class ActiveSupport::MessageVerifier

@verifier = ActiveSupport::MessageVerifier.new(‘s3Krit’, serializer: YAML)
hash upon initialization:
another serialization method, you can set the serializer in the options
By default it uses Marshal to serialize the message. If you want to use
end
self.current_user = User.find(id)
if time < Time.now
id, time = @verifier.verify(cookies)
In the authentication filter:<br><br>cookies = @verifier.generate([@user.id, 2.weeks.from_now])
Remember Me:
where the session store isn’t suitable or available.
This is useful for cases like remember-me tokens and auto-unsubscribe links
signed to prevent tampering.
MessageVerifier makes it easy to generate and verify messages which are

def generate(value)

def generate(value)
  data = ::Base64.strict_encode64(@serializer.dump(value))
  "#{data}--#{generate_digest(data)}"
end

def generate_digest(data)

def generate_digest(data)
  require 'openssl' unless defined?(OpenSSL)
  OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get(@digest).new, @secret, data)
end

def initialize(secret, options = {})

def initialize(secret, options = {})
  @secret = secret
  @digest = options[:digest] || 'SHA1'
  @serializer = options[:serializer] || Marshal
end

def secure_compare(a, b)

constant-time comparison algorithm to prevent timing attacks

def secure_compare(a, b)
  return false unless a.bytesize == b.bytesize
  l = a.unpack "C#{a.bytesize}"
  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

def verify(signed_message)

def verify(signed_message)
  raise InvalidSignature if signed_message.blank?
  data, digest = signed_message.split("--")
  if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
    @serializer.load(::Base64.decode64(data))
  else
    raise InvalidSignature
  end
end

Namespace

ActiveSupport

Classes in this namespace

ActiveSupport::MessageVerifier::InvalidSignature

Instance Methods

Defined in

lib/active_support/message_verifier.rb