snowplow_ruby_duid 1.0.1 → 1.1.0.prerelease.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: c2818143e193e501a987cbaca0dfcb084010d012
-  data.tar.gz: 4b6295b77691331a88608578c46a95e749a6e241
+SHA256:
+  metadata.gz: 972f7e668aa1cb73bf11332da5c932206133bc59af99c4a4cdfc1d4598ab1d6b
+  data.tar.gz: de197f60ee4fd72f040b4fbc6539ff3d58c9e734cd7f16f69de02239b483553e
 SHA512:
-  metadata.gz: 63df7f00beb0850f36f54505a5f239339432c8306e9e9a424402da2a0727cb4567c4867d77a6766a75160f8c12b082d3f0c906a5b2e7fa922a0f0fdf9836da97
-  data.tar.gz: 0a791495bf59396b38481f9efb025ede2907ca12413a6c1b2f21e026b4cf277d57e3a558a0248bebaeca2b1ebdb7157f77fbaef5496d93a8fa5e35e5b0385274
+  metadata.gz: dc84fb92fa343c0f5d264429b4e2f9e1d2ddb42fdd5fbc46e9f73c3cde26b12c041fa0215198b5515e87f8f033b09924f303fe1e50df0378a57c8f9b05904bd4
+  data.tar.gz: 2fbed46e0c38efba11bf3665e17846cc27c6960d17edb7308c6f5e94f4d5c2bde2c49bd080eeab4b2c0bbc32bad201dd2f2478dbc00b72ba8143c8e150c9f69d

data/.gitignore

@@ -1,2 +1,3 @@
 *.gem
+.ruby-version
 Gemfile.lock

data/.rubocop.yml

@@ -4,3 +4,11 @@ Metrics/LineLength:
 Style/BlockDelimiters:
   Exclude:
     - 'spec/lib/snowplow_ruby_duid/cookie_spec.rb'
+
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/**/*.rb'
+
+Style/DateTime:
+  Exclude:
+    - 'lib/snowplow_ruby_duid/cookie.rb'

data/Gemfile

@@ -1,4 +1,8 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
+gem 'pry'
+
 # Specify your gem's dependencies in snowplow_ruby_duid.gemspec
 gemspec

data/README.md

@@ -14,6 +14,17 @@ gem 'snowplow_ruby_duid'
 
 The helper will be included in `ActionController::Base` when the gem is loaded.
 
+#### Configuration
+
+Since 2020 some browsers require extra settings on cookies, like SameSite and secure settings.
+
+The library provides default values for these two settings(:none, true), that you can change: 
+
+```ruby
+SnowplowRubyDuid::Configuration.same_site = :lax
+SnowplowRubyDuid::Configuration.secure = false
+```
+
 ### Sinatra
 
 Add the following to `Sinatra::Base`

data/Rakefile

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'

data/lib/snowplow_ruby_duid.rb

@@ -1,10 +1,13 @@
+# frozen_string_literal: true
+
 require 'digest/sha1'
+require 'snowplow_ruby_duid/configuration'
 require 'snowplow_ruby_duid/cookie'
 require 'snowplow_ruby_duid/domain_userid'
 require 'snowplow_ruby_duid/helper'
 
 module SnowplowRubyDuid
-  KEY_PREFIX = '_sp_id'.freeze
+  KEY_PREFIX = '_sp_id'
 end
 
-ActionController::Base.send :include, SnowplowRubyDuid::Helper if defined?(ActionController)
+ActionController::Base.include SnowplowRubyDuid::Helper if defined?(ActionController)

data/lib/snowplow_ruby_duid/configuration.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module SnowplowRubyDuid
+  # This is the configuration object that is used for two additional cookie settings
+  # that can't be deferred from the request/response objects
+  module Configuration
+    @allowed = %i[none lax strict]
+
+    @same_site = :none
+    @secure = true
+
+    def self.same_site=(value)
+      raise "Not allowed value #{value}, use one of these: #{@allowed}" unless @allowed.include?(value)
+
+      @same_site = value
+    end
+
+    def self.secure=(value)
+      @secure = value
+    end
+
+    def self.same_site
+      @same_site
+    end
+
+    def self.secure
+      @secure
+    end
+  end
+end

data/lib/snowplow_ruby_duid/cookie.rb

@@ -1,18 +1,22 @@
+# frozen_string_literal: true
+
 module SnowplowRubyDuid
   # Responsible for generating a cookie that emulates the Snowplow cookie as closely as possible
   # Leverages the method used by ActionDispatch::Cookies::CookieJar to determine the top-level domain
   class Cookie
     # See: https://github.com/snowplow/snowplow-javascript-tracker/blob/d3d10067127eb5c95d0054c8ae60f3bdccba619d/src/js/tracker.js#L142
-    COOKIE_PATH            = '/'.freeze
+    COOKIE_PATH            = '/'
     # See: https://github.com/snowplow/snowplow-javascript-tracker/blob/d3d10067127eb5c95d0054c8ae60f3bdccba619d/src/js/tracker.js#L156
     COOKIE_DURATION_MONTHS = 24
     # See: https://github.com/rails/rails/blob/b1124a2ac88778c0feb0157ac09367cbd204bf01/actionpack/lib/action_dispatch/middleware/cookies.rb#L214
-    DOMAIN_REGEXP          = /[^.]*\.([^.]*|..\...|...\...)$/
+    DOMAIN_REGEXP          = /[^.]*\.([^.]*|..\...|...\...)$/.freeze
 
-    def initialize(host, domain_userid, request_created_at)
+    def initialize(host, domain_userid, request_created_at, options = {})
       @host               = host
       @domain_userid      = domain_userid
       @request_created_at = request_created_at
+      @secure             = options.fetch(:secure)
+      @same_site          = options.fetch(:same_site)
     end
 
     # See: https://github.com/snowplow/snowplow-javascript-tracker/blob/d3d10067127eb5c95d0054c8ae60f3bdccba619d/src/js/tracker.js#L358-L360
@@ -24,12 +28,18 @@ module SnowplowRubyDuid
 
     def value
       cookie_domain = ".#{top_level_domain}" unless top_level_domain.nil?
-      {
-        value:   cookie_value,
+
+      base = {
+        value: cookie_value,
         expires: cookie_expiration,
-        domain:  cookie_domain,
-        path:    COOKIE_PATH
+        domain: cookie_domain,
+        path: COOKIE_PATH,
+        same_site: @same_site
       }
+
+      base.merge!(secure: true) if @secure
+
+      base
     end
 
     private
@@ -40,6 +50,7 @@ module SnowplowRubyDuid
     end
 
     # See: https://github.com/snowplow/snowplow-javascript-tracker/blob/d3d10067127eb5c95d0054c8ae60f3bdccba619d/src/js/tracker.js#L476-L487
+    # https://github.com/snowplow/snowplow-javascript-tracker/blob/2.14.0/src/js/tracker.js#L641-L650
     def cookie_value
       visit_count = '0'
       last_visit_ts = ''

data/lib/snowplow_ruby_duid/domain_userid.rb

@@ -1,10 +1,11 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
 module SnowplowRubyDuid
   # Generates a pseudo-unique ID to fingerprint the user
-  # Deviates from this Snowplow Javascript: https://github.com/snowplow/snowplow-javascript-tracker/blob/d3d10067127eb5c95d0054c8ae60f3bdccba619d/src/js/tracker.js#L468-L472
-  #   in order to provide a more unique identifier
+  # It follows Snowplow Javascript: https://github.com/snowplow/snowplow-javascript-tracker/blob/2.14.0/src/js/tracker.js#L670-L672
   class DomainUserid
-    LENGTH_OF_DUID_IN_BYTES = 8
-
     def initialize
       @domain_user_id = domain_user_id
     end
@@ -16,7 +17,7 @@ module SnowplowRubyDuid
     private
 
     def domain_user_id
-      SecureRandom.hex LENGTH_OF_DUID_IN_BYTES
+      SecureRandom.uuid
     end
   end
 end

data/lib/snowplow_ruby_duid/helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SnowplowRubyDuid
   # Exposes a snowplow_domain_userid method in the context
   # that will find or create a domain_userid, which will be
@@ -7,20 +9,24 @@ module SnowplowRubyDuid
       @snowplow_domain_userid ||= find_or_create_snowplow_domain_userid
     end
 
+    private
+
     def find_or_create_snowplow_domain_userid
       find_snowplow_domain_userid || create_snowplow_domain_userid
     end
-    private :find_or_create_snowplow_domain_userid
 
     def create_snowplow_domain_userid
       request_created_at = Time.now
       domain_userid      = DomainUserid.new.to_s
-      snowplow_cookie    = Cookie.new request.host, domain_userid, request_created_at
+      options = {
+        secure: Configuration.secure,
+        same_site: Configuration.same_site
+      }
+      snowplow_cookie = Cookie.new request.host, domain_userid, request_created_at, options
 
       response.set_cookie snowplow_cookie.key, snowplow_cookie.value
       domain_userid
     end
-    private :create_snowplow_domain_userid
 
     # See: https://github.com/snowplow/snowplow/wiki/Ruby-Tracker#310-setting-the-domain-user-id-with-set_domain_user_id
     def find_snowplow_domain_userid
@@ -28,11 +34,9 @@ module SnowplowRubyDuid
       # The cookie value is in this format: domainUserId.createTs.visitCount.nowTs.lastVisitTs
       snowplow_cookie.last.split('.').first unless snowplow_cookie.nil?
     end
-    private :find_snowplow_domain_userid
 
     def find_snowplow_cookie
       request.cookies.find { |(key, _value)| key =~ /^#{KEY_PREFIX}/ } # result will be an array containing: [key, value]
     end
-    private :find_snowplow_cookie
   end
 end

data/lib/snowplow_ruby_duid/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SnowplowRubyDuid
-  VERSION = '1.0.1'.freeze
+  VERSION = '1.1.0.prerelease.1'
 end

data/snowplow_ruby_duid.gemspec

@@ -1,5 +1,6 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'snowplow_ruby_duid/version'
 
@@ -18,10 +19,11 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'rack', '~> 2.0'
-  spec.add_development_dependency 'rack-test', '~> 0.6'
-  spec.add_development_dependency 'rspec', '~> 3.5'
-  spec.add_development_dependency 'rubocop', '~> 0.46'
-  spec.add_development_dependency 'rutabaga', '~> 2.1'
-  spec.add_development_dependency 'timecop', '~> 0.8'
+  spec.add_development_dependency 'rack'
+  spec.add_development_dependency 'rack-test'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'rutabaga'
+  spec.add_development_dependency 'timecop'
 end

data/spec/lib/snowplow_ruby_duid/cookie.feature

@@ -9,6 +9,27 @@ Feature: Creating a Snowplow cookie
     When I create a Snowplow cookie
     Then the cookie has the path '/'
 
+  Scenario Outline: The cookie should have same_site configuration
+    Given I configure the library and set same_site to equal '<setting>'
+    When I create a Snowplow cookie
+    Then the cookie has the SameSite attribute equal to '<expected>'
+    Examples:
+      | setting | expected |
+      |         | none     |
+      | none    | none     |
+      | lax     | lax      |
+      | strict  | strict   |
+
+  Scenario Outline: The cookie is secure if the configuration is properly passed
+    Given I configure library and set secure cookie to <true_false>
+    When I create a Snowplow cookie
+    Then the cookie's secure setting is '<expected>'
+    Examples:
+      | true_false | expected |
+      | -          | set      |
+      | true       | set       |
+      | false      | not_set   |
+
   Scenario Outline: The cookie should apply for all domains under the top-level domain (no domain for localhost or IP addresses, however)
     Given the host is '<host>'
      When I create a Snowplow cookie

data/spec/lib/snowplow_ruby_duid/cookie_spec.rb

@@ -1,12 +1,18 @@
+# frozen_string_literal: true
+
 module SnowplowRubyDuid
   describe Cookie do
     before do
       @host               = 'www.simplybusiness.co.uk'
       @domain_userid      = 'domain_user_id'
-      @request_created_at = (DateTime.parse '2015-01-22 15:26:31 +0000').to_time
+      @request_created_at = (Time.parse '2015-01-22 15:26:31 +0000').to_time
+      @same_site          = SnowplowRubyDuid::Configuration.same_site
+      @secure             = SnowplowRubyDuid::Configuration.secure
     end
 
-    subject { described_class.new @host, @domain_userid, @request_created_at }
+    subject {
+      described_class.new @host, @domain_userid, @request_created_at, { secure: @secure, same_site: @same_site }
+    }
 
     describe '#key' do
       it 'generates the key' do
@@ -17,10 +23,12 @@ module SnowplowRubyDuid
     describe '#value' do
       it 'generates a cookie' do
         expect(subject.value).to eq(
-          domain:  '.simplybusiness.co.uk',
-          expires: (DateTime.parse '2017-01-22 15:26:31 +0000').to_time,
-          path:    '/',
-          value:   'domain_user_id.1421940391.0.1421940391.'
+          domain: '.simplybusiness.co.uk',
+          expires: (Time.parse '2017-01-22 15:26:31 +0000').to_time,
+          path: '/',
+          same_site: :none,
+          secure: true,
+          value: 'domain_user_id.1421940391.0.1421940391.'
         )
       end
     end
@@ -35,7 +43,19 @@ module SnowplowRubyDuid
       end
 
       step 'the time is :time' do |time|
-        @request_created_at = (DateTime.parse time).to_time
+        @request_created_at = (Time.parse time).to_time
+      end
+
+      step 'I configure library and set secure cookie to :val' do |setting|
+        @secure = (setting == 'true') if %w[true false].include?(setting)
+      end
+
+      step 'the cookie\'s secure setting is :set_not_set' do |value|
+        if value == 'set'
+          expect(subject.value[:secure]).to eq(true)
+        else
+          expect(subject.value[:secure]).to eq(nil)
+        end
       end
 
       step 'I create a Snowplow cookie' do; end
@@ -64,21 +84,24 @@ module SnowplowRubyDuid
         expect(subject.value[:value]).to eq(value)
       end
 
+      step 'I configure the library and set same_site to equal :setting' do |setting|
+        @same_site = setting.to_sym unless setting.empty?
+      end
+
+      step 'the cookie has the SameSite attribute equal to :value' do |value|
+        expect(subject.value[:same_site]).to eq(value.to_sym)
+      end
+
       step 'the cookie value for :field is :value' do |field, value|
-        value_index = case field
-                      when 'domain_userid'
-                        then 0
-                      when 'createTs'
-                        then 1
-                      when 'visitCount'
-                        then 2
-                      when 'nowTs'
-                        then 3
-                      when 'lastVisitTs'
-                        then 4
-                      else
-                        raise "unknown field name: #{field}"
-                      end
+        value_indices = {
+          'domain_userid' => 0,
+          'createTs' => 1,
+          'visitCount' => 2,
+          'nowTs' => 3,
+          'lastVisitTs' => 4
+        }
+
+        value_index = value_indices.fetch(field)
 
         value = nil if value == ''
 

data/spec/lib/snowplow_ruby_duid/domain_userid_spec.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 module SnowplowRubyDuid
   describe DomainUserid do
     subject { described_class.new.to_s }
 
     describe '#to_s' do
       it 'generates the domain userid' do
-        expect(subject.length).to eq(16)
+        expect(subject.length).to eq(36)
       end
     end
   end

data/spec/lib/snowplow_ruby_duid/helper_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rack'
 require 'rack/test'
 require 'timecop'

data/spec/spec_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'time'
 require 'snowplow_ruby_duid'
 

metadata

@@ -1,99 +1,113 @@
 --- !ruby/object:Gem::Specification
 name: snowplow_ruby_duid
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0.prerelease.1
 platform: ruby
 authors:
 - Simply Business
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-02 00:00:00.000000000 Z
+date: 2020-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.46'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.46'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rutabaga
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0'
 description: A gem that exposes the Snowplow domain userid in Rack applications. Also
   allows you to set your own domain userid that will be shared with the Snowplow Javascript
   tracker.
@@ -109,7 +123,9 @@ files:
 - Gemfile
 - LICENSE.txt
 - README.md
+- Rakefile
 - lib/snowplow_ruby_duid.rb
+- lib/snowplow_ruby_duid/configuration.rb
 - lib/snowplow_ruby_duid/cookie.rb
 - lib/snowplow_ruby_duid/domain_userid.rb
 - lib/snowplow_ruby_duid/helper.rb
@@ -136,12 +152,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: A gem that exposes the Snowplow domain userid in Rack applications. Also
@@ -154,4 +169,3 @@ test_files:
 - spec/lib/snowplow_ruby_duid/helper.feature
 - spec/lib/snowplow_ruby_duid/helper_spec.rb
 - spec/spec_helper.rb
-has_rdoc: