global_session 3.2.0 → 3.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +94 -0
- data/VERSION +1 -1
- data/global_session.gemspec +4 -3
- data/lib/global_session/directory.rb +1 -1
- data/lib/global_session/rack.rb +8 -8
- data/lib/global_session/session/abstract.rb +13 -2
- data/lib/global_session/session/v1.rb +8 -1
- data/lib/global_session/session/v2.rb +8 -1
- data/lib/global_session/session/v3.rb +8 -1
- metadata +3 -3
- data/CHANGELOG.rdoc +0 -43
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fe9830dded408fa5a939935b137d93c43e6b3dde
|
4
|
+
data.tar.gz: 50eacb0893c75b8344aa48c43cea959a33755b1b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d5d6e4ad5700e5b7a3ff95a23f256305f3ca09f9b7e3c664ad64f9ac6138aed97a627f07d19fd04e98040b6ca6e1cab9717aefb8ce7ed91e790f7f7efaf9ded3
|
7
|
+
data.tar.gz: dcc7dcb1e4ac1e2f197819ebd0e666f0219dc96abe7cfa32f440a453f95d74db63113ee6fecf82edc07ca86645f9fa9b62b28cfea73dc4763806dae030a3ad1c
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,94 @@
|
|
1
|
+
3.2.1 (pending)
|
2
|
+
---------------
|
3
|
+
|
4
|
+
Fixed a bug with automatic cookie renewal; cookies were not being renewed unless
|
5
|
+
the `authority` directive was present in the configuration.
|
6
|
+
|
7
|
+
3.2.0 (2015-07-08)
|
8
|
+
------------------
|
9
|
+
|
10
|
+
If cookie domain is omitted from configuration, the Rack middleware will
|
11
|
+
guess a suitable domain by looking at the HTTP Host header (or `X-Forwarded-Host`
|
12
|
+
if it is present, i.e. the request has passed through a load balancer). The
|
13
|
+
heuristic for HTTP-host-to-cookie-domain is:
|
14
|
+
|
15
|
+
* Numeric IPv4: `127.0.0.1` -> _no_ domain
|
16
|
+
* 1-component: `localhost` -> _no_ domain
|
17
|
+
* 2-component: `example.com` -> `example.com`
|
18
|
+
* N-component: `foo.test.example.com` -> `test.example.com`
|
19
|
+
|
20
|
+
This doesn't handle country-code TLDs (`.co.uk`) so you'll still need to specify
|
21
|
+
the cookie domain for Web sites under a ccTLD.
|
22
|
+
|
23
|
+
The Rack middleware will guess whether to add the `secure` flag to cookies
|
24
|
+
based on `rack.url_scheme` (or `X-Forwarded-Proto` if it is present).
|
25
|
+
|
26
|
+
3.1 (2015-01-27)
|
27
|
+
----------------
|
28
|
+
|
29
|
+
Split Directory class into Directory & Keystore, retaining some backward-compatibility shims
|
30
|
+
inside Directory. In v4, these shims will be removed and all key management concerns will be
|
31
|
+
handled by Keystore; the Directory class will be limited to session creation, renewal, and
|
32
|
+
validity checking.
|
33
|
+
|
34
|
+
The `trust` and `authority` configuration elements have been deprecated, as ha
|
35
|
+
the ability to pass a keystore directory to `Directory.new`. Instead, the
|
36
|
+
configuration should contain a `keystore` that tells the gem where to find its
|
37
|
+
public and private keys; every public key is implicitly trusted, and if some
|
38
|
+
private key is found, the app is an authority (otherwise it's not an authority
|
39
|
+
and sessions are read-only). Example new configuration:
|
40
|
+
|
41
|
+
keystore:
|
42
|
+
public:
|
43
|
+
- config/authorities
|
44
|
+
- config/other_dir_with_keys_i_should_trust
|
45
|
+
private: /etc/my_private.key
|
46
|
+
|
47
|
+
As with any other Global Session configuration, this stanza can appear under
|
48
|
+
`common` or under an enivronment-specific section (`staging`, `production`, etc).
|
49
|
+
|
50
|
+
Finally, you can pass a private key location in the environment variable named
|
51
|
+
`GLOBAL_SESSION_PRIVATE_KEY` instead of including that information in the
|
52
|
+
configuration.
|
53
|
+
|
54
|
+
3.0 (2013-10-03)
|
55
|
+
----------------
|
56
|
+
|
57
|
+
The format of the global session cookie has been reinvented again! It once again uses JSON
|
58
|
+
(because msgpack was not widely supported in other languages/OSes) but retains the compact
|
59
|
+
array encoding introduced in v2.
|
60
|
+
|
61
|
+
The cryptographic signature scheme has been changed for better compatibility; we now use
|
62
|
+
PKCS1 v1.5 sign and verify operations instead of "raw" RSA. v2 and v1 sessions are fully
|
63
|
+
supported for read/write, but any session created with the v3 gem will use the v3 crypto
|
64
|
+
scheme.
|
65
|
+
|
66
|
+
2.0 (2012-11-06)
|
67
|
+
----------------
|
68
|
+
|
69
|
+
The format of the global session cookie has been reinvented; it now uses msgpack and delegates
|
70
|
+
all crypto to RightSupport::Crypto::SignedHash. Together with a few other optimizations, the
|
71
|
+
size of the cookie has shrunk by about 30%.
|
72
|
+
|
73
|
+
The gem remains capable of reading and writing V1 format cookies, but all new cookies are created
|
74
|
+
with the V2 format.
|
75
|
+
|
76
|
+
The "integrated" feature is no longer supported for the Rails integration layer; global session
|
77
|
+
attributes must always be accessed separately from local session attributes, through the
|
78
|
+
#global_session reader method that is mixed into ActionController::Base.
|
79
|
+
|
80
|
+
1.0 (2011-01-01)
|
81
|
+
----------------
|
82
|
+
|
83
|
+
General Availability release. Mostly interface-compatible with 0.9.
|
84
|
+
|
85
|
+
0.9 (2010-12-07)
|
86
|
+
----------------
|
87
|
+
|
88
|
+
Rack middleware implementation is feature-complete and has major spec coverage. Rails integration
|
89
|
+
is untested and may contain bugs.
|
90
|
+
|
91
|
+
0.9.0 (2010-12-22)
|
92
|
+
----------------
|
93
|
+
|
94
|
+
Initial commit ported from 'rack' branch of old has_global_session project
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.2.
|
1
|
+
3.2.1
|
data/global_session.gemspec
CHANGED
@@ -2,16 +2,16 @@
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
|
-
# stub: global_session 3.2.
|
5
|
+
# stub: global_session 3.2.1 ruby lib
|
6
6
|
|
7
7
|
Gem::Specification.new do |s|
|
8
8
|
s.name = "global_session"
|
9
|
-
s.version = "3.2.
|
9
|
+
s.version = "3.2.1"
|
10
10
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
12
|
s.require_paths = ["lib"]
|
13
13
|
s.authors = ["Tony Spataro"]
|
14
|
-
s.date = "2015-07-
|
14
|
+
s.date = "2015-07-10"
|
15
15
|
s.description = "This Rack middleware allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database."
|
16
16
|
s.email = "support@rightscale.com"
|
17
17
|
s.extra_rdoc_files = [
|
@@ -19,6 +19,7 @@ Gem::Specification.new do |s|
|
|
19
19
|
"README.rdoc"
|
20
20
|
]
|
21
21
|
s.files = [
|
22
|
+
".ruby-version",
|
22
23
|
".travis.yml",
|
23
24
|
"CHANGELOG.rdoc",
|
24
25
|
"LICENSE",
|
@@ -168,7 +168,7 @@ module GlobalSession
|
|
168
168
|
# @deprecated will be removed in GlobalSession v4; please use Keystore instead
|
169
169
|
# @see GlobalSession::Keystore
|
170
170
|
def local_authority_name
|
171
|
-
@keystore.private_key_name
|
171
|
+
@keystore.private_key_name
|
172
172
|
end
|
173
173
|
|
174
174
|
# Determine whether this system trusts a particular named authority based on
|
data/lib/global_session/rack.rb
CHANGED
@@ -37,6 +37,9 @@ module GlobalSession
|
|
37
37
|
# @return [GlobalSession::Directory]
|
38
38
|
attr_accessor :directory
|
39
39
|
|
40
|
+
# @return [GlobalSession::Keystore]
|
41
|
+
attr_accessor :keystore
|
42
|
+
|
40
43
|
# Make a new global session middleware.
|
41
44
|
#
|
42
45
|
# The optional block here controls an alternate ticket retrieval
|
@@ -98,9 +101,6 @@ module GlobalSession
|
|
98
101
|
"Cannot determine directory class/instance; method parameter is a #{directory.class.name} and configuration parameter is #{klass.class.name}"
|
99
102
|
end
|
100
103
|
|
101
|
-
# Initialize the keystore
|
102
|
-
@keystore = Keystore.new(@configuration)
|
103
|
-
|
104
104
|
@cookie_retrieval = block
|
105
105
|
@cookie_name = @configuration['cookie']['name']
|
106
106
|
end
|
@@ -202,8 +202,8 @@ module GlobalSession
|
|
202
202
|
# @return [true] always returns true
|
203
203
|
# @param [Hash] env Rack request environment
|
204
204
|
def renew_cookie(env)
|
205
|
-
return unless @
|
206
|
-
return if env['global_session.req.renew'] == false
|
205
|
+
return true unless @directory.local_authority_name
|
206
|
+
return true if env['global_session.req.renew'] == false
|
207
207
|
|
208
208
|
if (renew = @configuration['renew']) && env['global_session'] &&
|
209
209
|
env['global_session'].expired_at < Time.at(Time.now.utc + 60 * renew.to_i)
|
@@ -218,7 +218,7 @@ module GlobalSession
|
|
218
218
|
# @return [true] always returns true
|
219
219
|
# @param [Hash] env Rack request environment
|
220
220
|
def update_cookie(env)
|
221
|
-
return true unless @directory.
|
221
|
+
return true unless @directory.local_authority_name
|
222
222
|
return true if env['global_session.req.update'] == false
|
223
223
|
|
224
224
|
session = env['global_session']
|
@@ -261,8 +261,8 @@ module GlobalSession
|
|
261
261
|
# @return [true] always returns true
|
262
262
|
# @param [Hash] env Rack request environment
|
263
263
|
def wipe_cookie(env)
|
264
|
-
return unless @directory.
|
265
|
-
return if env['global_session.req.update'] == false
|
264
|
+
return true unless @directory.local_authority_name
|
265
|
+
return true if env['global_session.req.update'] == false
|
266
266
|
|
267
267
|
env['rack.cookies'][@cookie_name] = {:value => nil,
|
268
268
|
:domain => cookie_domain(env),
|
@@ -44,7 +44,7 @@ module GlobalSession::Session
|
|
44
44
|
|
45
45
|
# @return a Hash representation of the session with three subkeys: :metadata, :signed and :insecure
|
46
46
|
# @raise nothing -- does not raise; returns empty hash if there is a failure
|
47
|
-
def
|
47
|
+
def to_h
|
48
48
|
hash = {}
|
49
49
|
|
50
50
|
md = {}
|
@@ -67,6 +67,9 @@ module GlobalSession::Session
|
|
67
67
|
{}
|
68
68
|
end
|
69
69
|
|
70
|
+
# @deprecated will be removed in GlobalSession v4; please use to_h instead
|
71
|
+
alias to_hash to_h
|
72
|
+
|
70
73
|
# @return [true,false] true if this session was created in-process, false if it was initialized from a cookie
|
71
74
|
def new_record?
|
72
75
|
@cookie.nil?
|
@@ -81,6 +84,13 @@ module GlobalSession::Session
|
|
81
84
|
@directory.valid_session?(@id, @expired_at)
|
82
85
|
end
|
83
86
|
|
87
|
+
# Determine whether any state has changed since the session was loaded.
|
88
|
+
#
|
89
|
+
# @return [Boolean] true if something has changed
|
90
|
+
def dirty?
|
91
|
+
!!(new_record? || @dirty_timestamps)
|
92
|
+
end
|
93
|
+
|
84
94
|
# Determine whether the global session schema allows a given key to be placed
|
85
95
|
# in the global session.
|
86
96
|
#
|
@@ -104,7 +114,7 @@ module GlobalSession::Session
|
|
104
114
|
@signed.has_key?(key) || @insecure.has_key?(key)
|
105
115
|
end
|
106
116
|
|
107
|
-
alias
|
117
|
+
alias key? has_key?
|
108
118
|
|
109
119
|
# Invalidate this session by reporting its UUID to the Directory.
|
110
120
|
#
|
@@ -125,6 +135,7 @@ module GlobalSession::Session
|
|
125
135
|
expired_at ||= Time.at(Time.now.utc + 60 * minutes)
|
126
136
|
@expired_at = expired_at
|
127
137
|
@created_at = Time.now.utc
|
138
|
+
@dirty_timestamps = true
|
128
139
|
end
|
129
140
|
|
130
141
|
private
|
@@ -57,7 +57,7 @@ module GlobalSession::Session
|
|
57
57
|
# === Return
|
58
58
|
# cookie(String):: Base64Cookie-encoded, Zlib-compressed JSON-serialized global session
|
59
59
|
def to_s
|
60
|
-
if @cookie &&
|
60
|
+
if @cookie && !dirty?
|
61
61
|
#use cached cookie if nothing has changed
|
62
62
|
return @cookie
|
63
63
|
end
|
@@ -86,6 +86,13 @@ module GlobalSession::Session
|
|
86
86
|
return GlobalSession::Encoding::Base64Cookie.dump(zbin)
|
87
87
|
end
|
88
88
|
|
89
|
+
# Determine whether any state has changed since the session was loaded.
|
90
|
+
#
|
91
|
+
# @return [Boolean] true if something has changed
|
92
|
+
def dirty?
|
93
|
+
!!(super || @dirty_secure || @dirty_insecure)
|
94
|
+
end
|
95
|
+
|
89
96
|
# Return the keys that are currently present in the global session.
|
90
97
|
#
|
91
98
|
# === Return
|
@@ -58,7 +58,7 @@ module GlobalSession::Session
|
|
58
58
|
# === Return
|
59
59
|
# cookie(String):: Base64Cookie-encoded, Msgpack-serialized global session
|
60
60
|
def to_s
|
61
|
-
if @cookie &&
|
61
|
+
if @cookie && !dirty?
|
62
62
|
#use cached cookie if nothing has changed
|
63
63
|
return @cookie
|
64
64
|
end
|
@@ -90,6 +90,13 @@ module GlobalSession::Session
|
|
90
90
|
return GlobalSession::Encoding::Base64Cookie.dump(msgpack)
|
91
91
|
end
|
92
92
|
|
93
|
+
# Determine whether any state has changed since the session was loaded.
|
94
|
+
#
|
95
|
+
# @return [Boolean] true if something has changed
|
96
|
+
def dirty?
|
97
|
+
!!(super || @dirty_secure || @dirty_insecure)
|
98
|
+
end
|
99
|
+
|
93
100
|
# Return the keys that are currently present in the global session.
|
94
101
|
#
|
95
102
|
# === Return
|
@@ -115,7 +115,7 @@ module GlobalSession::Session
|
|
115
115
|
# @return [String] a B64cookie-encoded JSON-serialized global session
|
116
116
|
# @raise [GlobalSession::UnserializableType] if the attributes hash contains
|
117
117
|
def to_s
|
118
|
-
if @cookie &&
|
118
|
+
if @cookie && !dirty?
|
119
119
|
#use cached cookie if nothing has changed
|
120
120
|
return @cookie
|
121
121
|
end
|
@@ -154,6 +154,13 @@ module GlobalSession::Session
|
|
154
154
|
return GlobalSession::Encoding::Base64Cookie.dump(bin)
|
155
155
|
end
|
156
156
|
|
157
|
+
# Determine whether any state has changed since the session was loaded.
|
158
|
+
#
|
159
|
+
# @return [Boolean] true if something has changed
|
160
|
+
def dirty?
|
161
|
+
!!(super || @dirty_secure || @dirty_insecure)
|
162
|
+
end
|
163
|
+
|
157
164
|
# Return the keys that are currently present in the global session.
|
158
165
|
#
|
159
166
|
# === Return
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: global_session
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.2.
|
4
|
+
version: 3.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tony Spataro
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-07-
|
11
|
+
date: 2015-07-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|
@@ -141,7 +141,7 @@ extra_rdoc_files:
|
|
141
141
|
files:
|
142
142
|
- ".ruby-version"
|
143
143
|
- ".travis.yml"
|
144
|
-
- CHANGELOG.
|
144
|
+
- CHANGELOG.md
|
145
145
|
- LICENSE
|
146
146
|
- README.rdoc
|
147
147
|
- Rakefile
|
data/CHANGELOG.rdoc
DELETED
@@ -1,43 +0,0 @@
|
|
1
|
-
== 3.1 (2015-01-27)
|
2
|
-
|
3
|
-
Split Directory class into Directory & Keystore, retaining some backward-compatibility shims
|
4
|
-
inside Directory. In v4, these shims will be removed and all key management concerns will be
|
5
|
-
handled by Keystore; the Directory class will be limited to session creation, renewal, and
|
6
|
-
validity checking.
|
7
|
-
|
8
|
-
== 3.0 (2013-10-03)
|
9
|
-
|
10
|
-
The format of the global session cookie has been reinvented again! It once again uses JSON
|
11
|
-
(because msgpack was not widely supported in other languages/OSes) but retains the compact
|
12
|
-
array encoding introduced in v2.
|
13
|
-
|
14
|
-
The cryptographic signature scheme has been changed for better compatibility; we now use
|
15
|
-
PKCS1 v1.5 sign and verify operations instead of "raw" RSA. v2 and v1 sessions are fully
|
16
|
-
supported for read/write, but any session created with the v3 gem will use the v3 crypto
|
17
|
-
scheme.
|
18
|
-
|
19
|
-
== 2.0 (2012-11-06)
|
20
|
-
|
21
|
-
The format of the global session cookie has been reinvented; it now uses msgpack and delegates
|
22
|
-
all crypto to RightSupport::Crypto::SignedHash. Together with a few other optimizations, the
|
23
|
-
size of the cookie has shrunk by about 30%.
|
24
|
-
|
25
|
-
The gem remains capable of reading and writing V1 format cookies, but all new cookies are created
|
26
|
-
with the V2 format.
|
27
|
-
|
28
|
-
The "integrated" feature is no longer supported for the Rails integration layer; global session
|
29
|
-
attributes must always be accessed separately from local session attributes, through the
|
30
|
-
#global_session reader method that is mixed into ActionController::Base.
|
31
|
-
|
32
|
-
== 1.0 (2011-01-01)
|
33
|
-
|
34
|
-
General Availability release. Mostly interface-compatible with 0.9.
|
35
|
-
|
36
|
-
== 0.9 (2010-12-07)
|
37
|
-
|
38
|
-
Rack middleware implementation is feature-complete and has major spec coverage. Rails integration
|
39
|
-
is untested and may contain bugs.
|
40
|
-
|
41
|
-
=== 0.9.0 (2010-12-22)
|
42
|
-
|
43
|
-
Initial commit ported from 'rack' branch of old has_global_session project
|