RubyGems - dpop - Versions diffs - 0.1.1 → 0.1.2 - Mend

dpop 0.1.1 → 0.1.2

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95e1bbc44794f6cd0ea038df90bfc4e277f886324b696e436d9acc42a57ab04c
-  data.tar.gz: d104851c96812f661c29a771ed0adf430a3880a92470c3ff5e3c300e0f46abbd
+  metadata.gz: 371332e05aa2d5de2c6a34c1b07aabe79031ba15dad9c72c2158db7adea9f6c6
+  data.tar.gz: ce16b2f5cb3098f6267f1ddc51570776d0fcfc1fe7f76f0725903218c5ef10f8
 SHA512:
-  metadata.gz: e48a24c718c2d3104b327e589275dcaa04ccc19f36d471f87e46c652a146e7dd9a38c06407b206927e31f8594e2db22844a4c763a7aea314bd9dd10ecbe3b8b9
-  data.tar.gz: 6765fe2b0f51525c00d856bbe83659d9ceafbc4b52afe88f1fe509674d34c0ad5abe4b732eea36916c15022e384c1eed1f9688758fd60b1c4bb8b532bb8d3b6b
+  metadata.gz: 616641c4395ea412937d65c47c0c8ba70d7daa44fcd9d10063b73396a85440e62a508dd2570f5c80d9361fa53f88addac3427a52d62d07b63b00a5b036cb6024
+  data.tar.gz: 8685d98f0cc63ffb47529bf2bc24d32dbbf2d1dcbabe854538cae01cc3a70dc6964d8e60ef4dea81f581e945e06fab97527e8e950bc5a99fbdafa4d97f6686fb

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,6 @@
+## v0.1.2
+ - Set cookie as httponly
 ## v0.1.1
  - Bump Rack for CVE-2022-30123

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    dpop (0.1.1)
+    dpop (0.1.2)
       activesupport
       jwt
       openssl

data/README.md CHANGED Viewed

@@ -1,9 +1,9 @@
+[![Gem Version](https://badge.fury.io/rb/dpop.svg)](https://badge.fury.io/rb/dpop)
 # Dpop
 Implementation of DPoP ([Demonstrating Proof-of-Possession at the Application Layer](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)) for Ruby and Rails apps.
-Adds a
 ## Installation
 Install the gem and add to the application's Gemfile by executing:
@@ -35,7 +35,7 @@ end
 ```
 |Configurable variable|Description|Default value|
-|===|===|===|
+|---|---|---|
 |cookie_name|Cookie saved on the browser when using the Rails controller concern|"_proof_keys"|
 |encryption_key|Secure passphrase used for encrypting cookes with Rails|ENV["DPOP_ENCRYPTION_KEY"]|
 |generated_key_size|Byte size of generated private keys|1024|

data/lib/dpop/controller.rb CHANGED Viewed

@@ -36,15 +36,18 @@ module Dpop
     def set_dpop_cookie
       return unless ensure_dpop_on_actions
-      return if cookie_jar[Dpop.config.cookie_name]
+      return if cookie_jar.key?(Dpop.config.cookie_name)
-      generated = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
-      cookie_jar[Dpop.config.cookie_name] = generated
+      generate_and_set
     end
     private
+    def generate_and_set
+      cookie_jar[Dpop.config.cookie_name] = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
+      cookies[Dpop.config.cookie_name] = { value: cookie_jar.raw(Dpop.config.cookie_name), httponly: true }
+    end
     def cookie_jar
       Dpop::CookieJar.new(Dpop.config.encryptor, request.cookies)
     end

data/lib/dpop/cookie_jar.rb CHANGED Viewed

@@ -15,6 +15,10 @@ module Dpop
       @request_cookies = request_cookies
     end
+    def raw(cookie_name)
+      @request_cookies[cookie_name]
+    end
     def [](cookie_name)
       try_decrypt(cookie_name)
     end

data/lib/dpop/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dpop
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dpop
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - WilliamNHarvey