hestia 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ee2e639cd00c467444c76fed6a718f9df5670834
4
- data.tar.gz: 9122b7533ed0358a108bd56be5333e420f8d54c2
3
+ metadata.gz: 10feace28dda56911b32013d3fb9b41c85e3b101
4
+ data.tar.gz: 4e8e5c002fe8102089b2c8f1745b96d2a235cde0
5
5
  SHA512:
6
- metadata.gz: 0086cb17ecff3769ecbfdf4d682102f7bd42bf04e671c9307ad4e20202b7593e153627432378583beb46c12106e8ad272cd92073b4e50b8b7abd4d8d69deaa96
7
- data.tar.gz: d569bf9fd318e862f31539bcec7306ee45bc84668f614cd171baaa5b9c78b0c7895663e2319aecf15f23b848ceac2387ee886dd8a54f8a8f4f0b606cf3638935
6
+ metadata.gz: 83cc7fd6f3d6ec36b8c14558254b9b35e2b9825e1fb12c2cbd97067139de47ab8c8722cb016232b5a61dc89e1306d0deeb9414246d548e8484a5082b5eb3a916
7
+ data.tar.gz: 0f252f5d0324503808dfd62da05af883b94bff63d7f4eeab79120e72dd3616fb919c326c4d24e17b479183f4f0e3a206a4ec4966790c8413bf635ef70f8ac32a
@@ -7,3 +7,4 @@ rvm:
7
7
  gemfile:
8
8
  - Gemfile.rails3
9
9
  - Gemfile.rails41
10
+ - Gemfile.rails42
@@ -0,0 +1,6 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in hestia.gemspec
4
+ gemspec
5
+
6
+ gem "actionpack", "~> 4.2.0"
data/README.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Hestia
2
2
 
3
+ ***
4
+
5
+ [![Build Status](https://travis-ci.org/fac/hestia.svg?branch=master)](https://travis-ci.org/fac/hestia)
6
+
3
7
  Add support for deprecating/rotating the signed cookie secret token in rails. Out of the box if you change `config.secret_token` in rails, as soon as you deploy the change all your existing signed cookies are rendered invalid with lovely side effects such as all of your users being logged out. Thing is, it would be nice to rotate the secret token occasionally, without that side effect.
4
8
 
5
9
  Enter hestia! You can now change your `config.secret_token`, and move the old value to `config.deprecated_secret_token` to allow existing cookies to be read in as valid cookies, but all cookies being sent out of the app are signed using the new secret token value. After a while all your users that have been active since the change will have cookies signed by the new token, and you can remove the old token from `config.deprecated_secret_token`. Hey presto, you just changed your `config.secret_token` without logging anyone out or losing any existing cookies.
@@ -26,6 +30,16 @@ And then require the railtie during your application boot process somewhere:
26
30
  require "hestia/railtie"
27
31
  ```
28
32
 
33
+ ## Supported Rails Versions
34
+
35
+ We currently support (& test against):
36
+
37
+ * Rails 3.2
38
+ * Rails 4.1
39
+ * Rails 4.2
40
+
41
+ Pull requests always welcome to support other versions!
42
+
29
43
  ## Usage
30
44
 
31
45
  ### Rails 3.2
@@ -47,9 +61,7 @@ You should already have `Rails.application.config.secret_token` set to a value (
47
61
 
48
62
  *You can also set `config.deprecated_secret_token` to an array of strings to allow incoming cookies to be valid when signed with any of the secrets.*
49
63
 
50
- ### Rails 4
51
-
52
- We support Rails 4.1. Rails 4.0 & 4.2 are unsupported at this time. (Pull requests welcome!)
64
+ ### Rails 4.1, 4.2
53
65
 
54
66
  Following the instructions for Rails 3.2 should work, but make sure you haven't set `config.secret_key_base` to a value otherwise Rails will take over and upgrade your cookies from signed to encrypted ones.
55
67
 
data/Rakefile CHANGED
@@ -8,6 +8,7 @@ end
8
8
  task(:default => :spec)
9
9
 
10
10
  namespace :spec do
11
+ desc "Run specs across all gemfiles"
11
12
  task :all do
12
13
  Dir["Gemfile*"].reject {|name| name[".lock"] }.each do |gemfile|
13
14
  sh "BUNDLE_GEMFILE=#{gemfile} bundle exec rake spec"
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
21
21
  spec.required_ruby_version = '>= 2.0'
22
22
 
23
23
  spec.add_runtime_dependency "rack"
24
- spec.add_runtime_dependency "actionpack", ">= 3.2.21", "< 4.2.0"
24
+ spec.add_runtime_dependency "actionpack", ">= 3.2.21", "< 5.0.0"
25
25
 
26
26
  spec.add_development_dependency "bundler", "~> 1.7"
27
27
  spec.add_development_dependency "rake", "~> 10.0"
@@ -1,3 +1,5 @@
1
+ require "active_support/message_encryptor"
2
+
1
3
  module Hestia
2
4
  module SignedCookieJarExtension
3
5
  module ActionPack4
@@ -29,8 +31,10 @@ module Hestia
29
31
  ActiveSupport::LegacyKeyGenerator.new(secret).generate_key(@options[:signed_cookie_salt])
30
32
  end
31
33
 
34
+ serializer = ActiveSupport::MessageEncryptor::NullSerializer
35
+
32
36
  # Finally, override @verifier with our own multi verifier containing all the secrets
33
- @verifier = Hestia::MessageMultiVerifier.new(current_secret: active_secret, deprecated_secrets: deprecated_secrets, options: {serializer: ActionDispatch::Cookies::NullSerializer})
37
+ @verifier = Hestia::MessageMultiVerifier.new(current_secret: active_secret, deprecated_secrets: deprecated_secrets, options: {serializer: serializer})
34
38
  end
35
39
  end
36
40
  end
@@ -1,3 +1,3 @@
1
1
  module Hestia
2
- VERSION = "0.1.0"
2
+ VERSION = "0.2.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hestia
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Caius Durling
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-07-31 00:00:00.000000000 Z
11
+ date: 2016-08-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -33,7 +33,7 @@ dependencies:
33
33
  version: 3.2.21
34
34
  - - "<"
35
35
  - !ruby/object:Gem::Version
36
- version: 4.2.0
36
+ version: 5.0.0
37
37
  type: :runtime
38
38
  prerelease: false
39
39
  version_requirements: !ruby/object:Gem::Requirement
@@ -43,7 +43,7 @@ dependencies:
43
43
  version: 3.2.21
44
44
  - - "<"
45
45
  - !ruby/object:Gem::Version
46
- version: 4.2.0
46
+ version: 5.0.0
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: bundler
49
49
  requirement: !ruby/object:Gem::Requirement
@@ -99,6 +99,7 @@ files:
99
99
  - ".travis.yml"
100
100
  - Gemfile.rails3
101
101
  - Gemfile.rails41
102
+ - Gemfile.rails42
102
103
  - LICENSE.txt
103
104
  - README.md
104
105
  - Rakefile
@@ -137,7 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
137
138
  version: '0'
138
139
  requirements: []
139
140
  rubyforge_project:
140
- rubygems_version: 2.2.3
141
+ rubygems_version: 2.6.6
141
142
  signing_key:
142
143
  specification_version: 4
143
144
  summary: Support for deprecating/rotating signed cookie secret tokens in rails