1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
|
# frozen_string_literal: true
require 'openssl'
require 'zlib'
require 'json'
require 'base64'
require 'delegate'
require_relative '../constants'
require_relative '../utils'
require_relative 'abstract/id'
require_relative '../encryptor'
module Rack
module Session
# Rack::Session::Cookie provides simple cookie based session management.
# By default, the session is a Ruby Hash that is serialized and encoded as
# a cookie set to :key (default: rack.session).
#
# This middleware accepts a :secrets option which enables encryption of
# session cookies. This option should be one or more random "secret keys"
# that are each at least 64 bytes in length. Multiple secret keys can be
# supplied in an Array, which is useful when rotating secrets.
#
# Several options are also accepted that are passed to Rack::Encryptor.
# These options include:
# * :serialize_json
# Use JSON for message serialization instead of Marshal. This can be
# viewed as a security ehancement.
# * :gzip_over
# For message data over this many bytes, compress it with the deflate
# algorithm.
#
# Refer to Rack::Encryptor for more details on these options.
#
# Prior to version TODO, the session hash was stored as base64 encoded
# marshalled data. When a :secret option was supplied, the integrity of the
# encoded data was protected with HMAC-SHA1. This functionality is still
# supported using a set of a legacy options.
#
# Lastly, a :coder option is also accepted. When used, both encryption and
# the legacy HMAC will be skipped. This option could create security issues
# in your application!
#
# Example:
#
# use Rack::Session::Cookie, {
# key: 'rack.session',
# domain: 'foo.com',
# path: '/',
# expire_after: 2592000,
# secrets: 'a randomly generated, raw binary string 64 bytes in size',
# }
#
# Example using legacy HMAC options:
#
# Rack::Session:Cookie.new(application, {
# # The secret used for legacy HMAC cookies, this enables the functionality
# legacy_hmac_secret: 'legacy secret',
# # legacy_hmac_coder will default to Rack::Session::Cookie::Base64::Marshal
# legacy_hmac_coder: Rack::Session::Cookie::Identity.new,
# # legacy_hmac will default to OpenSSL::Digest::SHA1
# legacy_hmac: OpenSSL::Digest::SHA256
# })
#
# Example of a cookie with no encoding:
#
# Rack::Session::Cookie.new(application, {
# :coder => Rack::Session::Cookie::Identity.new
# })
#
# Example of a cookie with custom encoding:
#
# Rack::Session::Cookie.new(application, {
# :coder => Class.new {
# def encode(str); str.reverse; end
# def decode(str); str.reverse; end
# }.new
# })
#
class Cookie < Abstract::PersistedSecure
# Encode session cookies as Base64
class Base64
def encode(str)
::Base64.strict_encode64(str)
end
def decode(str)
::Base64.decode64(str)
end
# Encode session cookies as Marshaled Base64 data
class Marshal < Base64
def encode(str)
super(::Marshal.dump(str))
end
def decode(str)
return unless str
::Marshal.load(super(str)) rescue nil
end
end
# N.B. Unlike other encoding methods, the contained objects must be a
# valid JSON composite type, either a Hash or an Array.
class JSON < Base64
def encode(obj)
super(::JSON.dump(obj))
end
def decode(str)
return unless str
::JSON.parse(super(str)) rescue nil
end
end
class ZipJSON < Base64
def encode(obj)
super(Zlib::Deflate.deflate(::JSON.dump(obj)))
end
def decode(str)
return unless str
::JSON.parse(Zlib::Inflate.inflate(super(str)))
rescue
nil
end
end
end
# Use no encoding for session cookies
class Identity
def encode(str); str; end
def decode(str); str; end
end
class Marshal
def encode(str)
::Marshal.dump(str)
end
def decode(str)
::Marshal.load(str) if str
end
end
attr_reader :coder, :encryptors
def initialize(app, options = {})
secrets = [*options[:secrets]]
encryptor_opts = {
purpose: options[:key], serialize_json: options[:serialize_json]
}
# For each secret, create an Encryptor. We have iterate this Array at
# decryption time to achieve key rotation.
@encryptors = secrets.map do |secret|
Rack::Encryptor.new secret, encryptor_opts
end
# If a legacy HMAC secret is present, initialize those features
if options.has_key?(:legacy_hmac_secret)
@legacy_hmac = options.fetch(:legacy_hmac, 'SHA1')
@legacy_hmac_secret = options[:legacy_hmac_secret]
@legacy_hmac_coder = options.fetch(:legacy_hmac_coder, Base64::Marshal.new)
else
@legacy_hmac = false
end
warn <<-MSG unless secure?(options)
SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
Called from: #{caller[0]}.
MSG
# Potential danger ahead! Marshal without verification and/or
# encryption could present a major security issue.
@coder = options[:coder] ||= Base64::Marshal.new
super(app, options.merge!(cookie_only: true))
end
private
def find_session(req, sid)
data = unpacked_cookie_data(req)
data = persistent_session_id!(data)
[data["session_id"], data]
end
def extract_session_id(request)
unpacked_cookie_data(request)["session_id"]
end
def unpacked_cookie_data(request)
request.fetch_header(RACK_SESSION_UNPACKED_COOKIE_DATA) do |k|
cookie_data = request.cookies[@key]
session_data = nil
# Try to decrypt the session data with our encryptors
encryptors.each do |encryptor|
begin
session_data = encryptor.decrypt(cookie_data) if cookie_data
break
rescue Rack::Encryptor::Error => error
request.env[Rack::RACK_ERRORS].puts "Session cookie encryptor error: #{error.message}"
next
end
end
# If session decryption fails but there is @legacy_hmac_secret
# defined, attempt legacy HMAC verification
if !session_data && @legacy_hmac_secret
# Parse and verify legacy HMAC session cookie
session_data, _, digest = cookie_data.rpartition('--')
session_data = nil unless legacy_digest_match?(session_data, digest)
# Decode using legacy HMAC decoder
session_data = @legacy_hmac_coder.decode(session_data)
elsif !session_data && coder
# Use the coder option, which has the potential to be very unsafe
session_data = coder.decode(cookie_data)
end
request.set_header(k, session_data || {})
end
end
def persistent_session_id!(data, sid = nil)
data ||= {}
data["session_id"] ||= sid || generate_sid
data
end
class SessionId < DelegateClass(Session::SessionId)
attr_reader :cookie_value
def initialize(session_id, cookie_value)
super(session_id)
@cookie_value = cookie_value
end
end
def write_session(req, session_id, session, options)
session = session.merge("session_id" => session_id)
session_data = encode_session_data(session)
if session_data.size > (4096 - @key.size)
req.get_header(RACK_ERRORS).puts("Warning! Rack::Session::Cookie data size exceeds 4K.")
nil
else
SessionId.new(session_id, session_data)
end
end
def delete_session(req, session_id, options)
# Nothing to do here, data is in the client
generate_sid unless options[:drop]
end
def legacy_digest_match?(data, digest)
return false unless data && digest
Rack::Utils.secure_compare(digest, legacy_generate_hmac(data))
end
def legacy_generate_hmac(data)
OpenSSL::HMAC.hexdigest(@legacy_hmac, @legacy_hmac_secret, data)
end
def encode_session_data(session)
if encryptors.empty?
coder.encode(session)
else
encryptors.first.encrypt(session)
end
end
# Were consider "secure" if:
# * Encrypted cookies are enabled and one or more encryptor is
# initialized
# * The legacy HMAC option is enabled
# * Customer :coder is used, with :let_coder_handle_secure_encoding
# set to true
def secure?(options)
!@encryptors.empty? ||
@legacy_hmac ||
(options[:coder] && options[:let_coder_handle_secure_encoding])
end
end
end
end
|
