action_interceptor 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,15 @@
 ---
-SHA1:
-  metadata.gz: 164253286739cc3f66b62a86b6b8c8650ebf441b
-  data.tar.gz: 96fc1302173b587524f3ede0cf8bfdeaf5953f5f
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ZTZmOTJjOTJlOTgxNGMzM2MzMmRmMjFiZTdjNTFiOTEyMTRiN2MxZA==
+  data.tar.gz: !binary |-
+    NzY5ZTBlODU5MWMwZWZiM2U4NmFhMjNiNjM4YTQwZmFiNDcxMzJjNw==
 SHA512:
-  metadata.gz: 8d25e02cd76eca730ef751cc702305a67f14b32a5df1e2958fc52e26eaf4a600dca359430f304c9d3fffd2f060b97ab26664d7762ce02c881c24982f2df0e86c
-  data.tar.gz: b1063a7a075619f8e8fdd511cec3b738595b1f7de4421d1d9d1bb87616f1ef7da5f8b2f11500bf6d2a3a4cf727d102e494cbb46f4a7065dbce616f8f0a884ed5
+  metadata.gz: !binary |-
+    MzdjZmFkOTFiNmMyNjA5MmVmNjU5MGVmNjg3ZDY0NzAwZWU1OWNiZWYzODRj
+    ZTQ1OGFlNGQwNDEzNjZmZDI3ZTRhOGJjOGUwMjc3N2YxNmUwMzcwNGViNDMw
+    YTQ0Zjc0ODIwZDgxNDUxNjBlZjliZjQyMmIxODA5NjY5M2I1NzM=
+  data.tar.gz: !binary |-
+    M2NmYmJkNjE0Y2VjMDI1Mjk0MzdmY2VhNjA4Mjg1MWYwODAxNTdiM2M2YTky
+    Yjk4MzQwMmJlYTQ0Njk4MTA2YjA0OGM4NDBhZjEyNGFhNWZmN2VmNzYwN2Ri
+    ZDFmNmE1MWVjYzBhMjFiNGQ4NzZlMTMxYmE4NzRjOGVlYmZmNmU=

data/README.md

@@ -24,13 +24,24 @@ And then execute:
 $ bundle install
 ```
 
-Finally, run the following rake task to add
+Afterwards, run the following rake task to add
 Action Interceptor's initializer to your application:
 
 ```sh
 $ rake action_interceptor:install
 ```
 
+In case Action Interceptor is completely unable to determine which page a user
+came from (should rarely happen if properly configured), it will send the user
+to your application or gem's root_url. So make sure it is defined:
+
+```rb
+root :to => 'some_controller#some_action'
+```
+
+Alternatively, you can always stub root_url in your
+ApplicationController and make it a helper method.
+
 ## Usage
 
 Interceptors are blocks of code that are declared in Action Interceptor's

data/lib/action_interceptor/controller.rb

@@ -41,6 +41,7 @@ module ActionInterceptor
       # Can't redirect back to non-get
       # Also, can't call root_url here, so use '/' instead
       url = Encryptor.encrypt_and_sign(request.get? ? current_url : '/')
+
       @current_url_hash = {key => url}
     end
 
@@ -100,11 +101,16 @@ module ActionInterceptor
             return @intercepted_url if @intercepted_url
 
             key = ActionInterceptor.intercepted_url_key
+            encrypted_url = params[key]
+
             begin
               # URL params are the most reliable, as they preserve
               # state even if the user presses the back button
               # We need to sign them to prevent the Open Redirect vulnerability
-              @intercepted_url = Encryptor.decrypt_and_verify(params[key])
+              @intercepted_url = Encryptor.decrypt_and_verify(encrypted_url)
+
+              # If we got this far, the encrypted url is valid, so reuse it
+              @intercepted_url_hash = {key => encrypted_url}
             rescue ActiveSupport::MessageVerifier::InvalidSignature
               # If the param is not available, use our best guess
               # Session and referer are safe for redirects (for that user)
@@ -118,8 +124,12 @@ module ActionInterceptor
           end
 
           def intercepted_url_hash
+            # Run intercepted_url to verify the params in case the
+            # encrypted url is in there and can be reused
+            unencrypted_url = intercepted_url
             return @intercepted_url_hash if @intercepted_url_hash
-            url = Encryptor.encrypt_and_sign(intercepted_url)
+
+            url = Encryptor.encrypt_and_sign(unencrypted_url)
             key = ActionInterceptor.intercepted_url_key
 
             @intercepted_url_hash = {key => url}

data/lib/action_interceptor/version.rb

@@ -1,4 +1,4 @@
 module ActionInterceptor
-  VERSION = '0.2.1'
+  VERSION = '0.2.2'
 end
 

data/spec/lib/action_interceptor/controller_spec.rb

@@ -7,7 +7,7 @@ module ActionInterceptor
       expect(ActionController::Base).to respond_to(:is_interceptor)
       expect(ActionController::Base).to respond_to(:use_interceptor)
       expect(ActionController::Base).to respond_to(:interceptor_filters)
-      expect(ActionController::Base.is_interceptor).to be_false
+      expect(ActionController::Base.is_interceptor).to eq(false)
       expect(ActionController::Base.interceptor_filters).to be_a(Hash)
 
       expect(ActionController::Base).to respond_to(:interceptor)
@@ -15,30 +15,30 @@ module ActionInterceptor
       expect(ActionController::Base).to respond_to(:acts_as_interceptor)
 
       expect(ActionController::Base.new.respond_to?(
-        :current_page?, true)).to be_true
+        :current_page?, true)).to eq(true)
       expect(ActionController::Base.new.respond_to?(
-        :current_url, true)).to be_true
+        :current_url, true)).to eq(true)
       expect(ActionController::Base.new.respond_to?(
-        :current_url_hash, true)).to be_true
+        :current_url_hash, true)).to eq(true)
       expect(ActionController::Base.new.respond_to?(
-        :url_for, true)).to be_true
+        :url_for, true)).to eq(true)
       expect(ActionController::Base.new.respond_to?(
-        :with_interceptor, true)).to be_true
+        :with_interceptor, true)).to eq(true)
       expect(ActionController::Base.new.respond_to?(
-        :without_interceptor, true)).to be_true
+        :without_interceptor, true)).to eq(true)
     end
 
     it 'modifies classes that act_as_interceptor' do
-      expect(RegistrationsController.is_interceptor).to be_true
+      expect(RegistrationsController.is_interceptor).to eq(true)
 
       expect(RegistrationsController.new.respond_to?(
-        :intercepted_url, true)).to be_true
+        :intercepted_url, true)).to eq(true)
       expect(RegistrationsController.new.respond_to?(
-        :intercepted_url=, true)).to be_true
+        :intercepted_url=, true)).to eq(true)
       expect(RegistrationsController.new.respond_to?(
-        :intercepted_url_hash, true)).to be_true
+        :intercepted_url_hash, true)).to eq(true)
       expect(RegistrationsController.new.respond_to?(
-        :redirect_back, true)).to be_true
+        :redirect_back, true)).to eq(true)
     end
 
     it 'registers and skips before_filters' do

data/spec/lib/action_interceptor/view_spec.rb

@@ -5,11 +5,11 @@ module ActionInterceptor
 
     it 'modifies ActionView::Base' do
       expect(ActionView::Base.new.respond_to?(
-        :url_for, true)).to be_true
+        :url_for, true)).to eq(true)
       expect(ActionView::Base.new.respond_to?(
-        :with_interceptor, true)).to be_true
+        :with_interceptor, true)).to eq(true)
       expect(ActionView::Base.new.respond_to?(
-        :without_interceptor, true)).to be_true
+        :without_interceptor, true)).to eq(true)
     end
 
   end

data/spec/lib/action_interceptor_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 describe ActionInterceptor do
   it 'must be configurable' do
     expect(ActionInterceptor.intercepted_url_key).to eq(:dummy_key)
-    expect(ActionInterceptor.override_url_options).to be_true
+    expect(ActionInterceptor.override_url_options).to eq(true)
     expect(ActionInterceptor.interceptors.keys).to include(:registration)
 
     my_block = lambda { 'my_block' }
@@ -15,7 +15,7 @@ describe ActionInterceptor do
     end
 
     expect(ActionInterceptor.intercepted_url_key).to eq(:my_key)
-    expect(ActionInterceptor.override_url_options).to be_false
+    expect(ActionInterceptor.override_url_options).to eq(false)
     expect(ActionInterceptor.interceptors).to include({:my_name => my_block})
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: action_interceptor
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Dante Soares
@@ -14,42 +14,42 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '3.1'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Action Interceptor provides controllers that require users to perform
@@ -125,12 +125,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []