encrypted_cookie_store-instructure 1.1.12 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +5 -13
  2. data/encrypted_cookie_store-instructure.gemspec +6 -6
  3. data/lib/encrypted_cookie_store.rb +70 -60
  4. metadata +18 -39
checksums.yaml CHANGED
@@ -1,15 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- NWIxYmNmOGZjZDM1NjA5ODZkMDU5ZTZmYTdkZDdjMTRmYTkxNDI2Yg==
5
- data.tar.gz: !binary |-
6
- YzdkYzAwNjU5NDY2ZjRmOGFlMjIxYWE2ZjhmYmEyMjUwY2ZkMDkxZA==
2
+ SHA1:
3
+ metadata.gz: c0f577b66b03c658dd1ce0636ab19c211ea3353a
4
+ data.tar.gz: 43b1d3d42a3a3fad97dd4fe93fe205c0ec9bea92
7
5
  SHA512:
8
- metadata.gz: !binary |-
9
- YWFiYjRiYzMzYjc1N2Q2OTA0YTI3MjJlNDc4Nzc2NmQwZDZlZGRiYzcyNTRk
10
- N2RmNjk2OTIwOGQ5YmMxZGU1OGYxZTM0MzA4ZGZlMmY0ZmQxMTA1NTNkZTlh
11
- ZTBjZjMwMTdjMDM5ODExNjIxMGFlYTczMzVmMTNjYzRjZWM3ZmI=
12
- data.tar.gz: !binary |-
13
- ZDkxMjAyZDA0ZTc4MzlkYjY0Nzk0YjE0MmZkZDBhM2MzZDIzMjU5NTc3NjMw
14
- NzVjNzA2NWM4Yzk1OTdjNWIxNTFmYjk1OGQ1MmY0ZDBlNzM3MWNlOTE0OWUx
15
- OWYyY2E1Y2FjMzI5MTY4Y2E2NmFhZGVhZGVjZjcwZTdjYjA0NDM=
6
+ metadata.gz: 2b0f740fac10688184e2f6466b96ab29f50d80e37b71b6a5f9e6813b7ae7c5fe51983d9cd1ca1742cacd68bf5a6c9208890847afbb94c7e9cb9369a3eb23a20b
7
+ data.tar.gz: 82a7784a9ac88f7ae73bc5b809d3f763f2941e98f3feb23a39bb12609fe411ae952a3a71c21cbd039211b08586835ea7c82549210e8051d7467355cdb8f48a9c
data/encrypted_cookie_store-instructure.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = %q{encrypted_cookie_store-instructure}
3
- s.version = "1.1.12"
3
+ s.version = "1.2.0"
4
4
 
5
5
  s.authors = ["Cody Cutrer", "Jacob Fugal", "James Williams"]
6
6
  s.date = %q{2013-12-20}
@@ -15,12 +15,12 @@ Gem::Specification.new do |s|
15
15
  ]
16
16
  s.homepage = %q{http://github.com/ccutrer/encrypted_cookie_store}
17
17
  s.require_paths = ["lib"]
18
- s.summary = %q{EncryptedCookieStore for Ruby on Rails 3.2}
18
+ s.summary = %q{EncryptedCookieStore for Ruby on Rails 4.2}
19
19
  s.description = %q{A secure version of Rails' built in CookieStore}
20
20
 
21
- s.add_dependency "actionpack", ">= 3.2", "< 4.3"
22
- s.add_development_dependency "bundler", "~> 1.3"
21
+ s.add_dependency "actionpack", "~> 5.0.0"
22
+
23
23
  s.add_development_dependency "rake"
24
- s.add_development_dependency "rspec-rails", "~> 2.0"
25
- s.add_development_dependency "debugger"
24
+ s.add_development_dependency "rspec-rails", "~> 3.5"
25
+ s.add_development_dependency "byebug"
26
26
  end
data/lib/encrypted_cookie_store.rb CHANGED
@@ -1,11 +1,7 @@
1
1
  require 'openssl'
2
2
  require 'zlib'
3
3
 
4
- if ActiveSupport::VERSION::STRING >= '4.0'
5
- require 'active_support/core_ext/object/deep_dup'
6
- else
7
- require 'active_support/core_ext/hash/deep_dup'
8
- end
4
+ require 'active_support/core_ext/object/deep_dup'
9
5
  require 'active_support/core_ext/numeric/time'
10
6
  require 'action_dispatch'
11
7
 
@@ -17,10 +13,6 @@ module ActionDispatch
17
13
  end
18
14
  self.data_cipher_type = "aes-128-cbc".freeze
19
15
 
20
- EXPIRE_AFTER_KEY = "encrypted_cookie_store.session_expire_after"
21
-
22
- OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
23
-
24
16
  def initialize(app, options = {})
25
17
  @logger = options.delete(:logger)
26
18
  @digest = options.delete(:digest) || 'SHA1'
@@ -34,83 +26,103 @@ module ActionDispatch
34
26
  @encryption_key = unhex(@secret).freeze
35
27
  ensure_encryption_key_secure
36
28
 
37
- @allow_legacy_hmac = options[:allow_legacy_hmac]
38
-
39
29
  @data_cipher = OpenSSL::Cipher::Cipher.new(EncryptedCookieStore.data_cipher_type)
40
30
  options[:refresh_interval] ||= 5.minutes
41
31
 
42
32
  super(app, options)
43
33
  end
44
34
 
45
- def call(env)
46
- @expire_after = env[EXPIRE_AFTER_KEY]
47
- super
35
+ if Rack.release >= '2'
36
+ def get_header(req, key)
37
+ req.get_header(key)
38
+ end
39
+
40
+ def fetch_header(req, key, &block)
41
+ req.fetch_header(key, &block)
42
+ end
43
+
44
+ def set_header(req, key, value)
45
+ req.set_header(key, value)
46
+ end
47
+
48
+ # overrides method in ActionDispatch::Session::CookieStore
49
+ def cookie_jar(request)
50
+ request.cookie_jar
51
+ end
52
+
53
+ write_session = 'write_session'
54
+ else
55
+ def get_header(env, key)
56
+ env[key]
57
+ end
58
+
59
+ def fetch_header(env, key, &block)
60
+ env.fetch(key, &block)
61
+ end
62
+
63
+ def set_header(env, key, value)
64
+ env[key] = value
65
+ end
66
+
67
+ # overrides method in ActionDispatch::Session::CookieStore
68
+ def cookie_jar(env)
69
+ request = ActionDispatch::Request.new(env)
70
+ request.cookie_jar
71
+ end
72
+
73
+ write_session = 'set_session'
48
74
  end
49
75
 
50
76
  # overrides method in Rack::Session::Cookie
51
- def load_session(env)
52
- if time = timestamp(env)
53
- env['encrypted_cookie_store.session_refreshed_at'] ||= Time.at(time).utc
77
+ def load_session(req)
78
+ if time = timestamp(req)
79
+ fetch_header(req, 'encrypted_cookie_store.session_refreshed_at') { |k| set_header(req, k, Time.at(time).utc) }
54
80
  end
55
81
  super
56
82
  end
57
83
 
58
84
  private
59
85
 
60
- def expire_after(options={})
61
- @expire_after || options[:expire_after]
62
- end
63
-
64
86
  # overrides method in ActionDispatch::Session::CookieStore
65
- def unpacked_cookie_data(env)
66
- env['encrypted_cookie_store.cookie'] ||= begin
67
- stale_session_check! do
68
- request = ActionDispatch::Request.new(env)
69
- if data = unmarshal(request.cookie_jar[@key])
87
+ def unpacked_cookie_data(req)
88
+ fetch_header(req, "action_dispatch.request.unsigned_session_cookie") do |k|
89
+ v = stale_session_check! do
90
+ if data = unmarshal(get_cookie(req))
70
91
  data.stringify_keys!
71
92
  end
72
93
  data ||= {}
73
- env['encrypted_cookie_store.original_cookie'] = data.deep_dup.except(:timestamp)
94
+ set_header(req, 'encrypted_cookie_store.original_cookie', data.deep_dup.except(:timestamp))
74
95
  data
75
96
  end
97
+ set_header(req, k, v)
76
98
  end
77
99
  end
78
100
 
79
101
  # overrides method in ActionDispatch::Session::CookieStore
80
- def set_cookie(env, session_id, cookie)
81
- request = ActionDispatch::Request.new(env)
82
- request.cookie_jar[@key] = cookie
83
- end
84
-
85
- # overrides method in ActionDispatch::Session::CookieStore
86
- def set_session(env, sid, session_data, options)
87
- session_data = super
88
- session_data.delete(:timestamp)
89
- marshal(session_data, options)
90
- end
102
+ class_eval <<-RUBY, __FILE__, __LINE__ + 1
103
+ def #{write_session}(req, sid, session_data, options)
104
+ session_data = super
105
+ session_data.delete(:timestamp)
106
+ marshal(session_data, options)
107
+ end
108
+ RUBY
91
109
 
92
110
  # overrides method in Rack::Session::Abstract::ID
93
- def commit_session?(env, session, options)
111
+ def commit_session?(req, session, options)
94
112
  can_commit = super
95
- can_commit && (session_changed?(env, session) || refresh_session?(env, options))
113
+ can_commit && (session_changed?(req, session) || refresh_session?(req, options))
96
114
  end
97
115
 
98
- def destroy_session(env, session_id, options)
99
- env.delete('encrypted_cookie_store.cookie')
100
- ActionDispatch::Request.new(env).cookie_jar.delete(@key)
101
- super
102
- end
103
-
104
- def timestamp(env)
105
- unpacked_cookie_data(env)["timestamp"]
116
+ def timestamp(req)
117
+ unpacked_cookie_data(req)["timestamp"]
106
118
  end
107
119
 
108
- def session_changed?(env, session)
109
- (session || {}).to_hash.stringify_keys.except(:timestamp) != (env['encrypted_cookie_store.original_cookie'] || {})
120
+ def session_changed?(req, session)
121
+ (session || {}).to_hash.stringify_keys.except(:timestamp) != (get_header(req, 'encrypted_cookie_store.original_cookie') || {})
110
122
  end
111
123
 
112
- def refresh_session?(env, options)
113
- if expire_after(options) && options[:refresh_interval] && time = timestamp(env)
124
+ def refresh_session?(req, options)
125
+ if options[:expire_after] && options[:refresh_interval] && time = timestamp(req)
114
126
  Time.now.utc.to_i > time + options[:refresh_interval]
115
127
  else
116
128
  false
@@ -130,11 +142,11 @@ module ActionDispatch
130
142
  compressed_session_data = session_data
131
143
  end
132
144
  encrypted_session_data = @data_cipher.update(compressed_session_data) << @data_cipher.final
133
- timestamp = Time.now.utc.to_i if expire_after(options)
145
+ timestamp = Time.now.utc.to_i if options[:expire_after]
134
146
  digest = hmac_digest(iv, session_data, timestamp)
135
147
 
136
148
  result = "#{base64(iv)}#{compressed_session_data == session_data ? '.' : ' '}#{base64(encrypted_session_data)}.#{base64(digest)}"
137
- result << ".#{base64([timestamp].pack('N'))}" if expire_after(options)
149
+ result << ".#{base64([timestamp].pack('N'))}" if options[:expire_after]
138
150
  result
139
151
  end
140
152
 
@@ -153,11 +165,9 @@ module ActionDispatch
153
165
  @data_cipher.iv = iv
154
166
  session_data = @data_cipher.update(encrypted_session_data) << @data_cipher.final
155
167
  session_data = inflate(session_data) if compressed
156
- unless digest == hmac_digest(iv, session_data, timestamp)
157
- return nil unless @allow_legacy_hmac && digest == hmac_digest(nil, session_data, timestamp)
158
- end
159
- if expire_after(options)
160
- return nil unless timestamp && Time.now.utc.to_i <= timestamp + expire_after(options)
168
+ return nil unless digest == hmac_digest(iv, session_data, timestamp)
169
+ if options[:expire_after]
170
+ return nil unless timestamp && Time.now.utc.to_i <= timestamp + options[:expire_after]
161
171
  end
162
172
 
163
173
  loaded_data = nil
@@ -172,7 +182,7 @@ module ActionDispatch
172
182
  else
173
183
  nil
174
184
  end
175
- rescue Zlib::DataError, OpenSSLCipherError
185
+ rescue Zlib::DataError, OpenSSL::Cipher::CipherError
176
186
  nil
177
187
  end
178
188
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: encrypted_cookie_store-instructure
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.12
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cody Cutrer
@@ -16,76 +16,56 @@ dependencies:
16
16
  name: actionpack
17
17
  requirement: !ruby/object:Gem::Requirement
18
18
  requirements:
19
- - - ! '>='
19
+ - - "~>"
20
20
  - !ruby/object:Gem::Version
21
- version: '3.2'
22
- - - <
23
- - !ruby/object:Gem::Version
24
- version: '4.3'
21
+ version: 5.0.0
25
22
  type: :runtime
26
23
  prerelease: false
27
24
  version_requirements: !ruby/object:Gem::Requirement
28
25
  requirements:
29
- - - ! '>='
30
- - !ruby/object:Gem::Version
31
- version: '3.2'
32
- - - <
33
- - !ruby/object:Gem::Version
34
- version: '4.3'
35
- - !ruby/object:Gem::Dependency
36
- name: bundler
37
- requirement: !ruby/object:Gem::Requirement
38
- requirements:
39
- - - ~>
40
- - !ruby/object:Gem::Version
41
- version: '1.3'
42
- type: :development
43
- prerelease: false
44
- version_requirements: !ruby/object:Gem::Requirement
45
- requirements:
46
- - - ~>
26
+ - - "~>"
47
27
  - !ruby/object:Gem::Version
48
- version: '1.3'
28
+ version: 5.0.0
49
29
  - !ruby/object:Gem::Dependency
50
30
  name: rake
51
31
  requirement: !ruby/object:Gem::Requirement
52
32
  requirements:
53
- - - ! '>='
33
+ - - ">="
54
34
  - !ruby/object:Gem::Version
55
35
  version: '0'
56
36
  type: :development
57
37
  prerelease: false
58
38
  version_requirements: !ruby/object:Gem::Requirement
59
39
  requirements:
60
- - - ! '>='
40
+ - - ">="
61
41
  - !ruby/object:Gem::Version
62
42
  version: '0'
63
43
  - !ruby/object:Gem::Dependency
64
44
  name: rspec-rails
65
45
  requirement: !ruby/object:Gem::Requirement
66
46
  requirements:
67
- - - ~>
47
+ - - "~>"
68
48
  - !ruby/object:Gem::Version
69
- version: '2.0'
49
+ version: '3.5'
70
50
  type: :development
71
51
  prerelease: false
72
52
  version_requirements: !ruby/object:Gem::Requirement
73
53
  requirements:
74
- - - ~>
54
+ - - "~>"
75
55
  - !ruby/object:Gem::Version
76
- version: '2.0'
56
+ version: '3.5'
77
57
  - !ruby/object:Gem::Dependency
78
- name: debugger
58
+ name: byebug
79
59
  requirement: !ruby/object:Gem::Requirement
80
60
  requirements:
81
- - - ! '>='
61
+ - - ">="
82
62
  - !ruby/object:Gem::Version
83
63
  version: '0'
84
64
  type: :development
85
65
  prerelease: false
86
66
  version_requirements: !ruby/object:Gem::Requirement
87
67
  requirements:
88
- - - ! '>='
68
+ - - ">="
89
69
  - !ruby/object:Gem::Version
90
70
  version: '0'
91
71
  description: A secure version of Rails' built in CookieStore
@@ -108,19 +88,18 @@ require_paths:
108
88
  - lib
109
89
  required_ruby_version: !ruby/object:Gem::Requirement
110
90
  requirements:
111
- - - ! '>='
91
+ - - ">="
112
92
  - !ruby/object:Gem::Version
113
93
  version: '0'
114
94
  required_rubygems_version: !ruby/object:Gem::Requirement
115
95
  requirements:
116
- - - ! '>='
96
+ - - ">="
117
97
  - !ruby/object:Gem::Version
118
98
  version: '0'
119
99
  requirements: []
120
100
  rubyforge_project:
121
- rubygems_version: 2.4.5
101
+ rubygems_version: 2.5.1
122
102
  signing_key:
123
103
  specification_version: 4
124
- summary: EncryptedCookieStore for Ruby on Rails 3.2
104
+ summary: EncryptedCookieStore for Ruby on Rails 4.2
125
105
  test_files: []
126
- has_rdoc: