MessageVerifier makes it easy to generate and verify messages
which are signed to prevent tampering.
This is useful for cases like remember-me tokens and auto-unsubscribe links where the session store isn't suitable or available.
Remember Me:
cookies[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])
In the authentication filter:
id, time = @verifier.verify(cookies[:remember_me]) if time < Time.now self.current_user = User.find(id) end
By default it uses Marshal to serialize the message. If you want to use another serialization method, you can set the serializer attribute to something that responds to dump and load, e.g.:
@verifier.serializer = YAML
Namespace
Methods
Class Public methods
new(secret, options = {})
Link
# File activesupport/lib/active_support/message_verifier.rb, line 29 def initialize(secret, options = {}) unless options.is_a?(Hash) ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :digest => 'algorithm' to specify the digest algorithm." options = { :digest => options } end @secret = secret @digest = options[:digest] || 'SHA1' @serializer = options[:serializer] || Marshal end
Instance Public methods
generate(value)
Link
verify(signed_message)
Link
# File activesupport/lib/active_support/message_verifier.rb, line 40 def verify(signed_message) raise InvalidSignature if signed_message.blank? data, digest = signed_message.split("--") if data.present? && digest.present? && secure_compare(digest, generate_digest(data)) @serializer.load(::Base64.decode64(data)) else raise InvalidSignature end end