mailkick 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e84a6786c23946b6e27a67a14d75c01da5cde231928d19c65edd2b591de9a153
-  data.tar.gz: 1a944d065c7bf4c164db038aabe0073b3759e96a232ec22b29e86cf746ffc02f
+  metadata.gz: 29547fd14ea942978a05dce4e217a19095b3e60b32d4f3d0da658603d02b2ef1
+  data.tar.gz: 5df27e5ebc7a4be7c60ea04251a78baaba22cf19d958a9043e0fdf30ec3760e2
 SHA512:
-  metadata.gz: 3ed9f0315dc5c60ed5b2cc524fd13763566b6126bafceb665dbddcdc2a182f4408a370e267fdcc8ab97cbe616684c7ff5ab91b0fe717d39a65deac854cd3b958
-  data.tar.gz: 82c2c1d7a1d0077eb60df59a9d672039b17750462a435afdef19125e26f3c122600a2a8f394c06a3119a64c773d4a6ef7a1f61dc5081dca587735eda80c4a9c3
+  metadata.gz: d656f3001137374753348508afe6a86a226039a9fba1873fad479d6f6b8f43ecf79f59e28fca498a505ab7b8467b44863fe8b6866f13c305530bc497976f5f49
+  data.tar.gz: 06b66e4eb5e9ba1705e8f62eaa3a953e8ff3fef54d65ca44ff6981313d36408e38533154258107cca82a8b02033772e311ee11be07e71dddb99a05be1bee2772

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.1.0 (2023-01-29)
+
+- Improved secret token generation
+
 ## 1.0.1 (2021-06-20)
 
 - Fixed error message when process out-opts not configured

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2014-2021 Andrew Kane
+Copyright (c) 2014-2023 Andrew Kane
 
 MIT License
 

data/README.md

@@ -5,8 +5,6 @@ Email subscriptions for Rails
 - Add one-click unsubscribe links to your emails
 - Fetch bounces and spam reports from your email service
 
-**Mailkick 1.0 was recently released** - see [how to upgrade](#upgrading)
-
 :postbox: Check out [Ahoy Email](https://github.com/ankane/ahoy_email) for analytics
 
 [![Build Status](https://github.com/ankane/mailkick/workflows/build/badge.svg?branch=master)](https://github.com/ankane/mailkick/actions)
@@ -16,7 +14,7 @@ Email subscriptions for Rails
 Add this line to your application’s Gemfile:
 
 ```ruby
-gem 'mailkick'
+gem "mailkick"
 ```
 
 And run the generator. This creates a table to store subscriptions.
@@ -125,7 +123,7 @@ Will gladly accept pull requests for others.
 Add the gem
 
 ```ruby
-gem 'aws-sdk-sesv2'
+gem "aws-sdk-sesv2"
 ```
 
 And [configure your AWS credentials](https://github.com/aws/aws-sdk-ruby#configuration). Requires `ses:ListSuppressedDestinations` permission.
@@ -137,7 +135,7 @@ If you started using Amazon SES [before November 25, 2019](https://docs.aws.amaz
 Add the gem
 
 ```ruby
-gem 'gibbon', '>= 2'
+gem "gibbon", ">= 2"
 ```
 
 And set `ENV["MAILCHIMP_API_KEY"]` and `ENV["MAILCHIMP_LIST_ID"]`.
@@ -147,7 +145,7 @@ And set `ENV["MAILCHIMP_API_KEY"]` and `ENV["MAILCHIMP_LIST_ID"]`.
 Add the gem
 
 ```ruby
-gem 'mailgun-ruby'
+gem "mailgun-ruby"
 ```
 
 And set `ENV["MAILGUN_API_KEY"]`.
@@ -157,7 +155,7 @@ And set `ENV["MAILGUN_API_KEY"]`.
 Add the gem
 
 ```ruby
-gem 'mandrill-api'
+gem "mandrill-api"
 ```
 
 And set `ENV["MANDRILL_APIKEY"]`.
@@ -167,7 +165,7 @@ And set `ENV["MANDRILL_APIKEY"]`.
 Add the gem
 
 ```ruby
-gem 'postmark'
+gem "postmark"
 ```
 
 And set `ENV["POSTMARK_API_KEY"]`.
@@ -177,7 +175,7 @@ And set `ENV["POSTMARK_API_KEY"]`.
 Add the gem
 
 ```ruby
-gem 'sendgrid-ruby'
+gem "sendgrid-ruby"
 ```
 
 And set `ENV["SENDGRID_API_KEY"]`. The API key requires only the `Suppressions` permission.

data/lib/mailkick/engine.rb

@@ -5,7 +5,11 @@ module Mailkick
     initializer "mailkick" do |app|
       Mailkick.discover_services unless Mailkick.services.any?
 
-      Mailkick.secret_token ||= begin
+      unless Mailkick.secret_token
+        Mailkick.secret_token = app.key_generator.generate_key("mailkick")
+        Mailkick.message_verifier = ActiveSupport::MessageVerifier.new(Mailkick.secret_token, serializer: JSON)
+
+        # TODO remove in 2.0
         creds =
           if app.respond_to?(:credentials) && app.credentials.secret_key_base
             app.credentials
@@ -15,7 +19,8 @@ module Mailkick
             app.config
           end
 
-        creds.respond_to?(:secret_key_base) ? creds.secret_key_base : creds.secret_token
+        token = creds.respond_to?(:secret_key_base) ? creds.secret_key_base : creds.secret_token
+        Mailkick.message_verifier.rotate(token, serializer: Marshal)
       end
     end
   end

data/lib/mailkick/version.rb

@@ -1,3 +1,3 @@
 module Mailkick
-  VERSION = "1.0.1"
+  VERSION = "1.1.0"
 end

data/lib/mailkick.rb

@@ -22,7 +22,9 @@ require "mailkick/version"
 require "mailkick/engine" if defined?(Rails)
 
 module Mailkick
-  mattr_accessor :services, :secret_token, :mount, :process_opt_outs_method
+  mattr_accessor :services, :mount, :process_opt_outs_method
+  mattr_reader :secret_token
+  mattr_writer :message_verifier
   self.services = []
   self.mount = true
   self.process_opt_outs_method = ->(_) { raise "process_opt_outs_method not defined" }
@@ -37,8 +39,15 @@ module Mailkick
     end
   end
 
+  def self.secret_token=(token)
+    @@secret_token = token
+    @@message_verifier = nil
+  end
+
+  # TODO use JSON serializer
+  # can't currently rotate serializer without rotating token or digest
   def self.message_verifier
-    @message_verifier ||= ActiveSupport::MessageVerifier.new(Mailkick.secret_token)
+    @@message_verifier ||= ActiveSupport::MessageVerifier.new(Mailkick.secret_token)
   end
 
   def self.generate_token(subscriber, list)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mailkick
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Andrew Kane
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-20 00:00:00.000000000 Z
+date: 2023-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -74,7 +74,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
 summary: Email subscriptions for Rails