RubyGems - angular_rails_csrf - Versions diffs - 4.5.0 → 6.0.0 - Mend

angular_rails_csrf 4.5.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +4 -4
data/README.md +9 -5
data/lib/angular_rails_csrf/concern.rb +22 -13
data/lib/angular_rails_csrf/version.rb +1 -1
metadata +13 -138
data/test/angular_rails_csrf_exception_test.rb +0 -18
data/test/angular_rails_csrf_skip_test.rb +0 -14
data/test/angular_rails_csrf_test.rb +0 -152
data/test/dummy/app/assets/config/manifest.js +0 -4
data/test/dummy/app/controllers/api_controller.rb +0 -7
data/test/dummy/app/controllers/application_controller.rb +0 -13
data/test/dummy/app/controllers/exclusions_controller.rb +0 -9
data/test/dummy/config/application.rb +0 -16
data/test/dummy/config/boot.rb +0 -6
data/test/dummy/config/environment.rb +0 -7
data/test/dummy/config/routes.rb +0 -10
data/test/dummy/config.ru +0 -6
data/test/dummy/log/test.log +0 -2224
data/test/test_helper.rb +0 -18

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fbbe5d4e901a8407bab7ff813f821b21461330470f2e6002d4e3d1a818eea858
-  data.tar.gz: 0e69f2eefcb28ae04e1b3de4ba04d00e6e3977235b725fa26d83d46ce33bcd3f
+  metadata.gz: fd1f93c61de73220bcc0827bc1b460b0fd4440f5ec8597b01687aa2e0d50800e
+  data.tar.gz: 0a0133f2183e46d61798a0501ce8ebff0c43310210c8fdd245b8436289e10756
 SHA512:
-  metadata.gz: 8ab71939bec130bfc22e79dabff8e904591990c178b03de610cb5592aa41bb6aeab73cf34340efe77592179c94b1b455029ee50f94955eca2f2bb28955f4f3f1
-  data.tar.gz: 0571fe4d59a0ed421942c37f357d34b3fd05f2fa8f5a98801d327d9054bf8cb5123f4b2c833053a34e82d96d103e53300d29c3303628c1c6d2a2d63bd43c07b7
+  metadata.gz: fff212dd32057d2b57b26331d859354c4e969593e8e03901d8d002ac112b11694a04d47bd8432d4bd7e90ad52d1a3b14ec150e26d297f714891fab72c42a9b6a
+  data.tar.gz: d126f472156857b4b7460514de8fffe786ee697caee3835059bf8794cfbc5344e1c8c7473312fdb53bed369cf1622950f3b08f3c6acd7d70da009483d8e9e37e

data/README.md CHANGED Viewed

@@ -1,8 +1,8 @@
 ## AngularJS-style CSRF Protection for Rails
-[![Gem Version](https://badge.fury.io/rb/angular_rails_csrf.svg)](https://badge.fury.io/rb/angular_rails_csrf)
-[![Build Status](https://travis-ci.org/jsanders/angular_rails_csrf.svg)](https://travis-ci.org/jsanders/angular_rails_csrf)
-[![Test Coverage](https://codecov.io/gh/jsanders/angular_rails_csrf/graph/badge.svg)](https://codecov.io/gh/jsanders/angular_rails_csrf)
+![Gem](https://img.shields.io/gem/v/angular_rails_csrf)
+![CI](https://github.com/jsanders/angular_rails_csrf/actions/workflows/ci.yml/badge.svg)
+![Downloads total](https://img.shields.io/gem/dt/angular_rails_csrf)
 The AngularJS [ng.$http](http://docs.angularjs.org/api/ng.$http) service has built-in CSRF protection. By default, it looks for a cookie named `XSRF-TOKEN` and, if found, writes its value into an `X-XSRF-TOKEN` header, which the server compares with the CSRF token saved in the user's session.
@@ -16,11 +16,15 @@ Check [version compatibility](https://github.com/jsanders/angular_rails_csrf/wik
 Add this line to your application's *Gemfile*:
-    gem 'angular_rails_csrf'
+```ruby
+gem 'angular_rails_csrf'
+```
 And then execute:
-    $ bundle
+```console
+$ bundle
+```
 That's it!

data/lib/angular_rails_csrf/concern.rb CHANGED Viewed

@@ -9,25 +9,15 @@ module AngularRailsCsrf
     end
     def set_xsrf_token_cookie
-      return unless defined?(protect_against_forgery?) && protect_against_forgery? && !respond_to?(:__exclude_xsrf_token_cookie?)
+      return unless forgery_protection_enabled?
       config = Rails.application.config
-      secure = option_from config, :angular_rails_csrf_secure
-      same_site = option_from config, :angular_rails_csrf_same_site, :lax
-      cookie_options = {
-        value: form_authenticity_token,
-        domain: option_from(config, :angular_rails_csrf_domain),
-        same_site: same_site,
-        httponly: option_from(config, :angular_rails_csrf_httponly, false),
-        secure: same_site.eql?(:none) || secure
-      }
       cookie_name = option_from(config,
                                 :angular_rails_csrf_cookie_name,
                                 'XSRF-TOKEN')
-      cookies[cookie_name] = cookie_options
+      cookies[cookie_name] = cookie_options_from(config)
     end
     def verified_request?
@@ -36,12 +26,31 @@ module AngularRailsCsrf
     private
+    def cookie_options_from(config)
+      secure = option_from config, :angular_rails_csrf_secure
+      same_site = option_from config, :angular_rails_csrf_same_site, :lax
+      {
+        value: form_authenticity_token,
+        domain: option_from(config, :angular_rails_csrf_domain),
+        same_site: same_site,
+        httponly: option_from(config, :angular_rails_csrf_httponly, false),
+        secure: same_site.eql?(:none) || secure
+      }
+    end
     # Fetches the given option from config
     # If the option is not set, return a default value
     def option_from(config, option, default = nil)
       config.respond_to?(option) ? config.send(option) : default
     end
+    def forgery_protection_enabled?
+      defined?(protect_against_forgery?) &&
+        protect_against_forgery? &&
+        !respond_to?(:__exclude_xsrf_token_cookie?)
+    end
     module ClassMethods
       def exclude_xsrf_token_cookie
         class_eval do

data/lib/angular_rails_csrf/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module AngularRailsCsrf
-  VERSION = '4.5.0'
+  VERSION = '6.0.0'
 end

metadata CHANGED Viewed

@@ -1,58 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: angular_rails_csrf
 version: !ruby/object:Gem::Version
-  version: 4.5.0
+  version: 6.0.0
 platform: ruby
 authors:
 - James Sanders
-- Ilya Bodrov
-autorequire:
+- Ilya Krukowski
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-21 00:00:00.000000000 Z
+date: 2023-11-14 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-- !ruby/object:Gem::Dependency
-  name: test-unit
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.2'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.2'
-- !ruby/object:Gem::Dependency
-  name: rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 6.0.3.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 6.0.3.3
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -62,7 +20,7 @@ dependencies:
         version: '3'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -72,63 +30,7 @@ dependencies:
         version: '3'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
-- !ruby/object:Gem::Dependency
-  name: codecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.1'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.1'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.60'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.60'
-- !ruby/object:Gem::Dependency
-  name: rubocop-performance
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.16'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '8'
 description: AngularJS style CSRF protection for Rails
 email:
 - sanderjd@gmail.com
@@ -143,25 +45,12 @@ files:
 - lib/angular_rails_csrf/concern.rb
 - lib/angular_rails_csrf/railtie.rb
 - lib/angular_rails_csrf/version.rb
-- test/angular_rails_csrf_exception_test.rb
-- test/angular_rails_csrf_skip_test.rb
-- test/angular_rails_csrf_test.rb
-- test/dummy/app/assets/config/manifest.js
-- test/dummy/app/controllers/api_controller.rb
-- test/dummy/app/controllers/application_controller.rb
-- test/dummy/app/controllers/exclusions_controller.rb
-- test/dummy/config.ru
-- test/dummy/config/application.rb
-- test/dummy/config/boot.rb
-- test/dummy/config/environment.rb
-- test/dummy/config/routes.rb
-- test/dummy/log/test.log
-- test/test_helper.rb
 homepage: https://github.com/jsanders/angular_rails_csrf
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -169,29 +58,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: '3.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.4.21
+signing_key:
 specification_version: 4
 summary: Support for AngularJS $http service style CSRF protection in Rails
-test_files:
-- test/angular_rails_csrf_exception_test.rb
-- test/angular_rails_csrf_skip_test.rb
-- test/angular_rails_csrf_test.rb
-- test/dummy/app/assets/config/manifest.js
-- test/dummy/app/controllers/api_controller.rb
-- test/dummy/app/controllers/application_controller.rb
-- test/dummy/app/controllers/exclusions_controller.rb
-- test/dummy/config/application.rb
-- test/dummy/config/boot.rb
-- test/dummy/config/environment.rb
-- test/dummy/config/routes.rb
-- test/dummy/config.ru
-- test/dummy/log/test.log
-- test/test_helper.rb
+test_files: []

data/test/angular_rails_csrf_exception_test.rb DELETED Viewed

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-require 'test_helper'
-class AngularRailsCsrfExceptionTest < ActionController::TestCase
-  tests ExclusionsController
-  setup do
-    @controller.allow_forgery_protection = true
-    @correct_token = @controller.send(:form_authenticity_token)
-  end
-  test 'a get does not set the XSRF-TOKEN cookie' do
-    get :index
-    assert_not_equal @correct_token, cookies['XSRF-TOKEN']
-    assert_response :success
-  end
-end

data/test/angular_rails_csrf_skip_test.rb DELETED Viewed

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-require 'test_helper'
-class AngularRailsCsrfSkipTest < ActionController::TestCase
-  tests ApiController
-  test 'csrf-cookie is not set and no error if protect_against_forgery? is not defined' do
-    refute @controller.respond_to?(:protect_against_forgery?)
-    get :index
-    assert_nil cookies['XSRF-TOKEN']
-    assert_response :success
-  end
-end

data/test/angular_rails_csrf_test.rb DELETED Viewed

@@ -1,152 +0,0 @@
-# frozen_string_literal: true
-require 'test_helper'
-class AngularRailsCsrfTest < ActionController::TestCase
-  tests ApplicationController
-  test 'a get sets the XSRF-TOKEN cookie but does not require the X-XSRF-TOKEN header' do
-    get :index
-    assert_valid_cookie
-    assert_response :success
-  end
-  test 'a post raises an error without the X-XSRF-TOKEN header set' do
-    assert_raises ActionController::InvalidAuthenticityToken do
-      post :create
-    end
-  end
-  test 'a post raises an error with the X-XSRF-TOKEN header set to the wrong value' do
-    header_to 'garbage'
-    assert_raises ActionController::InvalidAuthenticityToken do
-      post :create
-    end
-  end
-  test 'a post is accepted if X-XSRF-TOKEN is set properly' do
-    header_to @controller.send(:form_authenticity_token)
-    post :create
-    assert_valid_cookie
-    assert_response :success
-  end
-  test 'csrf-cookie is not set if exclusion is enabled' do
-    refute @controller.respond_to?(:__exclude_xsrf_token_cookie?)
-    @controller.class_eval { exclude_xsrf_token_cookie }
-    get :index
-    assert_valid_cookie present: false
-    assert @controller.__exclude_xsrf_token_cookie?
-    assert_response :success
-  end
-  test 'the domain is used if present' do
-    config = Rails.application.config
-    def config.angular_rails_csrf_domain
-      :all
-    end
-    get :index
-    assert @response.headers['Set-Cookie'].include?('.test.host')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_domain', __FILE__, __LINE__)
-  end
-  test 'the secure flag is set if configured' do
-    @request.headers['HTTPS'] = 'on'
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_secure) { true }
-    get :index
-    assert @response.headers['Set-Cookie'].include?('secure')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    @request.headers['HTTPS'] = nil
-    config.instance_eval('undef :angular_rails_csrf_secure', __FILE__, __LINE__)
-  end
-  test 'a custom name is used if present' do
-    use_custom_cookie_name do
-      get :index
-      assert @response.headers['Set-Cookie'].include?('CUSTOM-COOKIE-NAME')
-      assert_valid_cookie name: 'CUSTOM-COOKIE-NAME'
-      assert_response :success
-    end
-  end
-  test 'the httponly flag is set if configured' do
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_httponly) { true }
-    get :index
-    assert @response.headers['Set-Cookie'].include?('HttpOnly')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_httponly', __FILE__, __LINE__)
-  end
-  test 'same_site is set to Lax by default' do
-    get :index
-    assert @response.headers['Set-Cookie'].include?('SameSite=Lax')
-    assert_valid_cookie
-    assert_response :success
-  end
-  test 'same_site can be configured' do
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_same_site) { :strict }
-    get :index
-    assert @response.headers['Set-Cookie'].include?('SameSite=Strict')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
-  end
-  test 'secure is set automatically when same_site is set to none' do
-    @request.headers['HTTPS'] = 'on'
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_same_site) { :none }
-    get :index
-    assert @response.headers['Set-Cookie'].include?('SameSite=None')
-    assert @response.headers['Set-Cookie'].include?('secure')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
-  end
-  private
-  # Helpers
-  def header_to(value)
-    @request.headers['X-XSRF-TOKEN'] = value
-  end
-  def assert_valid_cookie(name: 'XSRF-TOKEN', present: true)
-    cookie_valid = @controller.send(:valid_authenticity_token?, session, cookies[name])
-    cookie_valid = !cookie_valid unless present
-    assert cookie_valid
-  end
-  def use_custom_cookie_name
-    config = Rails.application.config
-    def config.angular_rails_csrf_cookie_name
-      'CUSTOM-COOKIE-NAME'
-    end
-    yield
-  ensure
-    eval <<-RUBY, binding, __FILE__, __LINE__ + 1
-      config.instance_eval('undef :angular_rails_csrf_cookie_name')
-    RUBY
-  end
-end

data/test/dummy/app/assets/config/manifest.js DELETED Viewed

@@ -1,4 +0,0 @@
-//= link_tree ../images
-//= link_tree ../fonts
-//= link_directory ../javascripts .js
-//= link_directory ../stylesheets .css

data/test/dummy/app/controllers/api_controller.rb DELETED Viewed

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-class ApiController < ActionController::API
-  def index
-    head :ok
-  end
-end

data/test/dummy/app/controllers/application_controller.rb DELETED Viewed

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-class ApplicationController < ActionController::Base
-  protect_from_forgery with: :exception
-  def index
-    head :ok
-  end
-  def create
-    head :ok
-  end
-end

data/test/dummy/app/controllers/exclusions_controller.rb DELETED Viewed

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-class ExclusionsController < ApplicationController
-  exclude_xsrf_token_cookie
-  def index
-    head :ok
-  end
-end

data/test/dummy/config/application.rb DELETED Viewed

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-require File.expand_path('boot', __dir__)
-require 'action_controller/railtie'
-Bundler.require(:default, Rails.env)
-require 'angular_rails_csrf'
-module Dummy
-  class Application < Rails::Application
-    config.secret_key_base = '5e6b6d2bd7bf26d02679ac958b520adf41b211eb0b8f33742abc5437711d0ad314baf13efc0d35d7568d2e469668a7021cf5e945c667bd16507777aedb770f83'
-    config.eager_load = false # You get yelled at if you don't set this
-    config.active_support.test_order = :random
-  end
-end

data/test/dummy/config/boot.rb DELETED Viewed

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
-require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])

data/test/dummy/config/environment.rb DELETED Viewed

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-# Load the Rails application.
-require File.expand_path('application', __dir__)
-# Initialize the Rails application.
-Dummy::Application.initialize!

data/test/dummy/config/routes.rb DELETED Viewed

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-Dummy::Application.routes.draw do
-  get  'test' => 'application#index'
-  post 'test' => 'application#create'
-  get 'exclusions' => 'exclusions#index'
-  get 'index' => 'api#index'
-end

data/test/dummy/config.ru DELETED Viewed

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-# This file is used by Rack-based servers to start the application.
-require ::File.expand_path('config/environment', __dir__)
-run Rails.application