cookie_decryptor 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: db283887462ae536cd87b88b67e89565adc8ff43
4
+ data.tar.gz: 2e0cbb3a61f755d644875d25c2bb6c98d338fb39
5
+ SHA512:
6
+ metadata.gz: c9a17946ed6e6428f38228d16c1832c53e93bb7156cf85f597228d50173b40d5000e6476ddec77df3cfce4572e85267e72ad9b8902b0c22e44cf966e03704524
7
+ data.tar.gz: fd85484aeec10b7a891bc1624b19f9da590a785f9a791271241bc8bfc394c88622b05fdf400ffb24339edc702adf12dc8f5685b2ff1ffbf4d78864ee4db34491
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.3.3
5
+ before_install: gem install bundler -v 1.14.6
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at justin@justinweiss.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in cookie_decryptor.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2017 Justin Weiss
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,74 @@
1
+ # CookieDecryptor
2
+
3
+ When you're trying to debug cookie session problems, are you stuck with cookies that look like this?
4
+
5
+ ```
6
+ Set-Cookie: _session_my_app=OXJ2SkhNaFZBWDd1eDU3djhSekZRdmN6WjNKUjN4dlBiMWt3bW9sVjM0OERIZ3lPUmV1UFB2MmlySzI0OXJtbTRDdmI3TGd0S3AvMVNjdTlueEo1Y05zMnE3NTdsMVVmWWFVSXA5NVFOT0U9LS1tM21SL2tIMGhxYjFEWjZjb2Y3ZWlnPT0%3D--533f89e5525959c122e31ff7eae5b886b2ed7fe9; path=/; HttpOnly
7
+ ```
8
+
9
+ What does that even mean? How do you figure out that that cookie decodes to
10
+
11
+ ```json
12
+ {"session_id":"35481e34ef3c0d0ac83e4dccf8520120","name":"Justin"}
13
+ ```
14
+
15
+ without faking the session yourself?
16
+
17
+ With CookieDecryptor, you can paste that header in and get the result right back out.
18
+
19
+ ```ruby
20
+ irb(main):001:0> CookieDecryptor.decrypt("Set-Cookie: _session_my_app=OXJ2SkhNaFZBWDd1eDU3djhSekZRdmN6WjNKUjN4dlBiMWt3bW9sVjM0OERIZ3lPUmV1UFB2MmlySzI0OXJtbTRDdmI3TGd0S3AvMVNjdTlueEo1Y05zMnE3NTdsMVVmWWFVSXA5NVFOT0U9LS1tM21SL2tIMGhxYjFEWjZjb2Y3ZWlnPT0%3D--533f89e5525959c122e31ff7eae5b886b2ed7fe9; path=/; HttpOnly")
21
+ => "{\"session_id\":\"35481e34ef3c0d0ac83e4dccf8520120\",\"name\":\"Justin\"}"
22
+ ```
23
+
24
+ ## Installation
25
+
26
+ Add this line to your application's Gemfile:
27
+
28
+ ```ruby
29
+ gem 'cookie_decryptor'
30
+ ```
31
+
32
+ And then execute:
33
+
34
+ $ bundle
35
+
36
+ Or install it yourself as:
37
+
38
+ $ gem install cookie_decryptor
39
+
40
+ ## Usage
41
+
42
+ You can decrypt cookie data with `CookieDecryptor.decrypt`:
43
+
44
+ ```ruby
45
+ CookieDecryptor.decrypt("OXJ2SkhNaFZBWDd1eDU3djhSekZRdmN6WjNKUjN4dlBiMWt3bW9sVjM0OERIZ3lPUmV1UFB2MmlySzI0OXJtbTRDdmI3TGd0S3AvMVNjdTlueEo1Y05zMnE3NTdsMVVmWWFVSXA5NVFOT0U9LS1tM21SL2tIMGhxYjFEWjZjb2Y3ZWlnPT0%3D--533f89e5525959c122e31ff7eae5b886b2ed7fe9")
46
+ ```
47
+
48
+ Or you can be extra lazy, and paste an entire HTTP cookie header:
49
+
50
+ ```ruby
51
+ CookieDecryptor.decrypt("Set-Cookie: _session_my_app=OXJ2SkhNaFZBWDd1eDU3djhSekZRdmN6WjNKUjN4dlBiMWt3bW9sVjM0OERIZ3lPUmV1UFB2MmlySzI0OXJtbTRDdmI3TGd0S3AvMVNjdTlueEo1Y05zMnE3NTdsMVVmWWFVSXA5NVFOT0U9LS1tM21SL2tIMGhxYjFEWjZjb2Y3ZWlnPT0%3D--533f89e5525959c122e31ff7eae5b886b2ed7fe9; path=/; HttpOnly")
52
+ ```
53
+
54
+ If you're inside your Rails app, CookieDecryptor will default to using your Rails app's `secret_key_base`. If you're not in a Rails app, or if you want to use a different `secret_key_base`, you can specify it:
55
+
56
+ ```ruby
57
+ CookieDecryptor.decrypt("OXJ2SkhNaFZBWDd1eDU3djhSekZRdmN6WjNKUjN4dlBiMWt3bW9sVjM0OERIZ3lPUmV1UFB2MmlySzI0OXJtbTRDdmI3TGd0S3AvMVNjdTlueEo1Y05zMnE3NTdsMVVmWWFVSXA5NVFOT0U9LS1tM21SL2tIMGhxYjFEWjZjb2Y3ZWlnPT0%3D--533f89e5525959c122e31ff7eae5b886b2ed7fe9", secret_key_base: "1c81d82d9be8b21667f16b254da480cbbd0fd9fdf856ea88a285479e1bec9860cb3fdda0b214a25e34b16d83929ae87ec846648c7ef5cef35121f029c341ad7b")
58
+ ```
59
+
60
+ ## Development
61
+
62
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
63
+
64
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
65
+
66
+ ## Contributing
67
+
68
+ Bug reports and pull requests are welcome on GitHub at https://github.com/justinweiss/cookie_decryptor. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
69
+
70
+
71
+ ## License
72
+
73
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
74
+
data/Rakefile ADDED
@@ -0,0 +1,10 @@
1
+ require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+
4
+ Rake::TestTask.new(:test) do |t|
5
+ t.libs << "test"
6
+ t.libs << "lib"
7
+ t.test_files = FileList['test/**/*_test.rb']
8
+ end
9
+
10
+ task :default => :test
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "cookie_decryptor"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,29 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'cookie_decryptor/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "cookie_decryptor"
8
+ spec.version = CookieDecryptor::VERSION
9
+ spec.authors = ["Justin Weiss"]
10
+ spec.email = ["justin@justinweiss.com"]
11
+
12
+ spec.summary = "Decrypt your secure Rails cookies."
13
+ spec.description = "Ever wanted to peek inside your signed, encrypted Rails cookies? With this gem, it's easy."
14
+ spec.homepage = "https://github.com/justinweiss/cookie_decryptor"
15
+ spec.license = "MIT"
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject do |f|
18
+ f.match(%r{^(test|spec|features)/})
19
+ end
20
+ spec.bindir = "exe"
21
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
22
+ spec.require_paths = ["lib"]
23
+
24
+ spec.add_dependency "activesupport", ">= 4.0.0"
25
+
26
+ spec.add_development_dependency "bundler", "~> 1.14"
27
+ spec.add_development_dependency "rake", "~> 10.0"
28
+ spec.add_development_dependency "minitest", "~> 5.0"
29
+ end
@@ -0,0 +1,13 @@
1
+ require "cookie_decryptor/version"
2
+
3
+ module CookieDecryptor
4
+ autoload :Decryptor, "cookie_decryptor/decryptor"
5
+
6
+ # Decrypt <tt>cookie</tt>. If you're inside a Rails app, and
7
+ # <tt>secret_key_base</tt> isn't set, it will decrypt the cookie
8
+ # using your Rails settings. Otherwise, CookieDecryptor will use
9
+ # <tt>secret_key_base</tt> to decrypt the cookie.
10
+ def self.decrypt(cookie, secret_key_base: nil)
11
+ Decryptor.new(cookie, secret_key_base: secret_key_base).decrypt
12
+ end
13
+ end
@@ -0,0 +1,51 @@
1
+ require 'active_support'
2
+ require 'cgi'
3
+
4
+ module CookieDecryptor
5
+ # Decrypts a Rails cookie, using ActiveSupport::KeyGenerator and
6
+ # ActiveSupport::MessageVerifier. If this code is running inside a
7
+ # Rails app, it will use the key generator and secrets the Rails app
8
+ # is using. Otherwise, you must pass in your app's
9
+ # <tt>secret_key_base</tt>, and we will use hardcoded key strings
10
+ # from Rails.
11
+ class Decryptor
12
+
13
+ def initialize(cookie, secret_key_base: nil)
14
+ @cookie = CGI.unescape(extract_cookie(cookie))
15
+ @key_generator = key_generator(secret_key_base)
16
+ end
17
+
18
+ # Returns the decrypted data inside <tt>cookie</tt>.
19
+ def decrypt
20
+ encryptor.decrypt_and_verify(@cookie)
21
+ end
22
+
23
+ private
24
+
25
+ # Extract cookie data out of a complete cookie header: everything
26
+ # after the first = and before the first ;
27
+ def extract_cookie(cookie)
28
+ cookie.sub(/[^=]*=/, "").split(";").first
29
+ end
30
+
31
+ def key_generator(secret_key_base)
32
+ if secret_key_base
33
+ ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
34
+ elsif defined?(Rails.application)
35
+ Rails.application.key_generator
36
+ else
37
+ raise ArgumentError, "You must specify a secret_key_base in order to decrypt sessions."
38
+ end
39
+ end
40
+
41
+ def encryptor
42
+ secret = @key_generator.generate_key("encrypted cookie")
43
+ sign_secret = @key_generator.generate_key("signed encrypted cookie")
44
+ ActiveSupport::MessageEncryptor.new(
45
+ secret,
46
+ sign_secret,
47
+ serializer: ActiveSupport::MessageEncryptor::NullSerializer
48
+ )
49
+ end
50
+ end
51
+ end
@@ -0,0 +1,3 @@
1
+ module CookieDecryptor
2
+ VERSION = "0.1.0"
3
+ end
metadata ADDED
@@ -0,0 +1,114 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cookie_decryptor
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Justin Weiss
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2017-04-13 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: activesupport
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 4.0.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: 4.0.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.14'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.14'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: minitest
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '5.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '5.0'
69
+ description: Ever wanted to peek inside your signed, encrypted Rails cookies? With
70
+ this gem, it's easy.
71
+ email:
72
+ - justin@justinweiss.com
73
+ executables: []
74
+ extensions: []
75
+ extra_rdoc_files: []
76
+ files:
77
+ - ".gitignore"
78
+ - ".travis.yml"
79
+ - CODE_OF_CONDUCT.md
80
+ - Gemfile
81
+ - LICENSE.txt
82
+ - README.md
83
+ - Rakefile
84
+ - bin/console
85
+ - bin/setup
86
+ - cookie_decryptor.gemspec
87
+ - lib/cookie_decryptor.rb
88
+ - lib/cookie_decryptor/decryptor.rb
89
+ - lib/cookie_decryptor/version.rb
90
+ homepage: https://github.com/justinweiss/cookie_decryptor
91
+ licenses:
92
+ - MIT
93
+ metadata: {}
94
+ post_install_message:
95
+ rdoc_options: []
96
+ require_paths:
97
+ - lib
98
+ required_ruby_version: !ruby/object:Gem::Requirement
99
+ requirements:
100
+ - - ">="
101
+ - !ruby/object:Gem::Version
102
+ version: '0'
103
+ required_rubygems_version: !ruby/object:Gem::Requirement
104
+ requirements:
105
+ - - ">="
106
+ - !ruby/object:Gem::Version
107
+ version: '0'
108
+ requirements: []
109
+ rubyforge_project:
110
+ rubygems_version: 2.5.2
111
+ signing_key:
112
+ specification_version: 4
113
+ summary: Decrypt your secure Rails cookies.
114
+ test_files: []