RubyGems - globalid - Versions diffs - 0.4.1 → 0.4.2 - Mend

globalid 0.4.1 → 0.4.2

Potentially problematic release.

This version of globalid might be problematic. Click here for more details.

Files changed (6) hide show

checksums.yaml +5 -5
data/README.md +69 -51
data/lib/global_id/global_id.rb +5 -0
data/lib/global_id/identification.rb +1 -1
data/lib/global_id/railtie.rb +7 -5
metadata +3 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 67df636d5882a415108166f9dcb39e6f92a7f5e7
-  data.tar.gz: 5fe46ff2503cf37219c26e94e42187299523996c
+SHA256:
+  metadata.gz: 1c51189af124bc8712e1242070c33fa3bfd26c900003699a2b21328e8d197e55
+  data.tar.gz: b00783d7b5fd8b7def68e925d6f70e3ddfb70ad82c3603061c0d29e736dfa9f4
 SHA512:
-  metadata.gz: f9b26b5c02b4102befdd6da829ca5e56fa0eeec953e755c2a69f77d563b3b0355c9d8ed0477e22e6230a99d851d5878c0d31b58eafc08bdcee7a8a54cd67526e
-  data.tar.gz: c27ffc78e6679bd1c799df5c72494d77ca3106ce9c44eff7004c9e38da7749651041cf03958437f5ec41d6c3499174cc87753486193a494a4f13aaa884e233c3
+  metadata.gz: 5f5b1a859baae95d9efb693f8d9a0cfb008c82cedfbc3cc994b51cdf46d7191725317e31f8eee824ade1c04a9924d661ca1b9c04e7032ab9250aa20bf8e73614
+  data.tar.gz: c0ac25a21157363a3274e4e58ba99146fa2ce90e0860bbe7c21356a9af9d8013c0404bef2d6f4c793ca20aae287c26fa9625e4c74170574a1f4b048dd961fe0e

data/README.md CHANGED

@@ -24,17 +24,17 @@ Mix `GlobalID::Identification` into any model with a `#find(id)` class method.
 Support is automatically included in Active Record.
 ```ruby
->> person_gid = Person.find(1).to_global_id
-=> #<GlobalID ...
+person_gid = Person.find(1).to_global_id
+# => #<GlobalID ...
->> person_gid.uri
-=> #<URI ...
+person_gid.uri
+# => #<URI ...
->> person_gid.to_s
-=> "gid://app/Person/1"
+person_gid.to_s
+# => "gid://app/Person/1"
->> GlobalID::Locator.locate person_gid
-=> #<Person:0x007fae94bf6298 @id="1">
+GlobalID::Locator.locate person_gid
+# => #<Person:0x007fae94bf6298 @id="1">
 ```
 ### Signed Global IDs
@@ -42,77 +42,95 @@ Support is automatically included in Active Record.
 For added security GlobalIDs can also be signed to ensure that the data hasn't been tampered with.
 ```ruby
->> person_sgid = Person.find(1).to_signed_global_id
-=> #<SignedGlobalID:0x007fea1944b410>
+person_sgid = Person.find(1).to_signed_global_id
+# => #<SignedGlobalID:0x007fea1944b410>
->> person_sgid = Person.find(1).to_sgid
-=> #<SignedGlobalID:0x007fea1944b410>
+person_sgid = Person.find(1).to_sgid
+# => #<SignedGlobalID:0x007fea1944b410>
->> person_sgid.to_s
-=> "BAhJIh5naWQ6Ly9pZGluYWlkaS9Vc2VyLzM5NTk5BjoGRVQ=--81d7358dd5ee2ca33189bb404592df5e8d11420e"
->> GlobalID::Locator.locate_signed person_sgid
-=> #<Person:0x007fae94bf6298 @id="1">
+person_sgid.to_s
+# => "BAhJIh5naWQ6Ly9pZGluYWlkaS9Vc2VyLzM5NTk5BjoGRVQ=--81d7358dd5ee2ca33189bb404592df5e8d11420e"
+GlobalID::Locator.locate_signed person_sgid
+# => #<Person:0x007fae94bf6298 @id="1">
 ```
-You can even bump the security up some more by explaining what purpose a Signed Global ID is for.
-In this way evildoers can't reuse a sign-up form's SGID on the login page. For example.
-```ruby
->> signup_person_sgid = Person.find(1).to_sgid(for: 'signup_form')
-=> #<SignedGlobalID:0x007fea1984b520
->> GlobalID::Locator.locate_signed(signup_person_sgid.to_s, for: 'signup_form')
-=> #<Person:0x007fae94bf6298 @id="1">
-```
+**Expiration**
-You can also have SGIDs that expire some time in the future. Useful if there's a resource,
+Signed Global IDs can expire some time in the future. This is useful if there's a resource
 people shouldn't have indefinite access to, like a share link.
 ```ruby
->> expiring_sgid = Document.find(5).to_sgid(expires_in: 2.hours, for: 'sharing')
-=> #<SignedGlobalID:0x008fde45df8937 ...>
+expiring_sgid = Document.find(5).to_sgid(expires_in: 2.hours, for: 'sharing')
+# => #<SignedGlobalID:0x008fde45df8937 ...>
 # Within 2 hours...
->> GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
-=> #<Document:0x007fae94bf6298 @id="5">
+GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
+# => #<Document:0x007fae94bf6298 @id="5">
 # More than 2 hours later...
->> GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
-=> nil
+GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
+# => nil
+```
->> explicit_expiring_sgid = SecretAgentMessage.find(5).to_sgid(expires_at: Time.now.advance(hours: 1))
-=> #<SignedGlobalID:0x008fde45df8937 ...>
+**In Rails, an auto-expiry of 1 month is set by default.** You can alter that deal
+in an initializer with:
-# 1 hour later...
->> GlobalID::Locator.locate_signed explicit_expiring_sgid.to_s
-=> nil
+```ruby
+# config/initializers/global_id.rb
+Rails.application.config.global_id.expires_in = 3.months
+```
+You can assign a default SGID lifetime like so:
+```ruby
+SignedGlobalID.expires_in = 1.month
+```
+This way any generated SGID will use that relative expiry.
+It's worth noting that _expiring SGIDs are not idempotent_ because they encode the current timestamp; repeated calls to `to_sgid` will produce different results. For example, in Rails
+```ruby
+Document.find(5).to_sgid.to_s == Document.find(5).to_sgid.to_s
+# => false
+```
+You need to explicitly pass `expires_in: nil` to generate a permanent SGID that will not expire,
+```ruby
 # Passing a false value to either expiry option turns off expiration entirely.
->> never_expiring_sgid = Document.find(5).to_sgid(expires_in: nil)
-=> #<SignedGlobalID:0x008fde45df8937 ...>
+never_expiring_sgid = Document.find(5).to_sgid(expires_in: nil)
+# => #<SignedGlobalID:0x008fde45df8937 ...>
 # Any time later...
->> GlobalID::Locator.locate_signed never_expiring_sgid
-=> #<Document:0x007fae94bf6298 @id="5">
+GlobalID::Locator.locate_signed never_expiring_sgid
+# => #<Document:0x007fae94bf6298 @id="5">
 ```
-Note that an explicit `:expires_at` takes precedence over a relative `:expires_in`.
-You can assign a default SGID lifetime like so:
+It's also possible to pass a specific expiry time
 ```ruby
-SignedGlobalID.expires_in = 1.month
+explicit_expiring_sgid = SecretAgentMessage.find(5).to_sgid(expires_at: Time.now.advance(hours: 1))
+# => #<SignedGlobalID:0x008fde45df8937 ...>
+# 1 hour later...
+GlobalID::Locator.locate_signed explicit_expiring_sgid.to_s
+# => nil
 ```
+Note that an explicit `:expires_at` takes precedence over a relative `:expires_in`.
-This way any generated SGID will use that relative expiry.
+**Purpose**
-In Rails, an auto-expiry of 1 month is set by default. You can alter that deal
-in an initializer with:
+You can even bump the security up some more by explaining what purpose a Signed Global ID is for.
+In this way evildoers can't reuse a sign-up form's SGID on the login page. For example.
 ```ruby
-# config/initializers/global_id.rb
-Rails.application.config.global_id.expires_in = 3.months
+signup_person_sgid = Person.find(1).to_sgid(for: 'signup_form')
+# => #<SignedGlobalID:0x007fea1984b520
+GlobalID::Locator.locate_signed(signup_person_sgid.to_s, for: 'signup_form')
+# => #<Person:0x007fae94bf6298 @id="1">
 ```
 ### Custom App Locator

data/lib/global_id/global_id.rb CHANGED

@@ -63,6 +63,11 @@ class GlobalID
   def ==(other)
     other.is_a?(GlobalID) && @uri == other.uri
   end
+  alias_method :eql?, :==
+  def hash
+    self.class.hash | @uri.hash
+  end
   def to_param
     # remove the = padding character for a prettier param -- it'll be added back in parse_encoded_gid

data/lib/global_id/identification.rb CHANGED

@@ -5,7 +5,7 @@ class GlobalID
     extend ActiveSupport::Concern
     def to_global_id(options = {})
-      @global_id ||= GlobalID.create(self, options)
+      GlobalID.create(self, options)
     end
     alias to_gid to_global_id

data/lib/global_id/railtie.rb CHANGED

@@ -14,14 +14,16 @@ class GlobalID
     config.eager_load_namespaces << GlobalID
     initializer 'global_id' do |app|
+      default_expires_in = 1.month
+      default_app_name = app.railtie_name.remove('_application').dasherize
-      app.config.global_id.app ||= app.railtie_name.remove('_application').dasherize
-      GlobalID.app = app.config.global_id.app
-      app.config.global_id.expires_in ||= 1.month
-      SignedGlobalID.expires_in = app.config.global_id.expires_in
+      GlobalID.app = app.config.global_id.app ||= default_app_name
+      SignedGlobalID.expires_in = app.config.global_id.expires_in ||= default_expires_in
       config.after_initialize do
+        GlobalID.app = app.config.global_id.app ||= default_app_name
+        SignedGlobalID.expires_in = app.config.global_id.expires_in ||= default_expires_in
         app.config.global_id.verifier ||= begin
           GlobalID::Verifier.new(app.key_generator.generate_key('signed_global_ids'))
         rescue ArgumentError

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: globalid
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.4.2
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-24 00:00:00.000000000 Z
+date: 2019-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -74,8 +74,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.12
+rubygems_version: 3.0.2
 signing_key:
 specification_version: 4
 summary: 'Refer to any model with a URI: gid://app/class/id'