Module: SafeCookies::Helpers

Included in:
Middleware
Defined in:
lib/safe_cookies/helpers.rb

Constant Summary collapse

KNOWN_COOKIES_DIVIDER = 
'|'

Instance Method Summary collapse

Instance Method Details

#cache_application_cookies_stringObject

Since we have to operate on and modify the actual @headers hash that the application returns, cache the @headers string so that later on, we still know what the application did set.



9
10
11
12
13
14
15
16
17
18
 
# File 'lib/safe_cookies/helpers.rb', line 9

def cache_application_cookies_string
  cookies = @headers['Set-Cookie']
  # Rack 1.1 returns an Array
  cookies = cookies.join("\n") if cookies.is_a?(Array)

  if cookies and cookies.length > 0
    @application_cookies_string = cookies
  end
  # else, @application_cookies_string will be `nil`
end

#cookies_have_been_rewritten_before?Boolean

boolean

Returns:

  • (Boolean) 


77
78
79
 
# File 'lib/safe_cookies/helpers.rb', line 77

def cookies_have_been_rewritten_before?
  @request.cookies.has_key? SECURED_COOKIE_NAME
end

#http_only(cookie) ⇒ Object 



29
30
31
32
33
34
35
 
# File 'lib/safe_cookies/helpers.rb', line 29

def http_only(cookie)
  if should_be_http_only?(cookie) and cookie !~ /(^|;\s)HttpOnly($|;)/
    "#{cookie}; HttpOnly"
  else
    cookie
  end
end

#known_cookie_namesObject 



68
69
70
71
72
 
# File 'lib/safe_cookies/helpers.rb', line 68

def known_cookie_names
  known = [STORE_COOKIE_NAME, SECURED_COOKIE_NAME]
  known += stored_application_cookie_names
  known += @config.registered_cookies.keys
end

#request_cookiesObject

returns the request cookies minus ignored cookies



55
56
57
 
# File 'lib/safe_cookies/helpers.rb', line 55

def request_cookies
  Util.except!(@request.cookies.dup, *@config.ignored_cookies)
end

#rewritable_request_cookiesObject 



64
65
66
 
# File 'lib/safe_cookies/helpers.rb', line 64

def rewritable_request_cookies
  Util.slice(request_cookies, *@config.registered_cookies.keys)
end

#secure(cookie) ⇒ Object 



20
21
22
23
24
25
26
27
 
# File 'lib/safe_cookies/helpers.rb', line 20

def secure(cookie)
  # Regexp from https://github.com/tobmatth/rack-ssl-enforcer/
  if should_be_secure?(cookie) and cookie !~ /(^|;\s)secure($|;)/
    "#{cookie}; secure"
  else
    cookie
  end
end

#set_cookie!(name, value, options) ⇒ Object 



37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/safe_cookies/helpers.rb', line 37

def set_cookie!(name, value, options)
  options = options.dup
  expire_after = options.delete(:expire_after)

  options[:expires] = Time.now + expire_after if expire_after
  options[:path] = '/' unless options.has_key?(:path) # allow setting path = nil
  options[:value] = value
  options[:secure] = should_be_secure?(name)
  options[:httponly] = should_be_http_only?(name)

  # Rack magic
  Rack::Utils.set_cookie_header!(@headers, name, options)
end

#should_be_http_only?(cookie) ⇒ Boolean

Returns:

  • (Boolean) 


95
96
97
98
 
# File 'lib/safe_cookies/helpers.rb', line 95

def should_be_http_only?(cookie)
  cookie_name = cookie.split('=').first.strip
  not @config.scriptable_cookie?(cookie_name)
end

#should_be_secure?(cookie) ⇒ Boolean

Returns:

  • (Boolean) 


81
82
83
84
 
# File 'lib/safe_cookies/helpers.rb', line 81

def should_be_secure?(cookie)
  cookie_name = cookie.split('=').first.strip
  ssl? and not @config.insecure_cookie?(cookie_name)
end

#ssl?Boolean

Returns:

  • (Boolean) 


86
87
88
89
90
91
92
93
 
# File 'lib/safe_cookies/helpers.rb', line 86

def ssl?
  if @request.respond_to?(:ssl?)
    @request.ssl?
  else
    # older Rack versions
    @request.scheme == 'https'
  end
end

#stored_application_cookie_namesObject 



59
60
61
62
 
# File 'lib/safe_cookies/helpers.rb', line 59

def stored_application_cookie_names
  store_cookie = @request.cookies[STORE_COOKIE_NAME] || ""
  store_cookie.split(KNOWN_COOKIES_DIVIDER)
end