has_global_session 0.8.3 → 0.8.5

data/has_global_session.gemspec

@@ -7,8 +7,8 @@ spec = Gem::Specification.new do |s|
   s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
 
   s.name    = 'has_global_session'
-  s.version = '0.8.3'
-  s.date    = '2010-06-11'
+  s.version = '0.8.5'
+  s.date    = '2010-06-16'
 
   s.authors = ['Tony Spataro']
   s.email   = 'code@tracker.xeger.net'
@@ -19,6 +19,10 @@ spec = Gem::Specification.new do |s|
 
   s.add_runtime_dependency('uuidtools', [">= 1.0.7"])
   s.add_runtime_dependency('json', [">= 1.1.7"])
+  s.add_runtime_dependency('activesupport', [">= 2.1.2"])
+
+  s.add_development_dependency('rspec', [">= 1.3.0"])
+  s.add_development_dependency('flexmock', [">= 0.8.6"])
 
   basedir = File.dirname(__FILE__)
   candidates = ['has_global_session.gemspec', 'init.rb', 'MIT-LICENSE', 'README.rdoc'] +

data/lib/has_global_session.rb

@@ -6,6 +6,12 @@ module HasGlobalSession
   class NoAuthority < Exception; end
 end
 
+#Make sure gem dependencies are activated.
+require 'uuidtools'
+require 'json'
+require 'active_support'
+
+#Require our own sources
 basedir = File.dirname(__FILE__)
 require File.join(basedir, 'has_global_session', 'configuration')
 require File.join(basedir, 'has_global_session', 'directory')

data/lib/has_global_session/configuration.rb

@@ -12,7 +12,7 @@ module HasGlobalSession
         elements = path.split '/'
         object = get(elements.shift, false)
         elements.each do |element|
-          object = object[element]
+          object = object[element] if object
           if object.nil?
             msg = "#{File.basename(config_file)} does not specify required element #{elements.map { |x| "['#{x}']"}.join('')}"
             raise MissingConfiguration, msg

data/lib/has_global_session/directory.rb

@@ -28,10 +28,14 @@ module HasGlobalSession
       Configuration['trust'].include?(authority)
     end
 
-    def invalidated_session?(uuid)
-      false
+    def valid_session?(uuid, expired_at)
+      expired_at > Time.now
     end
 
+    def report_invalid_session(uuid, expired_at)
+      true
+    end
+    
     def report_exception(exception, cookie=nil)
       true
     end

data/lib/has_global_session/global_session.rb

@@ -7,7 +7,7 @@ require 'uuidtools'
 
 module HasGlobalSession 
   class GlobalSession
-    attr_reader :id, :authority, :created_at, :expires_at
+    attr_reader :id, :authority, :created_at, :expired_at
 
     def initialize(directory, cookie=nil)
       @schema_signed   = Set.new((Configuration['attributes']['signed'] rescue []))
@@ -24,7 +24,7 @@ module HasGlobalSession
     end
 
     def valid?
-      @id && (@expires_at > Time.now) && ! @directory.invalidated_session?(@id)
+      @directory.valid_session?(@id, @expired_at)
     end
 
     def to_s
@@ -34,7 +34,7 @@ module HasGlobalSession
       end
 
       hash = {'id'=>@id,
-              'tc'=>@created_at.to_i, 'te'=>@expires_at.to_i,
+              'tc'=>@created_at.to_i, 'te'=>@expired_at.to_i,
               'ds'=>@signed}
 
       if @signature && !@dirty_secure
@@ -101,15 +101,13 @@ module HasGlobalSession
       end
     end
 
-    def expire!
-      authority_check
-      @expires_at = Time.at(0)
-      @dirty_secure = true
+    def invalidate!
+      @directory.report_invalid_session(@id, @expired_at)
     end
 
     def renew!
       authority_check
-      @expires_at = Configuration['timeout'].to_i.minutes.from_now.utc || 1.hours.from_now.utc
+      @expired_at = Configuration['timeout'].to_i.minutes.from_now.utc || 1.hours.from_now.utc
       @dirty_secure = true
     end
 
@@ -153,7 +151,7 @@ module HasGlobalSession
       id         = hash['id']
       authority  = hash['a']
       created_at = Time.at(hash['tc'].to_i)
-      expires_at = Time.at(hash['te'].to_i)
+      expired_at = Time.at(hash['te'].to_i)
       signed     = hash['ds']
       insecure   = hash.delete('dx')
       signature  = hash.delete('s')
@@ -169,19 +167,19 @@ module HasGlobalSession
 
       #Check trust in signing authority
       unless @directory.trusted_authority?(authority)
-        raise SecurityError, "Global sessions created by #{authority} are not trusted"
+        raise SecurityError, "Global sessions signed by #{authority} are not trusted"
       end
 
       #Check expiration
-      if expires_at <= Time.now || @directory.invalidated_session?(id)
-        raise ExpiredSession, "Global session cookie has expired"
+      unless @directory.valid_session?(id, expired_at)
+        raise InvalidSession, "Global session has expired or been invalidated"
       end
 
       #If all validation stuff passed, assign our instance variables.
       @id         = id
       @authority  = authority
       @created_at = created_at
-      @expires_at = expires_at
+      @expired_at = expired_at
       @signed     = signed
       @insecure   = insecure
       @signature  = signature
@@ -210,7 +208,7 @@ module HasGlobalSession
     def create_invalid
       @id         = nil
       @created_at = Time.now
-      @expires_at = created_at
+      @expired_at = created_at
       @signed     = {}
       @insecure   = {}
       @authority  = nil

data/rails/action_controller_instance_methods.rb

@@ -21,7 +21,6 @@ module HasGlobalSession
         #silently recover from any error by initializing a new global session;
         #the new session will be unauthenticated.
         directory.report_exception(e, cookie)
-        logger.error "#{e.class.name}: #{e.message} (at #{e.backtrace[0]})" if logger
         @global_session = GlobalSession.new(directory)
       end
     end
@@ -46,7 +45,7 @@ module HasGlobalSession
       if @global_session.valid?
         begin
           value   = @global_session.to_s 
-          expires = Configuration['ephemeral'] ? nil : @global_session.expires_at          
+          expires = Configuration['ephemeral'] ? nil : @global_session.expired_at          
           options.merge!(:value => value, :expires => expires)
         rescue Exception => e
           logger.error "#{e.class.name}: #{e.message} (at #{e.backtrace[0]})" if logger

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: has_global_session
 version: !ruby/object:Gem::Version 
-  hash: 57
+  hash: 53
   prerelease: false
   segments: 
   - 0
   - 8
-  - 3
-  version: 0.8.3
+  - 5
+  version: 0.8.5
 platform: ruby
 authors: 
 - Tony Spataro
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-06-11 00:00:00 -07:00
+date: 2010-06-16 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -50,6 +50,54 @@ dependencies:
         version: 1.1.7
   type: :runtime
   version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: activesupport
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 15
+        segments: 
+        - 2
+        - 1
+        - 2
+        version: 2.1.2
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 1
+        - 3
+        - 0
+        version: 1.3.0
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: flexmock
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 51
+        segments: 
+        - 0
+        - 8
+        - 6
+        version: 0.8.6
+  type: :development
+  version_requirements: *id005
 description: This plugin for Rails allows several web apps in an authentication domain to share session state, facilitating single sign-on in a distributed web app. It only provides session sharing and does not concern itself with authentication or replication of the user database.
 email: code@tracker.xeger.net
 executables: []