Class: ActiveSupport::MessageVerifier

MessageVerifier makes it easy to generate and verify messages which are signed to prevent tampering.

This is useful for cases like remember-me tokens and auto-unsubscribe links where the session store isn‘t suitable or available.

Remember Me:

  cookies[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])

In the authentication filter:

  id, time = @verifier.verify(cookies[:remember_me])
  if time < Time.now
    self.current_user = User.find(id)
  end

Methods

generate
new
verify

Classes and Modules

Class ActiveSupport::MessageVerifier::InvalidSignature

Public Class methods

new(secret, digest = 'SHA1')

[ show source ]

    # File activesupport/lib/active_support/message_verifier.rb, line 21
21:     def initialize(secret, digest = 'SHA1')
22:       @secret = secret
23:       @digest = digest
24:     end

Public Instance methods

generate(value)

[ show source ]

    # File activesupport/lib/active_support/message_verifier.rb, line 37
37:     def generate(value)
38:       data = ActiveSupport::Base64.encode64s(Marshal.dump(value))
39:       "#{data}--#{generate_digest(data)}"
40:     end

verify(signed_message)

[ show source ]

    # File activesupport/lib/active_support/message_verifier.rb, line 26
26:     def verify(signed_message)
27:       raise InvalidSignature if signed_message.blank?
28: 
29:       data, digest = signed_message.split("--")
30:       if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
31:         Marshal.load(ActiveSupport::Base64.decode64(data))
32:       else
33:         raise InvalidSignature
34:       end
35:     end