redis-session-store 0.11.3 → 0.11.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd8a09794dffb0a086336ee4214bcb138ac5586c47f42c05f3fc58ff6674ea11
-  data.tar.gz: 104c8fc66496c25cc5722898666dbf18313325167b15d86f6c0ecfbed0d22503
+  metadata.gz: d849f844f92e7e968078cf93d5802c868613bad0bfcefce1b72dd89724f76e3c
+  data.tar.gz: 6c022fcdc3cdf7254ef738e7450530238fb813eed58b73055f7e851c8335fca4
 SHA512:
-  metadata.gz: a1a88cfba00ea9c689284797c3abdc818410b349ffeb682b55c71f6cea56963a657c69cff0e026690737369297481f19c214a5685b24ce280172257b0e2c9813
-  data.tar.gz: 864472f94a488f8e803874bec5daf987cc8c3235d486408bfb3f1261069afc41d91a004f398af218eafb5238ca9bc25697956af9290077c0f5b806212e0070ca
+  metadata.gz: b6c00740b8272f8626e3e4f902b927cefb50901e9fa7981d4a4b4e291d2c2bbbe9ab5d60c0b44453a38d08777aee818f4ae7218a7bc7e221996e54f659add5e4
+  data.tar.gz: 6d39606e90215ecda6a7575231082da256381f765c457fc220a339a287618f820f8af44e3d2efb32fa160dc7351a51c92b4326afae5c670acd1b1292384aa5ec

data/.github/workflows/ruby.yml

@@ -0,0 +1,34 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby: [2.5, 2.6, 2.7, head, jruby-9.2.20.1, jruby-head]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+      continue-on-error: true
+    - name: Run tests
+      run: bundle exec rake
+      continue-on-error: true

data/.rubocop.yml

@@ -1,3 +1,9 @@
+inherit_from: .rubocop_todo.yml
+
+require:
+  - rubocop-rake
+  - rubocop-rspec
+
 AllCops:
   DisplayCopNames: true
   Exclude:

data/.rubocop_todo.yml

@@ -0,0 +1,67 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2022-01-29 11:55:33 UTC using RuboCop version 1.25.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# Configuration parameters: Include.
+# Include: **/*.gemspec
+Gemspec/RequiredRubyVersion:
+  Exclude:
+    - 'redis-session-store.gemspec'
+
+# Offense count: 6
+# Configuration parameters: Prefixes.
+# Prefixes: when, with, without
+RSpec/ContextWording:
+  Exclude:
+    - 'spec/redis_session_store_spec.rb'
+
+# Offense count: 2
+# Configuration parameters: CountAsOne.
+RSpec/ExampleLength:
+  Max: 9
+
+# Offense count: 5
+# Configuration parameters: AssignmentOnly.
+RSpec/InstanceVariable:
+  Exclude:
+    - 'spec/redis_session_store_spec.rb'
+
+# Offense count: 8
+# Configuration parameters: .
+# SupportedStyles: have_received, receive
+RSpec/MessageSpies:
+  EnforcedStyle: receive
+
+# Offense count: 5
+RSpec/MultipleExpectations:
+  Max: 2
+
+# Offense count: 17
+# Configuration parameters: AllowSubject.
+RSpec/MultipleMemoizedHelpers:
+  Max: 10
+
+# Offense count: 13
+RSpec/NestedGroups:
+  Max: 5
+
+# Offense count: 2
+RSpec/StubbedMock:
+  Exclude:
+    - 'spec/redis_session_store_spec.rb'
+
+# Offense count: 20
+RSpec/SubjectStub:
+  Exclude:
+    - 'spec/redis_session_store_spec.rb'
+
+# Offense count: 16
+# Configuration parameters: IgnoreNameless, IgnoreSymbolicNames.
+RSpec/VerifiedDoubles:
+  Exclude:
+    - 'spec/redis_session_store_spec.rb'

data/AUTHORS.md

@@ -23,3 +23,4 @@ Redis Session Store authors
 - Anton Kolodii
 - Peter Karman
 - Zach Margolis
+- Zachary Belzer

data/CHANGELOG.md

@@ -4,6 +4,15 @@
 
 ## [Unreleased]
 
+## [0.11.4] - 2022-01-29
+### Fixed
+- Use AbstractSecureStore for security fix
+
+### Changed
+- Support actionpack 7.x
+- Move from TravisCI to Github Actions
+- Drop support for ruby 2.3, 2.4
+
 ## [0.11.3] - 2020-07-23
 ### Fixed
 - https://github.com/roidrage/redis-session-store/issues/121

data/README.md

@@ -1,6 +1,5 @@
 # Redis Session Store
 
-[![Build Status](https://travis-ci.org/roidrage/redis-session-store.svg?branch=master)](https://travis-ci.org/roidrage/redis-session-store)
 [![Code Climate](https://codeclimate.com/github/roidrage/redis-session-store.svg)](https://codeclimate.com/github/roidrage/redis-session-store)
 [![Gem Version](https://badge.fury.io/rb/redis-session-store.svg)](http://badge.fury.io/rb/redis-session-store)
 

data/lib/redis-session-store.rb

@@ -2,8 +2,8 @@ require 'redis'
 
 # Redis session storage for Rails, and for Rails only. Derived from
 # the MemCacheStore code, simply dropping in Redis instead.
-class RedisSessionStore < ActionDispatch::Session::AbstractStore
-  VERSION = '0.11.3'.freeze
+class RedisSessionStore < ActionDispatch::Session::AbstractSecureStore
+  VERSION = '0.11.4'.freeze
   # Rails 3.1 and beyond defines the constant elsewhere
   unless defined?(ENV_SESSION_OPTIONS_KEY)
     ENV_SESSION_OPTIONS_KEY = if Rack.release.split('.').first.to_i > 1

data/redis-session-store.gemspec

@@ -4,7 +4,7 @@ Gem::Specification.new do |gem|
   gem.email = ['meyer@paperplanes.de']
   gem.summary = 'A drop-in replacement for e.g. MemCacheStore to ' \
                 'store Rails sessions (and Rails sessions only) in Redis.'
-  gem.description = gem.summary + ' For great glory!'
+  gem.description = "#{gem.summary} For great glory!"
   gem.homepage = 'https://github.com/roidrage/redis-session-store'
   gem.license = 'MIT'
 
@@ -15,12 +15,14 @@ Gem::Specification.new do |gem|
   gem.version = File.read('lib/redis-session-store.rb')
                     .match(/^  VERSION = '(.*)'/)[1]
 
-  gem.add_runtime_dependency 'actionpack', '>= 3', '< 7'
+  gem.add_runtime_dependency 'actionpack', '>= 3', '< 8'
   gem.add_runtime_dependency 'redis', '>= 3', '< 5'
 
   gem.add_development_dependency 'fakeredis', '~> 0.8'
   gem.add_development_dependency 'rake', '~> 13'
   gem.add_development_dependency 'rspec', '~> 3'
-  gem.add_development_dependency 'rubocop', '~> 0.81'
-  gem.add_development_dependency 'simplecov', '~> 0.17'
+  gem.add_development_dependency 'rubocop', '~> 1.25'
+  gem.add_development_dependency 'rubocop-rake', '~> 0.6'
+  gem.add_development_dependency 'rubocop-rspec', '~> 2.8'
+  gem.add_development_dependency 'simplecov', '~> 0.21'
 end

data/spec/redis_session_store_spec.rb

@@ -1,20 +1,19 @@
 require 'json'
 
 describe RedisSessionStore do
+  subject(:store) { described_class.new(nil, options) }
+
   let :random_string do
     "#{rand}#{rand}#{rand}"
   end
+  let :default_options do
+    store.instance_variable_get(:@default_options)
+  end
 
   let :options do
     {}
   end
 
-  subject(:store) { RedisSessionStore.new(nil, options) }
-
-  let :default_options do
-    store.instance_variable_get(:@default_options)
-  end
-
   it 'assigns a :namespace to @default_options' do
     expect(default_options[:namespace]).to eq('rack:session')
   end
@@ -35,7 +34,7 @@ describe RedisSessionStore do
     end
 
     it 'creates a redis instance' do
-      expect(store.instance_variable_get(:@redis)).to_not be_nil
+      expect(store.instance_variable_get(:@redis)).not_to be_nil
     end
 
     it 'assigns the :host option to @default_options' do
@@ -96,7 +95,7 @@ describe RedisSessionStore do
     end
 
     it 'creates a redis instance' do
-      expect(store.instance_variable_get(:@redis)).to_not be_nil
+      expect(store.instance_variable_get(:@redis)).not_to be_nil
     end
 
     it 'assigns the :host option to @default_options' do
@@ -228,6 +227,7 @@ describe RedisSessionStore do
     context 'when session id is not provided' do
       context 'when session id is nil' do
         let(:session_id) { nil }
+
         it 'returns false' do
           expect(store.send(:session_exists?, :env)).to eq(false)
         end
@@ -235,6 +235,7 @@ describe RedisSessionStore do
 
       context 'when session id is empty string' do
         let(:session_id) { '' }
+
         it 'returns false' do
           allow(store).to receive(:current_session_id).with(:env).and_return('')
           expect(store.send(:session_exists?, :env)).to eq(false)
@@ -281,6 +282,13 @@ describe RedisSessionStore do
 
     let(:fake_key) { 'thisisarediskey' }
 
+    describe 'generate_sid' do
+      it 'generates a secure ID' do
+        sid = store.send(:generate_sid)
+        expect(sid).to be_a(Rack::Session::SessionId)
+      end
+    end
+
     it 'retrieves the prefixed key from redis' do
       redis = double('redis')
       allow(store).to receive(:redis).and_return(redis)
@@ -397,14 +405,15 @@ describe RedisSessionStore do
 
     context 'marshal' do
       let(:options) { { serializer: :marshal } }
-      it_should_behave_like 'serializer'
+
+      it_behaves_like 'serializer'
     end
 
     context 'json' do
       let(:options) { { serializer: :json } }
       let(:encoded_data) { '{"some":"data"}' }
 
-      it_should_behave_like 'serializer'
+      it_behaves_like 'serializer'
     end
 
     context 'hybrid' do
@@ -412,13 +421,13 @@ describe RedisSessionStore do
       let(:expected_encoding) { '{"some":"data"}' }
 
       context 'marshal encoded data' do
-        it_should_behave_like 'serializer'
+        it_behaves_like 'serializer'
       end
 
       context 'json encoded data' do
         let(:encoded_data) { '{"some":"data"}' }
 
-        it_should_behave_like 'serializer'
+        it_behaves_like 'serializer'
       end
     end
 
@@ -438,7 +447,7 @@ describe RedisSessionStore do
       let(:options) { { serializer: custom_serializer } }
       let(:expected_encoding) { 'somedata' }
 
-      it_should_behave_like 'serializer'
+      it_behaves_like 'serializer'
     end
   end
 
@@ -514,7 +523,7 @@ describe RedisSessionStore do
     %w(on_redis_down on_session_load_error).each do |h|
       context 'when nil' do
         it 'does not explode at init' do
-          expect { store }.to_not raise_error
+          expect { store }.not_to raise_error
         end
       end
 
@@ -522,7 +531,7 @@ describe RedisSessionStore do
         let(:options) { { "#{h}": ->(*) { true } } }
 
         it 'does not explode at init' do
-          expect { store }.to_not raise_error
+          expect { store }.not_to raise_error
         end
       end
 

data/spec/support.rb

@@ -7,11 +7,24 @@ unless defined?(Rack::Session::Abstract::ENV_SESSION_OPTIONS_KEY)
     end
   end
 end
+unless defined?(Rack::Session::SessionId)
+  module Rack
+    module Session
+      class SessionId
+        attr_reader :public_id
+
+        def initialize(_public_id)
+          @public_id
+        end
+      end
+    end
+  end
+end
 
-unless defined?(ActionDispatch::Session::AbstractStore)
+unless defined?(ActionDispatch::Session::AbstractSecureStore)
   module ActionDispatch
     module Session
-      class AbstractStore
+      class AbstractSecureStore
         ENV_SESSION_OPTIONS_KEY = 'rack.session.options'.freeze
         DEFAULT_OPTIONS = {
           key: '_session_id',
@@ -33,7 +46,7 @@ unless defined?(ActionDispatch::Session::AbstractStore)
         private
 
         def generate_sid
-          rand(999..9999).to_s(16)
+          Rack::Session::SessionId.new(rand(999..9999).to_s(16))
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: redis-session-store
 version: !ruby/object:Gem::Version
-  version: 0.11.3
+  version: 0.11.4
 platform: ruby
 authors:
 - Mathias Meyer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-23 00:00:00.000000000 Z
+date: 2022-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '8'
 - !ruby/object:Gem::Dependency
   name: redis
   requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.81'
+        version: '1.25'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.81'
+        version: '1.25'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '0.21'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '0.21'
 description: A drop-in replacement for e.g. MemCacheStore to store Rails sessions
   (and Rails sessions only) in Redis. For great glory!
 email:
@@ -131,11 +159,12 @@ extra_rdoc_files:
 - AUTHORS.md
 - CONTRIBUTING.md
 files:
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".rubocop_todo.yml"
 - ".simplecov"
-- ".travis.yml"
 - AUTHORS.md
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
@@ -168,7 +197,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: A drop-in replacement for e.g. MemCacheStore to store Rails sessions (and

data/.travis.yml

@@ -1,24 +0,0 @@
-language: ruby
-cache: bundler
-rvm:
-- 2.3
-- 2.4
-- 2.5
-- 2.6
-- ruby-head
-- jruby-9.2.12.0
-matrix:
-  allow_failures:
-  - rvm: ruby-head
-  - rvm: jruby-9.2.12.0
-notifications:
-  email: false
-deploy:
-  provider: rubygems
-  api_key:
-    secure: jL1lH/wfeRa5MoZRHvkXcZP/Ch7huFxqzbvhEV7UZhiDUBnApcJWkb346jeLEDYnFObUhqhaCZ1/l4fDeSFg2GgatSfEnoWATFVkIf1e4TTGAePlS+4qqsGOcr+XrjP6CEf4o4JACdLuSoT9dtUFj0xkFLnDWILxneXIrqDE9VU=
-  gem: redis-session-store
-  on:
-    tags: true
-    repo: roidrage/redis-session-store
-    rvm: 2.6.6