ahoy_email 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +2 -0
- data/ahoy_email.gemspec +1 -1
- data/app/controllers/ahoy/messages_controller.rb +14 -2
- data/lib/ahoy_email/processor.rb +1 -1
- data/lib/ahoy_email/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d979a2e35ab4b2d194f8e94b2ade4baf162ce2bf
|
4
|
+
data.tar.gz: 1345860269b934c01a1eba0eb309f15421db2450
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1a44602d1e85ac40b63b571f4b73b2b5630bb0cee93001f5fdef8c5e4bd5139d9882a102a0c774f799b33b7d2798d89fb684c8fb78dd5e90225b27c7c5994b8d
|
7
|
+
data.tar.gz: 73b8a764a5e953f977f9af13e04be7cdea32eecc5c952806615d1ce95ebc7c2f6583a822f598670b448261c46c4b424edba7249a564804862d897ac7f95212dc
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -10,6 +10,8 @@ You get:
|
|
10
10
|
|
11
11
|
Works with any email service.
|
12
12
|
|
13
|
+
:fire: To track visits and events, check out [Ahoy](https://github.com/ankane/ahoy) and [Ahoy Events](https://github.com/ankane/ahoy_events).
|
14
|
+
|
13
15
|
## Installation
|
14
16
|
|
15
17
|
Add this line to your application’s Gemfile:
|
data/ahoy_email.gemspec
CHANGED
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
|
-
spec.add_dependency "
|
21
|
+
spec.add_dependency "rails"
|
22
22
|
spec.add_dependency "addressable"
|
23
23
|
spec.add_dependency "nokogiri"
|
24
24
|
|
@@ -16,8 +16,8 @@ module Ahoy
|
|
16
16
|
@message.save!
|
17
17
|
end
|
18
18
|
url = params[:url]
|
19
|
-
signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest
|
20
|
-
if params[:signature]
|
19
|
+
signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha1"), AhoyEmail.secret_token, url)
|
20
|
+
if secure_compare(params[:signature], signature)
|
21
21
|
redirect_to url
|
22
22
|
else
|
23
23
|
redirect_to main_app.root_url
|
@@ -30,5 +30,17 @@ module Ahoy
|
|
30
30
|
@message = AhoyEmail.message_model.where(token: params[:id]).first
|
31
31
|
end
|
32
32
|
|
33
|
+
# from https://github.com/rails/rails/blob/master/activesupport/lib/active_support/message_verifier.rb
|
34
|
+
# constant-time comparison algorithm to prevent timing attacks
|
35
|
+
def secure_compare(a, b)
|
36
|
+
return false unless a.bytesize == b.bytesize
|
37
|
+
|
38
|
+
l = a.unpack "C#{a.bytesize}"
|
39
|
+
|
40
|
+
res = 0
|
41
|
+
b.each_byte { |byte| res |= byte ^ l.shift }
|
42
|
+
res == 0
|
43
|
+
end
|
44
|
+
|
33
45
|
end
|
34
46
|
end
|
data/lib/ahoy_email/processor.rb
CHANGED
@@ -89,7 +89,7 @@ module AhoyEmail
|
|
89
89
|
end
|
90
90
|
|
91
91
|
if options[:click] and !skip_attribute?(link, "click")
|
92
|
-
signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest
|
92
|
+
signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha1"), AhoyEmail.secret_token, link["href"])
|
93
93
|
url =
|
94
94
|
AhoyEmail::Engine.routes.url_helpers.url_for(
|
95
95
|
Rails.application.config.action_mailer.default_url_options.merge(
|
data/lib/ahoy_email/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ahoy_email
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Kane
|
@@ -11,7 +11,7 @@ cert_chain: []
|
|
11
11
|
date: 2014-04-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: rails
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
17
|
- - ">="
|