panda_pal 5.0.0.beta.1 → 5.0.0.beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/panda_pal/helpers/controller_helper.rb +9 -2
  3. data/lib/panda_pal/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 417de10d63af26bbeadb9b1fa5d57f74fad8070dec477ecf42f7ba914c46be4e
4
- data.tar.gz: '0268833a242fda47935ec01207644c3a74daaa31b37b311401ac216b9e34f9bf'
3
+ metadata.gz: 71c014369a46408099c365ffcaf1c28364b741ad04debd70a8578781e282910f
4
+ data.tar.gz: 51799f778547d13a38c21eca3c1469bde737b769bad706655782aba2e86a4344
5
5
  SHA512:
6
- metadata.gz: 1093764dca3b51778eb98cf8c8ce64bc88af73fb970e9f61597c3f71c92761729ad636ea156da7f2aad7d656ca2f35311f4cce72a338c3eb49f8cb85b788f229
7
- data.tar.gz: ee960dc3a06b1da790af9ce3f9a7e6bb76bb06e75a2645097654833226ed84f1f9655455c396607b74981879bed44029147b55ead6efc6437b4abe1c9feb4699
6
+ metadata.gz: b60d3aa8b0a9448977fd510a998f9c486d64b09d78f9f82d18aca8c2b415a76075735e14a2e7d619677757200082191051b1cca30df7102dacc307e112aacd6b
7
+ data.tar.gz: 3f42d6f23b1d0e77a53cce6ce4d1dabf60bf0fbb35fc5557ed46cd797c954728d226f42674301a4a0f97913511f17d6b11c54c1a5c44510459ab8c6f42e1b07c
data/lib/panda_pal/helpers/controller_helper.rb CHANGED
@@ -129,6 +129,10 @@ module PandaPal::Helpers::ControllerHelper
129
129
  end
130
130
 
131
131
  def session_key
132
+ if params[:encrypted_session_key]
133
+ crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31])
134
+ return crypt.decrypt_and_verify(params[:encrypted_session_key])
135
+ end
132
136
  params[:session_key] || session_key_header || flash[:session_key] || session[:session_key]
133
137
  end
134
138
 
@@ -139,7 +143,8 @@ module PandaPal::Helpers::ControllerHelper
139
143
  end
140
144
 
141
145
  # Redirect with the session key intact. In production,
142
- # handle this by saving it to the flash. In dev,
146
+ # handle this by encrypting the session key. That way if the
147
+ # url is logged anywhere, it will all be encrypted data. In dev,
143
148
  # just put it in the URL. Putting it in the URL
144
149
  # is insecure, but is fine in development.
145
150
  # Keeping it in the URL in development means that it plays
@@ -162,8 +167,10 @@ module PandaPal::Helpers::ControllerHelper
162
167
  end
163
168
 
164
169
  def redirect_production_mode(location, params)
165
- flash['session_key'] = current_session.session_key
170
+ crypt = ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base[0..31])
171
+ encrypted_data = crypt.encrypt_and_sign(current_session.session_key)
166
172
  redirect_to send(location, {
173
+ encrypted_session_key: encrypted_data,
167
174
  organization_id: current_organization.id
168
175
  }.merge(params))
169
176
  end
data/lib/panda_pal/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module PandaPal
2
- VERSION = "5.0.0.beta.1"
2
+ VERSION = "5.0.0.beta.2"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: panda_pal
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.0.beta.1
4
+ version: 5.0.0.beta.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Instructure ProServe
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-20 00:00:00.000000000 Z
11
+ date: 2020-05-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails