| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
- Introduce a method to select default cipher, and maintain backward compatibility
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
|
| |
|
|
|
|
| |
(I personally prefer writing one string in one line no matter how long it is, though)
|
|\
| |
| | |
Add missing `+` around a some literals.
|
| |
| |
| |
| |
| |
| | |
Mainly around `nil`
[ci skip]
|
|/ |
|
|
|
|
| |
key length
|
|
|
|
|
|
|
|
|
| |
Since keys are truncated, ruby 2.4 doesn't accept keys greater than their lenghts.
keys of same value but different lenght and greater than key size of cipher, produce the same results
as reproduced at https://gist.github.com/rhenium/b81355fe816dcfae459cc5eadfc4f6f9
Since our default cipher is 'aes-256-cbc', key length for which is 32 bytes, limit the length of key being passed to Encryptor to 32 bytes.
This continues to support backwards compat with any existing signed data, already encrupted and signed with 32+ byte keys.
Also fixes the passing of this value in multiple tests.
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
| |
Multiple cookie values should be separated by '; ' according
to RFC 6265, section 5.4.4[1].
[1]: https://tools.ietf.org/html/rfc6265#section-5.4
|
| |
|
|
|
|
|
| |
Get an incorrect cookie value in controller action method
if cookie value contains an escapable string.
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new method to request and response so we don't need to
violate the law of demeter.
We are changing `Request` and `Response` so that they always have a
`cookie_jar`
This is a continuation on work to combine integration and controller
test code bases in Rails.
|
| |
|
|
|
|
| |
header.
|
|
|
|
|
| |
Use the Rack utility methods for functional header manipulation. This
helps to eliminate coupling on the header hash
|
|
|
|
| |
It's only used there.
|
|
|
|
|
| |
`CookieJar` is only at the start of the chain and has its own
request method, so we don't need it in the module.
|
|
|
|
| |
It was the same in both legacy versions of the signed and encrypted cookie jars.
|
|
|
|
| |
The `EncryptedCookieJar` already calls it for us, so just delegate to its `parse` implementation.
|
|
|
|
|
| |
`SignedCookieJar`'s parse method already attempts to verify the message,
so we can just call super and try the old verifier if it fails.
|
|
|
|
| |
Cuts down on the duplicated reading parts.
|
|
|
|
| |
Gets rid of the option parsing and makes what the encryptor does stand out.
|
|
|
|
| |
Lets us avoid worrying about parsing the options and doing just what we need.
|
|
|
|
| |
Remove the clutter to make PermanentCookieJar's one change stand out.
|
|
|
|
| |
Eventually this will be the superclass of all the chained jars.
|
|
|
|
|
|
| |
Just include the modules necessary in the Request object to implement
the things we need. This should make it easier to build delegate
request objects because the API is smaller
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With changes made in 8363b8 and ae29142 cookies that are mutated on the
request like `cookies.signed = x` were not retained in subsequent tests,
breaking cookie authentiation in controller tests.
The test added demonstrates the issue.
The reason we need to select from non-deleted cookies is because without
checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the
wrong cookies to be updated. The code must check for `@deleted_cookies`
before sending an `#update` with the requests cookie_jar cookies.
This follows how the cookie_jar cookies from the request were updated
before these changes.
|
|
|
|
| |
They are already required in `actionpack/lib/action_dispatch.rb` (L25-L26)
|
| |
|
| |
|
|
|
|
|
| |
we don't recycle requests anymore, so we shouldn't need to recycle
cookie jars
|
|
|
|
| |
this prevents the middleware from knowing the specific key for the jar
|
| |
|
|
|
|
|
| |
This changes the chained jars to ask the parent jar for the request
object which should eventually call back up to the original jar
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
eventually we will make the cookie jar derive these values from the
request object rather than save a reference to the values
|
|
|
|
|
|
|
|
| |
The cookie jar can just ask the request object for the information it
needs. This allows us to stop allocating hashes for options, and also
allows us to delay calculating values in advance. Generating the
options hash forced us to calculate values that we may never have needed
at runtime
|
|
|
|
|
|
| |
Accessing a request object has nice advantages over accessing a hash.
If you use a missing method name, you'll get an exception rather than a
`nil` (is one nice feature)
|
| |
|
|
|
|
|
|
| |
This change decouples `cookie_jar` allocation from the request object.
We need this for moving controller tests to integration tests so we can
access the `cookie_jar` object separately.
|
| |
|