Guest User

Untitled

a guest
Nov 20th, 2018
104
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.37 KB | None | 0 0
  1. class YAMLVerifier < ActiveSupport::MessageVerifier
  2. def verify(signed_message)
  3. raise InvalidSignature if signed_message.blank?
  4.  
  5. data, digest = signed_message.split("--")
  6. if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
  7. # First load with @serializer (YAML), if there is a YAML syntax error, then decode with JSON
  8. begin
  9. @serializer.load(::Base64.decode64(data))
  10. rescue Psych::SyntaxError
  11. Rails.logger.info "Caught YAML syntax error. Decoding with JSON."
  12. ActiveSupport::JSON.decode(Base64.decode64(data.gsub('%3D','=')))
  13. end
  14. else
  15. raise InvalidSignature
  16. end
  17. end
  18.  
  19. def generate(value)
  20. data = ::Base64.strict_encode64(@serializer.dump(convert(value)))
  21. "#{data}--#{generate_digest(data)}"
  22. end
  23.  
  24.  
  25. def convert(value)
  26. # If it isn't present, add in session_expiry to support django
  27. if value.is_a?(Hash)
  28. if !value.has_key?("_session_expiry")
  29. value['_session_expiry'] = (Time.now() + 30*86400).strftime("%s") # expire in 30 days
  30. end
  31. end
  32.  
  33. return value
  34. end
  35. end
  36.  
  37.  
  38. module ActionDispatch
  39. class Cookies
  40. class SignedCookieJar
  41. def initialize(parent_jar, secret)
  42. ensure_secret_secure(secret)
  43. @parent_jar = parent_jar
  44. @verifier = YAMLVerifier.new(secret, serializer: YAML)
  45. end
  46. end
  47. end
  48. end
Add Comment
Please, Sign In to add comment