encrypted_cookie_store-instructure 1.1.12 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +5 -13
  2. data/encrypted_cookie_store-instructure.gemspec +6 -6
  3. data/lib/encrypted_cookie_store.rb +70 -60
  4. metadata +18 -39
checksums.yaml CHANGED
@@ -1,15 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- NWIxYmNmOGZjZDM1NjA5ODZkMDU5ZTZmYTdkZDdjMTRmYTkxNDI2Yg==
5
- data.tar.gz: !binary |-
6
- YzdkYzAwNjU5NDY2ZjRmOGFlMjIxYWE2ZjhmYmEyMjUwY2ZkMDkxZA==
2
+ SHA1:
3
+ metadata.gz: c0f577b66b03c658dd1ce0636ab19c211ea3353a
4
+ data.tar.gz: 43b1d3d42a3a3fad97dd4fe93fe205c0ec9bea92
7
5
  SHA512:
8
- metadata.gz: !binary |-
9
- YWFiYjRiYzMzYjc1N2Q2OTA0YTI3MjJlNDc4Nzc2NmQwZDZlZGRiYzcyNTRk
10
- N2RmNjk2OTIwOGQ5YmMxZGU1OGYxZTM0MzA4ZGZlMmY0ZmQxMTA1NTNkZTlh
11
- ZTBjZjMwMTdjMDM5ODExNjIxMGFlYTczMzVmMTNjYzRjZWM3ZmI=
12
- data.tar.gz: !binary |-
13
- ZDkxMjAyZDA0ZTc4MzlkYjY0Nzk0YjE0MmZkZDBhM2MzZDIzMjU5NTc3NjMw
14
- NzVjNzA2NWM4Yzk1OTdjNWIxNTFmYjk1OGQ1MmY0ZDBlNzM3MWNlOTE0OWUx
15
- OWYyY2E1Y2FjMzI5MTY4Y2E2NmFhZGVhZGVjZjcwZTdjYjA0NDM=
6
+ metadata.gz: 2b0f740fac10688184e2f6466b96ab29f50d80e37b71b6a5f9e6813b7ae7c5fe51983d9cd1ca1742cacd68bf5a6c9208890847afbb94c7e9cb9369a3eb23a20b
7
+ data.tar.gz: 82a7784a9ac88f7ae73bc5b809d3f763f2941e98f3feb23a39bb12609fe411ae952a3a71c21cbd039211b08586835ea7c82549210e8051d7467355cdb8f48a9c
data/encrypted_cookie_store-instructure.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = %q{encrypted_cookie_store-instructure}
3
- s.version = "1.1.12"
3
+ s.version = "1.2.0"
4
4
 
5
5
  s.authors = ["Cody Cutrer", "Jacob Fugal", "James Williams"]
6
6
  s.date = %q{2013-12-20}
@@ -15,12 +15,12 @@ Gem::Specification.new do |s|
15
15
  ]
16
16
  s.homepage = %q{http://github.com/ccutrer/encrypted_cookie_store}
17
17
  s.require_paths = ["lib"]
18
- s.summary = %q{EncryptedCookieStore for Ruby on Rails 3.2}
18
+ s.summary = %q{EncryptedCookieStore for Ruby on Rails 4.2}
19
19
  s.description = %q{A secure version of Rails' built in CookieStore}
20
20
 
21
- s.add_dependency "actionpack", ">= 3.2", "< 4.3"
22
- s.add_development_dependency "bundler", "~> 1.3"
21
+ s.add_dependency "actionpack", "~> 5.0.0"
22
+
23
23
  s.add_development_dependency "rake"
24
- s.add_development_dependency "rspec-rails", "~> 2.0"
25
- s.add_development_dependency "debugger"
24
+ s.add_development_dependency "rspec-rails", "~> 3.5"
25
+ s.add_development_dependency "byebug"
26
26
  end
data/lib/encrypted_cookie_store.rb CHANGED
@@ -1,11 +1,7 @@
1
1
  require 'openssl'
2
2
  require 'zlib'
3
3
 
4
- if ActiveSupport::VERSION::STRING >= '4.0'
5
- require 'active_support/core_ext/object/deep_dup'
6
- else
7
- require 'active_support/core_ext/hash/deep_dup'
8
- end
4
+ require 'active_support/core_ext/object/deep_dup'
9
5
  require 'active_support/core_ext/numeric/time'
10
6
  require 'action_dispatch'
11
7
 
@@ -17,10 +13,6 @@ module ActionDispatch
17
13
  end
18
14
  self.data_cipher_type = "aes-128-cbc".freeze
19
15
 
20
- EXPIRE_AFTER_KEY = "encrypted_cookie_store.session_expire_after"
21
-
22
- OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
23
-
24
16
  def initialize(app, options = {})
25
17
  @logger = options.delete(:logger)
26
18
  @digest = options.delete(:digest) || 'SHA1'
@@ -34,83 +26,103 @@ module ActionDispatch
34
26
  @encryption_key = unhex(@secret).freeze
35
27
  ensure_encryption_key_secure
36
28
 
37
- @allow_legacy_hmac = options[:allow_legacy_hmac]
38
-
39
29
  @data_cipher = OpenSSL::Cipher::Cipher.new(EncryptedCookieStore.data_cipher_type)
40
30
  options[:refresh_interval] ||= 5.minutes
41
31
 
42
32
  super(app, options)
43
33
  end
44
34
 
45
- def call(env)
46
- @expire_after = env[EXPIRE_AFTER_KEY]
47
- super
35
+ if Rack.release >= '2'
36
+ def get_header(req, key)
37
+ req.get_header(key)
38
+ end
39
+
40
+ def fetch_header(req, key, &block)
41
+ req.fetch_header(key, &block)
42
+ end
43
+
44
+ def set_header(req, key, value)
45
+ req.set_header(key, value)
46
+ end
47
+
48
+ # overrides method in ActionDispatch::Session::CookieStore
49
+ def cookie_jar(request)
50
+ request.cookie_jar
51
+ end
52
+
53
+ write_session = 'write_session'
54
+ else
55
+ def get_header(env, key)
56
+ env[key]
57
+ end
58
+
59
+ def fetch_header(env, key, &block)
60
+ env.fetch(key, &block)
61
+ end
62
+
63
+ def set_header(env, key, value)
64
+ env[key] = value
65
+ end
66
+
67
+ # overrides method in ActionDispatch::Session::CookieStore
68
+ def cookie_jar(env)
69
+ request = ActionDispatch::Request.new(env)
70
+ request.cookie_jar
71
+ end
72
+
73
+ write_session = 'set_session'
48
74
  end
49
75
 
50
76
  # overrides method in Rack::Session::Cookie
51
- def load_session(env)
52
- if time = timestamp(env)
53
- env['encrypted_cookie_store.session_refreshed_at'] ||= Time.at(time).utc
77
+ def load_session(req)
78
+ if time = timestamp(req)
79
+ fetch_header(req, 'encrypted_cookie_store.session_refreshed_at') { |k| set_header(req, k, Time.at(time).utc) }
54
80
  end
55
81
  super
56
82
  end
57
83
 
58
84
  private
59
85
 
60
- def expire_after(options={})
61
- @expire_after || options[:expire_after]
62
- end
63
-
64
86
  # overrides method in ActionDispatch::Session::CookieStore
65
- def unpacked_cookie_data(env)
66
- env['encrypted_cookie_store.cookie'] ||= begin
67
- stale_session_check! do
68
- request = ActionDispatch::Request.new(env)
69
- if data = unmarshal(request.cookie_jar[@key])
87
+ def unpacked_cookie_data(req)
88
+ fetch_header(req, "action_dispatch.request.unsigned_session_cookie") do |k|
89
+ v = stale_session_check! do
90
+ if data = unmarshal(get_cookie(req))
70
91
  data.stringify_keys!
71
92
  end
72
93
  data ||= {}
73
- env['encrypted_cookie_store.original_cookie'] = data.deep_dup.except(:timestamp)
94
+ set_header(req, 'encrypted_cookie_store.original_cookie', data.deep_dup.except(:timestamp))
74
95
  data
75
96
  end
97
+ set_header(req, k, v)
76
98
  end
77
99
  end
78
100
 
79
101
  # overrides method in ActionDispatch::Session::CookieStore
80
- def set_cookie(env, session_id, cookie)
81
- request = ActionDispatch::Request.new(env)
82
- request.cookie_jar[@key] = cookie
83
- end
84
-
85
- # overrides method in ActionDispatch::Session::CookieStore
86
- def set_session(env, sid, session_data, options)
87
- session_data = super
88
- session_data.delete(:timestamp)
89
- marshal(session_data, options)
90
- end
102
+ class_eval <<-RUBY, __FILE__, __LINE__ + 1
103
+ def #{write_session}(req, sid, session_data, options)
104
+ session_data = super
105
+ session_data.delete(:timestamp)
106
+ marshal(session_data, options)
107
+ end
108
+ RUBY
91
109
 
92
110
  # overrides method in Rack::Session::Abstract::ID
93
- def commit_session?(env, session, options)
111
+ def commit_session?(req, session, options)
94
112
  can_commit = super
95
- can_commit && (session_changed?(env, session) || refresh_session?(env, options))
113
+ can_commit && (session_changed?(req, session) || refresh_session?(req, options))
96
114
  end
97
115
 
98
- def destroy_session(env, session_id, options)
99
- env.delete('encrypted_cookie_store.cookie')
100
- ActionDispatch::Request.new(env).cookie_jar.delete(@key)
101
- super
102
- end
103
-
104
- def timestamp(env)
105
- unpacked_cookie_data(env)["timestamp"]
116
+ def timestamp(req)
117
+ unpacked_cookie_data(req)["timestamp"]
106
118
  end
107
119
 
108
- def session_changed?(env, session)
109
- (session || {}).to_hash.stringify_keys.except(:timestamp) != (env['encrypted_cookie_store.original_cookie'] || {})
120
+ def session_changed?(req, session)
121
+ (session || {}).to_hash.stringify_keys.except(:timestamp) != (get_header(req, 'encrypted_cookie_store.original_cookie') || {})
110
122
  end
111
123
 
112
- def refresh_session?(env, options)
113
- if expire_after(options) && options[:refresh_interval] && time = timestamp(env)
124
+ def refresh_session?(req, options)
125
+ if options[:expire_after] && options[:refresh_interval] && time = timestamp(req)
114
126
  Time.now.utc.to_i > time + options[:refresh_interval]
115
127
  else
116
128
  false
@@ -130,11 +142,11 @@ module ActionDispatch
130
142
  compressed_session_data = session_data
131
143
  end
132
144
  encrypted_session_data = @data_cipher.update(compressed_session_data) << @data_cipher.final
133
- timestamp = Time.now.utc.to_i if expire_after(options)
145
+ timestamp = Time.now.utc.to_i if options[:expire_after]
134
146
  digest = hmac_digest(iv, session_data, timestamp)
135
147
 
136
148
  result = "#{base64(iv)}#{compressed_session_data == session_data ? '.' : ' '}#{base64(encrypted_session_data)}.#{base64(digest)}"
137
- result << ".#{base64([timestamp].pack('N'))}" if expire_after(options)
149
+ result << ".#{base64([timestamp].pack('N'))}" if options[:expire_after]
138
150
  result
139
151
  end
140
152
 
@@ -153,11 +165,9 @@ module ActionDispatch
153
165
  @data_cipher.iv = iv
154
166
  session_data = @data_cipher.update(encrypted_session_data) << @data_cipher.final
155
167
  session_data = inflate(session_data) if compressed
156
- unless digest == hmac_digest(iv, session_data, timestamp)
157
- return nil unless @allow_legacy_hmac && digest == hmac_digest(nil, session_data, timestamp)
158
- end
159
- if expire_after(options)
160
- return nil unless timestamp && Time.now.utc.to_i <= timestamp + expire_after(options)
168
+ return nil unless digest == hmac_digest(iv, session_data, timestamp)
169
+ if options[:expire_after]
170
+ return nil unless timestamp && Time.now.utc.to_i <= timestamp + options[:expire_after]
161
171
  end
162
172
 
163
173
  loaded_data = nil
@@ -172,7 +182,7 @@ module ActionDispatch
172
182
  else
173
183
  nil
174
184
  end
175
- rescue Zlib::DataError, OpenSSLCipherError
185
+ rescue Zlib::DataError, OpenSSL::Cipher::CipherError
176
186
  nil
177
187
  end
178
188
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: encrypted_cookie_store-instructure
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.12
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cody Cutrer
@@ -16,76 +16,56 @@ dependencies:
16
16
  name: actionpack
17
17
  requirement: !ruby/object:Gem::Requirement
18
18
  requirements:
19
- - - ! '>='
19
+ - - "~>"
20
20
  - !ruby/object:Gem::Version
21
- version: '3.2'
22
- - - <
23
- - !ruby/object:Gem::Version
24
- version: '4.3'
21
+ version: 5.0.0
25
22
  type: :runtime
26
23
  prerelease: false
27
24
  version_requirements: !ruby/object:Gem::Requirement
28
25
  requirements:
29
- - - ! '>='
30
- - !ruby/object:Gem::Version
31
- version: '3.2'
32
- - - <
33
- - !ruby/object:Gem::Version
34
- version: '4.3'
35
- - !ruby/object:Gem::Dependency
36
- name: bundler
37
- requirement: !ruby/object:Gem::Requirement
38
- requirements:
39
- - - ~>
40
- - !ruby/object:Gem::Version
41
- version: '1.3'
42
- type: :development
43
- prerelease: false
44
- version_requirements: !ruby/object:Gem::Requirement
45
- requirements:
46
- - - ~>
26
+ - - "~>"
47
27
  - !ruby/object:Gem::Version
48
- version: '1.3'
28
+ version: 5.0.0
49
29
  - !ruby/object:Gem::Dependency
50
30
  name: rake
51
31
  requirement: !ruby/object:Gem::Requirement
52
32
  requirements:
53
- - - ! '>='
33
+ - - ">="
54
34
  - !ruby/object:Gem::Version
55
35
  version: '0'
56
36
  type: :development
57
37
  prerelease: false
58
38
  version_requirements: !ruby/object:Gem::Requirement
59
39
  requirements:
60
- - - ! '>='
40
+ - - ">="
61
41
  - !ruby/object:Gem::Version
62
42
  version: '0'
63
43
  - !ruby/object:Gem::Dependency
64
44
  name: rspec-rails
65
45
  requirement: !ruby/object:Gem::Requirement
66
46
  requirements:
67
- - - ~>
47
+ - - "~>"
68
48
  - !ruby/object:Gem::Version
69
- version: '2.0'
49
+ version: '3.5'
70
50
  type: :development
71
51
  prerelease: false
72
52
  version_requirements: !ruby/object:Gem::Requirement
73
53
  requirements:
74
- - - ~>
54
+ - - "~>"
75
55
  - !ruby/object:Gem::Version
76
- version: '2.0'
56
+ version: '3.5'
77
57
  - !ruby/object:Gem::Dependency
78
- name: debugger
58
+ name: byebug
79
59
  requirement: !ruby/object:Gem::Requirement
80
60
  requirements:
81
- - - ! '>='
61
+ - - ">="
82
62
  - !ruby/object:Gem::Version
83
63
  version: '0'
84
64
  type: :development
85
65
  prerelease: false
86
66
  version_requirements: !ruby/object:Gem::Requirement
87
67
  requirements:
88
- - - ! '>='
68
+ - - ">="
89
69
  - !ruby/object:Gem::Version
90
70
  version: '0'
91
71
  description: A secure version of Rails' built in CookieStore
@@ -108,19 +88,18 @@ require_paths:
108
88
  - lib
109
89
  required_ruby_version: !ruby/object:Gem::Requirement
110
90
  requirements:
111
- - - ! '>='
91
+ - - ">="
112
92
  - !ruby/object:Gem::Version
113
93
  version: '0'
114
94
  required_rubygems_version: !ruby/object:Gem::Requirement
115
95
  requirements:
116
- - - ! '>='
96
+ - - ">="
117
97
  - !ruby/object:Gem::Version
118
98
  version: '0'
119
99
  requirements: []
120
100
  rubyforge_project:
121
- rubygems_version: 2.4.5
101
+ rubygems_version: 2.5.1
122
102
  signing_key:
123
103
  specification_version: 4
124
- summary: EncryptedCookieStore for Ruby on Rails 3.2
104
+ summary: EncryptedCookieStore for Ruby on Rails 4.2
125
105
  test_files: []
126
- has_rdoc: