encrypted_cookie_store-instructure 1.2.3 → 1.2.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f94d492878cb40bfb4b7db2fd08cfd9852b89033
4
- data.tar.gz: 468b7690138bc4faca1925ab0c29e284222315e6
3
+ metadata.gz: 27e3c5226ac9e726a47ab8da90ae4eb9acbc8b15
4
+ data.tar.gz: 5cb56758aa39b4d5f721f217077ff5ee8116f836
5
5
  SHA512:
6
- metadata.gz: 5b6b35fd13d984a426b2b09ae3a7f063127d7faaadaae8dfd3a2cda415f91d1afa48f98c4f3d4c7610ea40c1121e922dae98aef0d4e5fbe0c6d56410d3b8b600
7
- data.tar.gz: bac28854fe8c29db34e248ed0f39b6e1fab9080cd40fa0ff884900135f72b675cf7c5c01422192e348c97dc23709c24226c783f9880ab1c15bc43e3075ef8da1
6
+ metadata.gz: 2e0315240b2e955a55a3195bf3e695b08b760de2faab74c27f57f13e54d61f30dafc4a309aba0389946945694917268fa6c83541246fca8c7a44147a611fee50
7
+ data.tar.gz: 82ade9b34862910f376f96c825f0f6eaac428a24519cec8b78c64231e83e1137f992d150d24827d85954d69f4869dd5e4fbf072fc8af5f97e1241795a4d26b7b
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = %q{encrypted_cookie_store-instructure}
3
- s.version = "1.2.3"
3
+ s.version = "1.2.4"
4
4
 
5
5
  s.authors = ["Cody Cutrer", "Jacob Fugal", "James Williams"]
6
6
  s.date = %q{2013-12-20}
@@ -29,10 +29,10 @@ module ActionDispatch
29
29
  @secret = options.delete(:secret)
30
30
  @secret = @secret.call if @secret.respond_to?(:call)
31
31
  @secret.freeze
32
- @encryption_key = unhex(@secret).freeze
33
- ensure_encryption_key_secure
34
32
 
35
33
  @data_cipher = OpenSSL::Cipher.new(EncryptedCookieStore.data_cipher_type)
34
+ @encryption_key = unhex(@secret[0...(@data_cipher.key_len * 2)]).freeze
35
+ ensure_encryption_key_secure
36
36
  options[:refresh_interval] ||= 5.minutes
37
37
 
38
38
  super(app, options)
@@ -195,20 +195,20 @@ module ActionDispatch
195
195
  # To prevent users from using an insecure encryption key like "Password" we make sure that the
196
196
  # encryption key they've provided is at least 30 characters in length.
197
197
  def ensure_encryption_key_secure
198
- if @encryption_key.blank?
198
+ if @secret.blank?
199
199
  raise ArgumentError, "An encryption key is required for encrypting the " +
200
200
  "cookie session data. Please set config.action_controller.session = { " +
201
- "..., :encryption_key => \"some random string of at least " +
202
- "16 bytes\", ... } in config/environment.rb"
201
+ "..., :secret => \"some random hex string of at least " +
202
+ "#{@data_cipher.key_len} bytes\", ... } in config/environment.rb"
203
203
  end
204
204
 
205
- if @encryption_key.size < 16 * 2
205
+ if @secret.size < @data_cipher.key_len * 2
206
206
  raise ArgumentError, "The EncryptedCookieStore encryption key must be a " +
207
- "hexadecimal string of at least 16 bytes. " +
208
- "The value that you've provided, \"#{@encryption_key}\", is " +
209
- "#{@encryption_key.size / 2} bytes. You could use the following (randomly " +
210
- "generated) string as encryption key: " +
211
- ActiveSupport::SecureRandom.hex(16)
207
+ "hexadecimal string of at least #{@data_cipher.key_len} bytes. " +
208
+ "The value that you've provided, \"#{@secret}\", is " +
209
+ "#{@secret.size / 2} bytes. You could use the following (randomly " +
210
+ "generated) string as the secret: " +
211
+ SecureRandom.hex(@data_cipher.key_len)
212
212
  end
213
213
  end
214
214
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: encrypted_cookie_store-instructure
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.3
4
+ version: 1.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cody Cutrer