cookieless_sessions 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bcbba977e6ff02b91577d6dd884eab647310f40a
-  data.tar.gz: 38045f2f7e63afc1a5c953c4fc33a8e432802ef1
+  metadata.gz: 9be96a253a2a981bc0a4e8a251958f0b3a566187
+  data.tar.gz: fe0c0bd04483b7bef37ba52dd36a1be6bb01a5c6
 SHA512:
-  metadata.gz: 3c14c0055fe304a5197a48d96feb8cfa8d8605bc14c977be2985e3b1d679ee3409e9180ea787599ed20f0c050ce3890e43d7ff720b7c01d832833eec2ac6d6a3
-  data.tar.gz: 15bd37dfa92e899864ee7c28037c5cf8cf6617268f26f5344528819ec55cf5eb8dfaae7d13b1dd8756c28591cce003d0c5cdce6c22322dfc9f0c5f912b183b32
+  metadata.gz: 33b9090e3083f82fa21ef0917be80c3a375360a908b972d8ba0170b642721a363fc8afd53d0c1eab356104eb6a77a0907777c5097b2f6e362654ce4c62de4d9f
+  data.tar.gz: 649e6a656a8392a97f9822dee205c64b088f208aa6e3757663378f10066171c1c9978dc786ce9591cfce99a3786f7026e64fe6f799c406b1f615f2e668da0a38

data/.gitignore

@@ -3,7 +3,7 @@
 .bundle
 .config
 .yardoc
-Gemfile.lock
+Gemfile*.lock
 InstalledFiles
 _yardoc
 coverage
@@ -15,11 +15,8 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
-*.bundle
-*.so
-*.o
-*.a
-mkmf.log
 
+spec/dummy/db
 spec/dummy/log
-spec/dummy/db
+.ruby-gemset
+.ruby-version

data/.travis.yml

@@ -1,6 +1,18 @@
 language: ruby
 rvm:
-  - 1.9.3
-  - 2.0.0
-  - 2.1.0
-  - 2.1.1
+  - '1.9.3'
+  - '2.0.0'
+  - '2.1.0'
+  - '2.1.1'
+  - ruby-head
+services:
+  - redis-server
+gemfile:
+  - Gemfile.rails-3.2.x
+  - Gemfile.rails-4.0.x
+  - Gemfile.rails-4.1.x
+  - Gemfile.rails-head
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+    - gemfile: Gemfile.rails-head

data/Gemfile.rails-3.2.x

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in frikandel.gemspec
+gemspec
+
+gem 'rails', '~> 3.2.0'

data/Gemfile.rails-4.0.x

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in frikandel.gemspec
+gemspec
+
+gem 'rails', '~> 4.0.0'

data/Gemfile.rails-4.1.x

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in frikandel.gemspec
+gemspec
+
+gem 'rails', '~> 4.1.0'

data/Gemfile.rails-head

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in frikandel.gemspec
+gemspec
+
+gem 'rails', 'github' => 'rails/rails'

data/README.md

@@ -87,8 +87,17 @@ There is one security impact: If you copy & paste a URL with your Sessions-ID to
 
 Two countermeasure could be to bind sessions to the client's IP-Address and add a session lifetime. For both you can use the [frikandel](https://rubygems.org/gems/frikandel) gem. This should make it harder to steal and fix sessions.
 
+## Test
+
+To run the test suite with different rails version by selecting the corresponding gemfile. You can use this one liners:
+
+    $ export BUNDLE_GEMFILE=Gemfile.rails-3.2.x && bundle update && bundle exec rake spec
+    $ export BUNDLE_GEMFILE=Gemfile.rails-4.0.x && bundle update && bundle exec rake spec
+    $ export BUNDLE_GEMFILE=Gemfile.rails-4.1.x && bundle update && bundle exec rake spec
+
 ## Changes
 
+* v1.0.1 -- added Rails32DestroyableSessionPatch: sets SID in options on destroy
 * v1.0.0 -- first release with complete README; no code changes
 * v0.0.2 -- improved and more flexible version with tests
 * v0.0.1 -- initial and work-in-progress version without any tests

data/cookieless_sessions.gemspec

@@ -18,14 +18,15 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.6"
-  spec.add_development_dependency "rake", "~> 10.3"
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec-rails", "~> 2.14"
   spec.add_development_dependency "guard-rspec", "~> 4.2"
   spec.add_development_dependency "capybara", "~> 2.2"
+  spec.add_development_dependency "launchy", "~> 2.4"
   spec.add_development_dependency "poltergeist", "~> 1.5"
   spec.add_development_dependency "pry", "~> 0.9"
-  spec.add_development_dependency "rails", [">= 3.0.0", "< 5.0"]
+  spec.add_development_dependency "rails", [">= 3.2.0", "< 5.0"]
   spec.add_development_dependency "sqlite3", "~> 1.3"
   spec.add_development_dependency "redis-session-store", "~> 0.7"
 end

data/lib/cookieless_sessions.rb

@@ -1,4 +1,5 @@
 require "cookieless_sessions/version"
+require "cookieless_sessions/rails_32_patch"
 
 module CookielessSessions
   module EnabledController

data/lib/cookieless_sessions/rails_32_patch.rb

@@ -0,0 +1,18 @@
+module CookielessSessions
+  module Rails32DestroyableSessionPatch
+    def destroy
+      clear
+      options = @env[Rack::Session::Abstract::ENV_SESSION_OPTIONS_KEY] if @env
+      options ||= {}
+      options[:id] = @by.send(:destroy_session, @env, options[:id], options) if @by
+      @loaded = false
+    end
+  end
+
+
+  if Rails::VERSION::MAJOR == 3 && Rails::VERSION::MINOR == 2
+    ActiveSupport.on_load(:action_controller) do
+      ::Rack::Session::Abstract::SessionHash.send(:include, Rails32DestroyableSessionPatch)
+    end
+  end
+end

data/lib/cookieless_sessions/version.rb

@@ -1,3 +1,3 @@
 module CookielessSessions
-  VERSION = "1.0.0"
+  VERSION = "1.0.1"
 end

data/spec/dummy/config/environments/development.rb

@@ -1,4 +1,4 @@
-Rails.application.configure do
+Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
   # In the development environment your application's code is reloaded on

data/spec/dummy/config/environments/production.rb

@@ -1,4 +1,4 @@
-Rails.application.configure do
+Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
   # Code is not reloaded between requests.

data/spec/dummy/config/environments/test.rb

@@ -1,4 +1,4 @@
-Rails.application.configure do
+Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
   # The test environment is used exclusively to run your application's

data/spec/dummy/config/initializers/secret_token.rb

@@ -0,0 +1,12 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key is used for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+# You can use `rake secret` to generate a secure secret key.
+
+# Make sure your secret_key_base is kept private
+# if you're sharing your code publicly.
+Dummy::Application.config.secret_key_base = 'd5d118e8498b66b90fbce607ed69a9b8ca70689e8583c9cfd2b7996fa74ac8a39c9dac57098f39be071ed9edbefbdee0a72d4024f40aa5d4d882a6886c1cc5fa'

data/spec/features/cookieless_spec.rb

@@ -17,6 +17,7 @@ describe 'Cookieless', js: true do
       visit root_path # visit first time to get a valid session_id
 
       session_id = extract_session_id_from_headers(page.response_headers)
+      session_id.should be_present
 
       page.should have_content("'#{session_id}'")
 
@@ -29,10 +30,19 @@ describe 'Cookieless', js: true do
 
       page.should have_content("'#{session_id}'")
     end
+
+    it "returns a session_id with reset_session before" do
+      visit reset_root_path
+
+      session_id = extract_session_id_from_headers(page.response_headers)
+      session_id.should be_present
+
+      page.should have_content("'#{session_id}'")
+    end
   end
 
 
-  context "with cookies cookies enabled" do
+  context "with cookies enabled" do
     before(:each) do
       Capybara.current_session.driver.cookies_enabled = true
     end
@@ -45,6 +55,7 @@ describe 'Cookieless', js: true do
       visit root_path # visit first time to get a valid session_id.
 
       session_id = extract_session_id_from_headers(page.response_headers)
+      session_id.should be_present
 
       page.should have_content("'#{session_id}'")
 
@@ -55,6 +66,7 @@ describe 'Cookieless', js: true do
       visit root_path # visit again with fresh session to get a new session_id.
 
       other_session_id = extract_session_id_from_headers(page.response_headers)
+      other_session_id.should be_present
 
       page.should have_content("'#{other_session_id}'")
 

data/spec/support/cookieless_controller.rb

@@ -1,5 +1,6 @@
 Rails.application.routes.draw do
   get "/cookieless" => "cookieless#index", as: :root
+  get "/cookieless/reset" => "cookieless#reset_index", as: :reset_root
   get "/cookieless/redirect" => "cookieless#redirect_to_root", as: :redirect_to_root
 end
 
@@ -16,7 +17,13 @@ class CookielessController < ApplicationController
   def index
     session[:useless] = :content
 
-    render text: "CookielessController#Index\r\nSession-Key: '#{session_key}'\r\nSession-ID: '#{session_id}'\r\n"
+    render text: "CookielessController#Index\r\nSession-Key: '#{session_key}'\r\nSession-ID: '#{session_id}'\r\nRails-Version: '#{Rails.version}'\r\n"
+  end
+
+  def reset_index
+    reset_session
+
+    render text: "CookielessController#Index\r\nSession-Key: '#{session_key}'\r\nSession-ID: '#{session_id}'\r\nRails-Version: '#{Rails.version}'\r\n"
   end
 
   def redirect_to_root

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cookieless_sessions
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Taktsoft
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-28 00:00:00.000000000 Z
+date: 2014-05-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.3'
+        version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.3'
+        version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -80,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: launchy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
 - !ruby/object:Gem::Dependency
   name: poltergeist
   requirement: !ruby/object:Gem::Requirement
@@ -114,7 +128,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 3.2.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
@@ -124,7 +138,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 3.2.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
@@ -166,16 +180,19 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
-- ".ruby-gemset"
-- ".ruby-version"
 - ".travis.yml"
 - Gemfile
+- Gemfile.rails-3.2.x
+- Gemfile.rails-4.0.x
+- Gemfile.rails-4.1.x
+- Gemfile.rails-head
 - Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - cookieless_sessions.gemspec
 - lib/cookieless_sessions.rb
+- lib/cookieless_sessions/rails_32_patch.rb
 - lib/cookieless_sessions/version.rb
 - spec/controllers/cookieless_controller_spec.rb
 - spec/controllers/sub_cookie_controller_from_cookieless_controller_spec.rb
@@ -208,11 +225,11 @@ files:
 - spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
-- spec/dummy/config/secrets.yml
 - spec/dummy/lib/assets/.keep
 - spec/dummy/log/.keep
 - spec/dummy/public/404.html
@@ -279,11 +296,11 @@ test_files:
 - spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
-- spec/dummy/config/secrets.yml
 - spec/dummy/lib/assets/.keep
 - spec/dummy/log/.keep
 - spec/dummy/public/404.html

data/.ruby-gemset

@@ -1 +0,0 @@
-cookieless_sessions

data/.ruby-version

@@ -1 +0,0 @@
-ruby-2.1.1

data/spec/dummy/config/secrets.yml

@@ -1,22 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key is used for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-# You can use `rake secret` to generate a secure secret key.
-
-# Make sure the secrets in this file are kept private
-# if you're sharing your code publicly.
-
-development:
-  secret_key_base: bf4acc52f1b964efe6d6f9cd53b1d0f3bbf6a63d2e5a3f59177c8e8343992e680cdf67cb7593012d92794b03d5ede5a68e70c40d703e3b71410d263d40f24d6c
-
-test:
-  secret_key_base: d5d118e8498b66b90fbce607ed69a9b8ca70689e8583c9cfd2b7996fa74ac8a39c9dac57098f39be071ed9edbefbdee0a72d4024f40aa5d4d882a6886c1cc5fa
-
-# Do not keep production secrets in the repository,
-# instead read values from the environment.
-production:
-  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>