multi_session 1.1.0 → 1.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e401b25f019731faaad3230a51406a7853c071837f9a134c7779bf2f1130841f
4
- data.tar.gz: ef26f4a723075fcdb0b19406a787a8bd6fabd84e8fb4fac417c96a1be3c3d281
3
+ metadata.gz: c210534cd8cb3dd7e72a786288a235fddd5d6a06ea45c8a62813dddb2aa61154
4
+ data.tar.gz: f9f3ecb1923aaec68643a2c29cebaa42488d20b5d5c1c7590f73a775d235d20f
5
5
  SHA512:
6
- metadata.gz: 19f01b7549b920e6d25e6a072fabd846c80d6cd8f4ed60bb48ce75e88a58363abfc72ee9a8d42ba40aa62b02f01572294b67aac68f0eccb0711121d4711d9ad6
7
- data.tar.gz: b2f5cd824bbc7e84310f352c08ce36ecb8450711ec5605846dbccc31e4b5c450d4bac6df72873afbc367d3284c7f0282f9004c9a3fb3b008d3d0d280b40f0c21
6
+ metadata.gz: b133c108f883baa7a486758a24b2b338fd3def90f6fa8766f8f941fcfd9e8cbb21b37f70c420578d2dd4260f67e16a1176e917060245abd297af852f28d56863
7
+ data.tar.gz: 98c4f3c4d680c27393cf1c9ce99df8710c8355e4eeebcbcf27f52d91034eaa491dd01544652aac31341ef79e50a01af7fdd902cf98f3b568eb432eef8df746f2
data/README.md CHANGED
@@ -53,7 +53,7 @@ multi_session_keys: # use `rake secret` to generate custom keys
53
53
  user_preferences: # insert a different secret here
54
54
  ```
55
55
 
56
- ## Installation
56
+ ## Installation and Requirements
57
57
 
58
58
  Add this line to your application's Gemfile:
59
59
 
@@ -61,6 +61,8 @@ Add this line to your application's Gemfile:
61
61
  gem 'multi_session', '~> 1.1'
62
62
  ```
63
63
 
64
+ Currently `multi_session` will only work with Rails version 5.2.0 or higher. In version 5.2, Rails switched the default session encryption from `aes-256-cbc` to `aes-256-gcm`. This gem has only been coded to work with the `aes-256-gcm` cipher which unfortunately does not work with older versions of `ActiveSupport::MessageEncryptor`.
65
+
64
66
  ## Configuration
65
67
 
66
68
  For the current version `multi_session`, there these are the configuration values that can optionally be set:
@@ -4,13 +4,13 @@ module MultiSession
4
4
  @cookies = cookies
5
5
  end
6
6
 
7
- def [](key)
7
+ def [] key
8
8
  return nil unless @cookies[key.to_s].present?
9
- session = ActiveSupport::JSON.decode encryptor(key).decrypt_and_verify(@cookies[key])
9
+ session = ActiveSupport::JSON.decode encryptor(key.to_s).decrypt_and_verify(@cookies[key.to_s])
10
10
  session['value'] # TODO: add ability to let developer retrieve the session_id
11
11
  end
12
12
 
13
- def []=(key, value)
13
+ def []= key, value
14
14
  previous_session = self[key]
15
15
  session_id = if previous_session && previous_session['session_id'].present?
16
16
  previous_session['session_id']
@@ -18,12 +18,14 @@ module MultiSession
18
18
  SecureRandom.hex(16).encode Encoding::UTF_8
19
19
  end
20
20
 
21
- new_session = {
22
- 'session_id' => session_id,
23
- 'value' => value
24
- }
25
- expiry_options = MultiSession.expires.present? ? {expires_at: Time.now + MultiSession.expires} : {}
26
- encrypted_and_signed_value = encryptor(key).encrypt_and_sign ActiveSupport::JSON.encode(new_session), expiry_options
21
+ new_session = {'session_id' => session_id, 'value' => value}
22
+ enc = encryptor key.to_s
23
+ if enc.method(:encrypt_and_sign).arity > 1 # check number of arguments for encrypt_and_sign (more than 1 means we're in Rails 5.2+ and can have expirable messages)
24
+ expiry_options = MultiSession.expires.present? ? {expires_at: Time.now + MultiSession.expires} : {}
25
+ encrypted_and_signed_value = enc.encrypt_and_sign ActiveSupport::JSON.encode(new_session), expiry_options
26
+ else
27
+ encrypted_and_signed_value = enc.encrypt_and_sign ActiveSupport::JSON.encode(new_session)
28
+ end
27
29
 
28
30
  raise ActionDispatch::Cookies::CookieOverflow if encrypted_and_signed_value.bytesize > ActionDispatch::Cookies::MAX_COOKIE_SIZE
29
31
 
@@ -36,22 +38,30 @@ module MultiSession
36
38
  end
37
39
 
38
40
  def update_expiration
39
- Rails.application.credentials[:multi_session_keys].each_key do |key|
41
+ multi_session_keys.each_key do |key|
40
42
  self[key] = self[key] # decrypt and re-encrypt to force expires_at to update
41
43
  end
42
44
  end
43
45
 
44
46
  private
45
47
 
48
+ def multi_session_keys
49
+ keys = if Rails.application.respond_to? :credentials
50
+ Rails.application.credentials[:multi_session_keys]
51
+ else
52
+ Rails.application.secrets[:multi_session_keys]
53
+ end
54
+ keys.symbolize_keys
55
+ end
56
+
46
57
  def encryptor key
47
- secret_key_base = Rails.application.credentials[:multi_session_keys][key.to_sym]
58
+ secret_key_base = multi_session_keys[key.to_sym]
48
59
  raise ArgumentError.new("Rails.application.credentials[:multi_session_keys][:'#{key}'] has not been set.") unless secret_key_base.present?
49
60
 
50
61
  encrypted_cookie_cipher = 'aes-256-gcm'
51
62
  key_generator = ActiveSupport::CachingKeyGenerator.new ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
52
63
  key_len = ActiveSupport::MessageEncryptor.key_len encrypted_cookie_cipher
53
- salt = 'authenticated encrypted cookie'
54
- secret = key_generator.generate_key(MultiSession.authenticated_encrypted_cookie_salt, key_len)
64
+ secret = key_generator.generate_key MultiSession.authenticated_encrypted_cookie_salt, key_len
55
65
 
56
66
  ActiveSupport::MessageEncryptor.new secret, cipher: encrypted_cookie_cipher, serializer: ActiveSupport::MessageEncryptor::NullSerializer
57
67
  end
@@ -1,3 +1,3 @@
1
1
  module MultiSession
2
- VERSION = '1.1.0'
2
+ VERSION = '1.1.1'
3
3
  end
@@ -394,3 +394,130 @@ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 a
394
394
  Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
395
395
  Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
396
396
  Completed 200 OK in 37ms
397
+ Started GET "/" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
398
+ Processing by MultiSessionTestController#some_action as HTML
399
+ Rendering multi_session_test/some_action.html.erb within layouts/application
400
+ Rendered multi_session_test/some_action.html.erb within layouts/application (1.0ms)
401
+ Completed 200 OK in 10ms (Views: 7.9ms)
402
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
403
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
404
+ Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
405
+ Completed 200 OK in 15ms
406
+ Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
407
+ Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
408
+ Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
409
+ Rendering inline template
410
+ Rendered inline template (0.2ms)
411
+ Completed 200 OK in 10ms (Views: 0.6ms)
412
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
413
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
414
+ Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
415
+ Completed 200 OK in 47ms
416
+ Started GET "/" for 127.0.0.1 at 2018-10-11 10:32:41 -0500
417
+ Processing by MultiSessionTestController#some_action as HTML
418
+ Rendering multi_session_test/some_action.html.erb within layouts/application
419
+ Rendered multi_session_test/some_action.html.erb within layouts/application (0.8ms)
420
+ Completed 200 OK in 9ms (Views: 7.1ms)
421
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:32:41 -0500
422
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
423
+ Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
424
+ Completed 500 Internal Server Error in 8ms
425
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:32:41 -0500
426
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
427
+ Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
428
+ Completed 500 Internal Server Error in 0ms
429
+ Started GET "/" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
430
+ Processing by MultiSessionTestController#some_action as HTML
431
+ Rendering multi_session_test/some_action.html.erb within layouts/application
432
+ Rendered multi_session_test/some_action.html.erb within layouts/application (1.4ms)
433
+ Completed 200 OK in 11ms (Views: 9.5ms)
434
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
435
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
436
+ Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
437
+ Completed 200 OK in 19ms
438
+ Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
439
+ Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
440
+ Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
441
+ Rendering inline template
442
+ Rendered inline template (0.2ms)
443
+ Completed 200 OK in 14ms (Views: 0.6ms)
444
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
445
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
446
+ Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
447
+ Completed 200 OK in 44ms
448
+ Started GET "/" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
449
+ Processing by MultiSessionTestController#some_action as HTML
450
+ Rendering multi_session_test/some_action.html.erb within layouts/application
451
+ Rendered multi_session_test/some_action.html.erb within layouts/application (1.1ms)
452
+ Completed 200 OK in 9ms (Views: 6.9ms)
453
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
454
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
455
+ Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
456
+ Completed 200 OK in 13ms
457
+ Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
458
+ Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
459
+ Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
460
+ Rendering inline template
461
+ Rendered inline template (0.2ms)
462
+ Completed 200 OK in 19ms (Views: 0.6ms)
463
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
464
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
465
+ Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
466
+ Completed 200 OK in 40ms
467
+ Started GET "/" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
468
+ Processing by MultiSessionTestController#some_action as HTML
469
+ Rendering multi_session_test/some_action.html.erb within layouts/application
470
+ Rendered multi_session_test/some_action.html.erb within layouts/application (1.1ms)
471
+ Completed 200 OK in 11ms (Views: 8.3ms)
472
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
473
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
474
+ Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
475
+ Completed 200 OK in 17ms
476
+ Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
477
+ Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
478
+ Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
479
+ Rendering inline template
480
+ Rendered inline template (0.5ms)
481
+ Completed 200 OK in 12ms (Views: 0.9ms)
482
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
483
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
484
+ Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
485
+ Completed 200 OK in 37ms
486
+ Started GET "/" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
487
+ Processing by MultiSessionTestController#some_action as HTML
488
+ Rendering multi_session_test/some_action.html.erb within layouts/application
489
+ Rendered multi_session_test/some_action.html.erb within layouts/application (0.7ms)
490
+ Completed 200 OK in 8ms (Views: 6.1ms)
491
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
492
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
493
+ Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
494
+ Completed 200 OK in 12ms
495
+ Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
496
+ Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
497
+ Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
498
+ Rendering inline template
499
+ Rendered inline template (0.2ms)
500
+ Completed 200 OK in 11ms (Views: 0.8ms)
501
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
502
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
503
+ Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
504
+ Completed 200 OK in 33ms
505
+ Started GET "/" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
506
+ Processing by MultiSessionTestController#some_action as HTML
507
+ Rendering multi_session_test/some_action.html.erb within layouts/application
508
+ Rendered multi_session_test/some_action.html.erb within layouts/application (0.8ms)
509
+ Completed 200 OK in 8ms (Views: 6.1ms)
510
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
511
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
512
+ Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
513
+ Completed 200 OK in 12ms
514
+ Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
515
+ Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
516
+ Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
517
+ Rendering inline template
518
+ Rendered inline template (0.2ms)
519
+ Completed 200 OK in 10ms (Views: 0.6ms)
520
+ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
521
+ Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
522
+ Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
523
+ Completed 200 OK in 33ms
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: multi_session
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sean Huber
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-10 00:00:00.000000000 Z
11
+ date: 2018-10-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 5.2.1
19
+ version: 5.2.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 5.2.1
26
+ version: 5.2.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: coveralls
29
29
  requirement: !ruby/object:Gem::Requirement