global_session 3.1.1 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.ruby-version +1 -0
- data/VERSION +1 -1
- data/global_session.gemspec +4 -4
- data/lib/global_session/rack.rb +22 -5
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c515a5dcc7b904111d8d920ec99e0ccdce58121f
|
|
4
|
+
data.tar.gz: 5d64ca49728e08bd110fc597ff5321a951983041
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ba37377a8a6489d088ca0f835dc61be4bacba59472249802358a686b6500315f438e846a3e73142923fce67cc7b7646de9948577cb73ff22b5aa3d8dba604142
|
|
7
|
+
data.tar.gz: a43759e7a9d51b6322c04c41f19821229b35bce347dcf76d1ea3a5f65ccfa60a9cab1112f13a448cd20c390a84cff339cff2a4d9c0c7e940479d0411246bc878
|
data/.ruby-version
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
2.1.6
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.2.0
|
data/global_session.gemspec
CHANGED
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: global_session 3.
|
|
5
|
+
# stub: global_session 3.2.0 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "global_session"
|
|
9
|
-
s.version = "3.
|
|
9
|
+
s.version = "3.2.0"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib"]
|
|
13
13
|
s.authors = ["Tony Spataro"]
|
|
14
|
-
s.date = "2015-
|
|
14
|
+
s.date = "2015-07-08"
|
|
15
15
|
s.description = "This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database."
|
|
16
16
|
s.email = "support@rightscale.com"
|
|
17
17
|
s.extra_rdoc_files = [
|
|
@@ -50,7 +50,7 @@ Gem::Specification.new do |s|
|
|
|
50
50
|
]
|
|
51
51
|
s.homepage = "https://github.com/rightscale/global_session"
|
|
52
52
|
s.licenses = ["MIT"]
|
|
53
|
-
s.rubygems_version = "2.2.
|
|
53
|
+
s.rubygems_version = "2.2.3"
|
|
54
54
|
s.summary = "Secure single-domain session sharing plugin for Rack and Rails."
|
|
55
55
|
|
|
56
56
|
if s.respond_to? :specification_version then
|
data/lib/global_session/rack.rb
CHANGED
|
@@ -27,6 +27,8 @@ module GlobalSession
|
|
|
27
27
|
# Global session middleware. Note: this class relies on
|
|
28
28
|
# Rack::Cookies being used higher up in the chain.
|
|
29
29
|
class Middleware
|
|
30
|
+
NUMERIC_HOST = /^[0-9.]+$/.freeze
|
|
31
|
+
|
|
30
32
|
LOCAL_SESSION_KEY = "rack.session".freeze
|
|
31
33
|
|
|
32
34
|
# @return [GlobalSession::Configuration]
|
|
@@ -232,13 +234,15 @@ module GlobalSession
|
|
|
232
234
|
value = session.to_s
|
|
233
235
|
expires = @configuration['ephemeral'] ? nil : session.expired_at
|
|
234
236
|
unless env['rack.cookies'][@cookie_name] == value
|
|
237
|
+
secure = (env['HTTP_X_FORWARDED_PROTO'] == 'https') ||
|
|
238
|
+
(env['rack.url_scheme'] == 'https')
|
|
235
239
|
env['rack.cookies'][@cookie_name] =
|
|
236
240
|
{
|
|
237
241
|
:value => value,
|
|
238
242
|
:domain => cookie_domain(env),
|
|
239
243
|
:expires => expires,
|
|
240
244
|
:httponly => true,
|
|
241
|
-
:secure =>
|
|
245
|
+
:secure => secure,
|
|
242
246
|
}
|
|
243
247
|
end
|
|
244
248
|
else
|
|
@@ -316,14 +320,27 @@ module GlobalSession
|
|
|
316
320
|
#
|
|
317
321
|
# @param [Hash] env Rack request environment
|
|
318
322
|
def cookie_domain(env)
|
|
323
|
+
name = env['HTTP_X_FORWARDED_HOST'] || env['SERVER_NAME']
|
|
324
|
+
|
|
319
325
|
if @configuration['cookie'].has_key?('domain')
|
|
320
326
|
# Use the explicitly provided domain name
|
|
321
327
|
domain = @configuration['cookie']['domain']
|
|
328
|
+
elsif name =~ NUMERIC_HOST
|
|
329
|
+
# Don't set a domain if the browser requested an IP-based host
|
|
330
|
+
domain = nil
|
|
322
331
|
else
|
|
323
|
-
#
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
332
|
+
# Guess an appropriate domain for the cookie. Strip one level of
|
|
333
|
+
# subdomain; leave SLDs unmolested; omit domain entirely for
|
|
334
|
+
# one-component domains (e.g. localhost).
|
|
335
|
+
parts = name.split('.')
|
|
336
|
+
case parts.length
|
|
337
|
+
when 0..1
|
|
338
|
+
domain = nil
|
|
339
|
+
when 2
|
|
340
|
+
domain = parts.join('.')
|
|
341
|
+
else
|
|
342
|
+
domain = parts[1..-1].join('.')
|
|
343
|
+
end
|
|
327
344
|
end
|
|
328
345
|
|
|
329
346
|
domain
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: global_session
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tony Spataro
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-07-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: json
|
|
@@ -139,6 +139,7 @@ extra_rdoc_files:
|
|
|
139
139
|
- LICENSE
|
|
140
140
|
- README.rdoc
|
|
141
141
|
files:
|
|
142
|
+
- ".ruby-version"
|
|
142
143
|
- ".travis.yml"
|
|
143
144
|
- CHANGELOG.rdoc
|
|
144
145
|
- LICENSE
|
|
@@ -187,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
187
188
|
version: '0'
|
|
188
189
|
requirements: []
|
|
189
190
|
rubyforge_project:
|
|
190
|
-
rubygems_version: 2.2.
|
|
191
|
+
rubygems_version: 2.2.3
|
|
191
192
|
signing_key:
|
|
192
193
|
specification_version: 4
|
|
193
194
|
summary: Secure single-domain session sharing plugin for Rack and Rails.
|