global_session 1.1.0 → 2.0.0

data/README.rdoc

@@ -52,15 +52,6 @@ particular, it does not provide any of the following:
     ...
     @current_user = User.find(global_session['user'])
 
-5) For easier programming, enable seamless integration with the local session:
-   (in global_session.yml)
-   common:
-     integrated: true
-   
-   (in your controllers)
-   session['user'] = @user.id #goes to the global session
-   session['local_thingie'] = @thingie.id #goes to the local session
-
 = Global Session Contents
 
 Global session state is stored as a cookie in the user's browser. The cookie
@@ -176,7 +167,6 @@ is a good choice). In the GlobalSession configuration file, specify the
 class name of the directory under the 'common' section, like so:
 
   common:
-    integrated: true
     directory: MyCoolDirectory
 
 Copyright (c) 2010 Tony Spataro <code@tracker.xeger.net>, released under the MIT license

data/global_session.gemspec

@@ -7,8 +7,8 @@ spec = Gem::Specification.new do |s|
   s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
 
   s.name    = 'global_session'
-  s.version = '1.1.0'
-  s.date    = '2012-11-01'
+  s.version = '2.0.0'
+  s.date    = '2012-11-06'
 
   s.authors = ['Tony Spataro']
   s.email   = 'support@rightscale.com'
@@ -21,6 +21,7 @@ spec = Gem::Specification.new do |s|
 
   s.add_runtime_dependency('simple_uuid', [">= 0.2.0"])
   s.add_runtime_dependency('json', ["~> 1.4"])
+  s.add_runtime_dependency('msgpack', ["~> 0.4"])
   s.add_runtime_dependency('rack-contrib', ["~> 1.0"])
 
   basedir = File.dirname(__FILE__)

data/lib/global_session/configuration.rb

@@ -32,7 +32,6 @@ module GlobalSession
   # * attributes
   #    * signed
   #    * insecure
-  # * integrated
   # * ephemeral
   # * timeout
   # * renew
@@ -78,6 +77,10 @@ module GlobalSession
       "<#{self.class.name} @environment=#{@environment.inspect}>"
     end
 
+    def to_hash
+      @config.dup
+    end
+
     # Create a new Configuration object
     #
     # === Parameters
@@ -118,7 +121,7 @@ module GlobalSession
     end
 
     def validate # :nodoc
-      ['attributes/signed', 'integrated', 'cookie/name',
+      ['attributes/signed', 'cookie/name',
        'timeout'].each {|k| validate_presence_of k}
     end
 

data/lib/global_session/directory.rb

@@ -95,7 +95,6 @@ module GlobalSession
     # === Parameters
     # directory(Directory):: directory implementation that the session should use for various operations
     # cookie(String):: Optional, serialized global session cookie. If none is supplied, a new session is created.
-    # valid_signature_digest(String):: Optional, already-trusted signature. If supplied, the expensive RSA-verify operation will be skipped if the cookie's signature matches the value supplied.
     #
     # === Return
     # session(Session):: the newly-initialized session

data/lib/global_session/encoding.rb

@@ -26,7 +26,7 @@ module GlobalSession
     # JSON serializer, used to serialize Hash objects in a form suitable
     # for stuffing into a cookie.
     #
-    class JSON
+    module JSON
       # Unserialize JSON to Hash.
       #
       # === Parameters
@@ -50,6 +50,18 @@ module GlobalSession
       end
     end
 
+    # Wrapper module for MessagePack that makes it conform to the standard load/dump interface
+    # for serializers.
+    module Msgpack
+      def self.load(binary)
+        MessagePack.unpack(binary)
+      end
+
+      def self.dump(object)
+        object.to_msgpack
+      end
+    end
+
     # Implements URL encoding, but without newlines, and using '-' and '_' as
     # the 62nd and 63rd symbol instead of '+' and '/'. This makes for encoded
     # values that can be easily stored in a cookie; however, they cannot

data/lib/global_session/rack.rb

@@ -69,7 +69,7 @@ module GlobalSession
           namespace = namespace.const_get(parts.shift.to_sym) until parts.empty?
           directory_klass = namespace
         rescue Exception => e
-          raise ConfigurationError, "Invalid/unknown directory class name #{@configuration['directory']}"
+          raise GlobalSession::ConfigurationError, "Invalid/unknown directory class name #{@configuration['directory']}"
         end
 
         if directory.instance_of?(String)

data/lib/global_session/rails/action_controller_instance_methods.rb

@@ -37,9 +37,6 @@ module GlobalSession
     module ActionControllerInstanceMethods
       def self.included(base) # :nodoc:
         #Make sure a superclass hasn't already chained the methods...
-        unless base.instance_methods.include?("session_without_global_session")
-          base.alias_method_chain :session, :global_session
-        end
         unless base.instance_methods.include?("log_processing_without_global_session")
           base.alias_method_chain :log_processing, :global_session
         end
@@ -67,26 +64,6 @@ module GlobalSession
         @global_session
       end
 
-      # Aliased version of ActionController::Base#session which will return the integrated
-      # global-and-local session object (IntegratedSession).
-      #
-      # === Return
-      # session(IntegratedSession):: the integrated session
-      def session_with_global_session
-        if global_session_options[:integrated] && global_session
-          unless @integrated_session &&
-                 (@integrated_session.local == session_without_global_session) && 
-                 (@integrated_session.global == global_session)
-            @integrated_session =
-              IntegratedSession.new(session_without_global_session, global_session)
-          end
-          
-          return @integrated_session
-        else
-          return session_without_global_session
-        end
-      end
-
       # Filter to initialize the global session.
       #
       # === Return

data/lib/global_session/rails.rb

@@ -19,8 +19,6 @@
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-basedir = File.dirname(__FILE__)
-
 require 'rack/contrib/cookies'
 require 'action_pack'
 require 'action_controller'

data/lib/global_session/session/abstract.rb

@@ -0,0 +1,83 @@
+module GlobalSession::Session
+  # An abstract base class for all versions of the global session.
+  # Defines common attributes and methods.
+  class Abstract
+    attr_reader :id, :authority, :created_at, :expired_at, :directory
+    attr_reader :signed, :insecure
+
+    # Create a new global session object.
+    #
+    # === Parameters
+    # directory(Directory):: directory implementation that the session should use for various operations
+    #
+    # ===Raise
+    # InvalidSession:: if the session contained in the cookie has been invalidated
+    # ExpiredSession:: if the session contained in the cookie has expired
+    # MalformedCookie:: if the cookie was corrupt or malformed
+    # SecurityError:: if signature is invalid or cookie is not signed by a trusted authority
+    def initialize(directory)
+      @directory = directory
+      @signed = {}
+      @insecure = {}
+    end
+
+    # @return a representation of the object suitable for printing to the console
+    def inspect
+      "<#{self.class.name}(#{self.id})>"
+    end
+
+    # @return a Hash representation of the session with three subkeys: :metadata, :signed and :insecure
+    # @raise nothing -- does not raise; returns empty hash if there is a failure
+    def to_hash
+      hash = {}
+
+      md = {}
+      signed = {}
+      insecure = {}
+
+      hash[:metadata] = md
+      hash[:signed] = signed
+      hash[:insecure] = insecure
+
+      md[:id] = @id
+      md[:authority] = @authority
+      md[:created_at] = @created_at
+      md[:expired_at] = @expired_at
+      @signed.each_pair { |k, v| signed[k] = v }
+      @insecure.each_pair { |k, v| insecure[k] = v }
+
+      hash
+    rescue Exception => e
+      {}
+    end
+
+    # Invalidate this session by reporting its UUID to the Directory.
+    #
+    # === Return
+    # unknown(Object):: Returns whatever the Directory returns
+    def invalidate!
+      @directory.report_invalid_session(@id, @expired_at)
+    end
+
+    # Renews this global session, changing its expiry timestamp into the future.
+    # Causes a new signature will be computed when the session is next serialized.
+    #
+    # === Return
+    # true:: Always returns true
+    def renew!(expired_at=nil)
+      authority_check
+      minutes = Integer(@configuration['timeout'])
+      expired_at ||= Time.at(Time.now.utc + 60 * minutes)
+      @expired_at = expired_at
+      @created_at = Time.now.utc
+    end
+
+    private
+
+    def authority_check # :nodoc:
+      unless @directory.local_authority_name
+        raise GlobalSession::NoAuthority, 'Cannot change secure session attributes; we are not an authority'
+      end
+    end
+  end
+end

data/lib/global_session/session/v1.rb

@@ -0,0 +1,352 @@
+# Copyright (c) 2012 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# Standard library dependencies
+require 'set'
+require 'zlib'
+
+module GlobalSession::Session
+  # Ladies and gentlemen: the one and only, star of the show, GLOBAL SESSION!
+  #
+  # Session is designed to act as much like a Hash as possible. You can use
+  # most of the methods you would use with Hash: [], has_key?, each, etc. It has a
+  # few additional methods that are specific to itself, mostly involving whether
+  # it's expired, valid, supports a certain key, etc.
+  #
+  class V1 < Abstract
+    # Utility method to decode a cookie; good for console debugging. This performs no
+    # validation or security check of any sort.
+    #
+    # === Parameters
+    # cookie(String):: well-formed global session cookie
+    def self.decode_cookie(cookie)
+      zbin = GlobalSession::Encoding::Base64Cookie.load(cookie)
+      json = Zlib::Inflate.inflate(zbin)
+      return GlobalSession::Encoding::JSON.load(json)
+    end
+
+    # Create a new global session object.
+    #
+    # === Parameters
+    # directory(Directory):: directory implementation that the session should use for various operations
+    # cookie(String):: Optional, serialized global session cookie. If none is supplied, a new session is created.
+    # valid_signature_digest(String):: Optional, already-trusted signature. If supplied, the expensive RSA-verify operation will be skipped if the cookie's signature matches the value supplied.
+    #
+    # ===Raise
+    # InvalidSession:: if the session contained in the cookie has been invalidated
+    # ExpiredSession:: if the session contained in the cookie has expired
+    # MalformedCookie:: if the cookie was corrupt or malformed
+    # SecurityError:: if signature is invalid or cookie is not signed by a trusted authority
+    def initialize(directory, cookie=nil, valid_signature_digest=nil)
+      super(directory)
+      @configuration = directory.configuration
+      @schema_signed = Set.new((@configuration['attributes']['signed']))
+      @schema_insecure = Set.new((@configuration['attributes']['insecure']))
+
+      if cookie && !cookie.empty?
+        load_from_cookie(cookie, valid_signature_digest)
+      elsif @directory.local_authority_name
+        create_from_scratch
+      else
+        create_invalid
+      end
+    end
+
+    # @return [true,false] true if this session was created in-process, false if it was initialized from a cookie
+    def new_record?
+      @cookie.nil?
+    end
+
+    # Determine whether the session is valid. This method simply delegates to the
+    # directory associated with this session.
+    #
+    # === Return
+    # valid(true|false):: True if the session is valid, false otherwise
+    def valid?
+      @directory.valid_session?(@id, @expired_at)
+    end
+
+    # Serialize the session to a form suitable for use with HTTP cookies. If any
+    # secure attributes have changed since the session was instantiated, compute
+    # a fresh RSA signature.
+    #
+    # === Return
+    # cookie(String):: The B64cookie-encoded Zlib-compressed JSON-serialized global session hash
+    def to_s
+      if @cookie && !@dirty_insecure && !@dirty_secure
+        #use cached cookie if nothing has changed
+        return @cookie
+      end
+
+      hash = {'id' => @id,
+              'tc' => @created_at.to_i, 'te' => @expired_at.to_i,
+              'ds' => @signed}
+
+      if @signature && !@dirty_secure
+        #use cached signature unless we've changed secure state
+        authority = @authority
+      else
+        authority_check
+        authority = @directory.local_authority_name
+        hash['a'] = authority
+        digest = canonical_digest(hash)
+        @signature = GlobalSession::Encoding::Base64Cookie.dump(@directory.private_key.private_encrypt(digest))
+      end
+
+      hash['dx'] = @insecure
+      hash['s'] = @signature
+      hash['a'] = authority
+
+      json = GlobalSession::Encoding::JSON.dump(hash)
+      zbin = Zlib::Deflate.deflate(json, Zlib::BEST_COMPRESSION)
+      return GlobalSession::Encoding::Base64Cookie.dump(zbin)
+    end
+
+    # Determine whether the global session schema allows a given key to be placed
+    # in the global session.
+    #
+    # === Parameters
+    # key(String):: The name of the key
+    #
+    # === Return
+    # supported(true|false):: Whether the specified key is supported
+    def supports_key?(key)
+      @schema_signed.include?(key) || @schema_insecure.include?(key)
+    end
+
+    # Determine whether this session contains a value with the specified key.
+    #
+    # === Parameters
+    # key(String):: The name of the key
+    #
+    # === Return
+    # contained(true|false):: Whether the session currently has a value for the specified key.
+    def has_key?(key)
+      @signed.has_key?(key) || @insecure.has_key?(key)
+    end
+
+    alias :key? :has_key?
+
+    # Return the keys that are currently present in the global session.
+    #
+    # === Return
+    # keys(Array):: List of keys contained in the global session
+    def keys
+      @signed.keys + @insecure.keys
+    end
+
+    # Return the values that are currently present in the global session.
+    #
+    # === Return
+    # values(Array):: List of values contained in the global session
+    def values
+      @signed.values + @insecure.values
+    end
+
+    # Iterate over each key/value pair
+    #
+    # === Block
+    # An iterator which will be called with each key/value pair
+    #
+    # === Return
+    # Returns the value of the last expression evaluated by the block
+    def each_pair(&block) # :yields: |key, value|
+      @signed.each_pair(&block)
+      @insecure.each_pair(&block)
+    end
+
+    # Lookup a value by its key.
+    #
+    # === Parameters
+    # key(String):: the key
+    #
+    # === Return
+    # value(Object):: The value associated with +key+, or nil if +key+ is not present
+    def [](key)
+      key = key.to_s #take care of symbol-style keys
+      @signed[key] || @insecure[key]
+    end
+
+    # Set a value in the global session hash. If the supplied key is denoted as
+    # secure by the global session schema, causes a new signature to be computed
+    # when the session is next serialized.
+    #
+    # === Parameters
+    # key(String):: The key to set
+    # value(Object):: The value to set
+    #
+    # === Return
+    # value(Object):: Always returns the value that was set
+    #
+    # ===Raise
+    # InvalidSession:: if the session has been invalidated (and therefore can't be written to)
+    # ArgumentError:: if the configuration doesn't define the specified key as part of the global session
+    # NoAuthority:: if the specified key is secure and the local node is not an authority
+    # UnserializableType:: if the specified value can't be serialized as JSON
+    def []=(key, value)
+      key = key.to_s #take care of symbol-style keys
+      raise GlobalSession::InvalidSession unless valid?
+
+      #Ensure that the value is serializable (will raise if not)
+      canonicalize(value)
+
+      if @schema_signed.include?(key)
+        authority_check
+        @signed[key] = value
+        @dirty_secure = true
+      elsif @schema_insecure.include?(key)
+        @insecure[key] = value
+        @dirty_insecure = true
+      else
+        raise ArgumentError, "Attribute '#{key}' is not specified in global session configuration"
+      end
+
+      return value
+    end
+
+    # Renews this global session, changing its expiry timestamp into the future.
+    # Causes a new signature will be computed when the session is next serialized.
+    #
+    # === Return
+    # true:: Always returns true
+    def renew!(expired_at=nil)
+      super(expired_at)
+      @dirty_secure = true
+    end
+
+    # Return the SHA1 hash of the most recently-computed RSA signature of this session.
+    # This isn't really intended for the end user; it exists so the Web framework integration
+    # code can optimize request speed by caching the most recently verified signature in the
+    # local session and avoid re-verifying it on every request.
+    #
+    # === Return
+    # digest(String):: SHA1 hex-digest of most-recently-computed signature
+    def signature_digest
+      @signature ? digest(@signature) : nil
+    end
+
+    private
+
+    def canonical_digest(input) # :nodoc:
+      canonical = GlobalSession::Encoding::JSON.dump(canonicalize(input))
+      return digest(canonical)
+    end
+
+    def digest(input) # :nodoc:
+      return Digest::SHA1.new().update(input).hexdigest
+    end
+
+    def canonicalize(input) # :nodoc:
+      case input
+      when Hash
+        output = Array.new
+        ordered_keys = input.keys.sort
+        ordered_keys.each do |key|
+          output << [canonicalize(key), canonicalize(input[key])]
+        end
+      when Array
+        output = input.collect { |x| canonicalize(x) }
+      when Numeric, String, NilClass
+        output = input
+      else
+        raise UnserializableType, "Objects of type #{input.class.name} cannot be serialized in the global session"
+      end
+
+      return output
+    end
+
+    def load_from_cookie(cookie, valid_signature_digest) # :nodoc:
+      begin
+        zbin = GlobalSession::Encoding::Base64Cookie.load(cookie)
+        json = Zlib::Inflate.inflate(zbin)
+        hash = GlobalSession::Encoding::JSON.load(json)
+      rescue Exception => e
+        mc = GlobalSession::MalformedCookie.new("Caused by #{e.class.name}: #{e.message}")
+        mc.set_backtrace(e.backtrace)
+        raise mc
+      end
+
+      id = hash['id']
+      authority = hash['a']
+      created_at = Time.at(hash['tc'].to_i).utc
+      expired_at = Time.at(hash['te'].to_i).utc
+      signed = hash['ds']
+      insecure = hash.delete('dx')
+      signature = hash.delete('s')
+
+      unless valid_signature_digest == digest(signature)
+        #Check signature
+        expected = canonical_digest(hash)
+        signer = @directory.authorities[authority]
+        raise SecurityError, "Unknown signing authority #{authority}" unless signer
+        got = signer.public_decrypt(GlobalSession::Encoding::Base64Cookie.load(signature))
+        unless (got == expected)
+          raise SecurityError, "Signature mismatch on global session cookie; tampering suspected"
+        end
+      end
+
+      #Check trust in signing authority
+      unless @directory.trusted_authority?(authority)
+        raise SecurityError, "Global sessions signed by #{authority} are not trusted"
+      end
+
+      #Check expiration
+      unless expired_at > Time.now.utc
+        raise GlobalSession::ExpiredSession, "Session expired at #{expired_at}"
+      end
+
+      #Check other validity (delegate to directory)
+      unless @directory.valid_session?(id, expired_at)
+        raise GlobalSession::InvalidSession, "Global session has been invalidated"
+      end
+
+      #If all validation stuff passed, assign our instance variables.
+      @id = id
+      @authority = authority
+      @created_at = created_at
+      @expired_at = expired_at
+      @signed = signed
+      @insecure = insecure
+      @signature = signature
+      @cookie = cookie
+    end
+
+    def create_from_scratch # :nodoc:
+      authority_check
+
+      @signed = {}
+      @insecure = {}
+      @created_at = Time.now.utc
+      @authority = @directory.local_authority_name
+      @id = RightSupport::Data::UUID.generate
+      renew!
+    end
+
+    def create_invalid # :nodoc:
+      @id = nil
+      @created_at = Time.now.utc
+      @expired_at = created_at
+      @signed = {}
+      @insecure = {}
+      @authority = nil
+    end
+  end
+end