global_session 3.0.4 → 3.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +6 -1
- data/VERSION +1 -1
- data/global_session.gemspec +14 -14
- data/lib/global_session.rb +1 -0
- data/lib/global_session/session.rb +3 -1
- data/lib/global_session/session/v3.rb +25 -2
- metadata +43 -45
data/README.rdoc
CHANGED
|
@@ -9,7 +9,12 @@ In other words: it glues your semi-related Web apps together so they share the
|
|
|
9
9
|
same bits of session state. This is done by putting the session itself into
|
|
10
10
|
cookies.
|
|
11
11
|
|
|
12
|
-
Maintained by
|
|
12
|
+
Maintained by
|
|
13
|
+
- [Sapphire Team](https://wookiee.rightscale.com/display/rightscale/Meet+the+Sapphire+Team)
|
|
14
|
+
|
|
15
|
+
Merge to master whitelist
|
|
16
|
+
- @tony-spataro-rs
|
|
17
|
+
- @ryanwilliamson
|
|
13
18
|
|
|
14
19
|
== What Is It Not?
|
|
15
20
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.0.
|
|
1
|
+
3.0.5
|
data/global_session.gemspec
CHANGED
|
@@ -2,16 +2,18 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
+
# stub: global_session 3.0.5 ruby lib
|
|
5
6
|
|
|
6
7
|
Gem::Specification.new do |s|
|
|
7
|
-
s.name =
|
|
8
|
-
s.version = "3.0.
|
|
8
|
+
s.name = "global_session"
|
|
9
|
+
s.version = "3.0.5"
|
|
9
10
|
|
|
10
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
12
|
+
s.require_paths = ["lib"]
|
|
11
13
|
s.authors = ["Tony Spataro"]
|
|
12
|
-
s.date =
|
|
13
|
-
s.description =
|
|
14
|
-
s.email =
|
|
14
|
+
s.date = "2014-11-12"
|
|
15
|
+
s.description = "This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database."
|
|
16
|
+
s.email = "support@rightscale.com"
|
|
15
17
|
s.extra_rdoc_files = [
|
|
16
18
|
"LICENSE",
|
|
17
19
|
"README.rdoc"
|
|
@@ -44,20 +46,18 @@ Gem::Specification.new do |s|
|
|
|
44
46
|
"rails_generators/global_session_authority/USAGE",
|
|
45
47
|
"rails_generators/global_session_authority/global_session_authority_generator.rb"
|
|
46
48
|
]
|
|
47
|
-
s.homepage =
|
|
49
|
+
s.homepage = "https://github.com/rightscale/global_session"
|
|
48
50
|
s.licenses = ["MIT"]
|
|
49
|
-
s.
|
|
50
|
-
s.
|
|
51
|
-
s.summary = %q{Secure single-domain session sharing plugin for Rack and Rails.}
|
|
51
|
+
s.rubygems_version = "2.2.0"
|
|
52
|
+
s.summary = "Secure single-domain session sharing plugin for Rack and Rails."
|
|
52
53
|
|
|
53
54
|
if s.respond_to? :specification_version then
|
|
54
|
-
|
|
55
|
-
s.specification_version = 3
|
|
55
|
+
s.specification_version = 4
|
|
56
56
|
|
|
57
57
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
|
58
58
|
s.add_runtime_dependency(%q<json>, ["~> 1.4"])
|
|
59
59
|
s.add_runtime_dependency(%q<rack-contrib>, ["~> 1.0"])
|
|
60
|
-
s.add_runtime_dependency(%q<right_support>, ["
|
|
60
|
+
s.add_runtime_dependency(%q<right_support>, ["< 3.0", ">= 2.8.2"])
|
|
61
61
|
s.add_runtime_dependency(%q<simple_uuid>, [">= 0.2.0"])
|
|
62
62
|
s.add_development_dependency(%q<cucumber>, ["~> 1.0"])
|
|
63
63
|
s.add_development_dependency(%q<debugger>, ["~> 1.5"])
|
|
@@ -72,7 +72,7 @@ Gem::Specification.new do |s|
|
|
|
72
72
|
else
|
|
73
73
|
s.add_dependency(%q<json>, ["~> 1.4"])
|
|
74
74
|
s.add_dependency(%q<rack-contrib>, ["~> 1.0"])
|
|
75
|
-
s.add_dependency(%q<right_support>, ["
|
|
75
|
+
s.add_dependency(%q<right_support>, ["< 3.0", ">= 2.8.2"])
|
|
76
76
|
s.add_dependency(%q<simple_uuid>, [">= 0.2.0"])
|
|
77
77
|
s.add_dependency(%q<cucumber>, ["~> 1.0"])
|
|
78
78
|
s.add_dependency(%q<debugger>, ["~> 1.5"])
|
|
@@ -88,7 +88,7 @@ Gem::Specification.new do |s|
|
|
|
88
88
|
else
|
|
89
89
|
s.add_dependency(%q<json>, ["~> 1.4"])
|
|
90
90
|
s.add_dependency(%q<rack-contrib>, ["~> 1.0"])
|
|
91
|
-
s.add_dependency(%q<right_support>, ["
|
|
91
|
+
s.add_dependency(%q<right_support>, ["< 3.0", ">= 2.8.2"])
|
|
92
92
|
s.add_dependency(%q<simple_uuid>, [">= 0.2.0"])
|
|
93
93
|
s.add_dependency(%q<cucumber>, ["~> 1.0"])
|
|
94
94
|
s.add_dependency(%q<debugger>, ["~> 1.5"])
|
data/lib/global_session.rb
CHANGED
|
@@ -25,11 +25,13 @@ require 'global_session/session/v3'
|
|
|
25
25
|
# by the different versions; it is responsible for detecting the version of
|
|
26
26
|
# a given cookie, then instantiating a suitable session object.
|
|
27
27
|
module GlobalSession::Session
|
|
28
|
-
# Decode a global session cookie without
|
|
28
|
+
# Decode a global session cookie without checking signature or expiration. Good for debugging.
|
|
29
29
|
def self.decode_cookie(cookie)
|
|
30
30
|
guess_version(cookie).decode_cookie(cookie)
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
# Decode a global session cookie. Use a heuristic to determine the version.
|
|
34
|
+
# @raise [GlobalSession::MalformedCookie] if the cookie is not a valid serialized global session
|
|
33
35
|
def self.new(directory, cookie=nil, valid_signature_digest=nil)
|
|
34
36
|
guess_version(cookie).new(directory, cookie)
|
|
35
37
|
end
|
|
@@ -112,14 +112,19 @@ module GlobalSession::Session
|
|
|
112
112
|
# secure attributes have changed since the session was instantiated, compute
|
|
113
113
|
# a fresh RSA signature.
|
|
114
114
|
#
|
|
115
|
-
#
|
|
116
|
-
#
|
|
115
|
+
# @return [String] a B64cookie-encoded JSON-serialized global session
|
|
116
|
+
# @raise [GlobalSession::UnserializableType] if the attributes hash contains
|
|
117
117
|
def to_s
|
|
118
118
|
if @cookie && !@dirty_insecure && !@dirty_secure
|
|
119
119
|
#use cached cookie if nothing has changed
|
|
120
120
|
return @cookie
|
|
121
121
|
end
|
|
122
122
|
|
|
123
|
+
unless serializable?(@signed) && serializable?(@insecure)
|
|
124
|
+
raise GlobalSession::UnserializableType,
|
|
125
|
+
"Attributes hash contains non-String keys, cannot be cleanly marshalled"
|
|
126
|
+
end
|
|
127
|
+
|
|
123
128
|
hash = {'v' => 3,
|
|
124
129
|
'id' => @id, 'a' => @authority,
|
|
125
130
|
'tc' => @created_at.to_i, 'te' => @expired_at.to_i,
|
|
@@ -369,5 +374,23 @@ module GlobalSession::Session
|
|
|
369
374
|
'dx' => array[6],
|
|
370
375
|
}
|
|
371
376
|
end
|
|
377
|
+
|
|
378
|
+
# Determine whether an object can be cleanly round-tripped to JSON
|
|
379
|
+
# @param [Object] obj
|
|
380
|
+
# @return [Boolean]
|
|
381
|
+
def serializable?(obj)
|
|
382
|
+
case obj
|
|
383
|
+
when Numeric, String, TrueClass, FalseClass, NilClass, Symbol
|
|
384
|
+
true
|
|
385
|
+
when Array
|
|
386
|
+
obj.each { |e| serializable?(e) }
|
|
387
|
+
when Hash
|
|
388
|
+
obj.all? do |k, v|
|
|
389
|
+
k.is_a?(String) && serializable?(v)
|
|
390
|
+
end
|
|
391
|
+
else
|
|
392
|
+
false
|
|
393
|
+
end
|
|
394
|
+
end
|
|
372
395
|
end
|
|
373
396
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: global_session
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
5
|
-
prerelease:
|
|
4
|
+
hash: 13
|
|
5
|
+
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 3
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 3.0.
|
|
9
|
+
- 5
|
|
10
|
+
version: 3.0.5
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Tony Spataro
|
|
@@ -15,10 +15,12 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2014-
|
|
19
|
-
default_executable:
|
|
18
|
+
date: 2014-11-12 00:00:00 Z
|
|
20
19
|
dependencies:
|
|
21
20
|
- !ruby/object:Gem::Dependency
|
|
21
|
+
prerelease: false
|
|
22
|
+
name: json
|
|
23
|
+
type: :runtime
|
|
22
24
|
version_requirements: &id001 !ruby/object:Gem::Requirement
|
|
23
25
|
none: false
|
|
24
26
|
requirements:
|
|
@@ -29,11 +31,11 @@ dependencies:
|
|
|
29
31
|
- 1
|
|
30
32
|
- 4
|
|
31
33
|
version: "1.4"
|
|
32
|
-
name: json
|
|
33
34
|
requirement: *id001
|
|
35
|
+
- !ruby/object:Gem::Dependency
|
|
34
36
|
prerelease: false
|
|
37
|
+
name: rack-contrib
|
|
35
38
|
type: :runtime
|
|
36
|
-
- !ruby/object:Gem::Dependency
|
|
37
39
|
version_requirements: &id002 !ruby/object:Gem::Requirement
|
|
38
40
|
none: false
|
|
39
41
|
requirements:
|
|
@@ -44,14 +46,21 @@ dependencies:
|
|
|
44
46
|
- 1
|
|
45
47
|
- 0
|
|
46
48
|
version: "1.0"
|
|
47
|
-
name: rack-contrib
|
|
48
49
|
requirement: *id002
|
|
50
|
+
- !ruby/object:Gem::Dependency
|
|
49
51
|
prerelease: false
|
|
52
|
+
name: right_support
|
|
50
53
|
type: :runtime
|
|
51
|
-
- !ruby/object:Gem::Dependency
|
|
52
54
|
version_requirements: &id003 !ruby/object:Gem::Requirement
|
|
53
55
|
none: false
|
|
54
56
|
requirements:
|
|
57
|
+
- - <
|
|
58
|
+
- !ruby/object:Gem::Version
|
|
59
|
+
hash: 7
|
|
60
|
+
segments:
|
|
61
|
+
- 3
|
|
62
|
+
- 0
|
|
63
|
+
version: "3.0"
|
|
55
64
|
- - ">="
|
|
56
65
|
- !ruby/object:Gem::Version
|
|
57
66
|
hash: 43
|
|
@@ -60,18 +69,11 @@ dependencies:
|
|
|
60
69
|
- 8
|
|
61
70
|
- 2
|
|
62
71
|
version: 2.8.2
|
|
63
|
-
- - <
|
|
64
|
-
- !ruby/object:Gem::Version
|
|
65
|
-
hash: 7
|
|
66
|
-
segments:
|
|
67
|
-
- 3
|
|
68
|
-
- 0
|
|
69
|
-
version: "3.0"
|
|
70
|
-
name: right_support
|
|
71
72
|
requirement: *id003
|
|
73
|
+
- !ruby/object:Gem::Dependency
|
|
72
74
|
prerelease: false
|
|
75
|
+
name: simple_uuid
|
|
73
76
|
type: :runtime
|
|
74
|
-
- !ruby/object:Gem::Dependency
|
|
75
77
|
version_requirements: &id004 !ruby/object:Gem::Requirement
|
|
76
78
|
none: false
|
|
77
79
|
requirements:
|
|
@@ -83,11 +85,11 @@ dependencies:
|
|
|
83
85
|
- 2
|
|
84
86
|
- 0
|
|
85
87
|
version: 0.2.0
|
|
86
|
-
name: simple_uuid
|
|
87
88
|
requirement: *id004
|
|
88
|
-
prerelease: false
|
|
89
|
-
type: :runtime
|
|
90
89
|
- !ruby/object:Gem::Dependency
|
|
90
|
+
prerelease: false
|
|
91
|
+
name: cucumber
|
|
92
|
+
type: :development
|
|
91
93
|
version_requirements: &id005 !ruby/object:Gem::Requirement
|
|
92
94
|
none: false
|
|
93
95
|
requirements:
|
|
@@ -98,11 +100,11 @@ dependencies:
|
|
|
98
100
|
- 1
|
|
99
101
|
- 0
|
|
100
102
|
version: "1.0"
|
|
101
|
-
name: cucumber
|
|
102
103
|
requirement: *id005
|
|
104
|
+
- !ruby/object:Gem::Dependency
|
|
103
105
|
prerelease: false
|
|
106
|
+
name: debugger
|
|
104
107
|
type: :development
|
|
105
|
-
- !ruby/object:Gem::Dependency
|
|
106
108
|
version_requirements: &id006 !ruby/object:Gem::Requirement
|
|
107
109
|
none: false
|
|
108
110
|
requirements:
|
|
@@ -113,11 +115,11 @@ dependencies:
|
|
|
113
115
|
- 1
|
|
114
116
|
- 5
|
|
115
117
|
version: "1.5"
|
|
116
|
-
name: debugger
|
|
117
118
|
requirement: *id006
|
|
119
|
+
- !ruby/object:Gem::Dependency
|
|
118
120
|
prerelease: false
|
|
121
|
+
name: flexmock
|
|
119
122
|
type: :development
|
|
120
|
-
- !ruby/object:Gem::Dependency
|
|
121
123
|
version_requirements: &id007 !ruby/object:Gem::Requirement
|
|
122
124
|
none: false
|
|
123
125
|
requirements:
|
|
@@ -128,11 +130,11 @@ dependencies:
|
|
|
128
130
|
- 0
|
|
129
131
|
- 8
|
|
130
132
|
version: "0.8"
|
|
131
|
-
name: flexmock
|
|
132
133
|
requirement: *id007
|
|
134
|
+
- !ruby/object:Gem::Dependency
|
|
133
135
|
prerelease: false
|
|
136
|
+
name: httpclient
|
|
134
137
|
type: :development
|
|
135
|
-
- !ruby/object:Gem::Dependency
|
|
136
138
|
version_requirements: &id008 !ruby/object:Gem::Requirement
|
|
137
139
|
none: false
|
|
138
140
|
requirements:
|
|
@@ -142,11 +144,11 @@ dependencies:
|
|
|
142
144
|
segments:
|
|
143
145
|
- 0
|
|
144
146
|
version: "0"
|
|
145
|
-
name: httpclient
|
|
146
147
|
requirement: *id008
|
|
148
|
+
- !ruby/object:Gem::Dependency
|
|
147
149
|
prerelease: false
|
|
150
|
+
name: jeweler
|
|
148
151
|
type: :development
|
|
149
|
-
- !ruby/object:Gem::Dependency
|
|
150
152
|
version_requirements: &id009 !ruby/object:Gem::Requirement
|
|
151
153
|
none: false
|
|
152
154
|
requirements:
|
|
@@ -158,11 +160,11 @@ dependencies:
|
|
|
158
160
|
- 8
|
|
159
161
|
- 3
|
|
160
162
|
version: 1.8.3
|
|
161
|
-
name: jeweler
|
|
162
163
|
requirement: *id009
|
|
164
|
+
- !ruby/object:Gem::Dependency
|
|
163
165
|
prerelease: false
|
|
166
|
+
name: msgpack
|
|
164
167
|
type: :development
|
|
165
|
-
- !ruby/object:Gem::Dependency
|
|
166
168
|
version_requirements: &id010 !ruby/object:Gem::Requirement
|
|
167
169
|
none: false
|
|
168
170
|
requirements:
|
|
@@ -173,11 +175,11 @@ dependencies:
|
|
|
173
175
|
- 0
|
|
174
176
|
- 4
|
|
175
177
|
version: "0.4"
|
|
176
|
-
name: msgpack
|
|
177
178
|
requirement: *id010
|
|
179
|
+
- !ruby/object:Gem::Dependency
|
|
178
180
|
prerelease: false
|
|
181
|
+
name: rake
|
|
179
182
|
type: :development
|
|
180
|
-
- !ruby/object:Gem::Dependency
|
|
181
183
|
version_requirements: &id011 !ruby/object:Gem::Requirement
|
|
182
184
|
none: false
|
|
183
185
|
requirements:
|
|
@@ -188,11 +190,11 @@ dependencies:
|
|
|
188
190
|
- 0
|
|
189
191
|
- 8
|
|
190
192
|
version: "0.8"
|
|
191
|
-
name: rake
|
|
192
193
|
requirement: *id011
|
|
194
|
+
- !ruby/object:Gem::Dependency
|
|
193
195
|
prerelease: false
|
|
196
|
+
name: right_develop
|
|
194
197
|
type: :development
|
|
195
|
-
- !ruby/object:Gem::Dependency
|
|
196
198
|
version_requirements: &id012 !ruby/object:Gem::Requirement
|
|
197
199
|
none: false
|
|
198
200
|
requirements:
|
|
@@ -203,11 +205,11 @@ dependencies:
|
|
|
203
205
|
- 1
|
|
204
206
|
- 2
|
|
205
207
|
version: "1.2"
|
|
206
|
-
name: right_develop
|
|
207
208
|
requirement: *id012
|
|
209
|
+
- !ruby/object:Gem::Dependency
|
|
208
210
|
prerelease: false
|
|
211
|
+
name: rspec
|
|
209
212
|
type: :development
|
|
210
|
-
- !ruby/object:Gem::Dependency
|
|
211
213
|
version_requirements: &id013 !ruby/object:Gem::Requirement
|
|
212
214
|
none: false
|
|
213
215
|
requirements:
|
|
@@ -218,11 +220,11 @@ dependencies:
|
|
|
218
220
|
- 1
|
|
219
221
|
- 3
|
|
220
222
|
version: "1.3"
|
|
221
|
-
name: rspec
|
|
222
223
|
requirement: *id013
|
|
224
|
+
- !ruby/object:Gem::Dependency
|
|
223
225
|
prerelease: false
|
|
226
|
+
name: ruby-debug
|
|
224
227
|
type: :development
|
|
225
|
-
- !ruby/object:Gem::Dependency
|
|
226
228
|
version_requirements: &id014 !ruby/object:Gem::Requirement
|
|
227
229
|
none: false
|
|
228
230
|
requirements:
|
|
@@ -233,10 +235,7 @@ dependencies:
|
|
|
233
235
|
- 0
|
|
234
236
|
- 10
|
|
235
237
|
version: "0.10"
|
|
236
|
-
name: ruby-debug
|
|
237
238
|
requirement: *id014
|
|
238
|
-
prerelease: false
|
|
239
|
-
type: :development
|
|
240
239
|
description: This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.
|
|
241
240
|
email: support@rightscale.com
|
|
242
241
|
executables: []
|
|
@@ -273,7 +272,6 @@ files:
|
|
|
273
272
|
- rails_generators/global_session/templates/global_session.yml.erb
|
|
274
273
|
- rails_generators/global_session_authority/USAGE
|
|
275
274
|
- rails_generators/global_session_authority/global_session_authority_generator.rb
|
|
276
|
-
has_rdoc: true
|
|
277
275
|
homepage: https://github.com/rightscale/global_session
|
|
278
276
|
licenses:
|
|
279
277
|
- MIT
|
|
@@ -303,7 +301,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
303
301
|
requirements: []
|
|
304
302
|
|
|
305
303
|
rubyforge_project:
|
|
306
|
-
rubygems_version: 1.
|
|
304
|
+
rubygems_version: 1.8.15
|
|
307
305
|
signing_key:
|
|
308
306
|
specification_version: 3
|
|
309
307
|
summary: Secure single-domain session sharing plugin for Rack and Rails.
|