activerecord-session_store 2.0.0 → 2.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +12 -6
  3. data/lib/action_dispatch/session/active_record_store.rb +6 -6
  4. data/lib/active_record/session_store/version.rb +1 -1
  5. metadata +26 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e3618fed7f080158309e682f1906af4d056b65fdbf687c7f562677cecaf17d05
4
- data.tar.gz: 314cfae6877c80c6d73512f082765f083b733fcb5eb532b490b89033f37fd3aa
3
+ metadata.gz: 6bb05b1423773abedfd835936febc52ab7db2ac6e501d12ef04caeafebc8f803
4
+ data.tar.gz: 021ef3c3a9dbb1d778ebfbd6afc71f2b1826f5d3589571afadf6936dd5e8ed5b
5
5
  SHA512:
6
- metadata.gz: cd976a3e033d38632598f9ab5f47eee88c9e72fd624c470f385976361eba83b58e9b0e44241a7ce994f76b79ed3b71f142ce0d6547b10a04d5af4ed75812596d
7
- data.tar.gz: 273a6fbec6eb0a9426d66963ee8008f91281a454fa8722d52a1f1179c1f39c68bf6a37e25ecd5db2c2031a8f344c5375121d52c8fc02fb3595654b1015057178
6
+ metadata.gz: ed3984c27305ead605fd3e4a9fd3855fb3005efca57035c80f208df06ce2180da4bc241a76d4821e8a80702e085795f0821988648b1d0065aa449d59a5a98d1e
7
+ data.tar.gz: d55b4b6ff073360a3770fb4097e6a4c009a0ed186364cff2de69ba61af4dc9f7c57009fa7ca149af7cda5802a5e924ca962d6af185d5f64ef391ed68414fe576
data/README.md CHANGED
@@ -38,7 +38,7 @@ been updated in the last 30 days. The 30 days cutoff can be changed using the
38
38
  Configuration
39
39
  --------------
40
40
 
41
- The default assumes a `sessions` tables with columns:
41
+ The default assumes a `sessions` table with columns:
42
42
 
43
43
  * `id` (numeric primary key),
44
44
  * `session_id` (string, usually varchar; maximum length is 255), and
@@ -79,7 +79,7 @@ for free if you add `created_at` and `updated_at` datetime columns to
79
79
  the `sessions` table, making periodic session expiration a snap.
80
80
 
81
81
  You may provide your own session class implementation, whether a
82
- feature-packed Active Record or a bare-metal high-performance SQL
82
+ feature-packed Active Record, or a bare-metal high-performance SQL
83
83
  store, by setting
84
84
 
85
85
  ```ruby
@@ -99,17 +99,23 @@ The example SqlBypass class is a generic SQL session store. You may
99
99
  use it as a basis for high-performance database-specific stores.
100
100
 
101
101
  Please note that you will need to manually include the silencer module to your
102
- custom logger if you are using a logger other than `Logger` and `Syslog::Logger`
103
- and their subclasses:
102
+ custom logger if you are using a logger other than `ActiveSupport::Logger` and
103
+ its subclasses:
104
104
 
105
105
  ```ruby
106
- MyLogger.send :include, ActiveRecord::SessionStore::Extension::LoggerSilencer
106
+ MyLogger.include ActiveSupport::LoggerSilence
107
+ ```
108
+
109
+ Or if you are using Rails 5.2 or older:
110
+
111
+ ```ruby
112
+ MyLogger.include ::LoggerSilence
107
113
  ```
108
114
 
109
115
  This silencer is being used to silence the logger and not leaking private
110
116
  information into the log, and it is required for security reason.
111
117
 
112
- CVE-2015-9284 mitigation
118
+ CVE-2019-25025 mitigation
113
119
  --------------
114
120
 
115
121
  Sessions that were created by Active Record Session Store version 1.x are
data/lib/action_dispatch/session/active_record_store.rb CHANGED
@@ -55,7 +55,7 @@ module ActionDispatch
55
55
  class ActiveRecordStore < ActionDispatch::Session::AbstractSecureStore
56
56
  # The class used for session storage. Defaults to
57
57
  # ActiveRecord::SessionStore::Session
58
- cattr_accessor :session_class
58
+ class_attribute :session_class
59
59
 
60
60
  SESSION_RECORD_KEY = 'rack.session.record'
61
61
  ENV_SESSION_OPTIONS_KEY = Rack::RACK_SESSION_OPTIONS
@@ -67,7 +67,7 @@ module ActionDispatch
67
67
  # If the sid was nil or if there is no pre-existing session under the sid,
68
68
  # force the generation of a new sid and associate a new session associated with the new sid
69
69
  sid = generate_sid
70
- session = @@session_class.new(:session_id => sid.private_id, :data => {})
70
+ session = session_class.new(:session_id => sid.private_id, :data => {})
71
71
  end
72
72
  request.env[SESSION_RECORD_KEY] = session
73
73
  [sid, session.data]
@@ -106,7 +106,7 @@ module ActionDispatch
106
106
  new_sid = generate_sid
107
107
 
108
108
  if options[:renew]
109
- new_model = @@session_class.new(:session_id => new_sid.private_id, :data => data)
109
+ new_model = session_class.new(:session_id => new_sid.private_id, :data => data)
110
110
  new_model.save
111
111
  request.env[SESSION_RECORD_KEY] = new_model
112
112
  end
@@ -120,7 +120,7 @@ module ActionDispatch
120
120
  model = get_session_with_fallback(id)
121
121
  unless model
122
122
  id = generate_sid
123
- model = @@session_class.new(:session_id => id.private_id, :data => {})
123
+ model = session_class.new(:session_id => id.private_id, :data => {})
124
124
  model.save
125
125
  end
126
126
  if request.env[ENV_SESSION_OPTIONS_KEY][:id].nil?
@@ -134,9 +134,9 @@ module ActionDispatch
134
134
 
135
135
  def get_session_with_fallback(sid)
136
136
  if sid && !self.class.private_session_id?(sid.public_id)
137
- if (secure_session = @@session_class.find_by_session_id(sid.private_id))
137
+ if (secure_session = session_class.find_by_session_id(sid.private_id))
138
138
  secure_session
139
- elsif (insecure_session = @@session_class.find_by_session_id(sid.public_id))
139
+ elsif (insecure_session = session_class.find_by_session_id(sid.public_id))
140
140
  insecure_session.session_id = sid.private_id # this causes the session to be secured
141
141
  insecure_session
142
142
  end
data/lib/active_record/session_store/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module ActiveRecord
2
2
  module SessionStore
3
- VERSION = "2.0.0".freeze
3
+ VERSION = "2.1.0".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord-session_store
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-10 00:00:00.000000000 Z
11
+ date: 2023-08-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord
@@ -16,42 +16,42 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 5.2.4.1
19
+ version: '6.1'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 5.2.4.1
26
+ version: '6.1'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: actionpack
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: 5.2.4.1
33
+ version: '6.1'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: 5.2.4.1
40
+ version: '6.1'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: railties
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: 5.2.4.1
47
+ version: '6.1'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
- version: 5.2.4.1
54
+ version: '6.1'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rack
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -61,7 +61,7 @@ dependencies:
61
61
  version: 2.0.8
62
62
  - - "<"
63
63
  - !ruby/object:Gem::Version
64
- version: '3'
64
+ version: '4'
65
65
  type: :runtime
66
66
  prerelease: false
67
67
  version_requirements: !ruby/object:Gem::Requirement
@@ -71,7 +71,7 @@ dependencies:
71
71
  version: 2.0.8
72
72
  - - "<"
73
73
  - !ruby/object:Gem::Version
74
- version: '3'
74
+ version: '4'
75
75
  - !ruby/object:Gem::Dependency
76
76
  name: multi_json
77
77
  requirement: !ruby/object:Gem::Requirement
@@ -92,6 +92,20 @@ dependencies:
92
92
  - - ">="
93
93
  - !ruby/object:Gem::Version
94
94
  version: 1.11.2
95
+ - !ruby/object:Gem::Dependency
96
+ name: cgi
97
+ requirement: !ruby/object:Gem::Requirement
98
+ requirements:
99
+ - - ">="
100
+ - !ruby/object:Gem::Version
101
+ version: 0.3.6
102
+ type: :runtime
103
+ prerelease: false
104
+ version_requirements: !ruby/object:Gem::Requirement
105
+ requirements:
106
+ - - ">="
107
+ - !ruby/object:Gem::Version
108
+ version: 0.3.6
95
109
  - !ruby/object:Gem::Dependency
96
110
  name: sqlite3
97
111
  requirement: !ruby/object:Gem::Requirement
@@ -139,14 +153,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
139
153
  requirements:
140
154
  - - ">="
141
155
  - !ruby/object:Gem::Version
142
- version: 2.2.2
156
+ version: 2.5.0
143
157
  required_rubygems_version: !ruby/object:Gem::Requirement
144
158
  requirements:
145
159
  - - ">="
146
160
  - !ruby/object:Gem::Version
147
161
  version: '0'
148
162
  requirements: []
149
- rubygems_version: 3.1.4
163
+ rubygems_version: 3.3.7
150
164
  signing_key:
151
165
  specification_version: 4
152
166
  summary: An Action Dispatch session store backed by an Active Record class.