global_session 2.0.2 → 2.0.3

data/CHANGELOG.rdoc

@@ -0,0 +1,26 @@
+== 2.0
+
+The format of the global session cookie has been reinvented; it now uses msgpack and delegates
+all crypto to RightSupport::Crypto::SignedHash. Together with a few other optimizations, the
+size of the cookie has shrunk by about 30%.
+
+The gem remains capable of reading and writing V1 format cookies, but all new cookies are created
+with the V2 format.
+
+The "integrated" feature is no longer supported for the Rails integration layer; global session
+attributes must always be accessed separately from local session attributes, through the
+#global_session reader method that is mixed into ActionController::Base.
+
+== 1.0
+
+Mostly interface-compatible with 0.9.
+
+== 0.9
+
+Rack middleware implementation is feature-complete and has major spec coverage. Rails integration
+is untested and may contain bugs.
+
+=== 0.9.0 (2010-12-22)
+
+* Initial commit ported from 'rack' branch of old has_global_session project
+

data/Rakefile

@@ -0,0 +1,45 @@
+# -*-ruby-*-
+require 'rubygems'
+require 'rake'
+require 'right_develop'
+require 'spec/rake/spectask'
+require 'rake/gempackagetask'
+require 'rake/clean'
+require 'cucumber/rake/task'
+
+task :default => [:spec, :cucumber]
+
+desc "Run unit tests"
+Spec::Rake::SpecTask.new do |t|
+  t.spec_files = Dir['**/*_spec.rb']
+  t.spec_opts = lambda do
+    IO.readlines(File.join(File.dirname(__FILE__), 'spec', 'spec.opts')).map {|l| l.chomp.split " "}.flatten
+  end
+end
+
+desc "run functional tests"
+Cucumber::Rake::Task.new do |t|
+  t.cucumber_opts = %w{--tags ~@slow --color --format pretty}
+end
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification; see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "global_session"
+  gem.homepage = "https://github.com/rightscale/global_session"
+  gem.license = "MIT"
+  gem.summary = %Q{Secure single-domain session sharing plugin for Rack and Rails.}
+  gem.description = %Q{This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.}
+  gem.email = "support@rightscale.com"
+  gem.authors = ['Tony Spataro']
+  gem.files.exclude 'Gemfile*'
+  gem.files.exclude 'features/**/*'
+  gem.files.exclude 'fixtures/**/*'
+  gem.files.exclude 'features/**/*'
+  gem.files.exclude 'spec/**/*'
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+CLEAN.include('pkg')
+
+RightDevelop::CI::RakeTask.new

data/VERSION

@@ -0,0 +1 @@
+2.0.3

data/global_session.gemspec

@@ -1,34 +1,104 @@
-# -*- mode: ruby; encoding: utf-8 -*-
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
 
-require 'rubygems'
+Gem::Specification.new do |s|
+  s.name = %q{global_session}
+  s.version = "2.0.3"
 
-spec = Gem::Specification.new do |s|
-  s.required_rubygems_version = nil if s.respond_to? :required_rubygems_version=
-  s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Tony Spataro"]
+  s.date = %q{2013-09-23}
+  s.description = %q{This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.}
+  s.email = %q{support@rightscale.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+    "README.rdoc"
+  ]
+  s.files = [
+    "CHANGELOG.rdoc",
+    "LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "global_session.gemspec",
+    "init.rb",
+    "lib/global_session.rb",
+    "lib/global_session/configuration.rb",
+    "lib/global_session/directory.rb",
+    "lib/global_session/encoding.rb",
+    "lib/global_session/rack.rb",
+    "lib/global_session/rails.rb",
+    "lib/global_session/rails/action_controller_class_methods.rb",
+    "lib/global_session/rails/action_controller_instance_methods.rb",
+    "lib/global_session/session.rb",
+    "lib/global_session/session/abstract.rb",
+    "lib/global_session/session/v1.rb",
+    "lib/global_session/session/v2.rb",
+    "rails/init.rb",
+    "rails_generators/global_session/USAGE",
+    "rails_generators/global_session/global_session_generator.rb",
+    "rails_generators/global_session/templates/global_session.yml.erb",
+    "rails_generators/global_session_authority/USAGE",
+    "rails_generators/global_session_authority/global_session_authority_generator.rb"
+  ]
+  s.homepage = %q{https://github.com/rightscale/global_session}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Secure single-domain session sharing plugin for Rack and Rails.}
 
-  s.name    = 'global_session'
-  s.version = '2.0.2'
-  s.date    = '2012-04-01'
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
 
-  s.authors = ['Tony Spataro']
-  s.email   = 'support@rightscale.com'
-  s.homepage= 'http://github.com/rightscale/global_session'
-
-  s.summary = %q{Secure single-domain session sharing plugin for Rails.}
-  s.description = %q{This plugin for Rails allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.}
-
-  s.add_runtime_dependency('right_support', ["~> 2.5"])
-
-  s.add_runtime_dependency('simple_uuid', [">= 0.2.0"])
-  s.add_runtime_dependency('json', ["~> 1.4"])
-  s.add_runtime_dependency('msgpack', ["~> 0.4"])
-  s.add_runtime_dependency('rack-contrib', ["~> 1.0"])
-
-  basedir = File.dirname(__FILE__)
-  candidates = ['global_session.gemspec', 'init.rb', 'LICENSE', 'README.rdoc'] +
-            Dir['lib/**/*'] +
-            Dir['rails/**/*'] +
-            Dir['rails/**/*'] +
-            Dir['rails_generators/**/*']
-  s.files = candidates.sort
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<right_support>, ["~> 2.5"])
+      s.add_runtime_dependency(%q<simple_uuid>, [">= 0.2.0"])
+      s.add_runtime_dependency(%q<json>, ["~> 1.4"])
+      s.add_runtime_dependency(%q<msgpack>, ["~> 0.4"])
+      s.add_runtime_dependency(%q<rack-contrib>, ["~> 1.0"])
+      s.add_development_dependency(%q<rake>, ["~> 0.8"])
+      s.add_development_dependency(%q<rspec>, ["~> 1.3"])
+      s.add_development_dependency(%q<cucumber>, ["~> 1.0"])
+      s.add_development_dependency(%q<right_develop>, ["~> 1.2"])
+      s.add_development_dependency(%q<flexmock>, ["~> 0.8"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.8.3"])
+      s.add_development_dependency(%q<httpclient>, [">= 0"])
+      s.add_development_dependency(%q<ruby-debug>, ["~> 0.10"])
+      s.add_development_dependency(%q<debugger>, ["~> 1.5"])
+    else
+      s.add_dependency(%q<right_support>, ["~> 2.5"])
+      s.add_dependency(%q<simple_uuid>, [">= 0.2.0"])
+      s.add_dependency(%q<json>, ["~> 1.4"])
+      s.add_dependency(%q<msgpack>, ["~> 0.4"])
+      s.add_dependency(%q<rack-contrib>, ["~> 1.0"])
+      s.add_dependency(%q<rake>, ["~> 0.8"])
+      s.add_dependency(%q<rspec>, ["~> 1.3"])
+      s.add_dependency(%q<cucumber>, ["~> 1.0"])
+      s.add_dependency(%q<right_develop>, ["~> 1.2"])
+      s.add_dependency(%q<flexmock>, ["~> 0.8"])
+      s.add_dependency(%q<jeweler>, ["~> 1.8.3"])
+      s.add_dependency(%q<httpclient>, [">= 0"])
+      s.add_dependency(%q<ruby-debug>, ["~> 0.10"])
+      s.add_dependency(%q<debugger>, ["~> 1.5"])
+    end
+  else
+    s.add_dependency(%q<right_support>, ["~> 2.5"])
+    s.add_dependency(%q<simple_uuid>, [">= 0.2.0"])
+    s.add_dependency(%q<json>, ["~> 1.4"])
+    s.add_dependency(%q<msgpack>, ["~> 0.4"])
+    s.add_dependency(%q<rack-contrib>, ["~> 1.0"])
+    s.add_dependency(%q<rake>, ["~> 0.8"])
+    s.add_dependency(%q<rspec>, ["~> 1.3"])
+    s.add_dependency(%q<cucumber>, ["~> 1.0"])
+    s.add_dependency(%q<right_develop>, ["~> 1.2"])
+    s.add_dependency(%q<flexmock>, ["~> 0.8"])
+    s.add_dependency(%q<jeweler>, ["~> 1.8.3"])
+    s.add_dependency(%q<httpclient>, [">= 0"])
+    s.add_dependency(%q<ruby-debug>, ["~> 0.10"])
+    s.add_dependency(%q<debugger>, ["~> 1.5"])
+  end
 end
+

data/lib/global_session/directory.rb

@@ -188,20 +188,5 @@ module GlobalSession
     def report_invalid_session(uuid, expired_at)
       @invalid_sessions << uuid
     end
-
-    # Callback used by GlobalSession::Rack::Middleware when the application invalidated
-    # current global_session object. This callback could help application to get data related 
-    # to the previous global session (old_global_session_id), and put it to new global session
-    # (new_global_sesion_id)
-    #
-    # @deprecated this method will be removed with GlobalSession 2.0; do not use!
-    #
-    # invalidated_uuid(String):: Invalidated Global session UUID
-    # new_uuid(String):: Newly created Global session UUID
-    # === Return
-    # true: Always returns true
-    def session_invalidated(invalidated_uuid, new_uuid)
-      true
-    end
   end  
-end
+end

data/lib/global_session/rack.rb

@@ -228,7 +228,6 @@ module GlobalSession
       # old_session(GlobalSession):: the now-invalidated session
       # new_session(GlobalSession):: the new session that will be sent to the client
       def perform_invalidation_callbacks(env, old_session, new_session)
-        @directory.session_invalidated(old_session.id, new_session.id)
         if (local_session = env[LOCAL_SESSION_KEY]) && local_session.respond_to?(:rename!)
           local_session.rename!(old_session, new_session)
         end

data/lib/global_session/session/v2.rb

@@ -311,11 +311,15 @@ module GlobalSession::Session
           hash.reject { |k,v| ['dx', 's'].include?(k) },
           :encoding=>GlobalSession::Encoding::Msgpack,
           :public_key=>@directory.authorities[authority])
-      signed_hash.verify!(signature, expired_at)
 
-      #Check expiration
-      unless expired_at > Time.now.utc
-        raise GlobalSession::ExpiredSession, "Session expired at #{expired_at}"
+      begin
+        signed_hash.verify!(signature, expired_at)
+      rescue SecurityError => e
+        if e.message =~ /expired/
+          raise GlobalSession::ExpiredSession, "Session expired at #{expired_at}"
+        else
+          raise SecurityError, "Global session verification failure; suspected tampering: " + e.message
+        end
       end
 
       #Check other validity (delegate to directory)

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: global_session
 version: !ruby/object:Gem::Version 
-  hash: 11
+  hash: 9
   prerelease: false
   segments: 
   - 2
   - 0
-  - 2
-  version: 2.0.2
+  - 3
+  version: 2.0.3
 platform: ruby
 authors: 
 - Tony Spataro
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-04-01 00:00:00 -07:00
+date: 2013-09-24 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -94,17 +94,156 @@ dependencies:
   type: :runtime
   name: rack-contrib
   prerelease: false
-description: This plugin for Rails allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 0
+        - 8
+        version: "0.8"
+  requirement: *id006
+  type: :development
+  name: rake
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 9
+        segments: 
+        - 1
+        - 3
+        version: "1.3"
+  requirement: *id007
+  type: :development
+  name: rspec
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 15
+        segments: 
+        - 1
+        - 0
+        version: "1.0"
+  requirement: *id008
+  type: :development
+  name: cucumber
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id009 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 11
+        segments: 
+        - 1
+        - 2
+        version: "1.2"
+  requirement: *id009
+  type: :development
+  name: right_develop
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 0
+        - 8
+        version: "0.8"
+  requirement: *id010
+  type: :development
+  name: flexmock
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id011 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 49
+        segments: 
+        - 1
+        - 8
+        - 3
+        version: 1.8.3
+  requirement: *id011
+  type: :development
+  name: jeweler
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id012 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id012
+  type: :development
+  name: httpclient
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id013 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 31
+        segments: 
+        - 0
+        - 10
+        version: "0.10"
+  requirement: *id013
+  type: :development
+  name: ruby-debug
+  prerelease: false
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id014 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 1
+        - 5
+        version: "1.5"
+  requirement: *id014
+  type: :development
+  name: debugger
+  prerelease: false
+description: This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.
 email: support@rightscale.com
 executables: []
 
 extensions: []
 
-extra_rdoc_files: []
-
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
 files: 
+- CHANGELOG.rdoc
 - LICENSE
 - README.rdoc
+- Rakefile
+- VERSION
 - global_session.gemspec
 - init.rb
 - lib/global_session.rb
@@ -126,9 +265,9 @@ files:
 - rails_generators/global_session_authority/USAGE
 - rails_generators/global_session_authority/global_session_authority_generator.rb
 has_rdoc: true
-homepage: http://github.com/rightscale/global_session
-licenses: []
-
+homepage: https://github.com/rightscale/global_session
+licenses: 
+- MIT
 post_install_message: 
 rdoc_options: []
 
@@ -139,12 +278,10 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 57
+      hash: 3
       segments: 
-      - 1
-      - 8
-      - 7
-      version: 1.8.7
+      - 0
+      version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
@@ -160,6 +297,6 @@ rubyforge_project:
 rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
-summary: Secure single-domain session sharing plugin for Rails.
+summary: Secure single-domain session sharing plugin for Rack and Rails.
 test_files: []