rack-auth-cookie 0.5.0 → 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -55,11 +55,14 @@ module Rack
55
55
  return finish(@app, env, cookie_value)
56
56
  end
57
57
 
58
- if hash_data["AUTH_EXPIRE_DATETIME"] < Time.now.utc
58
+ auth_datetime = Time.at(hash_data['AUTH_DATETIME']).utc
59
+ auth_expire_datetime = Time.at(hash_data['AUTH_EXPIRE_DATETIME']).utc
60
+
61
+ if auth_expire_datetime < Time.now.utc
59
62
  auth_fail = "Timed out due to inactivity"
60
63
  end
61
64
 
62
- if hash_data["AUTH_DATETIME"] + @@max_lifetime < Time.now.utc
65
+ if auth_datetime + @@max_lifetime < Time.now.utc
63
66
  auth_fail = "Maximum session length exceeded"
64
67
  end
65
68
 
@@ -74,8 +77,8 @@ module Rack
74
77
 
75
78
  env['AUTH_TYPE_THIS_REQUEST'] = "Cookie"
76
79
 
77
- env['AUTH_DATETIME'] = Time.at(hash_data['AUTH_DATETIME']).utc
78
- env['AUTH_EXPIRE_DATETIME'] = Time.at(hash_data['AUTH_EXPIRE_DATETIME']).utc
80
+ env['AUTH_DATETIME'] = auth_datetime
81
+ env['AUTH_EXPIRE_DATETIME'] = auth_expire_datetime
79
82
  end
80
83
 
81
84
  finish(@app, env, cookie_value)
@@ -99,11 +102,22 @@ module Rack
99
102
  end
100
103
  end
101
104
 
102
- # If the application isn't making any changes to the cookie, we can mess with it
105
+ # If the application isn't making any changes to the cookie, we can modify it
103
106
  if cookie_value_from_request && !response_cookie
104
- cookie = self.class.create_auth_cookie(env)
105
107
 
106
- headers["Set-Cookie"] << cookie
108
+ # If authentication succeeded earlier, send back a new token
109
+ if env['AUTH_USER']
110
+ cookie = self.class.create_auth_cookie(env)
111
+
112
+ headers["Set-Cookie"] << cookie
113
+ end
114
+
115
+ # If authentication failed earlier, tell the client to clear the cookie
116
+ if env['AUTH_FAIL']
117
+ cookie = self.class.create_clear_cookie(env)
118
+
119
+ headers["Set-Cookie"] << cookie
120
+ end
107
121
  end
108
122
 
109
123
  [status, headers, body]
@@ -167,6 +181,15 @@ module Rack
167
181
  cookie += "HttpOnly; "
168
182
  end
169
183
 
184
+ def self.create_clear_cookie(env)
185
+ cookie_value = ""
186
+ cookie = "#{@@cookie_name}=; "
187
+ cookie += "domain=.#{top_level_domain(env)}; "
188
+ cookie += "path=/; "
189
+ cookie += "expires=Thu, 01-Jan-1970 00:00:00 GMT; "
190
+ cookie += "HttpOnly; "
191
+ end
192
+
170
193
  def self.generate_hmac(data)
171
194
  OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, @@secret, data)
172
195
  end
@@ -2,7 +2,7 @@ require 'rubygems'
2
2
 
3
3
  Gem::Specification.new do |gem|
4
4
  gem.name = 'rack-auth-cookie'
5
- gem.version = '0.5.0'
5
+ gem.version = '0.5.1'
6
6
  gem.authors = ["Daniel Berger", "Charlie O'Keefe"]
7
7
  gem.email = 'cokeefe@globe.gov'
8
8
  gem.homepage = 'http://www.github.com/charlieok/rack-auth-cookie'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-auth-cookie
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Berger