RubyGems - encrypted_cookie_store-instructure - Versions diffs - 1.2.3 → 1.2.4 - Mend

encrypted_cookie_store-instructure 1.2.3 → 1.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/encrypted_cookie_store-instructure.gemspec +1 -1
data/lib/encrypted_cookie_store.rb +11 -11
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f94d492878cb40bfb4b7db2fd08cfd9852b89033
-  data.tar.gz: 468b7690138bc4faca1925ab0c29e284222315e6
+  metadata.gz: 27e3c5226ac9e726a47ab8da90ae4eb9acbc8b15
+  data.tar.gz: 5cb56758aa39b4d5f721f217077ff5ee8116f836
 SHA512:
-  metadata.gz: 5b6b35fd13d984a426b2b09ae3a7f063127d7faaadaae8dfd3a2cda415f91d1afa48f98c4f3d4c7610ea40c1121e922dae98aef0d4e5fbe0c6d56410d3b8b600
-  data.tar.gz: bac28854fe8c29db34e248ed0f39b6e1fab9080cd40fa0ff884900135f72b675cf7c5c01422192e348c97dc23709c24226c783f9880ab1c15bc43e3075ef8da1
+  metadata.gz: 2e0315240b2e955a55a3195bf3e695b08b760de2faab74c27f57f13e54d61f30dafc4a309aba0389946945694917268fa6c83541246fca8c7a44147a611fee50
+  data.tar.gz: 82ade9b34862910f376f96c825f0f6eaac428a24519cec8b78c64231e83e1137f992d150d24827d85954d69f4869dd5e4fbf072fc8af5f97e1241795a4d26b7b

data/encrypted_cookie_store-instructure.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = %q{encrypted_cookie_store-instructure}
-  s.version = "1.2.3"
+  s.version = "1.2.4"
   s.authors = ["Cody Cutrer", "Jacob Fugal", "James Williams"]
   s.date = %q{2013-12-20}

data/lib/encrypted_cookie_store.rb CHANGED Viewed

@@ -29,10 +29,10 @@ module ActionDispatch
         @secret = options.delete(:secret)
         @secret = @secret.call if @secret.respond_to?(:call)
         @secret.freeze
-        @encryption_key = unhex(@secret).freeze
-        ensure_encryption_key_secure
         @data_cipher = OpenSSL::Cipher.new(EncryptedCookieStore.data_cipher_type)
+        @encryption_key = unhex(@secret[0...(@data_cipher.key_len * 2)]).freeze
+        ensure_encryption_key_secure
         options[:refresh_interval] ||= 5.minutes
         super(app, options)
@@ -195,20 +195,20 @@ module ActionDispatch
       # To prevent users from using an insecure encryption key like "Password" we make sure that the
       # encryption key they've provided is at least 30 characters in length.
       def ensure_encryption_key_secure
-        if @encryption_key.blank?
+        if @secret.blank?
           raise ArgumentError, "An encryption key is required for encrypting the " +
               "cookie session data. Please set config.action_controller.session = { " +
-              "..., :encryption_key => \"some random string of at least " +
-              "16 bytes\", ... } in config/environment.rb"
+              "..., :secret => \"some random hex string of at least " +
+              "#{@data_cipher.key_len} bytes\", ... } in config/environment.rb"
         end
-        if @encryption_key.size < 16 * 2
+        if @secret.size < @data_cipher.key_len * 2
           raise ArgumentError, "The EncryptedCookieStore encryption key must be a " +
-              "hexadecimal string of at least 16 bytes. " +
-              "The value that you've provided, \"#{@encryption_key}\", is " +
-              "#{@encryption_key.size / 2} bytes. You could use the following (randomly " +
-              "generated) string as encryption key: " +
-              ActiveSupport::SecureRandom.hex(16)
+              "hexadecimal string of at least #{@data_cipher.key_len} bytes. " +
+              "The value that you've provided, \"#{@secret}\", is " +
+              "#{@secret.size / 2} bytes. You could use the following (randomly " +
+              "generated) string as the secret: " +
+              SecureRandom.hex(@data_cipher.key_len)
         end
       end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: encrypted_cookie_store-instructure
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.2.4
 platform: ruby
 authors:
 - Cody Cutrer