rack-session 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.md +23 -0
- data/lib/rack/session/abstract/id.rb +1 -1
- data/lib/rack/session/constants.rb +2 -0
- data/lib/rack/session/cookie.rb +26 -25
- data/lib/rack/session/encryptor.rb +1 -1
- data/lib/rack/session/version.rb +1 -12
- data/lib/rack/session.rb +2 -0
- metadata +8 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 50f1782c9cc160cdbcee7ac400f1d3643c5b2140e6024c5a1e9829df9d535441
|
|
4
|
+
data.tar.gz: cacc044559ef38fef31477da4e17173de8533e5970739e7bfc90678d38bf08e3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0b196f3055fdb3ccda5e0aff1a0aa3b852e1fb3676de3ed0508f2d92f2771e63c8b79ac8b3b7dc4c346467eadd178786e31b92501fb900418be6c7d0afe985de
|
|
7
|
+
data.tar.gz: 9d200ef0353f8efdf0a92f072db2765fd2be3cd391db47a603c31be9f0a29b16dfb421e20693e889c38204171680fc5f859046d823fe4aaf0a6a6f26300b25b4
|
data/LICENSE.md
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
The MIT License (MIT)
|
|
2
|
+
|
|
3
|
+
Copyright, 2007-2021, by [Leah Neukirchen](https://leahneukirchen.org).
|
|
4
|
+
Copyright, 2008, by Scytrin dai Kinthra.
|
|
5
|
+
Copyright, 2020, by [Michael Coyne](https://michaeljcoyne.me).
|
|
6
|
+
Copyright, 2021, by [Samuel G. D. Williams](https://www.codeotaku.com).
|
|
7
|
+
|
|
8
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
9
|
+
of this software and associated documentation files (the "Software"), to
|
|
10
|
+
deal in the Software without restriction, including without limitation the
|
|
11
|
+
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
|
12
|
+
sell copies of the Software, and to permit persons to whom the Software is
|
|
13
|
+
furnished to do so, subject to the following conditions:
|
|
14
|
+
|
|
15
|
+
The above copyright notice and this permission notice shall be included in
|
|
16
|
+
all copies or substantial portions of the Software.
|
|
17
|
+
|
|
18
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
19
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
20
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
21
|
+
THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
|
22
|
+
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
23
|
+
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/lib/rack/session/cookie.rb
CHANGED
|
@@ -202,39 +202,40 @@ module Rack
|
|
|
202
202
|
end
|
|
203
203
|
|
|
204
204
|
def extract_session_id(request)
|
|
205
|
-
unpacked_cookie_data(request)["session_id"
|
|
205
|
+
unpacked_cookie_data(request)&.[]("session_id")
|
|
206
206
|
end
|
|
207
207
|
|
|
208
208
|
def unpacked_cookie_data(request)
|
|
209
209
|
request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
|
|
210
|
-
cookie_data = request.cookies[@key]
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
210
|
+
if cookie_data = request.cookies[@key]
|
|
211
|
+
session_data = nil
|
|
212
|
+
|
|
213
|
+
# Try to decrypt the session data with our encryptors
|
|
214
|
+
encryptors.each do |encryptor|
|
|
215
|
+
begin
|
|
216
|
+
session_data = encryptor.decrypt(cookie_data)
|
|
217
|
+
break
|
|
218
|
+
rescue Rack::Session::Encryptor::Error => error
|
|
219
|
+
request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
|
|
220
|
+
|
|
221
|
+
next
|
|
222
|
+
end
|
|
222
223
|
end
|
|
223
|
-
end
|
|
224
224
|
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
225
|
+
# If session decryption fails but there is @legacy_hmac_secret
|
|
226
|
+
# defined, attempt legacy HMAC verification
|
|
227
|
+
if !session_data && @legacy_hmac_secret
|
|
228
|
+
# Parse and verify legacy HMAC session cookie
|
|
229
|
+
session_data, _, digest = cookie_data.rpartition('--')
|
|
230
|
+
session_data = nil unless legacy_digest_match?(session_data, digest)
|
|
231
231
|
|
|
232
|
-
|
|
233
|
-
|
|
232
|
+
# Decode using legacy HMAC decoder
|
|
233
|
+
session_data = @legacy_hmac_coder.decode(session_data)
|
|
234
234
|
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
235
|
+
elsif !session_data && coder
|
|
236
|
+
# Use the coder option, which has the potential to be very unsafe
|
|
237
|
+
session_data = coder.decode(cookie_data)
|
|
238
|
+
end
|
|
238
239
|
end
|
|
239
240
|
|
|
240
241
|
request.set_header(k, session_data || {})
|
|
@@ -26,7 +26,7 @@ module Rack
|
|
|
26
26
|
# Options may include:
|
|
27
27
|
# * :serialize_json
|
|
28
28
|
# Use JSON for message serialization instead of Marshal. This can be
|
|
29
|
-
# viewed as a security
|
|
29
|
+
# viewed as a security enhancement.
|
|
30
30
|
# * :pad_size
|
|
31
31
|
# Pad encrypted message data, to a multiple of this many bytes
|
|
32
32
|
# (default: 32). This can be between 2-4096 bytes, or +nil+ to disable
|
data/lib/rack/session/version.rb
CHANGED
|
@@ -1,18 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
# Copyright (C) 2007-2019 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
|
|
4
|
-
#
|
|
5
|
-
# Rack is freely distributable under the terms of an MIT-style license.
|
|
6
|
-
# See MIT-LICENSE or https://opensource.org/licenses/MIT.
|
|
7
|
-
|
|
8
|
-
# The Rack main module, serving as a namespace for all core Rack
|
|
9
|
-
# modules and classes.
|
|
10
|
-
#
|
|
11
|
-
# All modules meant for use in your application are <tt>autoload</tt>ed here,
|
|
12
|
-
# so it should be enough just to <tt>require 'rack'</tt> in your code.
|
|
13
|
-
|
|
14
3
|
module Rack
|
|
15
4
|
module Session
|
|
16
|
-
VERSION = "0.
|
|
5
|
+
VERSION = "0.3.0"
|
|
17
6
|
end
|
|
18
7
|
end
|
data/lib/rack/session.rb
CHANGED
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-session
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rack Contributors
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 3.0.0.beta1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 3.0.0.beta1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: minitest
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,6 +100,7 @@ executables: []
|
|
|
100
100
|
extensions: []
|
|
101
101
|
extra_rdoc_files: []
|
|
102
102
|
files:
|
|
103
|
+
- LICENSE.md
|
|
103
104
|
- lib/rack/session.rb
|
|
104
105
|
- lib/rack/session/abstract/id.rb
|
|
105
106
|
- lib/rack/session/constants.rb
|
|
@@ -126,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
126
127
|
- !ruby/object:Gem::Version
|
|
127
128
|
version: '0'
|
|
128
129
|
requirements: []
|
|
129
|
-
rubygems_version: 3.
|
|
130
|
+
rubygems_version: 3.4.0.dev
|
|
130
131
|
signing_key:
|
|
131
132
|
specification_version: 4
|
|
132
133
|
summary: A session implementation for Rack.
|