mhartl-catch_cookie_exception 1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/MIT-LICENSE +20 -0
  2. data/README.markdown +10 -0
  3. data/Rakefile +22 -0
  4. data/catch_cookie_exception.gemspec +11 -0
  5. data/lib/catch_cookie_exception.rb +21 -0
  6. metadata +57 -0
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2008 [name of plugin creator]
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.markdown ADDED
@@ -0,0 +1,10 @@
1
+ # CatchCookieException
2
+
3
+ Implements the plugin from the blog post [A security issue with Rails secret session keys](http://blog.insoshi.com/2008/08/15/a-security-issue-with-rails-secret-session-keys/).
4
+
5
+ Install this plugin as follows:
6
+
7
+ $ script/plugin install git://github.com/mhartl/catch_cookie_exception.git
8
+
9
+
10
+ Copyright (c) 2008 Michael Hartl, released under the MIT license
data/Rakefile ADDED
@@ -0,0 +1,22 @@
1
+ require 'rake'
2
+ require 'rake/testtask'
3
+ require 'rake/rdoctask'
4
+
5
+ desc 'Default: run unit tests.'
6
+ task :default => :test
7
+
8
+ desc 'Test the catch_cookie_exception plugin.'
9
+ Rake::TestTask.new(:test) do |t|
10
+ t.libs << 'lib'
11
+ t.pattern = 'test/**/*_test.rb'
12
+ t.verbose = true
13
+ end
14
+
15
+ desc 'Generate documentation for the catch_cookie_exception plugin.'
16
+ Rake::RDocTask.new(:rdoc) do |rdoc|
17
+ rdoc.rdoc_dir = 'rdoc'
18
+ rdoc.title = 'CatchCookieException'
19
+ rdoc.options << '--line-numbers' << '--inline-source'
20
+ rdoc.rdoc_files.include('README')
21
+ rdoc.rdoc_files.include('lib/**/*.rb')
22
+ end
data/catch_cookie_exception.gemspec ADDED
@@ -0,0 +1,11 @@
1
+ spec = Gem::Specification.new do |s|
2
+ s.name = "catch_cookie_exception"
3
+ s.version = "1.0"
4
+ s.author = "Michael Hartl"
5
+ s.email = "michael@insoshi.com"
6
+ s.homepage = "http://insoshi.com/"
7
+ s.summary = "Catch and handle the CGI::Session::CookieStore::TamperedWithCookie exception that comes from changing the Rails secret string."
8
+ s.files = ["README.markdown", "Rakefile", "catch_cookie_exception.gemspec",
9
+ "lib/catch_cookie_exception.rb",
10
+ "MIT-LICENSE"]
11
+ end
data/lib/catch_cookie_exception.rb ADDED
@@ -0,0 +1,21 @@
1
+ require 'cgi'
2
+ require 'cgi/session'
3
+ class CGI::Session::CookieStore
4
+ # Restore session data from the cookie.
5
+ # This method overrides the one in
6
+ # actionpack/lib/action_controller/session/cookie_store.rb
7
+ # in order to handle the case of a "tampered" cookie more gracefully.
8
+ # The issue is that changing the 'secret' in config/environment.rb
9
+ # breaks all sessions in such a way that everyone gets an error page
10
+ # the first time they revisit the site. Catching the exception here
11
+ # prevents this ugly behavior.
12
+ # This is in a plugin so that it loads after Rails but before environment.rb.
13
+ def restore
14
+ @original = read_cookie
15
+ @data = unmarshal(@original) || {}
16
+ rescue CGI::Session::CookieStore::TamperedWithCookie
17
+ logger = Logger.new("#{RAILS_ROOT}/log/#{RAILS_ENV}.log")
18
+ logger.warn "Caught TamperedWithCookie exception on #{Time.now}"
19
+ @data = {}
20
+ end
21
+ end
metadata ADDED
@@ -0,0 +1,57 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: mhartl-catch_cookie_exception
3
+ version: !ruby/object:Gem::Version
4
+ version: "1.0"
5
+ platform: ruby
6
+ authors:
7
+ - Michael Hartl
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+
12
+ date: 2008-10-27 00:00:00 -07:00
13
+ default_executable:
14
+ dependencies: []
15
+
16
+ description:
17
+ email: michael@insoshi.com
18
+ executables: []
19
+
20
+ extensions: []
21
+
22
+ extra_rdoc_files: []
23
+
24
+ files:
25
+ - README.markdown
26
+ - Rakefile
27
+ - catch_cookie_exception.gemspec
28
+ - lib/catch_cookie_exception.rb
29
+ - MIT-LICENSE
30
+ has_rdoc: false
31
+ homepage: http://insoshi.com/
32
+ post_install_message:
33
+ rdoc_options: []
34
+
35
+ require_paths:
36
+ - lib
37
+ required_ruby_version: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ version: "0"
42
+ version:
43
+ required_rubygems_version: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: "0"
48
+ version:
49
+ requirements: []
50
+
51
+ rubyforge_project:
52
+ rubygems_version: 1.2.0
53
+ signing_key:
54
+ specification_version: 2
55
+ summary: Catch and handle the CGI::Session::CookieStore::TamperedWithCookie exception that comes from changing the Rails secret string.
56
+ test_files: []
57
+