dpop 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/Gemfile.lock +1 -1
- data/README.md +3 -3
- data/lib/dpop/controller.rb +7 -4
- data/lib/dpop/cookie_jar.rb +4 -0
- data/lib/dpop/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 371332e05aa2d5de2c6a34c1b07aabe79031ba15dad9c72c2158db7adea9f6c6
|
4
|
+
data.tar.gz: ce16b2f5cb3098f6267f1ddc51570776d0fcfc1fe7f76f0725903218c5ef10f8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 616641c4395ea412937d65c47c0c8ba70d7daa44fcd9d10063b73396a85440e62a508dd2570f5c80d9361fa53f88addac3427a52d62d07b63b00a5b036cb6024
|
7
|
+
data.tar.gz: 8685d98f0cc63ffb47529bf2bc24d32dbbf2d1dcbabe854538cae01cc3a70dc6964d8e60ef4dea81f581e945e06fab97527e8e950bc5a99fbdafa4d97f6686fb
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -1,9 +1,9 @@
|
|
1
|
+
[](https://badge.fury.io/rb/dpop)
|
2
|
+
|
1
3
|
# Dpop
|
2
4
|
|
3
5
|
Implementation of DPoP ([Demonstrating Proof-of-Possession at the Application Layer](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)) for Ruby and Rails apps.
|
4
6
|
|
5
|
-
Adds a
|
6
|
-
|
7
7
|
## Installation
|
8
8
|
|
9
9
|
Install the gem and add to the application's Gemfile by executing:
|
@@ -35,7 +35,7 @@ end
|
|
35
35
|
```
|
36
36
|
|
37
37
|
|Configurable variable|Description|Default value|
|
38
|
-
|
38
|
+
|---|---|---|
|
39
39
|
|cookie_name|Cookie saved on the browser when using the Rails controller concern|"_proof_keys"|
|
40
40
|
|encryption_key|Secure passphrase used for encrypting cookes with Rails|ENV["DPOP_ENCRYPTION_KEY"]|
|
41
41
|
|generated_key_size|Byte size of generated private keys|1024|
|
data/lib/dpop/controller.rb
CHANGED
@@ -36,15 +36,18 @@ module Dpop
|
|
36
36
|
|
37
37
|
def set_dpop_cookie
|
38
38
|
return unless ensure_dpop_on_actions
|
39
|
-
return if cookie_jar
|
39
|
+
return if cookie_jar.key?(Dpop.config.cookie_name)
|
40
40
|
|
41
|
-
|
42
|
-
|
43
|
-
cookie_jar[Dpop.config.cookie_name] = generated
|
41
|
+
generate_and_set
|
44
42
|
end
|
45
43
|
|
46
44
|
private
|
47
45
|
|
46
|
+
def generate_and_set
|
47
|
+
cookie_jar[Dpop.config.cookie_name] = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
|
48
|
+
cookies[Dpop.config.cookie_name] = { value: cookie_jar.raw(Dpop.config.cookie_name), httponly: true }
|
49
|
+
end
|
50
|
+
|
48
51
|
def cookie_jar
|
49
52
|
Dpop::CookieJar.new(Dpop.config.encryptor, request.cookies)
|
50
53
|
end
|
data/lib/dpop/cookie_jar.rb
CHANGED
data/lib/dpop/version.rb
CHANGED