Permalink
Browse files

encrypt user objects in the session

  • Loading branch information...
atmos committed Jan 8, 2015
1 parent 6e3d4d8 commit 2d9cccc292feb2cf9d5a1f4af1b0bf767067d72e
Showing with 38 additions and 16 deletions.
  1. +1 −14 config.ru
  2. +2 −0 lib/warden/github.rb
  3. +32 −0 lib/warden/github/session_serializer.rb
  4. +3 −2 warden-github.gemspec
View
@@ -1,19 +1,6 @@
ENV['RACK_ENV'] ||= 'development'
begin
require File.expand_path('../.bundle/environment', __FILE__)
rescue LoadError
require "rubygems"
require "bundler"
Bundler.setup
end
begin
require 'debugger'
rescue LoadError
require 'ruby-debug'
end
require "bundler/setup"
require 'warden/github'
if ENV['MULTI_SCOPE_APP']
View
@@ -7,5 +7,7 @@
require 'warden/github/hook'
require 'warden/github/config'
require 'warden/github/membership_cache'
require 'warden/github/session_serializer'
require 'active_support/message_verifier'
require 'securerandom'
@@ -0,0 +1,32 @@
module Warden
class SessionSerializer
attr_reader :env
def initialize(env)
@env = env
end
def serialize(user)
cookie_verifier.generate(user)
end
def deserialize(key)
cookie_verifier.verify(key)
rescue ::ActiveSupport::MessageVerifier::InvalidSignature
nil
end
private
def verifier_key
self.class.verifier_key
end
def self.verifier_key
@verifier_key ||= ENV['WARDEN_GITHUB_VERIFIER_SECRET'] || SecureRandom.hex
end
def cookie_verifier
@cookie_verifier ||= ::ActiveSupport::MessageVerifier.new(verifier_key, serializer: Marshal)
end
end
end
View
@@ -14,8 +14,9 @@ Gem::Specification.new do |s|
s.rubyforge_project = "warden-github"
s.add_dependency "warden", ">1.0"
s.add_dependency "octokit", ">2.1.0"
s.add_dependency "warden", ">1.0"
s.add_dependency "octokit", ">2.1.0"
s.add_dependency "activesupport", ">3.0"
s.add_development_dependency "rack", "~>1.4.1"
s.add_development_dependency "rake"

0 comments on commit 2d9cccc

Please sign in to comment.