global_session 3.1.0 → 3.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.rdoc +2 -2
  3. data/VERSION +1 -1
  4. data/global_session.gemspec +3 -3
  5. data/lib/global_session/rack.rb +17 -13
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b314fdf883f6db5a94056c8f4425b645ce26ce26
4
- data.tar.gz: f2598c6bc89cf364070919a0d7d4704660721664
3
+ metadata.gz: 4076acba8dcf282c7dad88a0d0970849c24be12d
4
+ data.tar.gz: 2868c88a7927c381c23c4015da1dc31794f41238
5
5
  SHA512:
6
- metadata.gz: cce6b5236c84c60d94df3342a78c2f63bb5289c9d8c31c089983d1e3eb7905b83f5aa5e50f444061d3bd320745411a564db932153c71d04f7a40e2afecad3032
7
- data.tar.gz: d2e8e7feb7641b439ff2e44f3e145c6f7f1f131ece9044c5edcc662c3a73a49ba590b7de1a623c751808c35dad02ffe18d06a251e7a5c18520e0d0b3fb849056
6
+ metadata.gz: 62a9e4d919ecee5c1f182f78b2e28ae55baf5430a1538ae5b7df6bf03323c4b61a0df003583a096cf29c6776409c4076ea19d6cdac9ddae3e5b86971fd5908f0
7
+ data.tar.gz: eca8e7350d16946e5417168f6b4ebdb3a52c4322714b1682f0df993b85f78c8887c747a9716db0bce10a7b94107231c3c8424c3ca620b61966a4c649d9dd0c95
data/README.rdoc CHANGED
@@ -68,7 +68,7 @@ Install the GlobalSession middleware into your Rack stack; pass a config and a d
68
68
  object to its initializer. For instance, in config.ru:
69
69
 
70
70
  configuration = GlobalSession::Configuration.new('path/to/config.yml', RACK_ENV)
71
- directory = GlobalSession::Directory.new(configuration, 'path/to/keystore')
71
+ directory = GlobalSession::Directory.new(configuration)
72
72
  use ::GlobalSession::Rack::Middleware, configuration, directory
73
73
 
74
74
  = Global Session Contents
@@ -81,7 +81,7 @@ operation). If your app uses the cookie, GlobalSession will take care of
81
81
  updating the cookie whenever session values change.
82
82
 
83
83
  Data-wise, the session is a JSON dictionary containing the following stuff:
84
- * session metadata (UUID, created-at, expires-at, signing-authority)
84
+ * session metadata (UUID, created at, expires at, signing authority)
85
85
  * signed session attributes (e.g. the authenticated user ID)
86
86
  * insecure session attributes (e.g. the last-visited URL)
87
87
  * a cryptographic signature of the metadata and signed attributes
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.1.0
1
+ 3.1.1
data/global_session.gemspec CHANGED
@@ -2,16 +2,16 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: global_session 3.1.0 ruby lib
5
+ # stub: global_session 3.1.1 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "global_session"
9
- s.version = "3.1.0"
9
+ s.version = "3.1.1"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib"]
13
13
  s.authors = ["Tony Spataro"]
14
- s.date = "2014-12-31"
14
+ s.date = "2015-05-22"
15
15
  s.description = "This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database."
16
16
  s.email = "support@rightscale.com"
17
17
  s.extra_rdoc_files = [
data/lib/global_session/rack.rb CHANGED
@@ -43,7 +43,7 @@ module GlobalSession
43
43
  # is the ticket.
44
44
  #
45
45
  # @param [Configuration] configuration
46
- # @param optional [String,Directory] directory the directory class name (DEPRECATED) or an actual instance of Directory
46
+ # @param optional [String,Directory] directory the disk-directory in which keys live (DEPRECATED), or an actual instance of Directory
47
47
  #
48
48
  # @yield if a block is provided, yields to the block to fetch session data from request state
49
49
  # @yieldparam [Hash] env Rack request environment is passed as a yield parameter
@@ -84,15 +84,16 @@ module GlobalSession
84
84
  "Invalid/unknown directory class name: #{klass_name.inspect}"
85
85
  end
86
86
 
87
- # Initialize the directory
88
- # @deprecated require Directory object in v4
89
- if klass.is_a?(Class)
90
- @directory = klass.new(@configuration, directory)
91
- elsif klass.is_a?(Directory)
87
+ # Initialize the directory object
88
+ if directory.is_a?(Directory)
89
+ # In v4-style initialization, the directory is always passed in
92
90
  @directory = directory
91
+ elsif klass.is_a?(Class)
92
+ # @deprecated v3-style initialization where the config file names the directory class
93
+ @directory = klass.new(@configuration, directory)
93
94
  else
94
95
  raise GlobalSession::ConfigurationError,
95
- "Unsupported value for 'directory': expected Class or Directory, got #{klass.inspect}"
96
+ "Cannot determine directory class/instance; method parameter is a #{directory.class.name} and configuration parameter is #{klass.class.name}"
96
97
  end
97
98
 
98
99
  # Initialize the keystore
@@ -215,7 +216,7 @@ module GlobalSession
215
216
  # @return [true] always returns true
216
217
  # @param [Hash] env Rack request environment
217
218
  def update_cookie(env)
218
- return true unless @configuration['authority']
219
+ return true unless @directory.keystore.private_key_name
219
220
  return true if env['global_session.req.update'] == false
220
221
 
221
222
  session = env['global_session']
@@ -232,10 +233,13 @@ module GlobalSession
232
233
  expires = @configuration['ephemeral'] ? nil : session.expired_at
233
234
  unless env['rack.cookies'][@cookie_name] == value
234
235
  env['rack.cookies'][@cookie_name] =
235
- {:value => value,
236
- :domain => cookie_domain(env),
237
- :expires => expires,
238
- :httponly => true}
236
+ {
237
+ :value => value,
238
+ :domain => cookie_domain(env),
239
+ :expires => expires,
240
+ :httponly => true,
241
+ :secure => (env['rack.url_scheme'] == 'https'),
242
+ }
239
243
  end
240
244
  else
241
245
  # write an empty cookie
@@ -253,7 +257,7 @@ module GlobalSession
253
257
  # @return [true] always returns true
254
258
  # @param [Hash] env Rack request environment
255
259
  def wipe_cookie(env)
256
- return unless @configuration['authority']
260
+ return unless @directory.keystore.private_key_name
257
261
  return if env['global_session.req.update'] == false
258
262
 
259
263
  env['rack.cookies'][@cookie_name] = {:value => nil,
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: global_session
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.0
4
+ version: 3.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Spataro
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-02-24 00:00:00.000000000 Z
11
+ date: 2015-05-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json