heroku-bouncer 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0404185bf3da1eecc4a7e9009a715c2adb5a220e
4
- data.tar.gz: dc7d6fb8e45947c9d58419d7b0d7d446bd1cdc6c
3
+ metadata.gz: 6758e63ada289a67c98dfdd75ac078539adf76b1
4
+ data.tar.gz: 42bd2f4be9cda6bbb7adf8079fe5d256c9be5e7c
5
5
  SHA512:
6
- metadata.gz: 9f464a678eebff16cd70e25991fd75bab614f3985e1bbf4ce82adef7524f6a7c16c33ab71495935eb22982a08f25c0f5b7563af4fc628807a40263a28669df4c
7
- data.tar.gz: 2f2e046e1259375465c2048466f7a2bd0c5f6e6ce4069b13e43cb476da6db00d33ce6fd36e62354376556342e48fcb20508c55357145a010365c37160e24494b
6
+ metadata.gz: eea8f556d0c0b6fa6fe9894a0d7e75ff7a24a2ad468a6612a8b3a704aae32f32f89f23074bbfa2b4fbfdb45e40a80d8f58532d3df0ef18f09c451ec82df859af
7
+ data.tar.gz: 6c67c0eeac7851fb9702e04f6565c0e08d02341820768470f580392cc811c38329ed33ca64b4776e3b04aa5eaf9e16bb471dd1d80206c1a85ab5bde5482f6e61
data/Gemfile.lock CHANGED
@@ -2,6 +2,7 @@ PATH
2
2
  remote: .
3
3
  specs:
4
4
  heroku-bouncer (0.2.1)
5
+ encrypted_cookie (~> 0.0.4)
5
6
  faraday (~> 0.8)
6
7
  multi_json (~> 1.0)
7
8
  omniauth-heroku (>= 0.1.0)
@@ -10,6 +11,7 @@ PATH
10
11
  GEM
11
12
  remote: https://rubygems.org/
12
13
  specs:
14
+ encrypted_cookie (0.0.4)
13
15
  faraday (0.8.7)
14
16
  multipart-post (~> 1.1)
15
17
  hashie (2.0.5)
data/README.md CHANGED
@@ -13,7 +13,10 @@ requires Heroku OAuth on all requests.
13
13
  ```
14
14
 
15
15
  2. Set `HEROKU_OAUTH_ID` and `HEROKU_OAUTH_SECRET` in your environment.
16
- 3. Use the middleware:
16
+ 3. Optionally, set the `COOKIE_SECRET` environment variable to a long
17
+ random string. Otherwise, the OAuth ID and secret are concatenated
18
+ for use as a secret.
19
+ 4. Use the middleware:
17
20
 
18
21
  ```ruby
19
22
  require 'heroku/bouncer'
@@ -85,7 +88,5 @@ you like](https://gist.github.com/wuputah/5534428).
85
88
 
86
89
  ## There be dragons
87
90
 
88
- * This middleware uses a session stored in a cookie. The cookie secret
89
- is `HEROKU_ID + HEROKU_SECRET`. So keep these secret.
90
91
  * There's no tests yet. You may encounter bugs. Please report them (or
91
92
  fix them in a pull request).
@@ -2,6 +2,7 @@ require 'sinatra/base'
2
2
  require 'omniauth-heroku'
3
3
  require 'faraday'
4
4
  require 'multi_json'
5
+ require 'encrypted_cookie'
5
6
 
6
7
  Heroku ||= Module.new
7
8
 
@@ -13,8 +14,13 @@ class Heroku::Bouncer < Sinatra::Base
13
14
  ID = (ENV['HEROKU_OAUTH_ID'] || ENV['HEROKU_ID']).to_s
14
15
  SECRET = (ENV['HEROKU_OAUTH_SECRET'] || ENV['HEROKU_SECRET']).to_s
15
16
 
16
- enable :sessions
17
- set :session_secret, ID + SECRET
17
+ enable :raise_errors
18
+ disable :show_exceptions
19
+
20
+ use Rack::Session::EncryptedCookie,
21
+ :secret => (ENV['COOKIE_SECRET'] || (ID + SECRET)).to_s,
22
+ :expire_after => 8 * 60 * 60,
23
+ :key => (ENV['COOKIE_NAME'] || '_bouncer_session').to_s
18
24
 
19
25
  # sets up the /auth/heroku endpoint
20
26
  unless ID.empty? || SECRET.empty?
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heroku-bouncer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Dance
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-06-17 00:00:00.000000000 Z
11
+ date: 2013-06-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-heroku
@@ -66,6 +66,20 @@ dependencies:
66
66
  - - ~>
67
67
  - !ruby/object:Gem::Version
68
68
  version: '1.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: encrypted_cookie
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ~>
74
+ - !ruby/object:Gem::Version
75
+ version: 0.0.4
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ~>
81
+ - !ruby/object:Gem::Version
82
+ version: 0.0.4
69
83
  description: ID please.
70
84
  email:
71
85
  - jd@heroku.com