omg-activesupport 8.0.0.alpha1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +86 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +40 -0
- data/lib/active_support/actionable_error.rb +50 -0
- data/lib/active_support/all.rb +5 -0
- data/lib/active_support/array_inquirer.rb +50 -0
- data/lib/active_support/backtrace_cleaner.rb +163 -0
- data/lib/active_support/benchmark.rb +21 -0
- data/lib/active_support/benchmarkable.rb +53 -0
- data/lib/active_support/broadcast_logger.rb +251 -0
- data/lib/active_support/builder.rb +8 -0
- data/lib/active_support/cache/coder.rb +153 -0
- data/lib/active_support/cache/entry.rb +134 -0
- data/lib/active_support/cache/file_store.rb +244 -0
- data/lib/active_support/cache/mem_cache_store.rb +290 -0
- data/lib/active_support/cache/memory_store.rb +262 -0
- data/lib/active_support/cache/null_store.rb +62 -0
- data/lib/active_support/cache/redis_cache_store.rb +492 -0
- data/lib/active_support/cache/serializer_with_fallback.rb +152 -0
- data/lib/active_support/cache/strategy/local_cache.rb +201 -0
- data/lib/active_support/cache/strategy/local_cache_middleware.rb +45 -0
- data/lib/active_support/cache.rb +1104 -0
- data/lib/active_support/callbacks.rb +944 -0
- data/lib/active_support/class_attribute.rb +26 -0
- data/lib/active_support/code_generator.rb +79 -0
- data/lib/active_support/concern.rb +217 -0
- data/lib/active_support/concurrency/load_interlock_aware_monitor.rb +72 -0
- data/lib/active_support/concurrency/null_lock.rb +13 -0
- data/lib/active_support/concurrency/share_lock.rb +225 -0
- data/lib/active_support/configurable.rb +159 -0
- data/lib/active_support/configuration_file.rb +60 -0
- data/lib/active_support/core_ext/array/access.rb +100 -0
- data/lib/active_support/core_ext/array/conversions.rb +213 -0
- data/lib/active_support/core_ext/array/extract.rb +21 -0
- data/lib/active_support/core_ext/array/extract_options.rb +31 -0
- data/lib/active_support/core_ext/array/grouping.rb +109 -0
- data/lib/active_support/core_ext/array/inquiry.rb +19 -0
- data/lib/active_support/core_ext/array/wrap.rb +48 -0
- data/lib/active_support/core_ext/array.rb +9 -0
- data/lib/active_support/core_ext/benchmark.rb +13 -0
- data/lib/active_support/core_ext/big_decimal/conversions.rb +14 -0
- data/lib/active_support/core_ext/big_decimal.rb +3 -0
- data/lib/active_support/core_ext/class/attribute.rb +122 -0
- data/lib/active_support/core_ext/class/attribute_accessors.rb +6 -0
- data/lib/active_support/core_ext/class/subclasses.rb +24 -0
- data/lib/active_support/core_ext/class.rb +4 -0
- data/lib/active_support/core_ext/date/acts_like.rb +10 -0
- data/lib/active_support/core_ext/date/blank.rb +18 -0
- data/lib/active_support/core_ext/date/calculations.rb +161 -0
- data/lib/active_support/core_ext/date/conversions.rb +98 -0
- data/lib/active_support/core_ext/date/zones.rb +8 -0
- data/lib/active_support/core_ext/date.rb +7 -0
- data/lib/active_support/core_ext/date_and_time/calculations.rb +374 -0
- data/lib/active_support/core_ext/date_and_time/compatibility.rb +58 -0
- data/lib/active_support/core_ext/date_and_time/zones.rb +40 -0
- data/lib/active_support/core_ext/date_time/acts_like.rb +16 -0
- data/lib/active_support/core_ext/date_time/blank.rb +18 -0
- data/lib/active_support/core_ext/date_time/calculations.rb +215 -0
- data/lib/active_support/core_ext/date_time/compatibility.rb +18 -0
- data/lib/active_support/core_ext/date_time/conversions.rb +106 -0
- data/lib/active_support/core_ext/date_time.rb +7 -0
- data/lib/active_support/core_ext/digest/uuid.rb +76 -0
- data/lib/active_support/core_ext/digest.rb +3 -0
- data/lib/active_support/core_ext/enumerable.rb +267 -0
- data/lib/active_support/core_ext/erb/util.rb +201 -0
- data/lib/active_support/core_ext/file/atomic.rb +72 -0
- data/lib/active_support/core_ext/file.rb +3 -0
- data/lib/active_support/core_ext/hash/conversions.rb +262 -0
- data/lib/active_support/core_ext/hash/deep_merge.rb +42 -0
- data/lib/active_support/core_ext/hash/deep_transform_values.rb +46 -0
- data/lib/active_support/core_ext/hash/except.rb +12 -0
- data/lib/active_support/core_ext/hash/indifferent_access.rb +24 -0
- data/lib/active_support/core_ext/hash/keys.rb +143 -0
- data/lib/active_support/core_ext/hash/reverse_merge.rb +25 -0
- data/lib/active_support/core_ext/hash/slice.rb +27 -0
- data/lib/active_support/core_ext/hash.rb +10 -0
- data/lib/active_support/core_ext/integer/inflections.rb +31 -0
- data/lib/active_support/core_ext/integer/multiple.rb +12 -0
- data/lib/active_support/core_ext/integer/time.rb +22 -0
- data/lib/active_support/core_ext/integer.rb +5 -0
- data/lib/active_support/core_ext/kernel/concern.rb +14 -0
- data/lib/active_support/core_ext/kernel/reporting.rb +45 -0
- data/lib/active_support/core_ext/kernel/singleton_class.rb +8 -0
- data/lib/active_support/core_ext/kernel.rb +5 -0
- data/lib/active_support/core_ext/load_error.rb +9 -0
- data/lib/active_support/core_ext/module/aliasing.rb +31 -0
- data/lib/active_support/core_ext/module/anonymous.rb +30 -0
- data/lib/active_support/core_ext/module/attr_internal.rb +49 -0
- data/lib/active_support/core_ext/module/attribute_accessors.rb +214 -0
- data/lib/active_support/core_ext/module/attribute_accessors_per_thread.rb +175 -0
- data/lib/active_support/core_ext/module/concerning.rb +140 -0
- data/lib/active_support/core_ext/module/delegation.rb +225 -0
- data/lib/active_support/core_ext/module/deprecation.rb +25 -0
- data/lib/active_support/core_ext/module/introspection.rb +62 -0
- data/lib/active_support/core_ext/module/redefine_method.rb +40 -0
- data/lib/active_support/core_ext/module/remove_method.rb +17 -0
- data/lib/active_support/core_ext/module.rb +13 -0
- data/lib/active_support/core_ext/name_error.rb +59 -0
- data/lib/active_support/core_ext/numeric/bytes.rb +75 -0
- data/lib/active_support/core_ext/numeric/conversions.rb +145 -0
- data/lib/active_support/core_ext/numeric/time.rb +66 -0
- data/lib/active_support/core_ext/numeric.rb +5 -0
- data/lib/active_support/core_ext/object/acts_like.rb +45 -0
- data/lib/active_support/core_ext/object/blank.rb +199 -0
- data/lib/active_support/core_ext/object/conversions.rb +6 -0
- data/lib/active_support/core_ext/object/deep_dup.rb +71 -0
- data/lib/active_support/core_ext/object/duplicable.rb +69 -0
- data/lib/active_support/core_ext/object/inclusion.rb +37 -0
- data/lib/active_support/core_ext/object/instance_variables.rb +32 -0
- data/lib/active_support/core_ext/object/json.rb +260 -0
- data/lib/active_support/core_ext/object/to_param.rb +3 -0
- data/lib/active_support/core_ext/object/to_query.rb +87 -0
- data/lib/active_support/core_ext/object/try.rb +158 -0
- data/lib/active_support/core_ext/object/with.rb +46 -0
- data/lib/active_support/core_ext/object/with_options.rb +101 -0
- data/lib/active_support/core_ext/object.rb +17 -0
- data/lib/active_support/core_ext/pathname/blank.rb +20 -0
- data/lib/active_support/core_ext/pathname/existence.rb +23 -0
- data/lib/active_support/core_ext/pathname.rb +4 -0
- data/lib/active_support/core_ext/range/compare_range.rb +57 -0
- data/lib/active_support/core_ext/range/conversions.rb +62 -0
- data/lib/active_support/core_ext/range/each.rb +24 -0
- data/lib/active_support/core_ext/range/overlap.rb +40 -0
- data/lib/active_support/core_ext/range.rb +6 -0
- data/lib/active_support/core_ext/regexp.rb +14 -0
- data/lib/active_support/core_ext/securerandom.rb +41 -0
- data/lib/active_support/core_ext/string/access.rb +95 -0
- data/lib/active_support/core_ext/string/behavior.rb +8 -0
- data/lib/active_support/core_ext/string/conversions.rb +60 -0
- data/lib/active_support/core_ext/string/exclude.rb +13 -0
- data/lib/active_support/core_ext/string/filters.rb +151 -0
- data/lib/active_support/core_ext/string/indent.rb +45 -0
- data/lib/active_support/core_ext/string/inflections.rb +300 -0
- data/lib/active_support/core_ext/string/inquiry.rb +16 -0
- data/lib/active_support/core_ext/string/multibyte.rb +58 -0
- data/lib/active_support/core_ext/string/output_safety.rb +228 -0
- data/lib/active_support/core_ext/string/starts_ends_with.rb +6 -0
- data/lib/active_support/core_ext/string/strip.rb +27 -0
- data/lib/active_support/core_ext/string/zones.rb +16 -0
- data/lib/active_support/core_ext/string.rb +15 -0
- data/lib/active_support/core_ext/symbol/starts_ends_with.rb +6 -0
- data/lib/active_support/core_ext/symbol.rb +3 -0
- data/lib/active_support/core_ext/thread/backtrace/location.rb +12 -0
- data/lib/active_support/core_ext/time/acts_like.rb +10 -0
- data/lib/active_support/core_ext/time/calculations.rb +386 -0
- data/lib/active_support/core_ext/time/compatibility.rb +32 -0
- data/lib/active_support/core_ext/time/conversions.rb +75 -0
- data/lib/active_support/core_ext/time/zones.rb +97 -0
- data/lib/active_support/core_ext/time.rb +7 -0
- data/lib/active_support/core_ext.rb +5 -0
- data/lib/active_support/current_attributes/test_helper.rb +13 -0
- data/lib/active_support/current_attributes.rb +233 -0
- data/lib/active_support/deep_mergeable.rb +53 -0
- data/lib/active_support/delegation.rb +202 -0
- data/lib/active_support/dependencies/autoload.rb +72 -0
- data/lib/active_support/dependencies/interlock.rb +49 -0
- data/lib/active_support/dependencies/require_dependency.rb +28 -0
- data/lib/active_support/dependencies.rb +98 -0
- data/lib/active_support/deprecation/behaviors.rb +148 -0
- data/lib/active_support/deprecation/constant_accessor.rb +74 -0
- data/lib/active_support/deprecation/deprecators.rb +104 -0
- data/lib/active_support/deprecation/disallowed.rb +54 -0
- data/lib/active_support/deprecation/method_wrappers.rb +68 -0
- data/lib/active_support/deprecation/proxy_wrappers.rb +189 -0
- data/lib/active_support/deprecation/reporting.rb +179 -0
- data/lib/active_support/deprecation.rb +81 -0
- data/lib/active_support/deprecator.rb +7 -0
- data/lib/active_support/descendants_tracker.rb +112 -0
- data/lib/active_support/digest.rb +22 -0
- data/lib/active_support/duration/iso8601_parser.rb +123 -0
- data/lib/active_support/duration/iso8601_serializer.rb +64 -0
- data/lib/active_support/duration.rb +520 -0
- data/lib/active_support/encrypted_configuration.rb +126 -0
- data/lib/active_support/encrypted_file.rb +133 -0
- data/lib/active_support/environment_inquirer.rb +40 -0
- data/lib/active_support/error_reporter/test_helper.rb +15 -0
- data/lib/active_support/error_reporter.rb +265 -0
- data/lib/active_support/evented_file_update_checker.rb +182 -0
- data/lib/active_support/execution_context/test_helper.rb +13 -0
- data/lib/active_support/execution_context.rb +53 -0
- data/lib/active_support/execution_wrapper.rb +150 -0
- data/lib/active_support/executor/test_helper.rb +7 -0
- data/lib/active_support/executor.rb +8 -0
- data/lib/active_support/file_update_checker.rb +164 -0
- data/lib/active_support/fork_tracker.rb +43 -0
- data/lib/active_support/gem_version.rb +17 -0
- data/lib/active_support/gzip.rb +40 -0
- data/lib/active_support/hash_with_indifferent_access.rb +445 -0
- data/lib/active_support/html_safe_translation.rb +56 -0
- data/lib/active_support/i18n.rb +17 -0
- data/lib/active_support/i18n_railtie.rb +138 -0
- data/lib/active_support/inflections.rb +72 -0
- data/lib/active_support/inflector/inflections.rb +273 -0
- data/lib/active_support/inflector/methods.rb +387 -0
- data/lib/active_support/inflector/transliterate.rb +149 -0
- data/lib/active_support/inflector.rb +9 -0
- data/lib/active_support/isolated_execution_state.rb +75 -0
- data/lib/active_support/json/decoding.rb +76 -0
- data/lib/active_support/json/encoding.rb +120 -0
- data/lib/active_support/json.rb +4 -0
- data/lib/active_support/key_generator.rb +66 -0
- data/lib/active_support/lazy_load_hooks.rb +107 -0
- data/lib/active_support/locale/en.rb +33 -0
- data/lib/active_support/locale/en.yml +141 -0
- data/lib/active_support/log_subscriber/test_helper.rb +106 -0
- data/lib/active_support/log_subscriber.rb +192 -0
- data/lib/active_support/logger.rb +55 -0
- data/lib/active_support/logger_silence.rb +21 -0
- data/lib/active_support/logger_thread_safe_level.rb +47 -0
- data/lib/active_support/message_encryptor.rb +374 -0
- data/lib/active_support/message_encryptors.rb +141 -0
- data/lib/active_support/message_pack/cache_serializer.rb +23 -0
- data/lib/active_support/message_pack/extensions.rb +305 -0
- data/lib/active_support/message_pack/serializer.rb +63 -0
- data/lib/active_support/message_pack.rb +50 -0
- data/lib/active_support/message_verifier.rb +368 -0
- data/lib/active_support/message_verifiers.rb +135 -0
- data/lib/active_support/messages/codec.rb +65 -0
- data/lib/active_support/messages/metadata.rb +146 -0
- data/lib/active_support/messages/rotation_configuration.rb +23 -0
- data/lib/active_support/messages/rotation_coordinator.rb +93 -0
- data/lib/active_support/messages/rotator.rb +59 -0
- data/lib/active_support/messages/serializer_with_fallback.rb +158 -0
- data/lib/active_support/multibyte/chars.rb +178 -0
- data/lib/active_support/multibyte/unicode.rb +42 -0
- data/lib/active_support/multibyte.rb +23 -0
- data/lib/active_support/notifications/fanout.rb +446 -0
- data/lib/active_support/notifications/instrumenter.rb +240 -0
- data/lib/active_support/notifications.rb +281 -0
- data/lib/active_support/number_helper/number_converter.rb +190 -0
- data/lib/active_support/number_helper/number_to_currency_converter.rb +46 -0
- data/lib/active_support/number_helper/number_to_delimited_converter.rb +30 -0
- data/lib/active_support/number_helper/number_to_human_converter.rb +69 -0
- data/lib/active_support/number_helper/number_to_human_size_converter.rb +60 -0
- data/lib/active_support/number_helper/number_to_percentage_converter.rb +16 -0
- data/lib/active_support/number_helper/number_to_phone_converter.rb +60 -0
- data/lib/active_support/number_helper/number_to_rounded_converter.rb +59 -0
- data/lib/active_support/number_helper/rounding_helper.rb +46 -0
- data/lib/active_support/number_helper.rb +479 -0
- data/lib/active_support/option_merger.rb +38 -0
- data/lib/active_support/ordered_hash.rb +50 -0
- data/lib/active_support/ordered_options.rb +147 -0
- data/lib/active_support/parameter_filter.rb +157 -0
- data/lib/active_support/proxy_object.rb +20 -0
- data/lib/active_support/rails.rb +26 -0
- data/lib/active_support/railtie.rb +161 -0
- data/lib/active_support/reloader.rb +138 -0
- data/lib/active_support/rescuable.rb +176 -0
- data/lib/active_support/secure_compare_rotator.rb +58 -0
- data/lib/active_support/security_utils.rb +38 -0
- data/lib/active_support/string_inquirer.rb +35 -0
- data/lib/active_support/subscriber.rb +146 -0
- data/lib/active_support/syntax_error_proxy.rb +60 -0
- data/lib/active_support/tagged_logging.rb +152 -0
- data/lib/active_support/test_case.rb +304 -0
- data/lib/active_support/testing/assertions.rb +332 -0
- data/lib/active_support/testing/autorun.rb +5 -0
- data/lib/active_support/testing/constant_lookup.rb +51 -0
- data/lib/active_support/testing/constant_stubbing.rb +54 -0
- data/lib/active_support/testing/declarative.rb +28 -0
- data/lib/active_support/testing/deprecation.rb +82 -0
- data/lib/active_support/testing/error_reporter_assertions.rb +107 -0
- data/lib/active_support/testing/file_fixtures.rb +38 -0
- data/lib/active_support/testing/isolation.rb +121 -0
- data/lib/active_support/testing/method_call_assertions.rb +69 -0
- data/lib/active_support/testing/parallelization/server.rb +85 -0
- data/lib/active_support/testing/parallelization/worker.rb +103 -0
- data/lib/active_support/testing/parallelization.rb +55 -0
- data/lib/active_support/testing/parallelize_executor.rb +81 -0
- data/lib/active_support/testing/setup_and_teardown.rb +57 -0
- data/lib/active_support/testing/stream.rb +41 -0
- data/lib/active_support/testing/strict_warnings.rb +43 -0
- data/lib/active_support/testing/tagged_logging.rb +27 -0
- data/lib/active_support/testing/tests_without_assertions.rb +19 -0
- data/lib/active_support/testing/time_helpers.rb +269 -0
- data/lib/active_support/time.rb +20 -0
- data/lib/active_support/time_with_zone.rb +609 -0
- data/lib/active_support/values/time_zone.rb +614 -0
- data/lib/active_support/version.rb +10 -0
- data/lib/active_support/xml_mini/jdom.rb +175 -0
- data/lib/active_support/xml_mini/libxml.rb +80 -0
- data/lib/active_support/xml_mini/libxmlsax.rb +83 -0
- data/lib/active_support/xml_mini/nokogiri.rb +83 -0
- data/lib/active_support/xml_mini/nokogirisax.rb +86 -0
- data/lib/active_support/xml_mini/rexml.rb +137 -0
- data/lib/active_support/xml_mini.rb +211 -0
- data/lib/active_support.rb +144 -0
- metadata +526 -0
@@ -0,0 +1,368 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "openssl"
|
4
|
+
require "base64"
|
5
|
+
require "active_support/core_ext/object/blank"
|
6
|
+
require "active_support/security_utils"
|
7
|
+
require "active_support/messages/codec"
|
8
|
+
require "active_support/messages/rotator"
|
9
|
+
|
10
|
+
module ActiveSupport
|
11
|
+
# = Active Support Message Verifier
|
12
|
+
#
|
13
|
+
# +MessageVerifier+ makes it easy to generate and verify messages which are
|
14
|
+
# signed to prevent tampering.
|
15
|
+
#
|
16
|
+
# In a \Rails application, you can use +Rails.application.message_verifier+
|
17
|
+
# to manage unique instances of verifiers for each use case.
|
18
|
+
# {Learn more}[link:classes/Rails/Application.html#method-i-message_verifier].
|
19
|
+
#
|
20
|
+
# This is useful for cases like remember-me tokens and auto-unsubscribe links
|
21
|
+
# where the session store isn't suitable or available.
|
22
|
+
#
|
23
|
+
# First, generate a signed message:
|
24
|
+
# cookies[:remember_me] = Rails.application.message_verifier(:remember_me).generate([@user.id, 2.weeks.from_now])
|
25
|
+
#
|
26
|
+
# Later verify that message:
|
27
|
+
#
|
28
|
+
# id, time = Rails.application.message_verifier(:remember_me).verify(cookies[:remember_me])
|
29
|
+
# if time.future?
|
30
|
+
# self.current_user = User.find(id)
|
31
|
+
# end
|
32
|
+
#
|
33
|
+
# === Signing is not encryption
|
34
|
+
#
|
35
|
+
# The signed messages are not encrypted. The payload is merely encoded (Base64 by default) and can be decoded by
|
36
|
+
# anyone. The signature is just assuring that the message wasn't tampered with. For example:
|
37
|
+
#
|
38
|
+
# message = Rails.application.message_verifier('my_purpose').generate('never put secrets here')
|
39
|
+
# # => "BAhJIhtuZXZlciBwdXQgc2VjcmV0cyBoZXJlBjoGRVQ=--a0c1c0827919da5e949e989c971249355735e140"
|
40
|
+
# Base64.decode64(message.split("--").first) # no key needed
|
41
|
+
# # => 'never put secrets here'
|
42
|
+
#
|
43
|
+
# If you also need to encrypt the contents, you must use ActiveSupport::MessageEncryptor instead.
|
44
|
+
#
|
45
|
+
# === Confine messages to a specific purpose
|
46
|
+
#
|
47
|
+
# It's not recommended to use the same verifier for different purposes in your application.
|
48
|
+
# Doing so could allow a malicious actor to re-use a signed message to perform an unauthorized
|
49
|
+
# action.
|
50
|
+
# You can reduce this risk by confining signed messages to a specific +:purpose+.
|
51
|
+
#
|
52
|
+
# token = @verifier.generate("signed message", purpose: :login)
|
53
|
+
#
|
54
|
+
# Then that same purpose must be passed when verifying to get the data back out:
|
55
|
+
#
|
56
|
+
# @verifier.verified(token, purpose: :login) # => "signed message"
|
57
|
+
# @verifier.verified(token, purpose: :shipping) # => nil
|
58
|
+
# @verifier.verified(token) # => nil
|
59
|
+
#
|
60
|
+
# @verifier.verify(token, purpose: :login) # => "signed message"
|
61
|
+
# @verifier.verify(token, purpose: :shipping) # => raises ActiveSupport::MessageVerifier::InvalidSignature
|
62
|
+
# @verifier.verify(token) # => raises ActiveSupport::MessageVerifier::InvalidSignature
|
63
|
+
#
|
64
|
+
# Likewise, if a message has no purpose it won't be returned when verifying with
|
65
|
+
# a specific purpose.
|
66
|
+
#
|
67
|
+
# token = @verifier.generate("signed message")
|
68
|
+
# @verifier.verified(token, purpose: :redirect) # => nil
|
69
|
+
# @verifier.verified(token) # => "signed message"
|
70
|
+
#
|
71
|
+
# @verifier.verify(token, purpose: :redirect) # => raises ActiveSupport::MessageVerifier::InvalidSignature
|
72
|
+
# @verifier.verify(token) # => "signed message"
|
73
|
+
#
|
74
|
+
# === Expiring messages
|
75
|
+
#
|
76
|
+
# By default messages last forever and verifying one year from now will still
|
77
|
+
# return the original value. But messages can be set to expire at a given
|
78
|
+
# time with +:expires_in+ or +:expires_at+.
|
79
|
+
#
|
80
|
+
# @verifier.generate("signed message", expires_in: 1.month)
|
81
|
+
# @verifier.generate("signed message", expires_at: Time.now.end_of_year)
|
82
|
+
#
|
83
|
+
# Messages can then be verified and returned until expiry.
|
84
|
+
# Thereafter, the +verified+ method returns +nil+ while +verify+ raises
|
85
|
+
# +ActiveSupport::MessageVerifier::InvalidSignature+.
|
86
|
+
#
|
87
|
+
# === Rotating keys
|
88
|
+
#
|
89
|
+
# MessageVerifier also supports rotating out old configurations by falling
|
90
|
+
# back to a stack of verifiers. Call +rotate+ to build and add a verifier so
|
91
|
+
# either +verified+ or +verify+ will also try verifying with the fallback.
|
92
|
+
#
|
93
|
+
# By default any rotated verifiers use the values of the primary
|
94
|
+
# verifier unless specified otherwise.
|
95
|
+
#
|
96
|
+
# You'd give your verifier the new defaults:
|
97
|
+
#
|
98
|
+
# verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA512", serializer: JSON)
|
99
|
+
#
|
100
|
+
# Then gradually rotate the old values out by adding them as fallbacks. Any message
|
101
|
+
# generated with the old values will then work until the rotation is removed.
|
102
|
+
#
|
103
|
+
# verifier.rotate(old_secret) # Fallback to an old secret instead of @secret.
|
104
|
+
# verifier.rotate(digest: "SHA256") # Fallback to an old digest instead of SHA512.
|
105
|
+
# verifier.rotate(serializer: Marshal) # Fallback to an old serializer instead of JSON.
|
106
|
+
#
|
107
|
+
# Though the above would most likely be combined into one rotation:
|
108
|
+
#
|
109
|
+
# verifier.rotate(old_secret, digest: "SHA256", serializer: Marshal)
|
110
|
+
class MessageVerifier < Messages::Codec
|
111
|
+
prepend Messages::Rotator
|
112
|
+
|
113
|
+
class InvalidSignature < StandardError; end
|
114
|
+
|
115
|
+
SEPARATOR = "--" # :nodoc:
|
116
|
+
SEPARATOR_LENGTH = SEPARATOR.length # :nodoc:
|
117
|
+
|
118
|
+
# Initialize a new MessageVerifier with a secret for the signature.
|
119
|
+
#
|
120
|
+
# ==== Options
|
121
|
+
#
|
122
|
+
# [+:digest+]
|
123
|
+
# Digest used for signing. The default is <tt>"SHA1"</tt>. See
|
124
|
+
# +OpenSSL::Digest+ for alternatives.
|
125
|
+
#
|
126
|
+
# [+:serializer+]
|
127
|
+
# The serializer used to serialize message data. You can specify any
|
128
|
+
# object that responds to +dump+ and +load+, or you can choose from
|
129
|
+
# several preconfigured serializers: +:marshal+, +:json_allow_marshal+,
|
130
|
+
# +:json+, +:message_pack_allow_marshal+, +:message_pack+.
|
131
|
+
#
|
132
|
+
# The preconfigured serializers include a fallback mechanism to support
|
133
|
+
# multiple deserialization formats. For example, the +:marshal+ serializer
|
134
|
+
# will serialize using +Marshal+, but can deserialize using +Marshal+,
|
135
|
+
# ActiveSupport::JSON, or ActiveSupport::MessagePack. This makes it easy
|
136
|
+
# to migrate between serializers.
|
137
|
+
#
|
138
|
+
# The +:marshal+, +:json_allow_marshal+, and +:message_pack_allow_marshal+
|
139
|
+
# serializers support deserializing using +Marshal+, but the others do
|
140
|
+
# not. Beware that +Marshal+ is a potential vector for deserialization
|
141
|
+
# attacks in cases where a message signing secret has been leaked. <em>If
|
142
|
+
# possible, choose a serializer that does not support +Marshal+.</em>
|
143
|
+
#
|
144
|
+
# The +:message_pack+ and +:message_pack_allow_marshal+ serializers use
|
145
|
+
# ActiveSupport::MessagePack, which can roundtrip some Ruby types that are
|
146
|
+
# not supported by JSON, and may provide improved performance. However,
|
147
|
+
# these require the +msgpack+ gem.
|
148
|
+
#
|
149
|
+
# When using \Rails, the default depends on +config.active_support.message_serializer+.
|
150
|
+
# Otherwise, the default is +:marshal+.
|
151
|
+
#
|
152
|
+
# [+:url_safe+]
|
153
|
+
# By default, MessageVerifier generates RFC 4648 compliant strings which are
|
154
|
+
# not URL-safe. In other words, they can contain "+" and "/". If you want to
|
155
|
+
# generate URL-safe strings (in compliance with "Base 64 Encoding with URL
|
156
|
+
# and Filename Safe Alphabet" in RFC 4648), you can pass +true+.
|
157
|
+
#
|
158
|
+
# [+:force_legacy_metadata_serializer+]
|
159
|
+
# Whether to use the legacy metadata serializer, which serializes the
|
160
|
+
# message first, then wraps it in an envelope which is also serialized. This
|
161
|
+
# was the default in \Rails 7.0 and below.
|
162
|
+
#
|
163
|
+
# If you don't pass a truthy value, the default is set using
|
164
|
+
# +config.active_support.use_message_serializer_for_metadata+.
|
165
|
+
def initialize(secret, **options)
|
166
|
+
raise ArgumentError, "Secret should not be nil." unless secret
|
167
|
+
super(**options)
|
168
|
+
@secret = secret
|
169
|
+
@digest = options[:digest]&.to_s || "SHA1"
|
170
|
+
end
|
171
|
+
|
172
|
+
# Checks if a signed message could have been generated by signing an object
|
173
|
+
# with the +MessageVerifier+'s secret.
|
174
|
+
#
|
175
|
+
# verifier = ActiveSupport::MessageVerifier.new("secret")
|
176
|
+
# signed_message = verifier.generate("signed message")
|
177
|
+
# verifier.valid_message?(signed_message) # => true
|
178
|
+
#
|
179
|
+
# tampered_message = signed_message.chop # editing the message invalidates the signature
|
180
|
+
# verifier.valid_message?(tampered_message) # => false
|
181
|
+
def valid_message?(message)
|
182
|
+
!!catch_and_ignore(:invalid_message_format) { extract_encoded(message) }
|
183
|
+
end
|
184
|
+
|
185
|
+
# Decodes the signed message using the +MessageVerifier+'s secret.
|
186
|
+
#
|
187
|
+
# verifier = ActiveSupport::MessageVerifier.new("secret")
|
188
|
+
#
|
189
|
+
# signed_message = verifier.generate("signed message")
|
190
|
+
# verifier.verified(signed_message) # => "signed message"
|
191
|
+
#
|
192
|
+
# Returns +nil+ if the message was not signed with the same secret.
|
193
|
+
#
|
194
|
+
# other_verifier = ActiveSupport::MessageVerifier.new("different_secret")
|
195
|
+
# other_verifier.verified(signed_message) # => nil
|
196
|
+
#
|
197
|
+
# Returns +nil+ if the message is not Base64-encoded.
|
198
|
+
#
|
199
|
+
# invalid_message = "f--46a0120593880c733a53b6dad75b42ddc1c8996d"
|
200
|
+
# verifier.verified(invalid_message) # => nil
|
201
|
+
#
|
202
|
+
# Raises any error raised while decoding the signed message.
|
203
|
+
#
|
204
|
+
# incompatible_message = "test--dad7b06c94abba8d46a15fafaef56c327665d5ff"
|
205
|
+
# verifier.verified(incompatible_message) # => TypeError: incompatible marshal file format
|
206
|
+
#
|
207
|
+
# ==== Options
|
208
|
+
#
|
209
|
+
# [+:purpose+]
|
210
|
+
# The purpose that the message was generated with. If the purpose does not
|
211
|
+
# match, +verified+ will return +nil+.
|
212
|
+
#
|
213
|
+
# message = verifier.generate("hello", purpose: "greeting")
|
214
|
+
# verifier.verified(message, purpose: "greeting") # => "hello"
|
215
|
+
# verifier.verified(message, purpose: "chatting") # => nil
|
216
|
+
# verifier.verified(message) # => nil
|
217
|
+
#
|
218
|
+
# message = verifier.generate("bye")
|
219
|
+
# verifier.verified(message) # => "bye"
|
220
|
+
# verifier.verified(message, purpose: "greeting") # => nil
|
221
|
+
#
|
222
|
+
def verified(message, **options)
|
223
|
+
catch_and_ignore :invalid_message_format do
|
224
|
+
catch_and_raise :invalid_message_serialization do
|
225
|
+
catch_and_ignore :invalid_message_content do
|
226
|
+
read_message(message, **options)
|
227
|
+
end
|
228
|
+
end
|
229
|
+
end
|
230
|
+
end
|
231
|
+
|
232
|
+
# Decodes the signed message using the +MessageVerifier+'s secret.
|
233
|
+
#
|
234
|
+
# verifier = ActiveSupport::MessageVerifier.new("secret")
|
235
|
+
# signed_message = verifier.generate("signed message")
|
236
|
+
#
|
237
|
+
# verifier.verify(signed_message) # => "signed message"
|
238
|
+
#
|
239
|
+
# Raises +InvalidSignature+ if the message was not signed with the same
|
240
|
+
# secret or was not Base64-encoded.
|
241
|
+
#
|
242
|
+
# other_verifier = ActiveSupport::MessageVerifier.new("different_secret")
|
243
|
+
# other_verifier.verify(signed_message) # => ActiveSupport::MessageVerifier::InvalidSignature
|
244
|
+
#
|
245
|
+
# ==== Options
|
246
|
+
#
|
247
|
+
# [+:purpose+]
|
248
|
+
# The purpose that the message was generated with. If the purpose does not
|
249
|
+
# match, +verify+ will raise ActiveSupport::MessageVerifier::InvalidSignature.
|
250
|
+
#
|
251
|
+
# message = verifier.generate("hello", purpose: "greeting")
|
252
|
+
# verifier.verify(message, purpose: "greeting") # => "hello"
|
253
|
+
# verifier.verify(message, purpose: "chatting") # => raises InvalidSignature
|
254
|
+
# verifier.verify(message) # => raises InvalidSignature
|
255
|
+
#
|
256
|
+
# message = verifier.generate("bye")
|
257
|
+
# verifier.verify(message) # => "bye"
|
258
|
+
# verifier.verify(message, purpose: "greeting") # => raises InvalidSignature
|
259
|
+
#
|
260
|
+
def verify(message, **options)
|
261
|
+
catch_and_raise :invalid_message_format, as: InvalidSignature do
|
262
|
+
catch_and_raise :invalid_message_serialization do
|
263
|
+
catch_and_raise :invalid_message_content, as: InvalidSignature do
|
264
|
+
read_message(message, **options)
|
265
|
+
end
|
266
|
+
end
|
267
|
+
end
|
268
|
+
end
|
269
|
+
|
270
|
+
# Generates a signed message for the provided value.
|
271
|
+
#
|
272
|
+
# The message is signed with the +MessageVerifier+'s secret.
|
273
|
+
# Returns Base64-encoded message joined with the generated signature.
|
274
|
+
#
|
275
|
+
# verifier = ActiveSupport::MessageVerifier.new("secret")
|
276
|
+
# verifier.generate("signed message") # => "BAhJIhNzaWduZWQgbWVzc2FnZQY6BkVU--f67d5f27c3ee0b8483cebf2103757455e947493b"
|
277
|
+
#
|
278
|
+
# ==== Options
|
279
|
+
#
|
280
|
+
# [+:expires_at+]
|
281
|
+
# The datetime at which the message expires. After this datetime,
|
282
|
+
# verification of the message will fail.
|
283
|
+
#
|
284
|
+
# message = verifier.generate("hello", expires_at: Time.now.tomorrow)
|
285
|
+
# verifier.verified(message) # => "hello"
|
286
|
+
# # 24 hours later...
|
287
|
+
# verifier.verified(message) # => nil
|
288
|
+
# verifier.verify(message) # => raises ActiveSupport::MessageVerifier::InvalidSignature
|
289
|
+
#
|
290
|
+
# [+:expires_in+]
|
291
|
+
# The duration for which the message is valid. After this duration has
|
292
|
+
# elapsed, verification of the message will fail.
|
293
|
+
#
|
294
|
+
# message = verifier.generate("hello", expires_in: 24.hours)
|
295
|
+
# verifier.verified(message) # => "hello"
|
296
|
+
# # 24 hours later...
|
297
|
+
# verifier.verified(message) # => nil
|
298
|
+
# verifier.verify(message) # => raises ActiveSupport::MessageVerifier::InvalidSignature
|
299
|
+
#
|
300
|
+
# [+:purpose+]
|
301
|
+
# The purpose of the message. If specified, the same purpose must be
|
302
|
+
# specified when verifying the message; otherwise, verification will fail.
|
303
|
+
# (See #verified and #verify.)
|
304
|
+
def generate(value, **options)
|
305
|
+
create_message(value, **options)
|
306
|
+
end
|
307
|
+
|
308
|
+
def create_message(value, **options) # :nodoc:
|
309
|
+
sign_encoded(encode(serialize_with_metadata(value, **options)))
|
310
|
+
end
|
311
|
+
|
312
|
+
def read_message(message, **options) # :nodoc:
|
313
|
+
deserialize_with_metadata(decode(extract_encoded(message)), **options)
|
314
|
+
end
|
315
|
+
|
316
|
+
def inspect # :nodoc:
|
317
|
+
"#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
|
318
|
+
end
|
319
|
+
|
320
|
+
private
|
321
|
+
def sign_encoded(encoded)
|
322
|
+
digest = generate_digest(encoded)
|
323
|
+
encoded << SEPARATOR << digest
|
324
|
+
end
|
325
|
+
|
326
|
+
def extract_encoded(signed)
|
327
|
+
if signed.nil? || !signed.valid_encoding?
|
328
|
+
throw :invalid_message_format, "invalid message string"
|
329
|
+
end
|
330
|
+
|
331
|
+
if separator_index = separator_index_for(signed)
|
332
|
+
encoded = signed[0, separator_index]
|
333
|
+
digest = signed[separator_index + SEPARATOR_LENGTH, digest_length_in_hex]
|
334
|
+
end
|
335
|
+
|
336
|
+
unless digest_matches_data?(digest, encoded)
|
337
|
+
throw :invalid_message_format, "mismatched digest"
|
338
|
+
end
|
339
|
+
|
340
|
+
encoded
|
341
|
+
end
|
342
|
+
|
343
|
+
def generate_digest(data)
|
344
|
+
OpenSSL::HMAC.hexdigest(@digest, @secret, data)
|
345
|
+
end
|
346
|
+
|
347
|
+
def digest_length_in_hex
|
348
|
+
# In hexadecimal (AKA base16) it takes 4 bits to represent a character,
|
349
|
+
# hence we multiply the digest's length (in bytes) by 8 to get it in
|
350
|
+
# bits and divide by 4 to get its number of characters it hex. Well, 8
|
351
|
+
# divided by 4 is 2.
|
352
|
+
@digest_length_in_hex ||= OpenSSL::Digest.new(@digest).digest_length * 2
|
353
|
+
end
|
354
|
+
|
355
|
+
def separator_at?(signed_message, index)
|
356
|
+
signed_message[index, SEPARATOR_LENGTH] == SEPARATOR
|
357
|
+
end
|
358
|
+
|
359
|
+
def separator_index_for(signed_message)
|
360
|
+
index = signed_message.length - digest_length_in_hex - SEPARATOR_LENGTH
|
361
|
+
index unless index.negative? || !separator_at?(signed_message, index)
|
362
|
+
end
|
363
|
+
|
364
|
+
def digest_matches_data?(digest, data)
|
365
|
+
data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data))
|
366
|
+
end
|
367
|
+
end
|
368
|
+
end
|
@@ -0,0 +1,135 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "active_support/messages/rotation_coordinator"
|
4
|
+
|
5
|
+
module ActiveSupport
|
6
|
+
class MessageVerifiers < Messages::RotationCoordinator
|
7
|
+
##
|
8
|
+
# :attr_accessor: transitional
|
9
|
+
#
|
10
|
+
# If true, the first two rotation option sets are swapped when building
|
11
|
+
# message verifiers. For example, with the following configuration, message
|
12
|
+
# verifiers will generate messages using <tt>serializer: Marshal, url_safe: true</tt>,
|
13
|
+
# and will able to verify messages that were generated using any of the
|
14
|
+
# three option sets:
|
15
|
+
#
|
16
|
+
# verifiers = ActiveSupport::MessageVerifiers.new { ... }
|
17
|
+
# verifiers.rotate(serializer: JSON, url_safe: true)
|
18
|
+
# verifiers.rotate(serializer: Marshal, url_safe: true)
|
19
|
+
# verifiers.rotate(serializer: Marshal, url_safe: false)
|
20
|
+
# verifiers.transitional = true
|
21
|
+
#
|
22
|
+
# This can be useful when performing a rolling deploy of an application,
|
23
|
+
# wherein servers that have not yet been updated must still be able to
|
24
|
+
# verify messages from updated servers. In such a scenario, first perform a
|
25
|
+
# rolling deploy with the new rotation (e.g. <tt>serializer: JSON, url_safe: true</tt>)
|
26
|
+
# as the first rotation and <tt>transitional = true</tt>. Then, after all
|
27
|
+
# servers have been updated, perform a second rolling deploy with
|
28
|
+
# <tt>transitional = false</tt>.
|
29
|
+
|
30
|
+
##
|
31
|
+
# :method: initialize
|
32
|
+
# :call-seq: initialize(&secret_generator)
|
33
|
+
#
|
34
|
+
# Initializes a new instance. +secret_generator+ must accept a salt, and
|
35
|
+
# return a suitable secret (string). +secret_generator+ may also accept
|
36
|
+
# arbitrary kwargs. If #rotate is called with any options matching those
|
37
|
+
# kwargs, those options will be passed to +secret_generator+ instead of to
|
38
|
+
# the message verifier.
|
39
|
+
#
|
40
|
+
# verifiers = ActiveSupport::MessageVerifiers.new do |salt, base:|
|
41
|
+
# MySecretGenerator.new(base).generate(salt)
|
42
|
+
# end
|
43
|
+
#
|
44
|
+
# verifiers.rotate(base: "...")
|
45
|
+
|
46
|
+
##
|
47
|
+
# :method: []
|
48
|
+
# :call-seq: [](salt)
|
49
|
+
#
|
50
|
+
# Returns a MessageVerifier configured with a secret derived from the
|
51
|
+
# given +salt+, and options from #rotate. MessageVerifier instances will
|
52
|
+
# be memoized, so the same +salt+ will return the same instance.
|
53
|
+
|
54
|
+
##
|
55
|
+
# :method: []=
|
56
|
+
# :call-seq: []=(salt, verifier)
|
57
|
+
#
|
58
|
+
# Overrides a MessageVerifier instance associated with a given +salt+.
|
59
|
+
|
60
|
+
##
|
61
|
+
# :method: rotate
|
62
|
+
# :call-seq: rotate(**options)
|
63
|
+
#
|
64
|
+
# Adds +options+ to the list of option sets. Messages will be signed using
|
65
|
+
# the first set in the list. When verifying, however, each set will be
|
66
|
+
# tried, in order, until one succeeds.
|
67
|
+
#
|
68
|
+
# Notably, the +:secret_generator+ option can specify a different secret
|
69
|
+
# generator than the one initially specified. The secret generator must
|
70
|
+
# respond to +call+, accept a salt, and return a suitable secret (string).
|
71
|
+
# The secret generator may also accept arbitrary kwargs.
|
72
|
+
#
|
73
|
+
# If any options match the kwargs of the operative secret generator, those
|
74
|
+
# options will be passed to the secret generator instead of to the message
|
75
|
+
# verifier.
|
76
|
+
#
|
77
|
+
# For fine-grained per-salt rotations, a block form is supported. The block
|
78
|
+
# will receive the salt, and should return an appropriate options Hash. The
|
79
|
+
# block may also return +nil+ to indicate that the rotation does not apply
|
80
|
+
# to the given salt. For example:
|
81
|
+
#
|
82
|
+
# verifiers = ActiveSupport::MessageVerifiers.new { ... }
|
83
|
+
#
|
84
|
+
# verifiers.rotate do |salt|
|
85
|
+
# case salt
|
86
|
+
# when :foo
|
87
|
+
# { serializer: JSON, url_safe: true }
|
88
|
+
# when :bar
|
89
|
+
# { serializer: Marshal, url_safe: true }
|
90
|
+
# end
|
91
|
+
# end
|
92
|
+
#
|
93
|
+
# verifiers.rotate(serializer: Marshal, url_safe: false)
|
94
|
+
#
|
95
|
+
# # Uses `serializer: JSON, url_safe: true`.
|
96
|
+
# # Falls back to `serializer: Marshal, url_safe: false`.
|
97
|
+
# verifiers[:foo]
|
98
|
+
#
|
99
|
+
# # Uses `serializer: Marshal, url_safe: true`.
|
100
|
+
# # Falls back to `serializer: Marshal, url_safe: false`.
|
101
|
+
# verifiers[:bar]
|
102
|
+
#
|
103
|
+
# # Uses `serializer: Marshal, url_safe: false`.
|
104
|
+
# verifiers[:baz]
|
105
|
+
|
106
|
+
##
|
107
|
+
# :method: rotate_defaults
|
108
|
+
# :call-seq: rotate_defaults
|
109
|
+
#
|
110
|
+
# Invokes #rotate with the default options.
|
111
|
+
|
112
|
+
##
|
113
|
+
# :method: clear_rotations
|
114
|
+
# :call-seq: clear_rotations
|
115
|
+
#
|
116
|
+
# Clears the list of option sets.
|
117
|
+
|
118
|
+
##
|
119
|
+
# :method: on_rotation
|
120
|
+
# :call-seq: on_rotation(&callback)
|
121
|
+
#
|
122
|
+
# Sets a callback to invoke when a message is verified using an option set
|
123
|
+
# other than the first.
|
124
|
+
#
|
125
|
+
# For example, this callback could log each time it is called, and thus
|
126
|
+
# indicate whether old option sets are still in use or can be removed from
|
127
|
+
# rotation.
|
128
|
+
|
129
|
+
##
|
130
|
+
private
|
131
|
+
def build(salt, secret_generator:, secret_generator_options:, **options)
|
132
|
+
MessageVerifier.new(secret_generator.call(salt, **secret_generator_options), **options)
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "active_support/core_ext/class/attribute"
|
4
|
+
require_relative "metadata"
|
5
|
+
require_relative "serializer_with_fallback"
|
6
|
+
|
7
|
+
module ActiveSupport
|
8
|
+
module Messages # :nodoc:
|
9
|
+
class Codec # :nodoc:
|
10
|
+
include Metadata
|
11
|
+
|
12
|
+
class_attribute :default_serializer, default: :marshal,
|
13
|
+
instance_accessor: false, instance_predicate: false
|
14
|
+
|
15
|
+
def initialize(**options)
|
16
|
+
@serializer = options[:serializer] || self.class.default_serializer
|
17
|
+
@serializer = SerializerWithFallback[@serializer] if @serializer.is_a?(Symbol)
|
18
|
+
@url_safe = options[:url_safe]
|
19
|
+
@force_legacy_metadata_serializer = options[:force_legacy_metadata_serializer]
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
attr_reader :serializer
|
24
|
+
|
25
|
+
def encode(data, url_safe: @url_safe)
|
26
|
+
url_safe ? ::Base64.urlsafe_encode64(data, padding: false) : ::Base64.strict_encode64(data)
|
27
|
+
end
|
28
|
+
|
29
|
+
def decode(encoded, url_safe: @url_safe)
|
30
|
+
url_safe ? ::Base64.urlsafe_decode64(encoded) : ::Base64.strict_decode64(encoded)
|
31
|
+
rescue StandardError => error
|
32
|
+
throw :invalid_message_format, error
|
33
|
+
end
|
34
|
+
|
35
|
+
def serialize(data)
|
36
|
+
serializer.dump(data)
|
37
|
+
end
|
38
|
+
|
39
|
+
def deserialize(serialized)
|
40
|
+
serializer.load(serialized)
|
41
|
+
rescue StandardError => error
|
42
|
+
throw :invalid_message_serialization, error
|
43
|
+
end
|
44
|
+
|
45
|
+
def catch_and_ignore(throwable, &block)
|
46
|
+
catch throwable do
|
47
|
+
return block.call
|
48
|
+
end
|
49
|
+
nil
|
50
|
+
end
|
51
|
+
|
52
|
+
def catch_and_raise(throwable, as: nil, &block)
|
53
|
+
error = catch throwable do
|
54
|
+
return block.call
|
55
|
+
end
|
56
|
+
error = as.new(error.to_s) if as
|
57
|
+
raise error
|
58
|
+
end
|
59
|
+
|
60
|
+
def use_message_serializer_for_metadata?
|
61
|
+
!@force_legacy_metadata_serializer && super
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|