encrypted_cookie_store-instructure 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = %q{encrypted_cookie_store-instructure}
|
|
3
|
-
s.version = "1.1.
|
|
3
|
+
s.version = "1.1.1"
|
|
4
4
|
|
|
5
5
|
s.authors = ["Cody Cutrer", "Jacob Fugal", "James Williams"]
|
|
6
|
-
s.date = %q{2013-
|
|
6
|
+
s.date = %q{2013-12-20}
|
|
7
7
|
s.extra_rdoc_files = [
|
|
8
8
|
"LICENSE.txt"
|
|
9
9
|
]
|
|
@@ -13,6 +13,8 @@ module ActionDispatch
|
|
|
13
13
|
end
|
|
14
14
|
self.data_cipher_type = "aes-128-cbc".freeze
|
|
15
15
|
|
|
16
|
+
EXPIRE_AFTER_KEY = "encrypted_cookie_store.session_expire_after"
|
|
17
|
+
|
|
16
18
|
OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
|
|
17
19
|
|
|
18
20
|
def initialize(app, options = {})
|
|
@@ -33,8 +35,17 @@ module ActionDispatch
|
|
|
33
35
|
super(app, options)
|
|
34
36
|
end
|
|
35
37
|
|
|
38
|
+
def call(env)
|
|
39
|
+
@expire_after = env[EXPIRE_AFTER_KEY]
|
|
40
|
+
super
|
|
41
|
+
end
|
|
42
|
+
|
|
36
43
|
private
|
|
37
44
|
|
|
45
|
+
def expire_after(options={})
|
|
46
|
+
@expire_after || options[:expire_after]
|
|
47
|
+
end
|
|
48
|
+
|
|
38
49
|
# overrides method in ActionDispatch::Session::CookieStore
|
|
39
50
|
def unpacked_cookie_data(env)
|
|
40
51
|
env['encrypted_cookie_store.cookie'] ||= begin
|
|
@@ -81,7 +92,7 @@ module ActionDispatch
|
|
|
81
92
|
end
|
|
82
93
|
|
|
83
94
|
def refresh_session?(env, options)
|
|
84
|
-
if options
|
|
95
|
+
if expire_after(options) && options[:refresh_interval] && time = timestamp(env)
|
|
85
96
|
Time.now.utc.to_i > time + options[:refresh_interval]
|
|
86
97
|
else
|
|
87
98
|
false
|
|
@@ -101,11 +112,11 @@ module ActionDispatch
|
|
|
101
112
|
compressed_session_data = session_data
|
|
102
113
|
end
|
|
103
114
|
encrypted_session_data = @data_cipher.update(compressed_session_data) << @data_cipher.final
|
|
104
|
-
timestamp = Time.now.utc.to_i if options
|
|
115
|
+
timestamp = Time.now.utc.to_i if expire_after(options)
|
|
105
116
|
digest = OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(@digest), @secret, session_data + timestamp.to_s)
|
|
106
117
|
|
|
107
118
|
result = "#{base64(iv)}#{compressed_session_data == session_data ? '.' : ' '}#{base64(encrypted_session_data)}.#{base64(digest)}"
|
|
108
|
-
result << ".#{base64([timestamp].pack('N'))}" if options
|
|
119
|
+
result << ".#{base64([timestamp].pack('N'))}" if expire_after(options)
|
|
109
120
|
result
|
|
110
121
|
end
|
|
111
122
|
|
|
@@ -125,8 +136,8 @@ module ActionDispatch
|
|
|
125
136
|
session_data = @data_cipher.update(encrypted_session_data) << @data_cipher.final
|
|
126
137
|
session_data = inflate(session_data) if compressed
|
|
127
138
|
return nil unless digest == OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(@digest), @secret, session_data + timestamp.to_s)
|
|
128
|
-
if options
|
|
129
|
-
return nil unless timestamp && Time.now.utc.to_i <= timestamp + options
|
|
139
|
+
if expire_after(options)
|
|
140
|
+
return nil unless timestamp && Time.now.utc.to_i <= timestamp + expire_after(options)
|
|
130
141
|
end
|
|
131
142
|
|
|
132
143
|
loaded_data = Marshal.load(session_data) || nil
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: encrypted_cookie_store-instructure
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2013-
|
|
14
|
+
date: 2013-12-20 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: actionpack
|