action_interceptor 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5219caf7c3ae392a580e0a606da9ac737d2e5173
|
4
|
+
data.tar.gz: 5230304186f4371bdcff05095608eaa64477b286
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 55685689e660070c230e0e4026ff4d8221f4199f7793cf60b5501ec59dc112b765834a23c005ca8269f38f5408f94540b1483b3777be626ce3c6f62203483728
|
7
|
+
data.tar.gz: 5fa8ada75dc889139dfd9a065423dcb3c58614a78c3a9a53aac17ec5c9a03a0abccff0ff45a9a82cc38476f201b9b62ba1962b468cb0ca26693d10b3c2537289
|
@@ -92,6 +92,8 @@ module ActionInterceptor
|
|
92
92
|
|
93
93
|
helper_method :intercepted_url
|
94
94
|
|
95
|
+
alias_method :url_options_without_interceptor, :url_options
|
96
|
+
|
95
97
|
def url_options
|
96
98
|
return @interceptor_url_options if @interceptor_url_options
|
97
99
|
|
@@ -100,6 +102,13 @@ module ActionInterceptor
|
|
100
102
|
@interceptor_url_options = {key => url}.merge(super)
|
101
103
|
end
|
102
104
|
|
105
|
+
def without_interceptor_url_options(&block)
|
106
|
+
url_options_with_interceptor = url_options
|
107
|
+
@interceptor_url_options = url_options_without_interceptor
|
108
|
+
yield block
|
109
|
+
@interceptor_url_options = url_options_with_interceptor
|
110
|
+
end
|
111
|
+
|
103
112
|
def intercepted_url
|
104
113
|
return @intercepted_url if @intercepted_url
|
105
114
|
|
@@ -110,7 +119,7 @@ module ActionInterceptor
|
|
110
119
|
# Prevent Open Redirect vulnerability
|
111
120
|
@intercepted_url = Encryptor.decrypt_and_verify(params[key])
|
112
121
|
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
113
|
-
# If the param is not available,
|
122
|
+
# If the param is not available, use our best guess
|
114
123
|
# Session and referer are safe for redirects (for that user)
|
115
124
|
# Also, can't call root_url here, so use '/' instead
|
116
125
|
@intercepted_url = session[key] || request.referer || '/'
|
@@ -1,5 +1,5 @@
|
|
1
1
|
namespace :action_interceptor do
|
2
|
-
desc
|
2
|
+
desc 'Copy initializers from action_interceptor to application'
|
3
3
|
task :install do
|
4
4
|
Dir.glob(File.expand_path('../../../config/initializers/*.rb', __FILE__)) do |file|
|
5
5
|
if File.exists?(File.expand_path(File.basename(file), 'config/initializers'))
|
data/spec/spec_helper.rb
CHANGED
@@ -7,7 +7,7 @@ require 'rspec/autorun'
|
|
7
7
|
Rails.backtrace_cleaner.remove_silencers!
|
8
8
|
|
9
9
|
# Load support files
|
10
|
-
Dir[
|
10
|
+
Dir[File.expand_path('../support/**/*.rb', __FILE__)].each { |f| require f }
|
11
11
|
|
12
12
|
RSpec.configure do |config|
|
13
13
|
config.mock_with :rspec
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: action_interceptor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dante Soares
|
@@ -142,7 +142,7 @@ rubyforge_project:
|
|
142
142
|
rubygems_version: 2.2.2
|
143
143
|
signing_key:
|
144
144
|
specification_version: 4
|
145
|
-
summary: Handles redirection to and from
|
145
|
+
summary: Handles redirection to and from `interceptor` controllers.
|
146
146
|
test_files:
|
147
147
|
- spec/dummy/app/assets/javascripts/application.js
|
148
148
|
- spec/dummy/app/assets/stylesheets/application.css
|