panda_pal 5.0.0.beta.1 → 5.0.0.beta.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 417de10d63af26bbeadb9b1fa5d57f74fad8070dec477ecf42f7ba914c46be4e
4
- data.tar.gz: '0268833a242fda47935ec01207644c3a74daaa31b37b311401ac216b9e34f9bf'
3
+ metadata.gz: 71c014369a46408099c365ffcaf1c28364b741ad04debd70a8578781e282910f
4
+ data.tar.gz: 51799f778547d13a38c21eca3c1469bde737b769bad706655782aba2e86a4344
5
5
  SHA512:
6
- metadata.gz: 1093764dca3b51778eb98cf8c8ce64bc88af73fb970e9f61597c3f71c92761729ad636ea156da7f2aad7d656ca2f35311f4cce72a338c3eb49f8cb85b788f229
7
- data.tar.gz: ee960dc3a06b1da790af9ce3f9a7e6bb76bb06e75a2645097654833226ed84f1f9655455c396607b74981879bed44029147b55ead6efc6437b4abe1c9feb4699
6
+ metadata.gz: b60d3aa8b0a9448977fd510a998f9c486d64b09d78f9f82d18aca8c2b415a76075735e14a2e7d619677757200082191051b1cca30df7102dacc307e112aacd6b
7
+ data.tar.gz: 3f42d6f23b1d0e77a53cce6ce4d1dabf60bf0fbb35fc5557ed46cd797c954728d226f42674301a4a0f97913511f17d6b11c54c1a5c44510459ab8c6f42e1b07c
@@ -129,6 +129,10 @@ module PandaPal::Helpers::ControllerHelper
129
129
  end
130
130
 
131
131
  def session_key
132
+ if params[:encrypted_session_key]
133
+ crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31])
134
+ return crypt.decrypt_and_verify(params[:encrypted_session_key])
135
+ end
132
136
  params[:session_key] || session_key_header || flash[:session_key] || session[:session_key]
133
137
  end
134
138
 
@@ -139,7 +143,8 @@ module PandaPal::Helpers::ControllerHelper
139
143
  end
140
144
 
141
145
  # Redirect with the session key intact. In production,
142
- # handle this by saving it to the flash. In dev,
146
+ # handle this by encrypting the session key. That way if the
147
+ # url is logged anywhere, it will all be encrypted data. In dev,
143
148
  # just put it in the URL. Putting it in the URL
144
149
  # is insecure, but is fine in development.
145
150
  # Keeping it in the URL in development means that it plays
@@ -162,8 +167,10 @@ module PandaPal::Helpers::ControllerHelper
162
167
  end
163
168
 
164
169
  def redirect_production_mode(location, params)
165
- flash['session_key'] = current_session.session_key
170
+ crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31])
171
+ encrypted_data = crypt.encrypt_and_sign(current_session.session_key)
166
172
  redirect_to send(location, {
173
+ encrypted_session_key: encrypted_data,
167
174
  organization_id: current_organization.id
168
175
  }.merge(params))
169
176
  end
@@ -1,3 +1,3 @@
1
1
  module PandaPal
2
- VERSION = "5.0.0.beta.1"
2
+ VERSION = "5.0.0.beta.2"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: panda_pal
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.0.beta.1
4
+ version: 5.0.0.beta.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Instructure ProServe
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-20 00:00:00.000000000 Z
11
+ date: 2020-05-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails