encrypted_cookie 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data.tar.gz.sig +0 -0
- data/Manifest +0 -1
- data/Rakefile +1 -1
- data/encrypted_cookie.gemspec +2 -2
- data/lib/encrypted_cookie.rb +15 -5
- data/spec/encrypted_cookie_spec.rb +10 -2
- metadata +3 -4
- metadata.gz.sig +0 -0
- data/pkg/encrypted_cookie-0.0.2.gem +0 -0
data.tar.gz.sig
CHANGED
Binary file
|
data/Manifest
CHANGED
data/Rakefile
CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
|
|
2
2
|
require 'rake'
|
3
3
|
require 'echoe'
|
4
4
|
|
5
|
-
Echoe.new('encrypted_cookie', '0.0.
|
5
|
+
Echoe.new('encrypted_cookie', '0.0.4') do |p|
|
6
6
|
p.description = "Encrypted session cookies for Rack"
|
7
7
|
p.url = "http://github.com/cvonkleist/encrypted_cookie"
|
8
8
|
p.author = "Christian von Kleist"
|
data/encrypted_cookie.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{encrypted_cookie}
|
5
|
-
s.version = "0.0.
|
5
|
+
s.version = "0.0.4"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Christian von Kleist"]
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
|
|
11
11
|
s.description = %q{Encrypted session cookies for Rack}
|
12
12
|
s.email = %q{cvonkleist at-a-place-called gmail.com}
|
13
13
|
s.extra_rdoc_files = ["README.markdown", "lib/encrypted_cookie.rb"]
|
14
|
-
s.files = ["Manifest", "README.markdown", "Rakefile", "encrypted_cookie.gemspec", "lib/encrypted_cookie.rb", "
|
14
|
+
s.files = ["Manifest", "README.markdown", "Rakefile", "encrypted_cookie.gemspec", "lib/encrypted_cookie.rb", "spec/encrypted_cookie_spec.rb"]
|
15
15
|
s.homepage = %q{http://github.com/cvonkleist/encrypted_cookie}
|
16
16
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Encrypted_cookie", "--main", "README.markdown"]
|
17
17
|
s.require_paths = ["lib"]
|
data/lib/encrypted_cookie.rb
CHANGED
@@ -47,11 +47,10 @@ module Rack
|
|
47
47
|
session_data = request.cookies[@key]
|
48
48
|
|
49
49
|
if session_data
|
50
|
-
|
51
|
-
session_data = decrypt(session_data)
|
50
|
+
if session_data = decrypt(session_data)
|
52
51
|
session_data, digest = session_data.split("--")
|
53
|
-
session_data = nil
|
54
|
-
|
52
|
+
session_data = nil unless digest == generate_hmac(session_data)
|
53
|
+
end
|
55
54
|
end
|
56
55
|
|
57
56
|
begin
|
@@ -93,18 +92,29 @@ module Rack
|
|
93
92
|
def encrypt(str)
|
94
93
|
aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').encrypt
|
95
94
|
aes.key = @secret
|
96
|
-
salt = OpenSSL::Random.random_bytes(aes.key_len)
|
97
95
|
iv = OpenSSL::Random.random_bytes(aes.iv_len)
|
96
|
+
aes.iv = iv
|
98
97
|
[iv + (aes.update(str) << aes.final)].pack('m0')
|
99
98
|
end
|
100
99
|
|
100
|
+
# decrypts string. returns nil if an error occurs
|
101
|
+
#
|
102
|
+
# returns nil if openssl raises an error during decryption (likely
|
103
|
+
# someone is tampering with the session data, or the sinatra user was
|
104
|
+
# previously using Cookie and has just switched to EncryptedCookie), and
|
105
|
+
# will also return nil if the text to decrypt is too short to possibly be
|
106
|
+
# good aes data.
|
101
107
|
def decrypt(str)
|
102
108
|
str = str.unpack('m0').first
|
103
109
|
aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').decrypt
|
104
110
|
aes.key = @secret
|
105
111
|
iv = str[0, aes.iv_len]
|
112
|
+
aes.iv = iv
|
106
113
|
crypted_text = str[aes.iv_len..-1]
|
114
|
+
return nil if crypted_text.nil? || iv.nil?
|
107
115
|
aes.update(crypted_text) << aes.final
|
116
|
+
rescue
|
117
|
+
nil
|
108
118
|
end
|
109
119
|
end
|
110
120
|
end
|
@@ -56,7 +56,7 @@ describe EncryptedApp do
|
|
56
56
|
str = CGI.unescape(data).unpack('m0').first
|
57
57
|
aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').decrypt
|
58
58
|
aes.key = 'foo' * 10
|
59
|
-
iv = str[0, aes.iv_len]
|
59
|
+
aes.iv = str[0, aes.iv_len]
|
60
60
|
crypted_text = str[aes.iv_len..-1]
|
61
61
|
|
62
62
|
plaintext = (aes.update(crypted_text) << aes.final)
|
@@ -86,7 +86,15 @@ describe EncryptedApp do
|
|
86
86
|
get '/'
|
87
87
|
last_response.body.should == 'session: {"foo"=>"bar"}'
|
88
88
|
|
89
|
-
|
89
|
+
# tamper with the cookie (too short to be aes data)
|
90
|
+
rack_mock_session.cookie_jar << Rack::Test::Cookie.new('rack.session=foo', URI.parse('http://example.org//'))
|
91
|
+
|
92
|
+
get '/'
|
93
|
+
last_response.body.should == 'session: {}'
|
94
|
+
|
95
|
+
# tamper with the cookie (long enough to attempt aes decryption)
|
96
|
+
rack_mock_session.cookie_jar << Rack::Test::Cookie.new('rack.session=foobarbaz', URI.parse('http://example.org//'))
|
97
|
+
|
90
98
|
get '/'
|
91
99
|
last_response.body.should == 'session: {}'
|
92
100
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: encrypted_cookie
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 23
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 4
|
10
|
+
version: 0.0.4
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Christian von Kleist
|
@@ -55,7 +55,6 @@ files:
|
|
55
55
|
- Rakefile
|
56
56
|
- encrypted_cookie.gemspec
|
57
57
|
- lib/encrypted_cookie.rb
|
58
|
-
- pkg/encrypted_cookie-0.0.2.gem
|
59
58
|
- spec/encrypted_cookie_spec.rb
|
60
59
|
has_rdoc: true
|
61
60
|
homepage: http://github.com/cvonkleist/encrypted_cookie
|
metadata.gz.sig
CHANGED
Binary file
|
Binary file
|