From 15efa6720f9dc6efe27c717d9e32b31b2d45b7b8 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sun, 23 Jul 2017 15:51:01 -0500
Subject: [PATCH] Specify verification purposes

---
 app/controllers/active_storage/disk_controller.rb | 2 +-
 app/models/active_storage/blob.rb                 | 4 ++--
 app/models/active_storage/service/disk_service.rb | 2 +-
 app/models/active_storage/variation.rb            | 4 ++--
 test/controllers/disk_controller_test.rb          | 4 ++--
 test/models/blob_test.rb                          | 2 +-
 6 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/app/controllers/active_storage/disk_controller.rb b/app/controllers/active_storage/disk_controller.rb
index 7269239216..a42b4833a7 100644
--- a/app/controllers/active_storage/disk_controller.rb
+++ b/app/controllers/active_storage/disk_controller.rb
@@ -24,7 +24,7 @@ def disk_service
     end
 
     def decode_verified_key
-      ActiveStorage.verifier.verified(params[:encoded_key])
+      ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
     end
 
     def disposition_param
diff --git a/app/models/active_storage/blob.rb b/app/models/active_storage/blob.rb
index 7b45d3ad25..fdf9a2c37d 100644
--- a/app/models/active_storage/blob.rb
+++ b/app/models/active_storage/blob.rb
@@ -15,7 +15,7 @@ class ActiveStorage::Blob < ActiveRecord::Base
 
   class << self
     def find_signed(id)
-      find ActiveStorage.verifier.verify(id)
+      find ActiveStorage.verifier.verify(id, purpose: :blob_id)
     end
 
     def build_after_upload(io:, filename:, content_type: nil, metadata: nil)
@@ -39,7 +39,7 @@ def create_before_direct_upload!(filename:, byte_size:, checksum:, content_type:
 
 
   def signed_id
-    ActiveStorage.verifier.generate(id)
+    ActiveStorage.verifier.generate(id, purpose: :blob_id)
   end
 
   def key
diff --git a/app/models/active_storage/service/disk_service.rb b/app/models/active_storage/service/disk_service.rb
index c7c45e2146..59b180d0e8 100644
--- a/app/models/active_storage/service/disk_service.rb
+++ b/app/models/active_storage/service/disk_service.rb
@@ -53,7 +53,7 @@ def exist?(key)
 
   def url(key, expires_in:, disposition:, filename:)
     instrument :url, key do |payload|
-      verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in)
+      verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in, purpose: :blob_key)
 
       generated_url =
         if defined?(Rails) && defined?(Rails.application)
diff --git a/app/models/active_storage/variation.rb b/app/models/active_storage/variation.rb
index b37397fcad..45274006a2 100644
--- a/app/models/active_storage/variation.rb
+++ b/app/models/active_storage/variation.rb
@@ -6,11 +6,11 @@ class ActiveStorage::Variation
 
   class << self
     def decode(key)
-      new ActiveStorage.verifier.verify(key)
+      new ActiveStorage.verifier.verify(key, purpose: :variation)
     end
 
     def encode(transformations)
-      ActiveStorage.verifier.generate(transformations)
+      ActiveStorage.verifier.generate(transformations, purpose: :variation)
     end
   end
 
diff --git a/test/controllers/disk_controller_test.rb b/test/controllers/disk_controller_test.rb
index c427942c57..58c56d2d0b 100644
--- a/test/controllers/disk_controller_test.rb
+++ b/test/controllers/disk_controller_test.rb
@@ -11,13 +11,13 @@ class ActiveStorage::DiskControllerTest < ActionController::TestCase
   end
 
   test "showing blob inline" do
-    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes) }
+    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key) }
     assert_equal "inline; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
     assert_equal "text/plain", @response.headers["Content-Type"]
   end
 
   test "sending blob as attachment" do
-    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes), disposition: :attachment }
+    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key), disposition: :attachment }
     assert_equal "attachment; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
     assert_equal "text/plain", @response.headers["Content-Type"]
   end
diff --git a/test/models/blob_test.rb b/test/models/blob_test.rb
index 45c8b7168f..8a3d0e8124 100644
--- a/test/models/blob_test.rb
+++ b/test/models/blob_test.rb
@@ -35,6 +35,6 @@ class ActiveStorage::BlobTest < ActiveSupport::TestCase
 
   private
     def expected_url_for(blob, disposition: :inline)
-      "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes)}/#{blob.filename}?disposition=#{disposition}"
+      "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes, purpose: :blob_key)}/#{blob.filename}?disposition=#{disposition}"
     end
 end
-- 
GitLab