rack-auth-cookie 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. data/lib/rack/auth/cookie.rb +16 -13
  2. data/rack-auth-cookie.gemspec +1 -1
  3. metadata +2 -2
data/lib/rack/auth/cookie.rb CHANGED
@@ -1,3 +1,4 @@
1
+ require 'json'
1
2
  require 'openssl'
2
3
  require 'rack/request'
3
4
 
@@ -55,15 +56,17 @@ module Rack
55
56
  return finish(@app, env, cookie_value)
56
57
  end
57
58
 
58
- auth_datetime = Time.at(hash_data['AUTH_DATETIME']).utc
59
- auth_expire_datetime = Time.at(hash_data['AUTH_EXPIRE_DATETIME']).utc
60
-
61
- if auth_expire_datetime < Time.now.utc
62
- auth_fail = "Timed out due to inactivity"
63
- end
64
-
65
- if auth_datetime + @@max_lifetime < Time.now.utc
66
- auth_fail = "Maximum session length exceeded"
59
+ if !auth_fail
60
+ auth_datetime = Time.at(hash_data['AUTH_DATETIME']).utc
61
+ auth_expire_datetime = Time.at(hash_data['AUTH_EXPIRE_DATETIME']).utc
62
+
63
+ if auth_expire_datetime < Time.now.utc
64
+ auth_fail = "Timed out due to inactivity"
65
+ end
66
+
67
+ if auth_datetime + @@max_lifetime < Time.now.utc
68
+ auth_fail = "Maximum session length exceeded"
69
+ end
67
70
  end
68
71
 
69
72
  if auth_fail
@@ -135,7 +138,7 @@ module Rack
135
138
  # Unpack the cookie data back to a hash
136
139
  begin
137
140
  unpacked_data = raw_data.unpack("m*").first
138
- hash_data = Marshal.load(unpacked_data)
141
+ hash_data = JSON.parse(unpacked_data)
139
142
  rescue
140
143
  raise "Unable to read cookie!"
141
144
  end
@@ -166,11 +169,11 @@ module Rack
166
169
  auth_info['AUTH_EXPIRE_DATETIME'] = Time.now.utc.to_i + @@idle_timeout
167
170
 
168
171
  # Pack the auth_info hash for cookie storage
169
- cookie_data = Marshal.dump(auth_info)
170
- cookie_data = [cookie_data].pack("m*")
172
+ json_data = auth_info.to_json
173
+ packed_data = [json_data].pack('m*')
171
174
 
172
175
  # Add a digest value to cookie_data to prevent tampering
173
- "#{cookie_data}--#{generate_hmac(cookie_data)}"
176
+ "#{packed_data}--#{generate_hmac(packed_data)}"
174
177
  end
175
178
 
176
179
  def self.create_auth_cookie(env)
data/rack-auth-cookie.gemspec CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
2
2
 
3
3
  Gem::Specification.new do |gem|
4
4
  gem.name = 'rack-auth-cookie'
5
- gem.version = '0.6.0'
5
+ gem.version = '0.7.0'
6
6
  gem.authors = ["Daniel Berger", "Charlie O'Keefe"]
7
7
  gem.email = 'cokeefe@globe.gov'
8
8
  gem.homepage = 'http://www.github.com/charlieok/rack-auth-cookie'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-auth-cookie
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Berger
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
12
 
13
- date: 2009-12-21 00:00:00 -07:00
13
+ date: 2009-12-30 00:00:00 -07:00
14
14
  default_executable:
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency