securecookie

Author	SHA1	Message	Date
Kamil Kisiel	ff356348f7	Merge pull request #39 from 0x434D53/master Update Readme: Added HttpOnly, Secure flags for setting the cookie	2016-05-25 13:33:48 -07:00
0x434D53	f5b37263f0	Update Readme: Added HttpOnly, Secure flags for setting the cookie	2016-05-25 16:56:53 +02:00
Matt Silverlock	667fe4e346	Merge branch 'master' of github.com:gorilla/securecookie	2016-04-22 06:45:19 -07:00
Matt Silverlock	4c7f85bfe5	[ci] .travis.yml go vet fix.	2016-04-22 06:44:34 -07:00
Matt Silverlock	a29e8718b6	[feature] NopEncoder: accept/return []byte. [feature] NopEncoder: accept/return []byte.	2016-04-22 06:43:38 -07:00
Matt Silverlock	6ac16e3b5c	[feature] NopEncoder: accept/return []byte. - [docs] Update doc.go for golint.	2016-03-30 21:13:44 -07:00
Matt Silverlock	8dacca2697	Merge pull request #37 from gorilla/ci/travis-go-1.6 [ci] Update .travis.yml to build Go 1.6	2016-02-26 13:31:13 -08:00
Matt Silverlock	4d88276705	Update .travis.yml to build Go 1.6	2016-02-26 13:24:46 -08:00
Matt Silverlock	e95799a481	Merge pull request #33 from elithrar/subtle-len-backport Reverts `d8773d3` - backports len check for subtle.ConstantTimeCompare.	2015-08-20 16:29:58 +08:00
Matt Silverlock	9479394b87	Reverts `d8773d3` - backports len check for subtle.ConstantTimeCompare.	2015-08-20 16:26:03 +08:00
Kamil Kisiel	2e348ac077	Update .travis.yml	2015-08-19 22:17:30 -07:00
Kamil Kisiel	45e43d5d12	Added fuzz testing facilities.	2015-08-18 13:59:32 -07:00
Kamil Kisiel	95995b243b	Merge pull request #30 from elithrar/gen-key-doc Improved documentation for GenerateRandomKey	2015-08-08 08:20:25 -07:00
Matt Silverlock	6d727f0c85	Added note re: using GenerateRandomKey() not persisting keys.	2015-08-08 19:19:02 +08:00
Matt Silverlock	7029a2efc7	Improved warning around GenerateRandomKey.	2015-08-08 19:16:04 +08:00
Kamil Kisiel	c223d6df53	add test for nil hash key	2015-08-06 11:04:18 -07:00
Kamil Kisiel	5237f00be1	Merge pull request #29 from elithrar/codec-maxage-fix Improved documentation for CodecsFromPairs.	2015-08-06 08:27:58 -07:00
Matt Silverlock	84828075d0	Improved documentation for CodecsFromPairs. - Partially addresses https://github.com/gorilla/sessions/issues/48 - Downstream store packages will need to perform the type assertion in their code - Elected to document this and fix stores rather than add a function to the public API.	2015-08-06 15:26:37 +08:00
Matt Silverlock	a2b6e9f57e	Merge pull request #27 from s7v7nislands/fix_readme Update block key lengths in README	2015-08-06 15:14:33 +08:00
Kamil Kisiel	ba5126409e	Merge pull request #28 from keunwoo/keunwoo-errors-alt-20150720 Make errors more distinguishable	2015-07-27 15:09:43 -07:00
Keunwoo Lee	8cd2140311	Move error type assertions to test file. Per elithrar comment on PR 28: https://github.com/gorilla/securecookie/pull/28#discussion_r35059831	2015-07-27 10:27:54 -07:00
Keunwoo Lee	ba5d1f998d	Rename errorImpl -> cookieError Per elithrar comment on PR 28: https://github.com/gorilla/securecookie/pull/28#discussion_r35059597	2015-07-27 10:26:56 -07:00
Keunwoo Lee	9f0025d371	Make errors more distinguishable Prior to this commit, this library raised errors either mostly using errors.New() or directly passing through error values from underlying libraries. This made it difficult for clients to respond correctly to the errors that were returned. This becomes particularly problematic when securecookie is used together with gorilla/sessions. From an operations standpoint, you often want to log different errors when the client simply provides an invalid auth cookie, versus an I/O error fetching data from the session store. The former probably indicates an expired timestamp or similar client error; the latter indicates a possible failure in a backend database. This commit introduces a public Error interface, which is now returned consistently on all errors, and can be used to distinguish between implementation errors (IsUsage() and IsInternal()) and failed validation of user input (IsDecode()). See also discussion on pull requests #9 and #24: https://github.com/gorilla/securecookie/pull/9 https://github.com/gorilla/securecookie/pull/24 Some interface comments on other API functions have been clarified and updated to harmonize with the new error interfaces.	2015-07-20 15:00:22 -07:00
s7v7nislands	5a4a7236a0	fix readme	2015-07-17 17:59:40 +08:00
Kamil Kisiel	aeade84400	Merge pull request #26 from Annonomus-Penguin/patch-1 Fixed broken link in README	2015-07-16 16:32:44 -07:00
Annonomus-Penguin	26d3ac66fd	Fixed broken link in README	2015-07-16 18:32:13 -05:00
Kamil Kisiel	e8ab2fa5d1	Merge pull request #23 from elithrar/readme-updates Fleshed out the README based on doc.go.	2015-07-05 00:27:28 -07:00
Matt Silverlock	dddbb792b0	Fleshed out the README based on doc.go. - Added mention of the LICENSE. - Used GFM code blocks for the examples. - Added mention of the JSON encoder.	2015-07-05 15:13:42 +08:00
Kamil Kisiel	68004d2ba3	Merge pull request #22 from cyx/use-reflect-deepequal Use reflect.DeepEqual instead	2015-06-05 15:53:49 -07:00
Kamil Kisiel	203fca9e22	Merge pull request #21 from elithrar/json-encoder Added support for encoding/json	2015-06-05 15:49:47 -07:00
Cyril David	6dca1ffb59	Use reflect.DeepEqual instead Unless there's something I'm missing, probably better to delegate this check to the reflect package.	2015-05-25 00:22:56 -07:00
Matt Silverlock	b002d4848c	Merge branch 'json-encoder' of github.com:elithrar/securecookie into json-encoder	2015-05-20 20:56:22 +00:00
Matt Silverlock	3c76054b69	Added a JSON encoder/decoder to securecookie. A new "Serializer" interface with serialize/deserialize methods allows custom encoders to be specified. encoding/gob remains the default for compatibility/ease-of-use reasons, but the (often faster) encoding/json is now an option. Fixed typo - TestEncription => TestEncryption	2015-05-20 20:49:45 +00:00
Matt Silverlock	9ff68c4826	Fixed typo - TestEncription => TestEncryption	2015-05-16 17:53:12 +00:00
Matt Silverlock	978e3ebada	Added a JSON encoder/decoder to securecookie. A new "Encoder" interface with serialize/deserialize methods allows custom encoders to be specified. encoding/gob remains the default for compatibility/ease-of-use reasons, but the (often faster) encoding/json is now an option.	2015-05-16 17:50:49 +00:00
Kamil Kisiel	8e98dd730f	Merge pull request #19 from dchest/testinvalid Add test for decoding some invalid cookies.	2015-03-27 08:58:05 -07:00
Dmitry Chestnykh	2e358078af	Add test for decoding some invalid cookies.	2015-03-27 16:48:51 +01:00
Kamil Kisiel	ab638a3cc2	Revert "Improve Decode against timing attacks" This reverts commit `1be1b717b7`.	2015-03-27 08:31:10 -07:00
Kamil Kisiel	3609df1fc5	Revert "Commenting retErr and setErr in Decode" This reverts commit `c7a729999d`.	2015-03-27 08:31:09 -07:00
Kamil Kisiel	5d52df3629	Revert "A few more comments on decoding." This reverts commit `a54a6f264e`.	2015-03-27 08:31:06 -07:00
Kamil Kisiel	a54a6f264e	A few more comments on decoding.	2015-03-17 16:36:01 -07:00
Kamil Kisiel	1dea542d12	Merge pull request #16 from elithrar/patch-1 Removed redundant calls to len()	2015-03-17 16:33:49 -07:00
Kamil Kisiel	fec4f16574	Merge pull request #15 from abduelhamit/master Improve Decode against timing attacks	2015-03-17 16:33:24 -07:00
Matt Silverlock	d8773d3e66	Removed redundant calls to len() subtle.ConstantTimeCompare already undertakes a length check internally.	2015-03-18 07:06:26 +08:00
Abdülhamit Yilmaz	c7a729999d	Commenting retErr and setErr in Decode	2015-03-17 23:33:39 +01:00
Abdülhamit Yilmaz	1be1b717b7	Improve Decode against timing attacks	2015-03-17 20:33:51 +01:00
Abdülhamit Yilmaz	79d187a212	Add TestMissingKey	2015-03-17 20:13:00 +01:00
Abdülhamit Yilmaz	5ce09b9e8f	Omit unnecessary `else`s See http://golang.org/doc/effective_go.html#else	2015-03-17 19:25:18 +01:00
Kamil Kisiel	5f171f4232	Fix broken error message on invalid MAC. Fixes #13.	2015-02-02 22:33:18 -08:00
Kamil Kisiel	f0559d009e	Merge pull request #11 from dominikh/master say that we create a key of a certain length, not strength	2014-11-20 09:07:42 -08:00

1 2

64 commits