rack-session 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bb2330b8031f50a3d80ca25857aac9db3636ed03d90aad824c8a191ec74cb4a3
4
- data.tar.gz: 40323d8725c0a23f017d2017c29ee3abfa2fb811b13d12492d62e28e2a6b8274
3
+ metadata.gz: 50f1782c9cc160cdbcee7ac400f1d3643c5b2140e6024c5a1e9829df9d535441
4
+ data.tar.gz: cacc044559ef38fef31477da4e17173de8533e5970739e7bfc90678d38bf08e3
5
5
  SHA512:
6
- metadata.gz: 227c65c2acd9f8f05d76a424200e2c151006fb37ef271fde09f4ac73abb5ef8fc91dd9accf75cc901e9d09bc1347a38990dbe590d8f017fa59a4cb67e1b70536
7
- data.tar.gz: dc24af294baf201629cc0ddd362cbe614acda5408acdb48be12e00b1ba8d567ee69a6f2d831cbc35a3e7b389f06a44e2b2c65234143686e5ab4f5ce6dbe7eb94
6
+ metadata.gz: 0b196f3055fdb3ccda5e0aff1a0aa3b852e1fb3676de3ed0508f2d92f2771e63c8b79ac8b3b7dc4c346467eadd178786e31b92501fb900418be6c7d0afe985de
7
+ data.tar.gz: 9d200ef0353f8efdf0a92f072db2765fd2be3cd391db47a603c31be9f0a29b16dfb421e20693e889c38204171680fc5f859046d823fe4aaf0a6a6f26300b25b4
data/LICENSE.md ADDED
@@ -0,0 +1,23 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright, 2007-2021, by [Leah Neukirchen](https://leahneukirchen.org).
4
+ Copyright, 2008, by Scytrin dai Kinthra.
5
+ Copyright, 2020, by [Michael Coyne](https://michaeljcoyne.me).
6
+ Copyright, 2021, by [Samuel G. D. Williams](https://www.codeotaku.com).
7
+
8
+ Permission is hereby granted, free of charge, to any person obtaining a copy
9
+ of this software and associated documentation files (the "Software"), to
10
+ deal in the Software without restriction, including without limitation the
11
+ rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
12
+ sell copies of the Software, and to permit persons to whom the Software is
13
+ furnished to do so, subject to the following conditions:
14
+
15
+ The above copyright notice and this permission notice shall be included in
16
+ all copies or substantial portions of the Software.
17
+
18
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21
+ THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
22
+ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
23
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -250,7 +250,7 @@ module Rack
250
250
  secure_random: ::SecureRandom
251
251
  }.freeze
252
252
 
253
- attr_reader :key, :default_options, :sid_secure
253
+ attr_reader :key, :default_options, :sid_secure, :same_site
254
254
 
255
255
  def initialize(app, options = {})
256
256
  @app = app
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Rack
2
4
  module Session
3
5
  RACK_SESSION = 'rack.session'
@@ -202,39 +202,40 @@ module Rack
202
202
  end
203
203
 
204
204
  def extract_session_id(request)
205
- unpacked_cookie_data(request)["session_id"]
205
+ unpacked_cookie_data(request)&.[]("session_id")
206
206
  end
207
207
 
208
208
  def unpacked_cookie_data(request)
209
209
  request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
210
- cookie_data = request.cookies[@key]
211
- session_data = nil
212
-
213
- # Try to decrypt the session data with our encryptors
214
- encryptors.each do |encryptor|
215
- begin
216
- session_data = encryptor.decrypt(cookie_data) if cookie_data
217
- break
218
- rescue Rack::Session::Encryptor::Error => error
219
- request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
220
-
221
- next
210
+ if cookie_data = request.cookies[@key]
211
+ session_data = nil
212
+
213
+ # Try to decrypt the session data with our encryptors
214
+ encryptors.each do |encryptor|
215
+ begin
216
+ session_data = encryptor.decrypt(cookie_data)
217
+ break
218
+ rescue Rack::Session::Encryptor::Error => error
219
+ request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
220
+
221
+ next
222
+ end
222
223
  end
223
- end
224
224
 
225
- # If session decryption fails but there is @legacy_hmac_secret
226
- # defined, attempt legacy HMAC verification
227
- if !session_data && @legacy_hmac_secret
228
- # Parse and verify legacy HMAC session cookie
229
- session_data, _, digest = cookie_data.rpartition('--')
230
- session_data = nil unless legacy_digest_match?(session_data, digest)
225
+ # If session decryption fails but there is @legacy_hmac_secret
226
+ # defined, attempt legacy HMAC verification
227
+ if !session_data && @legacy_hmac_secret
228
+ # Parse and verify legacy HMAC session cookie
229
+ session_data, _, digest = cookie_data.rpartition('--')
230
+ session_data = nil unless legacy_digest_match?(session_data, digest)
231
231
 
232
- # Decode using legacy HMAC decoder
233
- session_data = @legacy_hmac_coder.decode(session_data)
232
+ # Decode using legacy HMAC decoder
233
+ session_data = @legacy_hmac_coder.decode(session_data)
234
234
 
235
- elsif !session_data && coder
236
- # Use the coder option, which has the potential to be very unsafe
237
- session_data = coder.decode(cookie_data)
235
+ elsif !session_data && coder
236
+ # Use the coder option, which has the potential to be very unsafe
237
+ session_data = coder.decode(cookie_data)
238
+ end
238
239
  end
239
240
 
240
241
  request.set_header(k, session_data || {})
@@ -26,7 +26,7 @@ module Rack
26
26
  # Options may include:
27
27
  # * :serialize_json
28
28
  # Use JSON for message serialization instead of Marshal. This can be
29
- # viewed as a security ehancement.
29
+ # viewed as a security enhancement.
30
30
  # * :pad_size
31
31
  # Pad encrypted message data, to a multiple of this many bytes
32
32
  # (default: 32). This can be between 2-4096 bytes, or +nil+ to disable
@@ -1,18 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- # Copyright (C) 2007-2019 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
4
- #
5
- # Rack is freely distributable under the terms of an MIT-style license.
6
- # See MIT-LICENSE or https://opensource.org/licenses/MIT.
7
-
8
- # The Rack main module, serving as a namespace for all core Rack
9
- # modules and classes.
10
- #
11
- # All modules meant for use in your application are <tt>autoload</tt>ed here,
12
- # so it should be enough just to <tt>require 'rack'</tt> in your code.
13
-
14
3
  module Rack
15
4
  module Session
16
- VERSION = "0.2.0"
5
+ VERSION = "0.3.0"
17
6
  end
18
7
  end
data/lib/rack/session.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Rack
2
4
  module Session
3
5
  autoload :Cookie, "rack/session/cookie"
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-session
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rack Contributors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-03 00:00:00.000000000 Z
11
+ date: 2022-09-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '3.0'
19
+ version: 3.0.0.beta1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '3.0'
26
+ version: 3.0.0.beta1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: minitest
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,6 +100,7 @@ executables: []
100
100
  extensions: []
101
101
  extra_rdoc_files: []
102
102
  files:
103
+ - LICENSE.md
103
104
  - lib/rack/session.rb
104
105
  - lib/rack/session/abstract/id.rb
105
106
  - lib/rack/session/constants.rb
@@ -126,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
126
127
  - !ruby/object:Gem::Version
127
128
  version: '0'
128
129
  requirements: []
129
- rubygems_version: 3.3.7
130
+ rubygems_version: 3.4.0.dev
130
131
  signing_key:
131
132
  specification_version: 4
132
133
  summary: A session implementation for Rack.