RubyGems - dpop - Versions diffs - 0.1.1 → 0.1.2 - Mend

dpop 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95e1bbc44794f6cd0ea038df90bfc4e277f886324b696e436d9acc42a57ab04c
-  data.tar.gz: d104851c96812f661c29a771ed0adf430a3880a92470c3ff5e3c300e0f46abbd
+  metadata.gz: 371332e05aa2d5de2c6a34c1b07aabe79031ba15dad9c72c2158db7adea9f6c6
+  data.tar.gz: ce16b2f5cb3098f6267f1ddc51570776d0fcfc1fe7f76f0725903218c5ef10f8
 SHA512:
-  metadata.gz: e48a24c718c2d3104b327e589275dcaa04ccc19f36d471f87e46c652a146e7dd9a38c06407b206927e31f8594e2db22844a4c763a7aea314bd9dd10ecbe3b8b9
-  data.tar.gz: 6765fe2b0f51525c00d856bbe83659d9ceafbc4b52afe88f1fe509674d34c0ad5abe4b732eea36916c15022e384c1eed1f9688758fd60b1c4bb8b532bb8d3b6b
+  metadata.gz: 616641c4395ea412937d65c47c0c8ba70d7daa44fcd9d10063b73396a85440e62a508dd2570f5c80d9361fa53f88addac3427a52d62d07b63b00a5b036cb6024
+  data.tar.gz: 8685d98f0cc63ffb47529bf2bc24d32dbbf2d1dcbabe854538cae01cc3a70dc6964d8e60ef4dea81f581e945e06fab97527e8e950bc5a99fbdafa4d97f6686fb

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,6 @@
+## v0.1.2
+ - Set cookie as httponly
 ## v0.1.1
  - Bump Rack for CVE-2022-30123

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    dpop (0.1.1)
+    dpop (0.1.2)
       activesupport
       jwt
       openssl

data/README.md CHANGED Viewed

@@ -1,9 +1,9 @@
+[![Gem Version](https://badge.fury.io/rb/dpop.svg)](https://badge.fury.io/rb/dpop)
 # Dpop
 Implementation of DPoP ([Demonstrating Proof-of-Possession at the Application Layer](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)) for Ruby and Rails apps.
-Adds a
 ## Installation
 Install the gem and add to the application's Gemfile by executing:
@@ -35,7 +35,7 @@ end
 ```
 |Configurable variable|Description|Default value|
-|===|===|===|
+|---|---|---|
 |cookie_name|Cookie saved on the browser when using the Rails controller concern|"_proof_keys"|
 |encryption_key|Secure passphrase used for encrypting cookes with Rails|ENV["DPOP_ENCRYPTION_KEY"]|
 |generated_key_size|Byte size of generated private keys|1024|

data/lib/dpop/controller.rb CHANGED Viewed

@@ -36,15 +36,18 @@ module Dpop
     def set_dpop_cookie
       return unless ensure_dpop_on_actions
-      return if cookie_jar[Dpop.config.cookie_name]
+      return if cookie_jar.key?(Dpop.config.cookie_name)
-      generated = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
-      cookie_jar[Dpop.config.cookie_name] = generated
+      generate_and_set
     end
     private
+    def generate_and_set
+      cookie_jar[Dpop.config.cookie_name] = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
+      cookies[Dpop.config.cookie_name] = { value: cookie_jar.raw(Dpop.config.cookie_name), httponly: true }
+    end
     def cookie_jar
       Dpop::CookieJar.new(Dpop.config.encryptor, request.cookies)
     end

data/lib/dpop/cookie_jar.rb CHANGED Viewed

@@ -15,6 +15,10 @@ module Dpop
       @request_cookies = request_cookies
     end
+    def raw(cookie_name)
+      @request_cookies[cookie_name]
+    end
     def [](cookie_name)
       try_decrypt(cookie_name)
     end

data/lib/dpop/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dpop
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dpop
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - WilliamNHarvey