has_global_session 0.8.3 → 0.8.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -7,8 +7,8 @@ spec = Gem::Specification.new do |s|
7
7
  s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
8
8
 
9
9
  s.name = 'has_global_session'
10
- s.version = '0.8.3'
11
- s.date = '2010-06-11'
10
+ s.version = '0.8.5'
11
+ s.date = '2010-06-16'
12
12
 
13
13
  s.authors = ['Tony Spataro']
14
14
  s.email = 'code@tracker.xeger.net'
@@ -19,6 +19,10 @@ spec = Gem::Specification.new do |s|
19
19
 
20
20
  s.add_runtime_dependency('uuidtools', [">= 1.0.7"])
21
21
  s.add_runtime_dependency('json', [">= 1.1.7"])
22
+ s.add_runtime_dependency('activesupport', [">= 2.1.2"])
23
+
24
+ s.add_development_dependency('rspec', [">= 1.3.0"])
25
+ s.add_development_dependency('flexmock', [">= 0.8.6"])
22
26
 
23
27
  basedir = File.dirname(__FILE__)
24
28
  candidates = ['has_global_session.gemspec', 'init.rb', 'MIT-LICENSE', 'README.rdoc'] +
@@ -6,6 +6,12 @@ module HasGlobalSession
6
6
  class NoAuthority < Exception; end
7
7
  end
8
8
 
9
+ #Make sure gem dependencies are activated.
10
+ require 'uuidtools'
11
+ require 'json'
12
+ require 'active_support'
13
+
14
+ #Require our own sources
9
15
  basedir = File.dirname(__FILE__)
10
16
  require File.join(basedir, 'has_global_session', 'configuration')
11
17
  require File.join(basedir, 'has_global_session', 'directory')
@@ -12,7 +12,7 @@ module HasGlobalSession
12
12
  elements = path.split '/'
13
13
  object = get(elements.shift, false)
14
14
  elements.each do |element|
15
- object = object[element]
15
+ object = object[element] if object
16
16
  if object.nil?
17
17
  msg = "#{File.basename(config_file)} does not specify required element #{elements.map { |x| "['#{x}']"}.join('')}"
18
18
  raise MissingConfiguration, msg
@@ -28,10 +28,14 @@ module HasGlobalSession
28
28
  Configuration['trust'].include?(authority)
29
29
  end
30
30
 
31
- def invalidated_session?(uuid)
32
- false
31
+ def valid_session?(uuid, expired_at)
32
+ expired_at > Time.now
33
33
  end
34
34
 
35
+ def report_invalid_session(uuid, expired_at)
36
+ true
37
+ end
38
+
35
39
  def report_exception(exception, cookie=nil)
36
40
  true
37
41
  end
@@ -7,7 +7,7 @@ require 'uuidtools'
7
7
 
8
8
  module HasGlobalSession
9
9
  class GlobalSession
10
- attr_reader :id, :authority, :created_at, :expires_at
10
+ attr_reader :id, :authority, :created_at, :expired_at
11
11
 
12
12
  def initialize(directory, cookie=nil)
13
13
  @schema_signed = Set.new((Configuration['attributes']['signed'] rescue []))
@@ -24,7 +24,7 @@ module HasGlobalSession
24
24
  end
25
25
 
26
26
  def valid?
27
- @id && (@expires_at > Time.now) && ! @directory.invalidated_session?(@id)
27
+ @directory.valid_session?(@id, @expired_at)
28
28
  end
29
29
 
30
30
  def to_s
@@ -34,7 +34,7 @@ module HasGlobalSession
34
34
  end
35
35
 
36
36
  hash = {'id'=>@id,
37
- 'tc'=>@created_at.to_i, 'te'=>@expires_at.to_i,
37
+ 'tc'=>@created_at.to_i, 'te'=>@expired_at.to_i,
38
38
  'ds'=>@signed}
39
39
 
40
40
  if @signature && !@dirty_secure
@@ -101,15 +101,13 @@ module HasGlobalSession
101
101
  end
102
102
  end
103
103
 
104
- def expire!
105
- authority_check
106
- @expires_at = Time.at(0)
107
- @dirty_secure = true
104
+ def invalidate!
105
+ @directory.report_invalid_session(@id, @expired_at)
108
106
  end
109
107
 
110
108
  def renew!
111
109
  authority_check
112
- @expires_at = Configuration['timeout'].to_i.minutes.from_now.utc || 1.hours.from_now.utc
110
+ @expired_at = Configuration['timeout'].to_i.minutes.from_now.utc || 1.hours.from_now.utc
113
111
  @dirty_secure = true
114
112
  end
115
113
 
@@ -153,7 +151,7 @@ module HasGlobalSession
153
151
  id = hash['id']
154
152
  authority = hash['a']
155
153
  created_at = Time.at(hash['tc'].to_i)
156
- expires_at = Time.at(hash['te'].to_i)
154
+ expired_at = Time.at(hash['te'].to_i)
157
155
  signed = hash['ds']
158
156
  insecure = hash.delete('dx')
159
157
  signature = hash.delete('s')
@@ -169,19 +167,19 @@ module HasGlobalSession
169
167
 
170
168
  #Check trust in signing authority
171
169
  unless @directory.trusted_authority?(authority)
172
- raise SecurityError, "Global sessions created by #{authority} are not trusted"
170
+ raise SecurityError, "Global sessions signed by #{authority} are not trusted"
173
171
  end
174
172
 
175
173
  #Check expiration
176
- if expires_at <= Time.now || @directory.invalidated_session?(id)
177
- raise ExpiredSession, "Global session cookie has expired"
174
+ unless @directory.valid_session?(id, expired_at)
175
+ raise InvalidSession, "Global session has expired or been invalidated"
178
176
  end
179
177
 
180
178
  #If all validation stuff passed, assign our instance variables.
181
179
  @id = id
182
180
  @authority = authority
183
181
  @created_at = created_at
184
- @expires_at = expires_at
182
+ @expired_at = expired_at
185
183
  @signed = signed
186
184
  @insecure = insecure
187
185
  @signature = signature
@@ -210,7 +208,7 @@ module HasGlobalSession
210
208
  def create_invalid
211
209
  @id = nil
212
210
  @created_at = Time.now
213
- @expires_at = created_at
211
+ @expired_at = created_at
214
212
  @signed = {}
215
213
  @insecure = {}
216
214
  @authority = nil
@@ -21,7 +21,6 @@ module HasGlobalSession
21
21
  #silently recover from any error by initializing a new global session;
22
22
  #the new session will be unauthenticated.
23
23
  directory.report_exception(e, cookie)
24
- logger.error "#{e.class.name}: #{e.message} (at #{e.backtrace[0]})" if logger
25
24
  @global_session = GlobalSession.new(directory)
26
25
  end
27
26
  end
@@ -46,7 +45,7 @@ module HasGlobalSession
46
45
  if @global_session.valid?
47
46
  begin
48
47
  value = @global_session.to_s
49
- expires = Configuration['ephemeral'] ? nil : @global_session.expires_at
48
+ expires = Configuration['ephemeral'] ? nil : @global_session.expired_at
50
49
  options.merge!(:value => value, :expires => expires)
51
50
  rescue Exception => e
52
51
  logger.error "#{e.class.name}: #{e.message} (at #{e.backtrace[0]})" if logger
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: has_global_session
3
3
  version: !ruby/object:Gem::Version
4
- hash: 57
4
+ hash: 53
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 8
9
- - 3
10
- version: 0.8.3
9
+ - 5
10
+ version: 0.8.5
11
11
  platform: ruby
12
12
  authors:
13
13
  - Tony Spataro
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-06-11 00:00:00 -07:00
18
+ date: 2010-06-16 00:00:00 -07:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -50,6 +50,54 @@ dependencies:
50
50
  version: 1.1.7
51
51
  type: :runtime
52
52
  version_requirements: *id002
53
+ - !ruby/object:Gem::Dependency
54
+ name: activesupport
55
+ prerelease: false
56
+ requirement: &id003 !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ hash: 15
62
+ segments:
63
+ - 2
64
+ - 1
65
+ - 2
66
+ version: 2.1.2
67
+ type: :runtime
68
+ version_requirements: *id003
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec
71
+ prerelease: false
72
+ requirement: &id004 !ruby/object:Gem::Requirement
73
+ none: false
74
+ requirements:
75
+ - - ">="
76
+ - !ruby/object:Gem::Version
77
+ hash: 27
78
+ segments:
79
+ - 1
80
+ - 3
81
+ - 0
82
+ version: 1.3.0
83
+ type: :development
84
+ version_requirements: *id004
85
+ - !ruby/object:Gem::Dependency
86
+ name: flexmock
87
+ prerelease: false
88
+ requirement: &id005 !ruby/object:Gem::Requirement
89
+ none: false
90
+ requirements:
91
+ - - ">="
92
+ - !ruby/object:Gem::Version
93
+ hash: 51
94
+ segments:
95
+ - 0
96
+ - 8
97
+ - 6
98
+ version: 0.8.6
99
+ type: :development
100
+ version_requirements: *id005
53
101
  description: This plugin for Rails allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.
54
102
  email: code@tracker.xeger.net
55
103
  executables: []