RubyGems - rack-session - Versions diffs - 0.2.1 → 0.3.0 - Mend

rack-session 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/rack/session/abstract/id.rb +1 -1
data/lib/rack/session/cookie.rb +26 -25
data/lib/rack/session/encryptor.rb +1 -1
data/lib/rack/session/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c0c08b213021b0434ab71c49f5046a2bdbe662c95f75b023a9e78e12eddc6dcc
-  data.tar.gz: df8fe99a45e97e91ebc52a46f91e718ac4100548bee6a161b00606926fa2044a
+  metadata.gz: 50f1782c9cc160cdbcee7ac400f1d3643c5b2140e6024c5a1e9829df9d535441
+  data.tar.gz: cacc044559ef38fef31477da4e17173de8533e5970739e7bfc90678d38bf08e3
 SHA512:
-  metadata.gz: aeb74cd5890464b15e5df1cbe9cb1437f195f9c46330c2eee1e841a3e6e5efa1bb78e17e7d0182fe29430ae6b965068f8e7ac24bb765fa24ae5df6c85c3d8e62
-  data.tar.gz: 358328d2d87862fc99e67e1d64f83d4ba9594b30294b3152a43b77732e1fa2648e60334ae2e00e3325b75c637fdeed589b12514620a9b9d1a2e0d089ddd63a06
+  metadata.gz: 0b196f3055fdb3ccda5e0aff1a0aa3b852e1fb3676de3ed0508f2d92f2771e63c8b79ac8b3b7dc4c346467eadd178786e31b92501fb900418be6c7d0afe985de
+  data.tar.gz: 9d200ef0353f8efdf0a92f072db2765fd2be3cd391db47a603c31be9f0a29b16dfb421e20693e889c38204171680fc5f859046d823fe4aaf0a6a6f26300b25b4

data/lib/rack/session/abstract/id.rb CHANGED Viewed

@@ -250,7 +250,7 @@ module Rack
           secure_random: ::SecureRandom
         }.freeze
-        attr_reader :key, :default_options, :sid_secure
+        attr_reader :key, :default_options, :sid_secure, :same_site
         def initialize(app, options = {})
           @app = app

data/lib/rack/session/cookie.rb CHANGED Viewed

@@ -202,39 +202,40 @@ module Rack
       end
       def extract_session_id(request)
-        unpacked_cookie_data(request)["session_id"]
+        unpacked_cookie_data(request)&.[]("session_id")
       end
       def unpacked_cookie_data(request)
         request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
-          cookie_data = request.cookies[@key]
-          session_data = nil
-          # Try to decrypt the session data with our encryptors
-          encryptors.each do |encryptor|
-            begin
-              session_data = encryptor.decrypt(cookie_data) if cookie_data
-              break
-            rescue Rack::Session::Encryptor::Error => error
-              request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
-              next
+          if cookie_data = request.cookies[@key]
+            session_data = nil
+            # Try to decrypt the session data with our encryptors
+            encryptors.each do |encryptor|
+              begin
+                session_data = encryptor.decrypt(cookie_data)
+                break
+              rescue Rack::Session::Encryptor::Error => error
+                request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
+                next
+              end
             end
-          end
-          # If session decryption fails but there is @legacy_hmac_secret
-          # defined, attempt legacy HMAC verification
-          if !session_data && @legacy_hmac_secret
-            # Parse and verify legacy HMAC session cookie
-            session_data, _, digest = cookie_data.rpartition('--')
-            session_data = nil unless legacy_digest_match?(session_data, digest)
+            # If session decryption fails but there is @legacy_hmac_secret
+            # defined, attempt legacy HMAC verification
+            if !session_data && @legacy_hmac_secret
+              # Parse and verify legacy HMAC session cookie
+              session_data, _, digest = cookie_data.rpartition('--')
+              session_data = nil unless legacy_digest_match?(session_data, digest)
-            # Decode using legacy HMAC decoder
-            session_data = @legacy_hmac_coder.decode(session_data)
+              # Decode using legacy HMAC decoder
+              session_data = @legacy_hmac_coder.decode(session_data)
-          elsif !session_data && coder
-            # Use the coder option, which has the potential to be very unsafe
-            session_data = coder.decode(cookie_data)
+            elsif !session_data && coder
+              # Use the coder option, which has the potential to be very unsafe
+              session_data = coder.decode(cookie_data)
+            end
           end
           request.set_header(k, session_data || {})

data/lib/rack/session/encryptor.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Rack
       # Options may include:
       # * :serialize_json
       #     Use JSON for message serialization instead of Marshal. This can be
-      #     viewed as a security ehancement.
+      #     viewed as a security enhancement.
       # * :pad_size
       #     Pad encrypted message data, to a multiple of this many bytes
       #     (default: 32). This can be between 2-4096 bytes, or +nil+ to disable

data/lib/rack/session/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Rack
   module Session
-    VERSION = "0.2.1"
+    VERSION = "0.3.0"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-session
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Rack Contributors
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-10 00:00:00.000000000 Z
+date: 2022-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.4.0.dev
 signing_key:
 specification_version: 4
 summary: A session implementation for Rack.