angular_rails_csrf 3.1.0 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1311f4d0d35684f36871d68eb5e194b470d6a7006f20f9496deea9030cbab954
-  data.tar.gz: 1813645e16974a0677cd420e91d4114c888777442499fc22c6e104711291eabc
+  metadata.gz: 23f8e3de78f91c8563e49d21563888ab0f9c78a42d7cffa09f54c52f24df018f
+  data.tar.gz: 23f75e27ec3de7cea6979085ef82eebd2d07e54eb5e83801cfdb9ce40cbdec46
 SHA512:
-  metadata.gz: ea948d361d2194b2a5f9551a2f3bcf715914e6db19a963d872581b7f0eaeaed073ea90b7954653ce2d3086d29081b7d8912d112f2df216db5e93a23d0ab55f41
-  data.tar.gz: 07c516aa3e342cda1cf3b00bbd268b9745c16377e7ee1beae98d3ee02004c5f5455557f62463acd0c1246948336b3b0957c2c3654ce654d3515d189899c8413d
+  metadata.gz: d8c1eb3dcb33b1df34435106c723639916a3acb0761b21e3551c15af7fecc19bf0a9debb6d36cdcf8d8f23973e65dd790c2b78e471546862341a7ba0e658d234
+  data.tar.gz: 4742c340abc02322ed6cfd5687d77f2461cfbc0b36e3d6c431ac168abad7bb02a893b6a474e019f0b6d6de879cb07564151e0fec53582730eded5798fa88cfd7

data/README.md

@@ -2,7 +2,6 @@
 
 [![Gem Version](https://badge.fury.io/rb/angular_rails_csrf.svg)](https://badge.fury.io/rb/angular_rails_csrf)
 [![Build Status](https://travis-ci.org/jsanders/angular_rails_csrf.png)](https://travis-ci.org/jsanders/angular_rails_csrf)
-[![Dependency Status](https://gemnasium.com/badges/github.com/jsanders/angular_rails_csrf.svg)](https://gemnasium.com/github.com/jsanders/angular_rails_csrf)
 
 The AngularJS [ng.$http](http://docs.angularjs.org/api/ng.$http) service has built-in CSRF protection. By default, it looks for a cookie named `XSRF-TOKEN` and, if found, writes its value into an `X-XSRF-TOKEN` header, which the server compares with the CSRF token saved in the user's session.
 
@@ -25,6 +24,19 @@ And then execute:
 That's it!
 
 ## Configuration
+
+### Cookie Name
+
+The default cookie's name is `XSRF-TOKEN` but it can be configured with the `angular_rails_csrf_cookie_name` setting:
+
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_cookie_name = 'CUSTOM_NAME'
+end
+```
+
 ### Cookie Domain
 
 Starting from version 3, you may set domain for the XSRF cookie:
@@ -67,4 +79,4 @@ $ rake test
 
 ## License 
 
-Licensed under the [MIT License](https://github.com/jsanders/angular_rails_csrf/blob/master/LICENSE).
+Licensed under the [MIT License](https://github.com/jsanders/angular_rails_csrf/blob/master/LICENSE).

data/lib/angular_rails_csrf/concern.rb

@@ -10,7 +10,8 @@ module AngularRailsCsrf
       if protect_against_forgery? && !respond_to?(:__exclude_xsrf_token_cookie?)
         config = Rails.application.config
         domain = config.respond_to?(:angular_rails_csrf_domain) ? config.angular_rails_csrf_domain : nil
-        cookies['XSRF-TOKEN'] = { value: form_authenticity_token, domain: domain }
+        cookie_name = config.respond_to?(:angular_rails_csrf_cookie_name) ? config.angular_rails_csrf_cookie_name : 'XSRF-TOKEN'
+        cookies[cookie_name] = { value: form_authenticity_token, domain: domain }
       end
     end
 

data/lib/angular_rails_csrf/version.rb

@@ -1,3 +1,3 @@
 module AngularRailsCsrf
-  VERSION = '3.1.0'.freeze
+  VERSION = '3.2.0'.freeze
 end

data/test/angular_rails_csrf_test.rb

@@ -39,6 +39,15 @@ class AngularRailsCsrfTest < ActionController::TestCase
     assert_response :success
   end
 
+  test "a custom name is used if present" do
+    use_custom_cookie_name do
+      get :index
+      assert @response.headers['Set-Cookie'].include?('CUSTOM-COOKIE-NAME')
+      assert_valid_cookie('CUSTOM-COOKIE-NAME')
+      assert_response :success
+    end
+  end
+
   private
 
   # Helpers
@@ -47,11 +56,19 @@ class AngularRailsCsrfTest < ActionController::TestCase
     @request.headers['X-XSRF-TOKEN'] = value
   end
 
-  def assert_valid_cookie
+  def assert_valid_cookie(name = 'XSRF-TOKEN')
     if @controller.respond_to?(:valid_authenticity_token?, true)
-      assert @controller.send(:valid_authenticity_token?, session, cookies['XSRF-TOKEN'])
+      assert @controller.send(:valid_authenticity_token?, session, cookies[name])
     else
       assert_equal @controller.send(:form_authenticity_token), cookies['XSRF-TOKEN']
     end
   end
+
+  def use_custom_cookie_name
+    config = Rails.application.config
+    def config.angular_rails_csrf_cookie_name; 'CUSTOM-COOKIE-NAME'; end
+    yield
+  ensure
+    config.instance_eval('undef :angular_rails_csrf_cookie_name')
+  end
 end

data/test/dummy/log/test.log

@@ -405,3 +405,77 @@ AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
 -----------------------------------------------------------------------------
 Processing by ApplicationController#create as HTML
 Completed 200 OK in 0ms
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: angular_rails_csrf
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.2.0
 platform: ruby
 authors:
 - James Sanders
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-10 00:00:00.000000000 Z
+date: 2018-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake