rack-session-smart_cookie 0.1.4 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +5 -5
  2. data/Gemfile +0 -2
  3. data/README.md +11 -0
  4. data/lib/rack/session/smart_cookie.rb +9 -4
  5. data/lib/rack/session/smart_cookie/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: e83bdebac8d1746d4918c878dfa16fdfcd8f4b03
4
- data.tar.gz: 77739204186ab0b9d50c0b15abca508d326cb990
2
+ SHA256:
3
+ metadata.gz: e5ffffe8cd308cab83819695f464b794182ff28f8c8abf8321d8914b2139eb54
4
+ data.tar.gz: 7090e3b03755ed1d151ffa726c843a77956c2b5cf37aa0635efed714252418e5
5
5
  SHA512:
6
- metadata.gz: 4b026b789349a4e07d5da56fb01ae3012f62ff91b0cea6b87e7fdb89589638f5721cc1bbb9b0b88a4443ed351541785fe1f92cb74c95f3d64a143b22e5baa60e
7
- data.tar.gz: 1642c2bf3230c4b6f0e0ad0e52dccc7a2073f11982d1019b9b1ee3dddf9d6dc42e1146f7591820fbdca7876d12a5e072a7382a3e2140a96e771ab033053ed00e
6
+ metadata.gz: 431867d1ebd8cde589311165c7f66840e2db71d847548b29ab94032a5b30f476b87b884fd2c452c2d3b05e61831ce0826335e14da7245cf8c900cb3b536278b0
7
+ data.tar.gz: efa109695b73584d769ebb74b357db722d8e36fc0b19ea1f16b550bb87574ffa13ae61626a103124515a5851b481c8b56619e95741db10d2dde62e8ae3118376
data/Gemfile CHANGED
@@ -3,5 +3,3 @@ source 'https://rubygems.org'
3
3
  git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
4
4
 
5
5
  gemspec
6
-
7
- gem 'openssl', '>= 2.0.3'
data/README.md CHANGED
@@ -94,6 +94,17 @@ use Rack::Session::SmartCookie, :coder=>my_coder
94
94
 
95
95
  Please see the [MessagePack][3] documentation for more details.
96
96
 
97
+ Rack::Session::SmartCookie also accepts `:digest` and `:digest_bytes` options
98
+ that allow you to choose the message digest algorithm and limit the size of the
99
+ generated digest. This lets you e.g. truncate 64-byte HMAC-SHA512 digests down
100
+ to 32 bytes (i.e. HMAC-SHA512/256):
101
+
102
+ ```
103
+ use Rack::Session::SmartCookie, :digest=>'SHA512', :digest_bytes=>32
104
+ ```
105
+
106
+ The `:hmac` option overrides the `:digest` option.
107
+
97
108
  ## Comparisons
98
109
 
99
110
  For general size and performance benchmarks of the encoding schemes, see
data/lib/rack/session/smart_cookie.rb CHANGED
@@ -70,12 +70,14 @@ module Rack
70
70
 
71
71
  def initialize(app, options={})
72
72
  options[:coder] ||= MessagePack.new
73
- options[:hmac] = OpenSSL::Digest(DEFAULT_DIGEST) unless options.key?(:hmac)
73
+ unless options.key?(:hmac)
74
+ options[:hmac] = OpenSSL::Digest(options.fetch(:digest, DEFAULT_DIGEST))
75
+ end
74
76
 
75
77
  super
76
78
 
77
79
  if @secrets.any?
78
- hmac = options[:hmac].new
80
+ hmac = options[:hmac].new # throwaway object for inspection purposes
79
81
 
80
82
  warn <<-MSG if BAD_DIGESTS.include?(hmac.name)
81
83
  SECURITY WARNING: You have elected to use an old and insecure message
@@ -90,7 +92,7 @@ module Rack
90
92
  Called from: #{caller[0]}.
91
93
  MSG
92
94
 
93
- unless (SECRET_MIN_BYTESIZE..hmac.block_length).cover?(@secrets.first.bytesize)
95
+ unless (SECRET_MIN_BYTESIZE .. hmac.block_length).cover?(@secrets.first.bytesize)
94
96
  show_caveat = hmac.digest_length > SECRET_MIN_BYTESIZE
95
97
 
96
98
  message = String.new(<<-MSG)
@@ -112,6 +114,8 @@ module Rack
112
114
  warn message
113
115
  end
114
116
  end
117
+
118
+ @digest_bytes = options[:digest_bytes]
115
119
  end
116
120
 
117
121
  private
@@ -149,7 +153,8 @@ module Rack
149
153
  end
150
154
 
151
155
  def generate_hmac(data, secret)
152
- Base64.encode(OpenSSL::HMAC.digest(@hmac.new, secret, data))
156
+ digest = OpenSSL::HMAC.digest(@hmac.new, secret, data)
157
+ Base64.encode(@digest_bytes ? digest.byteslice(0, @digest_bytes) : digest)
153
158
  end
154
159
  end
155
160
  end
data/lib/rack/session/smart_cookie/version.rb CHANGED
@@ -10,7 +10,7 @@ module Rack
10
10
  Cookie = Class.new unless defined?(Cookie)
11
11
 
12
12
  class SmartCookie < Cookie
13
- VERSION = '0.1.4'.freeze
13
+ VERSION = '0.2.0'.freeze
14
14
  end
15
15
  end
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-session-smart_cookie
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Pastore
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-11-02 00:00:00.000000000 Z
11
+ date: 2018-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: msgpack
@@ -147,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
147
147
  version: '0'
148
148
  requirements: []
149
149
  rubyforge_project:
150
- rubygems_version: 2.6.13
150
+ rubygems_version: 2.7.6
151
151
  signing_key:
152
152
  specification_version: 4
153
153
  summary: Slightly smarter session cookies for Rack 2 apps