global_session 3.2.0 → 3.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +94 -0
- data/VERSION +1 -1
- data/global_session.gemspec +4 -3
- data/lib/global_session/directory.rb +1 -1
- data/lib/global_session/rack.rb +8 -8
- data/lib/global_session/session/abstract.rb +13 -2
- data/lib/global_session/session/v1.rb +8 -1
- data/lib/global_session/session/v2.rb +8 -1
- data/lib/global_session/session/v3.rb +8 -1
- metadata +3 -3
- data/CHANGELOG.rdoc +0 -43
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fe9830dded408fa5a939935b137d93c43e6b3dde
|
|
4
|
+
data.tar.gz: 50eacb0893c75b8344aa48c43cea959a33755b1b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d5d6e4ad5700e5b7a3ff95a23f256305f3ca09f9b7e3c664ad64f9ac6138aed97a627f07d19fd04e98040b6ca6e1cab9717aefb8ce7ed91e790f7f7efaf9ded3
|
|
7
|
+
data.tar.gz: dcc7dcb1e4ac1e2f197819ebd0e666f0219dc96abe7cfa32f440a453f95d74db63113ee6fecf82edc07ca86645f9fa9b62b28cfea73dc4763806dae030a3ad1c
|
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
3.2.1 (pending)
|
|
2
|
+
---------------
|
|
3
|
+
|
|
4
|
+
Fixed a bug with automatic cookie renewal; cookies were not being renewed unless
|
|
5
|
+
the `authority` directive was present in the configuration.
|
|
6
|
+
|
|
7
|
+
3.2.0 (2015-07-08)
|
|
8
|
+
------------------
|
|
9
|
+
|
|
10
|
+
If cookie domain is omitted from configuration, the Rack middleware will
|
|
11
|
+
guess a suitable domain by looking at the HTTP Host header (or `X-Forwarded-Host`
|
|
12
|
+
if it is present, i.e. the request has passed through a load balancer). The
|
|
13
|
+
heuristic for HTTP-host-to-cookie-domain is:
|
|
14
|
+
|
|
15
|
+
* Numeric IPv4: `127.0.0.1` -> _no_ domain
|
|
16
|
+
* 1-component: `localhost` -> _no_ domain
|
|
17
|
+
* 2-component: `example.com` -> `example.com`
|
|
18
|
+
* N-component: `foo.test.example.com` -> `test.example.com`
|
|
19
|
+
|
|
20
|
+
This doesn't handle country-code TLDs (`.co.uk`) so you'll still need to specify
|
|
21
|
+
the cookie domain for Web sites under a ccTLD.
|
|
22
|
+
|
|
23
|
+
The Rack middleware will guess whether to add the `secure` flag to cookies
|
|
24
|
+
based on `rack.url_scheme` (or `X-Forwarded-Proto` if it is present).
|
|
25
|
+
|
|
26
|
+
3.1 (2015-01-27)
|
|
27
|
+
----------------
|
|
28
|
+
|
|
29
|
+
Split Directory class into Directory & Keystore, retaining some backward-compatibility shims
|
|
30
|
+
inside Directory. In v4, these shims will be removed and all key management concerns will be
|
|
31
|
+
handled by Keystore; the Directory class will be limited to session creation, renewal, and
|
|
32
|
+
validity checking.
|
|
33
|
+
|
|
34
|
+
The `trust` and `authority` configuration elements have been deprecated, as ha
|
|
35
|
+
the ability to pass a keystore directory to `Directory.new`. Instead, the
|
|
36
|
+
configuration should contain a `keystore` that tells the gem where to find its
|
|
37
|
+
public and private keys; every public key is implicitly trusted, and if some
|
|
38
|
+
private key is found, the app is an authority (otherwise it's not an authority
|
|
39
|
+
and sessions are read-only). Example new configuration:
|
|
40
|
+
|
|
41
|
+
keystore:
|
|
42
|
+
public:
|
|
43
|
+
- config/authorities
|
|
44
|
+
- config/other_dir_with_keys_i_should_trust
|
|
45
|
+
private: /etc/my_private.key
|
|
46
|
+
|
|
47
|
+
As with any other Global Session configuration, this stanza can appear under
|
|
48
|
+
`common` or under an enivronment-specific section (`staging`, `production`, etc).
|
|
49
|
+
|
|
50
|
+
Finally, you can pass a private key location in the environment variable named
|
|
51
|
+
`GLOBAL_SESSION_PRIVATE_KEY` instead of including that information in the
|
|
52
|
+
configuration.
|
|
53
|
+
|
|
54
|
+
3.0 (2013-10-03)
|
|
55
|
+
----------------
|
|
56
|
+
|
|
57
|
+
The format of the global session cookie has been reinvented again! It once again uses JSON
|
|
58
|
+
(because msgpack was not widely supported in other languages/OSes) but retains the compact
|
|
59
|
+
array encoding introduced in v2.
|
|
60
|
+
|
|
61
|
+
The cryptographic signature scheme has been changed for better compatibility; we now use
|
|
62
|
+
PKCS1 v1.5 sign and verify operations instead of "raw" RSA. v2 and v1 sessions are fully
|
|
63
|
+
supported for read/write, but any session created with the v3 gem will use the v3 crypto
|
|
64
|
+
scheme.
|
|
65
|
+
|
|
66
|
+
2.0 (2012-11-06)
|
|
67
|
+
----------------
|
|
68
|
+
|
|
69
|
+
The format of the global session cookie has been reinvented; it now uses msgpack and delegates
|
|
70
|
+
all crypto to RightSupport::Crypto::SignedHash. Together with a few other optimizations, the
|
|
71
|
+
size of the cookie has shrunk by about 30%.
|
|
72
|
+
|
|
73
|
+
The gem remains capable of reading and writing V1 format cookies, but all new cookies are created
|
|
74
|
+
with the V2 format.
|
|
75
|
+
|
|
76
|
+
The "integrated" feature is no longer supported for the Rails integration layer; global session
|
|
77
|
+
attributes must always be accessed separately from local session attributes, through the
|
|
78
|
+
#global_session reader method that is mixed into ActionController::Base.
|
|
79
|
+
|
|
80
|
+
1.0 (2011-01-01)
|
|
81
|
+
----------------
|
|
82
|
+
|
|
83
|
+
General Availability release. Mostly interface-compatible with 0.9.
|
|
84
|
+
|
|
85
|
+
0.9 (2010-12-07)
|
|
86
|
+
----------------
|
|
87
|
+
|
|
88
|
+
Rack middleware implementation is feature-complete and has major spec coverage. Rails integration
|
|
89
|
+
is untested and may contain bugs.
|
|
90
|
+
|
|
91
|
+
0.9.0 (2010-12-22)
|
|
92
|
+
----------------
|
|
93
|
+
|
|
94
|
+
Initial commit ported from 'rack' branch of old has_global_session project
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.2.
|
|
1
|
+
3.2.1
|
data/global_session.gemspec
CHANGED
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: global_session 3.2.
|
|
5
|
+
# stub: global_session 3.2.1 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "global_session"
|
|
9
|
-
s.version = "3.2.
|
|
9
|
+
s.version = "3.2.1"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib"]
|
|
13
13
|
s.authors = ["Tony Spataro"]
|
|
14
|
-
s.date = "2015-07-
|
|
14
|
+
s.date = "2015-07-10"
|
|
15
15
|
s.description = "This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database."
|
|
16
16
|
s.email = "support@rightscale.com"
|
|
17
17
|
s.extra_rdoc_files = [
|
|
@@ -19,6 +19,7 @@ Gem::Specification.new do |s|
|
|
|
19
19
|
"README.rdoc"
|
|
20
20
|
]
|
|
21
21
|
s.files = [
|
|
22
|
+
".ruby-version",
|
|
22
23
|
".travis.yml",
|
|
23
24
|
"CHANGELOG.rdoc",
|
|
24
25
|
"LICENSE",
|
|
@@ -168,7 +168,7 @@ module GlobalSession
|
|
|
168
168
|
# @deprecated will be removed in GlobalSession v4; please use Keystore instead
|
|
169
169
|
# @see GlobalSession::Keystore
|
|
170
170
|
def local_authority_name
|
|
171
|
-
@keystore.private_key_name
|
|
171
|
+
@keystore.private_key_name
|
|
172
172
|
end
|
|
173
173
|
|
|
174
174
|
# Determine whether this system trusts a particular named authority based on
|
data/lib/global_session/rack.rb
CHANGED
|
@@ -37,6 +37,9 @@ module GlobalSession
|
|
|
37
37
|
# @return [GlobalSession::Directory]
|
|
38
38
|
attr_accessor :directory
|
|
39
39
|
|
|
40
|
+
# @return [GlobalSession::Keystore]
|
|
41
|
+
attr_accessor :keystore
|
|
42
|
+
|
|
40
43
|
# Make a new global session middleware.
|
|
41
44
|
#
|
|
42
45
|
# The optional block here controls an alternate ticket retrieval
|
|
@@ -98,9 +101,6 @@ module GlobalSession
|
|
|
98
101
|
"Cannot determine directory class/instance; method parameter is a #{directory.class.name} and configuration parameter is #{klass.class.name}"
|
|
99
102
|
end
|
|
100
103
|
|
|
101
|
-
# Initialize the keystore
|
|
102
|
-
@keystore = Keystore.new(@configuration)
|
|
103
|
-
|
|
104
104
|
@cookie_retrieval = block
|
|
105
105
|
@cookie_name = @configuration['cookie']['name']
|
|
106
106
|
end
|
|
@@ -202,8 +202,8 @@ module GlobalSession
|
|
|
202
202
|
# @return [true] always returns true
|
|
203
203
|
# @param [Hash] env Rack request environment
|
|
204
204
|
def renew_cookie(env)
|
|
205
|
-
return unless @
|
|
206
|
-
return if env['global_session.req.renew'] == false
|
|
205
|
+
return true unless @directory.local_authority_name
|
|
206
|
+
return true if env['global_session.req.renew'] == false
|
|
207
207
|
|
|
208
208
|
if (renew = @configuration['renew']) && env['global_session'] &&
|
|
209
209
|
env['global_session'].expired_at < Time.at(Time.now.utc + 60 * renew.to_i)
|
|
@@ -218,7 +218,7 @@ module GlobalSession
|
|
|
218
218
|
# @return [true] always returns true
|
|
219
219
|
# @param [Hash] env Rack request environment
|
|
220
220
|
def update_cookie(env)
|
|
221
|
-
return true unless @directory.
|
|
221
|
+
return true unless @directory.local_authority_name
|
|
222
222
|
return true if env['global_session.req.update'] == false
|
|
223
223
|
|
|
224
224
|
session = env['global_session']
|
|
@@ -261,8 +261,8 @@ module GlobalSession
|
|
|
261
261
|
# @return [true] always returns true
|
|
262
262
|
# @param [Hash] env Rack request environment
|
|
263
263
|
def wipe_cookie(env)
|
|
264
|
-
return unless @directory.
|
|
265
|
-
return if env['global_session.req.update'] == false
|
|
264
|
+
return true unless @directory.local_authority_name
|
|
265
|
+
return true if env['global_session.req.update'] == false
|
|
266
266
|
|
|
267
267
|
env['rack.cookies'][@cookie_name] = {:value => nil,
|
|
268
268
|
:domain => cookie_domain(env),
|
|
@@ -44,7 +44,7 @@ module GlobalSession::Session
|
|
|
44
44
|
|
|
45
45
|
# @return a Hash representation of the session with three subkeys: :metadata, :signed and :insecure
|
|
46
46
|
# @raise nothing -- does not raise; returns empty hash if there is a failure
|
|
47
|
-
def
|
|
47
|
+
def to_h
|
|
48
48
|
hash = {}
|
|
49
49
|
|
|
50
50
|
md = {}
|
|
@@ -67,6 +67,9 @@ module GlobalSession::Session
|
|
|
67
67
|
{}
|
|
68
68
|
end
|
|
69
69
|
|
|
70
|
+
# @deprecated will be removed in GlobalSession v4; please use to_h instead
|
|
71
|
+
alias to_hash to_h
|
|
72
|
+
|
|
70
73
|
# @return [true,false] true if this session was created in-process, false if it was initialized from a cookie
|
|
71
74
|
def new_record?
|
|
72
75
|
@cookie.nil?
|
|
@@ -81,6 +84,13 @@ module GlobalSession::Session
|
|
|
81
84
|
@directory.valid_session?(@id, @expired_at)
|
|
82
85
|
end
|
|
83
86
|
|
|
87
|
+
# Determine whether any state has changed since the session was loaded.
|
|
88
|
+
#
|
|
89
|
+
# @return [Boolean] true if something has changed
|
|
90
|
+
def dirty?
|
|
91
|
+
!!(new_record? || @dirty_timestamps)
|
|
92
|
+
end
|
|
93
|
+
|
|
84
94
|
# Determine whether the global session schema allows a given key to be placed
|
|
85
95
|
# in the global session.
|
|
86
96
|
#
|
|
@@ -104,7 +114,7 @@ module GlobalSession::Session
|
|
|
104
114
|
@signed.has_key?(key) || @insecure.has_key?(key)
|
|
105
115
|
end
|
|
106
116
|
|
|
107
|
-
alias
|
|
117
|
+
alias key? has_key?
|
|
108
118
|
|
|
109
119
|
# Invalidate this session by reporting its UUID to the Directory.
|
|
110
120
|
#
|
|
@@ -125,6 +135,7 @@ module GlobalSession::Session
|
|
|
125
135
|
expired_at ||= Time.at(Time.now.utc + 60 * minutes)
|
|
126
136
|
@expired_at = expired_at
|
|
127
137
|
@created_at = Time.now.utc
|
|
138
|
+
@dirty_timestamps = true
|
|
128
139
|
end
|
|
129
140
|
|
|
130
141
|
private
|
|
@@ -57,7 +57,7 @@ module GlobalSession::Session
|
|
|
57
57
|
# === Return
|
|
58
58
|
# cookie(String):: Base64Cookie-encoded, Zlib-compressed JSON-serialized global session
|
|
59
59
|
def to_s
|
|
60
|
-
if @cookie &&
|
|
60
|
+
if @cookie && !dirty?
|
|
61
61
|
#use cached cookie if nothing has changed
|
|
62
62
|
return @cookie
|
|
63
63
|
end
|
|
@@ -86,6 +86,13 @@ module GlobalSession::Session
|
|
|
86
86
|
return GlobalSession::Encoding::Base64Cookie.dump(zbin)
|
|
87
87
|
end
|
|
88
88
|
|
|
89
|
+
# Determine whether any state has changed since the session was loaded.
|
|
90
|
+
#
|
|
91
|
+
# @return [Boolean] true if something has changed
|
|
92
|
+
def dirty?
|
|
93
|
+
!!(super || @dirty_secure || @dirty_insecure)
|
|
94
|
+
end
|
|
95
|
+
|
|
89
96
|
# Return the keys that are currently present in the global session.
|
|
90
97
|
#
|
|
91
98
|
# === Return
|
|
@@ -58,7 +58,7 @@ module GlobalSession::Session
|
|
|
58
58
|
# === Return
|
|
59
59
|
# cookie(String):: Base64Cookie-encoded, Msgpack-serialized global session
|
|
60
60
|
def to_s
|
|
61
|
-
if @cookie &&
|
|
61
|
+
if @cookie && !dirty?
|
|
62
62
|
#use cached cookie if nothing has changed
|
|
63
63
|
return @cookie
|
|
64
64
|
end
|
|
@@ -90,6 +90,13 @@ module GlobalSession::Session
|
|
|
90
90
|
return GlobalSession::Encoding::Base64Cookie.dump(msgpack)
|
|
91
91
|
end
|
|
92
92
|
|
|
93
|
+
# Determine whether any state has changed since the session was loaded.
|
|
94
|
+
#
|
|
95
|
+
# @return [Boolean] true if something has changed
|
|
96
|
+
def dirty?
|
|
97
|
+
!!(super || @dirty_secure || @dirty_insecure)
|
|
98
|
+
end
|
|
99
|
+
|
|
93
100
|
# Return the keys that are currently present in the global session.
|
|
94
101
|
#
|
|
95
102
|
# === Return
|
|
@@ -115,7 +115,7 @@ module GlobalSession::Session
|
|
|
115
115
|
# @return [String] a B64cookie-encoded JSON-serialized global session
|
|
116
116
|
# @raise [GlobalSession::UnserializableType] if the attributes hash contains
|
|
117
117
|
def to_s
|
|
118
|
-
if @cookie &&
|
|
118
|
+
if @cookie && !dirty?
|
|
119
119
|
#use cached cookie if nothing has changed
|
|
120
120
|
return @cookie
|
|
121
121
|
end
|
|
@@ -154,6 +154,13 @@ module GlobalSession::Session
|
|
|
154
154
|
return GlobalSession::Encoding::Base64Cookie.dump(bin)
|
|
155
155
|
end
|
|
156
156
|
|
|
157
|
+
# Determine whether any state has changed since the session was loaded.
|
|
158
|
+
#
|
|
159
|
+
# @return [Boolean] true if something has changed
|
|
160
|
+
def dirty?
|
|
161
|
+
!!(super || @dirty_secure || @dirty_insecure)
|
|
162
|
+
end
|
|
163
|
+
|
|
157
164
|
# Return the keys that are currently present in the global session.
|
|
158
165
|
#
|
|
159
166
|
# === Return
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: global_session
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.
|
|
4
|
+
version: 3.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tony Spataro
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-07-
|
|
11
|
+
date: 2015-07-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: json
|
|
@@ -141,7 +141,7 @@ extra_rdoc_files:
|
|
|
141
141
|
files:
|
|
142
142
|
- ".ruby-version"
|
|
143
143
|
- ".travis.yml"
|
|
144
|
-
- CHANGELOG.
|
|
144
|
+
- CHANGELOG.md
|
|
145
145
|
- LICENSE
|
|
146
146
|
- README.rdoc
|
|
147
147
|
- Rakefile
|
data/CHANGELOG.rdoc
DELETED
|
@@ -1,43 +0,0 @@
|
|
|
1
|
-
== 3.1 (2015-01-27)
|
|
2
|
-
|
|
3
|
-
Split Directory class into Directory & Keystore, retaining some backward-compatibility shims
|
|
4
|
-
inside Directory. In v4, these shims will be removed and all key management concerns will be
|
|
5
|
-
handled by Keystore; the Directory class will be limited to session creation, renewal, and
|
|
6
|
-
validity checking.
|
|
7
|
-
|
|
8
|
-
== 3.0 (2013-10-03)
|
|
9
|
-
|
|
10
|
-
The format of the global session cookie has been reinvented again! It once again uses JSON
|
|
11
|
-
(because msgpack was not widely supported in other languages/OSes) but retains the compact
|
|
12
|
-
array encoding introduced in v2.
|
|
13
|
-
|
|
14
|
-
The cryptographic signature scheme has been changed for better compatibility; we now use
|
|
15
|
-
PKCS1 v1.5 sign and verify operations instead of "raw" RSA. v2 and v1 sessions are fully
|
|
16
|
-
supported for read/write, but any session created with the v3 gem will use the v3 crypto
|
|
17
|
-
scheme.
|
|
18
|
-
|
|
19
|
-
== 2.0 (2012-11-06)
|
|
20
|
-
|
|
21
|
-
The format of the global session cookie has been reinvented; it now uses msgpack and delegates
|
|
22
|
-
all crypto to RightSupport::Crypto::SignedHash. Together with a few other optimizations, the
|
|
23
|
-
size of the cookie has shrunk by about 30%.
|
|
24
|
-
|
|
25
|
-
The gem remains capable of reading and writing V1 format cookies, but all new cookies are created
|
|
26
|
-
with the V2 format.
|
|
27
|
-
|
|
28
|
-
The "integrated" feature is no longer supported for the Rails integration layer; global session
|
|
29
|
-
attributes must always be accessed separately from local session attributes, through the
|
|
30
|
-
#global_session reader method that is mixed into ActionController::Base.
|
|
31
|
-
|
|
32
|
-
== 1.0 (2011-01-01)
|
|
33
|
-
|
|
34
|
-
General Availability release. Mostly interface-compatible with 0.9.
|
|
35
|
-
|
|
36
|
-
== 0.9 (2010-12-07)
|
|
37
|
-
|
|
38
|
-
Rack middleware implementation is feature-complete and has major spec coverage. Rails integration
|
|
39
|
-
is untested and may contain bugs.
|
|
40
|
-
|
|
41
|
-
=== 0.9.0 (2010-12-22)
|
|
42
|
-
|
|
43
|
-
Initial commit ported from 'rack' branch of old has_global_session project
|