rack-auth-cookie 0.6.0 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/lib/rack/auth/cookie.rb +16 -13
  2. data/rack-auth-cookie.gemspec +1 -1
  3. metadata +2 -2
data/lib/rack/auth/cookie.rb CHANGED
@@ -1,3 +1,4 @@
1
+ require 'json'
1
2
  require 'openssl'
2
3
  require 'rack/request'
3
4
 
@@ -55,15 +56,17 @@ module Rack
55
56
  return finish(@app, env, cookie_value)
56
57
  end
57
58
 
58
- auth_datetime = Time.at(hash_data['AUTH_DATETIME']).utc
59
- auth_expire_datetime = Time.at(hash_data['AUTH_EXPIRE_DATETIME']).utc
60
-
61
- if auth_expire_datetime < Time.now.utc
62
- auth_fail = "Timed out due to inactivity"
63
- end
64
-
65
- if auth_datetime + @@max_lifetime < Time.now.utc
66
- auth_fail = "Maximum session length exceeded"
59
+ if !auth_fail
60
+ auth_datetime = Time.at(hash_data['AUTH_DATETIME']).utc
61
+ auth_expire_datetime = Time.at(hash_data['AUTH_EXPIRE_DATETIME']).utc
62
+
63
+ if auth_expire_datetime < Time.now.utc
64
+ auth_fail = "Timed out due to inactivity"
65
+ end
66
+
67
+ if auth_datetime + @@max_lifetime < Time.now.utc
68
+ auth_fail = "Maximum session length exceeded"
69
+ end
67
70
  end
68
71
 
69
72
  if auth_fail
@@ -135,7 +138,7 @@ module Rack
135
138
  # Unpack the cookie data back to a hash
136
139
  begin
137
140
  unpacked_data = raw_data.unpack("m*").first
138
- hash_data = Marshal.load(unpacked_data)
141
+ hash_data = JSON.parse(unpacked_data)
139
142
  rescue
140
143
  raise "Unable to read cookie!"
141
144
  end
@@ -166,11 +169,11 @@ module Rack
166
169
  auth_info['AUTH_EXPIRE_DATETIME'] = Time.now.utc.to_i + @@idle_timeout
167
170
 
168
171
  # Pack the auth_info hash for cookie storage
169
- cookie_data = Marshal.dump(auth_info)
170
- cookie_data = [cookie_data].pack("m*")
172
+ json_data = auth_info.to_json
173
+ packed_data = [json_data].pack('m*')
171
174
 
172
175
  # Add a digest value to cookie_data to prevent tampering
173
- "#{cookie_data}--#{generate_hmac(cookie_data)}"
176
+ "#{packed_data}--#{generate_hmac(packed_data)}"
174
177
  end
175
178
 
176
179
  def self.create_auth_cookie(env)
data/rack-auth-cookie.gemspec CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
2
2
 
3
3
  Gem::Specification.new do |gem|
4
4
  gem.name = 'rack-auth-cookie'
5
- gem.version = '0.6.0'
5
+ gem.version = '0.7.0'
6
6
  gem.authors = ["Daniel Berger", "Charlie O'Keefe"]
7
7
  gem.email = 'cokeefe@globe.gov'
8
8
  gem.homepage = 'http://www.github.com/charlieok/rack-auth-cookie'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-auth-cookie
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Berger
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
12
 
13
- date: 2009-12-21 00:00:00 -07:00
13
+ date: 2009-12-30 00:00:00 -07:00
14
14
  default_executable:
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency