global_session 3.1.1 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/.ruby-version +1 -0
  3. data/VERSION +1 -1
  4. data/global_session.gemspec +4 -4
  5. data/lib/global_session/rack.rb +22 -5
  6. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4076acba8dcf282c7dad88a0d0970849c24be12d
4
- data.tar.gz: 2868c88a7927c381c23c4015da1dc31794f41238
3
+ metadata.gz: c515a5dcc7b904111d8d920ec99e0ccdce58121f
4
+ data.tar.gz: 5d64ca49728e08bd110fc597ff5321a951983041
5
5
  SHA512:
6
- metadata.gz: 62a9e4d919ecee5c1f182f78b2e28ae55baf5430a1538ae5b7df6bf03323c4b61a0df003583a096cf29c6776409c4076ea19d6cdac9ddae3e5b86971fd5908f0
7
- data.tar.gz: eca8e7350d16946e5417168f6b4ebdb3a52c4322714b1682f0df993b85f78c8887c747a9716db0bce10a7b94107231c3c8424c3ca620b61966a4c649d9dd0c95
6
+ metadata.gz: ba37377a8a6489d088ca0f835dc61be4bacba59472249802358a686b6500315f438e846a3e73142923fce67cc7b7646de9948577cb73ff22b5aa3d8dba604142
7
+ data.tar.gz: a43759e7a9d51b6322c04c41f19821229b35bce347dcf76d1ea3a5f65ccfa60a9cab1112f13a448cd20c390a84cff339cff2a4d9c0c7e940479d0411246bc878
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 2.1.6
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.1.1
1
+ 3.2.0
data/global_session.gemspec CHANGED
@@ -2,16 +2,16 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: global_session 3.1.1 ruby lib
5
+ # stub: global_session 3.2.0 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "global_session"
9
- s.version = "3.1.1"
9
+ s.version = "3.2.0"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib"]
13
13
  s.authors = ["Tony Spataro"]
14
- s.date = "2015-05-22"
14
+ s.date = "2015-07-08"
15
15
  s.description = "This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database."
16
16
  s.email = "support@rightscale.com"
17
17
  s.extra_rdoc_files = [
@@ -50,7 +50,7 @@ Gem::Specification.new do |s|
50
50
  ]
51
51
  s.homepage = "https://github.com/rightscale/global_session"
52
52
  s.licenses = ["MIT"]
53
- s.rubygems_version = "2.2.2"
53
+ s.rubygems_version = "2.2.3"
54
54
  s.summary = "Secure single-domain session sharing plugin for Rack and Rails."
55
55
 
56
56
  if s.respond_to? :specification_version then
data/lib/global_session/rack.rb CHANGED
@@ -27,6 +27,8 @@ module GlobalSession
27
27
  # Global session middleware. Note: this class relies on
28
28
  # Rack::Cookies being used higher up in the chain.
29
29
  class Middleware
30
+ NUMERIC_HOST = /^[0-9.]+$/.freeze
31
+
30
32
  LOCAL_SESSION_KEY = "rack.session".freeze
31
33
 
32
34
  # @return [GlobalSession::Configuration]
@@ -232,13 +234,15 @@ module GlobalSession
232
234
  value = session.to_s
233
235
  expires = @configuration['ephemeral'] ? nil : session.expired_at
234
236
  unless env['rack.cookies'][@cookie_name] == value
237
+ secure = (env['HTTP_X_FORWARDED_PROTO'] == 'https') ||
238
+ (env['rack.url_scheme'] == 'https')
235
239
  env['rack.cookies'][@cookie_name] =
236
240
  {
237
241
  :value => value,
238
242
  :domain => cookie_domain(env),
239
243
  :expires => expires,
240
244
  :httponly => true,
241
- :secure => (env['rack.url_scheme'] == 'https'),
245
+ :secure => secure,
242
246
  }
243
247
  end
244
248
  else
@@ -316,14 +320,27 @@ module GlobalSession
316
320
  #
317
321
  # @param [Hash] env Rack request environment
318
322
  def cookie_domain(env)
323
+ name = env['HTTP_X_FORWARDED_HOST'] || env['SERVER_NAME']
324
+
319
325
  if @configuration['cookie'].has_key?('domain')
320
326
  # Use the explicitly provided domain name
321
327
  domain = @configuration['cookie']['domain']
328
+ elsif name =~ NUMERIC_HOST
329
+ # Don't set a domain if the browser requested an IP-based host
330
+ domain = nil
322
331
  else
323
- # Use the server name, but strip off the most specific component
324
- parts = env['SERVER_NAME'].split('.')
325
- parts = parts[1..-1] if parts.length > 2
326
- domain = parts.join('.')
332
+ # Guess an appropriate domain for the cookie. Strip one level of
333
+ # subdomain; leave SLDs unmolested; omit domain entirely for
334
+ # one-component domains (e.g. localhost).
335
+ parts = name.split('.')
336
+ case parts.length
337
+ when 0..1
338
+ domain = nil
339
+ when 2
340
+ domain = parts.join('.')
341
+ else
342
+ domain = parts[1..-1].join('.')
343
+ end
327
344
  end
328
345
 
329
346
  domain
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: global_session
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.1
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Spataro
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-05-27 00:00:00.000000000 Z
11
+ date: 2015-07-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json
@@ -139,6 +139,7 @@ extra_rdoc_files:
139
139
  - LICENSE
140
140
  - README.rdoc
141
141
  files:
142
+ - ".ruby-version"
142
143
  - ".travis.yml"
143
144
  - CHANGELOG.rdoc
144
145
  - LICENSE
@@ -187,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
187
188
  version: '0'
188
189
  requirements: []
189
190
  rubyforge_project:
190
- rubygems_version: 2.2.2
191
+ rubygems_version: 2.2.3
191
192
  signing_key:
192
193
  specification_version: 4
193
194
  summary: Secure single-domain session sharing plugin for Rack and Rails.