authlogic 5.1.0 → 5.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 599fa6150e2129f6366ed5cee0db158d6e7152a523174c1df72cd28b4877bf07
-  data.tar.gz: 4bb06ac0d0d6d34ff7ced64861823c03920256df29961fd19ebd0ac820e04cd0
+  metadata.gz: c4ede36ceee21501805105c66349d58ba6c6d9d483d5fefc41b8d4cbd5189944
+  data.tar.gz: f323b446e8f8e2a722bb9d896249170596f64ebf8ff441b2740cb834c2b085b8
 SHA512:
-  metadata.gz: 35e71d8dc041a482b80127e36a0bd60296df1b472db130b481c843cccaa2969c946f936ca9e9faf2603de62c4dae1f20967fa0aa929e24429b7204b331761204
-  data.tar.gz: dcf067170c35323dd8159bef69e2053af0b9c4fee96d5886d0b00404dd63b8eafc44601799c6f1a4261f9680b231fd5c4fa05eb64121eea9cb20ad8433df256f
+  metadata.gz: 26cda51c7c8e2b5a8be9395ef13e3d39d9ee1c73429542d107bb229747b9a004800771a96b8f516e4f994c8926b1d0ef2fb1bf45e38102646451c48a3e4fb453
+  data.tar.gz: 971d54be27f18e12d8d7eafad90e50627098c689b34e047c0ddea4a96f82abf8c80e45766f49fdd82a9efb45fd3508ca312ee4b0cc0508d06a37887d45f9fcb0

data/lib/authlogic/session/base.rb

@@ -961,6 +961,20 @@ module Authlogic
         end
         alias sign_cookie= sign_cookie
 
+        # Should the cookie be encrypted? If the controller adapter supports it, this is a
+        # measure to hide the contents of the cookie (e.g. persistence_token)
+        def encrypt_cookie(value = nil)
+          if value && !controller.cookies.respond_to?(:encrypted)
+            raise "Encrypted cookies not supported with #{controller.class}!"
+          end
+          if value && sign_cookie
+            raise "It is recommended to use encrypt_cookie instead of sign_cookie. " \
+                  "You may not enable both options."
+          end
+          rw_config(:encrypt_cookie, value, false)
+        end
+        alias_method :encrypt_cookie=, :encrypt_cookie
+
         # Works exactly like cookie_key, but for sessions. See cookie_key for more info.
         #
         # * <tt>Default:</tt> cookie_key
@@ -1480,6 +1494,23 @@ module Authlogic
         sign_cookie == true || sign_cookie == "true" || sign_cookie == "1"
       end
 
+      # If the cookie should be encrypted
+      def encrypt_cookie
+        return @encrypt_cookie if defined?(@encrypt_cookie)
+        @encrypt_cookie = self.class.encrypt_cookie
+      end
+
+      # Accepts a boolean as to whether the cookie should be encrypted.  If true
+      # the cookie will be saved in an encrypted state.
+      def encrypt_cookie=(value)
+        @encrypt_cookie = value
+      end
+
+      # See encrypt_cookie
+      def encrypt_cookie?
+        encrypt_cookie == true || encrypt_cookie == "true" || encrypt_cookie == "1"
+      end
+
       # The scope of the current object
       def scope
         @scope ||= {}
@@ -1623,7 +1654,9 @@ module Authlogic
       end
 
       def cookie_jar
-        if self.class.sign_cookie
+        if self.class.encrypt_cookie
+          controller.cookies.encrypted
+        elsif self.class.sign_cookie
           controller.cookies.signed
         else
           controller.cookies
@@ -1705,13 +1738,8 @@ module Authlogic
 
       # @api private
       def generate_cookie_for_saving
-        creds = ::Authlogic::CookieCredentials.new(
-          record.persistence_token,
-          record.send(record.class.primary_key),
-          remember_me? ? remember_me_until : nil
-        )
         {
-          value: creds.to_s,
+          value: generate_cookie_value.to_s,
           expires: remember_me_until,
           secure: secure,
           httponly: httponly,
@@ -1720,6 +1748,14 @@ module Authlogic
         }
       end
 
+      def generate_cookie_value
+        ::Authlogic::CookieCredentials.new(
+          record.persistence_token,
+          record.send(record.class.primary_key),
+          remember_me? ? remember_me_until : nil
+        )
+      end
+
       # Returns a Proc to be executed by
       # `ActionController::HttpAuthentication::Basic` when credentials are
       # present in the HTTP request.
@@ -1935,11 +1971,7 @@ module Authlogic
       end
 
       def save_cookie
-        if sign_cookie?
-          controller.cookies.signed[cookie_key] = generate_cookie_for_saving
-        else
-          controller.cookies[cookie_key] = generate_cookie_for_saving
-        end
+        cookie_jar[cookie_key] = generate_cookie_for_saving
       end
 
       # @api private

data/lib/authlogic/test_case/mock_cookie_jar.rb

@@ -23,6 +23,10 @@ module Authlogic
       def signed
         @signed ||= MockSignedCookieJar.new(self)
       end
+
+      def encrypted
+        @encrypted ||= MockEncryptedCookieJar.new(self)
+      end
     end
 
     # A mock of `ActionDispatch::Cookies::SignedKeyRotatingCookieJar`
@@ -35,6 +39,7 @@ module Authlogic
 
       def initialize(parent_jar)
         @parent_jar = parent_jar
+        parent_jar.each { |k, v| self[k] = v }
       end
 
       def [](val)
@@ -51,5 +56,35 @@ module Authlogic
         @parent_jar[key] = options
       end
     end
+
+    class MockEncryptedCookieJar < MockCookieJar
+      attr_reader :parent_jar # helper for testing
+
+      def initialize(parent_jar)
+        @parent_jar = parent_jar
+        parent_jar.each { |k, v| self[k] = v }
+      end
+
+      def [](val)
+        encrypted_message = @parent_jar[val]
+        if encrypted_message
+          self.class.decrypt(encrypted_message)
+        end
+      end
+
+      def []=(key, options)
+        options[:value] = self.class.encrypt(options[:value])
+        @parent_jar[key] = options
+      end
+
+      # simple caesar cipher for testing
+      def self.encrypt(str)
+        str.unpack("U*").map(&:succ).pack("U*")
+      end
+
+      def self.decrypt(str)
+        str.unpack("U*").map(&:pred).pack("U*")
+      end
+    end
   end
 end

data/lib/authlogic/version.rb

@@ -17,6 +17,6 @@ module Authlogic
   #
   # @api public
   def self.gem_version
-    ::Gem::Version.new("5.1.0")
+    ::Gem::Version.new("5.2.0")
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 5.1.0
+  version: 5.2.0
 platform: ruby
 authors:
 - Ben Johnson
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-24 00:00:00.000000000 Z
+date: 2020-05-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel