Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add encrypted cookie option #992

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Add encrypted cookie option #992

wants to merge 7 commits into from

Conversation

schorsch
Copy link
Contributor

  • adds the option to encrypt the cookie containing the remember token
  • implemented on the same schema as signed_cookie method
  • overrides the signed_cookie setting of booth are present

My code may not be the most elaborate solution, but if it suits someone this could be a starting point.
There are no Unit-Test for it atm, but it works for me in a production app.

schorsch and others added 7 commits March 8, 2023 11:34
@schorsch
update argon2 to v2.2.0 gem due to errors loading argon2_wrap library…
3be5f08 
… with rubygems 3.4.6
@schorsch
add encrypt_cookie option in the same way as signed_cookie. using the…
a51eceb 
… new option overrides signed_cookie settings. no tests so far
@schorsch
add encrypt_cookie option in the same way as signed_cookie. using the…
36cfc31 
… new option overrides signed_cookie settings. no tests so far
@schorsch
Merge remote-tracking branch 'origin/add_encrypted_cookie_option' int…
49f801d 
…o add_encrypted_cookie_option

# Conflicts:
#	lib/clearance/configuration.rb
#	lib/clearance/session.rb
#	spec/support/request_with_remember_token.rb
@brian-penguin
Merge branch 'main' into main
5bfda9d
@schorsch
Merge branch 'thoughtbot:main' into main
3d19439
@schorsch
Merge branch 'main' into add_encrypted_cookie_option
74c1dba
hound[bot]
hound bot reviewed May 17, 2023
View reviewed changes
lib/clearance/configuration.rb
@@ -96,6 +96,12 @@ class Configuration
# @return [Boolean|:migrate]
attr_reader :signed_cookie

# Controls whether cookies are encrypted.
# Defaults to `nil` for backwards compatibility.
# When not nil overrides signed_cookie settings and if true uses Rails' encrypted cookies
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Metrics/LineLength: Line is too long. [93/80]

lib/clearance/session.rb
when true
cookies.signed[remember_token_cookie]
when :migrate
cookies.signed[remember_token_cookie] || cookies[remember_token_cookie]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Metrics/LineLength: Line is too long. [81/80]

lib/clearance/session.rb
when true
cookies.encrypted[remember_token_cookie]
when :migrate
cookies.encrypted[remember_token_cookie] || cookies[remember_token_cookie]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Metrics/LineLength: Line is too long. [84/80]

@schorsch schorsch requested a review from sej3506 as a code owner May 8, 2024 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hound hound[bot] hound[bot] left review comments

@sej3506 sej3506 Awaiting requested review from sej3506 sej3506 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@schorsch @brian-penguin