RubyGems - rack-session - Versions diffs - 0.2.1 → 0.3.0 - Mend

rack-session 0.2.1 → 0.3.0

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/rack/session/abstract/id.rb +1 -1
data/lib/rack/session/cookie.rb +26 -25
data/lib/rack/session/encryptor.rb +1 -1
data/lib/rack/session/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c0c08b213021b0434ab71c49f5046a2bdbe662c95f75b023a9e78e12eddc6dcc
-  data.tar.gz: df8fe99a45e97e91ebc52a46f91e718ac4100548bee6a161b00606926fa2044a
+  metadata.gz: 50f1782c9cc160cdbcee7ac400f1d3643c5b2140e6024c5a1e9829df9d535441
+  data.tar.gz: cacc044559ef38fef31477da4e17173de8533e5970739e7bfc90678d38bf08e3
 SHA512:
-  metadata.gz: aeb74cd5890464b15e5df1cbe9cb1437f195f9c46330c2eee1e841a3e6e5efa1bb78e17e7d0182fe29430ae6b965068f8e7ac24bb765fa24ae5df6c85c3d8e62
-  data.tar.gz: 358328d2d87862fc99e67e1d64f83d4ba9594b30294b3152a43b77732e1fa2648e60334ae2e00e3325b75c637fdeed589b12514620a9b9d1a2e0d089ddd63a06
+  metadata.gz: 0b196f3055fdb3ccda5e0aff1a0aa3b852e1fb3676de3ed0508f2d92f2771e63c8b79ac8b3b7dc4c346467eadd178786e31b92501fb900418be6c7d0afe985de
+  data.tar.gz: 9d200ef0353f8efdf0a92f072db2765fd2be3cd391db47a603c31be9f0a29b16dfb421e20693e889c38204171680fc5f859046d823fe4aaf0a6a6f26300b25b4

data/lib/rack/session/abstract/id.rb CHANGED Viewed

@@ -250,7 +250,7 @@ module Rack
           secure_random: ::SecureRandom
         }.freeze
-        attr_reader :key, :default_options, :sid_secure
+        attr_reader :key, :default_options, :sid_secure, :same_site
         def initialize(app, options = {})
           @app = app

data/lib/rack/session/cookie.rb CHANGED Viewed

@@ -202,39 +202,40 @@ module Rack
       end
       def extract_session_id(request)
-        unpacked_cookie_data(request)["session_id"]
+        unpacked_cookie_data(request)&.[]("session_id")
       end
       def unpacked_cookie_data(request)
         request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
-          cookie_data = request.cookies[@key]
-          session_data = nil
-          # Try to decrypt the session data with our encryptors
-          encryptors.each do |encryptor|
-            begin
-              session_data = encryptor.decrypt(cookie_data) if cookie_data
-              break
-            rescue Rack::Session::Encryptor::Error => error
-              request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
-              next
+          if cookie_data = request.cookies[@key]
+            session_data = nil
+            # Try to decrypt the session data with our encryptors
+            encryptors.each do |encryptor|
+              begin
+                session_data = encryptor.decrypt(cookie_data)
+                break
+              rescue Rack::Session::Encryptor::Error => error
+                request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
+                next
+              end
             end
-          end
-          # If session decryption fails but there is @legacy_hmac_secret
-          # defined, attempt legacy HMAC verification
-          if !session_data && @legacy_hmac_secret
-            # Parse and verify legacy HMAC session cookie
-            session_data, _, digest = cookie_data.rpartition('--')
-            session_data = nil unless legacy_digest_match?(session_data, digest)
+            # If session decryption fails but there is @legacy_hmac_secret
+            # defined, attempt legacy HMAC verification
+            if !session_data && @legacy_hmac_secret
+              # Parse and verify legacy HMAC session cookie
+              session_data, _, digest = cookie_data.rpartition('--')
+              session_data = nil unless legacy_digest_match?(session_data, digest)
-            # Decode using legacy HMAC decoder
-            session_data = @legacy_hmac_coder.decode(session_data)
+              # Decode using legacy HMAC decoder
+              session_data = @legacy_hmac_coder.decode(session_data)
-          elsif !session_data && coder
-            # Use the coder option, which has the potential to be very unsafe
-            session_data = coder.decode(cookie_data)
+            elsif !session_data && coder
+              # Use the coder option, which has the potential to be very unsafe
+              session_data = coder.decode(cookie_data)
+            end
           end
           request.set_header(k, session_data || {})

data/lib/rack/session/encryptor.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Rack
       # Options may include:
       # * :serialize_json
       #     Use JSON for message serialization instead of Marshal. This can be
-      #     viewed as a security ehancement.
+      #     viewed as a security enhancement.
       # * :pad_size
       #     Pad encrypted message data, to a multiple of this many bytes
       #     (default: 32). This can be between 2-4096 bytes, or +nil+ to disable

data/lib/rack/session/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Rack
   module Session
-    VERSION = "0.2.1"
+    VERSION = "0.3.0"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-session
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Rack Contributors
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-10 00:00:00.000000000 Z
+date: 2022-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.4.0.dev
 signing_key:
 specification_version: 4
 summary: A session implementation for Rack.