global_session 3.0.0 → 3.0.1

data/VERSION

@@ -1 +1 @@
-3.0.0
+3.0.1

data/global_session.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{global_session}
-  s.version = "3.0.0"
+  s.version = "3.0.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Tony Spataro"]
-  s.date = %q{2013-09-23}
+  s.date = %q{2013-10-11}
   s.description = %q{This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.}
   s.email = %q{support@rightscale.com}
   s.extra_rdoc_files = [
@@ -57,7 +57,7 @@ Gem::Specification.new do |s|
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<json>, ["~> 1.4"])
       s.add_runtime_dependency(%q<rack-contrib>, ["~> 1.0"])
-      s.add_runtime_dependency(%q<right_support>, [">= 2.8.1", "< 3.0"])
+      s.add_runtime_dependency(%q<right_support>, [">= 2.8.2", "< 3.0"])
       s.add_runtime_dependency(%q<simple_uuid>, [">= 0.2.0"])
       s.add_development_dependency(%q<cucumber>, ["~> 1.0"])
       s.add_development_dependency(%q<debugger>, ["~> 1.5"])
@@ -72,7 +72,7 @@ Gem::Specification.new do |s|
     else
       s.add_dependency(%q<json>, ["~> 1.4"])
       s.add_dependency(%q<rack-contrib>, ["~> 1.0"])
-      s.add_dependency(%q<right_support>, [">= 2.8.1", "< 3.0"])
+      s.add_dependency(%q<right_support>, [">= 2.8.2", "< 3.0"])
       s.add_dependency(%q<simple_uuid>, [">= 0.2.0"])
       s.add_dependency(%q<cucumber>, ["~> 1.0"])
       s.add_dependency(%q<debugger>, ["~> 1.5"])
@@ -88,7 +88,7 @@ Gem::Specification.new do |s|
   else
     s.add_dependency(%q<json>, ["~> 1.4"])
     s.add_dependency(%q<rack-contrib>, ["~> 1.0"])
-    s.add_dependency(%q<right_support>, [">= 2.8.1", "< 3.0"])
+    s.add_dependency(%q<right_support>, [">= 2.8.2", "< 3.0"])
     s.add_dependency(%q<simple_uuid>, [">= 0.2.0"])
     s.add_dependency(%q<cucumber>, ["~> 1.0"])
     s.add_dependency(%q<debugger>, ["~> 1.5"])

data/lib/global_session/rack.rb

@@ -89,7 +89,7 @@ module GlobalSession
 
         begin
           err = nil
-          read_cookie(env)
+          read_authorization_header(env) || read_cookie(env) || create_session(env)
         rescue Exception => read_err
           err = read_err
 
@@ -117,20 +117,65 @@ module GlobalSession
         end
       end
 
-      protected
+      # Read a global session from the HTTP Authorization header, if present. If an authorization
+      # header was found, also disable global session cookie update and renewal by setting the
+      # corresponding keys of the Rack environment.
+      #
+      # === Parameters
+      # env(Hash): Rack environment.
+      #
+      # === Return
+      # result(true,false):: Returns true if the environment was populated, false otherwise
+      def read_authorization_header(env)
+        if env.has_key? 'X-HTTP_AUTHORIZATION'
+          # RFC2617 style (preferred by OAuth 2.0 spec)
+          header_data = env['X-HTTP_AUTHORIZATION'].to_s.split
+        elsif env.has_key? 'HTTP_AUTHORIZATION'
+          # Fallback style (generally when no load balancer is present, e.g. dev/test)
+          header_data = env['HTTP_AUTHORIZATION'].to_s.split
+        else
+          header_data = nil
+        end
 
-      # Read a cookie from the Rack environment.
+        if header_data && header_data.size == 2 && header_data.first.downcase == 'bearer'
+          env['global_session.req.renew'] = false
+          env['global_session.req.update'] = false
+          env['global_session'] = @directory.load_session(header_data.last)
+          true
+        else
+          false
+        end
+      end
+
+      # Read a global session from HTTP cookies, if present.
       #
       # === Parameters
       # env(Hash): Rack environment.
+      #
+      # === Return
+      # result(true,false):: Returns true if the environment was populated, false otherwise
       def read_cookie(env)
         if @cookie_retrieval && (cookie = @cookie_retrieval.call(env))
           env['global_session'] = @directory.load_session(cookie)
+          true
         elsif env['rack.cookies'].has_key?(@cookie_name)
           env['global_session'] = @directory.load_session(env['rack.cookies'][@cookie_name])
+          true
         else
-          env['global_session'] = @directory.create_session
+          false
         end
+      end
+
+      # Ensure that the Rack environment contains a global session object; create a session
+      # if necessary.
+      #
+      # === Parameters
+      # env(Hash): Rack environment.
+      #
+      # === Return
+      # true:: always returns true
+      def create_session(env)
+        env['global_session'] ||= @directory.create_session
 
         true
       end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: global_session
 version: !ruby/object:Gem::Version 
-  hash: 7
+  hash: 5
   prerelease: false
   segments: 
   - 3
   - 0
-  - 0
-  version: 3.0.0
+  - 1
+  version: 3.0.1
 platform: ruby
 authors: 
 - Tony Spataro
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2013-10-03 00:00:00 -07:00
+date: 2013-10-14 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency