action_interceptor 0.2.1 → 0.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,15 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 164253286739cc3f66b62a86b6b8c8650ebf441b
4
- data.tar.gz: 96fc1302173b587524f3ede0cf8bfdeaf5953f5f
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ ZTZmOTJjOTJlOTgxNGMzM2MzMmRmMjFiZTdjNTFiOTEyMTRiN2MxZA==
5
+ data.tar.gz: !binary |-
6
+ NzY5ZTBlODU5MWMwZWZiM2U4NmFhMjNiNjM4YTQwZmFiNDcxMzJjNw==
5
7
  SHA512:
6
- metadata.gz: 8d25e02cd76eca730ef751cc702305a67f14b32a5df1e2958fc52e26eaf4a600dca359430f304c9d3fffd2f060b97ab26664d7762ce02c881c24982f2df0e86c
7
- data.tar.gz: b1063a7a075619f8e8fdd511cec3b738595b1f7de4421d1d9d1bb87616f1ef7da5f8b2f11500bf6d2a3a4cf727d102e494cbb46f4a7065dbce616f8f0a884ed5
8
+ metadata.gz: !binary |-
9
+ MzdjZmFkOTFiNmMyNjA5MmVmNjU5MGVmNjg3ZDY0NzAwZWU1OWNiZWYzODRj
10
+ ZTQ1OGFlNGQwNDEzNjZmZDI3ZTRhOGJjOGUwMjc3N2YxNmUwMzcwNGViNDMw
11
+ YTQ0Zjc0ODIwZDgxNDUxNjBlZjliZjQyMmIxODA5NjY5M2I1NzM=
12
+ data.tar.gz: !binary |-
13
+ M2NmYmJkNjE0Y2VjMDI1Mjk0MzdmY2VhNjA4Mjg1MWYwODAxNTdiM2M2YTky
14
+ Yjk4MzQwMmJlYTQ0Njk4MTA2YjA0OGM4NDBhZjEyNGFhNWZmN2VmNzYwN2Ri
15
+ ZDFmNmE1MWVjYzBhMjFiNGQ4NzZlMTMxYmE4NzRjOGVlYmZmNmU=
data/README.md CHANGED
@@ -24,13 +24,24 @@ And then execute:
24
24
  $ bundle install
25
25
  ```
26
26
 
27
- Finally, run the following rake task to add
27
+ Afterwards, run the following rake task to add
28
28
  Action Interceptor's initializer to your application:
29
29
 
30
30
  ```sh
31
31
  $ rake action_interceptor:install
32
32
  ```
33
33
 
34
+ In case Action Interceptor is completely unable to determine which page a user
35
+ came from (should rarely happen if properly configured), it will send the user
36
+ to your application or gem's root_url. So make sure it is defined:
37
+
38
+ ```rb
39
+ root :to => 'some_controller#some_action'
40
+ ```
41
+
42
+ Alternatively, you can always stub root_url in your
43
+ ApplicationController and make it a helper method.
44
+
34
45
  ## Usage
35
46
 
36
47
  Interceptors are blocks of code that are declared in Action Interceptor's
@@ -41,6 +41,7 @@ module ActionInterceptor
41
41
  # Can't redirect back to non-get
42
42
  # Also, can't call root_url here, so use '/' instead
43
43
  url = Encryptor.encrypt_and_sign(request.get? ? current_url : '/')
44
+
44
45
  @current_url_hash = {key => url}
45
46
  end
46
47
 
@@ -100,11 +101,16 @@ module ActionInterceptor
100
101
  return @intercepted_url if @intercepted_url
101
102
 
102
103
  key = ActionInterceptor.intercepted_url_key
104
+ encrypted_url = params[key]
105
+
103
106
  begin
104
107
  # URL params are the most reliable, as they preserve
105
108
  # state even if the user presses the back button
106
109
  # We need to sign them to prevent the Open Redirect vulnerability
107
- @intercepted_url = Encryptor.decrypt_and_verify(params[key])
110
+ @intercepted_url = Encryptor.decrypt_and_verify(encrypted_url)
111
+
112
+ # If we got this far, the encrypted url is valid, so reuse it
113
+ @intercepted_url_hash = {key => encrypted_url}
108
114
  rescue ActiveSupport::MessageVerifier::InvalidSignature
109
115
  # If the param is not available, use our best guess
110
116
  # Session and referer are safe for redirects (for that user)
@@ -118,8 +124,12 @@ module ActionInterceptor
118
124
  end
119
125
 
120
126
  def intercepted_url_hash
127
+ # Run intercepted_url to verify the params in case the
128
+ # encrypted url is in there and can be reused
129
+ unencrypted_url = intercepted_url
121
130
  return @intercepted_url_hash if @intercepted_url_hash
122
- url = Encryptor.encrypt_and_sign(intercepted_url)
131
+
132
+ url = Encryptor.encrypt_and_sign(unencrypted_url)
123
133
  key = ActionInterceptor.intercepted_url_key
124
134
 
125
135
  @intercepted_url_hash = {key => url}
@@ -1,4 +1,4 @@
1
1
  module ActionInterceptor
2
- VERSION = '0.2.1'
2
+ VERSION = '0.2.2'
3
3
  end
4
4
 
@@ -7,7 +7,7 @@ module ActionInterceptor
7
7
  expect(ActionController::Base).to respond_to(:is_interceptor)
8
8
  expect(ActionController::Base).to respond_to(:use_interceptor)
9
9
  expect(ActionController::Base).to respond_to(:interceptor_filters)
10
- expect(ActionController::Base.is_interceptor).to be_false
10
+ expect(ActionController::Base.is_interceptor).to eq(false)
11
11
  expect(ActionController::Base.interceptor_filters).to be_a(Hash)
12
12
 
13
13
  expect(ActionController::Base).to respond_to(:interceptor)
@@ -15,30 +15,30 @@ module ActionInterceptor
15
15
  expect(ActionController::Base).to respond_to(:acts_as_interceptor)
16
16
 
17
17
  expect(ActionController::Base.new.respond_to?(
18
- :current_page?, true)).to be_true
18
+ :current_page?, true)).to eq(true)
19
19
  expect(ActionController::Base.new.respond_to?(
20
- :current_url, true)).to be_true
20
+ :current_url, true)).to eq(true)
21
21
  expect(ActionController::Base.new.respond_to?(
22
- :current_url_hash, true)).to be_true
22
+ :current_url_hash, true)).to eq(true)
23
23
  expect(ActionController::Base.new.respond_to?(
24
- :url_for, true)).to be_true
24
+ :url_for, true)).to eq(true)
25
25
  expect(ActionController::Base.new.respond_to?(
26
- :with_interceptor, true)).to be_true
26
+ :with_interceptor, true)).to eq(true)
27
27
  expect(ActionController::Base.new.respond_to?(
28
- :without_interceptor, true)).to be_true
28
+ :without_interceptor, true)).to eq(true)
29
29
  end
30
30
 
31
31
  it 'modifies classes that act_as_interceptor' do
32
- expect(RegistrationsController.is_interceptor).to be_true
32
+ expect(RegistrationsController.is_interceptor).to eq(true)
33
33
 
34
34
  expect(RegistrationsController.new.respond_to?(
35
- :intercepted_url, true)).to be_true
35
+ :intercepted_url, true)).to eq(true)
36
36
  expect(RegistrationsController.new.respond_to?(
37
- :intercepted_url=, true)).to be_true
37
+ :intercepted_url=, true)).to eq(true)
38
38
  expect(RegistrationsController.new.respond_to?(
39
- :intercepted_url_hash, true)).to be_true
39
+ :intercepted_url_hash, true)).to eq(true)
40
40
  expect(RegistrationsController.new.respond_to?(
41
- :redirect_back, true)).to be_true
41
+ :redirect_back, true)).to eq(true)
42
42
  end
43
43
 
44
44
  it 'registers and skips before_filters' do
@@ -5,11 +5,11 @@ module ActionInterceptor
5
5
 
6
6
  it 'modifies ActionView::Base' do
7
7
  expect(ActionView::Base.new.respond_to?(
8
- :url_for, true)).to be_true
8
+ :url_for, true)).to eq(true)
9
9
  expect(ActionView::Base.new.respond_to?(
10
- :with_interceptor, true)).to be_true
10
+ :with_interceptor, true)).to eq(true)
11
11
  expect(ActionView::Base.new.respond_to?(
12
- :without_interceptor, true)).to be_true
12
+ :without_interceptor, true)).to eq(true)
13
13
  end
14
14
 
15
15
  end
@@ -3,7 +3,7 @@ require 'spec_helper'
3
3
  describe ActionInterceptor do
4
4
  it 'must be configurable' do
5
5
  expect(ActionInterceptor.intercepted_url_key).to eq(:dummy_key)
6
- expect(ActionInterceptor.override_url_options).to be_true
6
+ expect(ActionInterceptor.override_url_options).to eq(true)
7
7
  expect(ActionInterceptor.interceptors.keys).to include(:registration)
8
8
 
9
9
  my_block = lambda { 'my_block' }
@@ -15,7 +15,7 @@ describe ActionInterceptor do
15
15
  end
16
16
 
17
17
  expect(ActionInterceptor.intercepted_url_key).to eq(:my_key)
18
- expect(ActionInterceptor.override_url_options).to be_false
18
+ expect(ActionInterceptor.override_url_options).to eq(false)
19
19
  expect(ActionInterceptor.interceptors).to include({:my_name => my_block})
20
20
  end
21
21
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: action_interceptor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dante Soares
@@ -14,42 +14,42 @@ dependencies:
14
14
  name: rails
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ">="
17
+ - - ! '>='
18
18
  - !ruby/object:Gem::Version
19
19
  version: '3.1'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ">="
24
+ - - ! '>='
25
25
  - !ruby/object:Gem::Version
26
26
  version: '3.1'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: sqlite3
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ">="
31
+ - - ! '>='
32
32
  - !ruby/object:Gem::Version
33
33
  version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ">="
38
+ - - ! '>='
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec-rails
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ">="
45
+ - - ! '>='
46
46
  - !ruby/object:Gem::Version
47
47
  version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ">="
52
+ - - ! '>='
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
55
  description: Action Interceptor provides controllers that require users to perform
@@ -125,12 +125,12 @@ require_paths:
125
125
  - lib
126
126
  required_ruby_version: !ruby/object:Gem::Requirement
127
127
  requirements:
128
- - - ">="
128
+ - - ! '>='
129
129
  - !ruby/object:Gem::Version
130
130
  version: '0'
131
131
  required_rubygems_version: !ruby/object:Gem::Requirement
132
132
  requirements:
133
- - - ">="
133
+ - - ! '>='
134
134
  - !ruby/object:Gem::Version
135
135
  version: '0'
136
136
  requirements: []