simple_session 0.1.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: de9e37a31c667a04a6812dd26ae80c4627da92f1
-  data.tar.gz: f12ea3605069c9e6558d39aff93247074cf98653
+  metadata.gz: 22b41938246e413705405ae2f83ebb0104761677
+  data.tar.gz: cc6b51706663df70fb814a27e74b12babd7ee0b4
 SHA512:
-  metadata.gz: 64e8397ac79a60536cf616b9d1fec65131bfdabc0888b443ecc5e34ac4ea5a759509cd21ec06490783e62f3891430aaee31203892294756b49125662ce493c2a
-  data.tar.gz: a871554c7cd6ac5d9a0e7eb0ebbf6e59fe7552ef6f19be42858ad0a03a64fa0cb8fd32c7b0fd021d682629e10ed2c8efea076f49e23de72e41e603c0e9a1a3d1
+  metadata.gz: 75250ae913ae857b5b9e4375bbff4b851d246f2b2cc8f810627c3c0f587d72ac9c7b396af6a810f531d7c10d05bf98993a147875fab3d1a48e5e2eef524bc1f0
+  data.tar.gz: a0a1dbedc75f826d0eda5077833b2f9986cf94a4f058702a626d1924ef36b4c512335b28d1df0d667d153aebeea334c0bc8fc202b6153cc4689ac73efa4ec4ff

data/.gitignore

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+.byebug_history

data/README.md

@@ -1,4 +1,5 @@
 # SimpleSession
+![build-status](https://travis-ci.org/hayduke19us/simple_session.svg?branch=master)
 
 This is a drop in replacement for rack session. By default
 the session cookie is encrypted in AES-256-CBC and requires a secret
@@ -8,10 +9,9 @@ which is recommended to be kept in an .env file or something similar.
 
 <a href='#usage-sect'><h4>Usage</h4></a>
 
-<a href='#overview-sect'><h4>Overview</h4></a>
-
 <a href='#default-sect'><h4>Default Options</h4></a>
 
+<a href='#overview-sect'><h4>Overview</h4></a>
 	
 <h2 id='install-sect'>Installation</h2>
 
@@ -34,71 +34,78 @@ Full examples are in the *test/simple_session_test.rb* and
 *test/simple_app.rb*. It's just a middleware so throw it on top of the stack.
 
 ```ruby
-use SimpleSession::Session, secret: 'some secret', expire_after: 7200
+use SimpleSession::Session, secret: SecureRandom.hex
+```
+**NOTE:** `:secret` must be 32 chars long.
+
+<h4 id='default-sect'>Default Options</h4>
+
+```ruby 
+secret: nil
+key: 'rack.session', 
+options_key: 'rack.session.options' ,
+max_age: 172800,
+path: '/',
+domain: 'nil',
+secure: false,
+http_only: false
+```
+**NOTE:** For persistent options `:max_age` is excepted and the default is 2 days. 
+Because there are still IE versions that don't support max-age we inject both **max-age** and **expires** into the cookie and let the browser handle it.
+
+The following is a simple example. The only **required argument is :secret**.
+
+```ruby
+require 'sinatra'
+require 'simple_session'
+
+class SimpleApp < Sinatra::Base
+
+  SECRET = SecureRandom.hex
+  use SimpleSession::Session, secret: SECRET
+
+  get '/signin' do
+    if session[:user_id] 
+      "Already Signed in"
+    else
+      session[:user_id] = '!Green3ggsandHam!'
+      "Id:  #{ session[:user_id] }"
+    end
+  end
+
+end
 ```
 
 <h4 id='overview-sect'>Overview</h4>
 SimpleSession is a simple Middleware that processes the session cookie
-with 5 steps.
+with 4 steps.
 
-1. Extract the session from the request if there is one. If there is no session 
+*  Extract the session from the request if there is one. If there is no session 
 create a new one that looks like this:
 
 ```ruby
 { session_id: 'some secret id' }
 ```
-
-2. Load the session data into the app environment so they are accessible with racks request methods like this:
-
+* Load the session data into the app environment so they are accessible with racks request methods like this:
 ```ruby
 get '/'
-request.session 
+  request.session 
   session
   request.session_options
 end
 ```
-				
-3. Clear the session if the time has expired and create a new one.
-
-4. Update the options if they have been changed like this.  
+* Update the options if they have been changed like this.  
 
 ```ruby
 # This changes the session to expire one minute after 
 # the current time. 
 get '/'  
-  request.session_options[:expire_after] = 60
+  request.session_options[:max_age] = 60
 end
 ```
 
-5. Create the new session cookie, encrypt it and return the response. 
-
-<h4 id='default-sect'>Default Options</h4>
+* Create the new session cookie, encrypt it and return the response. 
 
-* secret: nil
-* key: 'rack.session'
-* expire_after: 7200
-
-The following is a simple example. The only **required argument is :secret**.
-
-```ruby
-require 'sinatra'
-require 'simple_session'
-
-class SimpleApp < Sinatra::Base
-
-  use SimpleSession::Session, secret: 'Your Secret'
-
-  get '/signin' do
-	if session[:user_id] 
-	  "Already Signed in"
-	else
-	  session[:user_id] = '!Green3ggsandHam!'
-	  "Id:  #{ session[:user_id] }"
-	end
-  end
-
-end
-```
 
 ## Development
 

data/lib/simple_session/base.rb

@@ -1,7 +1,6 @@
 require 'rack/request'
 require 'securerandom'
 require 'openssl'
-require 'byebug'
 
 module SimpleSession
 
@@ -12,10 +11,25 @@ module SimpleSession
     def initialize app, options = {}
       @app          = app
       @key          = options.fetch :key, 'rack.session'
-      @secret       = options[:secret]
-      @cipher_key   = cipher_key
+      @secret       = options.fetch :secret, get_secret_errors(options)
       @options_key  = options.fetch :options_key, 'rack.session.options'
-      @default_opts = options
+      @default_opts = DEFAULT_OPTS.merge!(options)
+    end
+
+    def get_secret_errors options
+      secret = options[:secret]
+      missing_msg = %[
+        SimpleSession requires a secret like this:
+        use SimpleSession::Session, secret: 'some secret'
+      ]
+
+      short_msg  = %[
+        SimpleSession require a secret with a minimum length of 32
+        use SimpleSession::Session, secret: SecureRandom.hex(32)
+      ]
+
+      raise ArgumentError, missing_msg unless secret
+      raise ArgumentError, short_msg   unless secret.length >= 32
     end
 
     def req_session
@@ -26,15 +40,6 @@ module SimpleSession
       session[:options] if session
     end
 
-    def clear_session
-      @session = new_session_hash
-      @options = {options: OptionHash.new(@default_opts).opts}
-    end
-
-    def time_expired?
-      req_options && req_options[:expire] && req_options[:expire] <= Time.now
-    end
-
     def new_session_hash
       { session_id: SecureRandom.hex(32) }
     end
@@ -43,19 +48,15 @@ module SimpleSession
       # Decrypt request session and store it 
       extract_session env
 
-      original_opts = @options[:options].dup
-
-      # Process options
-      clear_session if time_expired?
-
       # Load session into app env
       load_environment env
 
       # Pass on request
       status, headers, body = @app.call env
 
-      # Check session for changes and update options
-      update_options if options_changed? original_opts
+      # Check session for changes and update
+      update_options if options_changed?
+      update_session if session_changed?
 
       # Encrypt and add session to headers
       add_session headers
@@ -64,27 +65,12 @@ module SimpleSession
     end
 
     private
-
-    def update_options
-      @options = {options: OptionHash.new(@options[:options]).opts}
-    end
-
-    def options_changed? original
-      original != @options[:options]
-    end
-
-    # If the session is nil create a new one
-    # If the session is unable to be decrypted throw an
-    # error and create a new one.
-    # encrypted data is not allowed in the app env
     def extract_session env
       begin
         @request = Rack::Request.new env
         @session = req_session ? decrypt(req_session) : new_session_hash
 
-        unless @session
-          raise ArgumentError, "Unable to decrypt session  #{caller[0]}"
-        end
+        raise ArgumentError, "Unable to decrypt session" unless @session
 
       rescue => e
         @session = new_session_hash
@@ -94,63 +80,64 @@ module SimpleSession
       @options = options_hash
     end
 
+    def options_hash
+      o = session[:options] || OptionHash.new(@default_opts).opts
+      { options: o }
+    end
+
     def load_environment env
-      env[@key] = session[:value] || session
-      env[@options_key] = @options[:options]
+      env[@key] = session.dup
+      env[@options_key] = @options[:options].dup
     end
 
     def add_session headers
       cookie = Hash.new
-      cookie[:value]   = session[:value] || session
-      cookie[:expires] = @options[:options][:expire]
-      set_cookie_header headers, @key, encrypt(cookie.merge!(@options))
+      cookie[:value] = encrypt session.merge(@options)
+      cookie.merge!(@options[:options])
+
+      set_cookie_header headers, @key, cookie
     end
 
     def set_cookie_header headers, key, cookie
       Rack::Utils.set_cookie_header! headers, key, cookie
     end
 
-    def options_hash
-      o = session[:options] || OptionHash.new(@default_opts).opts
-      { options: o }
+    def update_options
+      @options = {options: OptionHash.new(request.session_options).opts}
+    end
+
+    def options_changed? 
+      request.session_options != @options[:options]
+    end
+
+    def session_changed?
+      request.session != @session
+    end
+
+    def update_session
+      @session = request.session
     end
 
     def encrypt data
-      begin
-        if data.is_a? Hash
-          # Serialize
-          m = Marshal.dump data
+      # Serialize
+      m = Marshal.dump data
 
-          # Cipher
-          c = load_cipher m
+      # Cipher
+      c = load_cipher m
 
-          # Base64
-          [c].pack('m')
-        else
-          raise ArgumentError, "Internal session data must be a hash"
-        end
-      rescue => e
-        puts e.message
-      end
+      # Encode Base64
+      [c].pack('m')
     end
 
     def decrypt data
-      begin
-        if data.is_a? String
-          # Decode Base64
-          b = data.unpack('m').first
+      # Decode Base64
+      b = data.unpack('m').first
 
-          # Decipher
-          c = unload_cipher b
+      # Decipher
+      c = unload_cipher b
 
-          # Deserialize
-          Marshal.load c
-        else
-          raise ArgumentError, "External session data must be a string."
-        end
-      rescue => e
-        puts e.message
-      end
+      # Deserialize
+      Marshal.load c
     end
 
     def digest
@@ -158,7 +145,7 @@ module SimpleSession
     end
 
     def hmac data
-      OpenSSL::HMAC.digest digest, @key, data
+      OpenSSL::HMAC.digest digest, @secret, data
     end
 
     def new_cipher
@@ -170,7 +157,7 @@ module SimpleSession
       cipher.encrypt
       iv = cipher.random_iv
       cipher.iv  = iv
-      cipher.key = @cipher_key
+      cipher.key = cipher_key
 
       iv + cipher.update(marshaled_data) + cipher.final
     end
@@ -179,7 +166,7 @@ module SimpleSession
       cipher = new_cipher
       cipher.decrypt
       cipher.iv  = data[0, 16]
-      cipher.key = @cipher_key
+      cipher.key = cipher_key
       cipher.update(data[16..-1]) + cipher.final
     end
 
@@ -192,28 +179,17 @@ module SimpleSession
       SANITATION = [:key, :secret, :options_key]
 
       def initialize args
-        @opts = sanitize args.dup
+        @opts = args
         process_request_options
-        set_instance_variables
-        create_readers
+        sanitize_opts
       end
 
       def opts
         @opts
       end
 
-      def create_reader name 
-        self.class.send(:define_method, name, &Proc.new)
-      end
-
-      def create_readers
-        @opts.keys.each do |k|
-          create_reader(k) { instance_variable_get "@#{k}"}
-        end
-      end
-
-      def set_instance_variables
-        @opts.each { |k, v| instance_variable_set "@#{k.to_s}", v}
+      def sanitize_opts
+        @opts = sanitize @opts
       end
 
       def process_request_options
@@ -225,26 +201,18 @@ module SimpleSession
       end
 
       def p_time
-        @opts[:expire_after] ||= default_time
-        @opts[:expire] = Time.now + @opts[:expire_after].to_i if @opts[:expire_after]
+        time = Time.now + @opts[:max_age].to_i
+        @opts[:expires] = time if @opts[:max_age]
       end
 
       private
       def sanitize args
-        dup_args = args
         SANITATION.each do |key|
-          dup_args.delete(key) if args[key]
+          args.delete(key) if args[key]
         end
-        dup_args
-      end
-
-      def default_time
-        60 * 60 * 2
+        args
       end
 
     end
-
   end
-
 end
-

data/lib/simple_session/version.rb

@@ -1,3 +1,3 @@
 module SimpleSession
-  VERSION = "0.1.1"
+  VERSION = "0.2.2"
 end

data/lib/simple_session.rb

@@ -1,13 +1,14 @@
 require "simple_session/version"
 require "simple_session/base.rb"
 
-# Options 
-# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-# key          = options.fetch :key, 'rack.session'
-# secret       = options[:secret]
-# options_key  = options.fetch :options_key, 'rack.session.options'
-
 module SimpleSession
+  DEFAULT_OPTS = {
+    max_age: 172800 ,
+    domain: nil,
+    path: '/',
+    http_only: false,
+    secure: false,
+  }
 
   class Session < Base
 

data/simple_session.gemspec

@@ -24,7 +24,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 1.10"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "minitest"
-  spec.add_development_dependency "byebug"
   spec.add_development_dependency "rack-test"
   spec.add_development_dependency "sinatra"
   spec.add_development_dependency "timecop"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simple_session
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.2
 platform: ruby
 authors:
 - hayduke19us
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-11-10 00:00:00.000000000 Z
+date: 2015-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,20 +52,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement