Specify verification purposes

15efa672 · David Heinemeier Hansson · 58895604 · 15efa672 · 15efa672 · 15efa672
6 changed file
--- a/app/controllers/active_storage/disk_controller.rb
+++ b/app/controllers/active_storage/disk_controller.rb
@@ -24,7 +24,7 @@ def disk_service
    end

    def decode_verified_key
-      ActiveStorage.verifier.verified(params[:encoded_key])
+      ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
    end

    def disposition_param

--- a/app/models/active_storage/blob.rb
+++ b/app/models/active_storage/blob.rb
@@ -15,7 +15,7 @@ class ActiveStorage::Blob < ActiveRecord::Base

  class << self
    def find_signed(id)
-      find ActiveStorage.verifier.verify(id)
+      find ActiveStorage.verifier.verify(id, purpose: :blob_id)
    end

    def build_after_upload(io:, filename:, content_type: nil, metadata: nil)
@@ -39,7 +39,7 @@ def create_before_direct_upload!(filename:, byte_size:, checksum:, content_type:


  def signed_id
-    ActiveStorage.verifier.generate(id)
+    ActiveStorage.verifier.generate(id, purpose: :blob_id)
  end

  def key

--- a/app/models/active_storage/service/disk_service.rb
+++ b/app/models/active_storage/service/disk_service.rb
@@ -53,7 +53,7 @@ def exist?(key)

  def url(key, expires_in:, disposition:, filename:)
    instrument :url, key do |payload|
-      verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in)
+      verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in, purpose: :blob_key)

      generated_url =
        if defined?(Rails) && defined?(Rails.application)

--- a/app/models/active_storage/variation.rb
+++ b/app/models/active_storage/variation.rb
@@ -6,11 +6,11 @@ class ActiveStorage::Variation

  class << self
    def decode(key)
-      new ActiveStorage.verifier.verify(key)
+      new ActiveStorage.verifier.verify(key, purpose: :variation)
    end

    def encode(transformations)
-      ActiveStorage.verifier.generate(transformations)
+      ActiveStorage.verifier.generate(transformations, purpose: :variation)
    end
  end


--- a/test/controllers/disk_controller_test.rb
+++ b/test/controllers/disk_controller_test.rb
@@ -11,13 +11,13 @@ class ActiveStorage::DiskControllerTest < ActionController::TestCase
  end

  test "showing blob inline" do
-    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes) }
+    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key) }
    assert_equal "inline; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
    assert_equal "text/plain", @response.headers["Content-Type"]
  end

  test "sending blob as attachment" do
-    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes), disposition: :attachment }
+    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key), disposition: :attachment }
    assert_equal "attachment; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
    assert_equal "text/plain", @response.headers["Content-Type"]
  end

--- a/test/models/blob_test.rb
+++ b/test/models/blob_test.rb
@@ -35,6 +35,6 @@ class ActiveStorage::BlobTest < ActiveSupport::TestCase

  private
    def expected_url_for(blob, disposition: :inline)
-      "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes)}/#{blob.filename}?disposition=#{disposition}"
+      "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes, purpose: :blob_key)}/#{blob.filename}?disposition=#{disposition}"
    end
 end