encrypted_cookie 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data.tar.gz.sig +0 -0
- data/Manifest +0 -1
- data/Rakefile +1 -1
- data/encrypted_cookie.gemspec +2 -2
- data/lib/encrypted_cookie.rb +15 -5
- data/spec/encrypted_cookie_spec.rb +10 -2
- metadata +3 -4
- metadata.gz.sig +0 -0
- data/pkg/encrypted_cookie-0.0.2.gem +0 -0
data.tar.gz.sig
CHANGED
Binary file
|
data/Manifest
CHANGED
data/Rakefile
CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
|
|
2
2
|
require 'rake'
|
3
3
|
require 'echoe'
|
4
4
|
|
5
|
-
Echoe.new('encrypted_cookie', '0.0.
|
5
|
+
Echoe.new('encrypted_cookie', '0.0.4') do |p|
|
6
6
|
p.description = "Encrypted session cookies for Rack"
|
7
7
|
p.url = "http://github.com/cvonkleist/encrypted_cookie"
|
8
8
|
p.author = "Christian von Kleist"
|
data/encrypted_cookie.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{encrypted_cookie}
|
5
|
-
s.version = "0.0.
|
5
|
+
s.version = "0.0.4"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Christian von Kleist"]
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
|
|
11
11
|
s.description = %q{Encrypted session cookies for Rack}
|
12
12
|
s.email = %q{cvonkleist at-a-place-called gmail.com}
|
13
13
|
s.extra_rdoc_files = ["README.markdown", "lib/encrypted_cookie.rb"]
|
14
|
-
s.files = ["Manifest", "README.markdown", "Rakefile", "encrypted_cookie.gemspec", "lib/encrypted_cookie.rb", "
|
14
|
+
s.files = ["Manifest", "README.markdown", "Rakefile", "encrypted_cookie.gemspec", "lib/encrypted_cookie.rb", "spec/encrypted_cookie_spec.rb"]
|
15
15
|
s.homepage = %q{http://github.com/cvonkleist/encrypted_cookie}
|
16
16
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Encrypted_cookie", "--main", "README.markdown"]
|
17
17
|
s.require_paths = ["lib"]
|
data/lib/encrypted_cookie.rb
CHANGED
@@ -47,11 +47,10 @@ module Rack
|
|
47
47
|
session_data = request.cookies[@key]
|
48
48
|
|
49
49
|
if session_data
|
50
|
-
|
51
|
-
session_data = decrypt(session_data)
|
50
|
+
if session_data = decrypt(session_data)
|
52
51
|
session_data, digest = session_data.split("--")
|
53
|
-
session_data = nil
|
54
|
-
|
52
|
+
session_data = nil unless digest == generate_hmac(session_data)
|
53
|
+
end
|
55
54
|
end
|
56
55
|
|
57
56
|
begin
|
@@ -93,18 +92,29 @@ module Rack
|
|
93
92
|
def encrypt(str)
|
94
93
|
aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').encrypt
|
95
94
|
aes.key = @secret
|
96
|
-
salt = OpenSSL::Random.random_bytes(aes.key_len)
|
97
95
|
iv = OpenSSL::Random.random_bytes(aes.iv_len)
|
96
|
+
aes.iv = iv
|
98
97
|
[iv + (aes.update(str) << aes.final)].pack('m0')
|
99
98
|
end
|
100
99
|
|
100
|
+
# decrypts string. returns nil if an error occurs
|
101
|
+
#
|
102
|
+
# returns nil if openssl raises an error during decryption (likely
|
103
|
+
# someone is tampering with the session data, or the sinatra user was
|
104
|
+
# previously using Cookie and has just switched to EncryptedCookie), and
|
105
|
+
# will also return nil if the text to decrypt is too short to possibly be
|
106
|
+
# good aes data.
|
101
107
|
def decrypt(str)
|
102
108
|
str = str.unpack('m0').first
|
103
109
|
aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').decrypt
|
104
110
|
aes.key = @secret
|
105
111
|
iv = str[0, aes.iv_len]
|
112
|
+
aes.iv = iv
|
106
113
|
crypted_text = str[aes.iv_len..-1]
|
114
|
+
return nil if crypted_text.nil? || iv.nil?
|
107
115
|
aes.update(crypted_text) << aes.final
|
116
|
+
rescue
|
117
|
+
nil
|
108
118
|
end
|
109
119
|
end
|
110
120
|
end
|
@@ -56,7 +56,7 @@ describe EncryptedApp do
|
|
56
56
|
str = CGI.unescape(data).unpack('m0').first
|
57
57
|
aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').decrypt
|
58
58
|
aes.key = 'foo' * 10
|
59
|
-
iv = str[0, aes.iv_len]
|
59
|
+
aes.iv = str[0, aes.iv_len]
|
60
60
|
crypted_text = str[aes.iv_len..-1]
|
61
61
|
|
62
62
|
plaintext = (aes.update(crypted_text) << aes.final)
|
@@ -86,7 +86,15 @@ describe EncryptedApp do
|
|
86
86
|
get '/'
|
87
87
|
last_response.body.should == 'session: {"foo"=>"bar"}'
|
88
88
|
|
89
|
-
|
89
|
+
# tamper with the cookie (too short to be aes data)
|
90
|
+
rack_mock_session.cookie_jar << Rack::Test::Cookie.new('rack.session=foo', URI.parse('http://example.org//'))
|
91
|
+
|
92
|
+
get '/'
|
93
|
+
last_response.body.should == 'session: {}'
|
94
|
+
|
95
|
+
# tamper with the cookie (long enough to attempt aes decryption)
|
96
|
+
rack_mock_session.cookie_jar << Rack::Test::Cookie.new('rack.session=foobarbaz', URI.parse('http://example.org//'))
|
97
|
+
|
90
98
|
get '/'
|
91
99
|
last_response.body.should == 'session: {}'
|
92
100
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: encrypted_cookie
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 23
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 4
|
10
|
+
version: 0.0.4
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Christian von Kleist
|
@@ -55,7 +55,6 @@ files:
|
|
55
55
|
- Rakefile
|
56
56
|
- encrypted_cookie.gemspec
|
57
57
|
- lib/encrypted_cookie.rb
|
58
|
-
- pkg/encrypted_cookie-0.0.2.gem
|
59
58
|
- spec/encrypted_cookie_spec.rb
|
60
59
|
has_rdoc: true
|
61
60
|
homepage: http://github.com/cvonkleist/encrypted_cookie
|
metadata.gz.sig
CHANGED
Binary file
|
Binary file
|