global_session 2.0.1 → 2.0.2

data/README.rdoc

@@ -9,6 +9,8 @@ In other words: it glues your semi-related Web apps together so they share the
 same bits of session state. This is done by putting the session itself into
 cookies.
 
+Maintained by the RightScale Teal Team
+
 == What Is It Not?
 
 This plugin does not provide a complete solution for identity management. In

data/global_session.gemspec

@@ -7,8 +7,8 @@ spec = Gem::Specification.new do |s|
   s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
 
   s.name    = 'global_session'
-  s.version = '2.0.1'
-  s.date    = '2012-01-04'
+  s.version = '2.0.2'
+  s.date    = '2012-04-01'
 
   s.authors = ['Tony Spataro']
   s.email   = 'support@rightscale.com'

data/lib/global_session/directory.rb

@@ -92,9 +92,14 @@ module GlobalSession
     # Create a new Session, initialized against this directory and ready to
     # be used by the app.
     #
+    # DEPRECATED: If a cookie is provided, load an existing session from its
+    # serialized form. You should use #load_session for this instead.
+    #
+    # @see load_session
+    #
     # === Parameters
-    # directory(Directory):: directory implementation that the session should use for various operations
-    # cookie(String):: Optional, serialized global session cookie. If none is supplied, a new session is created.
+    # cookie(String):: DEPRECATED - Optional, serialized global session cookie. If none is supplied, a new session is created.
+    # valid_signature_digest(String):: DEPRECATED -  Optional,
     #
     # === Return
     # session(Session):: the newly-initialized session
@@ -104,19 +109,41 @@ module GlobalSession
     # ExpiredSession:: if the session contained in the cookie has expired
     # MalformedCookie:: if the cookie was corrupt or malformed
     # SecurityError:: if signature is invalid or cookie is not signed by a trusted authority
-    def create_session(*params)
+    def create_session(cookie=nil, valid_signature_digest=nil)
       forced_version = configuration['cookie']['version']
 
-      case forced_version
-      when 2
-        Session::V2.new(self, *params)
-      when 1
-        Session::V1.new(self, *params)
+      if cookie.nil?
+        # Create a legitimately new session
+        case forced_version
+        when 1
+          Session::V1.new(self, cookie, valid_signature_digest)
+        else
+          Session.new(self, cookie, valid_signature_digest)
+        end
       else
-        Session.new(self, *params)
+        warn "GlobalSession::Directory#create_session with an existing session is DEPRECATED -- use #load_session instead"
+        load_session(cookie, valid_signature_digest)
       end
     end
 
+    # Unserialize an existing session cookie
+    #
+    # === Parameters
+    # cookie(String):: Optional, serialized global session cookie. If none is supplied, a new session is created.
+    # valid_signature_digest(String):: Optional,
+    #
+    # === Return
+    # session(Session):: the newly-initialized session
+    #
+    # ===Raise
+    # InvalidSession:: if the session contained in the cookie has been invalidated
+    # ExpiredSession:: if the session contained in the cookie has expired
+    # MalformedCookie:: if the cookie was corrupt or malformed
+    # SecurityError:: if signature is invalid or cookie is not signed by a trusted authority
+    def load_session(cookie, valid_signature_digest=nil)
+      Session.new(self, cookie, valid_signature_digest)
+    end
+
     def local_authority_name
       @configuration['authority']
     end

data/lib/global_session/rack.rb

@@ -88,18 +88,27 @@ module GlobalSession
         env['rack.cookies'] = {} unless env['rack.cookies']
 
         begin
+          err = nil
           read_cookie(env)
-        rescue Exception => e
-          env['global_session'] = @directory.create_session
-          handle_error('reading session cookie', env, e)
+        rescue Exception => read_err
+          err = read_err
+
+          # Catch "double whammy" errors
+          begin
+            env['global_session'] = @directory.create_session
+          rescue Exception => create_err
+            err = create_err
+          end
+
+          handle_error('reading session cookie', env, err)
         end
 
         tuple = nil
 
         begin
           tuple = @app.call(env)
-        rescue Exception => e
-          handle_error('processing request', env, e)
+        rescue Exception => read_err
+          handle_error('processing request', env, read_err)
           return tuple
         else
           renew_cookie(env)
@@ -109,16 +118,16 @@ module GlobalSession
       end
 
       protected
-      
+
       # Read a cookie from the Rack environment.
       #
       # === Parameters
       # env(Hash): Rack environment.
       def read_cookie(env)
-        if env['rack.cookies'].has_key?(@cookie_name)
-          env['global_session'] = @directory.create_session(env['rack.cookies'][@cookie_name])
-        elsif @cookie_retrieval && cookie = @cookie_retrieval.call(env)
-          env['global_session'] = @directory.create_session(cookie)
+        if @cookie_retrieval && (cookie = @cookie_retrieval.call(env))
+          env['global_session'] = @directory.load_session(cookie)
+        elsif env['rack.cookies'].has_key?(@cookie_name)
+          env['global_session'] = @directory.load_session(env['rack.cookies'][@cookie_name])
         else
           env['global_session'] = @directory.create_session
         end
@@ -131,7 +140,7 @@ module GlobalSession
       # === Parameters
       # env(Hash): Rack environment
       def renew_cookie(env)
-        return unless env['global_session'].directory.local_authority_name
+        return unless @directory.local_authority_name
         return if env['global_session.req.renew'] == false
 
         if (renew = @configuration['renew']) && env['global_session'] &&
@@ -145,7 +154,7 @@ module GlobalSession
       # === Parameters
       # env(Hash): Rack environment
       def update_cookie(env)
-        return unless env['global_session'].directory.local_authority_name
+        return unless @directory.local_authority_name
         return if env['global_session.req.update'] == false
 
         domain = @configuration['cookie']['domain'] || env['SERVER_NAME']
@@ -179,7 +188,7 @@ module GlobalSession
       # === Parameters
       # env(Hash): Rack environment
       def wipe_cookie(env)
-        return unless env['global_session'].directory.local_authority_name
+        return unless @directory.local_authority_name
         return if env['global_session.req.update'] == false
 
         domain = @configuration['cookie']['domain'] || env['SERVER_NAME']

data/lib/global_session/session/v1.rb

@@ -24,12 +24,8 @@ require 'set'
 require 'zlib'
 
 module GlobalSession::Session
-  # Ladies and gentlemen: the one and only, star of the show, GLOBAL SESSION!
-  #
-  # Session is designed to act as much like a Hash as possible. You can use
-  # most of the methods you would use with Hash: [], has_key?, each, etc. It has a
-  # few additional methods that are specific to itself, mostly involving whether
-  # it's expired, valid, supports a certain key, etc.
+  # Global session V1 uses JSON serialization and Zlib compression. Its encoding looks something
+  # like this:
   #
   class V1 < Abstract
     # Utility method to decode a cookie; good for console debugging. This performs no

data/lib/global_session/session/v2.rb

@@ -49,7 +49,7 @@ module GlobalSession::Session
     # ExpiredSession:: if the session contained in the cookie has expired
     # MalformedCookie:: if the cookie was corrupt or malformed
     # SecurityError:: if signature is invalid or cookie is not signed by a trusted authority
-    def initialize(directory, cookie=nil, unused=nil)
+    def initialize(directory, cookie=nil)
       super(directory)
       @configuration = directory.configuration
       @schema_signed = Set.new((@configuration['attributes']['signed']))

data/lib/global_session/session.rb

@@ -24,15 +24,15 @@ require 'global_session/session/v2'
 # by the different versions; it is responsible for detecting the version of
 # a given cookie, then instantiating a suitable session object.
 module GlobalSession::Session
-  def self.new(*args)
-    V2.new(*args)
-  rescue GlobalSession::MalformedCookie => e
-    V1.new(*args)
-  end
-
   def self.decode_cookie(*args)
     V2.decode_cookie(*args)
   rescue GlobalSession::MalformedCookie => e
     V1.decode_cookie(*args)
   end
+
+  def self.new(directory, cookie=nil, valid_signature_digest=nil)
+    V2.new(directory, cookie)
+  rescue GlobalSession::MalformedCookie => e
+    V1.new(directory, cookie, valid_signature_digest)
+  end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: global_session
 version: !ruby/object:Gem::Version 
-  hash: 13
+  hash: 11
   prerelease: false
   segments: 
   - 2
   - 0
-  - 1
-  version: 2.0.1
+  - 2
+  version: 2.0.2
 platform: ruby
 authors: 
 - Tony Spataro
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-01-04 00:00:00 -08:00
+date: 2012-04-01 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -30,9 +30,9 @@ dependencies:
         - 5
         version: "2.5"
   requirement: *id001
+  type: :runtime
   name: right_support
   prerelease: false
-  type: :runtime
 - !ruby/object:Gem::Dependency 
   version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
@@ -46,9 +46,9 @@ dependencies:
         - 0
         version: 0.2.0
   requirement: *id002
+  type: :runtime
   name: simple_uuid
   prerelease: false
-  type: :runtime
 - !ruby/object:Gem::Dependency 
   version_requirements: &id003 !ruby/object:Gem::Requirement 
     none: false
@@ -61,9 +61,9 @@ dependencies:
         - 4
         version: "1.4"
   requirement: *id003
+  type: :runtime
   name: json
   prerelease: false
-  type: :runtime
 - !ruby/object:Gem::Dependency 
   version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
@@ -76,9 +76,9 @@ dependencies:
         - 4
         version: "0.4"
   requirement: *id004
+  type: :runtime
   name: msgpack
   prerelease: false
-  type: :runtime
 - !ruby/object:Gem::Dependency 
   version_requirements: &id005 !ruby/object:Gem::Requirement 
     none: false
@@ -91,9 +91,9 @@ dependencies:
         - 0
         version: "1.0"
   requirement: *id005
+  type: :runtime
   name: rack-contrib
   prerelease: false
-  type: :runtime
 description: This plugin for Rails allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.
 email: support@rightscale.com
 executables: []