encrypted_cookie_store-instructure 1.0.0

data/LICENSE.txt

@@ -0,0 +1,25 @@
+Copyright (c) 2009 - 2010 Phusion, 2012 Cody Cutrer
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of the Phusion nor the names of its contributors
+      may be used to endorse or promote products derived from this software
+      without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.markdown

@@ -0,0 +1,78 @@
+EncryptedCookieStore
+====================
+EncryptedCookieStore is similar to Ruby on Rails's CookieStore (it saves
+session data in a cookie), but it uses encryption so that people can't read
+what's in the session data. This makes it possible to store sensitive data
+in the session.
+
+EncryptedCookieStore is written for Rails 2.3. Other versions of Rails have
+not been tested.
+
+**Note**: This is _not_ ThinkRelevance's EncryptedCookieStore. In the Rails
+2.0 days they wrote an EncryptedCookieStore, but it seems their repository
+had gone defunct and their source code lost. This EncryptedCookieStore is
+written from scratch by Phusion.
+
+Installation and usage
+----------------------
+
+First, add EncryptedCookieStore to your Gemfile
+
+    gem 'encrypted_cookie_store'
+
+Then edit `config/initializers/session_store.rb` and set your session store to
+EncryptedCookieStore:
+
+    ActionController::Base.session_store = EncryptedCookieStore
+
+You need to set a few session options before EncryptedCookieStore is usable.
+You must set all options that CookieStore needs in `session_store.rb`:
+
+    ActionController::Base.session = {
+        # CookieStore options...
+        :key            => '_session',     # Name of the cookie which contains the session data.
+        :secret         => 'b4589cc9...',  # A secret string used to generate the checksum for
+                                           # the session data. Must be longer than 64 characters
+                                           # and be completely random.
+    }
+
+Operational details
+-------------------
+Upon generating cookie data, EncryptedCookieStore generates a new, random
+initialization vector for encrypting the session data. The session data is
+first protected with an HMAC to prevent tampering. The session data is
+then compressed with Zlib, and encrypted using 128-bit AES in CBC mode with
+the generated initialization vector. This encrypted session data + HMAC are
+then stored, along with the initialization vector and a timestamp, into the
+cookie.
+
+Upon unmarshalling the cookie data, EncryptedCookieStore
+decrypts and decompresses the encrypted session data. The decrypted session
+data is then verified against the HMAC. It is also verified that the
+timestamp isn't too old, too prevent replay attacks.
+
+EncryptedCookieStore also changes how CookieStore sets the cookie. If the
+session has not changed, and the timestamp is less than 5 minutes old, it
+will *not* send the cookie to the browser.
+
+EncryptedCookieStore is quite fast: it is able to marshal and unmarshal a
+simple session object 5000 times in 8.7 seconds on a MacBook Pro with a 2.4
+Ghz Intel Core 2 Duo (in battery mode). This is about 0.174 ms per
+marshal+unmarshal action. See `rake benchmark` in the EncryptedCookieStore
+sources for details.
+
+EncryptedCookieStore vs other session stores
+--------------------------------------------
+EncryptedCookieStore inherits all the benefits of CookieStore:
+
+ * It works out of the box without the need to setup a seperate data store (e.g. database table, daemon, etc).
+ * It does not require any maintenance. Old, stale sessions do not need to be manually cleaned up, as is the case with PStore and ActiveRecordStore.
+ * Compared to MemCacheStore, EncryptedCookieStore can "hold" an infinite number of sessions at any time.
+ * It can be scaled across multiple servers without any additional setup.
+ * It is fast.
+ * It is more secure than CookieStore because it allows you to store sensitive data in the session.
+
+There are of course drawbacks as well:
+
+ * You can store at most a little less than 4 KB of data in the session because that's the size limit of a cookie. "A little less" because EncryptedCookieStore also stores a small amount of bookkeeping data in the cookie.
+ * Although encryption makes it more secure than CookieStore, there's still a chance that a bug in EncryptedCookieStore renders it insecure. We welcome everyone to audit this code. There's also a chance that weaknesses in AES are found in the near future which render it insecure. If you are storing *really* sensitive information in the session, e.g. social security numbers, or plans for world domination, then you should consider using ActiveRecordStore or some other server-side store.

data/encrypted_cookie_store-instructure.gemspec

@@ -0,0 +1,20 @@
+Gem::Specification.new do |s|
+  s.name = %q{encrypted_cookie_store-instructure}
+  s.version = "1.0.0"
+
+  s.authors = ["Cody"]
+  s.date = %q{2012-05-11}
+  s.extra_rdoc_files = [
+    "LICENSE.txt"
+  ]
+  s.files = [
+    "LICENSE.txt",
+    "README.markdown",
+    "lib/encrypted_cookie_store.rb",
+    "encrypted_cookie_store-instructure.gemspec"
+  ]
+  s.homepage = %q{http://github.com/ccutrer/encrypted_cookie_store}
+  s.require_paths = ["lib"]
+  s.summary = %q{EncryptedCookieStore for Ruby on Rails 2.3}
+  s.description = %q{A secure version of Rails' built in CookieStore}
+end

data/lib/encrypted_cookie_store.rb

@@ -0,0 +1,186 @@
+require 'openssl'
+require 'zlib'
+
+class EncryptedCookieStore < ActionController::Session::CookieStore
+  OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
+
+  class << self
+    attr_accessor :data_cipher_type
+  end
+
+  self.data_cipher_type = "aes-128-cbc".freeze
+
+  def initialize(app, options = {})
+    options[:secret] = options[:secret].call if options[:secret].respond_to?(:call)
+    ensure_encryption_key_secure(options[:secret])
+    @encryption_key = unhex(options[:secret]).freeze
+    @compress = options[:compress]
+    @compress = true if @compress.nil?
+    @data_cipher    = OpenSSL::Cipher::Cipher.new(EncryptedCookieStore.data_cipher_type)
+    @expire_after = options[:expire_after].freeze
+    options[:refresh_interval] ||= 5.minutes
+    super(app, options)
+  end
+
+  def call(env)
+    prepare!(env)
+
+    old_session_data, raw_old_session_data, old_timestamp = all_unpacked_cookie_data(env)
+    # make sure we have a deep copy
+    old_session_data = Marshal.load(raw_old_session_data) if raw_old_session_data
+
+    status, headers, body = @app.call(env)
+
+    session_data = env[ENV_SESSION_KEY]
+    options = env[ENV_SESSION_OPTIONS_KEY]
+    request = ActionController::Request.new(env)
+
+    if !(options[:secure] && !request.ssl?) && (!session_data.is_a?(ActionController::Session::AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after])
+      session_data.send(:load!) if session_data.is_a?(ActionController::Session::AbstractStore::SessionHash) && !session_data.loaded?
+
+      persistent_session_id!(session_data)
+
+      old_session_data = nil if options[:expire_after] && old_timestamp && Time.now.utc.to_i > old_timestamp + options[:refresh_interval]
+      return [status, headers, body] if session_data == old_session_data
+
+      session_data = marshal(session_data.to_hash)
+
+      raise CookieOverflow if session_data.size > MAX
+
+      cookie = Hash.new
+      cookie[:value] = session_data
+      unless options[:expire_after].nil?
+        cookie[:expires] = Time.now + options[:expire_after]
+      end
+
+      Rack::Utils.set_cookie_header!(headers, @key, cookie.merge(options))
+    end
+
+    [status, headers, body]
+  end
+private
+  def secret
+    @secret
+  end
+
+  def marshal(session)
+    @data_cipher.encrypt
+    @data_cipher.key = @encryption_key
+
+    session_data     = Marshal.dump(session)
+    iv               = @data_cipher.random_iv
+    if @compress
+      compressed_session_data = deflate(session_data, 5)
+      compressed_session_data = session_data if compressed_session_data.length >= session_data.length
+    else
+      compressed_session_data = session_data
+    end
+    encrypted_session_data = @data_cipher.update(compressed_session_data) << @data_cipher.final
+    timestamp        = Time.now.utc.to_i if @expire_after
+    digest           = OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(@digest), secret, session_data + timestamp.to_s)
+
+    result = "#{base64(iv)}#{compressed_session_data == session_data ? '.' : ' '}#{base64(encrypted_session_data)}.#{base64(digest)}"
+    result << ".#{base64([timestamp].pack('N'))}" if @expire_after
+    result
+  end
+
+  def unmarshal(cookie)
+    if cookie
+      compressed = !!cookie.index(' ')
+      b64_iv, b64_encrypted_session_data, b64_digest, b64_timestamp = cookie.split(/\.| /, 4)
+      if b64_iv && b64_encrypted_session_data && b64_digest
+        iv                     = unbase64(b64_iv)
+        encrypted_session_data = unbase64(b64_encrypted_session_data)
+        digest                 = unbase64(b64_digest)
+        timestamp              = unbase64(b64_timestamp).unpack('N').first if b64_timestamp
+
+        @data_cipher.decrypt
+        @data_cipher.key = @encryption_key
+        @data_cipher.iv = iv
+        session_data = @data_cipher.update(encrypted_session_data) << @data_cipher.final
+        session_data = inflate(session_data) if compressed
+        return [nil, nil] unless digest == OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(@digest), secret, session_data + timestamp.to_s)
+        if @expire_after
+          return [nil, nil] unless timestamp
+          return [nil, timestamp] unless Time.now.utc.to_i - timestamp < @expire_after
+        end
+        [Marshal.load(session_data), session_data, timestamp]
+      else
+        [nil, nil]
+      end
+    else
+      [nil, nil]
+    end
+  rescue Zlib::DataError
+    [nil, nil]
+  rescue OpenSSLCipherError
+    [nil, nil]
+  end
+
+  def all_unpacked_cookie_data(env)
+    env["action_dispatch.request.unsigned_session_cookie"] ||= begin
+      stale_session_check! do
+        request = Rack::Request.new(env)
+        session_data = request.cookies[@key]
+        unmarshal(session_data) || {}
+      end
+    end
+  end
+
+  def unpacked_cookie_data(env)
+    all_unpacked_cookie_data(env).first
+  end
+
+  # To prevent users from using an insecure encryption key like "Password" we make sure that the
+  # encryption key they've provided is at least 30 characters in length.
+  def ensure_encryption_key_secure(encryption_key)
+    if encryption_key.blank?
+      raise ArgumentError, "An encryption key is required for encrypting the " +
+        "cookie session data. Please set config.action_controller.session = { " +
+        "..., :encryption_key => \"some random string of at least " +
+        "16 bytes\", ... } in config/environment.rb"
+    end
+
+    if encryption_key.size < 16 * 2
+      raise ArgumentError, "The EncryptedCookieStore encryption key must be a " +
+        "hexadecimal string of at least 16 bytes. " +
+        "The value that you've provided, \"#{encryption_key}\", is " +
+        "#{encryption_key.size / 2} bytes. You could use the following (randomly " +
+        "generated) string as encryption key: " +
+        ActiveSupport::SecureRandom.hex(16)
+    end
+  end
+
+  def verifier_for(secret, digest)
+    nil
+  end
+
+  def base64(data)
+    ActiveSupport::Base64.encode64(data).tr('+/', '-_').gsub(/=|\n/, '')
+  end
+
+  def unbase64(data)
+    ActiveSupport::Base64.decode64(data.tr('-_', '+/').ljust((data.length + 4 - 1) / 4 * 4, '='))
+  end
+
+    # aka compress
+  def deflate(string, level)
+    z = Zlib::Deflate.new(level)
+    dst = z.deflate(string, Zlib::FINISH)
+    z.close
+    dst
+  end
+
+  # aka decompress
+  def inflate(string)
+    zstream = Zlib::Inflate.new
+    buf = zstream.inflate(string)
+    zstream.finish
+    zstream.close
+    buf
+  end
+
+  def unhex(hex_data)
+    [hex_data].pack("H*")
+  end
+end

metadata

@@ -0,0 +1,70 @@
+--- !ruby/object:Gem::Specification 
+name: encrypted_cookie_store-instructure
+version: !ruby/object:Gem::Version 
+  hash: 23
+  prerelease: 
+  segments: 
+  - 1
+  - 0
+  - 0
+  version: 1.0.0
+platform: ruby
+authors: 
+- Cody
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-05-11 00:00:00 -06:00
+default_executable: 
+dependencies: []
+
+description: A secure version of Rails' built in CookieStore
+email: 
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+files: 
+- LICENSE.txt
+- README.markdown
+- lib/encrypted_cookie_store.rb
+- encrypted_cookie_store-instructure.gemspec
+has_rdoc: true
+homepage: http://github.com/ccutrer/encrypted_cookie_store
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.5.3
+signing_key: 
+specification_version: 3
+summary: EncryptedCookieStore for Ruby on Rails 2.3
+test_files: []
+