global_session 3.1.0 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.rdoc +2 -2
  3. data/VERSION +1 -1
  4. data/global_session.gemspec +3 -3
  5. data/lib/global_session/rack.rb +17 -13
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b314fdf883f6db5a94056c8f4425b645ce26ce26
4
- data.tar.gz: f2598c6bc89cf364070919a0d7d4704660721664
3
+ metadata.gz: 4076acba8dcf282c7dad88a0d0970849c24be12d
4
+ data.tar.gz: 2868c88a7927c381c23c4015da1dc31794f41238
5
5
  SHA512:
6
- metadata.gz: cce6b5236c84c60d94df3342a78c2f63bb5289c9d8c31c089983d1e3eb7905b83f5aa5e50f444061d3bd320745411a564db932153c71d04f7a40e2afecad3032
7
- data.tar.gz: d2e8e7feb7641b439ff2e44f3e145c6f7f1f131ece9044c5edcc662c3a73a49ba590b7de1a623c751808c35dad02ffe18d06a251e7a5c18520e0d0b3fb849056
6
+ metadata.gz: 62a9e4d919ecee5c1f182f78b2e28ae55baf5430a1538ae5b7df6bf03323c4b61a0df003583a096cf29c6776409c4076ea19d6cdac9ddae3e5b86971fd5908f0
7
+ data.tar.gz: eca8e7350d16946e5417168f6b4ebdb3a52c4322714b1682f0df993b85f78c8887c747a9716db0bce10a7b94107231c3c8424c3ca620b61966a4c649d9dd0c95
data/README.rdoc CHANGED
@@ -68,7 +68,7 @@ Install the GlobalSession middleware into your Rack stack; pass a config and a d
68
68
  object to its initializer. For instance, in config.ru:
69
69
 
70
70
  configuration = GlobalSession::Configuration.new('path/to/config.yml', RACK_ENV)
71
- directory = GlobalSession::Directory.new(configuration, 'path/to/keystore')
71
+ directory = GlobalSession::Directory.new(configuration)
72
72
  use ::GlobalSession::Rack::Middleware, configuration, directory
73
73
 
74
74
  = Global Session Contents
@@ -81,7 +81,7 @@ operation). If your app uses the cookie, GlobalSession will take care of
81
81
  updating the cookie whenever session values change.
82
82
 
83
83
  Data-wise, the session is a JSON dictionary containing the following stuff:
84
- * session metadata (UUID, created-at, expires-at, signing-authority)
84
+ * session metadata (UUID, created at, expires at, signing authority)
85
85
  * signed session attributes (e.g. the authenticated user ID)
86
86
  * insecure session attributes (e.g. the last-visited URL)
87
87
  * a cryptographic signature of the metadata and signed attributes
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.1.0
1
+ 3.1.1
data/global_session.gemspec CHANGED
@@ -2,16 +2,16 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: global_session 3.1.0 ruby lib
5
+ # stub: global_session 3.1.1 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "global_session"
9
- s.version = "3.1.0"
9
+ s.version = "3.1.1"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib"]
13
13
  s.authors = ["Tony Spataro"]
14
- s.date = "2014-12-31"
14
+ s.date = "2015-05-22"
15
15
  s.description = "This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database."
16
16
  s.email = "support@rightscale.com"
17
17
  s.extra_rdoc_files = [
data/lib/global_session/rack.rb CHANGED
@@ -43,7 +43,7 @@ module GlobalSession
43
43
  # is the ticket.
44
44
  #
45
45
  # @param [Configuration] configuration
46
- # @param optional [String,Directory] directory the directory class name (DEPRECATED) or an actual instance of Directory
46
+ # @param optional [String,Directory] directory the disk-directory in which keys live (DEPRECATED), or an actual instance of Directory
47
47
  #
48
48
  # @yield if a block is provided, yields to the block to fetch session data from request state
49
49
  # @yieldparam [Hash] env Rack request environment is passed as a yield parameter
@@ -84,15 +84,16 @@ module GlobalSession
84
84
  "Invalid/unknown directory class name: #{klass_name.inspect}"
85
85
  end
86
86
 
87
- # Initialize the directory
88
- # @deprecated require Directory object in v4
89
- if klass.is_a?(Class)
90
- @directory = klass.new(@configuration, directory)
91
- elsif klass.is_a?(Directory)
87
+ # Initialize the directory object
88
+ if directory.is_a?(Directory)
89
+ # In v4-style initialization, the directory is always passed in
92
90
  @directory = directory
91
+ elsif klass.is_a?(Class)
92
+ # @deprecated v3-style initialization where the config file names the directory class
93
+ @directory = klass.new(@configuration, directory)
93
94
  else
94
95
  raise GlobalSession::ConfigurationError,
95
- "Unsupported value for 'directory': expected Class or Directory, got #{klass.inspect}"
96
+ "Cannot determine directory class/instance; method parameter is a #{directory.class.name} and configuration parameter is #{klass.class.name}"
96
97
  end
97
98
 
98
99
  # Initialize the keystore
@@ -215,7 +216,7 @@ module GlobalSession
215
216
  # @return [true] always returns true
216
217
  # @param [Hash] env Rack request environment
217
218
  def update_cookie(env)
218
- return true unless @configuration['authority']
219
+ return true unless @directory.keystore.private_key_name
219
220
  return true if env['global_session.req.update'] == false
220
221
 
221
222
  session = env['global_session']
@@ -232,10 +233,13 @@ module GlobalSession
232
233
  expires = @configuration['ephemeral'] ? nil : session.expired_at
233
234
  unless env['rack.cookies'][@cookie_name] == value
234
235
  env['rack.cookies'][@cookie_name] =
235
- {:value => value,
236
- :domain => cookie_domain(env),
237
- :expires => expires,
238
- :httponly => true}
236
+ {
237
+ :value => value,
238
+ :domain => cookie_domain(env),
239
+ :expires => expires,
240
+ :httponly => true,
241
+ :secure => (env['rack.url_scheme'] == 'https'),
242
+ }
239
243
  end
240
244
  else
241
245
  # write an empty cookie
@@ -253,7 +257,7 @@ module GlobalSession
253
257
  # @return [true] always returns true
254
258
  # @param [Hash] env Rack request environment
255
259
  def wipe_cookie(env)
256
- return unless @configuration['authority']
260
+ return unless @directory.keystore.private_key_name
257
261
  return if env['global_session.req.update'] == false
258
262
 
259
263
  env['rack.cookies'][@cookie_name] = {:value => nil,
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: global_session
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.0
4
+ version: 3.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Spataro
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-02-24 00:00:00.000000000 Z
11
+ date: 2015-05-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json