Skip to content

Commit

Permalink
Ensure #signed_id outputs url_safe strings (rails#49507)
Browse files Browse the repository at this point in the history
  • Loading branch information
@terracatta
terracatta authored Oct 6, 2023
1 parent 8f312ff commit fc5c8d0
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 1 deletion.
3 changes: 3 additions & 0 deletions activerecord/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
* Ensure `#signed_id` outputs `url_safe` strings.

*Jason Meller*

Please check [7-1-stable](https://github.com/rails/rails/blob/7-1-stable/activerecord/CHANGELOG.md) for previous changes.
2 changes: 1 addition & 1 deletion activerecord/lib/active_record/signed_id.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ def signed_id_verifier
if secret.nil?
raise ArgumentError, "You must set ActiveRecord::Base.signed_id_verifier_secret to use signed ids"
else
ActiveSupport::MessageVerifier.new secret, digest: "SHA256", serializer: JSON
ActiveSupport::MessageVerifier.new secret, digest: "SHA256", serializer: JSON, url_safe: true
end
end
end
Expand Down
5 changes: 5 additions & 0 deletions activerecord/test/cases/signed_id_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,11 @@ def set_signed_id
ActiveRecord::Base.signed_id_verifier_secret = SIGNED_ID_VERIFIER_TEST_SECRET
end

test "always output url_safe" do
signed_id = @account.signed_id(purpose: "~~~~~~~~~")
assert_not signed_id.include?("+")
end

test "use a custom verifier" do
old_verifier = Account.signed_id_verifier
Account.signed_id_verifier = ActiveSupport::MessageVerifier.new("sekret")
Expand Down

0 comments on commit fc5c8d0

Please sign in to comment.