globalid 0.4.1 → 0.4.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of globalid might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 67df636d5882a415108166f9dcb39e6f92a7f5e7
4
- data.tar.gz: 5fe46ff2503cf37219c26e94e42187299523996c
2
+ SHA256:
3
+ metadata.gz: 1c51189af124bc8712e1242070c33fa3bfd26c900003699a2b21328e8d197e55
4
+ data.tar.gz: b00783d7b5fd8b7def68e925d6f70e3ddfb70ad82c3603061c0d29e736dfa9f4
5
5
  SHA512:
6
- metadata.gz: f9b26b5c02b4102befdd6da829ca5e56fa0eeec953e755c2a69f77d563b3b0355c9d8ed0477e22e6230a99d851d5878c0d31b58eafc08bdcee7a8a54cd67526e
7
- data.tar.gz: c27ffc78e6679bd1c799df5c72494d77ca3106ce9c44eff7004c9e38da7749651041cf03958437f5ec41d6c3499174cc87753486193a494a4f13aaa884e233c3
6
+ metadata.gz: 5f5b1a859baae95d9efb693f8d9a0cfb008c82cedfbc3cc994b51cdf46d7191725317e31f8eee824ade1c04a9924d661ca1b9c04e7032ab9250aa20bf8e73614
7
+ data.tar.gz: c0ac25a21157363a3274e4e58ba99146fa2ce90e0860bbe7c21356a9af9d8013c0404bef2d6f4c793ca20aae287c26fa9625e4c74170574a1f4b048dd961fe0e
data/README.md CHANGED
@@ -24,17 +24,17 @@ Mix `GlobalID::Identification` into any model with a `#find(id)` class method.
24
24
  Support is automatically included in Active Record.
25
25
 
26
26
  ```ruby
27
- >> person_gid = Person.find(1).to_global_id
28
- => #<GlobalID ...
27
+ person_gid = Person.find(1).to_global_id
28
+ # => #<GlobalID ...
29
29
 
30
- >> person_gid.uri
31
- => #<URI ...
30
+ person_gid.uri
31
+ # => #<URI ...
32
32
 
33
- >> person_gid.to_s
34
- => "gid://app/Person/1"
33
+ person_gid.to_s
34
+ # => "gid://app/Person/1"
35
35
 
36
- >> GlobalID::Locator.locate person_gid
37
- => #<Person:0x007fae94bf6298 @id="1">
36
+ GlobalID::Locator.locate person_gid
37
+ # => #<Person:0x007fae94bf6298 @id="1">
38
38
  ```
39
39
 
40
40
  ### Signed Global IDs
@@ -42,77 +42,95 @@ Support is automatically included in Active Record.
42
42
  For added security GlobalIDs can also be signed to ensure that the data hasn't been tampered with.
43
43
 
44
44
  ```ruby
45
- >> person_sgid = Person.find(1).to_signed_global_id
46
- => #<SignedGlobalID:0x007fea1944b410>
45
+ person_sgid = Person.find(1).to_signed_global_id
46
+ # => #<SignedGlobalID:0x007fea1944b410>
47
47
 
48
- >> person_sgid = Person.find(1).to_sgid
49
- => #<SignedGlobalID:0x007fea1944b410>
48
+ person_sgid = Person.find(1).to_sgid
49
+ # => #<SignedGlobalID:0x007fea1944b410>
50
50
 
51
- >> person_sgid.to_s
52
- => "BAhJIh5naWQ6Ly9pZGluYWlkaS9Vc2VyLzM5NTk5BjoGRVQ=--81d7358dd5ee2ca33189bb404592df5e8d11420e"
53
-
54
- >> GlobalID::Locator.locate_signed person_sgid
55
- => #<Person:0x007fae94bf6298 @id="1">
51
+ person_sgid.to_s
52
+ # => "BAhJIh5naWQ6Ly9pZGluYWlkaS9Vc2VyLzM5NTk5BjoGRVQ=--81d7358dd5ee2ca33189bb404592df5e8d11420e"
56
53
 
54
+ GlobalID::Locator.locate_signed person_sgid
55
+ # => #<Person:0x007fae94bf6298 @id="1">
57
56
  ```
58
- You can even bump the security up some more by explaining what purpose a Signed Global ID is for.
59
- In this way evildoers can't reuse a sign-up form's SGID on the login page. For example.
60
57
 
61
- ```ruby
62
- >> signup_person_sgid = Person.find(1).to_sgid(for: 'signup_form')
63
- => #<SignedGlobalID:0x007fea1984b520
64
-
65
- >> GlobalID::Locator.locate_signed(signup_person_sgid.to_s, for: 'signup_form')
66
- => #<Person:0x007fae94bf6298 @id="1">
67
- ```
58
+ **Expiration**
68
59
 
69
- You can also have SGIDs that expire some time in the future. Useful if there's a resource,
60
+ Signed Global IDs can expire some time in the future. This is useful if there's a resource
70
61
  people shouldn't have indefinite access to, like a share link.
71
62
 
72
63
  ```ruby
73
- >> expiring_sgid = Document.find(5).to_sgid(expires_in: 2.hours, for: 'sharing')
74
- => #<SignedGlobalID:0x008fde45df8937 ...>
64
+ expiring_sgid = Document.find(5).to_sgid(expires_in: 2.hours, for: 'sharing')
65
+ # => #<SignedGlobalID:0x008fde45df8937 ...>
75
66
 
76
67
  # Within 2 hours...
77
- >> GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
78
- => #<Document:0x007fae94bf6298 @id="5">
68
+ GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
69
+ # => #<Document:0x007fae94bf6298 @id="5">
79
70
 
80
71
  # More than 2 hours later...
81
- >> GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
82
- => nil
72
+ GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
73
+ # => nil
74
+ ```
83
75
 
84
- >> explicit_expiring_sgid = SecretAgentMessage.find(5).to_sgid(expires_at: Time.now.advance(hours: 1))
85
- => #<SignedGlobalID:0x008fde45df8937 ...>
76
+ **In Rails, an auto-expiry of 1 month is set by default.** You can alter that deal
77
+ in an initializer with:
86
78
 
87
- # 1 hour later...
88
- >> GlobalID::Locator.locate_signed explicit_expiring_sgid.to_s
89
- => nil
79
+ ```ruby
80
+ # config/initializers/global_id.rb
81
+ Rails.application.config.global_id.expires_in = 3.months
82
+ ```
83
+
84
+ You can assign a default SGID lifetime like so:
85
+
86
+ ```ruby
87
+ SignedGlobalID.expires_in = 1.month
88
+ ```
89
+
90
+ This way any generated SGID will use that relative expiry.
90
91
 
92
+ It's worth noting that _expiring SGIDs are not idempotent_ because they encode the current timestamp; repeated calls to `to_sgid` will produce different results. For example, in Rails
93
+
94
+ ```ruby
95
+ Document.find(5).to_sgid.to_s == Document.find(5).to_sgid.to_s
96
+ # => false
97
+ ```
98
+
99
+ You need to explicitly pass `expires_in: nil` to generate a permanent SGID that will not expire,
100
+
101
+ ```ruby
91
102
  # Passing a false value to either expiry option turns off expiration entirely.
92
- >> never_expiring_sgid = Document.find(5).to_sgid(expires_in: nil)
93
- => #<SignedGlobalID:0x008fde45df8937 ...>
103
+ never_expiring_sgid = Document.find(5).to_sgid(expires_in: nil)
104
+ # => #<SignedGlobalID:0x008fde45df8937 ...>
94
105
 
95
106
  # Any time later...
96
- >> GlobalID::Locator.locate_signed never_expiring_sgid
97
- => #<Document:0x007fae94bf6298 @id="5">
107
+ GlobalID::Locator.locate_signed never_expiring_sgid
108
+ # => #<Document:0x007fae94bf6298 @id="5">
98
109
  ```
99
110
 
100
- Note that an explicit `:expires_at` takes precedence over a relative `:expires_in`.
101
-
102
- You can assign a default SGID lifetime like so:
111
+ It's also possible to pass a specific expiry time
103
112
 
104
113
  ```ruby
105
- SignedGlobalID.expires_in = 1.month
114
+ explicit_expiring_sgid = SecretAgentMessage.find(5).to_sgid(expires_at: Time.now.advance(hours: 1))
115
+ # => #<SignedGlobalID:0x008fde45df8937 ...>
116
+
117
+ # 1 hour later...
118
+ GlobalID::Locator.locate_signed explicit_expiring_sgid.to_s
119
+ # => nil
106
120
  ```
121
+ Note that an explicit `:expires_at` takes precedence over a relative `:expires_in`.
107
122
 
108
- This way any generated SGID will use that relative expiry.
123
+ **Purpose**
109
124
 
110
- In Rails, an auto-expiry of 1 month is set by default. You can alter that deal
111
- in an initializer with:
125
+ You can even bump the security up some more by explaining what purpose a Signed Global ID is for.
126
+ In this way evildoers can't reuse a sign-up form's SGID on the login page. For example.
112
127
 
113
128
  ```ruby
114
- # config/initializers/global_id.rb
115
- Rails.application.config.global_id.expires_in = 3.months
129
+ signup_person_sgid = Person.find(1).to_sgid(for: 'signup_form')
130
+ # => #<SignedGlobalID:0x007fea1984b520
131
+
132
+ GlobalID::Locator.locate_signed(signup_person_sgid.to_s, for: 'signup_form')
133
+ # => #<Person:0x007fae94bf6298 @id="1">
116
134
  ```
117
135
 
118
136
  ### Custom App Locator
@@ -63,6 +63,11 @@ class GlobalID
63
63
  def ==(other)
64
64
  other.is_a?(GlobalID) && @uri == other.uri
65
65
  end
66
+ alias_method :eql?, :==
67
+
68
+ def hash
69
+ self.class.hash | @uri.hash
70
+ end
66
71
 
67
72
  def to_param
68
73
  # remove the = padding character for a prettier param -- it'll be added back in parse_encoded_gid
@@ -5,7 +5,7 @@ class GlobalID
5
5
  extend ActiveSupport::Concern
6
6
 
7
7
  def to_global_id(options = {})
8
- @global_id ||= GlobalID.create(self, options)
8
+ GlobalID.create(self, options)
9
9
  end
10
10
  alias to_gid to_global_id
11
11
 
@@ -14,14 +14,16 @@ class GlobalID
14
14
  config.eager_load_namespaces << GlobalID
15
15
 
16
16
  initializer 'global_id' do |app|
17
+ default_expires_in = 1.month
18
+ default_app_name = app.railtie_name.remove('_application').dasherize
17
19
 
18
- app.config.global_id.app ||= app.railtie_name.remove('_application').dasherize
19
- GlobalID.app = app.config.global_id.app
20
-
21
- app.config.global_id.expires_in ||= 1.month
22
- SignedGlobalID.expires_in = app.config.global_id.expires_in
20
+ GlobalID.app = app.config.global_id.app ||= default_app_name
21
+ SignedGlobalID.expires_in = app.config.global_id.expires_in ||= default_expires_in
23
22
 
24
23
  config.after_initialize do
24
+ GlobalID.app = app.config.global_id.app ||= default_app_name
25
+ SignedGlobalID.expires_in = app.config.global_id.expires_in ||= default_expires_in
26
+
25
27
  app.config.global_id.verifier ||= begin
26
28
  GlobalID::Verifier.new(app.key_generator.generate_key('signed_global_ids'))
27
29
  rescue ArgumentError
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: globalid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-24 00:00:00.000000000 Z
11
+ date: 2019-01-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -74,8 +74,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
74
74
  - !ruby/object:Gem::Version
75
75
  version: '0'
76
76
  requirements: []
77
- rubyforge_project:
78
- rubygems_version: 2.6.12
77
+ rubygems_version: 3.0.2
79
78
  signing_key:
80
79
  specification_version: 4
81
80
  summary: 'Refer to any model with a URI: gid://app/class/id'