Merge pull request #20440 from repinel/fix-message-verifier-encoding-issue
Fix the message verifier encoding issue
This commit is contained in:
commit
c5152dd803
@ -44,7 +44,7 @@ def initialize(secret, options = {})
|
||||
# tampered_message = signed_message.chop # editing the message invalidates the signature
|
||||
# verifier.valid_message?(tampered_message) # => false
|
||||
def valid_message?(signed_message)
|
||||
return if signed_message.blank?
|
||||
return if signed_message.nil? || !signed_message.valid_encoding? || signed_message.blank?
|
||||
|
||||
data, digest = signed_message.split("--")
|
||||
data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data))
|
||||
|
@ -24,6 +24,7 @@ def test_valid_message
|
||||
data, hash = @verifier.generate(@data).split("--")
|
||||
assert !@verifier.valid_message?(nil)
|
||||
assert !@verifier.valid_message?("")
|
||||
assert !@verifier.valid_message?("\xff") # invalid encoding
|
||||
assert !@verifier.valid_message?("#{data.reverse}--#{hash}")
|
||||
assert !@verifier.valid_message?("#{data}--#{hash.reverse}")
|
||||
assert !@verifier.valid_message?("purejunk")
|
||||
|
Loading…
Reference in New Issue
Block a user