RubyGems - encrypted_cookie_store-instructure - Versions diffs - 1.0.8 → 1.1.0 - Mend

encrypted_cookie_store-instructure 1.0.8 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

data/encrypted_cookie_store-instructure.gemspec +9 -3
data/lib/encrypted_cookie_store.rb +159 -169
metadata +90 -8
checksums.yaml +0 -15

data/encrypted_cookie_store-instructure.gemspec CHANGED Viewed

@@ -1,9 +1,9 @@
 Gem::Specification.new do |s|
   s.name = %q{encrypted_cookie_store-instructure}
-  s.version = "1.0.8"
+  s.version = "1.1.0"
   s.authors = ["Cody Cutrer", "Jacob Fugal", "James Williams"]
-  s.date = %q{2013-12-20}
+  s.date = %q{2013-11-13}
   s.extra_rdoc_files = [
     "LICENSE.txt"
   ]
@@ -15,6 +15,12 @@ Gem::Specification.new do |s|
   ]
   s.homepage = %q{http://github.com/ccutrer/encrypted_cookie_store}
   s.require_paths = ["lib"]
-  s.summary = %q{EncryptedCookieStore for Ruby on Rails 2.3}
+  s.summary = %q{EncryptedCookieStore for Ruby on Rails 3.2}
   s.description = %q{A secure version of Rails' built in CookieStore}
+  s.add_dependency "actionpack", "~> 3.2"
+  s.add_development_dependency "bundler", "~> 1.3"
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rspec-rails", "~> 2.0"
+  s.add_development_dependency "debugger"
 end

data/lib/encrypted_cookie_store.rb CHANGED Viewed

@@ -1,204 +1,194 @@
 require 'openssl'
 require 'zlib'
-class EncryptedCookieStore < ActionController::Session::CookieStore
-  OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
+require 'active_support/core_ext/hash/deep_dup'
+require 'active_support/core_ext/numeric/time'
+require 'action_dispatch'
+module ActionDispatch
+  module Session
+    class EncryptedCookieStore < CookieStore
+      class << self
+        attr_accessor :data_cipher_type
+      end
+      self.data_cipher_type = "aes-128-cbc".freeze
-  EXPIRE_AFTER_KEY = "encrypted_cookie_store.session_expire_after"
+      OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
-  class << self
-    attr_accessor :data_cipher_type
-  end
+      def initialize(app, options = {})
+        @digest = options.delete(:digest) || 'SHA1'
-  self.data_cipher_type = "aes-128-cbc".freeze
-  def initialize(app, options = {})
-    options[:secret] = options[:secret].call if options[:secret].respond_to?(:call)
-    @logger = options[:logger]
-    ensure_encryption_key_secure(options[:secret])
-    @encryption_key = unhex(options[:secret]).freeze
-    @compress = options[:compress]
-    @compress = true if @compress.nil?
-    @data_cipher    = OpenSSL::Cipher::Cipher.new(EncryptedCookieStore.data_cipher_type)
-    @options = options
-    options[:refresh_interval] ||= 5.minutes
-    super(app, options)
-  end
+        @compress = options[:compress]
+        @compress = true if @compress.nil?
-  def call(env)
-    @options[:expire_after] = env[EXPIRE_AFTER_KEY] || @options[:expire_after]
-    prepare!(env)
+        @secret = options.delete(:secret)
+        @secret = @secret.call if @secret.respond_to?(:call)
+        @secret.freeze
+        @encryption_key = unhex(@secret).freeze
+        ensure_encryption_key_secure
-    old_session_data, raw_old_session_data, old_timestamp = all_unpacked_cookie_data(env)
-    # make sure we have a deep copy
-    old_session_data = Marshal.load(raw_old_session_data) if raw_old_session_data
-    env['encrypted_cookie_store.session_refreshed_at'] ||= session_refreshed_at(old_timestamp)
+        @data_cipher = OpenSSL::Cipher::Cipher.new(EncryptedCookieStore.data_cipher_type)
+        options[:refresh_interval] ||= 5.minutes
-    status, headers, body = @app.call(env)
+        super(app, options)
+      end
-    session_data = env[ENV_SESSION_KEY]
-    options = env[ENV_SESSION_OPTIONS_KEY]
-    request = ActionController::Request.new(env)
+      private
+      # overrides method in ActionDispatch::Session::CookieStore
+      def unpacked_cookie_data(env)
+        env['encrypted_cookie_store.cookie'] ||= begin
+          stale_session_check! do
+            request = ActionDispatch::Request.new(env)
+            if data = unmarshal(request.cookie_jar.signed[@key])
+              data.stringify_keys!
+            end
+            data ||= {}
+            env['encrypted_cookie_store.original_cookie'] = data.deep_dup.except(:timestamp)
+            data
+          end
+        end
+      end
-    @options[:expire_after] = env[EXPIRE_AFTER_KEY] || options[:expire_after] || @options[:expire_after]
-    options[:expire_after] = @options[:expire_after]
+      # overrides method in ActionDispatch::Session::CookieStore
+      def set_session(env, sid, session_data, options)
+        session_data = super
+        session_data.delete(:timestamp)
+        marshal(session_data, options)
+      end
-    if !(options[:secure] && !request.ssl?) && (!session_data.is_a?(ActionController::Session::AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after])
-      session_data.send(:load!) if session_data.is_a?(ActionController::Session::AbstractStore::SessionHash) && !session_data.loaded?
+      # overrides method in Rack::Session::Cookie
+      def load_session(env)
+        if time = timestamp(env)
+          env['encrypted_cookie_store.session_refreshed_at'] ||= Time.at(time).utc
+        end
+        super
+      end
-      persistent_session_id!(session_data)
+      # overrides method in Rack::Session::Abstract::ID
+      def commit_session?(env, session, options)
+        can_commit = super
+        can_commit && (session_changed?(env, session) || refresh_session?(env, options))
+      end
-      old_session_data = nil if options[:expire_after] && old_timestamp && Time.now.utc.to_i > old_timestamp + options[:refresh_interval]
-      return [status, headers, body] if session_data == old_session_data
-      session_data = marshal(session_data.to_hash)
+      def timestamp(env)
+        unpacked_cookie_data(env)["timestamp"]
+      end
-      raise CookieOverflow if session_data.size > MAX
+      def session_changed?(env, session)
+        (session || {}).to_hash.stringify_keys.except(:timestamp) != (env['encrypted_cookie_store.original_cookie'] || {})
+      end
-      cookie = Hash.new
-      cookie[:value] = session_data
-      unless options[:expire_after].nil?
-        cookie[:expires] = Time.now + options[:expire_after]
+      def refresh_session?(env, options)
+        if options[:expire_after] && options[:refresh_interval] && time = timestamp(env)
+          Time.now.utc.to_i > time + options[:refresh_interval]
+        else
+          false
+        end
       end
-      Rack::Utils.set_cookie_header!(headers, @key, cookie.merge(options))
-    end
+      def marshal(data, options={})
+        @data_cipher.encrypt
+        @data_cipher.key = @encryption_key
-    [status, headers, body]
-  end
-private
-  def secret
-    @secret
-  end
+        session_data     = Marshal.dump(data)
+        iv               = @data_cipher.random_iv
+        if @compress
+          compressed_session_data = deflate(session_data, 5)
+          compressed_session_data = session_data if compressed_session_data.length >= session_data.length
+        else
+          compressed_session_data = session_data
+        end
+        encrypted_session_data = @data_cipher.update(compressed_session_data) << @data_cipher.final
+        timestamp        = Time.now.utc.to_i if options[:expire_after]
+        digest           = OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(@digest), @secret, session_data + timestamp.to_s)
-  def marshal(session)
-    @data_cipher.encrypt
-    @data_cipher.key = @encryption_key
-    session_data     = Marshal.dump(session)
-    iv               = @data_cipher.random_iv
-    if @compress
-      compressed_session_data = deflate(session_data, 5)
-      compressed_session_data = session_data if compressed_session_data.length >= session_data.length
-    else
-      compressed_session_data = session_data
-    end
-    encrypted_session_data = @data_cipher.update(compressed_session_data) << @data_cipher.final
-    timestamp        = Time.now.utc.to_i if @options[:expire_after]
-    digest           = OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(@digest), secret, session_data + timestamp.to_s)
+        result = "#{base64(iv)}#{compressed_session_data == session_data ? '.' : ' '}#{base64(encrypted_session_data)}.#{base64(digest)}"
+        result << ".#{base64([timestamp].pack('N'))}" if options[:expire_after]
+        result
+      end
-    result = "#{base64(iv)}#{compressed_session_data == session_data ? '.' : ' '}#{base64(encrypted_session_data)}.#{base64(digest)}"
-    result << ".#{base64([timestamp].pack('N'))}" if @options[:expire_after]
-    result
-  end
+      def unmarshal(data, options={})
+        return nil unless data
+        compressed = !!data.index(' ')
+        b64_iv, b64_encrypted_session_data, b64_digest, b64_timestamp = data.split(/\.| /, 4)
+        if b64_iv && b64_encrypted_session_data && b64_digest
+          iv                     = unbase64(b64_iv)
+          encrypted_session_data = unbase64(b64_encrypted_session_data)
+          digest                 = unbase64(b64_digest)
+          timestamp              = unbase64(b64_timestamp).unpack('N').first if b64_timestamp
+          @data_cipher.decrypt
+          @data_cipher.key = @encryption_key
+          @data_cipher.iv = iv
+          session_data = @data_cipher.update(encrypted_session_data) << @data_cipher.final
+          session_data = inflate(session_data) if compressed
+          return nil unless digest == OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(@digest), @secret, session_data + timestamp.to_s)
+          if options[:expire_after]
+            return nil unless timestamp && Time.now.utc.to_i <= timestamp + options[:expire_after]
+          end
+          loaded_data = Marshal.load(session_data) || nil
+          loaded_data[:timestamp] = timestamp if loaded_data && timestamp
+          loaded_data
+        else
+          nil
+        end
+      rescue Zlib::DataError, OpenSSLCipherError
+        nil
+      end
-  def unmarshal(cookie)
-    if cookie
-      compressed = !!cookie.index(' ')
-      b64_iv, b64_encrypted_session_data, b64_digest, b64_timestamp = cookie.split(/\.| /, 4)
-      if b64_iv && b64_encrypted_session_data && b64_digest
-        iv                     = unbase64(b64_iv)
-        encrypted_session_data = unbase64(b64_encrypted_session_data)
-        digest                 = unbase64(b64_digest)
-        timestamp              = unbase64(b64_timestamp).unpack('N').first if b64_timestamp
-        @data_cipher.decrypt
-        @data_cipher.key = @encryption_key
-        @data_cipher.iv = iv
-        session_data = @data_cipher.update(encrypted_session_data) << @data_cipher.final
-        session_data = inflate(session_data) if compressed
-        return [nil, nil, nil] unless digest == OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(@digest), secret, session_data + timestamp.to_s)
-        if @options[:expire_after]
-          return [nil, nil, nil] unless timestamp
-          return [nil, nil, timestamp] unless Time.now.utc.to_i - timestamp < @options[:expire_after]
+      # To prevent users from using an insecure encryption key like "Password" we make sure that the
+      # encryption key they've provided is at least 30 characters in length.
+      def ensure_encryption_key_secure
+        if @encryption_key.blank?
+          raise ArgumentError, "An encryption key is required for encrypting the " +
+              "cookie session data. Please set config.action_controller.session = { " +
+              "..., :encryption_key => \"some random string of at least " +
+              "16 bytes\", ... } in config/environment.rb"
         end
-        loaded_data = nil
-        begin
-          loaded_data = Marshal.load(session_data)
-        rescue
-          @logger.error("Could not unmarshal session_data: #{session_data.inspect}") if @logger
+        if @encryption_key.size < 16 * 2
+          raise ArgumentError, "The EncryptedCookieStore encryption key must be a " +
+              "hexadecimal string of at least 16 bytes. " +
+              "The value that you've provided, \"#{@encryption_key}\", is " +
+              "#{@encryption_key.size / 2} bytes. You could use the following (randomly " +
+              "generated) string as encryption key: " +
+              ActiveSupport::SecureRandom.hex(16)
         end
-        [loaded_data, session_data, timestamp]
-      else
-        [nil, nil, nil]
       end
-    else
-      [nil, nil, nil]
-    end
-  rescue Zlib::DataError
-    [nil, nil, nil]
-  rescue OpenSSLCipherError
-    [nil, nil, nil]
-  end
-  def all_unpacked_cookie_data(env)
-    env["action_dispatch.request.unsigned_session_cookie"] ||= begin
-      stale_session_check! do
-        request = Rack::Request.new(env)
-        session_data = request.cookies[@key]
-        unmarshal(session_data) || {}
+      def base64(data)
+        ::Base64.encode64(data).tr('+/', '-_').gsub(/=|\n/, '')
       end
-    end
-  end
-  def unpacked_cookie_data(env)
-    all_unpacked_cookie_data(env).first
-  end
+      def unbase64(data)
+        ::Base64.decode64(data.tr('-_', '+/').ljust((data.length + 4 - 1) / 4 * 4, '='))
+      end
-  def session_refreshed_at(timestamp)
-    Time.at(timestamp).utc if timestamp
-  end
+      # compress
+      def deflate(string, level)
+        z = Zlib::Deflate.new(level)
+        dst = z.deflate(string, Zlib::FINISH)
+        z.close
+        dst
+      end
-  # To prevent users from using an insecure encryption key like "Password" we make sure that the
-  # encryption key they've provided is at least 30 characters in length.
-  def ensure_encryption_key_secure(encryption_key)
-    if encryption_key.blank?
-      raise ArgumentError, "An encryption key is required for encrypting the " +
-        "cookie session data. Please set config.action_controller.session = { " +
-        "..., :encryption_key => \"some random string of at least " +
-        "16 bytes\", ... } in config/environment.rb"
-    end
+      # decompress
+      def inflate(string)
+        zstream = Zlib::Inflate.new
+        buf = zstream.inflate(string)
+        zstream.finish
+        zstream.close
+        buf
+      end
-    if encryption_key.size < 16 * 2
-      raise ArgumentError, "The EncryptedCookieStore encryption key must be a " +
-        "hexadecimal string of at least 16 bytes. " +
-        "The value that you've provided, \"#{encryption_key}\", is " +
-        "#{encryption_key.size / 2} bytes. You could use the following (randomly " +
-        "generated) string as encryption key: " +
-        ActiveSupport::SecureRandom.hex(16)
+      def unhex(hex_data)
+        [hex_data].pack("H*")
+      end
     end
   end
-  def verifier_for(secret, digest)
-    nil
-  end
-  def base64(data)
-    ActiveSupport::Base64.encode64(data).tr('+/', '-_').gsub(/=|\n/, '')
-  end
-  def unbase64(data)
-    ActiveSupport::Base64.decode64(data.tr('-_', '+/').ljust((data.length + 4 - 1) / 4 * 4, '='))
-  end
-    # aka compress
-  def deflate(string, level)
-    z = Zlib::Deflate.new(level)
-    dst = z.deflate(string, Zlib::FINISH)
-    z.close
-    dst
-  end
-  # aka decompress
-  def inflate(string)
-    zstream = Zlib::Inflate.new
-    buf = zstream.inflate(string)
-    zstream.finish
-    zstream.close
-    buf
-  end
-  def unhex(hex_data)
-    [hex_data].pack("H*")
-  end
 end
+EncryptedCookieStore = ActionDispatch::Session::EncryptedCookieStore

metadata CHANGED Viewed

@@ -1,7 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: encrypted_cookie_store-instructure
 version: !ruby/object:Gem::Version
-  version: 1.0.8
+  version: 1.1.0
+  prerelease:
 platform: ruby
 authors:
 - Cody Cutrer
@@ -10,8 +11,88 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-12-20 00:00:00.000000000 Z
-dependencies: []
+date: 2013-11-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: debugger
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A secure version of Rails' built in CookieStore
 email:
 executables: []
@@ -21,30 +102,31 @@ extra_rdoc_files:
 files:
 - LICENSE.txt
 - README.markdown
-- encrypted_cookie_store-instructure.gemspec
 - lib/encrypted_cookie_store.rb
+- encrypted_cookie_store-instructure.gemspec
 homepage: http://github.com/ccutrer/encrypted_cookie_store
 licenses: []
-metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.3.0
+rubygems_version: 1.8.23
 signing_key:
-specification_version: 4
-summary: EncryptedCookieStore for Ruby on Rails 2.3
+specification_version: 3
+summary: EncryptedCookieStore for Ruby on Rails 3.2
 test_files: []
 has_rdoc:

checksums.yaml DELETED Viewed

@@ -1,15 +0,0 @@
----
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    OTNlMTI1ODU0MzA1OWU5NGFmOTFkMTk4NjEyNTVjNzVkZjAxOTAxNA==
-  data.tar.gz: !binary |-
-    N2Q3MGExZTg4MDgyMWZhMmMxNjc2ZWFlNGVhY2I5MTRmZmRjNDM5OQ==
-SHA512:
-  metadata.gz: !binary |-
-    MDNiZjdkOTQ3YzMyMGU2N2I5NzI0Zjg5N2ExNGJmM2M5ZjdkNjFlNTFlZThm
-    MWRjNjU1ZGFiNWZlNjRlZWFjMWMzY2VlYjVjZjZlOGQzMWNjMjdjMzM4Zjk1
-    MDA5Yzc5YmFhZDg2YzE5ZTA1MGExOWYyODEyZDY0ZDc4YWU1MGI=
-  data.tar.gz: !binary |-
-    ZWQwNzg1MjFlZWY0ZGRjYzBlZWM0MWZlMzJiNmJhNDc4NDY0OGIwMTJmYzRi
-    NzU1OTlhYzQ5Yzg0MDQ5NDFlMjM2NTE4OTFhODE2MGU4ZTU4ZDVjZDlkMTk1
-    ODExNjQzZjg1MDcwOTM1MzdhM2JiOTNlODM2NDc0YTFlYjRlMTg=