Revert "Revert "Merge pull request rails#42843 from buckley-w-david/message-verifier-default-serializer""

This reverts commit fd4e63c.

Author: tenderlove

activestorage/app/controllers/active_storage/disk_controller.rb

@@ -42,11 +42,13 @@ def named_disk_service(name)
     end
 
     def decode_verified_key
-      ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
+      key = ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
+      key&.deep_symbolize_keys
     end
 
     def decode_verified_token
-      ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
+      token = ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
+      token&.deep_symbolize_keys
     end
 
     def acceptable_content?(token)

activesupport/lib/active_support/message_verifier.rb

@@ -72,7 +72,7 @@ module ActiveSupport
   #
   # === Alternative serializers
   #
-  # By default MessageVerifier uses Marshal to serialize the message. If you want to use
+  # By default MessageVerifier uses JSON to serialize the message. If you want to use
   # another serialization method, you can set the serializer in the options
   # hash upon initialization:
   #
@@ -115,11 +115,20 @@ class InvalidSignature < StandardError; end
     SEPARATOR = "--" # :nodoc:
     SEPARATOR_LENGTH = SEPARATOR.length # :nodoc:
 
+    cattr_accessor :default_message_verifier_serializer, instance_accessor: false, default: :marshal
+
     def initialize(secret, digest: nil, serializer: nil)
       raise ArgumentError, "Secret should not be nil." unless secret
       @secret = secret
       @digest = digest&.to_s || "SHA1"
-      @serializer = serializer || Marshal
+      @serializer = serializer ||
+        if @@default_message_verifier_serializer.equal?(:marshal)
+          Marshal
+        elsif @@default_message_verifier_serializer.equal?(:hybrid)
+          JsonWithMarshalFallback
+        elsif @@default_message_verifier_serializer.equal?(:json)
+          JSON
+        end
     end
 
     # Checks if a signed message could have been generated by signing an object

activesupport/lib/active_support/railtie.rb

@@ -167,6 +167,15 @@ class Railtie < Rails::Railtie # :nodoc:
       end
     end
 
+    initializer "active_support.set_default_message_verifier_serializer" do |app|
+      config.after_initialize do
+        unless app.config.active_support.default_message_verifier_serializer.nil?
+          ActiveSupport::MessageVerifier.default_message_verifier_serializer =
+            app.config.active_support.default_message_verifier_serializer
+        end
+      end
+    end
+
     initializer "active_support.set_marshal_serialization" do |app|
       config.after_initialize do
         unless app.config.active_support.use_marshal_serialization.nil?

activesupport/test/message_verifier_test.rb

@@ -19,7 +19,7 @@ def load(value)
 
   def setup
     @verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!")
-    @data = { some: "data", now: Time.utc(2010) }
+    @data = { "some" => "data", "now" => Time.utc(2010) }
     @secret = SecureRandom.random_bytes(32)
   end
 
@@ -70,38 +70,13 @@ def test_verify_with_parse_json_times
     ActiveSupport.parse_json_times, Time.zone = previous
   end
 
-  def test_raise_error_when_argument_class_is_not_loaded
-    # To generate the valid message below:
-    #
-    #   AutoloadClass = Struct.new(:foo)
-    #   valid_message = @verifier.generate(foo: AutoloadClass.new('foo'))
-    #
-    valid_message = "BAh7BjoIZm9vbzonTWVzc2FnZVZlcmlmaWVyVGVzdDo6QXV0b2xvYWRDbGFzcwY6CUBmb29JIghmb28GOgZFVA==--f3ef39a5241c365083770566dc7a9eb5d6ace914"
-    exception = assert_raise(ArgumentError, NameError) do
-      @verifier.verified(valid_message)
-    end
-    assert_includes ["uninitialized constant MessageVerifierTest::AutoloadClass",
-                    "undefined class/module MessageVerifierTest::AutoloadClass"], exception.message
-    exception = assert_raise(ArgumentError, NameError) do
-      @verifier.verify(valid_message)
-    end
-    assert_includes ["uninitialized constant MessageVerifierTest::AutoloadClass",
-                    "undefined class/module MessageVerifierTest::AutoloadClass"], exception.message
-  end
-
   def test_raise_error_when_secret_is_nil
     exception = assert_raise(ArgumentError) do
       ActiveSupport::MessageVerifier.new(nil)
     end
     assert_equal "Secret should not be nil.", exception.message
   end
 
-  def test_backward_compatibility_messages_signed_without_metadata
-    signed_message = "BAh7BzoJc29tZUkiCWRhdGEGOgZFVDoIbm93SXU6CVRpbWUNIIAbgAAAAAAHOgtvZmZzZXRpADoJem9uZUkiCFVUQwY7BkY=--d03c52c91dfe4ccc5159417c660461bcce005e96"
-    assert_equal @data, @verifier.verify(signed_message)
-  end
-
-
   def test_rotating_secret
     old_message = ActiveSupport::MessageVerifier.new("old", digest: "SHA1").generate("old")
 
@@ -124,6 +99,35 @@ def test_multiple_rotations
     assert_equal "older", verifier.verified(older_message)
   end
 
+  def test_rotations_with_metadata
+    old_message = ActiveSupport::MessageVerifier.new("old").generate("old", purpose: :rotation)
+
+    verifier = ActiveSupport::MessageVerifier.new(@secret)
+    verifier.rotate "old"
+
+    assert_equal "old", verifier.verified(old_message, purpose: :rotation)
+  end
+end
+
+class DefaultMarshalSerializerMessageVerifierTest < MessageVerifierTest
+  def setup
+    @default_verifier = ActiveSupport::MessageVerifier.default_message_verifier_serializer
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = :marshal
+
+    @verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!")
+    @data = { some: "data", now: Time.utc(2010) }
+    @secret = SecureRandom.random_bytes(32)
+  end
+
+  def teardown
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = @default_verifier
+  end
+
+  def test_backward_compatibility_messages_signed_without_metadata
+    signed_message = "BAh7BzoJc29tZUkiCWRhdGEGOgZFVDoIbm93SXU6CVRpbWUNIIAbgAAAAAAHOgtvZmZzZXRpADoJem9uZUkiCFVUQwY7BkY=--d03c52c91dfe4ccc5159417c660461bcce005e96"
+    assert_equal @data, @verifier.verify(signed_message)
+  end
+
   def test_on_rotation_is_called_and_verified_returns_message
     older_message = ActiveSupport::MessageVerifier.new("older", digest: "SHA1").generate({ encoded: "message" })
 
@@ -138,13 +142,127 @@ def test_on_rotation_is_called_and_verified_returns_message
     assert rotated
   end
 
-  def test_rotations_with_metadata
-    old_message = ActiveSupport::MessageVerifier.new("old").generate("old", purpose: :rotation)
+  def test_raise_error_when_argument_class_is_not_loaded
+    # To generate the valid message below:
+    #
+    #   AutoloadClass = Struct.new(:foo)
+    #   valid_message = @verifier.generate(foo: AutoloadClass.new('foo'))
+    #
+    valid_message = "BAh7BjoIZm9vbzonTWVzc2FnZVZlcmlmaWVyVGVzdDo6QXV0b2xvYWRDbGFzcwY6CUBmb29JIghmb28GOgZFVA==--f3ef39a5241c365083770566dc7a9eb5d6ace914"
+    exception = assert_raise(ArgumentError, NameError) do
+      @verifier.verified(valid_message)
+    end
+    assert_includes ["uninitialized constant MessageVerifierTest::AutoloadClass",
+                    "undefined class/module MessageVerifierTest::AutoloadClass"], exception.message
+    exception = assert_raise(ArgumentError, NameError) do
+      @verifier.verify(valid_message)
+    end
+    assert_includes ["uninitialized constant MessageVerifierTest::AutoloadClass",
+                    "undefined class/module MessageVerifierTest::AutoloadClass"], exception.message
+  end
+end
 
-    verifier = ActiveSupport::MessageVerifier.new(@secret)
-    verifier.rotate "old"
+class MarshalSerializeAndFallbackMessageVerifierTest < DefaultMarshalSerializerMessageVerifierTest
+  def setup
+    @default_verifier = ActiveSupport::MessageVerifier.default_message_verifier_serializer
+    @default_use_marshal = ActiveSupport::JsonWithMarshalFallback.use_marshal_serialization
+    @default_fallback = ActiveSupport::JsonWithMarshalFallback.fallback_to_marshal_deserialization
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = :hybrid
+    ActiveSupport::JsonWithMarshalFallback.use_marshal_serialization = true
+    ActiveSupport::JsonWithMarshalFallback.fallback_to_marshal_deserialization = true
 
-    assert_equal "old", verifier.verified(old_message, purpose: :rotation)
+    @verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!")
+    @data = { some: "data", now: Time.utc(2010) }
+    @secret = SecureRandom.random_bytes(32)
+  end
+
+  def teardown
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = @default_verifier
+    ActiveSupport::JsonWithMarshalFallback.use_marshal_serialization = @default_use_marshal
+    ActiveSupport::JsonWithMarshalFallback.fallback_to_marshal_deserialization = @default_fallback
+  end
+end
+
+class JsonSerializeMarshalFallbackMessageVerifierTest < MessageVerifierTest
+  def setup
+    @default_verifier = ActiveSupport::MessageVerifier.default_message_verifier_serializer
+    @default_use_marshal = ActiveSupport::JsonWithMarshalFallback.use_marshal_serialization
+    @default_fallback = ActiveSupport::JsonWithMarshalFallback.fallback_to_marshal_deserialization
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = :hybrid
+    ActiveSupport::JsonWithMarshalFallback.use_marshal_serialization = false
+    ActiveSupport::JsonWithMarshalFallback.fallback_to_marshal_deserialization = true
+
+    @verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!")
+    @data = { "some" => "data", "now" => Time.utc(2010) }
+    @secret = SecureRandom.random_bytes(32)
+  end
+
+  def teardown
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = @default_verifier
+    ActiveSupport::JsonWithMarshalFallback.use_marshal_serialization = @default_use_marshal
+    ActiveSupport::JsonWithMarshalFallback.fallback_to_marshal_deserialization = @default_fallback
+  end
+
+  def test_on_rotation_is_called_and_verified_returns_message
+    older_message = ActiveSupport::MessageVerifier.new("older", digest: "SHA1").generate({ encoded: "message" })
+
+    verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA512")
+    verifier.rotate "old",   digest: "SHA256"
+    verifier.rotate "older", digest: "SHA1"
+
+    rotated = false
+    message = verifier.verified(older_message, on_rotation: proc { rotated = true })
+
+    assert_equal({ "encoded" => "message" }, message)
+    assert rotated
+  end
+
+  def test_backward_compatibility_messages_signed_marshal_serialized
+    marshal_serialized_signed_message = "BAh7B0kiCXNvbWUGOgZFVEkiCWRhdGEGOwBUSSIIbm93BjsAVEl1OglUaW1lDSCAG8AAAAAABjoJem9uZUkiCFVUQwY7AEY=--ae7480422168507f4a8aec6b1d68bfdfd5c6ef48"
+    assert_equal @data, @verifier.verify(marshal_serialized_signed_message)
+  end
+end
+
+class JsonSerializeAndNoFallbackMessageVerifierTest < JsonSerializeMarshalFallbackMessageVerifierTest
+  def setup
+    @default_verifier = ActiveSupport::MessageVerifier.default_message_verifier_serializer
+    @default_use_marshal = ActiveSupport::JsonWithMarshalFallback.use_marshal_serialization
+    @default_fallback = ActiveSupport::JsonWithMarshalFallback.fallback_to_marshal_deserialization
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = :hybrid
+    ActiveSupport::JsonWithMarshalFallback.use_marshal_serialization = false
+    ActiveSupport::JsonWithMarshalFallback.fallback_to_marshal_deserialization = false
+
+    @verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!")
+    @data = { "some" => "data", "now" => Time.utc(2010) }
+    @secret = SecureRandom.random_bytes(32)
+  end
+
+  def teardown
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = @default_verifier
+    ActiveSupport::JsonWithMarshalFallback.use_marshal_serialization = @default_use_marshal
+    ActiveSupport::JsonWithMarshalFallback.fallback_to_marshal_deserialization = @default_fallback
+  end
+
+  def test_backward_compatibility_messages_signed_marshal_serialized
+    marshal_serialized_signed_message = "BAh7B0kiCXNvbWUGOgZFVEkiCWRhdGEGOwBUSSIIbm93BjsAVEl1OglUaW1lDSCAG8AAAAAABjoJem9uZUkiCFVUQwY7AEY=--ae7480422168507f4a8aec6b1d68bfdfd5c6ef48"
+    assert_raise(JSON::ParserError) do
+      @verifier.verify(marshal_serialized_signed_message)
+    end
+  end
+end
+
+class DefaultJsonSerializerMessageVerifierTest < JsonSerializeAndNoFallbackMessageVerifierTest
+  def setup
+    @default_verifier = ActiveSupport::MessageVerifier.default_message_verifier_serializer
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = :json
+
+    @verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!")
+    @data = { "some" => "data", "now" => Time.utc(2010) }
+    @secret = SecureRandom.random_bytes(32)
+  end
+
+  def teardown
+    ActiveSupport::MessageVerifier.default_message_verifier_serializer = @default_verifier
   end
 end
 
@@ -199,7 +317,22 @@ def verifier_options
     end
 end
 
-class MessageVerifierMetadataJSONTest < MessageVerifierMetadataTest
+class MessageVerifierMetadataJsonWithMarshalFallbackTest < MessageVerifierMetadataTest
+  private
+    def verifier_options
+      { serializer: ActiveSupport::JsonWithMarshalFallback }
+    end
+end
+
+class MessageVerifierMetadataJsonTest < MessageVerifierMetadataTest
+  private
+    def verifier_options
+      { serializer: JSON }
+    end
+end
+
+
+class MessageVerifierMetadataCustomJSONTest < MessageVerifierMetadataTest
   private
     def verifier_options
       { serializer: MessageVerifierTest::JSONSerializer.new }

guides/source/configuring.md

@@ -63,6 +63,7 @@ Below are the default values associated with each target version. In cases of co
 - [`config.action_dispatch.default_headers`](#config-action-dispatch-default-headers): `{ "X-Frame-Options" => "SAMEORIGIN", "X-XSS-Protection" => "0", "X-Content-Type-Options" => "nosniff", "X-Permitted-Cross-Domain-Policies" => "none", "Referrer-Policy" => "strict-origin-when-cross-origin" }`
 - [`config.add_autoload_paths_to_load_path`](#config-add-autoload-paths-to-load-path): `false`
 - [`config.active_support.default_message_encryptor_serializer`](#config-active-support-default-message-encryptor-serializer): `:json`
+- [`config.active_support.default_message_verifier_serializer`](#config-active-support-default-message-verifier-serializer): `:json`
 
 #### Default Values for Target Version 7.0
 
@@ -1909,6 +1910,19 @@ Used to help migrate apps from `Marshal` to `JSON` as the default serializer for
 
 Defaults to `true`.
 
+#### `config.active_support.default_message_verifier_serializer`
+
+Specifies what serializer the `MessageVerifier` class will use by default.
+
+Options are `:json`, `:hybrid`, and `:marshal`. `:hybrid` uses the `JsonWithMarshalFallback` class.
+
+The default value depends on the `config.load_defaults` target version:
+
+| Starting with version | The default value is |
+| --------------------- | -------------------- |
+| (original)            | `:marshal`           |
+| 7.1                   | `:json`              |
+
 ### Configuring Active Job
 
 `config.active_job` provides the following configuration options: