Struct actix_web::cookie::SignedJar

pub struct SignedJar<J> { /* private fields */ }

Available on crate feature cookies only.

A child cookie jar that authenticates its cookies.

A signed child jar signs all the cookies added to it and verifies cookies retrieved from it. Any cookies stored in a SignedJar are provided integrity and authenticity. In other words, clients cannot tamper with the contents of a cookie nor can they fabricate cookie values, but the data is visible in plaintext.

Implementations

impl<J> SignedJar<J>

pub fn verify(&self, cookie: Cookie<'static>) -> Option<Cookie<'static>>

Verifies the authenticity and integrity of cookie, returning the plaintext version if verification succeeds or None otherwise. Verification always succeeds if cookie was generated by a SignedJar with the same key as self.

Example

use cookie::{CookieJar, Cookie, Key};

let key = Key::generate();
let mut jar = CookieJar::new();
assert!(jar.signed(&key).get("name").is_none());

jar.signed_mut(&key).add(Cookie::new("name", "value"));
assert_eq!(jar.signed(&key).get("name").unwrap().value(), "value");

let plain = jar.get("name").cloned().unwrap();
assert_ne!(plain.value(), "value");
let verified = jar.signed(&key).verify(plain).unwrap();
assert_eq!(verified.value(), "value");

let plain = Cookie::new("plaintext", "hello");
assert!(jar.signed(&key).verify(plain).is_none());

impl<J> SignedJar<J>

where J: Borrow<CookieJar>,

pub fn get(&self, name: &str) -> Option<Cookie<'static>>

Returns a reference to the Cookie inside this jar with the name name and verifies the authenticity and integrity of the cookie’s value, returning a Cookie with the authenticated value. If the cookie cannot be found, or the cookie fails to verify, None is returned.

Example

use cookie::{CookieJar, Cookie, Key};

let key = Key::generate();
let jar = CookieJar::new();
assert!(jar.signed(&key).get("name").is_none());

let mut jar = jar;
let mut signed_jar = jar.signed_mut(&key);
signed_jar.add(Cookie::new("name", "value"));
assert_eq!(signed_jar.get("name").unwrap().value(), "value");

impl<J> SignedJar<J>

where J: BorrowMut<CookieJar>,

pub fn add(&mut self, cookie: Cookie<'static>)

Adds cookie to the parent jar. The cookie’s value is signed assuring integrity and authenticity.

Example

use cookie::{CookieJar, Cookie, Key};

let key = Key::generate();
let mut jar = CookieJar::new();
jar.signed_mut(&key).add(Cookie::new("name", "value"));

assert_ne!(jar.get("name").unwrap().value(), "value");
assert!(jar.get("name").unwrap().value().contains("value"));
assert_eq!(jar.signed(&key).get("name").unwrap().value(), "value");

pub fn add_original(&mut self, cookie: Cookie<'static>)

Adds an “original” cookie to this jar. The cookie’s value is signed assuring integrity and authenticity. Adding an original cookie does not affect the CookieJar::delta() computation. This method is intended to be used to seed the cookie jar with cookies received from a client’s HTTP message.

For accurate delta computations, this method should not be called after calling remove.

Example

use cookie::{CookieJar, Cookie, Key};

let key = Key::generate();
let mut jar = CookieJar::new();
jar.signed_mut(&key).add_original(Cookie::new("name", "value"));

assert_eq!(jar.iter().count(), 1);
assert_eq!(jar.delta().count(), 0);

pub fn remove(&mut self, cookie: Cookie<'static>)

Removes cookie from the parent jar.

For correct removal, the passed in cookie must contain the same path and domain as the cookie that was initially set.

This is identical to CookieJar::remove(). See the method’s documentation for more details.

Example

use cookie::{CookieJar, Cookie, Key};

let key = Key::generate();
let mut jar = CookieJar::new();
let mut signed_jar = jar.signed_mut(&key);

signed_jar.add(Cookie::new("name", "value"));
assert!(signed_jar.get("name").is_some());

signed_jar.remove(Cookie::named("name"));
assert!(signed_jar.get("name").is_none());