mhartl-catch_cookie_exception 1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/README.markdown +10 -0
- data/Rakefile +22 -0
- data/catch_cookie_exception.gemspec +11 -0
- data/lib/catch_cookie_exception.rb +21 -0
- metadata +57 -0
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2008 [name of plugin creator]
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.markdown
ADDED
@@ -0,0 +1,10 @@
|
|
1
|
+
# CatchCookieException
|
2
|
+
|
3
|
+
Implements the plugin from the blog post [A security issue with Rails secret session keys](http://blog.insoshi.com/2008/08/15/a-security-issue-with-rails-secret-session-keys/).
|
4
|
+
|
5
|
+
Install this plugin as follows:
|
6
|
+
|
7
|
+
$ script/plugin install git://github.com/mhartl/catch_cookie_exception.git
|
8
|
+
|
9
|
+
|
10
|
+
Copyright (c) 2008 Michael Hartl, released under the MIT license
|
data/Rakefile
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/testtask'
|
3
|
+
require 'rake/rdoctask'
|
4
|
+
|
5
|
+
desc 'Default: run unit tests.'
|
6
|
+
task :default => :test
|
7
|
+
|
8
|
+
desc 'Test the catch_cookie_exception plugin.'
|
9
|
+
Rake::TestTask.new(:test) do |t|
|
10
|
+
t.libs << 'lib'
|
11
|
+
t.pattern = 'test/**/*_test.rb'
|
12
|
+
t.verbose = true
|
13
|
+
end
|
14
|
+
|
15
|
+
desc 'Generate documentation for the catch_cookie_exception plugin.'
|
16
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
17
|
+
rdoc.rdoc_dir = 'rdoc'
|
18
|
+
rdoc.title = 'CatchCookieException'
|
19
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
20
|
+
rdoc.rdoc_files.include('README')
|
21
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
22
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
spec = Gem::Specification.new do |s|
|
2
|
+
s.name = "catch_cookie_exception"
|
3
|
+
s.version = "1.0"
|
4
|
+
s.author = "Michael Hartl"
|
5
|
+
s.email = "michael@insoshi.com"
|
6
|
+
s.homepage = "http://insoshi.com/"
|
7
|
+
s.summary = "Catch and handle the CGI::Session::CookieStore::TamperedWithCookie exception that comes from changing the Rails secret string."
|
8
|
+
s.files = ["README.markdown", "Rakefile", "catch_cookie_exception.gemspec",
|
9
|
+
"lib/catch_cookie_exception.rb",
|
10
|
+
"MIT-LICENSE"]
|
11
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'cgi'
|
2
|
+
require 'cgi/session'
|
3
|
+
class CGI::Session::CookieStore
|
4
|
+
# Restore session data from the cookie.
|
5
|
+
# This method overrides the one in
|
6
|
+
# actionpack/lib/action_controller/session/cookie_store.rb
|
7
|
+
# in order to handle the case of a "tampered" cookie more gracefully.
|
8
|
+
# The issue is that changing the 'secret' in config/environment.rb
|
9
|
+
# breaks all sessions in such a way that everyone gets an error page
|
10
|
+
# the first time they revisit the site. Catching the exception here
|
11
|
+
# prevents this ugly behavior.
|
12
|
+
# This is in a plugin so that it loads after Rails but before environment.rb.
|
13
|
+
def restore
|
14
|
+
@original = read_cookie
|
15
|
+
@data = unmarshal(@original) || {}
|
16
|
+
rescue CGI::Session::CookieStore::TamperedWithCookie
|
17
|
+
logger = Logger.new("#{RAILS_ROOT}/log/#{RAILS_ENV}.log")
|
18
|
+
logger.warn "Caught TamperedWithCookie exception on #{Time.now}"
|
19
|
+
@data = {}
|
20
|
+
end
|
21
|
+
end
|
metadata
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: mhartl-catch_cookie_exception
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: "1.0"
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Michael Hartl
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2008-10-27 00:00:00 -07:00
|
13
|
+
default_executable:
|
14
|
+
dependencies: []
|
15
|
+
|
16
|
+
description:
|
17
|
+
email: michael@insoshi.com
|
18
|
+
executables: []
|
19
|
+
|
20
|
+
extensions: []
|
21
|
+
|
22
|
+
extra_rdoc_files: []
|
23
|
+
|
24
|
+
files:
|
25
|
+
- README.markdown
|
26
|
+
- Rakefile
|
27
|
+
- catch_cookie_exception.gemspec
|
28
|
+
- lib/catch_cookie_exception.rb
|
29
|
+
- MIT-LICENSE
|
30
|
+
has_rdoc: false
|
31
|
+
homepage: http://insoshi.com/
|
32
|
+
post_install_message:
|
33
|
+
rdoc_options: []
|
34
|
+
|
35
|
+
require_paths:
|
36
|
+
- lib
|
37
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - ">="
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: "0"
|
42
|
+
version:
|
43
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: "0"
|
48
|
+
version:
|
49
|
+
requirements: []
|
50
|
+
|
51
|
+
rubyforge_project:
|
52
|
+
rubygems_version: 1.2.0
|
53
|
+
signing_key:
|
54
|
+
specification_version: 2
|
55
|
+
summary: Catch and handle the CGI::Session::CookieStore::TamperedWithCookie exception that comes from changing the Rails secret string.
|
56
|
+
test_files: []
|
57
|
+
|