RubyGems - hubssolib - Versions diffs - 3.6.0 → 3.6.1 - Mend

hubssolib 3.6.0 → 3.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: faacd8f740f867ee072f0f8e0f15324109941026b836cb3fcc8618f61ee68e02
-  data.tar.gz: 6ef08dccd8bbe03a974c238353a27d7f249a40911a40d65dfcd481dd6fe7b48e
+  metadata.gz: eaea423d2eec6433b30522f6a6d46ab3c1b2868bb860d985cd7472116a17bc95
+  data.tar.gz: 19ae77e97c1e480b6b6cba78eee22523d9964af677ac9a9531582aa68883350b
 SHA512:
-  metadata.gz: 67b9f58743d8f9ed2983d3b9b970fd00d50ba335dcd761f8c9626866c9c91a1e65c378bb0139835c1e8eb48557e681ea510f6391373d06e1a6806aaf8b8fc2e2
-  data.tar.gz: d4e6efe525fb55b25f40c888ab4d05a7041c90c1cddcba7bab74002d299b2a1f96e35f58ea211cb666da68fda3d129400a7bf874bc8b7ddf09e9fdd6a8d1fbd2
+  metadata.gz: db1d1f887967b480cb7ef066b1d038ca4540c5aa18fdb307a42fa825f20ca5c9cc7390bccdf9d5b7de247d9ccdfe0b7219f40cc7c7e7cc7b283d2c0a9a458be5
+  data.tar.gz: ccc14fd7c1015d61bc40cde504976d4eafc38368fa2bcb076b3f1e89fe9974b5c2179f55295789c28f25256335f02479161d8966cc774ce8b924bbb41d646119

data/CHANGELOG.md CHANGED Viewed

@@ -1,9 +1,21 @@
+## 3.6.1, 27-Mar-2025
+Some fixes:
+* Session reload could fail if a Hub flash happened to be persisted, because YAML won't load Symbol by default and it wasn't in the allow-list.
+  - Remove the flash message from the dump since some flash from "whenever" may well be confusing if reloaded and shown at some later time.
+  - Add Symbol so that if restarting under this gem version, a dump from an older version which _does_ contain flash data will still load OK.
+* Secure services failure redirection _still_ wasn't quite in the right place - the earliest thing that runs is of course the 'before action' hook. Moved it there and added a Sentry warning too.
 ## 3.6.0, 26-Mar-2025
 Cleans up and offers new enumeration features. Ordering by last-recently-active first allows clients to be deterministic about enumerated sessions. Features created to support improvements in the Hub app v3.6.0.
-Note that the session generator in the factory - HubSsoLib::SessionFactory#get_hub_session_proxy - no longer pays attention to IP address parameter, which should now be omitted (it is now an ignored parameter that defaults to +nil+). See implementation comments for rationale, but basically, IP addresses can legitimately change for users due to DHCP (even if that's rare) and given v3.5.0's on-shutdown session store, it didn't seem wise to keep IP addresses around inside there for any length of time. It was cleanest to just drop them. PII in persisted data is once again limited to "real name" and e-mail address.
-s
+* HubSsoLib::Core#enumerate_hub_sessions is deprecated. Use HubSsoLib::Core#enumerate_hub_session_keys instead.
+* For any client code that might be "hitting the metal" and calling the DRb server directly, note that HubSsoLib::SessionFactory#get_hub_session_proxy no longer pays attention to IP address parameter and this should be removed (it is now an ignored parameter that defaults to +nil+). See implementation comments for rationale, but basically, IP addresses can legitimately change for users due to DHCP (even if that's rare) and given v3.5.0's on-shutdown session store, it didn't seem wise to keep IP addresses around inside there for any length of time. It was cleanest to just drop them. PII in persisted data is once again limited to "real name" and e-mail address.
+* HubSsoLib::Core exception handling for the Hub app's "tasks" notification is more extensive. A few prior gem versions unwittingly restricted it to only one specific method call. Now it's done in the current user retrieval, which is an endpoint used by a majority of Core module method calls.
 ## 3.5.0, 25-Mar-2025
 Builds on the cleaner session interface with some changes and improvements:

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hubssolib (3.5.0)
+    hubssolib (3.6.1)
       base64 (~> 0.2)
       drb (~> 2.2)
@@ -52,7 +52,7 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    stringio (3.1.5)
+    stringio (3.1.6)
 PLATFORMS
   ruby

data/hubssolib.gemspec CHANGED Viewed

@@ -4,7 +4,7 @@ spec = Gem::Specification.new do |s|
   s.platform = Gem::Platform::RUBY
   s.name     = 'hubssolib'
-  s.version  = '3.6.0'
+  s.version  = '3.6.1'
   s.author   = 'Andrew Hodgkinson and others'
   s.email    = 'ahodgkin@rowing.org.uk'
   s.homepage = 'http://pond.org.uk/'

data/lib/hub_sso_lib.rb CHANGED Viewed

@@ -477,7 +477,8 @@ module HubSsoLib
             permitted_classes: [
               ::HubSsoLib::Session,
               ::HubSsoLib::User,
-              Time
+              Time,
+              Symbol
             ]
           )
@@ -741,6 +742,8 @@ module HubSsoLib
           @hub_sessions.each do | key, session |
             next if session&.session_user&.user_id.nil? # NOTE EARLY LOOP RESTART
+            session.session_flash = nil
             dump = ::YAML.dump({key => session})
             dump.sub!(/^---\n/, '') # (avoid multiple document markers)
@@ -863,18 +866,6 @@ module HubSsoLib
       user        = hub_session&.session_user
       return (user&.user_id.nil? ? nil : user)
-    rescue Exception => e
-      # At this point there tends to be no Session data, so we're going to have
-      # to encode the exception data into the URI... It must be escaped twice,
-      # as many servers treat "%2F" in a URI as a "/". Apache can then fail to
-      # serve the page, raising a 404 error unless "AllowEncodedSlashes on" is
-      # specified in its configuration.
-      #
-      suffix   = '/' + CGI::escape(CGI::escape(hubssolib_set_exception_data(e)))
-      new_path = HUB_PATH_PREFIX + '/tasks/service'
-      redirect_to(new_path + suffix) unless request.path.include?(new_path)
     end
     # Sets the currently signed in user. Note that although this works and is
@@ -1285,6 +1276,19 @@ module HubSsoLib
         return true # true -> let action processing continue
       end
+    rescue Exception => e
+      Sentry.capture_exception(e) if defined?(Sentry) && Sentry.respond_to?(:capture_exception)
+      # At this point there tends to be no Session data, so we're going to have
+      # to encode the exception data into the URI... It must be escaped twice,
+      # as many servers treat "%2F" in a URI as a "/". Apache can then fail to
+      # serve the page, raising a 404 error unless "AllowEncodedSlashes on" is
+      # specified in its configuration.
+      #
+      suffix   = '/' + CGI::escape(CGI::escape(hubssolib_set_exception_data(e)))
+      new_path = HUB_PATH_PREFIX + '/tasks/service'
+      redirect_to(new_path + suffix) unless request.path.include?(new_path)
     end
     # Mandatory controller "after_action" callback method to tidy up after Hub

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hubssolib
 version: !ruby/object:Gem::Version
-  version: 3.6.0
+  version: 3.6.1
 platform: ruby
 authors:
 - Andrew Hodgkinson and others