utopia 2.5.3 → 2.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/utopia/session.rb +5 -12
- data/lib/utopia/version.rb +1 -1
- data/spec/utopia/session_spec.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8fef52d1f6de5c2a8e44763e7f6e7b59869e8a678627b3331876c788a8d1d5c2
|
|
4
|
+
data.tar.gz: 0b89a96822bb9601711c411fd61eeaaf31821f79ec97d15653d8f6f113d0662d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 656d6a39c064ec5078e8ef16782a013491bcb14b33f8102d4ed0db7e6205152d4bbb25ff0d58afdf328f14c41e43d7dad1234aab68ab2f8a0f483f22ee40fddb
|
|
7
|
+
data.tar.gz: fbb4f8d06aa9181fc06523b2dc0f67872400f7d868ed1f05e6f73d9a07462b6563695613258239352efdbcd83ae3ca7b04cd555eb24f39b2c956c08d3ce89eef
|
data/lib/utopia/session.rb
CHANGED
|
@@ -42,7 +42,7 @@ module Utopia
|
|
|
42
42
|
# @param secret [Array] The secret text used to generate a symetric encryption key for the coookie data.
|
|
43
43
|
# @param expires_after [String] The cache-control header to set for static content.
|
|
44
44
|
# @param options [Hash<Symbol,Object>] Additional defaults used for generating the cookie by `Rack::Utils.set_cookie_header!`.
|
|
45
|
-
def initialize(app, session_name: RACK_SESSION, secret: nil, expires_after: DEFAULT_EXPIRES_AFTER, update_timeout: DEFAULT_UPDATE_TIMEOUT, **options)
|
|
45
|
+
def initialize(app, session_name: RACK_SESSION, secret: nil, expires_after: DEFAULT_EXPIRES_AFTER, update_timeout: DEFAULT_UPDATE_TIMEOUT, secure: false, **options)
|
|
46
46
|
@app = app
|
|
47
47
|
|
|
48
48
|
@session_name = session_name
|
|
@@ -63,7 +63,7 @@ module Utopia
|
|
|
63
63
|
domain: nil,
|
|
64
64
|
path: "/",
|
|
65
65
|
# The Secure attribute is meant to keep cookie communication limited to encrypted transmission, directing browsers to use cookies only via secure/encrypted connections. However, if a web server sets a cookie with a secure attribute from a non-secure connection, the cookie can still be intercepted when it is sent to the user by man-in-the-middle attacks. Therefore, for maximum security, cookies with the Secure attribute should only be set over a secure connection.
|
|
66
|
-
secure:
|
|
66
|
+
secure: secure,
|
|
67
67
|
# The HttpOnly attribute directs browsers not to expose cookies through channels other than HTTP (and HTTPS) requests. This means that the cookie cannot be accessed via client-side scripting languages (notably JavaScript), and therefore cannot be stolen easily via cross-site scripting (a pervasive attack technique).
|
|
68
68
|
http_only: true,
|
|
69
69
|
}.merge(options)
|
|
@@ -122,8 +122,7 @@ module Utopia
|
|
|
122
122
|
# Constructs a valid session for the given request. These fields must match as per the checks performed in `valid_session?`:
|
|
123
123
|
def build_initial_session(request)
|
|
124
124
|
{
|
|
125
|
-
|
|
126
|
-
request_user_agent: request.user_agent,
|
|
125
|
+
user_agent: request.user_agent,
|
|
127
126
|
created_at: Time.now.utc,
|
|
128
127
|
updated_at: Time.now.utc,
|
|
129
128
|
}
|
|
@@ -146,14 +145,8 @@ module Utopia
|
|
|
146
145
|
end
|
|
147
146
|
|
|
148
147
|
def valid_session?(request, values)
|
|
149
|
-
if values[:
|
|
150
|
-
warn "Invalid session because #{values[:
|
|
151
|
-
|
|
152
|
-
return false
|
|
153
|
-
end
|
|
154
|
-
|
|
155
|
-
if values[:request_user_agent] != request.user_agent
|
|
156
|
-
warn "Invalid session because #{values[:request_user_agent]} doesn't match #{request.user_agent}!"
|
|
148
|
+
if values[:user_agent] != request.user_agent
|
|
149
|
+
warn "Invalid session because #{values[:user_agent]} doesn't match #{request.user_agent}!" if $VERBOSE
|
|
157
150
|
|
|
158
151
|
return false
|
|
159
152
|
end
|
data/lib/utopia/version.rb
CHANGED
data/spec/utopia/session_spec.rb
CHANGED
|
@@ -103,12 +103,12 @@ module Utopia::SessionSpec
|
|
|
103
103
|
expect(last_response.body).to be == ""
|
|
104
104
|
end
|
|
105
105
|
|
|
106
|
-
it "
|
|
106
|
+
it "shouldn't fail if ip address is changed" do
|
|
107
107
|
# Change user agent:
|
|
108
108
|
header 'X-Forwarded-For', '127.0.0.10'
|
|
109
109
|
|
|
110
110
|
get "/session-get?key=foo"
|
|
111
|
-
expect(last_response.body).to be == ""
|
|
111
|
+
expect(last_response.body).to be == "bar"
|
|
112
112
|
end
|
|
113
113
|
end
|
|
114
114
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: utopia
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.5.
|
|
4
|
+
version: 2.5.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Samuel Williams
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: trenni
|