/core_ext/object/duplicable.rb +14 -110
- data/lib/active_support/core_ext/object/json.rb +44 -27
- data/lib/active_support/core_ext/object/to_query.rb +2 -2
- data/lib/active_support/core_ext/object/try.rb +24 -14
- data/lib/active_support/core_ext/object/with_options.rb +21 -2
- data/lib/active_support/core_ext/pathname/existence.rb +21 -0
- data/lib/active_support/core_ext/pathname.rb +3 -0
- data/lib/active_support/core_ext/range/compare_range.rb +23 -27
- data/lib/active_support/core_ext/range/conversions.rb +32 -30
- data/lib/active_support/core_ext/range/deprecated_conversions.rb +26 -0
- data/lib/active_support/core_ext/range/each.rb +1 -2
- data/lib/active_support/core_ext/range/include_time_with_zone.rb +4 -20
- data/lib/active_support/core_ext/range/overlaps.rb +1 -1
- data/lib/active_support/core_ext/range.rb +1 -1
- data/lib/active_support/core_ext/regexp.rb +8 -5
- data/lib/active_support/core_ext/securerandom.rb +23 -3
- data/lib/active_support/core_ext/string/access.rb +5 -16
- data/lib/active_support/core_ext/string/conversions.rb +3 -2
- data/lib/active_support/core_ext/string/filters.rb +42 -1
- data/lib/active_support/core_ext/string/inflections.rb +46 -7
- data/lib/active_support/core_ext/string/inquiry.rb +2 -1
- data/lib/active_support/core_ext/string/multibyte.rb +6 -5
- data/lib/active_support/core_ext/string/output_safety.rb +129 -20
- data/lib/active_support/core_ext/string/starts_ends_with.rb +2 -2
- data/lib/active_support/core_ext/string/strip.rb +3 -1
- data/lib/active_support/core_ext/symbol/starts_ends_with.rb +6 -0
- data/lib/active_support/core_ext/symbol.rb +3 -0
- data/lib/active_support/core_ext/time/calculations.rb +59 -10
- data/lib/active_support/core_ext/time/conversions.rb +15 -12
- data/lib/active_support/core_ext/time/deprecated_conversions.rb +22 -0
- data/lib/active_support/core_ext/time/zones.rb +7 -22
- data/lib/active_support/core_ext/time.rb +1 -0
- data/lib/active_support/core_ext/uri.rb +3 -22
- data/lib/active_support/core_ext.rb +2 -1
- data/lib/active_support/current_attributes/test_helper.rb +13 -0
- data/lib/active_support/current_attributes.rb +47 -16
- data/lib/active_support/dependencies/interlock.rb +10 -18
- data/lib/active_support/dependencies/require_dependency.rb +28 -0
- data/lib/active_support/dependencies.rb +60 -715
- data/lib/active_support/deprecation/behaviors.rb +21 -5
- data/lib/active_support/deprecation/disallowed.rb +56 -0
- data/lib/active_support/deprecation/instance_delegator.rb +0 -1
- data/lib/active_support/deprecation/method_wrappers.rb +18 -23
- data/lib/active_support/deprecation/proxy_wrappers.rb +31 -8
- data/lib/active_support/deprecation/reporting.rb +50 -7
- data/lib/active_support/deprecation.rb +7 -2
- data/lib/active_support/descendants_tracker.rb +190 -34
- data/lib/active_support/digest.rb +5 -3
- data/lib/active_support/duration/iso8601_parser.rb +5 -7
- data/lib/active_support/duration/iso8601_serializer.rb +27 -15
- data/lib/active_support/duration.rb +149 -67
- data/lib/active_support/encrypted_configuration.rb +12 -5
- data/lib/active_support/encrypted_file.rb +23 -5
- data/lib/active_support/environment_inquirer.rb +20 -0
- data/lib/active_support/error_reporter.rb +117 -0
- data/lib/active_support/evented_file_update_checker.rb +85 -122
- data/lib/active_support/execution_context/test_helper.rb +13 -0
- data/lib/active_support/execution_context.rb +53 -0
- data/lib/active_support/execution_wrapper.rb +44 -21
- data/lib/active_support/executor/test_helper.rb +7 -0
- data/lib/active_support/file_update_checker.rb +0 -1
- data/lib/active_support/fork_tracker.rb +71 -0
- data/lib/active_support/gem_version.rb +5 -5
- data/lib/active_support/hash_with_indifferent_access.rb +73 -43
- data/lib/active_support/html_safe_translation.rb +43 -0
- data/lib/active_support/i18n.rb +2 -0
- data/lib/active_support/i18n_railtie.rb +15 -8
- data/lib/active_support/inflector/inflections.rb +25 -14
- data/lib/active_support/inflector/methods.rb +38 -71
- data/lib/active_support/inflector/transliterate.rb +47 -18
- data/lib/active_support/isolated_execution_state.rb +72 -0
- data/lib/active_support/json/decoding.rb +25 -26
- data/lib/active_support/json/encoding.rb +14 -6
- data/lib/active_support/key_generator.rb +23 -38
- data/lib/active_support/lazy_load_hooks.rb +19 -5
- data/lib/active_support/locale/en.rb +33 -0
- data/lib/active_support/locale/en.yml +8 -4
- data/lib/active_support/log_subscriber/test_helper.rb +2 -2
- data/lib/active_support/log_subscriber.rb +51 -11
- data/lib/active_support/logger.rb +6 -22
- data/lib/active_support/logger_silence.rb +11 -19
- data/lib/active_support/logger_thread_safe_level.rb +45 -10
- data/lib/active_support/message_encryptor.rb +20 -19
- data/lib/active_support/message_verifier.rb +53 -21
- data/lib/active_support/messages/metadata.rb +13 -4
- data/lib/active_support/messages/rotation_configuration.rb +2 -1
- data/lib/active_support/messages/rotator.rb +10 -9
- data/lib/active_support/multibyte/chars.rb +17 -76
- data/lib/active_support/multibyte/unicode.rb +7 -331
- data/lib/active_support/multibyte.rb +1 -1
- data/lib/active_support/notifications/fanout.rb +163 -37
- data/lib/active_support/notifications/instrumenter.rb +90 -11
- data/lib/active_support/notifications.rb +88 -30
- data/lib/active_support/number_helper/number_converter.rb +6 -9
- data/lib/active_support/number_helper/number_to_currency_converter.rb +12 -12
- data/lib/active_support/number_helper/number_to_delimited_converter.rb +4 -3
- data/lib/active_support/number_helper/number_to_human_converter.rb +4 -3
- data/lib/active_support/number_helper/number_to_human_size_converter.rb +5 -4
- data/lib/active_support/number_helper/number_to_percentage_converter.rb +3 -1
- data/lib/active_support/number_helper/number_to_phone_converter.rb +3 -2
- data/lib/active_support/number_helper/number_to_rounded_converter.rb +12 -7
- data/lib/active_support/number_helper/rounding_helper.rb +12 -32
- data/lib/active_support/number_helper.rb +36 -12
- data/lib/active_support/option_merger.rb +15 -4
- data/lib/active_support/ordered_hash.rb +2 -2
- data/lib/active_support/ordered_options.rb +14 -4
- data/lib/active_support/parameter_filter.rb +138 -0
- data/lib/active_support/per_thread_registry.rb +6 -1
- data/lib/active_support/rails.rb +1 -10
- data/lib/active_support/railtie.rb +77 -5
- data/lib/active_support/reloader.rb +5 -6
- data/lib/active_support/rescuable.rb +8 -8
- data/lib/active_support/ruby_features.rb +7 -0
- data/lib/active_support/secure_compare_rotator.rb +51 -0
- data/lib/active_support/security_utils.rb +19 -12
- data/lib/active_support/string_inquirer.rb +2 -3
- data/lib/active_support/subscriber.rb +79 -46
- data/lib/active_support/tagged_logging.rb +58 -9
- data/lib/active_support/test_case.rb +79 -0
- data/lib/active_support/testing/assertions.rb +62 -11
- data/lib/active_support/testing/deprecation.rb +52 -2
- data/lib/active_support/testing/file_fixtures.rb +2 -0
- data/lib/active_support/testing/isolation.rb +4 -4
- data/lib/active_support/testing/method_call_assertions.rb +32 -5
- data/lib/active_support/testing/parallelization/server.rb +82 -0
- data/lib/active_support/testing/parallelization/worker.rb +103 -0
- data/lib/active_support/testing/parallelization.rb +55 -0
- data/lib/active_support/testing/parallelize_executor.rb +76 -0
- data/lib/active_support/testing/stream.rb +4 -7
- data/lib/active_support/testing/tagged_logging.rb +1 -1
- data/lib/active_support/testing/time_helpers.rb +60 -14
- data/lib/active_support/time_with_zone.rb +139 -64
- data/lib/active_support/values/time_zone.rb +66 -30
- data/lib/active_support/version.rb +1 -1
- data/lib/active_support/xml_mini/jdom.rb +3 -4
- data/lib/active_support/xml_mini/libxml.rb +7 -7
- data/lib/active_support/xml_mini/libxmlsax.rb +5 -5
- data/lib/active_support/xml_mini/nokogiri.rb +6 -6
- data/lib/active_support/xml_mini/nokogirisax.rb +4 -4
- data/lib/active_support/xml_mini/rexml.rb +11 -4
- data/lib/active_support/xml_mini.rb +7 -14
- data/lib/active_support.rb +30 -1
- metadata +64 -35
- data/lib/active_support/core_ext/array/prepend_and_append.rb +0 -9
- data/lib/active_support/core_ext/hash/compact.rb +0 -29
- data/lib/active_support/core_ext/hash/transform_values.rb +0 -32
- data/lib/active_support/core_ext/kernel/agnostics.rb +0 -13
- data/lib/active_support/core_ext/marshal.rb +0 -24
- data/lib/active_support/core_ext/module/reachable.rb +0 -11
- data/lib/active_support/core_ext/numeric/inquiry.rb +0 -28
- data/lib/active_support/core_ext/range/include_range.rb +0 -3
- data/lib/active_support/values/unicode_tables.dat +0 -0
@@ -6,7 +6,6 @@ require "logger"
|
|
6
6
|
|
7
7
|
module ActiveSupport
|
8
8
|
class Logger < ::Logger
|
9
|
-
include ActiveSupport::LoggerThreadSafeLevel
|
10
9
|
include LoggerSilence
|
11
10
|
|
12
11
|
# Returns true if the logger destination matches one of the sources
|
@@ -15,7 +14,7 @@ module ActiveSupport
|
|
15
14
|
# ActiveSupport::Logger.logger_outputs_to?(logger, STDOUT)
|
16
15
|
# # => true
|
17
16
|
def self.logger_outputs_to?(logger, *sources)
|
18
|
-
logdev = logger.instance_variable_get(
|
17
|
+
logdev = logger.instance_variable_get(:@logdev)
|
19
18
|
logger_source = logdev.dev if logdev.respond_to?(:dev)
|
20
19
|
sources.any? { |source| source == logger_source }
|
21
20
|
end
|
@@ -23,6 +22,10 @@ module ActiveSupport
|
|
23
22
|
# Broadcasts logs to multiple loggers.
|
24
23
|
def self.broadcast(logger) # :nodoc:
|
25
24
|
Module.new do
|
25
|
+
define_singleton_method(:extended) do |base|
|
26
|
+
base.public_send(:broadcast_to, logger) if base.respond_to?(:broadcast_to)
|
27
|
+
end
|
28
|
+
|
26
29
|
define_method(:add) do |*args, &block|
|
27
30
|
logger.add(*args, &block)
|
28
31
|
super(*args, &block)
|
@@ -43,11 +46,6 @@ module ActiveSupport
|
|
43
46
|
super(name)
|
44
47
|
end
|
45
48
|
|
46
|
-
define_method(:formatter=) do |formatter|
|
47
|
-
logger.formatter = formatter
|
48
|
-
super(formatter)
|
49
|
-
end
|
50
|
-
|
51
49
|
define_method(:level=) do |level|
|
52
50
|
logger.level = level
|
53
51
|
super(level)
|
@@ -78,23 +76,9 @@ module ActiveSupport
|
|
78
76
|
end
|
79
77
|
end
|
80
78
|
|
81
|
-
def initialize(*args)
|
79
|
+
def initialize(*args, **kwargs)
|
82
80
|
super
|
83
81
|
@formatter = SimpleFormatter.new
|
84
|
-
after_initialize if respond_to? :after_initialize
|
85
|
-
end
|
86
|
-
|
87
|
-
def add(severity, message = nil, progname = nil, &block)
|
88
|
-
return true if @logdev.nil? || (severity || UNKNOWN) < level
|
89
|
-
super
|
90
|
-
end
|
91
|
-
|
92
|
-
Logger::Severity.constants.each do |severity|
|
93
|
-
class_eval(<<-EOT, __FILE__, __LINE__ + 1)
|
94
|
-
def #{severity.downcase}? # def debug?
|
95
|
-
Logger::#{severity} >= level # DEBUG >= level
|
96
|
-
end # end
|
97
|
-
EOT
|
98
82
|
end
|
99
83
|
|
100
84
|
# Simple formatter which only displays the message.
|
@@ -2,28 +2,20 @@
|
|
2
2
|
|
3
3
|
require "active_support/concern"
|
4
4
|
require "active_support/core_ext/module/attribute_accessors"
|
5
|
-
require "
|
5
|
+
require "active_support/logger_thread_safe_level"
|
6
6
|
|
7
|
-
module
|
8
|
-
|
7
|
+
module ActiveSupport
|
8
|
+
module LoggerSilence
|
9
|
+
extend ActiveSupport::Concern
|
9
10
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
# Silences the logger for the duration of the block.
|
15
|
-
def silence(temporary_level = Logger::ERROR)
|
16
|
-
if silencer
|
17
|
-
begin
|
18
|
-
old_local_level = local_level
|
19
|
-
self.local_level = temporary_level
|
11
|
+
included do
|
12
|
+
cattr_accessor :silencer, default: true
|
13
|
+
include ActiveSupport::LoggerThreadSafeLevel
|
14
|
+
end
|
20
15
|
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
end
|
25
|
-
else
|
26
|
-
yield self
|
16
|
+
# Silences the logger for the duration of the block.
|
17
|
+
def silence(severity = Logger::ERROR)
|
18
|
+
silencer ? log_at(severity) { yield self } : yield(self)
|
27
19
|
end
|
28
20
|
end
|
29
21
|
end
|
@@ -1,34 +1,69 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "active_support/concern"
|
4
|
+
require "active_support/core_ext/module/attribute_accessors"
|
5
|
+
require "concurrent"
|
4
6
|
require "fiber"
|
5
7
|
|
6
8
|
module ActiveSupport
|
7
9
|
module LoggerThreadSafeLevel # :nodoc:
|
8
10
|
extend ActiveSupport::Concern
|
9
11
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
12
|
+
Logger::Severity.constants.each do |severity|
|
13
|
+
class_eval(<<-EOT, __FILE__, __LINE__ + 1)
|
14
|
+
def #{severity.downcase}? # def debug?
|
15
|
+
Logger::#{severity} >= level # DEBUG >= level
|
16
|
+
end # end
|
17
|
+
EOT
|
16
18
|
end
|
17
19
|
|
18
20
|
def local_level
|
19
|
-
|
21
|
+
IsolatedExecutionState[:logger_thread_safe_level]
|
20
22
|
end
|
21
23
|
|
22
24
|
def local_level=(level)
|
23
|
-
|
24
|
-
|
25
|
+
case level
|
26
|
+
when Integer
|
27
|
+
when Symbol
|
28
|
+
level = Logger::Severity.const_get(level.to_s.upcase)
|
29
|
+
when nil
|
25
30
|
else
|
26
|
-
|
31
|
+
raise ArgumentError, "Invalid log level: #{level.inspect}"
|
27
32
|
end
|
33
|
+
IsolatedExecutionState[:logger_thread_safe_level] = level
|
28
34
|
end
|
29
35
|
|
30
36
|
def level
|
31
37
|
local_level || super
|
32
38
|
end
|
39
|
+
|
40
|
+
# Change the thread-local level for the duration of the given block.
|
41
|
+
def log_at(level)
|
42
|
+
old_local_level, self.local_level = local_level, level
|
43
|
+
yield
|
44
|
+
ensure
|
45
|
+
self.local_level = old_local_level
|
46
|
+
end
|
47
|
+
|
48
|
+
# Redefined to check severity against #level, and thus the thread-local level, rather than +@level+.
|
49
|
+
# FIXME: Remove when the minimum Ruby version supports overriding Logger#level.
|
50
|
+
def add(severity, message = nil, progname = nil, &block) # :nodoc:
|
51
|
+
severity ||= UNKNOWN
|
52
|
+
progname ||= @progname
|
53
|
+
|
54
|
+
return true if @logdev.nil? || severity < level
|
55
|
+
|
56
|
+
if message.nil?
|
57
|
+
if block_given?
|
58
|
+
message = yield
|
59
|
+
else
|
60
|
+
message = progname
|
61
|
+
progname = @progname
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
@logdev.write \
|
66
|
+
format_message(format_severity(severity), Time.now, progname, message)
|
67
|
+
end
|
33
68
|
end
|
34
69
|
end
|
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
require "openssl"
|
4
4
|
require "base64"
|
5
|
-
require "active_support/core_ext/array/extract_options"
|
6
5
|
require "active_support/core_ext/module/attribute_accessors"
|
7
6
|
require "active_support/message_verifier"
|
8
7
|
require "active_support/messages/metadata"
|
@@ -14,7 +13,7 @@ module ActiveSupport
|
|
14
13
|
# The cipher text and initialization vector are base64 encoded and returned
|
15
14
|
# to you.
|
16
15
|
#
|
17
|
-
# This can be used in situations similar to the
|
16
|
+
# This can be used in situations similar to the MessageVerifier, but
|
18
17
|
# where you don't want users to be able to determine the value of the payload.
|
19
18
|
#
|
20
19
|
# len = ActiveSupport::MessageEncryptor.key_len
|
@@ -24,6 +23,12 @@ module ActiveSupport
|
|
24
23
|
# encrypted_data = crypt.encrypt_and_sign('my secret data') # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..."
|
25
24
|
# crypt.decrypt_and_verify(encrypted_data) # => "my secret data"
|
26
25
|
#
|
26
|
+
# The +decrypt_and_verify+ method will raise an
|
27
|
+
# <tt>ActiveSupport::MessageEncryptor::InvalidMessage</tt> exception if the data
|
28
|
+
# provided cannot be decrypted or verified.
|
29
|
+
#
|
30
|
+
# crypt.decrypt_and_verify('not encrypted data') # => ActiveSupport::MessageEncryptor::InvalidMessage
|
31
|
+
#
|
27
32
|
# === Confining messages to a specific purpose
|
28
33
|
#
|
29
34
|
# By default any message can be used throughout your app. But they can also be
|
@@ -53,7 +58,7 @@ module ActiveSupport
|
|
53
58
|
# crypt.encrypt_and_sign(parcel, expires_in: 1.month)
|
54
59
|
# crypt.encrypt_and_sign(doowad, expires_at: Time.now.end_of_year)
|
55
60
|
#
|
56
|
-
# Then the messages can be verified and returned
|
61
|
+
# Then the messages can be verified and returned up to the expire time.
|
57
62
|
# Thereafter, verifying returns +nil+.
|
58
63
|
#
|
59
64
|
# === Rotating keys
|
@@ -85,7 +90,7 @@ module ActiveSupport
|
|
85
90
|
cattr_accessor :use_authenticated_message_encryption, instance_accessor: false, default: false
|
86
91
|
|
87
92
|
class << self
|
88
|
-
def default_cipher
|
93
|
+
def default_cipher # :nodoc:
|
89
94
|
if use_authenticated_message_encryption
|
90
95
|
"aes-256-gcm"
|
91
96
|
else
|
@@ -94,7 +99,7 @@ module ActiveSupport
|
|
94
99
|
end
|
95
100
|
end
|
96
101
|
|
97
|
-
module NullSerializer
|
102
|
+
module NullSerializer # :nodoc:
|
98
103
|
def self.load(value)
|
99
104
|
value
|
100
105
|
end
|
@@ -104,7 +109,7 @@ module ActiveSupport
|
|
104
109
|
end
|
105
110
|
end
|
106
111
|
|
107
|
-
module NullVerifier
|
112
|
+
module NullVerifier # :nodoc:
|
108
113
|
def self.verify(value)
|
109
114
|
value
|
110
115
|
end
|
@@ -120,10 +125,10 @@ module ActiveSupport
|
|
120
125
|
# Initialize a new MessageEncryptor. +secret+ must be at least as long as
|
121
126
|
# the cipher key size. For the default 'aes-256-gcm' cipher, this is 256
|
122
127
|
# bits. If you are using a user-entered secret, you can generate a suitable
|
123
|
-
# key by using
|
128
|
+
# key by using ActiveSupport::KeyGenerator or a similar key
|
124
129
|
# derivation function.
|
125
130
|
#
|
126
|
-
# First additional parameter is used as the signature key for
|
131
|
+
# First additional parameter is used as the signature key for MessageVerifier.
|
127
132
|
# This allows you to specify keys to encrypt and sign data.
|
128
133
|
#
|
129
134
|
# ActiveSupport::MessageEncryptor.new('secret', 'signature_secret')
|
@@ -134,15 +139,13 @@ module ActiveSupport
|
|
134
139
|
# * <tt>:digest</tt> - String of digest to use for signing. Default is
|
135
140
|
# +SHA1+. Ignored when using an AEAD cipher like 'aes-256-gcm'.
|
136
141
|
# * <tt>:serializer</tt> - Object serializer to use. Default is +Marshal+.
|
137
|
-
def initialize(secret,
|
138
|
-
options = signature_key_or_options.extract_options!
|
139
|
-
sign_secret = signature_key_or_options.first
|
142
|
+
def initialize(secret, sign_secret = nil, cipher: nil, digest: nil, serializer: nil)
|
140
143
|
@secret = secret
|
141
144
|
@sign_secret = sign_secret
|
142
|
-
@cipher =
|
143
|
-
@digest =
|
145
|
+
@cipher = cipher || self.class.default_cipher
|
146
|
+
@digest = digest || "SHA1" unless aead_mode?
|
144
147
|
@verifier = resolve_verifier
|
145
|
-
@serializer =
|
148
|
+
@serializer = serializer || Marshal
|
146
149
|
end
|
147
150
|
|
148
151
|
# Encrypt and sign a message. We need to sign the message in order to avoid
|
@@ -172,7 +175,7 @@ module ActiveSupport
|
|
172
175
|
iv = cipher.random_iv
|
173
176
|
cipher.auth_data = "" if aead_mode?
|
174
177
|
|
175
|
-
encrypted_data = cipher.update(Messages::Metadata.wrap(@serializer.dump(value), metadata_options))
|
178
|
+
encrypted_data = cipher.update(Messages::Metadata.wrap(@serializer.dump(value), **metadata_options))
|
176
179
|
encrypted_data << cipher.final
|
177
180
|
|
178
181
|
blob = "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
|
@@ -182,7 +185,7 @@ module ActiveSupport
|
|
182
185
|
|
183
186
|
def _decrypt(encrypted_message, purpose)
|
184
187
|
cipher = new_cipher
|
185
|
-
encrypted_data, iv, auth_tag = encrypted_message.split("--"
|
188
|
+
encrypted_data, iv, auth_tag = encrypted_message.split("--").map { |v| ::Base64.strict_decode64(v) }
|
186
189
|
|
187
190
|
# Currently the OpenSSL bindings do not raise an error if auth_tag is
|
188
191
|
# truncated, which would allow an attacker to easily forge it. See
|
@@ -210,9 +213,7 @@ module ActiveSupport
|
|
210
213
|
OpenSSL::Cipher.new(@cipher)
|
211
214
|
end
|
212
215
|
|
213
|
-
|
214
|
-
@verifier
|
215
|
-
end
|
216
|
+
attr_reader :verifier
|
216
217
|
|
217
218
|
def aead_mode?
|
218
219
|
@aead_mode ||= new_cipher.authenticated?
|
@@ -1,5 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "openssl"
|
3
4
|
require "base64"
|
4
5
|
require "active_support/core_ext/object/blank"
|
5
6
|
require "active_support/security_utils"
|
@@ -68,18 +69,18 @@ module ActiveSupport
|
|
68
69
|
# return the original value. But messages can be set to expire at a given
|
69
70
|
# time with +:expires_in+ or +:expires_at+.
|
70
71
|
#
|
71
|
-
# @verifier.generate(parcel, expires_in: 1.month)
|
72
|
-
# @verifier.generate(doowad, expires_at: Time.now.end_of_year)
|
72
|
+
# @verifier.generate("parcel", expires_in: 1.month)
|
73
|
+
# @verifier.generate("doowad", expires_at: Time.now.end_of_year)
|
73
74
|
#
|
74
|
-
# Then the messages can be verified and returned
|
75
|
+
# Then the messages can be verified and returned up to the expire time.
|
75
76
|
# Thereafter, the +verified+ method returns +nil+ while +verify+ raises
|
76
77
|
# <tt>ActiveSupport::MessageVerifier::InvalidSignature</tt>.
|
77
78
|
#
|
78
79
|
# === Rotating keys
|
79
80
|
#
|
80
81
|
# MessageVerifier also supports rotating out old configurations by falling
|
81
|
-
# back to a stack of verifiers. Call +rotate+ to build and add a verifier
|
82
|
-
#
|
82
|
+
# back to a stack of verifiers. Call +rotate+ to build and add a verifier so
|
83
|
+
# either +verified+ or +verify+ will also try verifying with the fallback.
|
83
84
|
#
|
84
85
|
# By default any rotated verifiers use the values of the primary
|
85
86
|
# verifier unless specified otherwise.
|
@@ -103,11 +104,14 @@ module ActiveSupport
|
|
103
104
|
|
104
105
|
class InvalidSignature < StandardError; end
|
105
106
|
|
106
|
-
|
107
|
+
SEPARATOR = "--" # :nodoc:
|
108
|
+
SEPARATOR_LENGTH = SEPARATOR.length # :nodoc:
|
109
|
+
|
110
|
+
def initialize(secret, digest: nil, serializer: nil)
|
107
111
|
raise ArgumentError, "Secret should not be nil." unless secret
|
108
112
|
@secret = secret
|
109
|
-
@digest =
|
110
|
-
@serializer =
|
113
|
+
@digest = digest&.to_s || "SHA1"
|
114
|
+
@serializer = serializer || Marshal
|
111
115
|
end
|
112
116
|
|
113
117
|
# Checks if a signed message could have been generated by signing an object
|
@@ -120,10 +124,8 @@ module ActiveSupport
|
|
120
124
|
# tampered_message = signed_message.chop # editing the message invalidates the signature
|
121
125
|
# verifier.valid_message?(tampered_message) # => false
|
122
126
|
def valid_message?(signed_message)
|
123
|
-
|
124
|
-
|
125
|
-
data, digest = signed_message.split("--".freeze)
|
126
|
-
data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data))
|
127
|
+
data, digest = get_data_and_digest_from(signed_message)
|
128
|
+
digest_matches_data?(digest, data)
|
127
129
|
end
|
128
130
|
|
129
131
|
# Decodes the signed message using the +MessageVerifier+'s secret.
|
@@ -148,9 +150,9 @@ module ActiveSupport
|
|
148
150
|
# incompatible_message = "test--dad7b06c94abba8d46a15fafaef56c327665d5ff"
|
149
151
|
# verifier.verified(incompatible_message) # => TypeError: incompatible marshal file format
|
150
152
|
def verified(signed_message, purpose: nil, **)
|
151
|
-
|
153
|
+
data, digest = get_data_and_digest_from(signed_message)
|
154
|
+
if digest_matches_data?(digest, data)
|
152
155
|
begin
|
153
|
-
data = signed_message.split("--".freeze)[0]
|
154
156
|
message = Messages::Metadata.verify(decode(data), purpose)
|
155
157
|
@serializer.load(message) if message
|
156
158
|
rescue ArgumentError => argument_error
|
@@ -172,20 +174,20 @@ module ActiveSupport
|
|
172
174
|
#
|
173
175
|
# other_verifier = ActiveSupport::MessageVerifier.new 'd1ff3r3nt-s3Krit'
|
174
176
|
# other_verifier.verify(signed_message) # => ActiveSupport::MessageVerifier::InvalidSignature
|
175
|
-
def verify(*args)
|
176
|
-
verified(*args) || raise(InvalidSignature)
|
177
|
+
def verify(*args, **options)
|
178
|
+
verified(*args, **options) || raise(InvalidSignature)
|
177
179
|
end
|
178
180
|
|
179
181
|
# Generates a signed message for the provided value.
|
180
182
|
#
|
181
|
-
# The message is signed with the +MessageVerifier+'s secret.
|
182
|
-
#
|
183
|
+
# The message is signed with the +MessageVerifier+'s secret.
|
184
|
+
# Returns Base64-encoded message joined with the generated signature.
|
183
185
|
#
|
184
186
|
# verifier = ActiveSupport::MessageVerifier.new 's3Krit'
|
185
187
|
# verifier.generate 'a private message' # => "BAhJIhRwcml2YXRlLW1lc3NhZ2UGOgZFVA==--e2d724331ebdee96a10fb99b089508d1c72bd772"
|
186
188
|
def generate(value, expires_at: nil, expires_in: nil, purpose: nil)
|
187
189
|
data = encode(Messages::Metadata.wrap(@serializer.dump(value), expires_at: expires_at, expires_in: expires_in, purpose: purpose))
|
188
|
-
"#{data}
|
190
|
+
"#{data}#{SEPARATOR}#{generate_digest(data)}"
|
189
191
|
end
|
190
192
|
|
191
193
|
private
|
@@ -198,8 +200,38 @@ module ActiveSupport
|
|
198
200
|
end
|
199
201
|
|
200
202
|
def generate_digest(data)
|
201
|
-
|
202
|
-
|
203
|
+
OpenSSL::HMAC.hexdigest(@digest, @secret, data)
|
204
|
+
end
|
205
|
+
|
206
|
+
def digest_length_in_hex
|
207
|
+
# In hexadecimal (AKA base16) it takes 4 bits to represent a character,
|
208
|
+
# hence we multiply the digest's length (in bytes) by 8 to get it in
|
209
|
+
# bits and divide by 4 to get its number of characters it hex. Well, 8
|
210
|
+
# divided by 4 is 2.
|
211
|
+
@digest_length_in_hex ||= OpenSSL::Digest.new(@digest).digest_length * 2
|
212
|
+
end
|
213
|
+
|
214
|
+
def separator_index_for(signed_message)
|
215
|
+
index = signed_message.length - digest_length_in_hex - SEPARATOR_LENGTH
|
216
|
+
return if index.negative? || signed_message[index, SEPARATOR_LENGTH] != SEPARATOR
|
217
|
+
|
218
|
+
index
|
219
|
+
end
|
220
|
+
|
221
|
+
def get_data_and_digest_from(signed_message)
|
222
|
+
return if signed_message.nil? || !signed_message.valid_encoding? || signed_message.empty?
|
223
|
+
|
224
|
+
separator_index = separator_index_for(signed_message)
|
225
|
+
return if separator_index.nil?
|
226
|
+
|
227
|
+
data = signed_message[0...separator_index]
|
228
|
+
digest = signed_message[separator_index + SEPARATOR_LENGTH..-1]
|
229
|
+
|
230
|
+
[data, digest]
|
231
|
+
end
|
232
|
+
|
233
|
+
def digest_matches_data?(digest, data)
|
234
|
+
data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data))
|
203
235
|
end
|
204
236
|
end
|
205
237
|
end
|
@@ -3,10 +3,11 @@
|
|
3
3
|
require "time"
|
4
4
|
|
5
5
|
module ActiveSupport
|
6
|
-
module Messages
|
7
|
-
class Metadata
|
6
|
+
module Messages # :nodoc:
|
7
|
+
class Metadata # :nodoc:
|
8
8
|
def initialize(message, expires_at = nil, purpose = nil)
|
9
|
-
@message, @
|
9
|
+
@message, @purpose = message, purpose
|
10
|
+
@expires_at = expires_at.is_a?(String) ? parse_expires_at(expires_at) : expires_at
|
10
11
|
end
|
11
12
|
|
12
13
|
def as_json(options = {})
|
@@ -64,7 +65,15 @@ module ActiveSupport
|
|
64
65
|
end
|
65
66
|
|
66
67
|
def fresh?
|
67
|
-
@expires_at.nil? || Time.now.utc <
|
68
|
+
@expires_at.nil? || Time.now.utc < @expires_at
|
69
|
+
end
|
70
|
+
|
71
|
+
def parse_expires_at(expires_at)
|
72
|
+
if ActiveSupport.use_standard_json_time_format
|
73
|
+
Time.iso8601(expires_at)
|
74
|
+
else
|
75
|
+
Time.parse(expires_at)
|
76
|
+
end
|
68
77
|
end
|
69
78
|
end
|
70
79
|
end
|
@@ -3,11 +3,12 @@
|
|
3
3
|
module ActiveSupport
|
4
4
|
module Messages
|
5
5
|
module Rotator # :nodoc:
|
6
|
-
def initialize(
|
7
|
-
super
|
6
|
+
def initialize(*secrets, on_rotation: nil, **options)
|
7
|
+
super(*secrets, **options)
|
8
8
|
|
9
9
|
@options = options
|
10
10
|
@rotations = []
|
11
|
+
@on_rotation = on_rotation
|
11
12
|
end
|
12
13
|
|
13
14
|
def rotate(*secrets, **options)
|
@@ -17,28 +18,28 @@ module ActiveSupport
|
|
17
18
|
module Encryptor
|
18
19
|
include Rotator
|
19
20
|
|
20
|
-
def decrypt_and_verify(*args, on_rotation:
|
21
|
+
def decrypt_and_verify(*args, on_rotation: @on_rotation, **options)
|
21
22
|
super
|
22
23
|
rescue MessageEncryptor::InvalidMessage, MessageVerifier::InvalidSignature
|
23
|
-
run_rotations(on_rotation) { |encryptor| encryptor.decrypt_and_verify(*args, options) } || raise
|
24
|
+
run_rotations(on_rotation) { |encryptor| encryptor.decrypt_and_verify(*args, **options) } || raise
|
24
25
|
end
|
25
26
|
|
26
27
|
private
|
27
28
|
def build_rotation(secret = @secret, sign_secret = @sign_secret, options)
|
28
|
-
self.class.new(secret, sign_secret, options)
|
29
|
+
self.class.new(secret, sign_secret, **options)
|
29
30
|
end
|
30
31
|
end
|
31
32
|
|
32
33
|
module Verifier
|
33
34
|
include Rotator
|
34
35
|
|
35
|
-
def verified(*args, on_rotation:
|
36
|
-
super || run_rotations(on_rotation) { |verifier| verifier.verified(*args, options) }
|
36
|
+
def verified(*args, on_rotation: @on_rotation, **options)
|
37
|
+
super || run_rotations(on_rotation) { |verifier| verifier.verified(*args, **options) }
|
37
38
|
end
|
38
39
|
|
39
40
|
private
|
40
41
|
def build_rotation(secret = @secret, options)
|
41
|
-
self.class.new(secret, options)
|
42
|
+
self.class.new(secret, **options)
|
42
43
|
end
|
43
44
|
end
|
44
45
|
|
@@ -46,7 +47,7 @@ module ActiveSupport
|
|
46
47
|
def run_rotations(on_rotation)
|
47
48
|
@rotations.find do |rotation|
|
48
49
|
if message = yield(rotation) rescue next
|
49
|
-
on_rotation
|
50
|
+
on_rotation&.call
|
50
51
|
return message
|
51
52
|
end
|
52
53
|
end
|