RubyGems - authlogic - Versions diffs - 5.1.0 → 5.2.0 - Mend

authlogic 5.1.0 → 5.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/authlogic/session/base.rb +44 -12
data/lib/authlogic/test_case/mock_cookie_jar.rb +35 -0
data/lib/authlogic/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 599fa6150e2129f6366ed5cee0db158d6e7152a523174c1df72cd28b4877bf07
-  data.tar.gz: 4bb06ac0d0d6d34ff7ced64861823c03920256df29961fd19ebd0ac820e04cd0
+  metadata.gz: c4ede36ceee21501805105c66349d58ba6c6d9d483d5fefc41b8d4cbd5189944
+  data.tar.gz: f323b446e8f8e2a722bb9d896249170596f64ebf8ff441b2740cb834c2b085b8
 SHA512:
-  metadata.gz: 35e71d8dc041a482b80127e36a0bd60296df1b472db130b481c843cccaa2969c946f936ca9e9faf2603de62c4dae1f20967fa0aa929e24429b7204b331761204
-  data.tar.gz: dcf067170c35323dd8159bef69e2053af0b9c4fee96d5886d0b00404dd63b8eafc44601799c6f1a4261f9680b231fd5c4fa05eb64121eea9cb20ad8433df256f
+  metadata.gz: 26cda51c7c8e2b5a8be9395ef13e3d39d9ee1c73429542d107bb229747b9a004800771a96b8f516e4f994c8926b1d0ef2fb1bf45e38102646451c48a3e4fb453
+  data.tar.gz: 971d54be27f18e12d8d7eafad90e50627098c689b34e047c0ddea4a96f82abf8c80e45766f49fdd82a9efb45fd3508ca312ee4b0cc0508d06a37887d45f9fcb0

data/lib/authlogic/session/base.rb CHANGED

@@ -961,6 +961,20 @@ module Authlogic
         end
         alias sign_cookie= sign_cookie
+        # Should the cookie be encrypted? If the controller adapter supports it, this is a
+        # measure to hide the contents of the cookie (e.g. persistence_token)
+        def encrypt_cookie(value = nil)
+          if value && !controller.cookies.respond_to?(:encrypted)
+            raise "Encrypted cookies not supported with #{controller.class}!"
+          end
+          if value && sign_cookie
+            raise "It is recommended to use encrypt_cookie instead of sign_cookie. " \
+                  "You may not enable both options."
+          end
+          rw_config(:encrypt_cookie, value, false)
+        end
+        alias_method :encrypt_cookie=, :encrypt_cookie
         # Works exactly like cookie_key, but for sessions. See cookie_key for more info.
         #
         # * <tt>Default:</tt> cookie_key
@@ -1480,6 +1494,23 @@ module Authlogic
         sign_cookie == true || sign_cookie == "true" || sign_cookie == "1"
       end
+      # If the cookie should be encrypted
+      def encrypt_cookie
+        return @encrypt_cookie if defined?(@encrypt_cookie)
+        @encrypt_cookie = self.class.encrypt_cookie
+      end
+      # Accepts a boolean as to whether the cookie should be encrypted.  If true
+      # the cookie will be saved in an encrypted state.
+      def encrypt_cookie=(value)
+        @encrypt_cookie = value
+      end
+      # See encrypt_cookie
+      def encrypt_cookie?
+        encrypt_cookie == true || encrypt_cookie == "true" || encrypt_cookie == "1"
+      end
       # The scope of the current object
       def scope
         @scope ||= {}
@@ -1623,7 +1654,9 @@ module Authlogic
       end
       def cookie_jar
-        if self.class.sign_cookie
+        if self.class.encrypt_cookie
+          controller.cookies.encrypted
+        elsif self.class.sign_cookie
           controller.cookies.signed
         else
           controller.cookies
@@ -1705,13 +1738,8 @@ module Authlogic
       # @api private
       def generate_cookie_for_saving
-        creds = ::Authlogic::CookieCredentials.new(
-          record.persistence_token,
-          record.send(record.class.primary_key),
-          remember_me? ? remember_me_until : nil
-        )
         {
-          value: creds.to_s,
+          value: generate_cookie_value.to_s,
           expires: remember_me_until,
           secure: secure,
           httponly: httponly,
@@ -1720,6 +1748,14 @@ module Authlogic
         }
       end
+      def generate_cookie_value
+        ::Authlogic::CookieCredentials.new(
+          record.persistence_token,
+          record.send(record.class.primary_key),
+          remember_me? ? remember_me_until : nil
+        )
+      end
       # Returns a Proc to be executed by
       # `ActionController::HttpAuthentication::Basic` when credentials are
       # present in the HTTP request.
@@ -1935,11 +1971,7 @@ module Authlogic
       end
       def save_cookie
-        if sign_cookie?
-          controller.cookies.signed[cookie_key] = generate_cookie_for_saving
-        else
-          controller.cookies[cookie_key] = generate_cookie_for_saving
-        end
+        cookie_jar[cookie_key] = generate_cookie_for_saving
       end
       # @api private

data/lib/authlogic/test_case/mock_cookie_jar.rb CHANGED

@@ -23,6 +23,10 @@ module Authlogic
       def signed
         @signed ||= MockSignedCookieJar.new(self)
       end
+      def encrypted
+        @encrypted ||= MockEncryptedCookieJar.new(self)
+      end
     end
     # A mock of `ActionDispatch::Cookies::SignedKeyRotatingCookieJar`
@@ -35,6 +39,7 @@ module Authlogic
       def initialize(parent_jar)
         @parent_jar = parent_jar
+        parent_jar.each { |k, v| self[k] = v }
       end
       def [](val)
@@ -51,5 +56,35 @@ module Authlogic
         @parent_jar[key] = options
       end
     end
+    class MockEncryptedCookieJar < MockCookieJar
+      attr_reader :parent_jar # helper for testing
+      def initialize(parent_jar)
+        @parent_jar = parent_jar
+        parent_jar.each { |k, v| self[k] = v }
+      end
+      def [](val)
+        encrypted_message = @parent_jar[val]
+        if encrypted_message
+          self.class.decrypt(encrypted_message)
+        end
+      end
+      def []=(key, options)
+        options[:value] = self.class.encrypt(options[:value])
+        @parent_jar[key] = options
+      end
+      # simple caesar cipher for testing
+      def self.encrypt(str)
+        str.unpack("U*").map(&:succ).pack("U*")
+      end
+      def self.decrypt(str)
+        str.unpack("U*").map(&:pred).pack("U*")
+      end
+    end
   end
 end

data/lib/authlogic/version.rb CHANGED

@@ -17,6 +17,6 @@ module Authlogic
   #
   # @api public
   def self.gem_version
-    ::Gem::Version.new("5.1.0")
+    ::Gem::Version.new("5.2.0")
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 5.1.0
+  version: 5.2.0
 platform: ruby
 authors:
 - Ben Johnson
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-24 00:00:00.000000000 Z
+date: 2020-05-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel