cookie_monster 0.0.0

data/examples/test_app/config/database.yml

@@ -0,0 +1,25 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

data/examples/test_app/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+TestApp::Application.initialize!

data/examples/test_app/config/environments/development.rb

@@ -0,0 +1,37 @@
+TestApp::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+end

data/examples/test_app/config/environments/production.rb

@@ -0,0 +1,67 @@
+TestApp::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this)
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Don't fallback to assets pipeline if a precompiled asset is missed
+  config.assets.compile = false
+
+  # Generate digests for assets URLs
+  config.assets.digest = true
+
+  # Defaults to nil and saved in location specified by config.assets.prefix
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Prepend all log lines with the following tags
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+end

data/examples/test_app/config/environments/test.rb

@@ -0,0 +1,37 @@
+TestApp::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  # Configure static asset server for tests with Cache-Control for performance
+  config.serve_static_assets = true
+  config.static_cache_control = "public, max-age=3600"
+
+  # Log error messages when you accidentally call methods on nil
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

data/examples/test_app/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/examples/test_app/config/initializers/cookie_monster.rb

@@ -0,0 +1,4 @@
+CookieMonster.configure do |config|
+  config.key = '47644314d297f3678dfd3ce757299b7cfa39181becd984c255728687c091d91df5e23e550f3d0d6625b9435e8b04ac804a27ea1978384b71ea2e1d678be90b9b'
+  config.iv = '0.2767140515573705'
+end

data/examples/test_app/config/initializers/inflections.rb

@@ -0,0 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+#
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.acronym 'RESTful'
+# end

data/examples/test_app/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/examples/test_app/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+TestApp::Application.config.secret_token = 'fc3cc72a038d212bdbfc7b49d13b0bb7d3b828f6359f35f13ad1c3ed8d5d618f9555ade46c843c4b1a665eadea6be294c93d0aea48e206ca5a8fc4f9c0561a1d'

data/examples/test_app/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+TestApp::Application.config.session_store :cookie_store, key: '_test_app_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# TestApp::Application.config.session_store :active_record_store

data/examples/test_app/config/initializers/wrap_parameters.rb

@@ -0,0 +1,14 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json]
+end
+
+# Disable root element in JSON by default.
+ActiveSupport.on_load(:active_record) do
+  self.include_root_in_json = false
+end

data/examples/test_app/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

data/examples/test_app/config/routes.rb

@@ -0,0 +1,5 @@
+TestApp::Application.routes.draw do
+  root to: 'application#index'
+
+  get '/reading_test' => 'application#reading_test'
+end

data/examples/test_app/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run TestApp::Application

data/examples/test_app/db/seeds.rb

@@ -0,0 +1,7 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
+#
+# Examples:
+#
+#   cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
+#   Mayor.create(name: 'Emanuel', city: cities.first)

data/examples/test_app/doc/README_FOR_APP

@@ -0,0 +1,2 @@
+Use this README file to introduce your application and point to useful places in the API for learning more.
+Run "rake doc:app" to generate API documentation for your models, controllers, helpers, and libraries.

data/examples/test_app/public/404.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+</body>
+</html>

data/examples/test_app/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/examples/test_app/public/500.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+</body>
+</html>

data/examples/test_app/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-Agent: *
+# Disallow: /

data/examples/test_app/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/examples/test_app/test/performance/browsing_test.rb

@@ -0,0 +1,12 @@
+require 'test_helper'
+require 'rails/performance_test_help'
+
+class BrowsingTest < ActionDispatch::PerformanceTest
+  # Refer to the documentation for all available options
+  # self.profile_options = { :runs => 5, :metrics => [:wall_time, :memory]
+  #                          :output => 'tmp/performance', :formats => [:flat] }
+
+  def test_homepage
+    get '/'
+  end
+end

data/examples/test_app/test/test_helper.rb

@@ -0,0 +1,13 @@
+ENV["RAILS_ENV"] = "test"
+require File.expand_path('../../config/environment', __FILE__)
+require 'rails/test_help'
+
+class ActiveSupport::TestCase
+  # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
+  #
+  # Note: You'll currently still have to declare fixtures explicitly in integration tests
+  # -- they do not yet inherit this setting
+  fixtures :all
+
+  # Add more helper methods to be used by all tests here...
+end

data/lib/cookie_monster/base.rb

@@ -0,0 +1,9 @@
+module CookieMonster
+  class Base
+    private
+
+    def configuration
+      CookieMonster.configuration
+    end
+  end
+end

data/lib/cookie_monster/configuration.rb

@@ -0,0 +1,9 @@
+module CookieMonster
+  class Configuration
+    attr_accessor :key, :iv, :cipher_type
+
+    def initialize
+      @cipher_type = 'AES-256-CBC'
+    end
+  end
+end

data/lib/cookie_monster/encryption.rb

@@ -0,0 +1,28 @@
+module CookieMonster
+  class Encryption < Base
+    def initialize(payload)
+      @aes = ::OpenSSL::Cipher::Cipher.new(configuration.cipher_type)
+      @aes.padding = 1
+      @key = Digest::SHA256.digest(configuration.key)
+      @payload = payload
+    end
+
+    def encrypt
+      @aes.encrypt
+      @aes.key = @key
+      @aes.update(@payload) + @aes.final
+    end
+
+    def decrypt
+      @aes.decrypt
+      @aes.key = @key
+      @aes.update(@payload) + @aes.final
+    rescue OpenSSL::Cipher::CipherError
+      raise PasswordInvalid, "Password incorrect!"
+    end
+
+    class PasswordInvalid < Exception
+      def initialize(s); s; end
+    end
+  end
+end

data/lib/cookie_monster/jar.rb

@@ -0,0 +1,43 @@
+module CookieMonster
+  class Jar < Base
+    attr_reader :request, :response
+
+    def initialize(options)
+      @request = options.delete(:request)
+      @response = options.delete(:response)
+      @options = options
+    end
+
+    def [](key)
+      key = key.to_s
+
+      if @response.cookies[key]
+        cookie = @response.cookies[key]
+      elsif @request.cookies[key]
+        cookie = @request.cookies[key]
+      else
+        return nil
+      end
+
+      if cookie.is_a? Hash
+        cookie = cookie[:value]
+      end
+
+      encrypted = Encryption.new(cookie)
+      encrypted.decrypt
+    end
+
+    def []=(key, value)
+      encrypted_value = Encryption.new(value).encrypt
+
+      @response.set_cookie key, {
+        :value => encrypted_value,
+        :httponly => @options[:httponly],
+        :expires => @options[:expires],
+        :domain => @options[:domain],
+        :path => @options[:path] || '/',
+        :secure => false # Needed so it can be read by cookie logger over http
+      }
+    end
+  end
+end

data/lib/cookie_monster/rails.rb

@@ -0,0 +1,9 @@
+module CookieMonster
+  module Rails
+    private
+
+    def cookie_monster
+      @cookie_monster ||= CookieMonster::Jar.new(request: request, response: response, expires: 1.day.from_now)
+    end
+  end
+end

data/lib/cookie_monster/version.rb

@@ -0,0 +1,3 @@
+module CookieMonster
+  VERSION = '0.0.0'
+end

data/lib/cookie_monster.rb

@@ -0,0 +1,18 @@
+require 'openssl'
+require 'cookie_monster/base'
+require 'cookie_monster/configuration'
+require 'cookie_monster/encryption'
+require 'cookie_monster/jar'
+require 'cookie_monster/rails'
+require 'cookie_monster/version'
+
+module CookieMonster
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration) if block_given?
+  end
+end

data/test/cookie_monster/test_encryption.rb

@@ -0,0 +1,10 @@
+require 'test_helper'
+
+class EncryptionTest < Test::Unit::TestCase
+  def test_encrypt_decrypt
+    encrypted = CookieMonster::Encryption.new('payload').encrypt
+    decryptor = CookieMonster::Encryption.new(encrypted).decrypt
+
+    assert_equal 'payload', decryptor
+  end
+end

data/test/cookie_monster/test_jar.rb

@@ -0,0 +1,45 @@
+require 'test_helper'
+
+class FakeRequest
+  def cookies
+    { foo: 'a cookie' }
+  end
+end
+
+class FakeResponse
+  attr_reader :cookies
+  def initialize
+    @cookies = {
+      a_cookie: CookieMonster::Encryption.new('already set').encrypt
+    }
+  end
+
+  def set_cookie key, options
+    @cookies[key] = options
+  end
+end
+
+class JarTest < Test::Unit::TestCase
+  def setup
+    @options = {
+      request: FakeRequest.new,
+      response: FakeResponse.new
+    }
+    @jar = CookieMonster::Jar.new(@options)
+  end
+
+  def test_setting_a_cookie
+    @jar[:hello] = 'testing a cookie'
+    assert_equal CookieMonster::Encryption.new('testing a cookie').encrypt,
+      @jar.response.cookies[:hello][:value]
+  end
+
+  def test_reading_a_cookie_set_in_response_first
+    @jar[:something] = 'setting for the response'
+    assert_equal 'setting for the response', @jar[:something]
+  end
+
+  def test_reading_a_cookie_from_request
+    assert_equal 'already set', @jar[:a_cookie]
+  end
+end

data/test/test_cookie_monster.rb

@@ -0,0 +1,17 @@
+require 'test_helper'
+
+class CookieMonsterTest < Test::Unit::TestCase
+  def test_configuration
+    CookieMonster.configure do |config|
+      config.key = 'a key'
+      config.iv = 'iv'
+    end
+
+    assert_equal 'a key', CookieMonster.configuration.key
+    assert_equal 'iv', CookieMonster.configuration.iv
+  end
+
+  def test_default_cipher_type
+    assert_equal 'AES-256-CBC', CookieMonster.configuration.cipher_type
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,7 @@
+require 'test/unit'
+require 'cookie_monster'
+
+CookieMonster.configure do |config|
+  config.key = 'a key'
+  config.iv = 'an iv'
+end