cookie_monster 0.1.1 → 0.1.2

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    ZDlhOTM2ZjFmYjJlOTVlMjYzNzhhOWU1NzAwZTlhNDBlNzE2ZDlkYw==
+    ZDc0OThjMzRkMWM5ODZhOTNiMTBlOGFlMTAyZTY3ZmE5NjhhZDA2Mw==
   data.tar.gz: !binary |-
-    NWIzZGEzMTYyMjFjYzdlZjIyN2Q0MWRmZTk4MTk3MGM4NTI0ODE5MA==
+    NjgxNmEyZDM5MTVlZmYzNjhmYTVhYWVjODdjZDM1Y2E5YjcyY2Y5Ng==
 !binary "U0hBNTEy":
   metadata.gz: !binary |-
-    YzJhZTM0ZDNlOGMyYmJhYWI1YTNmZDhkMGYyMGZmMTNhZDMzNzIxMzEzNGZi
-    YjUzNGIxODAzNDE1MzRjOWE4Mjk3ZDQ1ODEyNzFhYWJlYzhmM2VmZTY5Y2M0
-    MTU1OTk0ZDM3OWY1ODhmNWQ3YjhjYzdiYjgzOTZmODBlYTg2ZTU=
+    ZTBiMjI5Zjc0ZWYxNWE0NGU1MzJmNjFhMjI1Y2VhMzI1MTEwYWQ3M2Q2Nzgx
+    Y2E0OGQ4ZTAxMmU0NmQ2ZGNkYjg2Njk3NGQ5NDQyNmQzNDQ5NTQ4OWI0Nzkx
+    ZTg1ODRkMTFhNzlkODQ4ZGYyMTkwOTMyNmNmNTExMDdmNzlmZTU=
   data.tar.gz: !binary |-
-    MjhkZTIyMjdhMTE2NWVlMGYzN2UxYTg1ZWM2NDM4MjRiOWM1NDYzM2NhODM0
-    N2NlM2NmMmNkNmEyYTY0MDMyMGViYzYwMjEwM2YzNmY4MmE4MWZjYWJmYjQ4
-    NTA5MjA0MmU2NGMxM2JkZjk1MTc1NjQ3ZmQ0MDYzODZhODUyZTY=
+    YzA2MGMxZTUwZjRkMTVlNzBkOTIxMTI3MDBiZWY2MDZjMWE1NjA0OTBkYzZj
+    YWZmNTUxNWZiNzE4MTgyZGI3YzY1YjdiNzFiZGFlNjRjNDQyZGNkMWFkMjIx
+    YmRmZmVjYjBlNTA5YzI5NGM0NTgzYTNjOTIzMzAxODQzMzU2MDM=

data/.travis.yml

@@ -0,0 +1,12 @@
+rvm:
+  - 1.9.2
+  - 1.9.3
+  - jruby-19mode
+before_install:
+  - gem update --system
+script: "bundle exec rake"
+jdk:
+  - openjdk6
+branches:
+  only:
+    - master

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,26 @@
+PATH
+  remote: .
+  specs:
+    cookie_monster (0.1.1)
+      activesupport (>= 3.0.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    activesupport (3.2.13)
+      i18n (= 0.6.1)
+      multi_json (~> 1.0)
+    i18n (0.6.1)
+    metaclass (0.0.1)
+    mocha (0.14.0)
+      metaclass (~> 0.0.1)
+    multi_json (1.7.7)
+    rake (10.0.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  cookie_monster!
+  mocha (~> 0.14.0)
+  rake (~> 10.0.4)

data/LICENSE

@@ -0,0 +1,19 @@
+copyright (c) 2013 Dylan Griffin and Shareaholic, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -1,10 +1,11 @@
 # CookieMonster
+[![Build Status](https://secure.travis-ci.org/griffindy/cookie_monster.png)](http://travis-ci.org/griffindy/cookie_monster?branch=master)
 
 This library exists to help you handle encrypted cookies in your app(s). The
 goal is for the implementation to be simple and dependency free so that it can
 be used anywhere.
 
-Install
+Installation
 --------
 
 ```shell
@@ -17,16 +18,53 @@ gem 'cookie_monster'
 ```
 and run `bundle install` from your shell.
 
+Configuration
+-------------
+
+`CookieMonster` is configured by passing a block to `CookieMonster.configure`
+like the following:
+
+```ruby
+CookieMonster.configure do |config|
+  config.key = '6e14e0255e472f84ef99df899cf9158aa3215a919db1ba0fa460eb928da3b34265a98d93bb4593762b0404494c7f1ab60f62b75eb'
+end
+```
+
+The object yielded by `CookieMonster.configure` accepts two methods: `key` and
+`cipher_type`. `key` is the key that will unlock all the cookies, so keep this
+secret! It should also be long. If you're using `CookieMonster` across multiple
+apps, make sure that the key is the same. `cipher_type` defaults to
+`'AES-256-CBC'`, but can be anything in the list of `OpenSSL::Cipher.ciphers`
+
 Usage
 -----
+### Rails
 
-If you're on rails, using CookieMonster is as easy as:
+If you're on rails, using CookieMonster is as easy as including the appropriate
+module into your controller:
 
 ```ruby
 include CookieMonster::Rails
 ```
 
-This includes a method `cookie_monster` which behaves just like `cookies`.
+This includes a method `cookie_monster` which behaves just like `cookies`. You
+can access cookies with `[]` and set them with `[]=`:
+
+```ruby
+class SecretsController < ApplicationController
+  # ...
+  def update
+    cookie_monster[:super_secret_thing] = 'hopefully no one reads this'
+  end
+
+  def show
+    @secret = cookie_monster[:super_secret_thing]
+  end
+  # ...
+end
+```
+
+### Another Ruby application
 Otherwise, you need to instantiate a new `CookieMonster::Jar` object with a
 `request` and `response` objects. `request` and `response` should both respond
 to `cookies`, and `response` should also respond to `set_cookie`. You can also
@@ -37,3 +75,30 @@ def cookie_monster
   @cookie_monster ||= CookieMonster::Jar.new(request: request, response: response, expires: 1.day.from_now)
 end
 ```
+
+Supported Ruby Versions
+-----------------------
+
+`CookieMonster` requires at least Ruby 1.9. It is tested against Ruby 1.9.2,
+\1.9.3, and JRuby in 19-mode.
+
+Contributing
+------------
+
+Contributing to `CookieMonster`:
+
+1. Fork the [official repository](https://github.com/shareaholic/cookie_monster/tree/master).
+2. Make your changes in a topic branch.
+3. Send a pull request.
+
+Notes:
+
+* Contributions without tests won't be accepted.
+* Please don't update the Gem version.
+
+License
+-------
+
+cookie_monster is Copyright © 2013 Dylan Griffin and Shareaholic, Inc.
+It is free software, and may be redistributed under the terms specified
+in the [LICENSE](https://github.com/shareaholic/cookie_monster/blob/master/LICENSE) file.

data/cookie_monster.gemspec

@@ -1,5 +1,6 @@
 $LOAD_PATH << File.expand_path("../lib", __FILE__)
 require 'cookie_monster/version'
+require 'date'
 
 Gem::Specification.new do |s|
   s.name        = 'cookie_monster'
@@ -10,5 +11,10 @@ Gem::Specification.new do |s|
   s.authors     = ["Dylan Griffin"]
   s.email       = 'dylan@dylangriff.in'
   s.files       = `git ls-files`.split("\n")
-  s.homepage    = 'http://dylangriff.in'
+  s.homepage    = 'https://github.com/shareaholic/cookie_monster'
+
+  s.add_dependency "activesupport", ">= 3.0.0"
+
+  s.add_development_dependency 'mocha', '~> 0.14.0'
+  s.add_development_dependency 'rake', '~> 10.0.4'
 end

data/examples/test_app/Gemfile.lock

@@ -1,7 +1,8 @@
 PATH
   remote: ../../../cookie_monster
   specs:
-    cookie_monster (0.0.0)
+    cookie_monster (0.1.1)
+      activesupport (>= 3.0.0)
 
 GEM
   remote: https://rubygems.org/

data/examples/test_app/config/initializers/cookie_monster.rb

@@ -1,4 +1,3 @@
 CookieMonster.configure do |config|
   config.key = '47644314d297f3678dfd3ce757299b7cfa39181becd984c255728687c091d91df5e23e550f3d0d6625b9435e8b04ac804a27ea1978384b71ea2e1d678be90b9b'
-  config.iv = '0.2767140515573705'
 end

data/lib/cookie_monster/configuration.rb

@@ -1,9 +1,13 @@
 module CookieMonster
   class Configuration
-    attr_accessor :key, :iv, :cipher_type
+    attr_accessor :key, :cipher_type
 
     def initialize
       @cipher_type = 'AES-256-CBC'
     end
+
+    def iv
+      rand.to_s
+    end
   end
 end

data/lib/cookie_monster/encryption.rb

@@ -8,19 +8,45 @@ module CookieMonster
     end
 
     def encrypt
+      iv = configuration.iv
       @aes.encrypt
+      @aes.iv = iv
       @aes.key = @key
-      @aes.update(@payload) + @aes.final
+      encrypted = iv + ':' + @aes.update(json_serialized_payload) + @aes.final
+      Base64.encode64 encrypted
     end
 
     def decrypt
+      payload = Base64.decode64 @payload
+      iv, payload = payload.split(':', 2)
       @aes.decrypt
+      @aes.iv = iv
       @aes.key = @key
-      @aes.update(@payload) + @aes.final
+      decrypted = @aes.update(payload) + @aes.final
+      json_parsed_payload decrypted
     rescue OpenSSL::Cipher::CipherError
       raise PasswordInvalid, "Password incorrect!"
     end
 
+    private
+
+    def json_serialized_payload
+      if @payload.is_a? String
+        @payload
+      else
+        @payload.to_json
+      end
+    end
+
+    def json_parsed_payload(payload)
+      begin
+        parsed = JSON.parse payload
+        parsed.with_indifferent_access if parsed.is_a? Hash
+      rescue JSON::ParserError
+        payload
+      end
+    end
+
     class PasswordInvalid < Exception
       def initialize(s); s; end
     end

data/lib/cookie_monster/jar.rb

@@ -9,12 +9,13 @@ module CookieMonster
     end
 
     def [](key)
-      key = key.to_s
+      response_cookies = @response.respond_to?(:cookies) ? @response.cookies.with_indifferent_access : {}
+      request_cookies = @request.respond_to?(:cookies) ? @request.cookies.with_indifferent_access : {}
 
-      if @response.cookies[key]
-        cookie = @response.cookies[key]
-      elsif @request.cookies[key]
-        cookie = @request.cookies[key]
+      if response_cookies[key]
+        cookie = response_cookies[key]
+      elsif request_cookies[key]
+        cookie = request_cookies[key]
       else
         return nil
       end
@@ -30,7 +31,7 @@ module CookieMonster
     def []=(key, value)
       encrypted_value = Encryption.new(value).encrypt
 
-      @response.set_cookie key.to_s, {
+      @response.set_cookie key, {
         :value => encrypted_value,
         :httponly => @options[:httponly],
         :expires => @options[:expires],

data/lib/cookie_monster/version.rb

@@ -1,3 +1,3 @@
 module CookieMonster
-  VERSION = '0.1.1'
+  VERSION = '0.1.2'
 end

data/lib/cookie_monster.rb

@@ -1,4 +1,9 @@
 require 'openssl'
+require 'json'
+
+require 'active_support'
+require 'active_support/core_ext/hash'
+
 require 'cookie_monster/base'
 require 'cookie_monster/configuration'
 require 'cookie_monster/encryption'

data/test/cookie_monster/test_encryption.rb

@@ -7,4 +7,12 @@ class EncryptionTest < Test::Unit::TestCase
 
     assert_equal 'payload', decryptor
   end
+
+  def test_more_complicated_data_types
+    payload = { a: 'this is a hash' }.with_indifferent_access
+    encrypted = CookieMonster::Encryption.new(payload).encrypt
+    decryptor = CookieMonster::Encryption.new(encrypted).decrypt
+
+    assert_equal payload, decryptor
+  end
 end

data/test/cookie_monster/test_jar.rb

@@ -29,9 +29,10 @@ class JarTest < Test::Unit::TestCase
   end
 
   def test_setting_a_cookie
+    CookieMonster.configuration.expects(:iv).at_least_once.returns('x' * 16)
     @jar[:hello] = 'testing a cookie'
     assert_equal CookieMonster::Encryption.new('testing a cookie').encrypt,
-      @jar.response.cookies['hello'][:value]
+      @jar.response.cookies[:hello][:value]
   end
 
   def test_reading_a_cookie_set_in_response_first
@@ -42,4 +43,14 @@ class JarTest < Test::Unit::TestCase
   def test_reading_a_cookie_from_request
     assert_equal 'already set', @jar[:a_cookie]
   end
+
+  def test_indifferent_access
+    assert_equal @jar[:a_cookie], @jar['a_cookie']
+  end
+
+  def test_setting_a_more_complicated_data_type
+    hash = { a: 'this is a hash' }.with_indifferent_access
+    @jar[:something] = hash
+    assert_equal hash, @jar[:something]
+  end
 end

data/test/test_cookie_monster.rb

@@ -4,14 +4,16 @@ class CookieMonsterTest < Test::Unit::TestCase
   def test_configuration
     CookieMonster.configure do |config|
       config.key = 'a key'
-      config.iv = 'iv'
     end
 
     assert_equal 'a key', CookieMonster.configuration.key
-    assert_equal 'iv', CookieMonster.configuration.iv
   end
 
   def test_default_cipher_type
     assert_equal 'AES-256-CBC', CookieMonster.configuration.cipher_type
   end
+
+  def test_iv_not_the_same
+    assert_not_equal CookieMonster.configuration.iv, CookieMonster.configuration.iv
+  end
 end

data/test/test_helper.rb

@@ -1,7 +1,9 @@
+$LOAD_PATH << File.expand_path("../../lib", __FILE__)
+
 require 'test/unit'
+require 'mocha/setup'
 require 'cookie_monster'
 
 CookieMonster.configure do |config|
   config.key = 'a key'
-  config.iv = 'an iv'
 end

metadata

@@ -1,15 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: cookie_monster
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Dylan Griffin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-17 00:00:00.000000000 Z
-dependencies: []
+date: 2013-06-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.0.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.0.4
 description: A simple gem to encrypt cookies for ruby applications.
 email: dylan@dylangriff.in
 executables: []
@@ -17,6 +59,10 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .travis.yml
+- Gemfile
+- Gemfile.lock
+- LICENSE
 - README.md
 - Rakefile
 - cookie_monster.gemspec
@@ -81,7 +127,7 @@ files:
 - test/cookie_monster/test_jar.rb
 - test/test_cookie_monster.rb
 - test/test_helper.rb
-homepage: http://dylangriff.in
+homepage: https://github.com/shareaholic/cookie_monster
 licenses: []
 metadata: {}
 post_install_message: