mhartl-catch_cookie_exception 1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/MIT-LICENSE +20 -0
  2. data/README.markdown +10 -0
  3. data/Rakefile +22 -0
  4. data/catch_cookie_exception.gemspec +11 -0
  5. data/lib/catch_cookie_exception.rb +21 -0
  6. metadata +57 -0
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2008 [name of plugin creator]
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.markdown ADDED
@@ -0,0 +1,10 @@
1
+ # CatchCookieException
2
+
3
+ Implements the plugin from the blog post [A security issue with Rails secret session keys](http://blog.insoshi.com/2008/08/15/a-security-issue-with-rails-secret-session-keys/).
4
+
5
+ Install this plugin as follows:
6
+
7
+ $ script/plugin install git://github.com/mhartl/catch_cookie_exception.git
8
+
9
+
10
+ Copyright (c) 2008 Michael Hartl, released under the MIT license
data/Rakefile ADDED
@@ -0,0 +1,22 @@
1
+ require 'rake'
2
+ require 'rake/testtask'
3
+ require 'rake/rdoctask'
4
+
5
+ desc 'Default: run unit tests.'
6
+ task :default => :test
7
+
8
+ desc 'Test the catch_cookie_exception plugin.'
9
+ Rake::TestTask.new(:test) do |t|
10
+ t.libs << 'lib'
11
+ t.pattern = 'test/**/*_test.rb'
12
+ t.verbose = true
13
+ end
14
+
15
+ desc 'Generate documentation for the catch_cookie_exception plugin.'
16
+ Rake::RDocTask.new(:rdoc) do |rdoc|
17
+ rdoc.rdoc_dir = 'rdoc'
18
+ rdoc.title = 'CatchCookieException'
19
+ rdoc.options << '--line-numbers' << '--inline-source'
20
+ rdoc.rdoc_files.include('README')
21
+ rdoc.rdoc_files.include('lib/**/*.rb')
22
+ end
data/catch_cookie_exception.gemspec ADDED
@@ -0,0 +1,11 @@
1
+ spec = Gem::Specification.new do |s|
2
+ s.name = "catch_cookie_exception"
3
+ s.version = "1.0"
4
+ s.author = "Michael Hartl"
5
+ s.email = "michael@insoshi.com"
6
+ s.homepage = "http://insoshi.com/"
7
+ s.summary = "Catch and handle the CGI::Session::CookieStore::TamperedWithCookie exception that comes from changing the Rails secret string."
8
+ s.files = ["README.markdown", "Rakefile", "catch_cookie_exception.gemspec",
9
+ "lib/catch_cookie_exception.rb",
10
+ "MIT-LICENSE"]
11
+ end
data/lib/catch_cookie_exception.rb ADDED
@@ -0,0 +1,21 @@
1
+ require 'cgi'
2
+ require 'cgi/session'
3
+ class CGI::Session::CookieStore
4
+ # Restore session data from the cookie.
5
+ # This method overrides the one in
6
+ # actionpack/lib/action_controller/session/cookie_store.rb
7
+ # in order to handle the case of a "tampered" cookie more gracefully.
8
+ # The issue is that changing the 'secret' in config/environment.rb
9
+ # breaks all sessions in such a way that everyone gets an error page
10
+ # the first time they revisit the site. Catching the exception here
11
+ # prevents this ugly behavior.
12
+ # This is in a plugin so that it loads after Rails but before environment.rb.
13
+ def restore
14
+ @original = read_cookie
15
+ @data = unmarshal(@original) || {}
16
+ rescue CGI::Session::CookieStore::TamperedWithCookie
17
+ logger = Logger.new("#{RAILS_ROOT}/log/#{RAILS_ENV}.log")
18
+ logger.warn "Caught TamperedWithCookie exception on #{Time.now}"
19
+ @data = {}
20
+ end
21
+ end
metadata ADDED
@@ -0,0 +1,57 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: mhartl-catch_cookie_exception
3
+ version: !ruby/object:Gem::Version
4
+ version: "1.0"
5
+ platform: ruby
6
+ authors:
7
+ - Michael Hartl
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+
12
+ date: 2008-10-27 00:00:00 -07:00
13
+ default_executable:
14
+ dependencies: []
15
+
16
+ description:
17
+ email: michael@insoshi.com
18
+ executables: []
19
+
20
+ extensions: []
21
+
22
+ extra_rdoc_files: []
23
+
24
+ files:
25
+ - README.markdown
26
+ - Rakefile
27
+ - catch_cookie_exception.gemspec
28
+ - lib/catch_cookie_exception.rb
29
+ - MIT-LICENSE
30
+ has_rdoc: false
31
+ homepage: http://insoshi.com/
32
+ post_install_message:
33
+ rdoc_options: []
34
+
35
+ require_paths:
36
+ - lib
37
+ required_ruby_version: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ version: "0"
42
+ version:
43
+ required_rubygems_version: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: "0"
48
+ version:
49
+ requirements: []
50
+
51
+ rubyforge_project:
52
+ rubygems_version: 1.2.0
53
+ signing_key:
54
+ specification_version: 2
55
+ summary: Catch and handle the CGI::Session::CookieStore::TamperedWithCookie exception that comes from changing the Rails secret string.
56
+ test_files: []
57
+