RubyGems - encrypted_cookie_store-instructure - Versions diffs - 1.2.3 → 1.2.4 - Mend

encrypted_cookie_store-instructure 1.2.3 → 1.2.4

Files changed (4) hide show

checksums.yaml +4 -4
data/encrypted_cookie_store-instructure.gemspec +1 -1
data/lib/encrypted_cookie_store.rb +11 -11
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f94d492878cb40bfb4b7db2fd08cfd9852b89033
-  data.tar.gz: 468b7690138bc4faca1925ab0c29e284222315e6
+  metadata.gz: 27e3c5226ac9e726a47ab8da90ae4eb9acbc8b15
+  data.tar.gz: 5cb56758aa39b4d5f721f217077ff5ee8116f836
 SHA512:
-  metadata.gz: 5b6b35fd13d984a426b2b09ae3a7f063127d7faaadaae8dfd3a2cda415f91d1afa48f98c4f3d4c7610ea40c1121e922dae98aef0d4e5fbe0c6d56410d3b8b600
-  data.tar.gz: bac28854fe8c29db34e248ed0f39b6e1fab9080cd40fa0ff884900135f72b675cf7c5c01422192e348c97dc23709c24226c783f9880ab1c15bc43e3075ef8da1
+  metadata.gz: 2e0315240b2e955a55a3195bf3e695b08b760de2faab74c27f57f13e54d61f30dafc4a309aba0389946945694917268fa6c83541246fca8c7a44147a611fee50
+  data.tar.gz: 82ade9b34862910f376f96c825f0f6eaac428a24519cec8b78c64231e83e1137f992d150d24827d85954d69f4869dd5e4fbf072fc8af5f97e1241795a4d26b7b

data/encrypted_cookie_store-instructure.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = %q{encrypted_cookie_store-instructure}
-  s.version = "1.2.3"
+  s.version = "1.2.4"
   s.authors = ["Cody Cutrer", "Jacob Fugal", "James Williams"]
   s.date = %q{2013-12-20}

data/lib/encrypted_cookie_store.rb CHANGED Viewed

@@ -29,10 +29,10 @@ module ActionDispatch
         @secret = options.delete(:secret)
         @secret = @secret.call if @secret.respond_to?(:call)
         @secret.freeze
-        @encryption_key = unhex(@secret).freeze
-        ensure_encryption_key_secure
         @data_cipher = OpenSSL::Cipher.new(EncryptedCookieStore.data_cipher_type)
+        @encryption_key = unhex(@secret[0...(@data_cipher.key_len * 2)]).freeze
+        ensure_encryption_key_secure
         options[:refresh_interval] ||= 5.minutes
         super(app, options)
@@ -195,20 +195,20 @@ module ActionDispatch
       # To prevent users from using an insecure encryption key like "Password" we make sure that the
       # encryption key they've provided is at least 30 characters in length.
       def ensure_encryption_key_secure
-        if @encryption_key.blank?
+        if @secret.blank?
           raise ArgumentError, "An encryption key is required for encrypting the " +
               "cookie session data. Please set config.action_controller.session = { " +
-              "..., :encryption_key => \"some random string of at least " +
-              "16 bytes\", ... } in config/environment.rb"
+              "..., :secret => \"some random hex string of at least " +
+              "#{@data_cipher.key_len} bytes\", ... } in config/environment.rb"
         end
-        if @encryption_key.size < 16 * 2
+        if @secret.size < @data_cipher.key_len * 2
           raise ArgumentError, "The EncryptedCookieStore encryption key must be a " +
-              "hexadecimal string of at least 16 bytes. " +
-              "The value that you've provided, \"#{@encryption_key}\", is " +
-              "#{@encryption_key.size / 2} bytes. You could use the following (randomly " +
-              "generated) string as encryption key: " +
-              ActiveSupport::SecureRandom.hex(16)
+              "hexadecimal string of at least #{@data_cipher.key_len} bytes. " +
+              "The value that you've provided, \"#{@secret}\", is " +
+              "#{@secret.size / 2} bytes. You could use the following (randomly " +
+              "generated) string as the secret: " +
+              SecureRandom.hex(@data_cipher.key_len)
         end
       end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: encrypted_cookie_store-instructure
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.2.4
 platform: ruby
 authors:
 - Cody Cutrer