rack-session 0.2.1 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c0c08b213021b0434ab71c49f5046a2bdbe662c95f75b023a9e78e12eddc6dcc
4
- data.tar.gz: df8fe99a45e97e91ebc52a46f91e718ac4100548bee6a161b00606926fa2044a
3
+ metadata.gz: 50f1782c9cc160cdbcee7ac400f1d3643c5b2140e6024c5a1e9829df9d535441
4
+ data.tar.gz: cacc044559ef38fef31477da4e17173de8533e5970739e7bfc90678d38bf08e3
5
5
  SHA512:
6
- metadata.gz: aeb74cd5890464b15e5df1cbe9cb1437f195f9c46330c2eee1e841a3e6e5efa1bb78e17e7d0182fe29430ae6b965068f8e7ac24bb765fa24ae5df6c85c3d8e62
7
- data.tar.gz: 358328d2d87862fc99e67e1d64f83d4ba9594b30294b3152a43b77732e1fa2648e60334ae2e00e3325b75c637fdeed589b12514620a9b9d1a2e0d089ddd63a06
6
+ metadata.gz: 0b196f3055fdb3ccda5e0aff1a0aa3b852e1fb3676de3ed0508f2d92f2771e63c8b79ac8b3b7dc4c346467eadd178786e31b92501fb900418be6c7d0afe985de
7
+ data.tar.gz: 9d200ef0353f8efdf0a92f072db2765fd2be3cd391db47a603c31be9f0a29b16dfb421e20693e889c38204171680fc5f859046d823fe4aaf0a6a6f26300b25b4
@@ -250,7 +250,7 @@ module Rack
250
250
  secure_random: ::SecureRandom
251
251
  }.freeze
252
252
 
253
- attr_reader :key, :default_options, :sid_secure
253
+ attr_reader :key, :default_options, :sid_secure, :same_site
254
254
 
255
255
  def initialize(app, options = {})
256
256
  @app = app
@@ -202,39 +202,40 @@ module Rack
202
202
  end
203
203
 
204
204
  def extract_session_id(request)
205
- unpacked_cookie_data(request)["session_id"]
205
+ unpacked_cookie_data(request)&.[]("session_id")
206
206
  end
207
207
 
208
208
  def unpacked_cookie_data(request)
209
209
  request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
210
- cookie_data = request.cookies[@key]
211
- session_data = nil
212
-
213
- # Try to decrypt the session data with our encryptors
214
- encryptors.each do |encryptor|
215
- begin
216
- session_data = encryptor.decrypt(cookie_data) if cookie_data
217
- break
218
- rescue Rack::Session::Encryptor::Error => error
219
- request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
220
-
221
- next
210
+ if cookie_data = request.cookies[@key]
211
+ session_data = nil
212
+
213
+ # Try to decrypt the session data with our encryptors
214
+ encryptors.each do |encryptor|
215
+ begin
216
+ session_data = encryptor.decrypt(cookie_data)
217
+ break
218
+ rescue Rack::Session::Encryptor::Error => error
219
+ request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
220
+
221
+ next
222
+ end
222
223
  end
223
- end
224
224
 
225
- # If session decryption fails but there is @legacy_hmac_secret
226
- # defined, attempt legacy HMAC verification
227
- if !session_data && @legacy_hmac_secret
228
- # Parse and verify legacy HMAC session cookie
229
- session_data, _, digest = cookie_data.rpartition('--')
230
- session_data = nil unless legacy_digest_match?(session_data, digest)
225
+ # If session decryption fails but there is @legacy_hmac_secret
226
+ # defined, attempt legacy HMAC verification
227
+ if !session_data && @legacy_hmac_secret
228
+ # Parse and verify legacy HMAC session cookie
229
+ session_data, _, digest = cookie_data.rpartition('--')
230
+ session_data = nil unless legacy_digest_match?(session_data, digest)
231
231
 
232
- # Decode using legacy HMAC decoder
233
- session_data = @legacy_hmac_coder.decode(session_data)
232
+ # Decode using legacy HMAC decoder
233
+ session_data = @legacy_hmac_coder.decode(session_data)
234
234
 
235
- elsif !session_data && coder
236
- # Use the coder option, which has the potential to be very unsafe
237
- session_data = coder.decode(cookie_data)
235
+ elsif !session_data && coder
236
+ # Use the coder option, which has the potential to be very unsafe
237
+ session_data = coder.decode(cookie_data)
238
+ end
238
239
  end
239
240
 
240
241
  request.set_header(k, session_data || {})
@@ -26,7 +26,7 @@ module Rack
26
26
  # Options may include:
27
27
  # * :serialize_json
28
28
  # Use JSON for message serialization instead of Marshal. This can be
29
- # viewed as a security ehancement.
29
+ # viewed as a security enhancement.
30
30
  # * :pad_size
31
31
  # Pad encrypted message data, to a multiple of this many bytes
32
32
  # (default: 32). This can be between 2-4096 bytes, or +nil+ to disable
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Rack
4
4
  module Session
5
- VERSION = "0.2.1"
5
+ VERSION = "0.3.0"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-session
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rack Contributors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-10 00:00:00.000000000 Z
11
+ date: 2022-09-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
127
127
  - !ruby/object:Gem::Version
128
128
  version: '0'
129
129
  requirements: []
130
- rubygems_version: 3.3.7
130
+ rubygems_version: 3.4.0.dev
131
131
  signing_key:
132
132
  specification_version: 4
133
133
  summary: A session implementation for Rack.