Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various Fixes #1

Merged
merged 5 commits into from
May 2, 2022
Merged

Various Fixes #1

merged 5 commits into from
May 2, 2022

Conversation

jeremyevans
Copy link
Contributor

Fix autoloading.

Avoid defining constants that conflict with Rack.

Make Rack::Session::Cookie backwards compatible with :secret option.

@jeremyevans
Make rack/session setup autoloads
75543e1 
These are the same autoloads previously used when the session
support was included in rack.

Remove the duplicate constant definitions to avoid constant
warnings when rack is also in use (which it must be for this
to work, as parts of rack-session depend on rack).
@jeremyevans
Define constants under Rack::Session, so they don't conflict with Rac…
1e77478 
…k constants
@jeremyevans
Load rack/session/constants in files that use the constants
a7e7501
@jeremyevans
Support backwards compatibility for Rack::Session::Cookie :secret option
31d5aa6 
Previously, :secret was used to store the HMAC secret.  If it is
used, use it as a fallback to set both the encryption secret and
the legacy HMAC secret.

From a cryptographic perspective, it's best to avoid sharing
secrets like this, even though I'm guessing it is not vulnerable
(note: this is not an educated guess).  I think this is better
than completely breaking backwards compatibility.

The best way to handle conversion from legacy HMAC would be to
specify :secrets in addition to :secret (or :legacy_hmac_secret),
then remove :secret/:legacy_hmac_secret after all sessions have
been upgraded.
@jeremyevans
Copy link
Contributor Author

@ioquatix flagging you as reviewer (GitHub UI isn't offering you as an option).

ioquatix
ioquatix requested changes Feb 23, 2022
View reviewed changes
Copy link
Member

@ioquatix ioquatix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just some minor discussion points.

lib/rack/session/constants.rb Show resolved Hide resolved
@jeremyevans
Avoid unnecessary arguments to Dir.glob in gemspec
9fcea99 
FNM_DOTMATCH is not needed (no additional files would match with
it).  base keyword is what breaks CI on Ruby 2.4, and is not needed
as gem is generally build already in the same directory as the
gemspec.
@ioquatix ioquatix merged commit 7071f65 into rack:main May 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ioquatix ioquatix ioquatix requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jeremyevans @ioquatix