limited_sessions 5.0.1 → 5.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e49ec43bc1c4f86c591c152081196467df00bf82949d2ec838506e6d2c71e033
-  data.tar.gz: 6d88ce0966c834298391d13493482b047394a75764342aa735c7703005eef181
+  metadata.gz: 65059f086893d3755e625fb246977babadb661460abe84e13b40f17b88af382d
+  data.tar.gz: 5c49dd22c9522a12dd792849b53f8223e973b15189438a57fc9286c027c28371
 SHA512:
-  metadata.gz: f78ee40a5c1158c5aa886d23d670da59529d5f27d9fb5f64533a686bc5e362e6288a5db15a5ecdaafee5922f7f45ce030ca6d33729d5535ead5ca5fc69748798
-  data.tar.gz: 9da570b7fd00bebea9acb009e33657823d69b4e6ae855cf90907afe08bb9b06250429721fd078d7565e53b5ef1f645709507c4ad24e2bc0231b33b6d1f8d3e61
+  metadata.gz: c6bb883c21b9a43601d5e3398fe528b8c11d2636c30faecdea7036c131e63e024fcf021ad45db138009909ce56aa037a5b2e2d3b24b657817cc3c3467204d594
+  data.tar.gz: bc0dc120dea9671b9aafb3e3174728abc83b950ce9d65005e8885756866fedfe3f35dd89080b6f70ad77cb9ba03cd2357f7449a0f7050f0f1e234c2b623824a7

data/CHANGELOG

@@ -1,3 +1,11 @@
+* 2024-nov-06 - v5.0.3
+
+  - Support Rails 7.2
+
+* 2023-oct-07 - v5.0.2
+
+  - Support Rails 7.1 & Rack 3
+
 * 2022-aug-10 - v5.0.1
 
   - Fix for deprecation warning in Rails 7
@@ -27,7 +35,7 @@
   - v4.0.0 - Rails 4 compatibility. Use v3.x.x for Rails 3 apps.
   - For non-ActiveRecord session stores, no change is required from the
     previous version.
-  - For ActiveRecord session stores, you must add the 
+  - For ActiveRecord session stores, you must add the
     'activerecord-session_store' gem to your Gemfile and it must be
     above limited_sessions so that it will be auto-detected properly.
     This is the only change required.
@@ -41,7 +49,7 @@
 
   - LimitedSessions has been broken up into two parts:
     - Rack-compatible middleware that handles session time limits. This
-      *should* work for all session stores. Just requires Rack, not 
+      *should* work for all session stores. Just requires Rack, not
       necessarily Rails.
     - Rails 3 specific enhancement to the ActiveRecord Session Store
       that also cleans up stale session records.
@@ -54,13 +62,13 @@
 * 2010-jul-20 - IPv6, replay attack mitigation, more non-AR support
 
   - IPv6 now works for subnet matching.
-  - New options to configure the allowed subnet size (both IPv4 and 
+  - New options to configure the allowed subnet size (both IPv4 and
     IPv6) added.
   - Plugin now enhances reset_session to clear old session data from
-    the DB; this prevents session_id replay attacks when using 
+    the DB; this prevents session_id replay attacks when using
     DB-backed session storage.
   - Session activity and hard limits now work with non-ActiveRecord
-    session stores. Configuration is done differently depending on 
+    session stores. Configuration is done differently depending on
     which session store is in use.
 
 * 2009-apr-22 - update to support rails 2.3
@@ -68,13 +76,13 @@
   - Rails 2.3 changed the internal session code substantially. This new
     version now supports rails 2.3. Note that is no longer supports any
     version of rails prior to 2.3 -- see the README for where to find
-    an older version of this plugin for rails 2.2 and earlier. 
+    an older version of this plugin for rails 2.2 and earlier.
   - CONFIGURATION OPTIONS HAVE CHANGED. This is required by the new
     support for rails 2.3. See the README for more information.
 
-* 2008-jul-23 - update to improve rails 2.1 compatibility 
-  
+* 2008-jul-23 - update to improve rails 2.1 compatibility
+
   - disable partial-updates for the session table
     (thanks to eilonon erkki for bringing the problem to my attention)
-  
+
 * 2007-sep-06 - initial release

data/{MIT-LICENSE → LICENSE.txt}

@@ -1,4 +1,4 @@
-Copyright 2007-2022 t.e.morgan
+Copyright 2007-2024 t.e.morgan
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -31,7 +31,7 @@ LimitedSessions provides two distinct features, each in a separate part:
 
 ## Compatibility
 
-The middleware should be compatible with any framework using a recent version of Rack. It has been tested with Rack 2.x and Rails 5.2-7.0.
+The middleware should be compatible with any framework using a recent version of Rack. It has been tested with Rack 2-3 and Rails 5.2-7.2.
 
 The optional ActiveRecord Session Store extension requires Rails.
 

data/lib/limited_sessions/version.rb

@@ -1,3 +1,3 @@
 module LimitedSessions
-  VERSION = '5.0.1'
+  VERSION = '5.0.3'
 end

data/test/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path("../config/application", __dir__)
+require_relative "../config/boot"
+require "rails/commands"

data/test/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative "../config/boot"
+require "rake"
+Rake.application.run

data/test/dummy/bin/setup

@@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+require "fileutils"
+
+# path to your application root.
+APP_ROOT = File.expand_path("..", __dir__)
+
+def system!(*args)
+  system(*args, exception: true)
+end
+
+FileUtils.chdir APP_ROOT do
+  # This script is a way to set up or update your development environment automatically.
+  # This script is idempotent, so that you can run it at any time and get an expectable outcome.
+  # Add necessary setup steps to this file.
+
+  puts "== Installing dependencies =="
+  system! "gem install bundler --conservative"
+  system("bundle check") || system!("bundle install")
+
+  # puts "\n== Copying sample files =="
+  # unless File.exist?("config/database.yml")
+  #   FileUtils.cp "config/database.yml.sample", "config/database.yml"
+  # end
+
+  puts "\n== Preparing database =="
+  system! "bin/rails db:prepare"
+
+  puts "\n== Removing old logs and tempfiles =="
+  system! "bin/rails log:clear tmp:clear"
+
+  puts "\n== Restarting application server =="
+  system! "bin/rails restart"
+end

data/test/dummy/config/application.rb

@@ -1,59 +1,27 @@
-require File.expand_path('../boot', __FILE__)
+require_relative "boot"
 
-require 'rails/all'
+require "rails/all"
 
-Bundler.require
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(*Rails.groups)
 require "limited_sessions"
 
 module Dummy
   class Application < Rails::Application
-    # Settings in config/environments/* take precedence over those specified here.
-    # Application configuration should go into files in config/initializers
-    # -- all .rb files in that directory are automatically loaded.
-
-    # Custom directories with classes and modules you want to be autoloadable.
-    # config.autoload_paths += %W(#{config.root}/extras)
-
-    # Only load the plugins named here, in the order given (default is alphabetical).
-    # :all can be used as a placeholder for all plugins not explicitly named.
-    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
-
-    # Activate observers that should always be running.
-    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
-
-    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
-    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
-    # config.time_zone = 'Central Time (US & Canada)'
-
-    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
-    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
-    # config.i18n.default_locale = :de
-
-    # Configure the default encoding used in templates for Ruby 1.9.
-    config.encoding = "utf-8"
-
-    # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters += [:password]
-
-    # Enable escaping HTML in JSON.
-    config.active_support.escape_html_entities_in_json = true
-
-    # Use SQL instead of Active Record's schema dumper when creating the database.
-    # This is necessary if your schema can't be completely dumped by the schema dumper,
-    # like if you have constraints or database-specific column types
-    # config.active_record.schema_format = :sql
-
-    # Enforce whitelist mode for mass assignment.
-    # This will create an empty whitelist of attributes available for mass-assignment for all models
-    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
-    # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
-
-    # Enable the asset pipeline
-    config.assets.enabled = true
-
-    # Version of your assets, change this if you want to expire all your assets
-    config.assets.version = '1.0'
+    config.load_defaults Rails::VERSION::STRING.to_f
+
+    # Please, add to the `ignore` list any other `lib` subdirectories that do
+    # not contain `.rb` files, or that should not be reloaded or eager loaded.
+    # Common ones are `templates`, `generators`, or `middleware`, for example.
+    config.autoload_lib(ignore: %w(assets tasks))
+
+    # Configuration for the application, engines, and railties goes here.
+    #
+    # These settings can be overridden in specific environments using the files
+    # in config/environments, which are processed later.
+    #
+    # config.time_zone = "Central Time (US & Canada)"
+    # config.eager_load_paths << Rails.root.join("extras")
   end
 end
-

data/test/dummy/config/boot.rb

@@ -1,10 +1,3 @@
-require 'rubygems'
-gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
 
-if File.exist?(gemfile)
-  ENV['BUNDLE_GEMFILE'] = gemfile
-  require 'bundler'
-  Bundler.setup
-end
-
-$:.unshift File.expand_path('../../../../lib', __FILE__)
+require "bundler/setup" # Set up gems listed in the Gemfile.

data/test/dummy/config/cable.yml

@@ -0,0 +1,10 @@
+development:
+  adapter: async
+
+test:
+  adapter: test
+
+production:
+  adapter: redis
+  url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %>
+  channel_prefix: dummy_production

data/test/dummy/config/environment.rb

@@ -1,5 +1,5 @@
-# Load the rails application
-require File.expand_path('../application', __FILE__)
+# Load the Rails application.
+require_relative "application"
 
-# Initialize the rails application
-Dummy::Application.initialize!
+# Initialize the Rails application.
+Rails.application.initialize!

data/test/dummy/config/environments/development.rb

@@ -1,37 +1,74 @@
-Dummy::Application.configure do
-  # Settings specified here will take precedence over those in config/application.rb
+require "active_support/core_ext/integer/time"
 
-  # In the development environment your application's code is reloaded on
-  # every request. This slows down response time but is perfect for development
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded any time
+  # it changes. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.
-  config.cache_classes = false
+  config.enable_reloading = true
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports.
+  config.consider_all_requests_local = true
+
+  # Enable server timing
+  config.server_timing = true
+
+  # Enable/disable caching. By default caching is disabled.
+  # Run rails dev:cache to toggle caching.
+  if Rails.root.join("tmp/caching-dev.txt").exist?
+    config.action_controller.perform_caching = true
+    config.action_controller.enable_fragment_cache_logging = true
+
+    config.cache_store = :memory_store
+    config.public_file_server.headers = {
+      "Cache-Control" => "public, max-age=#{2.days.to_i}"
+    }
+  else
+    config.action_controller.perform_caching = false
 
-  # Log error messages when you accidentally call methods on nil.
-  config.whiny_nils = true
+    config.cache_store = :null_store
+  end
 
-  # Show full error reports and disable caching
-  config.consider_all_requests_local       = true
-  config.action_controller.perform_caching = false
+  # Store uploaded files on the local file system (see config/storage.yml for options).
+  config.active_storage.service = :local
 
-  # Don't care if the mailer can't send
+  # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = false
 
-  # Print deprecation notices to the Rails logger
+  config.action_mailer.perform_caching = false
+
+  # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
 
-  # Only use best-standards-support built into browsers
-  config.action_dispatch.best_standards_support = :builtin
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
+
+  # Highlight code that triggered database queries in logs.
+  config.active_record.verbose_query_logs = true
+
+  # Highlight code that enqueued background job in logs.
+  config.active_job.verbose_enqueue_logs = true
+
 
-  # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
 
-  # Log the query plan for queries taking more than this (works
-  # with SQLite, MySQL, and PostgreSQL)
-  config.active_record.auto_explain_threshold_in_seconds = 0.5
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
 
-  # Do not compress assets
-  config.assets.compress = false
+  # Uncomment if you wish to allow Action Cable access from any origin.
+  # config.action_cable.disable_request_forgery_protection = true
 
-  # Expands the lines which load the assets
-  config.assets.debug = true
+  # Raise error when a before_action's only/except options reference missing actions
+  config.action_controller.raise_on_missing_callback_actions = true
 end

data/test/dummy/config/environments/production.rb

@@ -1,67 +1,91 @@
-Dummy::Application.configure do
-  # Settings specified here will take precedence over those in config/application.rb
+require "active_support/core_ext/integer/time"
 
-  # Code is not reloaded between requests
-  config.cache_classes = true
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
 
-  # Full error reports are disabled and caching is turned on
-  config.consider_all_requests_local       = false
+  # Code is not reloaded between requests.
+  config.enable_reloading = false
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local = false
   config.action_controller.perform_caching = true
 
-  # Disable Rails's static asset server (Apache or nginx will already do this)
-  config.serve_static_assets = false
+  # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment
+  # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files).
+  # config.require_master_key = true
+
+  # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead.
+  # config.public_file_server.enabled = false
 
-  # Compress JavaScripts and CSS
-  config.assets.compress = true
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.asset_host = "http://assets.example.com"
 
-  # Don't fallback to assets pipeline if a precompiled asset is missed
-  config.assets.compile = false
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
+  # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
 
-  # Generate digests for assets URLs
-  config.assets.digest = true
+  # Store uploaded files on the local file system (see config/storage.yml for options).
+  config.active_storage.service = :local
 
-  # Defaults to nil and saved in location specified by config.assets.prefix
-  # config.assets.manifest = YOUR_PATH
+  # Mount Action Cable outside main process or domain.
+  # config.action_cable.mount_path = nil
+  # config.action_cable.url = "wss://example.com/cable"
+  # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ]
 
-  # Specifies the header that your server uses for sending files
-  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
-  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+  # Assume all access to the app is happening through a SSL-terminating reverse proxy.
+  # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies.
+  # config.assume_ssl = true
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = true
 
-  # See everything in the log (default is :info)
-  # config.log_level = :debug
+  # Log to STDOUT by default
+  config.logger = ActiveSupport::Logger.new(STDOUT)
+    .tap  { |logger| logger.formatter = ::Logger::Formatter.new }
+    .then { |logger| ActiveSupport::TaggedLogging.new(logger) }
 
-  # Prepend all log lines with the following tags
-  # config.log_tags = [ :subdomain, :uuid ]
+  # Prepend all log lines with the following tags.
+  config.log_tags = [ :request_id ]
 
-  # Use a different logger for distributed setups
-  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+  # "info" includes generic and useful information about system operation, but avoids logging too much
+  # information to avoid inadvertent exposure of personally identifiable information (PII). If you
+  # want to log everything, set the level to "debug".
+  config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info")
 
-  # Use a different cache store in production
+  # Use a different cache store in production.
   # config.cache_store = :mem_cache_store
 
-  # Enable serving of images, stylesheets, and JavaScripts from an asset server
-  # config.action_controller.asset_host = "http://assets.example.com"
+  # Use a real queuing backend for Active Job (and separate queues per environment).
+  # config.active_job.queue_adapter = :resque
+  # config.active_job.queue_name_prefix = "dummy_production"
 
-  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
-  # config.assets.precompile += %w( search.js )
+  config.action_mailer.perform_caching = false
 
-  # Disable delivery errors, bad email addresses will be ignored
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
   # config.action_mailer.raise_delivery_errors = false
 
-  # Enable threaded mode
-  # config.threadsafe!
-
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
-  # the I18n.default_locale when a translation can not be found)
+  # the I18n.default_locale when a translation cannot be found).
   config.i18n.fallbacks = true
 
-  # Send deprecation notices to registered listeners
-  config.active_support.deprecation = :notify
+  # Don't log any deprecations.
+  config.active_support.report_deprecations = false
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
 
-  # Log the query plan for queries taking more than this (works
-  # with SQLite, MySQL, and PostgreSQL)
-  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+  # Enable DNS rebinding protection and other `Host` header attacks.
+  # config.hosts = [
+  #   "example.com",     # Allow requests from example.com
+  #   /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
+  # ]
+  # Skip DNS rebinding protection for the default health check endpoint.
+  # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
 end

data/test/dummy/config/environments/test.rb

@@ -1,37 +1,64 @@
-Dummy::Application.configure do
-  # Settings specified here will take precedence over those in config/application.rb
+require "active_support/core_ext/integer/time"
 
-  # The test environment is used exclusively to run your application's
-  # test suite. You never need to work with it otherwise. Remember that
-  # your test database is "scratch space" for the test suite and is wiped
-  # and recreated between test runs. Don't rely on the data there!
-  config.cache_classes = true
+# The test environment is used exclusively to run your application's
+# test suite. You never need to work with it otherwise. Remember that
+# your test database is "scratch space" for the test suite and is wiped
+# and recreated between test runs. Don't rely on the data there!
 
-  # Configure static asset server for tests with Cache-Control for performance
-  config.serve_static_assets = true
-  config.static_cache_control = "public, max-age=3600"
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
 
-  # Log error messages when you accidentally call methods on nil
-  config.whiny_nils = true
+  # While tests run files are not watched, reloading is not necessary.
+  config.enable_reloading = false
 
-  # Show full error reports and disable caching
-  config.consider_all_requests_local       = true
+  # Eager loading loads your entire application. When running a single test locally,
+  # this is usually not necessary, and can slow down your test suite. However, it's
+  # recommended that you enable it in continuous integration systems to ensure eager
+  # loading is working properly before deploying your code.
+  config.eager_load = ENV["CI"].present?
+
+  # Configure public file server for tests with Cache-Control for performance.
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = {
+    "Cache-Control" => "public, max-age=#{1.hour.to_i}"
+  }
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local = true
   config.action_controller.perform_caching = false
+  config.cache_store = :null_store
+
+  # Render exception templates for rescuable exceptions and raise for other exceptions.
+  config.action_dispatch.show_exceptions = :rescuable
 
-  # Raise exceptions instead of rendering exception templates
-  config.action_dispatch.show_exceptions = false
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
 
-  # Disable request forgery protection in test environment
-  config.action_controller.allow_forgery_protection    = false
+  # Store uploaded files on the local file system in a temporary directory.
+  config.active_storage.service = :test
+
+  config.action_mailer.perform_caching = false
 
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
   config.action_mailer.delivery_method = :test
 
-  # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
-
-  # Print deprecation notices to the stderr
+  # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr
+
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
+
+  # Raise error when a before_action's only/except options reference missing actions
+  config.action_controller.raise_on_missing_callback_actions = true
 end

data/test/dummy/config/initializers/content_security_policy.rb

@@ -0,0 +1,25 @@
+# Be sure to restart your server when you modify this file.
+
+# Define an application-wide content security policy.
+# See the Securing Rails Applications Guide for more information:
+# https://guides.rubyonrails.org/security.html#content-security-policy-header
+
+# Rails.application.configure do
+#   config.content_security_policy do |policy|
+#     policy.default_src :self, :https
+#     policy.font_src    :self, :https, :data
+#     policy.img_src     :self, :https, :data
+#     policy.object_src  :none
+#     policy.script_src  :self, :https
+#     policy.style_src   :self, :https
+#     # Specify URI for violation reports
+#     # policy.report_uri "/csp-violation-report-endpoint"
+#   end
+#
+#   # Generate session nonces for permitted importmap, inline scripts, and inline styles.
+#   config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+#   config.content_security_policy_nonce_directives = %w(script-src style-src)
+#
+#   # Report violations without enforcing the policy.
+#   # config.content_security_policy_report_only = true
+# end

data/test/dummy/config/initializers/filter_parameter_logging.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file.
+# Use this to limit dissemination of sensitive information.
+# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
+Rails.application.config.filter_parameters += [
+  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+]

data/test/dummy/config/initializers/inflections.rb

@@ -1,15 +1,16 @@
 # Be sure to restart your server when you modify this file.
 
-# Add new inflection rules using the following format
-# (all these examples are active by default):
-# ActiveSupport::Inflector.inflections do |inflect|
-#   inflect.plural /^(ox)$/i, '\1en'
-#   inflect.singular /^(ox)en/i, '\1'
-#   inflect.irregular 'person', 'people'
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.plural /^(ox)$/i, "\\1en"
+#   inflect.singular /^(ox)en/i, "\\1"
+#   inflect.irregular "person", "people"
 #   inflect.uncountable %w( fish sheep )
 # end
-#
+
 # These inflection rules are supported but not enabled by default:
-# ActiveSupport::Inflector.inflections do |inflect|
-#   inflect.acronym 'RESTful'
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.acronym "RESTful"
 # end

data/test/dummy/config/initializers/permissions_policy.rb

@@ -0,0 +1,13 @@
+# Be sure to restart your server when you modify this file.
+
+# Define an application-wide HTTP permissions policy. For further
+# information see: https://developers.google.com/web/updates/2018/06/feature-policy
+
+# Rails.application.config.permissions_policy do |policy|
+#   policy.camera      :none
+#   policy.gyroscope   :none
+#   policy.microphone  :none
+#   policy.usb         :none
+#   policy.fullscreen  :self
+#   policy.payment     :self, "https://secure.example.com"
+# end

data/test/dummy/config/storage.yml

@@ -0,0 +1,34 @@
+test:
+  service: Disk
+  root: <%= Rails.root.join("tmp/storage") %>
+
+local:
+  service: Disk
+  root: <%= Rails.root.join("storage") %>
+
+# Use bin/rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
+# amazon:
+#   service: S3
+#   access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
+#   secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
+#   region: us-east-1
+#   bucket: your_own_bucket-<%= Rails.env %>
+
+# Remember not to checkin your GCS keyfile to a repository
+# google:
+#   service: GCS
+#   project: your_project
+#   credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
+#   bucket: your_own_bucket-<%= Rails.env %>
+
+# Use bin/rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key)
+# microsoft:
+#   service: AzureStorage
+#   storage_account_name: your_account_name
+#   storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %>
+#   container: your_container_name-<%= Rails.env %>
+
+# mirror:
+#   service: Mirror
+#   primary: local
+#   mirrors: [ amazon, google, microsoft ]

data/test/dummy/log/test.log

@@ -1,3 +1,32 @@
-Connecting to database specified by database.yml
-   (0.3ms)  begin transaction
-   (0.0ms)  rollback transaction
+   (0.2ms)  CREATE TABLE "schema_migrations" ("version" varchar NOT NULL PRIMARY KEY)
+   (0.1ms)  CREATE TABLE "ar_internal_metadata" ("key" varchar NOT NULL PRIMARY KEY, "value" varchar, "created_at" datetime(6) NOT NULL, "updated_at" datetime(6) NOT NULL)
+  ActiveRecord::SchemaMigration Load (0.0ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
+  TRANSACTION (0.0ms)  begin transaction
+-------------------------------
+LimitedSessionsTest: test_truth
+-------------------------------
+  TRANSACTION (0.0ms)  rollback transaction
+  ActiveRecord::SchemaMigration Load (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
+  TRANSACTION (0.0ms)  begin transaction
+-------------------------------
+LimitedSessionsTest: test_truth
+-------------------------------
+  TRANSACTION (0.0ms)  rollback transaction
+  ActiveRecord::SchemaMigration Load (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
+  TRANSACTION (0.0ms)  begin transaction
+-------------------------------
+LimitedSessionsTest: test_truth
+-------------------------------
+  TRANSACTION (0.0ms)  rollback transaction
+  ActiveRecord::SchemaMigration Load (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
+  TRANSACTION (0.0ms)  begin transaction
+-------------------------------
+LimitedSessionsTest: test_truth
+-------------------------------
+  TRANSACTION (0.0ms)  rollback transaction
+  ActiveRecord::SchemaMigration Load (0.8ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
+  TRANSACTION (0.0ms)  begin transaction
+-------------------------------
+LimitedSessionsTest: test_truth
+-------------------------------
+  TRANSACTION (0.0ms)  rollback transaction

data/test/dummy/tmp/local_secret.txt

@@ -0,0 +1 @@
+8fd67d45715697e94966a817d1a8c01cbc0be4ccc8994af27ef312492d744de6eb69cf6693a6b3a0262f5ccffcae13ded8f1c0846a1baf713d2c1dc043d73aa6

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: limited_sessions
 version: !ruby/object:Gem::Version
-  version: 5.0.1
+  version: 5.0.3
 platform: ruby
 authors:
 - t.e.morgan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-10 00:00:00.000000000 Z
+date: 2024-11-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -19,7 +19,7 @@ dependencies:
         version: 2.0.9
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,21 +29,21 @@ dependencies:
         version: 2.0.9
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '4'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +53,7 @@ dependencies:
         version: '5.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '8.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -63,7 +63,7 @@ dependencies:
         version: '5.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '8.0'
 description: 'LimitedSessions provides two core features to handle cookie-based session
   expiry: 1) Rack Middleware for most session stores and 2) an ActiveRecord extension
   for AR-based session stores. Sessions can be expired on inactivity and/or overall
@@ -75,7 +75,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - CHANGELOG
-- MIT-LICENSE
+- LICENSE.txt
 - README.md
 - Rakefile
 - lib/limited_sessions.rb
@@ -90,28 +90,39 @@ files:
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/views/layouts/application.html.erb
+- test/dummy/bin/rails
+- test/dummy/bin/rake
+- test/dummy/bin/setup
 - test/dummy/config.ru
 - test/dummy/config/application.rb
 - test/dummy/config/boot.rb
+- test/dummy/config/cable.yml
 - test/dummy/config/database.yml
 - test/dummy/config/environment.rb
 - test/dummy/config/environments/development.rb
 - test/dummy/config/environments/production.rb
 - test/dummy/config/environments/test.rb
 - test/dummy/config/initializers/backtrace_silencers.rb
+- test/dummy/config/initializers/content_security_policy.rb
+- test/dummy/config/initializers/filter_parameter_logging.rb
 - test/dummy/config/initializers/inflections.rb
 - test/dummy/config/initializers/mime_types.rb
+- test/dummy/config/initializers/permissions_policy.rb
 - test/dummy/config/initializers/secret_token.rb
 - test/dummy/config/initializers/session_store.rb
 - test/dummy/config/initializers/wrap_parameters.rb
 - test/dummy/config/locales/en.yml
 - test/dummy/config/routes.rb
+- test/dummy/config/storage.yml
+- test/dummy/db/test.sqlite3
+- test/dummy/log/development.log
 - test/dummy/log/test.log
 - test/dummy/public/404.html
 - test/dummy/public/422.html
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
 - test/dummy/script/rails
+- test/dummy/tmp/local_secret.txt
 - test/limited_sessions_test.rb
 - test/test_helper.rb
 homepage: https://iprog.com/projects#limited_sessions
@@ -134,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
 summary: Server-side session expiry via either Rack Middleware or ActiveRecord extension
@@ -146,27 +157,38 @@ test_files:
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/views/layouts/application.html.erb
+- test/dummy/bin/rails
+- test/dummy/bin/rake
+- test/dummy/bin/setup
 - test/dummy/config/application.rb
 - test/dummy/config/boot.rb
+- test/dummy/config/cable.yml
 - test/dummy/config/database.yml
 - test/dummy/config/environment.rb
 - test/dummy/config/environments/development.rb
 - test/dummy/config/environments/production.rb
 - test/dummy/config/environments/test.rb
 - test/dummy/config/initializers/backtrace_silencers.rb
+- test/dummy/config/initializers/content_security_policy.rb
+- test/dummy/config/initializers/filter_parameter_logging.rb
 - test/dummy/config/initializers/inflections.rb
 - test/dummy/config/initializers/mime_types.rb
+- test/dummy/config/initializers/permissions_policy.rb
 - test/dummy/config/initializers/secret_token.rb
 - test/dummy/config/initializers/session_store.rb
 - test/dummy/config/initializers/wrap_parameters.rb
 - test/dummy/config/locales/en.yml
 - test/dummy/config/routes.rb
+- test/dummy/config/storage.yml
 - test/dummy/config.ru
+- test/dummy/db/test.sqlite3
+- test/dummy/log/development.log
 - test/dummy/log/test.log
 - test/dummy/public/404.html
 - test/dummy/public/422.html
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
 - test/dummy/script/rails
+- test/dummy/tmp/local_secret.txt
 - test/limited_sessions_test.rb
 - test/test_helper.rb