Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add encrypted cookie option #992

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Prev Previous commit
Next Next commit
add encrypt_cookie option in the same way as signed_cookie. using the…
… new option overrides signed_cookie settings. no tests so far
  • Loading branch information
schorsch committed Mar 8, 2023
commit 36cfc31ee7049e6adbe08ee4fae53fb6191d5f06
17 changes: 17 additions & 0 deletions lib/clearance/configuration.rb
Original file line number Diff line number Diff line change
@@ -96,6 +96,12 @@ class Configuration
# @return [Boolean|:migrate]
attr_reader :signed_cookie

# Controls whether cookies are encrypted.
# Defaults to `nil` for backwards compatibility.
# When not nil overrides signed_cookie settings and if true uses Rails' encrypted cookies
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Metrics/LineLength: Line is too long. [93/80]

# @return [Boolean|:migrate]
attr_reader :encrypted_cookie

# The array of sign in guards to run when signing a user in.
# Defaults to an empty array. Sign in guards respond to `call` and are
# initialized with a session and the current stack. Each guard can decide
@@ -144,6 +150,7 @@ def initialize
@routes = true
@secure_cookie = false
@signed_cookie = false
@encrypted_cookie = nil
@sign_in_guards = []
@user_parameter = nil
@sign_in_on_password_reset = true
@@ -159,6 +166,16 @@ def signed_cookie=(value)
end
end

def encrypted_cookie=(value)
if [true, false, :migrate].include? value
@encrypted_cookie = value
else
raise "Clearance's enrcypted_cookie configuration value is invalid. " \
"Valid values are true, false, or :migrate. " \
"Set this option via Clearance.configure in an initializer"
end
end

# The class representing the configured user model.
# In the default configuration, this is the `User` class.
# @return [Class]
44 changes: 32 additions & 12 deletions lib/clearance/session.rb
Original file line number Diff line number Diff line change
@@ -108,24 +108,44 @@ def cookies

# @api private
def set_remember_token(token)
case Clearance.configuration.signed_cookie
when true, :migrate
cookies.signed[remember_token_cookie] = cookie_options(token)
when false
cookies[remember_token_cookie] = cookie_options(token)
if !Clearance.configuration.encrypted_cookie.nil?
case Clearance.configuration.encrypted_cookie
when true, :migrate
cookies.encrypted[remember_token_cookie] = cookie_options(token)
when false
cookies[remember_token_cookie] = cookie_options(token)
end
else
case Clearance.configuration.signed_cookie
when true, :migrate
cookies.signed[remember_token_cookie] = cookie_options(token)
when false
cookies[remember_token_cookie] = cookie_options(token)
end
end
remember_token
end

# @api private
def remember_token
case Clearance.configuration.signed_cookie
when true
cookies.signed[remember_token_cookie]
when :migrate
cookies.signed[remember_token_cookie] || cookies[remember_token_cookie]
when false
cookies[remember_token_cookie]
if !Clearance.configuration.encrypted_cookie.nil?
case Clearance.configuration.encrypted_cookie
when true
cookies.encrypted[remember_token_cookie]
when :migrate
cookies.encrypted[remember_token_cookie] || cookies[remember_token_cookie]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Metrics/LineLength: Line is too long. [84/80]

when false
cookies[remember_token_cookie]
end
else
case Clearance.configuration.signed_cookie
when true
cookies.signed[remember_token_cookie]
when :migrate
cookies.signed[remember_token_cookie] || cookies[remember_token_cookie]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Metrics/LineLength: Line is too long. [81/80]

when false
cookies[remember_token_cookie]
end
end
end

4 changes: 3 additions & 1 deletion spec/support/request_with_remember_token.rb
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
module RememberTokenHelpers
def request_with_remember_token(remember_token)
cookies = ActionDispatch::Request.new({}).cookie_jar
if Clearance.configuration.signed_cookie
if Clearance.configuration.encrypted_cookie
cookies.encrypted[Clearance.configuration.cookie_name] = remember_token
elsif Clearance.configuration.signed_cookie
cookies.signed[Clearance.configuration.cookie_name] = remember_token
else
cookies[Clearance.configuration.cookie_name] = remember_token