rack-session-smart_cookie 0.1.4 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +5 -5
  2. data/Gemfile +0 -2
  3. data/README.md +11 -0
  4. data/lib/rack/session/smart_cookie.rb +9 -4
  5. data/lib/rack/session/smart_cookie/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: e83bdebac8d1746d4918c878dfa16fdfcd8f4b03
4
- data.tar.gz: 77739204186ab0b9d50c0b15abca508d326cb990
2
+ SHA256:
3
+ metadata.gz: e5ffffe8cd308cab83819695f464b794182ff28f8c8abf8321d8914b2139eb54
4
+ data.tar.gz: 7090e3b03755ed1d151ffa726c843a77956c2b5cf37aa0635efed714252418e5
5
5
  SHA512:
6
- metadata.gz: 4b026b789349a4e07d5da56fb01ae3012f62ff91b0cea6b87e7fdb89589638f5721cc1bbb9b0b88a4443ed351541785fe1f92cb74c95f3d64a143b22e5baa60e
7
- data.tar.gz: 1642c2bf3230c4b6f0e0ad0e52dccc7a2073f11982d1019b9b1ee3dddf9d6dc42e1146f7591820fbdca7876d12a5e072a7382a3e2140a96e771ab033053ed00e
6
+ metadata.gz: 431867d1ebd8cde589311165c7f66840e2db71d847548b29ab94032a5b30f476b87b884fd2c452c2d3b05e61831ce0826335e14da7245cf8c900cb3b536278b0
7
+ data.tar.gz: efa109695b73584d769ebb74b357db722d8e36fc0b19ea1f16b550bb87574ffa13ae61626a103124515a5851b481c8b56619e95741db10d2dde62e8ae3118376
data/Gemfile CHANGED
@@ -3,5 +3,3 @@ source 'https://rubygems.org'
3
3
  git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
4
4
 
5
5
  gemspec
6
-
7
- gem 'openssl', '>= 2.0.3'
data/README.md CHANGED
@@ -94,6 +94,17 @@ use Rack::Session::SmartCookie, :coder=>my_coder
94
94
 
95
95
  Please see the [MessagePack][3] documentation for more details.
96
96
 
97
+ Rack::Session::SmartCookie also accepts `:digest` and `:digest_bytes` options
98
+ that allow you to choose the message digest algorithm and limit the size of the
99
+ generated digest. This lets you e.g. truncate 64-byte HMAC-SHA512 digests down
100
+ to 32 bytes (i.e. HMAC-SHA512/256):
101
+
102
+ ```
103
+ use Rack::Session::SmartCookie, :digest=>'SHA512', :digest_bytes=>32
104
+ ```
105
+
106
+ The `:hmac` option overrides the `:digest` option.
107
+
97
108
  ## Comparisons
98
109
 
99
110
  For general size and performance benchmarks of the encoding schemes, see
data/lib/rack/session/smart_cookie.rb CHANGED
@@ -70,12 +70,14 @@ module Rack
70
70
 
71
71
  def initialize(app, options={})
72
72
  options[:coder] ||= MessagePack.new
73
- options[:hmac] = OpenSSL::Digest(DEFAULT_DIGEST) unless options.key?(:hmac)
73
+ unless options.key?(:hmac)
74
+ options[:hmac] = OpenSSL::Digest(options.fetch(:digest, DEFAULT_DIGEST))
75
+ end
74
76
 
75
77
  super
76
78
 
77
79
  if @secrets.any?
78
- hmac = options[:hmac].new
80
+ hmac = options[:hmac].new # throwaway object for inspection purposes
79
81
 
80
82
  warn <<-MSG if BAD_DIGESTS.include?(hmac.name)
81
83
  SECURITY WARNING: You have elected to use an old and insecure message
@@ -90,7 +92,7 @@ module Rack
90
92
  Called from: #{caller[0]}.
91
93
  MSG
92
94
 
93
- unless (SECRET_MIN_BYTESIZE..hmac.block_length).cover?(@secrets.first.bytesize)
95
+ unless (SECRET_MIN_BYTESIZE .. hmac.block_length).cover?(@secrets.first.bytesize)
94
96
  show_caveat = hmac.digest_length > SECRET_MIN_BYTESIZE
95
97
 
96
98
  message = String.new(<<-MSG)
@@ -112,6 +114,8 @@ module Rack
112
114
  warn message
113
115
  end
114
116
  end
117
+
118
+ @digest_bytes = options[:digest_bytes]
115
119
  end
116
120
 
117
121
  private
@@ -149,7 +153,8 @@ module Rack
149
153
  end
150
154
 
151
155
  def generate_hmac(data, secret)
152
- Base64.encode(OpenSSL::HMAC.digest(@hmac.new, secret, data))
156
+ digest = OpenSSL::HMAC.digest(@hmac.new, secret, data)
157
+ Base64.encode(@digest_bytes ? digest.byteslice(0, @digest_bytes) : digest)
153
158
  end
154
159
  end
155
160
  end
data/lib/rack/session/smart_cookie/version.rb CHANGED
@@ -10,7 +10,7 @@ module Rack
10
10
  Cookie = Class.new unless defined?(Cookie)
11
11
 
12
12
  class SmartCookie < Cookie
13
- VERSION = '0.1.4'.freeze
13
+ VERSION = '0.2.0'.freeze
14
14
  end
15
15
  end
16
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-session-smart_cookie
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Pastore
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-11-02 00:00:00.000000000 Z
11
+ date: 2018-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: msgpack
@@ -147,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
147
147
  version: '0'
148
148
  requirements: []
149
149
  rubyforge_project:
150
- rubygems_version: 2.6.13
150
+ rubygems_version: 2.7.6
151
151
  signing_key:
152
152
  specification_version: 4
153
153
  summary: Slightly smarter session cookies for Rack 2 apps