Merge pull request #17604 from rymohr/message-verifier-case-sensitivity

Abstract encoding strategy for ActiveSupport::MessageVerifier

Merge pull request #17604 from rymohr/message-verifier-case-sensitivity
Abstract encoding strategy for ActiveSupport::MessageVerifier
77ed79b8 · Santiago Pastorino · 6ff78469 · 8573de4d · 77ed79b8
隐藏空白更改
内联并排

Showing with 10 addition and 2 deletion

activesupport/lib/active_support/message_verifier.rb activesupport/lib/active_support/message_verifier.rb +10 -2

未找到文件。
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -40,7 +40,7 @@ def verify(signed_message)
      data, digest = signed_message.split("--")
      if data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data))
        begin
-          @serializer.load(::Base64.strict_decode64(data))
+          @serializer.load(decode(data))
        rescue ArgumentError => argument_error
          raise InvalidSignature if argument_error.message =~ %r{invalid base64}
          raise
@@ -51,11 +51,19 @@ def verify(signed_message)
    end

    def generate(value)
-      data = ::Base64.strict_encode64(@serializer.dump(value))
+      data = encode(@serializer.dump(value))
      "#{data}--#{generate_digest(data)}"
    end

    private
+      def encode(data)
+        ::Base64.strict_encode64(data)
+      end
+
+      def decode(data)
+        ::Base64.strict_decode64(data)
+      end
+
      def generate_digest(data)
        require 'openssl' unless defined?(OpenSSL)
        OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get(@digest).new, @secret, data)