multi_session 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -1
- data/lib/multi_session/session.rb +23 -13
- data/lib/multi_session/version.rb +1 -1
- data/spec/dummy/log/test.log +127 -0
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c210534cd8cb3dd7e72a786288a235fddd5d6a06ea45c8a62813dddb2aa61154
|
|
4
|
+
data.tar.gz: f9f3ecb1923aaec68643a2c29cebaa42488d20b5d5c1c7590f73a775d235d20f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b133c108f883baa7a486758a24b2b338fd3def90f6fa8766f8f941fcfd9e8cbb21b37f70c420578d2dd4260f67e16a1176e917060245abd297af852f28d56863
|
|
7
|
+
data.tar.gz: 98c4f3c4d680c27393cf1c9ce99df8710c8355e4eeebcbcf27f52d91034eaa491dd01544652aac31341ef79e50a01af7fdd902cf98f3b568eb432eef8df746f2
|
data/README.md
CHANGED
|
@@ -53,7 +53,7 @@ multi_session_keys: # use `rake secret` to generate custom keys
|
|
|
53
53
|
user_preferences: # insert a different secret here
|
|
54
54
|
```
|
|
55
55
|
|
|
56
|
-
## Installation
|
|
56
|
+
## Installation and Requirements
|
|
57
57
|
|
|
58
58
|
Add this line to your application's Gemfile:
|
|
59
59
|
|
|
@@ -61,6 +61,8 @@ Add this line to your application's Gemfile:
|
|
|
61
61
|
gem 'multi_session', '~> 1.1'
|
|
62
62
|
```
|
|
63
63
|
|
|
64
|
+
Currently `multi_session` will only work with Rails version 5.2.0 or higher. In version 5.2, Rails switched the default session encryption from `aes-256-cbc` to `aes-256-gcm`. This gem has only been coded to work with the `aes-256-gcm` cipher which unfortunately does not work with older versions of `ActiveSupport::MessageEncryptor`.
|
|
65
|
+
|
|
64
66
|
## Configuration
|
|
65
67
|
|
|
66
68
|
For the current version `multi_session`, there these are the configuration values that can optionally be set:
|
|
@@ -4,13 +4,13 @@ module MultiSession
|
|
|
4
4
|
@cookies = cookies
|
|
5
5
|
end
|
|
6
6
|
|
|
7
|
-
def []
|
|
7
|
+
def [] key
|
|
8
8
|
return nil unless @cookies[key.to_s].present?
|
|
9
|
-
session = ActiveSupport::JSON.decode encryptor(key).decrypt_and_verify(@cookies[key])
|
|
9
|
+
session = ActiveSupport::JSON.decode encryptor(key.to_s).decrypt_and_verify(@cookies[key.to_s])
|
|
10
10
|
session['value'] # TODO: add ability to let developer retrieve the session_id
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
def []=
|
|
13
|
+
def []= key, value
|
|
14
14
|
previous_session = self[key]
|
|
15
15
|
session_id = if previous_session && previous_session['session_id'].present?
|
|
16
16
|
previous_session['session_id']
|
|
@@ -18,12 +18,14 @@ module MultiSession
|
|
|
18
18
|
SecureRandom.hex(16).encode Encoding::UTF_8
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
new_session = {
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
21
|
+
new_session = {'session_id' => session_id, 'value' => value}
|
|
22
|
+
enc = encryptor key.to_s
|
|
23
|
+
if enc.method(:encrypt_and_sign).arity > 1 # check number of arguments for encrypt_and_sign (more than 1 means we're in Rails 5.2+ and can have expirable messages)
|
|
24
|
+
expiry_options = MultiSession.expires.present? ? {expires_at: Time.now + MultiSession.expires} : {}
|
|
25
|
+
encrypted_and_signed_value = enc.encrypt_and_sign ActiveSupport::JSON.encode(new_session), expiry_options
|
|
26
|
+
else
|
|
27
|
+
encrypted_and_signed_value = enc.encrypt_and_sign ActiveSupport::JSON.encode(new_session)
|
|
28
|
+
end
|
|
27
29
|
|
|
28
30
|
raise ActionDispatch::Cookies::CookieOverflow if encrypted_and_signed_value.bytesize > ActionDispatch::Cookies::MAX_COOKIE_SIZE
|
|
29
31
|
|
|
@@ -36,22 +38,30 @@ module MultiSession
|
|
|
36
38
|
end
|
|
37
39
|
|
|
38
40
|
def update_expiration
|
|
39
|
-
|
|
41
|
+
multi_session_keys.each_key do |key|
|
|
40
42
|
self[key] = self[key] # decrypt and re-encrypt to force expires_at to update
|
|
41
43
|
end
|
|
42
44
|
end
|
|
43
45
|
|
|
44
46
|
private
|
|
45
47
|
|
|
48
|
+
def multi_session_keys
|
|
49
|
+
keys = if Rails.application.respond_to? :credentials
|
|
50
|
+
Rails.application.credentials[:multi_session_keys]
|
|
51
|
+
else
|
|
52
|
+
Rails.application.secrets[:multi_session_keys]
|
|
53
|
+
end
|
|
54
|
+
keys.symbolize_keys
|
|
55
|
+
end
|
|
56
|
+
|
|
46
57
|
def encryptor key
|
|
47
|
-
secret_key_base =
|
|
58
|
+
secret_key_base = multi_session_keys[key.to_sym]
|
|
48
59
|
raise ArgumentError.new("Rails.application.credentials[:multi_session_keys][:'#{key}'] has not been set.") unless secret_key_base.present?
|
|
49
60
|
|
|
50
61
|
encrypted_cookie_cipher = 'aes-256-gcm'
|
|
51
62
|
key_generator = ActiveSupport::CachingKeyGenerator.new ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
|
|
52
63
|
key_len = ActiveSupport::MessageEncryptor.key_len encrypted_cookie_cipher
|
|
53
|
-
|
|
54
|
-
secret = key_generator.generate_key(MultiSession.authenticated_encrypted_cookie_salt, key_len)
|
|
64
|
+
secret = key_generator.generate_key MultiSession.authenticated_encrypted_cookie_salt, key_len
|
|
55
65
|
|
|
56
66
|
ActiveSupport::MessageEncryptor.new secret, cipher: encrypted_cookie_cipher, serializer: ActiveSupport::MessageEncryptor::NullSerializer
|
|
57
67
|
end
|
data/spec/dummy/log/test.log
CHANGED
|
@@ -394,3 +394,130 @@ Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 a
|
|
|
394
394
|
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
395
395
|
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
396
396
|
Completed 200 OK in 37ms
|
|
397
|
+
Started GET "/" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
|
|
398
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
399
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
400
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (1.0ms)
|
|
401
|
+
Completed 200 OK in 10ms (Views: 7.9ms)
|
|
402
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
|
|
403
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
404
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
405
|
+
Completed 200 OK in 15ms
|
|
406
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
|
|
407
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
408
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
409
|
+
Rendering inline template
|
|
410
|
+
Rendered inline template (0.2ms)
|
|
411
|
+
Completed 200 OK in 10ms (Views: 0.6ms)
|
|
412
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:28:33 -0500
|
|
413
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
414
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
415
|
+
Completed 200 OK in 47ms
|
|
416
|
+
Started GET "/" for 127.0.0.1 at 2018-10-11 10:32:41 -0500
|
|
417
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
418
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
419
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (0.8ms)
|
|
420
|
+
Completed 200 OK in 9ms (Views: 7.1ms)
|
|
421
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:32:41 -0500
|
|
422
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
423
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
424
|
+
Completed 500 Internal Server Error in 8ms
|
|
425
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:32:41 -0500
|
|
426
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
427
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
428
|
+
Completed 500 Internal Server Error in 0ms
|
|
429
|
+
Started GET "/" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
|
|
430
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
431
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
432
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (1.4ms)
|
|
433
|
+
Completed 200 OK in 11ms (Views: 9.5ms)
|
|
434
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
|
|
435
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
436
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
437
|
+
Completed 200 OK in 19ms
|
|
438
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
|
|
439
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
440
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
441
|
+
Rendering inline template
|
|
442
|
+
Rendered inline template (0.2ms)
|
|
443
|
+
Completed 200 OK in 14ms (Views: 0.6ms)
|
|
444
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:34:15 -0500
|
|
445
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
446
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
447
|
+
Completed 200 OK in 44ms
|
|
448
|
+
Started GET "/" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
|
|
449
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
450
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
451
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (1.1ms)
|
|
452
|
+
Completed 200 OK in 9ms (Views: 6.9ms)
|
|
453
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
|
|
454
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
455
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
456
|
+
Completed 200 OK in 13ms
|
|
457
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
|
|
458
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
459
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
460
|
+
Rendering inline template
|
|
461
|
+
Rendered inline template (0.2ms)
|
|
462
|
+
Completed 200 OK in 19ms (Views: 0.6ms)
|
|
463
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-11 10:46:32 -0500
|
|
464
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
465
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
466
|
+
Completed 200 OK in 40ms
|
|
467
|
+
Started GET "/" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
|
|
468
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
469
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
470
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (1.1ms)
|
|
471
|
+
Completed 200 OK in 11ms (Views: 8.3ms)
|
|
472
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
|
|
473
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
474
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
475
|
+
Completed 200 OK in 17ms
|
|
476
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
|
|
477
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
478
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
479
|
+
Rendering inline template
|
|
480
|
+
Rendered inline template (0.5ms)
|
|
481
|
+
Completed 200 OK in 12ms (Views: 0.9ms)
|
|
482
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-12 09:39:57 -0500
|
|
483
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
484
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
485
|
+
Completed 200 OK in 37ms
|
|
486
|
+
Started GET "/" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
|
|
487
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
488
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
489
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (0.7ms)
|
|
490
|
+
Completed 200 OK in 8ms (Views: 6.1ms)
|
|
491
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
|
|
492
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
493
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
494
|
+
Completed 200 OK in 12ms
|
|
495
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
|
|
496
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
497
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
498
|
+
Rendering inline template
|
|
499
|
+
Rendered inline template (0.2ms)
|
|
500
|
+
Completed 200 OK in 11ms (Views: 0.8ms)
|
|
501
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-12 09:47:07 -0500
|
|
502
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
503
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
504
|
+
Completed 200 OK in 33ms
|
|
505
|
+
Started GET "/" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
|
|
506
|
+
Processing by MultiSessionTestController#some_action as HTML
|
|
507
|
+
Rendering multi_session_test/some_action.html.erb within layouts/application
|
|
508
|
+
Rendered multi_session_test/some_action.html.erb within layouts/application (0.8ms)
|
|
509
|
+
Completed 200 OK in 8ms (Views: 6.1ms)
|
|
510
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha&session_values[bbbb]=bravo&session_values[cccc]=charlie&session_values[dddd]=delta&session_values[eeee]=echo" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
|
|
511
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
512
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha", "bbbb"=>"bravo", "cccc"=>"charlie", "dddd"=>"delta", "eeee"=>"echo"}}
|
|
513
|
+
Completed 200 OK in 12ms
|
|
514
|
+
Started GET "/decrypt_multi_sessions?session_keys[]=aaaa&session_keys[]=bbbb&session_keys[]=cccc&session_keys[]=dddd&session_keys[]=eeee" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
|
|
515
|
+
Processing by MultiSessionTestController#decrypt_multi_sessions as HTML
|
|
516
|
+
Parameters: {"session_keys"=>["aaaa", "bbbb", "cccc", "dddd", "eeee"]}
|
|
517
|
+
Rendering inline template
|
|
518
|
+
Rendered inline template (0.2ms)
|
|
519
|
+
Completed 200 OK in 10ms (Views: 0.6ms)
|
|
520
|
+
Started GET "/encrypt_multi_sessions?session_values[aaaa]=alpha" for 127.0.0.1 at 2018-10-12 09:47:43 -0500
|
|
521
|
+
Processing by MultiSessionTestController#encrypt_multi_sessions as HTML
|
|
522
|
+
Parameters: {"session_values"=>{"aaaa"=>"alpha"}}
|
|
523
|
+
Completed 200 OK in 33ms
|
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: multi_session
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sean Huber
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-10-
|
|
11
|
+
date: 2018-10-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 5.2.
|
|
19
|
+
version: 5.2.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 5.2.
|
|
26
|
+
version: 5.2.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: coveralls
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|