dpop 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 95e1bbc44794f6cd0ea038df90bfc4e277f886324b696e436d9acc42a57ab04c
4
- data.tar.gz: d104851c96812f661c29a771ed0adf430a3880a92470c3ff5e3c300e0f46abbd
3
+ metadata.gz: 371332e05aa2d5de2c6a34c1b07aabe79031ba15dad9c72c2158db7adea9f6c6
4
+ data.tar.gz: ce16b2f5cb3098f6267f1ddc51570776d0fcfc1fe7f76f0725903218c5ef10f8
5
5
  SHA512:
6
- metadata.gz: e48a24c718c2d3104b327e589275dcaa04ccc19f36d471f87e46c652a146e7dd9a38c06407b206927e31f8594e2db22844a4c763a7aea314bd9dd10ecbe3b8b9
7
- data.tar.gz: 6765fe2b0f51525c00d856bbe83659d9ceafbc4b52afe88f1fe509674d34c0ad5abe4b732eea36916c15022e384c1eed1f9688758fd60b1c4bb8b532bb8d3b6b
6
+ metadata.gz: 616641c4395ea412937d65c47c0c8ba70d7daa44fcd9d10063b73396a85440e62a508dd2570f5c80d9361fa53f88addac3427a52d62d07b63b00a5b036cb6024
7
+ data.tar.gz: 8685d98f0cc63ffb47529bf2bc24d32dbbf2d1dcbabe854538cae01cc3a70dc6964d8e60ef4dea81f581e945e06fab97527e8e950bc5a99fbdafa4d97f6686fb
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## v0.1.2
2
+ - Set cookie as httponly
3
+
1
4
  ## v0.1.1
2
5
  - Bump Rack for CVE-2022-30123
3
6
 
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- dpop (0.1.1)
4
+ dpop (0.1.2)
5
5
  activesupport
6
6
  jwt
7
7
  openssl
data/README.md CHANGED
@@ -1,9 +1,9 @@
1
+ [![Gem Version](https://badge.fury.io/rb/dpop.svg)](https://badge.fury.io/rb/dpop)
2
+
1
3
  # Dpop
2
4
 
3
5
  Implementation of DPoP ([Demonstrating Proof-of-Possession at the Application Layer](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)) for Ruby and Rails apps.
4
6
 
5
- Adds a
6
-
7
7
  ## Installation
8
8
 
9
9
  Install the gem and add to the application's Gemfile by executing:
@@ -35,7 +35,7 @@ end
35
35
  ```
36
36
 
37
37
  |Configurable variable|Description|Default value|
38
- |===|===|===|
38
+ |---|---|---|
39
39
  |cookie_name|Cookie saved on the browser when using the Rails controller concern|"_proof_keys"|
40
40
  |encryption_key|Secure passphrase used for encrypting cookes with Rails|ENV["DPOP_ENCRYPTION_KEY"]|
41
41
  |generated_key_size|Byte size of generated private keys|1024|
@@ -36,15 +36,18 @@ module Dpop
36
36
 
37
37
  def set_dpop_cookie
38
38
  return unless ensure_dpop_on_actions
39
- return if cookie_jar[Dpop.config.cookie_name]
39
+ return if cookie_jar.key?(Dpop.config.cookie_name)
40
40
 
41
- generated = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
42
-
43
- cookie_jar[Dpop.config.cookie_name] = generated
41
+ generate_and_set
44
42
  end
45
43
 
46
44
  private
47
45
 
46
+ def generate_and_set
47
+ cookie_jar[Dpop.config.cookie_name] = Dpop::KeyGenerator.generate(Dpop.config.key_alg)
48
+ cookies[Dpop.config.cookie_name] = { value: cookie_jar.raw(Dpop.config.cookie_name), httponly: true }
49
+ end
50
+
48
51
  def cookie_jar
49
52
  Dpop::CookieJar.new(Dpop.config.encryptor, request.cookies)
50
53
  end
@@ -15,6 +15,10 @@ module Dpop
15
15
  @request_cookies = request_cookies
16
16
  end
17
17
 
18
+ def raw(cookie_name)
19
+ @request_cookies[cookie_name]
20
+ end
21
+
18
22
  def [](cookie_name)
19
23
  try_decrypt(cookie_name)
20
24
  end
data/lib/dpop/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dpop
4
- VERSION = "0.1.1"
4
+ VERSION = "0.1.2"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dpop
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - WilliamNHarvey