Parent

Object

Class Index [+]

Quicksearch

ActiveSupport::MessageVerifier

MessageVerifier makes it easy to generate and verify messages which are signed to prevent tampering.

This is useful for cases like remember-me tokens and auto-unsubscribe links where the session store isn’t suitable or available.

Remember Me: 

  cookies[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])

In the authentication filter: 

  id, time = @verifier.verify(cookies[:remember_me])
  if time < Time.now
    self.current_user = User.find(id)
  end

Public Class Methods

new(secret, digest = 'SHA1') click to toggle source 
    # File lib/active_support/message_verifier.rb, line 24
24:     def initialize(secret, digest = 'SHA1')
25:       @secret = secret
26:       @digest = digest
27:     end

Public Instance Methods

generate(value) click to toggle source 
    # File lib/active_support/message_verifier.rb, line 40
40:     def generate(value)
41:       data = ActiveSupport::Base64.encode64s(Marshal.dump(value))
42:       "#{data}--#{generate_digest(data)}"
43:     end
verify(signed_message) click to toggle source 
    # File lib/active_support/message_verifier.rb, line 29
29:     def verify(signed_message)
30:       raise InvalidSignature if signed_message.blank?
31: 
32:       data, digest = signed_message.split("--")
33:       if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
34:         Marshal.load(ActiveSupport::Base64.decode64(data))
35:       else
36:         raise InvalidSignature
37:       end
38:     end

Private Instance Methods

generate_digest(data) click to toggle source 
    # File lib/active_support/message_verifier.rb, line 57
57:       def generate_digest(data)
58:         require 'openssl' unless defined?(OpenSSL)
59:         OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get(@digest).new, @secret, data)
60:       end
secure_compare(a, b) click to toggle source

constant-time comparison algorithm to prevent timing attacks 

    # File lib/active_support/message_verifier.rb, line 47
47:       def secure_compare(a, b)
48:         return false unless a.bytesize == b.bytesize
49: 
50:         l = a.unpack "C#{a.bytesize}"
51: 
52:         res = 0
53:         b.each_byte { |byte| res |= byte ^ l.shift }
54:         res == 0
55:       end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.