dpop 0.1.1 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95e1bbc44794f6cd0ea038df90bfc4e277f886324b696e436d9acc42a57ab04c
-  data.tar.gz: d104851c96812f661c29a771ed0adf430a3880a92470c3ff5e3c300e0f46abbd
+  metadata.gz: 6e4c7a675aec8ced0abe5dde4e6bb613f8846ce0e4f2f28c581fbc5585472ed3
+  data.tar.gz: 5231c5e5e770043392d20967c9043d8fdac3df111fb4e2ccf860ba47f6857590
 SHA512:
-  metadata.gz: e48a24c718c2d3104b327e589275dcaa04ccc19f36d471f87e46c652a146e7dd9a38c06407b206927e31f8594e2db22844a4c763a7aea314bd9dd10ecbe3b8b9
-  data.tar.gz: 6765fe2b0f51525c00d856bbe83659d9ceafbc4b52afe88f1fe509674d34c0ad5abe4b732eea36916c15022e384c1eed1f9688758fd60b1c4bb8b532bb8d3b6b
+  metadata.gz: f9ea56e1d066844e4a7875ff56af8862c76c7c7dc49988920b8f1c6bddb53adc0087e4cf1feb9cb51ab6619bd529081474d6f551f155615a9b598ed5c17cbbb1
+  data.tar.gz: 4944beca9f77ab81766a7b1c4bc8a1714db162d552b5a5c75a496a756c450a9ef306ab9f7746858e8115955eff344f72dfbbac77baed1604f9179c71e0dc5dba

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## v0.1.3
+ - Update #get_proof_with_key to support ruby 3.x
+
+## v0.1.2
+ - Set cookie as httponly
+
 ## v0.1.1
  - Bump Rack for CVE-2022-30123
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    dpop (0.1.1)
+    dpop (0.1.3)
       activesupport
       jwt
       openssl

data/README.md

@@ -1,9 +1,9 @@
+[![Gem Version](https://badge.fury.io/rb/dpop.svg)](https://badge.fury.io/rb/dpop)
+
 # Dpop
 
 Implementation of DPoP ([Demonstrating Proof-of-Possession at the Application Layer](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)) for Ruby and Rails apps.
 
-Adds a 
-
 ## Installation
 
 Install the gem and add to the application's Gemfile by executing:
@@ -35,7 +35,7 @@ end
 ```
 
 |Configurable variable|Description|Default value|
-|===|===|===|
+|---|---|---|
 |cookie_name|Cookie saved on the browser when using the Rails controller concern|"_proof_keys"|
 |encryption_key|Secure passphrase used for encrypting cookes with Rails|ENV["DPOP_ENCRYPTION_KEY"]|
 |generated_key_size|Byte size of generated private keys|1024|

data/lib/dpop/controller.rb

@@ -36,15 +36,18 @@ module Dpop
 
     def set_dpop_cookie
       return unless ensure_dpop_on_actions
-      return if cookie_jar[Dpop.config.cookie_name]
+      return if cookie_jar.key?(Dpop.config.cookie_name)
 
-      generated = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
-
-      cookie_jar[Dpop.config.cookie_name] = generated
+      generate_and_set
     end
 
     private
 
+    def generate_and_set
+      cookie_jar[Dpop.config.cookie_name] = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
+      cookies[Dpop.config.cookie_name] = { value: cookie_jar.raw(Dpop.config.cookie_name), httponly: true }
+    end
+
     def cookie_jar
       Dpop::CookieJar.new(Dpop.config.encryptor, request.cookies)
     end

data/lib/dpop/cookie_jar.rb

@@ -15,6 +15,10 @@ module Dpop
       @request_cookies = request_cookies
     end
 
+    def raw(cookie_name)
+      @request_cookies[cookie_name]
+    end
+
     def [](cookie_name)
       try_decrypt(cookie_name)
     end

data/lib/dpop/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dpop
-  VERSION = "0.1.1"
+  VERSION = "0.1.3"
 end

data/lib/dpop.rb

@@ -36,7 +36,7 @@ module Dpop
 
     def get_proof_with_key(dpop_key, **args)
       generator = Dpop::ProofGenerator.new(dpop_key, "RS256")
-      generator.create_dpop_proof(args)
+      generator.create_dpop_proof(**args)
     end
 
     def generate_key_pair(alg = :rsa)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dpop
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.3
 platform: ruby
 authors:
 - WilliamNHarvey
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-08-08 00:00:00.000000000 Z
+date: 2024-06-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler