authlogic 4.4.2 → 4.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +11 -1
- data/Gemfile +1 -1
- data/README.md +1 -1
- data/gemfiles/Gemfile.rails-4.2.x +1 -1
- data/gemfiles/Gemfile.rails-5.1.x +1 -1
- data/gemfiles/Gemfile.rails-5.2.x +1 -1
- data/lib/authlogic/session/cookies.rb +46 -13
- data/lib/authlogic/test_case/mock_cookie_jar.rb +35 -0
- data/lib/authlogic/version.rb +1 -1
- data/test/session_test/cookies_test.rb +16 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 2ddee07d72769ceaa9ba7e1cb47f8f4642df0ab981de7bac607f69796c9d0d6f
|
|
4
|
+
data.tar.gz: b1ee15e2637cf3379e6c24b1dda35abcf05527fb848c0d73ed25cf64633cf5fb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e9f6bab4ddc5418fc74229a12912ef3411cf6252f8c9b22f88343ee9d8241bf7b3f4b82b159ea1375b1f69c107ebfb37cefb8503d8ba8971f9446994f21016dd
|
|
7
|
+
data.tar.gz: b8da5a086e0bb4b9047d16dda29877a2ddd5c791a2fa7998d1ffbd1d56dec04cb78026525070d008f05b7267e2a16c49810e688131c725b625499ecda53af0cf
|
data/CHANGELOG.md
CHANGED
|
@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
|
6
6
|
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
-
## 5.0.0
|
|
8
|
+
## [5.0.0](https://github.com/binarylogic/authlogic/blob/5-0-stable/CHANGELOG.md)
|
|
9
9
|
|
|
10
10
|
* Breaking Changes
|
|
11
11
|
* Drop AES256 crypto provider, deprecated in 4.2.0
|
|
@@ -16,6 +16,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
16
16
|
* Fixed
|
|
17
17
|
* None
|
|
18
18
|
|
|
19
|
+
## 4.4.3 (2019-03-23)
|
|
20
|
+
|
|
21
|
+
* Breaking Changes
|
|
22
|
+
* None
|
|
23
|
+
* Added
|
|
24
|
+
* [#660](https://github.com/binarylogic/authlogic/pull/660) -
|
|
25
|
+
Authlogic::Session::Cookies.encrypt_cookie option
|
|
26
|
+
* Fixed
|
|
27
|
+
* Restrict sqlite3 version so tests can run normally
|
|
28
|
+
|
|
19
29
|
## 4.4.2 (2018-09-23)
|
|
20
30
|
|
|
21
31
|
* Breaking Changes
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -15,7 +15,7 @@ A clean, simple, and unobtrusive ruby authentication solution.
|
|
|
15
15
|
| Version | Documentation |
|
|
16
16
|
| ----------- | ------------- |
|
|
17
17
|
| Unreleased | https://github.com/binarylogic/authlogic/blob/master/README.md |
|
|
18
|
-
| 4.4.
|
|
18
|
+
| 4.4.3 | https://github.com/binarylogic/authlogic/blob/v4.4.3/README.md |
|
|
19
19
|
| 3.7.0 | https://github.com/binarylogic/authlogic/blob/v3.7.0/README.md |
|
|
20
20
|
| 2.1.11 | https://github.com/binarylogic/authlogic/blob/v2.1.11/README.rdoc |
|
|
21
21
|
| 1.4.3 | https://github.com/binarylogic/authlogic/blob/v1.4.3/README.rdoc |
|
|
@@ -96,6 +96,20 @@ module Authlogic
|
|
|
96
96
|
rw_config(:sign_cookie, value, false)
|
|
97
97
|
end
|
|
98
98
|
alias_method :sign_cookie=, :sign_cookie
|
|
99
|
+
|
|
100
|
+
# Should the cookie be encrypted? If the controller adapter supports it, this is a
|
|
101
|
+
# measure to hide the contents of the cookie (e.g. persistence_token)"
|
|
102
|
+
def encrypt_cookie(value = nil)
|
|
103
|
+
if value && !controller.cookies.respond_to?(:encrypted)
|
|
104
|
+
raise "Encrypted cookies not supported with #{controller.class}!"
|
|
105
|
+
end
|
|
106
|
+
if value && sign_cookie
|
|
107
|
+
raise "It is recommended to use encrypt_cookie instead of sign_cookie. " \
|
|
108
|
+
"You may not enable both options."
|
|
109
|
+
end
|
|
110
|
+
rw_config(:encrypt_cookie, value, false)
|
|
111
|
+
end
|
|
112
|
+
alias_method :encrypt_cookie=, :encrypt_cookie
|
|
99
113
|
end
|
|
100
114
|
|
|
101
115
|
# The methods available for an Authlogic::Session::Base object that make up the
|
|
@@ -220,6 +234,23 @@ module Authlogic
|
|
|
220
234
|
sign_cookie == true || sign_cookie == "true" || sign_cookie == "1"
|
|
221
235
|
end
|
|
222
236
|
|
|
237
|
+
# If the cookie should be encrypted
|
|
238
|
+
def encrypt_cookie
|
|
239
|
+
return @encrypt_cookie if defined?(@encrypt_cookie)
|
|
240
|
+
@encrypt_cookie = self.class.encrypt_cookie
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
# Accepts a boolean as to whether the cookie should be encrypted. If true
|
|
244
|
+
# the cookie will be saved in an encrypted state.
|
|
245
|
+
def encrypt_cookie=(value)
|
|
246
|
+
@encrypt_cookie = value
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
# See encrypt_cookie
|
|
250
|
+
def encrypt_cookie?
|
|
251
|
+
encrypt_cookie == true || encrypt_cookie == "true" || encrypt_cookie == "1"
|
|
252
|
+
end
|
|
253
|
+
|
|
223
254
|
private
|
|
224
255
|
|
|
225
256
|
def cookie_key
|
|
@@ -241,7 +272,9 @@ module Authlogic
|
|
|
241
272
|
end
|
|
242
273
|
|
|
243
274
|
def cookie_jar
|
|
244
|
-
if self.class.
|
|
275
|
+
if self.class.encrypt_cookie
|
|
276
|
+
controller.cookies.encrypted
|
|
277
|
+
elsif self.class.sign_cookie
|
|
245
278
|
controller.cookies.signed
|
|
246
279
|
else
|
|
247
280
|
controller.cookies
|
|
@@ -263,22 +296,13 @@ module Authlogic
|
|
|
263
296
|
end
|
|
264
297
|
|
|
265
298
|
def save_cookie
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
else
|
|
269
|
-
controller.cookies[cookie_key] = generate_cookie_for_saving
|
|
270
|
-
end
|
|
299
|
+
cookie_jar[cookie_key] = generate_cookie_for_saving
|
|
300
|
+
true
|
|
271
301
|
end
|
|
272
302
|
|
|
273
303
|
def generate_cookie_for_saving
|
|
274
|
-
value = format(
|
|
275
|
-
"%s::%s%s",
|
|
276
|
-
record.persistence_token,
|
|
277
|
-
record.send(record.class.primary_key),
|
|
278
|
-
remember_me? ? "::#{remember_me_until.iso8601}" : ""
|
|
279
|
-
)
|
|
280
304
|
{
|
|
281
|
-
value:
|
|
305
|
+
value: generate_cookie_value,
|
|
282
306
|
expires: remember_me_until,
|
|
283
307
|
secure: secure,
|
|
284
308
|
httponly: httponly,
|
|
@@ -287,6 +311,15 @@ module Authlogic
|
|
|
287
311
|
}
|
|
288
312
|
end
|
|
289
313
|
|
|
314
|
+
def generate_cookie_value
|
|
315
|
+
format(
|
|
316
|
+
"%s::%s%s",
|
|
317
|
+
record.persistence_token.to_s,
|
|
318
|
+
record.send(record.class.primary_key).to_s,
|
|
319
|
+
remember_me? ? "::#{remember_me_until.iso8601}" : ""
|
|
320
|
+
)
|
|
321
|
+
end
|
|
322
|
+
|
|
290
323
|
def destroy_cookie
|
|
291
324
|
controller.cookies.delete cookie_key, domain: controller.cookie_domain
|
|
292
325
|
end
|
|
@@ -21,6 +21,10 @@ module Authlogic
|
|
|
21
21
|
def signed
|
|
22
22
|
@signed ||= MockSignedCookieJar.new(self)
|
|
23
23
|
end
|
|
24
|
+
|
|
25
|
+
def encrypted
|
|
26
|
+
@encrypted ||= MockEncryptedCookieJar.new(self)
|
|
27
|
+
end
|
|
24
28
|
end
|
|
25
29
|
|
|
26
30
|
class MockSignedCookieJar < MockCookieJar
|
|
@@ -28,6 +32,7 @@ module Authlogic
|
|
|
28
32
|
|
|
29
33
|
def initialize(parent_jar)
|
|
30
34
|
@parent_jar = parent_jar
|
|
35
|
+
parent_jar.each { |k, v| self[k] = v }
|
|
31
36
|
end
|
|
32
37
|
|
|
33
38
|
def [](val)
|
|
@@ -44,5 +49,35 @@ module Authlogic
|
|
|
44
49
|
@parent_jar[key] = options
|
|
45
50
|
end
|
|
46
51
|
end
|
|
52
|
+
|
|
53
|
+
class MockEncryptedCookieJar < MockCookieJar
|
|
54
|
+
attr_reader :parent_jar # helper for testing
|
|
55
|
+
|
|
56
|
+
def initialize(parent_jar)
|
|
57
|
+
@parent_jar = parent_jar
|
|
58
|
+
parent_jar.each { |k, v| self[k] = v }
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def [](val)
|
|
62
|
+
encrypted_message = @parent_jar[val]
|
|
63
|
+
if encrypted_message
|
|
64
|
+
self.class.decrypt(encrypted_message)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def []=(key, options)
|
|
69
|
+
options[:value] = self.class.encrypt(options[:value])
|
|
70
|
+
@parent_jar[key] = options
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
# simple caesar cipher for testing
|
|
74
|
+
def self.encrypt(str)
|
|
75
|
+
str.unpack("U*").map(&:succ).pack("U*")
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def self.decrypt(str)
|
|
79
|
+
str.unpack("U*").map(&:pred).pack("U*")
|
|
80
|
+
end
|
|
81
|
+
end
|
|
47
82
|
end
|
|
48
83
|
end
|
data/lib/authlogic/version.rb
CHANGED
|
@@ -174,6 +174,22 @@ module SessionTest
|
|
|
174
174
|
)
|
|
175
175
|
end
|
|
176
176
|
|
|
177
|
+
def test_after_save_save_cookie_encrypted
|
|
178
|
+
ben = users(:ben)
|
|
179
|
+
|
|
180
|
+
assert_nil controller.cookies["user_credentials"]
|
|
181
|
+
payload = "#{ben.persistence_token}::#{ben.id}"
|
|
182
|
+
|
|
183
|
+
session = UserSession.new(ben)
|
|
184
|
+
session.encrypt_cookie = true
|
|
185
|
+
assert session.save
|
|
186
|
+
assert_equal payload, controller.cookies.encrypted["user_credentials"]
|
|
187
|
+
assert_equal(
|
|
188
|
+
Authlogic::TestCase::MockEncryptedCookieJar.encrypt(payload),
|
|
189
|
+
controller.cookies.encrypted.parent_jar["user_credentials"]
|
|
190
|
+
)
|
|
191
|
+
end
|
|
192
|
+
|
|
177
193
|
def test_after_save_save_cookie_signed
|
|
178
194
|
ben = users(:ben)
|
|
179
195
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authlogic
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.4.
|
|
4
|
+
version: 4.4.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Johnson
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2019-03-24 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activerecord
|
|
@@ -327,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
327
327
|
version: '0'
|
|
328
328
|
requirements: []
|
|
329
329
|
rubyforge_project:
|
|
330
|
-
rubygems_version: 2.
|
|
330
|
+
rubygems_version: 2.7.6
|
|
331
331
|
signing_key:
|
|
332
332
|
specification_version: 4
|
|
333
333
|
summary: A clean, simple, and unobtrusive ruby authentication solution.
|