dpop 0.1.1 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Gemfile.lock +1 -1
- data/README.md +3 -3
- data/lib/dpop/controller.rb +7 -4
- data/lib/dpop/cookie_jar.rb +4 -0
- data/lib/dpop/version.rb +1 -1
- data/lib/dpop.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6e4c7a675aec8ced0abe5dde4e6bb613f8846ce0e4f2f28c581fbc5585472ed3
|
4
|
+
data.tar.gz: 5231c5e5e770043392d20967c9043d8fdac3df111fb4e2ccf860ba47f6857590
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f9ea56e1d066844e4a7875ff56af8862c76c7c7dc49988920b8f1c6bddb53adc0087e4cf1feb9cb51ab6619bd529081474d6f551f155615a9b598ed5c17cbbb1
|
7
|
+
data.tar.gz: 4944beca9f77ab81766a7b1c4bc8a1714db162d552b5a5c75a496a756c450a9ef306ab9f7746858e8115955eff344f72dfbbac77baed1604f9179c71e0dc5dba
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -1,9 +1,9 @@
|
|
1
|
+
[![Gem Version](https://badge.fury.io/rb/dpop.svg)](https://badge.fury.io/rb/dpop)
|
2
|
+
|
1
3
|
# Dpop
|
2
4
|
|
3
5
|
Implementation of DPoP ([Demonstrating Proof-of-Possession at the Application Layer](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)) for Ruby and Rails apps.
|
4
6
|
|
5
|
-
Adds a
|
6
|
-
|
7
7
|
## Installation
|
8
8
|
|
9
9
|
Install the gem and add to the application's Gemfile by executing:
|
@@ -35,7 +35,7 @@ end
|
|
35
35
|
```
|
36
36
|
|
37
37
|
|Configurable variable|Description|Default value|
|
38
|
-
|
38
|
+
|---|---|---|
|
39
39
|
|cookie_name|Cookie saved on the browser when using the Rails controller concern|"_proof_keys"|
|
40
40
|
|encryption_key|Secure passphrase used for encrypting cookes with Rails|ENV["DPOP_ENCRYPTION_KEY"]|
|
41
41
|
|generated_key_size|Byte size of generated private keys|1024|
|
data/lib/dpop/controller.rb
CHANGED
@@ -36,15 +36,18 @@ module Dpop
|
|
36
36
|
|
37
37
|
def set_dpop_cookie
|
38
38
|
return unless ensure_dpop_on_actions
|
39
|
-
return if cookie_jar
|
39
|
+
return if cookie_jar.key?(Dpop.config.cookie_name)
|
40
40
|
|
41
|
-
|
42
|
-
|
43
|
-
cookie_jar[Dpop.config.cookie_name] = generated
|
41
|
+
generate_and_set
|
44
42
|
end
|
45
43
|
|
46
44
|
private
|
47
45
|
|
46
|
+
def generate_and_set
|
47
|
+
cookie_jar[Dpop.config.cookie_name] = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
|
48
|
+
cookies[Dpop.config.cookie_name] = { value: cookie_jar.raw(Dpop.config.cookie_name), httponly: true }
|
49
|
+
end
|
50
|
+
|
48
51
|
def cookie_jar
|
49
52
|
Dpop::CookieJar.new(Dpop.config.encryptor, request.cookies)
|
50
53
|
end
|
data/lib/dpop/cookie_jar.rb
CHANGED
data/lib/dpop/version.rb
CHANGED
data/lib/dpop.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dpop
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WilliamNHarvey
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-06-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|