multi_session 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -1
- data/lib/multi_session/session.rb +23 -13
- data/lib/multi_session/version.rb +1 -1
- data/spec/dummy/log/test.log +127 -0
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c210534cd8cb3dd7e72a786288a235fddd5d6a06ea45c8a62813dddb2aa61154
|
|
4
|
+
data.tar.gz: f9f3ecb1923aaec68643a2c29cebaa42488d20b5d5c1c7590f73a775d235d20f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b133c108f883baa7a486758a24b2b338fd3def90f6fa8766f8f941fcfd9e8cbb21b37f70c420578d2dd4260f67e16a1176e917060245abd297af852f28d56863
|
|
7
|
+
data.tar.gz: 98c4f3c4d680c27393cf1c9ce99df8710c8355e4eeebcbcf27f52d91034eaa491dd01544652aac31341ef79e50a01af7fdd902cf98f3b568eb432eef8df746f2
|
data/README.md
CHANGED
|
@@ -53,7 +53,7 @@ multi_session_keys: # use `rake secret` to generate custom keys
|
|
|
53
53
|
user_preferences: # insert a different secret here
|
|
54
54
|
```
|
|
55
55
|
|
|
56
|
-
## Installation
|
|
56
|
+
## Installation and Requirements
|
|
57
57
|
|
|
58
58
|
Add this line to your application's Gemfile:
|
|
59
59
|
|
|
@@ -61,6 +61,8 @@ Add this line to your application's Gemfile:
|
|
|
61
61
|
gem 'multi_session', '~> 1.1'
|
|
62
62
|
```
|
|
63
63
|
|
|
64
|
+
Currently `multi_session` will only work with Rails version 5.2.0 or higher. In version 5.2, Rails switched the default session encryption from `aes-256-cbc` to `aes-256-gcm`. This gem has only been coded to work with the `aes-256-gcm` cipher which unfortunately does not work with older versions of `ActiveSupport::MessageEncryptor`.
|
|
65
|
+
|
|
64
66
|
## Configuration
|
|
65
67
|
|
|
66
68
|
For the current version `multi_session`, there these are the configuration values that can optionally be set:
|
|
@@ -4,13 +4,13 @@ module MultiSession
|
|
|
4
4
|
@cookies = cookies
|
|
5
5
|
end
|
|
6
6
|
|
|
7
|
-
def []
|
|
7
|
+
def [] key
|
|
8
8
|
return nil unless @cookies[key.to_s].present?
|
|
9
|
-
session = ActiveSupport::JSON.decode encryptor(key).decrypt_and_verify(@cookies[key])
|
|
9
|
+
session = ActiveSupport::JSON.decode encryptor(key.to_s).decrypt_and_verify(@cookies[key.to_s])
|
|
10
10
|
session['value'] # TODO: add ability to let developer retrieve the session_id
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
def []=
|
|
13
|
+
def []= key, value
|
|
14
14
|
previous_session = self[key]
|
|
15
15
|
session_id = if previous_session && previous_session['session_id'].present?
|
|
16
16
|
previous_session['session_id']
|
|
@@ -18,12 +18,14 @@ module MultiSession
|
|
|
18
18
|
SecureRandom.hex(16).encode Encoding::UTF_8
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
new_session = {
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
21
|
+
new_session = {'session_id' => session_id, 'value' => value}
|
|
22
|
+
enc = encryptor key.to_s
|
|
23
|
+
if enc.method(:encrypt_and_sign).arity > 1 # check number of arguments for encrypt_and_sign (more than 1 means we're in Rails 5.2+ and can have expirable messages)
|
|
24
|
+
expiry_options = MultiSession.expires.present? ? {expires_at: Time.now + MultiSession.expires} : {}
|
|
25
|
+
encrypted_and_signed_value = enc.encrypt_and_sign ActiveSupport::JSON.encode(new_session), expiry_options
|
|
26
|
+
else
|
|
27
|
+
encrypted_and_signed_value = enc.encrypt_and_sign ActiveSupport::JSON.encode(new_session)
|
|
28
|
+
end
|
|
27
29
|
|
|
28
30
|
raise ActionDispatch::Cookies::CookieOverflow if encrypted_and_signed_value.bytesize > ActionDispatch::Cookies::MAX_COOKIE_SIZE
|
|
29
31
|
|
|
@@ -36,22 +38,30 @@ module MultiSession
|
|
|
36
38
|
end
|
|
37
39
|
|
|
38
40
|
def update_expiration
|
|
39
|
-
|
|
41
|
+
multi_session_keys.each_key do |key|
|
|
40
42
|
self[key] = self[key] # decrypt and re-encrypt to force expires_at to update
|
|
41
43
|
end
|
|
42
44
|
end
|
|
43
45
|
|
|
44
46
|
private
|
|
45
47
|
|
|
48
|
+
def multi_session_keys
|
|
49
|
+
keys = if Rails.application.respond_to? :credentials
|
|
50
|
+
Rails.application.credentials[:multi_session_keys]
|
|
51
|
+
else
|
|
52
|
+
Rails.application.secrets[:multi_session_keys]
|
|
53
|
+
end
|
|
54
|
+
keys.symbolize_keys
|
|
55
|
+
end
|
|
56
|
+
|
|
46
57
|
def encryptor key
|
|
47
|
-
secret_key_base =
|
|
58
|
+
secret_key_base = multi_session_keys[key.to_sym]
|
|
48
59
|
raise ArgumentError.new("Rails.application.credentials[:multi_session_keys][:'#{key}'] has not been set.") unless secret_key_base.present?
|
|
49
60
|
|
|
50
61
|
encrypted_cookie_cipher = 'aes-256-gcm'
|
|
51
62
|
key_generator = ActiveSupport::CachingKeyGenerator.new ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
|
|
52
63
|
key_len = ActiveSupport::MessageEncryptor.key_len encrypted_cookie_cipher
|
|
53
|
-
|
|
54
|
-
secret = key_generator.generate_key(MultiSession.authenticated_encrypted_cookie_salt, key_len)
|
|
64
|
+
secret = key_generator.generate_key MultiSession.authenticated_encrypted_cookie_salt, key_len
|
|
55
65
|
|
|
56
66
|
ActiveSupport::MessageEncryptor.new secret, cipher: encrypted_cookie_cipher, serializer: ActiveSupport::MessageEncryptor::NullSerializer
|
|
57
67
|
end
|
data/spec/dummy/log/test.log
CHANGED
|
@@ -394,3 +394,130 @@ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 a
|
|
|
394
394
|
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
395
395
|
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
396
396
|
Completed 200 OK in 37ms
|
|
397
|
+
Started GET "/" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
|
|
398
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
399
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
400
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (1.0ms)
|
|
401
|
+
Completed 200 OK in 10ms (Views: 7.9ms)
|
|
402
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
|
|
403
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
404
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
405
|
+
Completed 200 OK in 15ms
|
|
406
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
|
|
407
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
408
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
409
|
+
Rendering inline template
|
|
410
|
+
Rendered inline template (0.2ms)
|
|
411
|
+
Completed 200 OK in 10ms (Views: 0.6ms)
|
|
412
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
|
|
413
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
414
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
415
|
+
Completed 200 OK in 47ms
|
|
416
|
+
Started GET "/" for 127.0.0.1 at 2018-10-11 10:32:41 -0500
|
|
417
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
418
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
419
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (0.8ms)
|
|
420
|
+
Completed 200 OK in 9ms (Views: 7.1ms)
|
|
421
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:32:41 -0500
|
|
422
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
423
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
424
|
+
Completed 500 Internal Server Error in 8ms
|
|
425
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:32:41 -0500
|
|
426
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
427
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
428
|
+
Completed 500 Internal Server Error in 0ms
|
|
429
|
+
Started GET "/" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
|
|
430
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
431
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
432
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (1.4ms)
|
|
433
|
+
Completed 200 OK in 11ms (Views: 9.5ms)
|
|
434
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
|
|
435
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
436
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
437
|
+
Completed 200 OK in 19ms
|
|
438
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
|
|
439
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
440
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
441
|
+
Rendering inline template
|
|
442
|
+
Rendered inline template (0.2ms)
|
|
443
|
+
Completed 200 OK in 14ms (Views: 0.6ms)
|
|
444
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
|
|
445
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
446
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
447
|
+
Completed 200 OK in 44ms
|
|
448
|
+
Started GET "/" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
|
|
449
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
450
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
451
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (1.1ms)
|
|
452
|
+
Completed 200 OK in 9ms (Views: 6.9ms)
|
|
453
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
|
|
454
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
455
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
456
|
+
Completed 200 OK in 13ms
|
|
457
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
|
|
458
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
459
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
460
|
+
Rendering inline template
|
|
461
|
+
Rendered inline template (0.2ms)
|
|
462
|
+
Completed 200 OK in 19ms (Views: 0.6ms)
|
|
463
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
|
|
464
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
465
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
466
|
+
Completed 200 OK in 40ms
|
|
467
|
+
Started GET "/" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
|
|
468
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
469
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
470
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (1.1ms)
|
|
471
|
+
Completed 200 OK in 11ms (Views: 8.3ms)
|
|
472
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
|
|
473
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
474
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
475
|
+
Completed 200 OK in 17ms
|
|
476
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
|
|
477
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
478
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
479
|
+
Rendering inline template
|
|
480
|
+
Rendered inline template (0.5ms)
|
|
481
|
+
Completed 200 OK in 12ms (Views: 0.9ms)
|
|
482
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
|
|
483
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
484
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
485
|
+
Completed 200 OK in 37ms
|
|
486
|
+
Started GET "/" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
|
|
487
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
488
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
489
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (0.7ms)
|
|
490
|
+
Completed 200 OK in 8ms (Views: 6.1ms)
|
|
491
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
|
|
492
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
493
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
494
|
+
Completed 200 OK in 12ms
|
|
495
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
|
|
496
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
497
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
498
|
+
Rendering inline template
|
|
499
|
+
Rendered inline template (0.2ms)
|
|
500
|
+
Completed 200 OK in 11ms (Views: 0.8ms)
|
|
501
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
|
|
502
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
503
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
504
|
+
Completed 200 OK in 33ms
|
|
505
|
+
Started GET "/" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
|
|
506
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
507
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
508
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (0.8ms)
|
|
509
|
+
Completed 200 OK in 8ms (Views: 6.1ms)
|
|
510
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
|
|
511
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
512
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
513
|
+
Completed 200 OK in 12ms
|
|
514
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
|
|
515
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
516
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
517
|
+
Rendering inline template
|
|
518
|
+
Rendered inline template (0.2ms)
|
|
519
|
+
Completed 200 OK in 10ms (Views: 0.6ms)
|
|
520
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
|
|
521
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
522
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
523
|
+
Completed 200 OK in 33ms
|
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: multi_session
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sean Huber
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-10-
|
|
11
|
+
date: 2018-10-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 5.2.
|
|
19
|
+
version: 5.2.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 5.2.
|
|
26
|
+
version: 5.2.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: coveralls
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|