frikandel 2.1.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +20 -1
- data/Gemfile.rails-3.2.x +2 -0
- data/Gemfile.rails-4.0.x +2 -0
- data/Gemfile.rails-4.1.x +2 -0
- data/Gemfile.rails-4.2.x +8 -0
- data/Gemfile.rails-5.0.x +6 -0
- data/README.md +7 -4
- data/frikandel.gemspec +6 -2
- data/lib/frikandel/bind_session_to_ip_address.rb +6 -1
- data/lib/frikandel/limit_session_lifetime.rb +5 -1
- data/lib/frikandel/version.rb +1 -1
- data/spec/controllers/bind_session_to_ip_address_controller_spec.rb +36 -28
- data/spec/controllers/combined_controller_spec.rb +43 -35
- data/spec/controllers/customized_on_invalid_session_controller_spec.rb +3 -2
- data/spec/controllers/limit_session_lifetime_controller_spec.rb +78 -70
- data/spec/dummy/config/application.rb +2 -0
- data/spec/dummy/config/environments/test.rb +7 -2
- data/spec/lib/frikandel/configuration_spec.rb +17 -17
- data/spec/rails_helper.rb +76 -0
- data/spec/spec_helper.rb +88 -24
- data/spec/support/application_controller.rb +6 -1
- metadata +58 -34
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9b482779b62ba9385e517c2ca292f171c2420cf3
|
|
4
|
+
data.tar.gz: 9201f44fbbf1310bfdd3d92ae00ba24647481ea6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 53963f5b2b74abe4aed3137a203fc7b267635ff419b4ec43c48aa54c2fcf75bfd76619bb1e68cbf13b51babd4858bdfe3f4dee892e85cc80ef68cab052edfae4
|
|
7
|
+
data.tar.gz: 9dce96d7ab8fd9f7a5ac986109ebdc36d911f657ef0ba11f3ae2afe6c9c33987b9083e212a6e19a7b772ce749f7d9e55a0b30793a0d60bd9ad028aa9ea5868d6
|
data/.travis.yml
CHANGED
|
@@ -2,15 +2,34 @@ language: ruby
|
|
|
2
2
|
rvm:
|
|
3
3
|
- "1.9.3"
|
|
4
4
|
- "2.0.0"
|
|
5
|
-
- "2.1.
|
|
5
|
+
- "2.1.9"
|
|
6
|
+
- "2.2.5"
|
|
7
|
+
- "2.3.1"
|
|
6
8
|
- ruby-head
|
|
7
9
|
- jruby-19mode
|
|
8
10
|
gemfile:
|
|
9
11
|
- Gemfile.rails-3.2.x
|
|
10
12
|
- Gemfile.rails-4.0.x
|
|
11
13
|
- Gemfile.rails-4.1.x
|
|
14
|
+
- Gemfile.rails-4.2.x
|
|
15
|
+
- Gemfile.rails-5.0.x
|
|
12
16
|
- Gemfile.rails-head
|
|
17
|
+
before_install:
|
|
18
|
+
- gem install bundler
|
|
13
19
|
matrix:
|
|
14
20
|
allow_failures:
|
|
15
21
|
- rvm: ruby-head
|
|
16
22
|
- gemfile: Gemfile.rails-head
|
|
23
|
+
exclude:
|
|
24
|
+
- rvm: "2.2.5"
|
|
25
|
+
gemfile: Gemfile.rails-3.2.x
|
|
26
|
+
- rvm: "2.2.5"
|
|
27
|
+
gemfile: Gemfile.rails-4.0.x
|
|
28
|
+
- rvm: "1.9.3"
|
|
29
|
+
gemfile: Gemfile.rails-5.0.x
|
|
30
|
+
- rvm: "2.0.0"
|
|
31
|
+
gemfile: Gemfile.rails-5.0.x
|
|
32
|
+
- rvm: "2.1.9"
|
|
33
|
+
gemfile: Gemfile.rails-5.0.x
|
|
34
|
+
- rvm: "jruby-19mode"
|
|
35
|
+
gemfile: Gemfile.rails-5.0.x
|
data/Gemfile.rails-3.2.x
CHANGED
data/Gemfile.rails-4.0.x
CHANGED
data/Gemfile.rails-4.1.x
CHANGED
data/Gemfile.rails-4.2.x
ADDED
data/Gemfile.rails-5.0.x
ADDED
data/README.md
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
# Frikandel
|
|
2
|
-
[](http://badge.fury.io/rb/frikandel)
|
|
2
|
+
[](http://badge.fury.io/rb/frikandel)
|
|
3
3
|
[](https://travis-ci.org/taktsoft/frikandel)
|
|
4
4
|
[](https://codeclimate.com/github/taktsoft/frikandel)
|
|
5
|
+
[](https://gemnasium.com/taktsoft/frikandel)
|
|
5
6
|
|
|
6
7
|
This gem aims to improve the security of your rails application. It allows you to add a TTL (Time To Live) to the session cookie and allows you to bind the session to an IP address.
|
|
7
8
|
|
|
@@ -99,9 +100,11 @@ end
|
|
|
99
100
|
|
|
100
101
|
To run the test suite with different rails version by selecting the corresponding gemfile. You can use this one liners:
|
|
101
102
|
|
|
102
|
-
$ BUNDLE_GEMFILE=Gemfile.rails-3.2.x bundle update && bundle exec rake spec
|
|
103
|
-
$ BUNDLE_GEMFILE=Gemfile.rails-4.0.x bundle update && bundle exec rake spec
|
|
104
|
-
$ BUNDLE_GEMFILE=Gemfile.rails-4.1.x bundle update && bundle exec rake spec
|
|
103
|
+
$ export BUNDLE_GEMFILE=Gemfile.rails-3.2.x && bundle update && bundle exec rake spec
|
|
104
|
+
$ export BUNDLE_GEMFILE=Gemfile.rails-4.0.x && bundle update && bundle exec rake spec
|
|
105
|
+
$ export BUNDLE_GEMFILE=Gemfile.rails-4.1.x && bundle update && bundle exec rake spec
|
|
106
|
+
$ export BUNDLE_GEMFILE=Gemfile.rails-4.2.x && bundle update && bundle exec rake spec
|
|
107
|
+
$ export BUNDLE_GEMFILE=Gemfile.rails-5.0.x && bundle update && bundle exec rake spec
|
|
105
108
|
|
|
106
109
|
## Contributing
|
|
107
110
|
1. Fork it
|
data/frikandel.gemspec
CHANGED
|
@@ -18,14 +18,18 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.test_files = Dir["spec/**/*"]
|
|
19
19
|
spec.require_paths = ["lib"]
|
|
20
20
|
|
|
21
|
+
spec.required_ruby_version = '>= 1.9.3'
|
|
22
|
+
spec.required_rubygems_version = ">= 1.3.6"
|
|
23
|
+
|
|
21
24
|
spec.add_development_dependency "bundler", "~> 1.5"
|
|
22
25
|
spec.add_development_dependency "rake"
|
|
23
26
|
spec.add_development_dependency "sqlite3" unless RUBY_PLATFORM == 'java'
|
|
24
27
|
spec.add_development_dependency "jdbc-sqlite3" if RUBY_PLATFORM == 'java'
|
|
25
28
|
spec.add_development_dependency "activerecord-jdbcsqlite3-adapter" if RUBY_PLATFORM == 'java'
|
|
26
|
-
spec.add_development_dependency "rspec-rails"
|
|
29
|
+
spec.add_development_dependency "rspec-rails", ["> 3.0", "< 3.6"]
|
|
27
30
|
spec.add_development_dependency "guard-rspec"
|
|
28
31
|
spec.add_development_dependency "pry"
|
|
32
|
+
spec.add_development_dependency "test-unit"
|
|
29
33
|
|
|
30
|
-
spec.add_dependency "rails", [">= 3.2.0", "< 5.
|
|
34
|
+
spec.add_dependency "rails", [">= 3.2.0", "< 5.1"]
|
|
31
35
|
end
|
|
@@ -1,9 +1,14 @@
|
|
|
1
1
|
module Frikandel
|
|
2
2
|
module BindSessionToIpAddress
|
|
3
3
|
extend ActiveSupport::Concern
|
|
4
|
+
include SessionInvalidation
|
|
4
5
|
|
|
5
6
|
included do
|
|
6
|
-
|
|
7
|
+
if respond_to?(:before_action)
|
|
8
|
+
append_before_action :validate_session_ip_address
|
|
9
|
+
else
|
|
10
|
+
append_before_filter :validate_session_ip_address
|
|
11
|
+
end
|
|
7
12
|
end
|
|
8
13
|
|
|
9
14
|
private
|
|
@@ -4,7 +4,11 @@ module Frikandel
|
|
|
4
4
|
include SessionInvalidation
|
|
5
5
|
|
|
6
6
|
included do
|
|
7
|
-
|
|
7
|
+
if respond_to?(:before_action)
|
|
8
|
+
append_before_action :validate_session_timestamp
|
|
9
|
+
else
|
|
10
|
+
append_before_filter :validate_session_timestamp
|
|
11
|
+
end
|
|
8
12
|
end
|
|
9
13
|
|
|
10
14
|
private
|
data/lib/frikandel/version.rb
CHANGED
|
@@ -1,14 +1,22 @@
|
|
|
1
|
-
require "
|
|
1
|
+
require "rails_helper"
|
|
2
2
|
require "support/application_controller"
|
|
3
3
|
|
|
4
4
|
|
|
5
5
|
class BindSessionToIpAddressController < ApplicationController
|
|
6
6
|
include Frikandel::BindSessionToIpAddress
|
|
7
7
|
|
|
8
|
-
|
|
8
|
+
if respond_to?(:before_action)
|
|
9
|
+
before_action :flash_alert_and_redirect_home, only: [:redirect_home]
|
|
10
|
+
else
|
|
11
|
+
before_filter :flash_alert_and_redirect_home, only: [:redirect_home]
|
|
12
|
+
end
|
|
9
13
|
|
|
10
14
|
def home
|
|
11
|
-
|
|
15
|
+
if Rails::VERSION::MAJOR >= 5
|
|
16
|
+
render plain: "bind test"
|
|
17
|
+
else
|
|
18
|
+
render text: "bind test"
|
|
19
|
+
end
|
|
12
20
|
end
|
|
13
21
|
|
|
14
22
|
def redirect_home
|
|
@@ -23,7 +31,7 @@ protected
|
|
|
23
31
|
end
|
|
24
32
|
|
|
25
33
|
|
|
26
|
-
describe BindSessionToIpAddressController do
|
|
34
|
+
RSpec.describe BindSessionToIpAddressController do
|
|
27
35
|
context "requests" do
|
|
28
36
|
it "writes current ip address to session" do
|
|
29
37
|
expect(session[:ip_address]).to be_nil
|
|
@@ -40,13 +48,13 @@ describe BindSessionToIpAddressController do
|
|
|
40
48
|
|
|
41
49
|
expect(session[:ip_address]).to eql("0.0.0.0")
|
|
42
50
|
|
|
43
|
-
flash.
|
|
44
|
-
flash[:alert].
|
|
51
|
+
expect(flash).not_to be_empty
|
|
52
|
+
expect(flash[:alert]).to eql("alert test")
|
|
45
53
|
end
|
|
46
54
|
|
|
47
55
|
it "raises an exception if session address and current ip address don't match" do
|
|
48
56
|
session[:ip_address] = "1.2.3.4"
|
|
49
|
-
controller.
|
|
57
|
+
expect(controller).to receive(:on_invalid_session)
|
|
50
58
|
|
|
51
59
|
get :home
|
|
52
60
|
end
|
|
@@ -59,21 +67,21 @@ describe BindSessionToIpAddressController do
|
|
|
59
67
|
session[:ttl] = "SomeTTL"
|
|
60
68
|
session[:max_ttl] = "SomeMaxTTL"
|
|
61
69
|
|
|
62
|
-
controller.
|
|
63
|
-
controller.
|
|
70
|
+
expect(controller).to receive(:reset_session).and_call_original
|
|
71
|
+
expect(controller).to receive(:persist_session_ip_address).and_call_original
|
|
64
72
|
get :home
|
|
65
73
|
|
|
66
|
-
session[:user_id].
|
|
67
|
-
session[:ip_address].
|
|
68
|
-
session[:ip_address].
|
|
69
|
-
session[:ttl].
|
|
70
|
-
session[:max_ttl].
|
|
74
|
+
expect(session[:user_id]).to be_blank
|
|
75
|
+
expect(session[:ip_address]).to be_present
|
|
76
|
+
expect(session[:ip_address]).to eql("0.0.0.0")
|
|
77
|
+
expect(session[:ttl]).to be_blank
|
|
78
|
+
expect(session[:max_ttl]).to be_blank
|
|
71
79
|
end
|
|
72
80
|
|
|
73
81
|
it "allows the request to be rendered as normal" do
|
|
74
82
|
get :home
|
|
75
83
|
|
|
76
|
-
response.body.
|
|
84
|
+
expect(response.body).to eql("bind test")
|
|
77
85
|
end
|
|
78
86
|
end
|
|
79
87
|
end
|
|
@@ -83,8 +91,8 @@ describe BindSessionToIpAddressController do
|
|
|
83
91
|
it "calls on_invalid_session if ip address doesn't match with current" do
|
|
84
92
|
session[:ip_address] = "1.3.3.7"
|
|
85
93
|
|
|
86
|
-
controller.
|
|
87
|
-
controller.
|
|
94
|
+
expect(controller).to receive(:ip_address_match_with_current?).and_return(false)
|
|
95
|
+
expect(controller).to receive(:on_invalid_session)
|
|
88
96
|
|
|
89
97
|
controller.send(:validate_session_ip_address)
|
|
90
98
|
end
|
|
@@ -92,8 +100,8 @@ describe BindSessionToIpAddressController do
|
|
|
92
100
|
it "calls reset_session if ip address isn't persisted in session" do
|
|
93
101
|
session.delete(:ip_address)
|
|
94
102
|
|
|
95
|
-
controller.
|
|
96
|
-
controller.
|
|
103
|
+
expect(controller).not_to receive(:ip_address_match_with_current?)
|
|
104
|
+
expect(controller).to receive(:reset_session)
|
|
97
105
|
|
|
98
106
|
controller.send(:validate_session_ip_address)
|
|
99
107
|
end
|
|
@@ -101,8 +109,8 @@ describe BindSessionToIpAddressController do
|
|
|
101
109
|
it "calls persist_session_ip_address if validation passes" do
|
|
102
110
|
session[:ip_address] = "1.3.3.7"
|
|
103
111
|
|
|
104
|
-
controller.
|
|
105
|
-
controller.
|
|
112
|
+
expect(controller).to receive(:ip_address_match_with_current?).and_return(true)
|
|
113
|
+
expect(controller).to receive(:persist_session_ip_address)
|
|
106
114
|
|
|
107
115
|
controller.send(:validate_session_ip_address)
|
|
108
116
|
end
|
|
@@ -112,7 +120,7 @@ describe BindSessionToIpAddressController do
|
|
|
112
120
|
context ".persist_session_ip_address" do
|
|
113
121
|
it "sets the current ip address in session on key ip_address" do
|
|
114
122
|
expect {
|
|
115
|
-
controller.
|
|
123
|
+
expect(controller).to receive(:current_ip_address).and_return("1.3.3.7")
|
|
116
124
|
controller.send(:persist_session_ip_address)
|
|
117
125
|
}.to change {
|
|
118
126
|
session[:ip_address]
|
|
@@ -123,31 +131,31 @@ describe BindSessionToIpAddressController do
|
|
|
123
131
|
|
|
124
132
|
context ".current_ip_address" do
|
|
125
133
|
it "returns the remote_ip from request" do
|
|
126
|
-
request.
|
|
134
|
+
expect(request).to receive(:remote_ip).and_return(:request_remote_ip)
|
|
127
135
|
|
|
128
|
-
controller.send(:current_ip_address).
|
|
136
|
+
expect(controller.send(:current_ip_address)).to eql(:request_remote_ip)
|
|
129
137
|
end
|
|
130
138
|
end
|
|
131
139
|
|
|
132
140
|
|
|
133
141
|
context ".ip_address_match_with_current?" do
|
|
134
142
|
it "compares ip address from session with the current ip address" do
|
|
135
|
-
controller.
|
|
143
|
+
allow(controller).to receive(:current_ip_address).and_return("1.3.3.7")
|
|
136
144
|
|
|
137
145
|
session[:ip_address] = "1.3.3.7"
|
|
138
146
|
|
|
139
|
-
controller.send(:ip_address_match_with_current?).
|
|
147
|
+
expect(controller.send(:ip_address_match_with_current?)).to be_truthy
|
|
140
148
|
|
|
141
149
|
session[:ip_address] = "7.3.3.1"
|
|
142
150
|
|
|
143
|
-
controller.send(:ip_address_match_with_current?).
|
|
151
|
+
expect(controller.send(:ip_address_match_with_current?)).to be_falsey
|
|
144
152
|
end
|
|
145
153
|
end
|
|
146
154
|
|
|
147
155
|
|
|
148
156
|
context ".reset_session" do
|
|
149
157
|
it "calls persist_session_ip_address" do
|
|
150
|
-
controller.
|
|
158
|
+
expect(controller).to receive(:persist_session_ip_address).and_call_original
|
|
151
159
|
controller.send(:reset_session)
|
|
152
160
|
end
|
|
153
161
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require "
|
|
1
|
+
require "rails_helper"
|
|
2
2
|
require "support/application_controller"
|
|
3
3
|
|
|
4
4
|
|
|
@@ -6,10 +6,18 @@ class CombinedController < ApplicationController
|
|
|
6
6
|
include Frikandel::LimitSessionLifetime
|
|
7
7
|
include Frikandel::BindSessionToIpAddress
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
if respond_to?(:before_action)
|
|
10
|
+
before_action :flash_alert_and_redirect_home, only: [:redirect_home]
|
|
11
|
+
else
|
|
12
|
+
before_filter :flash_alert_and_redirect_home, only: [:redirect_home]
|
|
13
|
+
end
|
|
10
14
|
|
|
11
15
|
def home
|
|
12
|
-
|
|
16
|
+
if Rails::VERSION::MAJOR >= 5
|
|
17
|
+
render plain: "combined test"
|
|
18
|
+
else
|
|
19
|
+
render text: "combined test"
|
|
20
|
+
end
|
|
13
21
|
end
|
|
14
22
|
|
|
15
23
|
def redirect_home
|
|
@@ -24,38 +32,38 @@ protected
|
|
|
24
32
|
end
|
|
25
33
|
|
|
26
34
|
|
|
27
|
-
describe CombinedController do
|
|
35
|
+
RSpec.describe CombinedController do
|
|
28
36
|
context "ttl nor ip isn't present in session" do
|
|
29
37
|
it "resets the session and persists ip address, ttl & max_ttl" do
|
|
30
38
|
session[:user_id] = 4337
|
|
31
39
|
|
|
32
40
|
get :home
|
|
33
41
|
|
|
34
|
-
session[:user_id].
|
|
35
|
-
session[:ip_address].
|
|
36
|
-
session[:ttl].
|
|
37
|
-
session[:max_ttl].
|
|
42
|
+
expect(session[:user_id]).to be_blank
|
|
43
|
+
expect(session[:ip_address]).to be_present
|
|
44
|
+
expect(session[:ttl]).to be_present
|
|
45
|
+
expect(session[:max_ttl]).to be_present
|
|
38
46
|
end
|
|
39
47
|
|
|
40
48
|
it "allows the request to be rendered as normal" do
|
|
41
49
|
get :home
|
|
42
50
|
|
|
43
|
-
response.body.
|
|
51
|
+
expect(response.body).to eql("combined test")
|
|
44
52
|
end
|
|
45
53
|
|
|
46
54
|
it "persists ttl, max_ttl and ip even on redirect in another before filter" do
|
|
47
|
-
session[:ip_address].
|
|
48
|
-
session[:ttl].
|
|
49
|
-
session[:max_ttl].
|
|
55
|
+
expect(session[:ip_address]).to be_nil
|
|
56
|
+
expect(session[:ttl]).to be_nil
|
|
57
|
+
expect(session[:max_ttl]).to be_nil
|
|
50
58
|
|
|
51
59
|
simulate_redirect!(:redirect_home, :home)
|
|
52
60
|
|
|
53
|
-
session[:ip_address].
|
|
54
|
-
session[:ttl].
|
|
55
|
-
session[:max_ttl].
|
|
61
|
+
expect(session[:ip_address]).to be_present
|
|
62
|
+
expect(session[:ttl]).to be_present
|
|
63
|
+
expect(session[:max_ttl]).to be_present
|
|
56
64
|
|
|
57
|
-
flash.
|
|
58
|
-
flash[:alert].
|
|
65
|
+
expect(flash).not_to be_empty
|
|
66
|
+
expect(flash[:alert]).to eql("alert test")
|
|
59
67
|
end
|
|
60
68
|
end
|
|
61
69
|
|
|
@@ -68,12 +76,12 @@ describe CombinedController do
|
|
|
68
76
|
|
|
69
77
|
get :home
|
|
70
78
|
|
|
71
|
-
session[:user_id].
|
|
72
|
-
session[:ip_address].
|
|
73
|
-
session[:ttl].
|
|
74
|
-
session[:ttl].
|
|
75
|
-
session[:max_ttl].
|
|
76
|
-
session[:max_ttl].
|
|
79
|
+
expect(session[:user_id]).to be_blank
|
|
80
|
+
expect(session[:ip_address]).to be_present
|
|
81
|
+
expect(session[:ttl]).to be_present
|
|
82
|
+
expect(session[:ttl]).not_to eql(last_ttl)
|
|
83
|
+
expect(session[:max_ttl]).to be_present
|
|
84
|
+
expect(session[:max_ttl]).not_to eql(last_max_ttl)
|
|
77
85
|
end
|
|
78
86
|
|
|
79
87
|
it "resets the session and persists ip address, ttl & max_ttl if ttl is missing" do
|
|
@@ -83,12 +91,12 @@ describe CombinedController do
|
|
|
83
91
|
|
|
84
92
|
get :home
|
|
85
93
|
|
|
86
|
-
session[:user_id].
|
|
87
|
-
session[:ip_address].
|
|
88
|
-
session[:ip_address].
|
|
89
|
-
session[:ttl].
|
|
90
|
-
session[:max_ttl].
|
|
91
|
-
session[:max_ttl].
|
|
94
|
+
expect(session[:user_id]).to be_blank
|
|
95
|
+
expect(session[:ip_address]).to be_present
|
|
96
|
+
expect(session[:ip_address]).to eql("0.0.0.0")
|
|
97
|
+
expect(session[:ttl]).to be_present
|
|
98
|
+
expect(session[:max_ttl]).to be_present
|
|
99
|
+
expect(session[:max_ttl]).not_to eql(last_max_ttl)
|
|
92
100
|
end
|
|
93
101
|
|
|
94
102
|
it "resets the session and persists ip address, ttl & max_ttl if max_ttl is missing" do
|
|
@@ -98,12 +106,12 @@ describe CombinedController do
|
|
|
98
106
|
|
|
99
107
|
get :home
|
|
100
108
|
|
|
101
|
-
session[:user_id].
|
|
102
|
-
session[:ip_address].
|
|
103
|
-
session[:ip_address].
|
|
104
|
-
session[:ttl].
|
|
105
|
-
session[:ttl].
|
|
106
|
-
session[:max_ttl].
|
|
109
|
+
expect(session[:user_id]).to be_blank
|
|
110
|
+
expect(session[:ip_address]).to be_present
|
|
111
|
+
expect(session[:ip_address]).to eql("0.0.0.0")
|
|
112
|
+
expect(session[:ttl]).to be_present
|
|
113
|
+
expect(session[:ttl]).not_to eql(last_ttl)
|
|
114
|
+
expect(session[:max_ttl]).to be_present
|
|
107
115
|
end
|
|
108
116
|
end
|
|
109
117
|
end
|