action_interceptor 0.4.2 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e6f93ac6fa7c78a37f96b25bb4ab379ade1a116c
-  data.tar.gz: 623fd90ba2bca94868f9fc225dbd18f08f1650ec
+  metadata.gz: 9917c52164470d451b2fe730c0b95975a006eb59
+  data.tar.gz: 44dde1824b2307cdff19e5b6aea9bb6eed142c9a
 SHA512:
-  metadata.gz: 4f04a024c8f10af888a129440e7c44957927d59620a98374cc92f74838c7da01a17f7ed18aa729018677a8d6dbcd06ff922db0b2981db7746292221258128fa2
-  data.tar.gz: a8a717896e5d9ced3b7df4b3350e0da05932e53553fb6657cd62e058fe9340e03acb84cf423d952e1b7481fa0ddaaf5947bab782c762a94e27b2e7a7d76ca4c6
+  metadata.gz: 12136e90006094d68efee066d82b60656e053b48fbe97860866e10295333d0520040b82e6c413e3397117083b447b5fd58388becf0edd4e90b4c5d890d5d0de2
+  data.tar.gz: a37aa52a41c91ca9627337a414a080707e25c2fd9107ea739e00a2afe47e9ab065a9507ecc761c09e7dd303bec98a9895ad05880d69236ac38ef88d8a839e283

data/README.md

@@ -33,14 +33,7 @@ $ rake action_interceptor:install
 
 In case Action Interceptor is completely unable to determine which page a user
 came from (should rarely happen if properly configured), it will send the user
-to your application or gem's root_url. So make sure it is defined:
-
-```rb
-root :to => 'some_controller#some_action'
-```
-
-Alternatively, you can always stub root_url in your
-ApplicationController and make it a helper method.
+to your application or gem's root (the '/' path).
 
 ## Usage
 

data/config/initializers/action_interceptor.rb

@@ -1,4 +1,7 @@
 ActionInterceptor.configure do
+  # The following options can be set in this initializer
+  # or passed directly to acts_as_interceptor:
+
   # intercepted_url_key(key)
   # Type: Method
   # Arguments: key (Symbol)
@@ -12,12 +15,28 @@ ActionInterceptor.configure do
   # If true, the url_options method will be overriden for any controller that
   # `acts_as_interceptor`. This option causes all links and redirects from any
   # such controller to include a parameter containing the intercepted_url_key
-  # and the intercepted url. Set to false to disable for all controllers.
+  # and the intercepted url.
   # If set to false, you must use the interceptor_url_options method to obtain
   # the hash and pass it to any links or redirects that need to use it.
   # Default: true
   override_url_options true
 
+  # skip_session(bool)
+  # Type: Method
+  # Arguments: bool (Boolean)
+  # If set to false, ActionInterceptor will store and use the intercepted url
+  # in the session object, under the :interceptor key. ActionInterceptor will
+  # attempt to retrieve the intercepted url from the url params, session and
+  # referer, in this order.
+  # If true, ActionInterceptor will ignore the session, so only the url params
+  # and the referer will be checked, in this order.
+  # Useful if you expect to get redirects that do not or cannot properly set
+  # the url params and must rely on the referer instead.
+  # Default: false
+  skip_session false
+
+  # The following options can only be set in this initializer:
+
   # interceptor(interceptor_name, &block)
   # Type: Method
   # Arguments: interceptor name (Symbol or String),

data/lib/action_interceptor.rb

@@ -1,14 +1,17 @@
 require 'action_interceptor/engine'
 
 module ActionInterceptor
-  def self.intercepted_url_key(key = nil)
-    @intercepted_url_key = key.to_s unless key.blank?
-    @intercepted_url_key || 'r'
-  end
 
-  def self.override_url_options(bool = nil)
-    @override_url_options = bool unless bool.nil?
-    @override_url_options.nil? ? true : @override_url_options
+  DEFAULT_CONFIG = {}
+
+  INTERCEPTOR_ATTRIBUTES = [:intercepted_url_key,
+                            :override_url_options,
+                            :skip_session]
+
+  INTERCEPTOR_ATTRIBUTES.each do |attribute|
+    define_singleton_method(attribute) do |value|
+      DEFAULT_CONFIG[attribute] = value
+    end
   end
 
   def self.interceptors
@@ -22,4 +25,5 @@ module ActionInterceptor
   def self.configure(&block)
     instance_exec &block
   end
+
 end

data/lib/action_interceptor/action_controller.rb

@@ -6,25 +6,30 @@ module ActionInterceptor
   module ActionController
 
     def self.included(base)
-      base.class_attribute :is_interceptor, :use_interceptor,
-                           :interceptor_filters
-      base.is_interceptor = false
-      base.use_interceptor = false
+      base.class_attribute :interceptor_config, :interceptor_filters
       base.interceptor_filters = {}
 
-      base.before_filter :delete_intercepted_url
+      base.send :attr_accessor, :interceptor_enabled
 
-      base.helper_method :is_interceptor, :use_interceptor, :use_interceptor=,
-                         :current_page?, :current_url, :current_url_hash, 
+      base.before_filter :interceptor_setup
+
+      base.helper_method :_compute_redirect_to_location,
+                         :interceptor_enabled, :interceptor_enabled=,
+                         :is_interceptor?, :current_page?,
+                         :current_url, :current_url_hash, 
 
       base.extend(ClassMethods)
     end
 
+    protected
+
     def _compute_redirect_to_location(*args, &block)
       url_for(super(*args, &block))
     end
 
-    protected
+    def is_interceptor?
+      !interceptor_config.nil?
+    end
 
     def current_page?(url)
       # Blank is the current page
@@ -38,7 +43,7 @@ module ActionInterceptor
     def current_url_hash
       return @current_url_hash if @current_url_hash
 
-      key = ActionInterceptor.intercepted_url_key
+      key = interceptor_config[:intercepted_url_key]
 
       # Can't redirect back to non-get
       # Also, can't call root_url here, so use '/' instead
@@ -47,8 +52,15 @@ module ActionInterceptor
       @current_url_hash = {key => url}
     end
 
-    def delete_intercepted_url
-      session.delete(ActionInterceptor.intercepted_url_key)
+    def interceptor_setup
+      config = interceptor_config
+      if is_interceptor?
+        self.interceptor_enabled = interceptor_config[:override_url_options]
+        session.delete(:interceptor) if interceptor_config[:skip_session]
+      else
+        self.interceptor_enabled = false
+        session.delete(:interceptor)
+      end
     end
 
     module ClassMethods
@@ -83,18 +95,13 @@ module ActionInterceptor
         skip_before_filter *fnames, options
       end
 
-      def acts_as_interceptor(options = {})
-        self.is_interceptor = true
-        self.use_interceptor = options[:override_url_options].nil? ? \
-                                 ActionInterceptor.override_url_options : \
-                                 options[:override_url_options]
+      def acts_as_interceptor(opts = {})
+        self.interceptor_config = ActionInterceptor::DEFAULT_CONFIG.merge(opts)
 
         class_exec do
 
           attr_writer :intercepted_url
 
-          skip_before_filter :delete_intercepted_url
-
           # Ensure that we always store the intercepted url
           before_filter :intercepted_url
 
@@ -105,8 +112,11 @@ module ActionInterceptor
           def intercepted_url
             return @intercepted_url if @intercepted_url
 
-            key = ActionInterceptor.intercepted_url_key
+            key = interceptor_config[:intercepted_url_key]
             encrypted_url = params[key]
+            session_hash = session[:interceptor] \
+              unless interceptor_config[:skip_session]
+            session_hash ||= {}
 
             begin
               # URL params are the most reliable, as they preserve
@@ -114,17 +124,24 @@ module ActionInterceptor
               # We need to sign them to prevent the Open Redirect vulnerability
               @intercepted_url = Encryptor.decrypt_and_verify(encrypted_url)
 
-              # If we got this far, the encrypted url is valid, so reuse it
+              # If we got this far, the encrypted url is valid
+              # (i.e. we signed it), so reuse it
               @intercepted_url_hash = {key => encrypted_url}
             rescue ActiveSupport::MessageVerifier::InvalidSignature
               # If the param is not available, use our best guess
               # Session and referer are safe for redirects (for that user)
               # Also, can't call root_url here, so use '/' instead
-              @intercepted_url = session[key] || request.referer || '/'
+              @intercepted_url = session_hash[key] || request.referer || '/'
             end
+
+            # Prevent self-redirect
+            @intercepted_url = '/' if current_page?(@intercepted_url)
+
             # Session is a signed plaintext in Rails 3
             # In Rails 4, it is encrypted by default
-            session[key] = @intercepted_url
+            session[:interceptor] = session_hash.merge(
+              key => @intercepted_url) unless interceptor_config[:skip_session]
+
             @intercepted_url
           end
 
@@ -135,21 +152,15 @@ module ActionInterceptor
             return @intercepted_url_hash if @intercepted_url_hash
 
             url = Encryptor.encrypt_and_sign(unencrypted_url)
-            key = ActionInterceptor.intercepted_url_key
+            key = interceptor_config[:intercepted_url_key]
 
             @intercepted_url_hash = {key => url}
           end
 
           def redirect_back(options = {})
-            url = intercepted_url
-
             # Disable the return_to param
             without_interceptor do
-              # Convert '/' back to root_url
-              # Also, prevent self redirects
-              url = root_url if url == '/' || current_page?(url)
-
-              redirect_to url, options
+              redirect_to intercepted_url, options
             end
           end
 

data/lib/action_interceptor/action_mailer.rb

@@ -2,16 +2,16 @@ module ActionInterceptor
   module ActionMailer
 
     def self.included(base)
-      base.helper_method :use_interceptor, :use_interceptor=
+      base.helper_method :interceptor_enabled, :interceptor_enabled=
     end
 
     protected
 
-    def use_interceptor
+    def interceptor_enabled
       false
     end
 
-    def use_interceptor=(arg)
+    def interceptor_enabled=(arg)
       false
     end
 

data/lib/action_interceptor/common.rb

@@ -9,9 +9,9 @@ module ActionInterceptor
 
     def url_for_with_interceptor(options = {})
       url = url_for_without_interceptor(options)
-      return url unless use_interceptor
+      return url unless interceptor_enabled
 
-      @interceptor_url_for_hash ||= is_interceptor ? \
+      @interceptor_url_for_hash ||= is_interceptor? ? \
                                     intercepted_url_hash : \
                                     current_url_hash
 
@@ -26,12 +26,12 @@ module ActionInterceptor
 
     # Executes the given block as if it was inside an interceptor
     def with_interceptor(&block)
-      previous_use_interceptor = use_interceptor
+      previous_interceptor_enabled = interceptor_enabled
 
       begin
         # Send the referer with intercepted requests
         # So we don't rely on the user's browser to do it for us
-        self.use_interceptor = true
+        self.interceptor_enabled = true
 
         # Execute the block as if it was defined in this controller
         instance_exec &block
@@ -40,18 +40,18 @@ module ActionInterceptor
         # and return the given value
         e.exit_value
       ensure
-        self.use_interceptor = previous_use_interceptor
+        self.interceptor_enabled = previous_interceptor_enabled
       end
     end
 
     # Executes the given block as if it was not inside an interceptor
     def without_interceptor(&block)
-      previous_use_interceptor = use_interceptor
+      previous_interceptor_enabled = interceptor_enabled
 
       begin
         # Send the referer with intercepted requests
         # So we don't rely on the user's browser to do it for us
-        self.use_interceptor = false
+        self.interceptor_enabled = false
 
         # Execute the block as if it was defined in this controller
         instance_exec &block
@@ -60,7 +60,7 @@ module ActionInterceptor
         # and return the given value
         e.exit_value
       ensure
-        self.use_interceptor = previous_use_interceptor
+        self.interceptor_enabled = previous_interceptor_enabled
       end
     end
 

data/lib/action_interceptor/version.rb

@@ -1,3 +1,3 @@
 module ActionInterceptor
-  VERSION = '0.4.2'
+  VERSION = '0.5.0'
 end

data/spec/dummy/config/initializers/action_interceptor.rb

@@ -3,6 +3,8 @@ ActionInterceptor.configure do
 
   override_url_options true
 
+  skip_session false
+
   interceptor :registration do
   end
 

data/spec/lib/action_interceptor/action_controller_spec.rb

@@ -4,16 +4,19 @@ module ActionInterceptor
   describe ActionController do
 
     it 'modifies ActionController::Base' do
-      expect(::ActionController::Base).to respond_to(:is_interceptor)
-      expect(::ActionController::Base).to respond_to(:use_interceptor)
       expect(::ActionController::Base).to respond_to(:interceptor_filters)
-      expect(::ActionController::Base.is_interceptor).to eq(false)
       expect(::ActionController::Base.interceptor_filters).to be_a(Hash)
 
       expect(::ActionController::Base).to respond_to(:interceptor)
       expect(::ActionController::Base).to respond_to(:skip_interceptor)
       expect(::ActionController::Base).to respond_to(:acts_as_interceptor)
 
+      expect(::ActionController::Base.new.respond_to?(
+        :is_interceptor?, true)).to eq(true)
+      expect(::ActionController::Base.new.send :is_interceptor?).to eq(false)
+
+      expect(::ActionController::Base.new.respond_to?(
+        :interceptor_enabled, true)).to eq(true)
       expect(::ActionController::Base.new.respond_to?(
         :current_page?, true)).to eq(true)
       expect(::ActionController::Base.new.respond_to?(
@@ -23,7 +26,7 @@ module ActionInterceptor
     end
 
     it 'modifies classes that act_as_interceptor' do
-      expect(RegistrationsController.is_interceptor).to eq(true)
+      expect(RegistrationsController.new.send :is_interceptor?).to eq(true)
 
       expect(RegistrationsController.new.respond_to?(
         :intercepted_url, true)).to eq(true)

data/spec/lib/action_interceptor/action_mailer_spec.rb

@@ -5,11 +5,11 @@ module ActionInterceptor
 
     it 'modifies ActionMailer::Base' do
       mailer = ::ActionMailer::Base.send(:new)
-      expect(mailer.respond_to?(:use_interceptor, true)).to eq(true)
-      expect(mailer.respond_to?(:use_interceptor=, true)).to eq(true)
+      expect(mailer.respond_to?(:interceptor_enabled, true)).to eq(true)
+      expect(mailer.respond_to?(:interceptor_enabled=, true)).to eq(true)
 
-      expect(mailer.send(:use_interceptor)).to eq(false)
-      expect(mailer.send(:use_interceptor=, true)).to eq(false)
+      expect(mailer.send(:interceptor_enabled)).to eq(false)
+      expect(mailer.send(:interceptor_enabled=, true)).to eq(false)
     end
 
   end

data/spec/lib/action_interceptor_spec.rb

@@ -2,8 +2,9 @@ require 'spec_helper'
 
 describe ActionInterceptor do
   it 'must be configurable' do
-    expect(ActionInterceptor.intercepted_url_key).to eq('dummy_key')
-    expect(ActionInterceptor.override_url_options).to eq(true)
+    expect(ActionInterceptor::DEFAULT_CONFIG[:intercepted_url_key]).to eq(:dummy_key)
+    expect(ActionInterceptor::DEFAULT_CONFIG[:override_url_options]).to eq(true)
+    expect(ActionInterceptor::DEFAULT_CONFIG[:skip_session]).to eq(false)
     expect(ActionInterceptor.interceptors.keys).to include(:registration)
 
     my_block = lambda { 'my_block' }
@@ -11,11 +12,13 @@ describe ActionInterceptor do
     ActionInterceptor.configure do
       intercepted_url_key :my_key
       override_url_options false
+      skip_session true
       interceptor :my_name, &my_block
     end
 
-    expect(ActionInterceptor.intercepted_url_key).to eq('my_key')
-    expect(ActionInterceptor.override_url_options).to eq(false)
+    expect(ActionInterceptor::DEFAULT_CONFIG[:intercepted_url_key]).to eq(:my_key)
+    expect(ActionInterceptor::DEFAULT_CONFIG[:override_url_options]).to eq(false)
+    expect(ActionInterceptor::DEFAULT_CONFIG[:skip_session]).to eq(true)
     expect(ActionInterceptor.interceptors).to include({:my_name => my_block})
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_interceptor
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.0
 platform: ruby
 authors:
 - Dante Soares
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-23 00:00:00.000000000 Z
+date: 2014-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails