activerecord-session_store 2.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +12 -6
- data/lib/action_dispatch/session/active_record_store.rb +6 -6
- data/lib/active_record/session_store/version.rb +1 -1
- metadata +26 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6bb05b1423773abedfd835936febc52ab7db2ac6e501d12ef04caeafebc8f803
|
|
4
|
+
data.tar.gz: 021ef3c3a9dbb1d778ebfbd6afc71f2b1826f5d3589571afadf6936dd5e8ed5b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ed3984c27305ead605fd3e4a9fd3855fb3005efca57035c80f208df06ce2180da4bc241a76d4821e8a80702e085795f0821988648b1d0065aa449d59a5a98d1e
|
|
7
|
+
data.tar.gz: d55b4b6ff073360a3770fb4097e6a4c009a0ed186364cff2de69ba61af4dc9f7c57009fa7ca149af7cda5802a5e924ca962d6af185d5f64ef391ed68414fe576
|
data/README.md
CHANGED
|
@@ -38,7 +38,7 @@ been updated in the last 30 days. The 30 days cutoff can be changed using the
|
|
|
38
38
|
Configuration
|
|
39
39
|
--------------
|
|
40
40
|
|
|
41
|
-
The default assumes a `sessions`
|
|
41
|
+
The default assumes a `sessions` table with columns:
|
|
42
42
|
|
|
43
43
|
* `id` (numeric primary key),
|
|
44
44
|
* `session_id` (string, usually varchar; maximum length is 255), and
|
|
@@ -79,7 +79,7 @@ for free if you add `created_at` and `updated_at` datetime columns to
|
|
|
79
79
|
the `sessions` table, making periodic session expiration a snap.
|
|
80
80
|
|
|
81
81
|
You may provide your own session class implementation, whether a
|
|
82
|
-
feature-packed Active Record or a bare-metal high-performance SQL
|
|
82
|
+
feature-packed Active Record, or a bare-metal high-performance SQL
|
|
83
83
|
store, by setting
|
|
84
84
|
|
|
85
85
|
```ruby
|
|
@@ -99,17 +99,23 @@ The example SqlBypass class is a generic SQL session store. You may
|
|
|
99
99
|
use it as a basis for high-performance database-specific stores.
|
|
100
100
|
|
|
101
101
|
Please note that you will need to manually include the silencer module to your
|
|
102
|
-
custom logger if you are using a logger other than `Logger` and
|
|
103
|
-
|
|
102
|
+
custom logger if you are using a logger other than `ActiveSupport::Logger` and
|
|
103
|
+
its subclasses:
|
|
104
104
|
|
|
105
105
|
```ruby
|
|
106
|
-
MyLogger.
|
|
106
|
+
MyLogger.include ActiveSupport::LoggerSilence
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
Or if you are using Rails 5.2 or older:
|
|
110
|
+
|
|
111
|
+
```ruby
|
|
112
|
+
MyLogger.include ::LoggerSilence
|
|
107
113
|
```
|
|
108
114
|
|
|
109
115
|
This silencer is being used to silence the logger and not leaking private
|
|
110
116
|
information into the log, and it is required for security reason.
|
|
111
117
|
|
|
112
|
-
CVE-
|
|
118
|
+
CVE-2019-25025 mitigation
|
|
113
119
|
--------------
|
|
114
120
|
|
|
115
121
|
Sessions that were created by Active Record Session Store version 1.x are
|
|
@@ -55,7 +55,7 @@ module ActionDispatch
|
|
|
55
55
|
class ActiveRecordStore < ActionDispatch::Session::AbstractSecureStore
|
|
56
56
|
# The class used for session storage. Defaults to
|
|
57
57
|
# ActiveRecord::SessionStore::Session
|
|
58
|
-
|
|
58
|
+
class_attribute :session_class
|
|
59
59
|
|
|
60
60
|
SESSION_RECORD_KEY = 'rack.session.record'
|
|
61
61
|
ENV_SESSION_OPTIONS_KEY = Rack::RACK_SESSION_OPTIONS
|
|
@@ -67,7 +67,7 @@ module ActionDispatch
|
|
|
67
67
|
# If the sid was nil or if there is no pre-existing session under the sid,
|
|
68
68
|
# force the generation of a new sid and associate a new session associated with the new sid
|
|
69
69
|
sid = generate_sid
|
|
70
|
-
session =
|
|
70
|
+
session = session_class.new(:session_id => sid.private_id, :data => {})
|
|
71
71
|
end
|
|
72
72
|
request.env[SESSION_RECORD_KEY] = session
|
|
73
73
|
[sid, session.data]
|
|
@@ -106,7 +106,7 @@ module ActionDispatch
|
|
|
106
106
|
new_sid = generate_sid
|
|
107
107
|
|
|
108
108
|
if options[:renew]
|
|
109
|
-
new_model =
|
|
109
|
+
new_model = session_class.new(:session_id => new_sid.private_id, :data => data)
|
|
110
110
|
new_model.save
|
|
111
111
|
request.env[SESSION_RECORD_KEY] = new_model
|
|
112
112
|
end
|
|
@@ -120,7 +120,7 @@ module ActionDispatch
|
|
|
120
120
|
model = get_session_with_fallback(id)
|
|
121
121
|
unless model
|
|
122
122
|
id = generate_sid
|
|
123
|
-
model =
|
|
123
|
+
model = session_class.new(:session_id => id.private_id, :data => {})
|
|
124
124
|
model.save
|
|
125
125
|
end
|
|
126
126
|
if request.env[ENV_SESSION_OPTIONS_KEY][:id].nil?
|
|
@@ -134,9 +134,9 @@ module ActionDispatch
|
|
|
134
134
|
|
|
135
135
|
def get_session_with_fallback(sid)
|
|
136
136
|
if sid && !self.class.private_session_id?(sid.public_id)
|
|
137
|
-
if (secure_session =
|
|
137
|
+
if (secure_session = session_class.find_by_session_id(sid.private_id))
|
|
138
138
|
secure_session
|
|
139
|
-
elsif (insecure_session =
|
|
139
|
+
elsif (insecure_session = session_class.find_by_session_id(sid.public_id))
|
|
140
140
|
insecure_session.session_id = sid.private_id # this causes the session to be secured
|
|
141
141
|
insecure_session
|
|
142
142
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activerecord-session_store
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-08-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|
|
@@ -16,42 +16,42 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: '6.1'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: '6.1'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: actionpack
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: '6.1'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: '6.1'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: railties
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
47
|
+
version: '6.1'
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
54
|
+
version: '6.1'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rack
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -61,7 +61,7 @@ dependencies:
|
|
|
61
61
|
version: 2.0.8
|
|
62
62
|
- - "<"
|
|
63
63
|
- !ruby/object:Gem::Version
|
|
64
|
-
version: '
|
|
64
|
+
version: '4'
|
|
65
65
|
type: :runtime
|
|
66
66
|
prerelease: false
|
|
67
67
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -71,7 +71,7 @@ dependencies:
|
|
|
71
71
|
version: 2.0.8
|
|
72
72
|
- - "<"
|
|
73
73
|
- !ruby/object:Gem::Version
|
|
74
|
-
version: '
|
|
74
|
+
version: '4'
|
|
75
75
|
- !ruby/object:Gem::Dependency
|
|
76
76
|
name: multi_json
|
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -92,6 +92,20 @@ dependencies:
|
|
|
92
92
|
- - ">="
|
|
93
93
|
- !ruby/object:Gem::Version
|
|
94
94
|
version: 1.11.2
|
|
95
|
+
- !ruby/object:Gem::Dependency
|
|
96
|
+
name: cgi
|
|
97
|
+
requirement: !ruby/object:Gem::Requirement
|
|
98
|
+
requirements:
|
|
99
|
+
- - ">="
|
|
100
|
+
- !ruby/object:Gem::Version
|
|
101
|
+
version: 0.3.6
|
|
102
|
+
type: :runtime
|
|
103
|
+
prerelease: false
|
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
+
requirements:
|
|
106
|
+
- - ">="
|
|
107
|
+
- !ruby/object:Gem::Version
|
|
108
|
+
version: 0.3.6
|
|
95
109
|
- !ruby/object:Gem::Dependency
|
|
96
110
|
name: sqlite3
|
|
97
111
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -139,14 +153,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
139
153
|
requirements:
|
|
140
154
|
- - ">="
|
|
141
155
|
- !ruby/object:Gem::Version
|
|
142
|
-
version: 2.
|
|
156
|
+
version: 2.5.0
|
|
143
157
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
144
158
|
requirements:
|
|
145
159
|
- - ">="
|
|
146
160
|
- !ruby/object:Gem::Version
|
|
147
161
|
version: '0'
|
|
148
162
|
requirements: []
|
|
149
|
-
rubygems_version: 3.
|
|
163
|
+
rubygems_version: 3.3.7
|
|
150
164
|
signing_key:
|
|
151
165
|
specification_version: 4
|
|
152
166
|
summary: An Action Dispatch session store backed by an Active Record class.
|