global_session 2.0.2 → 2.0.3

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,26 @@
1
+ == 2.0
2
+
3
+ The format of the global session cookie has been reinvented; it now uses msgpack and delegates
4
+ all crypto to RightSupport::Crypto::SignedHash. Together with a few other optimizations, the
5
+ size of the cookie has shrunk by about 30%.
6
+
7
+ The gem remains capable of reading and writing V1 format cookies, but all new cookies are created
8
+ with the V2 format.
9
+
10
+ The "integrated" feature is no longer supported for the Rails integration layer; global session
11
+ attributes must always be accessed separately from local session attributes, through the
12
+ #global_session reader method that is mixed into ActionController::Base.
13
+
14
+ == 1.0
15
+
16
+ Mostly interface-compatible with 0.9.
17
+
18
+ == 0.9
19
+
20
+ Rack middleware implementation is feature-complete and has major spec coverage. Rails integration
21
+ is untested and may contain bugs.
22
+
23
+ === 0.9.0 (2010-12-22)
24
+
25
+ * Initial commit ported from 'rack' branch of old has_global_session project
26
+
@@ -0,0 +1,45 @@
1
+ # -*-ruby-*-
2
+ require 'rubygems'
3
+ require 'rake'
4
+ require 'right_develop'
5
+ require 'spec/rake/spectask'
6
+ require 'rake/gempackagetask'
7
+ require 'rake/clean'
8
+ require 'cucumber/rake/task'
9
+
10
+ task :default => [:spec, :cucumber]
11
+
12
+ desc "Run unit tests"
13
+ Spec::Rake::SpecTask.new do |t|
14
+ t.spec_files = Dir['**/*_spec.rb']
15
+ t.spec_opts = lambda do
16
+ IO.readlines(File.join(File.dirname(__FILE__), 'spec', 'spec.opts')).map {|l| l.chomp.split " "}.flatten
17
+ end
18
+ end
19
+
20
+ desc "run functional tests"
21
+ Cucumber::Rake::Task.new do |t|
22
+ t.cucumber_opts = %w{--tags ~@slow --color --format pretty}
23
+ end
24
+
25
+ require 'jeweler'
26
+ Jeweler::Tasks.new do |gem|
27
+ # gem is a Gem::Specification; see http://docs.rubygems.org/read/chapter/20 for more options
28
+ gem.name = "global_session"
29
+ gem.homepage = "https://github.com/rightscale/global_session"
30
+ gem.license = "MIT"
31
+ gem.summary = %Q{Secure single-domain session sharing plugin for Rack and Rails.}
32
+ gem.description = %Q{This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.}
33
+ gem.email = "support@rightscale.com"
34
+ gem.authors = ['Tony Spataro']
35
+ gem.files.exclude 'Gemfile*'
36
+ gem.files.exclude 'features/**/*'
37
+ gem.files.exclude 'fixtures/**/*'
38
+ gem.files.exclude 'features/**/*'
39
+ gem.files.exclude 'spec/**/*'
40
+ end
41
+ Jeweler::RubygemsDotOrgTasks.new
42
+
43
+ CLEAN.include('pkg')
44
+
45
+ RightDevelop::CI::RakeTask.new
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 2.0.3
@@ -1,34 +1,104 @@
1
- # -*- mode: ruby; encoding: utf-8 -*-
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
2
5
 
3
- require 'rubygems'
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{global_session}
8
+ s.version = "2.0.3"
4
9
 
5
- spec = Gem::Specification.new do |s|
6
- s.required_rubygems_version = nil if s.respond_to? :required_rubygems_version=
7
- s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Tony Spataro"]
12
+ s.date = %q{2013-09-23}
13
+ s.description = %q{This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.}
14
+ s.email = %q{support@rightscale.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ "CHANGELOG.rdoc",
21
+ "LICENSE",
22
+ "README.rdoc",
23
+ "Rakefile",
24
+ "VERSION",
25
+ "global_session.gemspec",
26
+ "init.rb",
27
+ "lib/global_session.rb",
28
+ "lib/global_session/configuration.rb",
29
+ "lib/global_session/directory.rb",
30
+ "lib/global_session/encoding.rb",
31
+ "lib/global_session/rack.rb",
32
+ "lib/global_session/rails.rb",
33
+ "lib/global_session/rails/action_controller_class_methods.rb",
34
+ "lib/global_session/rails/action_controller_instance_methods.rb",
35
+ "lib/global_session/session.rb",
36
+ "lib/global_session/session/abstract.rb",
37
+ "lib/global_session/session/v1.rb",
38
+ "lib/global_session/session/v2.rb",
39
+ "rails/init.rb",
40
+ "rails_generators/global_session/USAGE",
41
+ "rails_generators/global_session/global_session_generator.rb",
42
+ "rails_generators/global_session/templates/global_session.yml.erb",
43
+ "rails_generators/global_session_authority/USAGE",
44
+ "rails_generators/global_session_authority/global_session_authority_generator.rb"
45
+ ]
46
+ s.homepage = %q{https://github.com/rightscale/global_session}
47
+ s.licenses = ["MIT"]
48
+ s.require_paths = ["lib"]
49
+ s.rubygems_version = %q{1.3.7}
50
+ s.summary = %q{Secure single-domain session sharing plugin for Rack and Rails.}
8
51
 
9
- s.name = 'global_session'
10
- s.version = '2.0.2'
11
- s.date = '2012-04-01'
52
+ if s.respond_to? :specification_version then
53
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
54
+ s.specification_version = 3
12
55
 
13
- s.authors = ['Tony Spataro']
14
- s.email = 'support@rightscale.com'
15
- s.homepage= 'http://github.com/rightscale/global_session'
16
-
17
- s.summary = %q{Secure single-domain session sharing plugin for Rails.}
18
- s.description = %q{This plugin for Rails allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.}
19
-
20
- s.add_runtime_dependency('right_support', ["~> 2.5"])
21
-
22
- s.add_runtime_dependency('simple_uuid', [">= 0.2.0"])
23
- s.add_runtime_dependency('json', ["~> 1.4"])
24
- s.add_runtime_dependency('msgpack', ["~> 0.4"])
25
- s.add_runtime_dependency('rack-contrib', ["~> 1.0"])
26
-
27
- basedir = File.dirname(__FILE__)
28
- candidates = ['global_session.gemspec', 'init.rb', 'LICENSE', 'README.rdoc'] +
29
- Dir['lib/**/*'] +
30
- Dir['rails/**/*'] +
31
- Dir['rails/**/*'] +
32
- Dir['rails_generators/**/*']
33
- s.files = candidates.sort
56
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
57
+ s.add_runtime_dependency(%q<right_support>, ["~> 2.5"])
58
+ s.add_runtime_dependency(%q<simple_uuid>, [">= 0.2.0"])
59
+ s.add_runtime_dependency(%q<json>, ["~> 1.4"])
60
+ s.add_runtime_dependency(%q<msgpack>, ["~> 0.4"])
61
+ s.add_runtime_dependency(%q<rack-contrib>, ["~> 1.0"])
62
+ s.add_development_dependency(%q<rake>, ["~> 0.8"])
63
+ s.add_development_dependency(%q<rspec>, ["~> 1.3"])
64
+ s.add_development_dependency(%q<cucumber>, ["~> 1.0"])
65
+ s.add_development_dependency(%q<right_develop>, ["~> 1.2"])
66
+ s.add_development_dependency(%q<flexmock>, ["~> 0.8"])
67
+ s.add_development_dependency(%q<jeweler>, ["~> 1.8.3"])
68
+ s.add_development_dependency(%q<httpclient>, [">= 0"])
69
+ s.add_development_dependency(%q<ruby-debug>, ["~> 0.10"])
70
+ s.add_development_dependency(%q<debugger>, ["~> 1.5"])
71
+ else
72
+ s.add_dependency(%q<right_support>, ["~> 2.5"])
73
+ s.add_dependency(%q<simple_uuid>, [">= 0.2.0"])
74
+ s.add_dependency(%q<json>, ["~> 1.4"])
75
+ s.add_dependency(%q<msgpack>, ["~> 0.4"])
76
+ s.add_dependency(%q<rack-contrib>, ["~> 1.0"])
77
+ s.add_dependency(%q<rake>, ["~> 0.8"])
78
+ s.add_dependency(%q<rspec>, ["~> 1.3"])
79
+ s.add_dependency(%q<cucumber>, ["~> 1.0"])
80
+ s.add_dependency(%q<right_develop>, ["~> 1.2"])
81
+ s.add_dependency(%q<flexmock>, ["~> 0.8"])
82
+ s.add_dependency(%q<jeweler>, ["~> 1.8.3"])
83
+ s.add_dependency(%q<httpclient>, [">= 0"])
84
+ s.add_dependency(%q<ruby-debug>, ["~> 0.10"])
85
+ s.add_dependency(%q<debugger>, ["~> 1.5"])
86
+ end
87
+ else
88
+ s.add_dependency(%q<right_support>, ["~> 2.5"])
89
+ s.add_dependency(%q<simple_uuid>, [">= 0.2.0"])
90
+ s.add_dependency(%q<json>, ["~> 1.4"])
91
+ s.add_dependency(%q<msgpack>, ["~> 0.4"])
92
+ s.add_dependency(%q<rack-contrib>, ["~> 1.0"])
93
+ s.add_dependency(%q<rake>, ["~> 0.8"])
94
+ s.add_dependency(%q<rspec>, ["~> 1.3"])
95
+ s.add_dependency(%q<cucumber>, ["~> 1.0"])
96
+ s.add_dependency(%q<right_develop>, ["~> 1.2"])
97
+ s.add_dependency(%q<flexmock>, ["~> 0.8"])
98
+ s.add_dependency(%q<jeweler>, ["~> 1.8.3"])
99
+ s.add_dependency(%q<httpclient>, [">= 0"])
100
+ s.add_dependency(%q<ruby-debug>, ["~> 0.10"])
101
+ s.add_dependency(%q<debugger>, ["~> 1.5"])
102
+ end
34
103
  end
104
+
@@ -188,20 +188,5 @@ module GlobalSession
188
188
  def report_invalid_session(uuid, expired_at)
189
189
  @invalid_sessions << uuid
190
190
  end
191
-
192
- # Callback used by GlobalSession::Rack::Middleware when the application invalidated
193
- # current global_session object. This callback could help application to get data related
194
- # to the previous global session (old_global_session_id), and put it to new global session
195
- # (new_global_sesion_id)
196
- #
197
- # @deprecated this method will be removed with GlobalSession 2.0; do not use!
198
- #
199
- # invalidated_uuid(String):: Invalidated Global session UUID
200
- # new_uuid(String):: Newly created Global session UUID
201
- # === Return
202
- # true: Always returns true
203
- def session_invalidated(invalidated_uuid, new_uuid)
204
- true
205
- end
206
191
  end
207
- end
192
+ end
@@ -228,7 +228,6 @@ module GlobalSession
228
228
  # old_session(GlobalSession):: the now-invalidated session
229
229
  # new_session(GlobalSession):: the new session that will be sent to the client
230
230
  def perform_invalidation_callbacks(env, old_session, new_session)
231
- @directory.session_invalidated(old_session.id, new_session.id)
232
231
  if (local_session = env[LOCAL_SESSION_KEY]) && local_session.respond_to?(:rename!)
233
232
  local_session.rename!(old_session, new_session)
234
233
  end
@@ -311,11 +311,15 @@ module GlobalSession::Session
311
311
  hash.reject { |k,v| ['dx', 's'].include?(k) },
312
312
  :encoding=>GlobalSession::Encoding::Msgpack,
313
313
  :public_key=>@directory.authorities[authority])
314
- signed_hash.verify!(signature, expired_at)
315
314
 
316
- #Check expiration
317
- unless expired_at > Time.now.utc
318
- raise GlobalSession::ExpiredSession, "Session expired at #{expired_at}"
315
+ begin
316
+ signed_hash.verify!(signature, expired_at)
317
+ rescue SecurityError => e
318
+ if e.message =~ /expired/
319
+ raise GlobalSession::ExpiredSession, "Session expired at #{expired_at}"
320
+ else
321
+ raise SecurityError, "Global session verification failure; suspected tampering: " + e.message
322
+ end
319
323
  end
320
324
 
321
325
  #Check other validity (delegate to directory)
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: global_session
3
3
  version: !ruby/object:Gem::Version
4
- hash: 11
4
+ hash: 9
5
5
  prerelease: false
6
6
  segments:
7
7
  - 2
8
8
  - 0
9
- - 2
10
- version: 2.0.2
9
+ - 3
10
+ version: 2.0.3
11
11
  platform: ruby
12
12
  authors:
13
13
  - Tony Spataro
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2012-04-01 00:00:00 -07:00
18
+ date: 2013-09-24 00:00:00 -07:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -94,17 +94,156 @@ dependencies:
94
94
  type: :runtime
95
95
  name: rack-contrib
96
96
  prerelease: false
97
- description: This plugin for Rails allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.
97
+ - !ruby/object:Gem::Dependency
98
+ version_requirements: &id006 !ruby/object:Gem::Requirement
99
+ none: false
100
+ requirements:
101
+ - - ~>
102
+ - !ruby/object:Gem::Version
103
+ hash: 27
104
+ segments:
105
+ - 0
106
+ - 8
107
+ version: "0.8"
108
+ requirement: *id006
109
+ type: :development
110
+ name: rake
111
+ prerelease: false
112
+ - !ruby/object:Gem::Dependency
113
+ version_requirements: &id007 !ruby/object:Gem::Requirement
114
+ none: false
115
+ requirements:
116
+ - - ~>
117
+ - !ruby/object:Gem::Version
118
+ hash: 9
119
+ segments:
120
+ - 1
121
+ - 3
122
+ version: "1.3"
123
+ requirement: *id007
124
+ type: :development
125
+ name: rspec
126
+ prerelease: false
127
+ - !ruby/object:Gem::Dependency
128
+ version_requirements: &id008 !ruby/object:Gem::Requirement
129
+ none: false
130
+ requirements:
131
+ - - ~>
132
+ - !ruby/object:Gem::Version
133
+ hash: 15
134
+ segments:
135
+ - 1
136
+ - 0
137
+ version: "1.0"
138
+ requirement: *id008
139
+ type: :development
140
+ name: cucumber
141
+ prerelease: false
142
+ - !ruby/object:Gem::Dependency
143
+ version_requirements: &id009 !ruby/object:Gem::Requirement
144
+ none: false
145
+ requirements:
146
+ - - ~>
147
+ - !ruby/object:Gem::Version
148
+ hash: 11
149
+ segments:
150
+ - 1
151
+ - 2
152
+ version: "1.2"
153
+ requirement: *id009
154
+ type: :development
155
+ name: right_develop
156
+ prerelease: false
157
+ - !ruby/object:Gem::Dependency
158
+ version_requirements: &id010 !ruby/object:Gem::Requirement
159
+ none: false
160
+ requirements:
161
+ - - ~>
162
+ - !ruby/object:Gem::Version
163
+ hash: 27
164
+ segments:
165
+ - 0
166
+ - 8
167
+ version: "0.8"
168
+ requirement: *id010
169
+ type: :development
170
+ name: flexmock
171
+ prerelease: false
172
+ - !ruby/object:Gem::Dependency
173
+ version_requirements: &id011 !ruby/object:Gem::Requirement
174
+ none: false
175
+ requirements:
176
+ - - ~>
177
+ - !ruby/object:Gem::Version
178
+ hash: 49
179
+ segments:
180
+ - 1
181
+ - 8
182
+ - 3
183
+ version: 1.8.3
184
+ requirement: *id011
185
+ type: :development
186
+ name: jeweler
187
+ prerelease: false
188
+ - !ruby/object:Gem::Dependency
189
+ version_requirements: &id012 !ruby/object:Gem::Requirement
190
+ none: false
191
+ requirements:
192
+ - - ">="
193
+ - !ruby/object:Gem::Version
194
+ hash: 3
195
+ segments:
196
+ - 0
197
+ version: "0"
198
+ requirement: *id012
199
+ type: :development
200
+ name: httpclient
201
+ prerelease: false
202
+ - !ruby/object:Gem::Dependency
203
+ version_requirements: &id013 !ruby/object:Gem::Requirement
204
+ none: false
205
+ requirements:
206
+ - - ~>
207
+ - !ruby/object:Gem::Version
208
+ hash: 31
209
+ segments:
210
+ - 0
211
+ - 10
212
+ version: "0.10"
213
+ requirement: *id013
214
+ type: :development
215
+ name: ruby-debug
216
+ prerelease: false
217
+ - !ruby/object:Gem::Dependency
218
+ version_requirements: &id014 !ruby/object:Gem::Requirement
219
+ none: false
220
+ requirements:
221
+ - - ~>
222
+ - !ruby/object:Gem::Version
223
+ hash: 5
224
+ segments:
225
+ - 1
226
+ - 5
227
+ version: "1.5"
228
+ requirement: *id014
229
+ type: :development
230
+ name: debugger
231
+ prerelease: false
232
+ description: This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.
98
233
  email: support@rightscale.com
99
234
  executables: []
100
235
 
101
236
  extensions: []
102
237
 
103
- extra_rdoc_files: []
104
-
238
+ extra_rdoc_files:
239
+ - LICENSE
240
+ - README.rdoc
105
241
  files:
242
+ - CHANGELOG.rdoc
106
243
  - LICENSE
107
244
  - README.rdoc
245
+ - Rakefile
246
+ - VERSION
108
247
  - global_session.gemspec
109
248
  - init.rb
110
249
  - lib/global_session.rb
@@ -126,9 +265,9 @@ files:
126
265
  - rails_generators/global_session_authority/USAGE
127
266
  - rails_generators/global_session_authority/global_session_authority_generator.rb
128
267
  has_rdoc: true
129
- homepage: http://github.com/rightscale/global_session
130
- licenses: []
131
-
268
+ homepage: https://github.com/rightscale/global_session
269
+ licenses:
270
+ - MIT
132
271
  post_install_message:
133
272
  rdoc_options: []
134
273
 
@@ -139,12 +278,10 @@ required_ruby_version: !ruby/object:Gem::Requirement
139
278
  requirements:
140
279
  - - ">="
141
280
  - !ruby/object:Gem::Version
142
- hash: 57
281
+ hash: 3
143
282
  segments:
144
- - 1
145
- - 8
146
- - 7
147
- version: 1.8.7
283
+ - 0
284
+ version: "0"
148
285
  required_rubygems_version: !ruby/object:Gem::Requirement
149
286
  none: false
150
287
  requirements:
@@ -160,6 +297,6 @@ rubyforge_project:
160
297
  rubygems_version: 1.3.7
161
298
  signing_key:
162
299
  specification_version: 3
163
- summary: Secure single-domain session sharing plugin for Rails.
300
+ summary: Secure single-domain session sharing plugin for Rack and Rails.
164
301
  test_files: []
165
302