cookieless_sessions 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +4 -7
- data/.travis.yml +16 -4
- data/Gemfile.rails-3.2.x +6 -0
- data/Gemfile.rails-4.0.x +6 -0
- data/Gemfile.rails-4.1.x +6 -0
- data/Gemfile.rails-head +6 -0
- data/README.md +9 -0
- data/cookieless_sessions.gemspec +4 -3
- data/lib/cookieless_sessions.rb +1 -0
- data/lib/cookieless_sessions/rails_32_patch.rb +18 -0
- data/lib/cookieless_sessions/version.rb +1 -1
- data/spec/dummy/config/environments/development.rb +1 -1
- data/spec/dummy/config/environments/production.rb +1 -1
- data/spec/dummy/config/environments/test.rb +1 -1
- data/spec/dummy/config/initializers/secret_token.rb +12 -0
- data/spec/features/cookieless_spec.rb +13 -1
- data/spec/support/cookieless_controller.rb +8 -1
- metadata +29 -12
- data/.ruby-gemset +0 -1
- data/.ruby-version +0 -1
- data/spec/dummy/config/secrets.yml +0 -22
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9be96a253a2a981bc0a4e8a251958f0b3a566187
|
|
4
|
+
data.tar.gz: fe0c0bd04483b7bef37ba52dd36a1be6bb01a5c6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 33b9090e3083f82fa21ef0917be80c3a375360a908b972d8ba0170b642721a363fc8afd53d0c1eab356104eb6a77a0907777c5097b2f6e362654ce4c62de4d9f
|
|
7
|
+
data.tar.gz: 649e6a656a8392a97f9822dee205c64b088f208aa6e3757663378f10066171c1c9978dc786ce9591cfce99a3786f7026e64fe6f799c406b1f615f2e668da0a38
|
data/.gitignore
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
.bundle
|
|
4
4
|
.config
|
|
5
5
|
.yardoc
|
|
6
|
-
Gemfile
|
|
6
|
+
Gemfile*.lock
|
|
7
7
|
InstalledFiles
|
|
8
8
|
_yardoc
|
|
9
9
|
coverage
|
|
@@ -15,11 +15,8 @@ spec/reports
|
|
|
15
15
|
test/tmp
|
|
16
16
|
test/version_tmp
|
|
17
17
|
tmp
|
|
18
|
-
*.bundle
|
|
19
|
-
*.so
|
|
20
|
-
*.o
|
|
21
|
-
*.a
|
|
22
|
-
mkmf.log
|
|
23
18
|
|
|
19
|
+
spec/dummy/db
|
|
24
20
|
spec/dummy/log
|
|
25
|
-
|
|
21
|
+
.ruby-gemset
|
|
22
|
+
.ruby-version
|
data/.travis.yml
CHANGED
|
@@ -1,6 +1,18 @@
|
|
|
1
1
|
language: ruby
|
|
2
2
|
rvm:
|
|
3
|
-
- 1.9.3
|
|
4
|
-
- 2.0.0
|
|
5
|
-
- 2.1.0
|
|
6
|
-
- 2.1.1
|
|
3
|
+
- '1.9.3'
|
|
4
|
+
- '2.0.0'
|
|
5
|
+
- '2.1.0'
|
|
6
|
+
- '2.1.1'
|
|
7
|
+
- ruby-head
|
|
8
|
+
services:
|
|
9
|
+
- redis-server
|
|
10
|
+
gemfile:
|
|
11
|
+
- Gemfile.rails-3.2.x
|
|
12
|
+
- Gemfile.rails-4.0.x
|
|
13
|
+
- Gemfile.rails-4.1.x
|
|
14
|
+
- Gemfile.rails-head
|
|
15
|
+
matrix:
|
|
16
|
+
allow_failures:
|
|
17
|
+
- rvm: ruby-head
|
|
18
|
+
- gemfile: Gemfile.rails-head
|
data/Gemfile.rails-3.2.x
ADDED
data/Gemfile.rails-4.0.x
ADDED
data/Gemfile.rails-4.1.x
ADDED
data/Gemfile.rails-head
ADDED
data/README.md
CHANGED
|
@@ -87,8 +87,17 @@ There is one security impact: If you copy & paste a URL with your Sessions-ID to
|
|
|
87
87
|
|
|
88
88
|
Two countermeasure could be to bind sessions to the client's IP-Address and add a session lifetime. For both you can use the [frikandel](https://rubygems.org/gems/frikandel) gem. This should make it harder to steal and fix sessions.
|
|
89
89
|
|
|
90
|
+
## Test
|
|
91
|
+
|
|
92
|
+
To run the test suite with different rails version by selecting the corresponding gemfile. You can use this one liners:
|
|
93
|
+
|
|
94
|
+
$ export BUNDLE_GEMFILE=Gemfile.rails-3.2.x && bundle update && bundle exec rake spec
|
|
95
|
+
$ export BUNDLE_GEMFILE=Gemfile.rails-4.0.x && bundle update && bundle exec rake spec
|
|
96
|
+
$ export BUNDLE_GEMFILE=Gemfile.rails-4.1.x && bundle update && bundle exec rake spec
|
|
97
|
+
|
|
90
98
|
## Changes
|
|
91
99
|
|
|
100
|
+
* v1.0.1 -- added Rails32DestroyableSessionPatch: sets SID in options on destroy
|
|
92
101
|
* v1.0.0 -- first release with complete README; no code changes
|
|
93
102
|
* v0.0.2 -- improved and more flexible version with tests
|
|
94
103
|
* v0.0.1 -- initial and work-in-progress version without any tests
|
data/cookieless_sessions.gemspec
CHANGED
|
@@ -18,14 +18,15 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
19
19
|
spec.require_paths = ["lib"]
|
|
20
20
|
|
|
21
|
-
spec.add_development_dependency "bundler", "~> 1.
|
|
22
|
-
spec.add_development_dependency "rake", "~> 10.
|
|
21
|
+
spec.add_development_dependency "bundler", "~> 1.5"
|
|
22
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
|
23
23
|
spec.add_development_dependency "rspec-rails", "~> 2.14"
|
|
24
24
|
spec.add_development_dependency "guard-rspec", "~> 4.2"
|
|
25
25
|
spec.add_development_dependency "capybara", "~> 2.2"
|
|
26
|
+
spec.add_development_dependency "launchy", "~> 2.4"
|
|
26
27
|
spec.add_development_dependency "poltergeist", "~> 1.5"
|
|
27
28
|
spec.add_development_dependency "pry", "~> 0.9"
|
|
28
|
-
spec.add_development_dependency "rails", [">= 3.
|
|
29
|
+
spec.add_development_dependency "rails", [">= 3.2.0", "< 5.0"]
|
|
29
30
|
spec.add_development_dependency "sqlite3", "~> 1.3"
|
|
30
31
|
spec.add_development_dependency "redis-session-store", "~> 0.7"
|
|
31
32
|
end
|
data/lib/cookieless_sessions.rb
CHANGED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
module CookielessSessions
|
|
2
|
+
module Rails32DestroyableSessionPatch
|
|
3
|
+
def destroy
|
|
4
|
+
clear
|
|
5
|
+
options = @env[Rack::Session::Abstract::ENV_SESSION_OPTIONS_KEY] if @env
|
|
6
|
+
options ||= {}
|
|
7
|
+
options[:id] = @by.send(:destroy_session, @env, options[:id], options) if @by
|
|
8
|
+
@loaded = false
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
if Rails::VERSION::MAJOR == 3 && Rails::VERSION::MINOR == 2
|
|
14
|
+
ActiveSupport.on_load(:action_controller) do
|
|
15
|
+
::Rack::Session::Abstract::SessionHash.send(:include, Rails32DestroyableSessionPatch)
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
|
2
|
+
|
|
3
|
+
# Your secret key is used for verifying the integrity of signed cookies.
|
|
4
|
+
# If you change this key, all old signed cookies will become invalid!
|
|
5
|
+
|
|
6
|
+
# Make sure the secret is at least 30 characters and all random,
|
|
7
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
|
8
|
+
# You can use `rake secret` to generate a secure secret key.
|
|
9
|
+
|
|
10
|
+
# Make sure your secret_key_base is kept private
|
|
11
|
+
# if you're sharing your code publicly.
|
|
12
|
+
Dummy::Application.config.secret_key_base = 'd5d118e8498b66b90fbce607ed69a9b8ca70689e8583c9cfd2b7996fa74ac8a39c9dac57098f39be071ed9edbefbdee0a72d4024f40aa5d4d882a6886c1cc5fa'
|
|
@@ -17,6 +17,7 @@ describe 'Cookieless', js: true do
|
|
|
17
17
|
visit root_path # visit first time to get a valid session_id
|
|
18
18
|
|
|
19
19
|
session_id = extract_session_id_from_headers(page.response_headers)
|
|
20
|
+
session_id.should be_present
|
|
20
21
|
|
|
21
22
|
page.should have_content("'#{session_id}'")
|
|
22
23
|
|
|
@@ -29,10 +30,19 @@ describe 'Cookieless', js: true do
|
|
|
29
30
|
|
|
30
31
|
page.should have_content("'#{session_id}'")
|
|
31
32
|
end
|
|
33
|
+
|
|
34
|
+
it "returns a session_id with reset_session before" do
|
|
35
|
+
visit reset_root_path
|
|
36
|
+
|
|
37
|
+
session_id = extract_session_id_from_headers(page.response_headers)
|
|
38
|
+
session_id.should be_present
|
|
39
|
+
|
|
40
|
+
page.should have_content("'#{session_id}'")
|
|
41
|
+
end
|
|
32
42
|
end
|
|
33
43
|
|
|
34
44
|
|
|
35
|
-
context "with cookies
|
|
45
|
+
context "with cookies enabled" do
|
|
36
46
|
before(:each) do
|
|
37
47
|
Capybara.current_session.driver.cookies_enabled = true
|
|
38
48
|
end
|
|
@@ -45,6 +55,7 @@ describe 'Cookieless', js: true do
|
|
|
45
55
|
visit root_path # visit first time to get a valid session_id.
|
|
46
56
|
|
|
47
57
|
session_id = extract_session_id_from_headers(page.response_headers)
|
|
58
|
+
session_id.should be_present
|
|
48
59
|
|
|
49
60
|
page.should have_content("'#{session_id}'")
|
|
50
61
|
|
|
@@ -55,6 +66,7 @@ describe 'Cookieless', js: true do
|
|
|
55
66
|
visit root_path # visit again with fresh session to get a new session_id.
|
|
56
67
|
|
|
57
68
|
other_session_id = extract_session_id_from_headers(page.response_headers)
|
|
69
|
+
other_session_id.should be_present
|
|
58
70
|
|
|
59
71
|
page.should have_content("'#{other_session_id}'")
|
|
60
72
|
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
Rails.application.routes.draw do
|
|
2
2
|
get "/cookieless" => "cookieless#index", as: :root
|
|
3
|
+
get "/cookieless/reset" => "cookieless#reset_index", as: :reset_root
|
|
3
4
|
get "/cookieless/redirect" => "cookieless#redirect_to_root", as: :redirect_to_root
|
|
4
5
|
end
|
|
5
6
|
|
|
@@ -16,7 +17,13 @@ class CookielessController < ApplicationController
|
|
|
16
17
|
def index
|
|
17
18
|
session[:useless] = :content
|
|
18
19
|
|
|
19
|
-
render text: "CookielessController#Index\r\nSession-Key: '#{session_key}'\r\nSession-ID: '#{session_id}'\r\n"
|
|
20
|
+
render text: "CookielessController#Index\r\nSession-Key: '#{session_key}'\r\nSession-ID: '#{session_id}'\r\nRails-Version: '#{Rails.version}'\r\n"
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def reset_index
|
|
24
|
+
reset_session
|
|
25
|
+
|
|
26
|
+
render text: "CookielessController#Index\r\nSession-Key: '#{session_key}'\r\nSession-ID: '#{session_id}'\r\nRails-Version: '#{Rails.version}'\r\n"
|
|
20
27
|
end
|
|
21
28
|
|
|
22
29
|
def redirect_to_root
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cookieless_sessions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Taktsoft
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-05-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '1.
|
|
19
|
+
version: '1.5'
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '1.
|
|
26
|
+
version: '1.5'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '10.
|
|
33
|
+
version: '10.0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '10.
|
|
40
|
+
version: '10.0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rspec-rails
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -80,6 +80,20 @@ dependencies:
|
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '2.2'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: launchy
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - "~>"
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '2.4'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - "~>"
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '2.4'
|
|
83
97
|
- !ruby/object:Gem::Dependency
|
|
84
98
|
name: poltergeist
|
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,7 +128,7 @@ dependencies:
|
|
|
114
128
|
requirements:
|
|
115
129
|
- - ">="
|
|
116
130
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 3.
|
|
131
|
+
version: 3.2.0
|
|
118
132
|
- - "<"
|
|
119
133
|
- !ruby/object:Gem::Version
|
|
120
134
|
version: '5.0'
|
|
@@ -124,7 +138,7 @@ dependencies:
|
|
|
124
138
|
requirements:
|
|
125
139
|
- - ">="
|
|
126
140
|
- !ruby/object:Gem::Version
|
|
127
|
-
version: 3.
|
|
141
|
+
version: 3.2.0
|
|
128
142
|
- - "<"
|
|
129
143
|
- !ruby/object:Gem::Version
|
|
130
144
|
version: '5.0'
|
|
@@ -166,16 +180,19 @@ extra_rdoc_files: []
|
|
|
166
180
|
files:
|
|
167
181
|
- ".gitignore"
|
|
168
182
|
- ".rspec"
|
|
169
|
-
- ".ruby-gemset"
|
|
170
|
-
- ".ruby-version"
|
|
171
183
|
- ".travis.yml"
|
|
172
184
|
- Gemfile
|
|
185
|
+
- Gemfile.rails-3.2.x
|
|
186
|
+
- Gemfile.rails-4.0.x
|
|
187
|
+
- Gemfile.rails-4.1.x
|
|
188
|
+
- Gemfile.rails-head
|
|
173
189
|
- Guardfile
|
|
174
190
|
- LICENSE.txt
|
|
175
191
|
- README.md
|
|
176
192
|
- Rakefile
|
|
177
193
|
- cookieless_sessions.gemspec
|
|
178
194
|
- lib/cookieless_sessions.rb
|
|
195
|
+
- lib/cookieless_sessions/rails_32_patch.rb
|
|
179
196
|
- lib/cookieless_sessions/version.rb
|
|
180
197
|
- spec/controllers/cookieless_controller_spec.rb
|
|
181
198
|
- spec/controllers/sub_cookie_controller_from_cookieless_controller_spec.rb
|
|
@@ -208,11 +225,11 @@ files:
|
|
|
208
225
|
- spec/dummy/config/initializers/filter_parameter_logging.rb
|
|
209
226
|
- spec/dummy/config/initializers/inflections.rb
|
|
210
227
|
- spec/dummy/config/initializers/mime_types.rb
|
|
228
|
+
- spec/dummy/config/initializers/secret_token.rb
|
|
211
229
|
- spec/dummy/config/initializers/session_store.rb
|
|
212
230
|
- spec/dummy/config/initializers/wrap_parameters.rb
|
|
213
231
|
- spec/dummy/config/locales/en.yml
|
|
214
232
|
- spec/dummy/config/routes.rb
|
|
215
|
-
- spec/dummy/config/secrets.yml
|
|
216
233
|
- spec/dummy/lib/assets/.keep
|
|
217
234
|
- spec/dummy/log/.keep
|
|
218
235
|
- spec/dummy/public/404.html
|
|
@@ -279,11 +296,11 @@ test_files:
|
|
|
279
296
|
- spec/dummy/config/initializers/filter_parameter_logging.rb
|
|
280
297
|
- spec/dummy/config/initializers/inflections.rb
|
|
281
298
|
- spec/dummy/config/initializers/mime_types.rb
|
|
299
|
+
- spec/dummy/config/initializers/secret_token.rb
|
|
282
300
|
- spec/dummy/config/initializers/session_store.rb
|
|
283
301
|
- spec/dummy/config/initializers/wrap_parameters.rb
|
|
284
302
|
- spec/dummy/config/locales/en.yml
|
|
285
303
|
- spec/dummy/config/routes.rb
|
|
286
|
-
- spec/dummy/config/secrets.yml
|
|
287
304
|
- spec/dummy/lib/assets/.keep
|
|
288
305
|
- spec/dummy/log/.keep
|
|
289
306
|
- spec/dummy/public/404.html
|
data/.ruby-gemset
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
cookieless_sessions
|
data/.ruby-version
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
ruby-2.1.1
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
# Be sure to restart your server when you modify this file.
|
|
2
|
-
|
|
3
|
-
# Your secret key is used for verifying the integrity of signed cookies.
|
|
4
|
-
# If you change this key, all old signed cookies will become invalid!
|
|
5
|
-
|
|
6
|
-
# Make sure the secret is at least 30 characters and all random,
|
|
7
|
-
# no regular words or you'll be exposed to dictionary attacks.
|
|
8
|
-
# You can use `rake secret` to generate a secure secret key.
|
|
9
|
-
|
|
10
|
-
# Make sure the secrets in this file are kept private
|
|
11
|
-
# if you're sharing your code publicly.
|
|
12
|
-
|
|
13
|
-
development:
|
|
14
|
-
secret_key_base: bf4acc52f1b964efe6d6f9cd53b1d0f3bbf6a63d2e5a3f59177c8e8343992e680cdf67cb7593012d92794b03d5ede5a68e70c40d703e3b71410d263d40f24d6c
|
|
15
|
-
|
|
16
|
-
test:
|
|
17
|
-
secret_key_base: d5d118e8498b66b90fbce607ed69a9b8ca70689e8583c9cfd2b7996fa74ac8a39c9dac57098f39be071ed9edbefbdee0a72d4024f40aa5d4d882a6886c1cc5fa
|
|
18
|
-
|
|
19
|
-
# Do not keep production secrets in the repository,
|
|
20
|
-
# instead read values from the environment.
|
|
21
|
-
production:
|
|
22
|
-
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
|