Porting encrypted_cookies feature from 4-4-stable. #666
Conversation
#660 Co-authored-by: Bardoe Besselaar <bardoe.besselaar@iam-javelin.com>
| * Breaking Changes | ||
| * None | ||
| * Added | ||
| * [#660](https://github.com/binarylogic/authlogic/pull/660) - |
There was a problem hiding this comment.
@jaredbeck since we're just porting this from 4-4 to 5-0, think should we make another log entry for it? I guess in the future it might make sense to merge into the latest stable branch, and the backport to older versions 🤷♂️
There was a problem hiding this comment.
since we're just porting this from 4-4 to 5-0, think should we make another log entry for it?
Yes please. SemVer dictates that a new feature increment the minor version (eg. 5.1) and previous minors will not (cannot) have said new feature.
| * Breaking Changes | ||
| * None | ||
| * Added | ||
| * [#660](https://github.com/binarylogic/authlogic/pull/660) - |
There was a problem hiding this comment.
since we're just porting this from 4-4 to 5-0, think should we make another log entry for it?
Yes please. SemVer dictates that a new feature increment the minor version (eg. 5.1) and previous minors will not (cannot) have said new feature.
1. Errors should share a parent class Authlogic::Error 2. Having them in one file is kind of convenient because they often have long messages, and it's nice to keep that copywriting out of the way. Also, it's sort of nice if a file like rails_adapter.rb only defines the adapter class and not any other classes?
[Fixes #668] See changelog for description, rationale.
Update test target version of Rails6
…_auth Update the comment for `Authlogic::Session::Base#allow_http_basic_auth`
Remove dependency on SCrypt
Respect log_in_after_create when creating a new user as a logged-out …
https://github.com/colszowka/simplecov#getting-started > 2. Load and launch SimpleCov at the very top of your `test/test_helper.rb` > Note: If SimpleCov starts after your application code is already loaded (via require), > it won't be able to track your files and their coverage!
Fixup the SimpleCov configuration for measurement test coverage.
README: Use SVG badges
authlogic/lib/authlogic/i18n/translator.rb:11: warning: The last argument is used as the keyword parameter
Fix ruby 2.7 warning on kwargs changes:
Fix ambiguous comment.
email is unique in README
|
What is the status of this request? We just got results from a security scan for our application and one of the (low risk) findings was that the authlogic remember_me cookie is partially static. Having it encrypted would help with this and provide a suitable mitigation. |
|
This branch got a little nasty, so I did a clean branch over in #710 . |
|
@graaff sorry for the delay! We just pushed v5.2.0 and v6.1.0 with the |
This ports the
encrypted_cookiesoption from the 4-4-stable branch #660