panda_pal 5.0.0.beta.1 → 5.0.0.beta.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/panda_pal/helpers/controller_helper.rb +9 -2
- data/lib/panda_pal/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 71c014369a46408099c365ffcaf1c28364b741ad04debd70a8578781e282910f
|
4
|
+
data.tar.gz: 51799f778547d13a38c21eca3c1469bde737b769bad706655782aba2e86a4344
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b60d3aa8b0a9448977fd510a998f9c486d64b09d78f9f82d18aca8c2b415a76075735e14a2e7d619677757200082191051b1cca30df7102dacc307e112aacd6b
|
7
|
+
data.tar.gz: 3f42d6f23b1d0e77a53cce6ce4d1dabf60bf0fbb35fc5557ed46cd797c954728d226f42674301a4a0f97913511f17d6b11c54c1a5c44510459ab8c6f42e1b07c
|
@@ -129,6 +129,10 @@ module PandaPal::Helpers::ControllerHelper
|
|
129
129
|
end
|
130
130
|
|
131
131
|
def session_key
|
132
|
+
if params[:encrypted_session_key]
|
133
|
+
crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31])
|
134
|
+
return crypt.decrypt_and_verify(params[:encrypted_session_key])
|
135
|
+
end
|
132
136
|
params[:session_key] || session_key_header || flash[:session_key] || session[:session_key]
|
133
137
|
end
|
134
138
|
|
@@ -139,7 +143,8 @@ module PandaPal::Helpers::ControllerHelper
|
|
139
143
|
end
|
140
144
|
|
141
145
|
# Redirect with the session key intact. In production,
|
142
|
-
# handle this by
|
146
|
+
# handle this by encrypting the session key. That way if the
|
147
|
+
# url is logged anywhere, it will all be encrypted data. In dev,
|
143
148
|
# just put it in the URL. Putting it in the URL
|
144
149
|
# is insecure, but is fine in development.
|
145
150
|
# Keeping it in the URL in development means that it plays
|
@@ -162,8 +167,10 @@ module PandaPal::Helpers::ControllerHelper
|
|
162
167
|
end
|
163
168
|
|
164
169
|
def redirect_production_mode(location, params)
|
165
|
-
|
170
|
+
crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31])
|
171
|
+
encrypted_data = crypt.encrypt_and_sign(current_session.session_key)
|
166
172
|
redirect_to send(location, {
|
173
|
+
encrypted_session_key: encrypted_data,
|
167
174
|
organization_id: current_organization.id
|
168
175
|
}.merge(params))
|
169
176
|
end
|
data/lib/panda_pal/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: panda_pal
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0.0.beta.
|
4
|
+
version: 5.0.0.beta.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Instructure ProServe
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-05-
|
11
|
+
date: 2020-05-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|