Add expire time, for protect Rails CookieSession Replay Attack. version 0.2.4
This commit is contained in:
parent
62f589e9fc
commit
2c72ef1ad3
|
@ -1,3 +1,8 @@
|
||||||
|
0.2.2
|
||||||
|
-----
|
||||||
|
|
||||||
|
- Add `session[:_rucaptcha]` expire time, for protect Rails CookieSession Replay Attack.
|
||||||
|
|
||||||
0.2.3
|
0.2.3
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
PATH
|
PATH
|
||||||
remote: .
|
remote: .
|
||||||
specs:
|
specs:
|
||||||
rucaptcha (0.2.3)
|
rucaptcha (0.2.4)
|
||||||
posix-spawn (>= 0.3.0)
|
posix-spawn (>= 0.3.0)
|
||||||
|
|
||||||
GEM
|
GEM
|
||||||
|
|
|
@ -8,10 +8,18 @@ module RuCaptcha
|
||||||
|
|
||||||
def generate_rucaptcha
|
def generate_rucaptcha
|
||||||
session[:_rucaptcha] = RuCaptcha::Captcha.random_chars
|
session[:_rucaptcha] = RuCaptcha::Captcha.random_chars
|
||||||
|
session[:rucaptcha_at] = Time.now.to_i
|
||||||
|
|
||||||
RuCaptcha::Captcha.create(session[:_rucaptcha])
|
RuCaptcha::Captcha.create(session[:_rucaptcha])
|
||||||
end
|
end
|
||||||
|
|
||||||
def verify_rucaptcha?(resource = nil)
|
def verify_rucaptcha?(resource = nil)
|
||||||
|
rucaptcha_at = session[:_rucaptcha_at].to_i
|
||||||
|
# Captcha chars in Session expire in 2 minutes
|
||||||
|
if rucaptcha_at.blank? || (Time.now.to_i - rucaptcha_at) > 120
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
right = params[:_rucaptcha].present? && session[:_rucaptcha].present? &&
|
right = params[:_rucaptcha].present? && session[:_rucaptcha].present? &&
|
||||||
params[:_rucaptcha].downcase.strip == session[:_rucaptcha]
|
params[:_rucaptcha].downcase.strip == session[:_rucaptcha]
|
||||||
if resource && resource.respond_to?(:errors)
|
if resource && resource.respond_to?(:errors)
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
module RuCaptcha
|
module RuCaptcha
|
||||||
VERSION = '0.2.3'
|
VERSION = '0.2.4'
|
||||||
end
|
end
|
||||||
|
|
|
@ -24,6 +24,7 @@ describe RuCaptcha do
|
||||||
describe '.verify_rucaptcha?' do
|
describe '.verify_rucaptcha?' do
|
||||||
context 'Correct chars in params' do
|
context 'Correct chars in params' do
|
||||||
it 'should work' do
|
it 'should work' do
|
||||||
|
simple.session[:_rucaptcha_at] = Time.now.to_i
|
||||||
simple.session[:_rucaptcha] = 'abcd'
|
simple.session[:_rucaptcha] = 'abcd'
|
||||||
simple.params[:_rucaptcha] = 'Abcd'
|
simple.params[:_rucaptcha] = 'Abcd'
|
||||||
expect(simple.verify_rucaptcha?).to eq(true)
|
expect(simple.verify_rucaptcha?).to eq(true)
|
||||||
|
@ -34,10 +35,20 @@ describe RuCaptcha do
|
||||||
|
|
||||||
describe 'Incorrect chars' do
|
describe 'Incorrect chars' do
|
||||||
it "should work" do
|
it "should work" do
|
||||||
|
simple.session[:_rucaptcha_at] = Time.now.to_i - 60
|
||||||
simple.session[:_rucaptcha] = 'abcd'
|
simple.session[:_rucaptcha] = 'abcd'
|
||||||
simple.params[:_rucaptcha] = 'd123'
|
simple.params[:_rucaptcha] = 'd123'
|
||||||
expect(simple.verify_rucaptcha?).to eq(false)
|
expect(simple.verify_rucaptcha?).to eq(false)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'Expires Session key' do
|
||||||
|
it "should work" do
|
||||||
|
simple.session[:_rucaptcha_at] = Time.now.to_i - 121
|
||||||
|
simple.session[:_rucaptcha] = 'abcd'
|
||||||
|
simple.params[:_rucaptcha] = 'abcd'
|
||||||
|
expect(simple.verify_rucaptcha?).to eq(false)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue