instance method `valid_message?`

Ruby on Rails 6.0.6

Since v5.2.8.1

Available in: v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2

Compare with:

valid_message?(signed_message)

Checks if a signed message could have been generated by signing an object with the MessageVerifier‘s secret.

verifier = ActiveSupport::MessageVerifier.new 's3Krit'
signed_message = verifier.generate 'a private message'
verifier.valid_message?(signed_message) # => true

tampered_message = signed_message.chop # editing the message invalidates the signature
verifier.valid_message?(tampered_message) # => false

Parameters

signed_message req

Source

# File activesupport/lib/active_support/message_verifier.rb, line 122
    def valid_message?(signed_message)
      return if signed_message.nil? || !signed_message.valid_encoding? || signed_message.blank?

      data, digest = signed_message.split("--")
      data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data))
    end

Defined in activesupport/lib/active_support/message_verifier.rb line 122 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveSupport::MessageVerifier

Signature

Parameters