RubyGems - encrypted_cookie - Versions diffs - 0.0.2 → 0.0.3 - Mend

encrypted_cookie 0.0.2 → 0.0.3

Files changed (11) hide show

data.tar.gz.sig +3 -2
data/Manifest +1 -1
data/README.markdown +35 -0
data/Rakefile +1 -1
data/encrypted_cookie.gemspec +3 -3
data/lib/encrypted_cookie.rb +38 -6
data/pkg/encrypted_cookie-0.0.2.gem +0 -0
data/spec/encrypted_cookie_spec.rb +10 -1
metadata +5 -5
metadata.gz.sig +1 -1
data/test/demo.rb +0 -15

data.tar.gz.sig CHANGED Viewed

@@ -1,2 +1,3 @@
-o�9
-�]v+����6�����`]�-c�6��o�"�}$�!�?1j/KC���*U٫����y�7�7r�T>)c=@+�+d�s�h�
+~��4r=�<'��t�;=�p*��=���
+>�T(R�����z�
+�@��ϱ�w����)2~�<�Z�x<���+\��S~I���k}|"���c�"��@v�40�������D4�Ƭ9k���*�����(��$���B�ֻ4�����{�ߺ#�ͦ]�4�T^h����D4�Y�0����

data/Manifest CHANGED Viewed

@@ -3,5 +3,5 @@ README.markdown
 Rakefile
 encrypted_cookie.gemspec
 lib/encrypted_cookie.rb
+pkg/encrypted_cookie-0.0.2.gem
 spec/encrypted_cookie_spec.rb
-test/demo.rb

data/README.markdown CHANGED Viewed

@@ -0,0 +1,35 @@
+## Encrypted session cookies for Rack (and therefore Sinatra)
+The `encrypted_cookie` gem provides 128-bit-AES-encrypted, tamper-proof cookies
+for Rack through the class `Rack::Session::EncryptedCookie`.
+## How to use encrypted\_cookie
+    $ gem install encrypted_cookie
+Sinatra example:
+    require 'sinatra'
+    require 'encrypted_cookie'
+    use Rack::Session::EncryptedCookie,
+      :secret => TYPE_YOUR_LONG_RANDOM_STRING_HERE*
+    get '/' do
+      session[:foo] = 'bar'
+      "session: " + session.inspect
+    end
+_*_ Your `:secret` must be at least 16 bytes long and should be really random.
+## Encryption and integrity protection
+The cookie encryption method is 128-bit AES (with salt). Additionally, the
+cookies are integrity protected with Rack's built-in HMAC support, which means
+that if a user tampers with their cookie in any way, their session will
+immediately be reset to `{}` (empty hash).
+## Generating a good secret
+    require 'openssl'
+    puts OpenSSL::Random.random_bytes(16).inspect

data/Rakefile CHANGED Viewed

@@ -2,7 +2,7 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
-Echoe.new('encrypted_cookie', '0.0.2') do |p|
+Echoe.new('encrypted_cookie', '0.0.3') do |p|
   p.description    = "Encrypted session cookies for Rack"
   p.url            = "http://github.com/cvonkleist/encrypted_cookie"
   p.author         = "Christian von Kleist"

data/encrypted_cookie.gemspec CHANGED Viewed

@@ -2,16 +2,16 @@
 Gem::Specification.new do |s|
   s.name = %q{encrypted_cookie}
-  s.version = "0.0.2"
+  s.version = "0.0.3"
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Christian von Kleist"]
   s.cert_chain = ["/home/cvk/.gemcert/gem-public_cert.pem"]
-  s.date = %q{2011-03-02}
+  s.date = %q{2011-03-03}
   s.description = %q{Encrypted session cookies for Rack}
   s.email = %q{cvonkleist at-a-place-called gmail.com}
   s.extra_rdoc_files = ["README.markdown", "lib/encrypted_cookie.rb"]
-  s.files = ["Manifest", "README.markdown", "Rakefile", "encrypted_cookie.gemspec", "lib/encrypted_cookie.rb", "spec/encrypted_cookie_spec.rb", "test/demo.rb"]
+  s.files = ["Manifest", "README.markdown", "Rakefile", "encrypted_cookie.gemspec", "lib/encrypted_cookie.rb", "pkg/encrypted_cookie-0.0.2.gem", "spec/encrypted_cookie_spec.rb"]
   s.homepage = %q{http://github.com/cvonkleist/encrypted_cookie}
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Encrypted_cookie", "--main", "README.markdown"]
   s.require_paths = ["lib"]

data/lib/encrypted_cookie.rb CHANGED Viewed

@@ -1,9 +1,29 @@
 require 'openssl'
-require 'rack/session/cookie'
+require 'rack/request'
+require 'rack/response'
 module Rack
   module Session
-    class EncryptedCookie < Cookie
+    # Rack::Session::EncryptedCookie provides AES-128-encrypted, tamper-proof
+    # cookie-based session management.
+    #
+    # The session is Marshal'd, HMAC'd, and encrypted.
+    #
+    # Example:
+    #
+    #     use Rack::Session::EncryptedCookie,
+    #       :secret => 'change_me',
+    #       :key => 'rack.session',
+    #       :domain => 'foo.com',
+    #       :path => '/',
+    #       :expire_after => 2592000
+    #
+    #     All parameters are optional except :secret.
+    class EncryptedCookie
       def initialize(app, options={})
         @app = app
         @key = options[:key] || "rack.session"
@@ -14,14 +34,24 @@ module Rack
           :expire_after => nil}.merge(options)
       end
+      def call(env)
+        load_session(env)
+        status, headers, body = @app.call(env)
+        commit_session(env, status, headers, body)
+      end
+      private
       def load_session(env)
         request = Rack::Request.new(env)
         session_data = request.cookies[@key]
         if session_data
-          session_data = decrypt(session_data)
-          session_data, digest = session_data.split("--")
-          session_data = nil  unless digest == generate_hmac(session_data)
+          #begin
+            session_data = decrypt(session_data)
+            session_data, digest = session_data.split("--")
+            session_data = nil  unless digest == generate_hmac(session_data)
+          #rescue OpenSSL::Cipher::Cipher
         end
         begin
@@ -56,7 +86,9 @@ module Rack
         [status, headers, body]
       end
-      private
+      def generate_hmac(data)
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, @secret, data)
+      end
       def encrypt(str)
         aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').encrypt

data/pkg/encrypted_cookie-0.0.2.gem ADDED Viewed

Binary file

data/spec/encrypted_cookie_spec.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 require 'rack/test'
 require 'sinatra'
 require 'rspec'
-require 'ruby-debug'
 require 'cgi'
 require File.dirname(__FILE__) + '/../lib/encrypted_cookie'
@@ -81,6 +80,16 @@ describe EncryptedApp do
     lambda { plaintext = (aes.update(crypted_text) << aes.final) }.should raise_error("bad decrypt")
   end
+  it "should reset the session if someone messes with the crypted data" do
+    get '/set/foo/bar'
+    last_response.body.should == 'all set'
+    get '/'
+    last_response.body.should == 'session: {"foo"=>"bar"}'
+    rack_mock_session.cookie_jar.instance_variable_get(:@cookies).first.instance_variable_set(:@name_and_value, 'rack.session=lkjsdlfkjsd')
+    get '/'
+    last_response.body.should == 'session: {}'
+  end
 end
 describe UnencryptedApp do

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: encrypted_cookie
 version: !ruby/object:Gem::Version
-  hash: 27
+  hash: 25
   prerelease: false
   segments:
   - 0
   - 0
-  - 2
-  version: 0.0.2
+  - 3
+  version: 0.0.3
 platform: ruby
 authors:
 - Christian von Kleist
@@ -36,7 +36,7 @@ cert_chain:
   DnOM3kD7rptG2g==
   -----END CERTIFICATE-----
-date: 2011-03-02 00:00:00 -05:00
+date: 2011-03-03 00:00:00 -05:00
 default_executable:
 dependencies: []
@@ -55,8 +55,8 @@ files:
 - Rakefile
 - encrypted_cookie.gemspec
 - lib/encrypted_cookie.rb
+- pkg/encrypted_cookie-0.0.2.gem
 - spec/encrypted_cookie_spec.rb
-- test/demo.rb
 has_rdoc: true
 homepage: http://github.com/cvonkleist/encrypted_cookie
 licenses: []

metadata.gz.sig CHANGED Viewed

	@@ -1 +1 @@
1	- +f7��\VPU�!��i�eh��p�ٙ?�;�P��o=�F#��p#\��{4+��o9P��o��Y��VF��7�ȏ)��~~ɝR&WAt��C��NK�˟{"�f�r��S�\|}��_�W0��g/��e��V�A~~�tY�BѲ��6a,i��;&.�w��C��~~F ~~��.&��F]8?�X1#�_~~
1	+ Ve��rH��A-�*�F�%�[��$�yy��7ڻ

data/test/demo.rb DELETED Viewed

@@ -1,15 +0,0 @@
-require 'sinatra'
-require '../lib/encrypted_cookie'
-use Rack::Session::EncryptedCookie,
-  :key => 'rack.session',
-  :secret => 'ASDFASDFASDJFsakdfji2j3oij2o3ij4l12kj3'
-get '/' do
-  "session = " + session.inspect
-end
-get '/set/:data' do
-  session[:data] = params[:data]
-  redirect '/'
-end