rack-session 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE.md +23 -0
- data/lib/rack/session/abstract/id.rb +1 -1
- data/lib/rack/session/constants.rb +2 -0
- data/lib/rack/session/cookie.rb +26 -25
- data/lib/rack/session/encryptor.rb +1 -1
- data/lib/rack/session/version.rb +1 -12
- data/lib/rack/session.rb +2 -0
- metadata +8 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 50f1782c9cc160cdbcee7ac400f1d3643c5b2140e6024c5a1e9829df9d535441
|
|
4
|
+
data.tar.gz: cacc044559ef38fef31477da4e17173de8533e5970739e7bfc90678d38bf08e3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0b196f3055fdb3ccda5e0aff1a0aa3b852e1fb3676de3ed0508f2d92f2771e63c8b79ac8b3b7dc4c346467eadd178786e31b92501fb900418be6c7d0afe985de
|
|
7
|
+
data.tar.gz: 9d200ef0353f8efdf0a92f072db2765fd2be3cd391db47a603c31be9f0a29b16dfb421e20693e889c38204171680fc5f859046d823fe4aaf0a6a6f26300b25b4
|
data/LICENSE.md
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
The MIT License (MIT)
|
|
2
|
+
|
|
3
|
+
Copyright, 2007-2021, by [Leah Neukirchen](https://leahneukirchen.org).
|
|
4
|
+
Copyright, 2008, by Scytrin dai Kinthra.
|
|
5
|
+
Copyright, 2020, by [Michael Coyne](https://michaeljcoyne.me).
|
|
6
|
+
Copyright, 2021, by [Samuel G. D. Williams](https://www.codeotaku.com).
|
|
7
|
+
|
|
8
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
9
|
+
of this software and associated documentation files (the "Software"), to
|
|
10
|
+
deal in the Software without restriction, including without limitation the
|
|
11
|
+
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
|
12
|
+
sell copies of the Software, and to permit persons to whom the Software is
|
|
13
|
+
furnished to do so, subject to the following conditions:
|
|
14
|
+
|
|
15
|
+
The above copyright notice and this permission notice shall be included in
|
|
16
|
+
all copies or substantial portions of the Software.
|
|
17
|
+
|
|
18
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
19
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
20
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
21
|
+
THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
|
22
|
+
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
23
|
+
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/lib/rack/session/cookie.rb
CHANGED
|
@@ -202,39 +202,40 @@ module Rack
|
|
|
202
202
|
end
|
|
203
203
|
|
|
204
204
|
def extract_session_id(request)
|
|
205
|
-
unpacked_cookie_data(request)["session_id"
|
|
205
|
+
unpacked_cookie_data(request)&.[]("session_id")
|
|
206
206
|
end
|
|
207
207
|
|
|
208
208
|
def unpacked_cookie_data(request)
|
|
209
209
|
request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
|
|
210
|
-
cookie_data = request.cookies[@key]
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
210
|
+
if cookie_data = request.cookies[@key]
|
|
211
|
+
session_data = nil
|
|
212
|
+
|
|
213
|
+
# Try to decrypt the session data with our encryptors
|
|
214
|
+
encryptors.each do |encryptor|
|
|
215
|
+
begin
|
|
216
|
+
session_data = encryptor.decrypt(cookie_data)
|
|
217
|
+
break
|
|
218
|
+
rescue Rack::Session::Encryptor::Error => error
|
|
219
|
+
request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
|
|
220
|
+
|
|
221
|
+
next
|
|
222
|
+
end
|
|
222
223
|
end
|
|
223
|
-
end
|
|
224
224
|
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
225
|
+
# If session decryption fails but there is @legacy_hmac_secret
|
|
226
|
+
# defined, attempt legacy HMAC verification
|
|
227
|
+
if !session_data && @legacy_hmac_secret
|
|
228
|
+
# Parse and verify legacy HMAC session cookie
|
|
229
|
+
session_data, _, digest = cookie_data.rpartition('--')
|
|
230
|
+
session_data = nil unless legacy_digest_match?(session_data, digest)
|
|
231
231
|
|
|
232
|
-
|
|
233
|
-
|
|
232
|
+
# Decode using legacy HMAC decoder
|
|
233
|
+
session_data = @legacy_hmac_coder.decode(session_data)
|
|
234
234
|
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
235
|
+
elsif !session_data && coder
|
|
236
|
+
# Use the coder option, which has the potential to be very unsafe
|
|
237
|
+
session_data = coder.decode(cookie_data)
|
|
238
|
+
end
|
|
238
239
|
end
|
|
239
240
|
|
|
240
241
|
request.set_header(k, session_data || {})
|
|
@@ -26,7 +26,7 @@ module Rack
|
|
|
26
26
|
# Options may include:
|
|
27
27
|
# * :serialize_json
|
|
28
28
|
# Use JSON for message serialization instead of Marshal. This can be
|
|
29
|
-
# viewed as a security
|
|
29
|
+
# viewed as a security enhancement.
|
|
30
30
|
# * :pad_size
|
|
31
31
|
# Pad encrypted message data, to a multiple of this many bytes
|
|
32
32
|
# (default: 32). This can be between 2-4096 bytes, or +nil+ to disable
|
data/lib/rack/session/version.rb
CHANGED
|
@@ -1,18 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
# Copyright (C) 2007-2019 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
|
|
4
|
-
#
|
|
5
|
-
# Rack is freely distributable under the terms of an MIT-style license.
|
|
6
|
-
# See MIT-LICENSE or https://opensource.org/licenses/MIT.
|
|
7
|
-
|
|
8
|
-
# The Rack main module, serving as a namespace for all core Rack
|
|
9
|
-
# modules and classes.
|
|
10
|
-
#
|
|
11
|
-
# All modules meant for use in your application are <tt>autoload</tt>ed here,
|
|
12
|
-
# so it should be enough just to <tt>require 'rack'</tt> in your code.
|
|
13
|
-
|
|
14
3
|
module Rack
|
|
15
4
|
module Session
|
|
16
|
-
VERSION = "0.
|
|
5
|
+
VERSION = "0.3.0"
|
|
17
6
|
end
|
|
18
7
|
end
|
data/lib/rack/session.rb
CHANGED
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-session
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rack Contributors
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 3.0.0.beta1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 3.0.0.beta1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: minitest
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,6 +100,7 @@ executables: []
|
|
|
100
100
|
extensions: []
|
|
101
101
|
extra_rdoc_files: []
|
|
102
102
|
files:
|
|
103
|
+
- LICENSE.md
|
|
103
104
|
- lib/rack/session.rb
|
|
104
105
|
- lib/rack/session/abstract/id.rb
|
|
105
106
|
- lib/rack/session/constants.rb
|
|
@@ -126,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
126
127
|
- !ruby/object:Gem::Version
|
|
127
128
|
version: '0'
|
|
128
129
|
requirements: []
|
|
129
|
-
rubygems_version: 3.
|
|
130
|
+
rubygems_version: 3.4.0.dev
|
|
130
131
|
signing_key:
|
|
131
132
|
specification_version: 4
|
|
132
133
|
summary: A session implementation for Rack.
|