client-sessions
Advanced tools
Comparing version 0.6.0 to 0.7.0
@@ -266,12 +266,31 @@ /* This Source Code Form is subject to the terms of the Mozilla Public | ||
var iv = base64urldecode(components[0]); | ||
var ciphertext = base64urldecode(components[1]); | ||
var iv; | ||
var ciphertext; | ||
var hmac; | ||
try { | ||
iv = base64urldecode(components[0]); | ||
ciphertext = base64urldecode(components[1]); | ||
hmac = base64urldecode(components[4]); | ||
} catch (ignored) { | ||
cleanup(); | ||
return; | ||
} | ||
var createdAt = parseInt(components[2], 10); | ||
var duration = parseInt(components[3], 10); | ||
var hmac = base64urldecode(components[4]); | ||
function cleanup() { | ||
zeroBuffer(iv); | ||
zeroBuffer(ciphertext); | ||
zeroBuffer(hmac); | ||
if (iv) { | ||
zeroBuffer(iv); | ||
} | ||
if (ciphertext) { | ||
zeroBuffer(ciphertext); | ||
} | ||
if (hmac) { | ||
zeroBuffer(hmac); | ||
} | ||
if (expectedHmac) { // declared below | ||
@@ -406,2 +425,7 @@ zeroBuffer(expectedHmac); | ||
// alias for `reset` function for compatibility | ||
destroy: function(){ | ||
this.reset(); | ||
}, | ||
setDuration: function(newDuration, ephemeral) { | ||
@@ -508,2 +532,6 @@ if (ephemeral && this.opts.cookie.maxAge) { | ||
}); | ||
Object.defineProperty(value, 'destroy', { | ||
enumerable: false, | ||
value: this.destroy.bind(this) | ||
}); | ||
Object.defineProperty(value, 'setDuration', { | ||
@@ -510,0 +538,0 @@ enumerable: false, |
{ | ||
"name" : "client-sessions", | ||
"version" : "0.6.0", | ||
"version" : "0.7.0", | ||
"description" : "secure sessions stored in cookies", | ||
@@ -11,3 +11,3 @@ "main" : "lib/client-sessions", | ||
"dependencies" : { | ||
"cookies" : "0.3.8" | ||
"cookies" : "0.5.0" | ||
}, | ||
@@ -14,0 +14,0 @@ "devDependencies": { |
@@ -46,3 +46,3 @@ [![build status](https://secure.travis-ci.org/mozilla/node-client-sessions.png)](http://travis-ci.org/mozilla/node-client-sessions) | ||
httpOnly: true, // when true, cookie is not accessible from javascript | ||
secure: false // when true, cookie will only be sent over SSL | ||
secure: false // when true, cookie will only be sent over SSL. use key 'secureProxy' instead if you handle SSL not in your node process | ||
} | ||
@@ -49,0 +49,0 @@ })); |
@@ -866,2 +866,9 @@ // a NODE_ENV of test will supress console output to stderr which | ||
assert.isUndefined(decodedFake); | ||
}, | ||
"decode - invalid input" : function(err, req){ | ||
var notEnoughComponents = 'LVB3G2lnPF75RzsT9mz7jQ.RT1Lcq0dOJ_DMRHyWJ4NZPjBXr2WzkFcUC4NO78gbCQ.1371704898483.5000'; | ||
assert.isUndefined(cookieSessions.util.decode({cookieName: 'session', secret: 'yo'}, notEnoughComponents)); | ||
var invalidBase64 = 'LVB3G2lnPF75RzsT9mz7jQ.RT1Lcq0dOJ_DMRHyWJ4NZPjBXr2WzkFcUC4NO78gb.1371704898483.5000.ILEusgnajT1sqCWLuzaUt-HFn2KPjYNd38DhI7aRCb9'; | ||
assert.isUndefined(cookieSessions.util.decode({cookieName: 'session', secret: 'yo'}, invalidBase64)); | ||
} | ||
@@ -868,0 +875,0 @@ } |
Sorry, the diff of this file is not supported yet
81603
1627
+ Addedcookies@0.5.0(transitive)
+ Addedkeygrip@1.0.3(transitive)
- Removedcookies@0.3.8(transitive)
Updatedcookies@0.5.0