New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Porting encrypted_cookies feature from 4-4-stable. #666
Conversation
#660 Co-authored-by: Bardoe Besselaar <bardoe.besselaar@iam-javelin.com>
* Breaking Changes | ||
* None | ||
* Added | ||
* [#660](https://github.com/binarylogic/authlogic/pull/660) - |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jaredbeck since we're just porting this from 4-4 to 5-0, think should we make another log entry for it? I guess in the future it might make sense to merge into the latest stable branch, and the backport to older versions 🤷♂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since we're just porting this from 4-4 to 5-0, think should we make another log entry for it?
Yes please. SemVer dictates that a new feature increment the minor version (eg. 5.1) and previous minors will not (cannot) have said new feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know enough about this new feature to review its actual implementation, but I've given my thoughts about changelog, Gemfile, etc. I hope that's helpful.
* Breaking Changes | ||
* None | ||
* Added | ||
* [#660](https://github.com/binarylogic/authlogic/pull/660) - |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since we're just porting this from 4-4 to 5-0, think should we make another log entry for it?
Yes please. SemVer dictates that a new feature increment the minor version (eg. 5.1) and previous minors will not (cannot) have said new feature.
1. Errors should share a parent class Authlogic::Error 2. Having them in one file is kind of convenient because they often have long messages, and it's nice to keep that copywriting out of the way. Also, it's sort of nice if a file like rails_adapter.rb only defines the adapter class and not any other classes?
[Fixes #668] See changelog for description, rationale.
Update test target version of Rails6
…_auth Update the comment for `Authlogic::Session::Base#allow_http_basic_auth`
Remove dependency on SCrypt
Respect log_in_after_create when creating a new user as a logged-out …
https://github.com/colszowka/simplecov#getting-started > 2. Load and launch SimpleCov at the very top of your `test/test_helper.rb` > Note: If SimpleCov starts after your application code is already loaded (via require), > it won't be able to track your files and their coverage!
Fixup the SimpleCov configuration for measurement test coverage.
README: Use SVG badges
authlogic/lib/authlogic/i18n/translator.rb:11: warning: The last argument is used as the keyword parameter
Fix ruby 2.7 warning on kwargs changes:
Fix ambiguous comment.
email is unique in README
What is the status of this request? We just got results from a security scan for our application and one of the (low risk) findings was that the authlogic remember_me cookie is partially static. Having it encrypted would help with this and provide a suitable mitigation. |
This branch got a little nasty, so I did a clean branch over in #710 . |
@graaff sorry for the delay! We just pushed v5.2.0 and v6.1.0 with the |
This ports the
encrypted_cookies
option from the 4-4-stable branch #660