authlogic 4.4.3 → 4.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -4
- data/README.md +10 -1
- data/lib/authlogic/session/cookies.rb +1 -1
- data/lib/authlogic/version.rb +1 -1
- data/test/session_test/cookies_test.rb +2 -0
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 97762cbf5ee158d5a18ebe77bc96a542241f16b813ddda3ca80d2271dcbd0098
|
|
4
|
+
data.tar.gz: 5a0bbb0e964b0d71f436dbabb729f6da9dddc83d5c3fd5bdd33dc003cc15097f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c4e860a5ca9a8ccd511f99d55a25ba3a17d800eec68e8c074c40a9b5c9f2a717d906c01660878bac030d72c4d058331e6230dfaa7145889202dd1b05a0d39ea8
|
|
7
|
+
data.tar.gz: 88319378fcb41fdec36a2d35bd1b35f34d5459eb2f52d94469cfe47faf7613d4f0a4974d659d40df9812656270c8c916018e5dfb941f0699f11e7a3bf0c5de13
|
data/CHANGELOG.md
CHANGED
|
@@ -5,17 +5,29 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
|
6
6
|
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
-
##
|
|
8
|
+
## 5.0.0
|
|
9
|
+
|
|
10
|
+
See https://github.com/binarylogic/authlogic/blob/5-0-stable/CHANGELOG.md
|
|
11
|
+
|
|
12
|
+
## Unreleased
|
|
9
13
|
|
|
10
14
|
* Breaking Changes
|
|
11
|
-
*
|
|
12
|
-
* Drop support for transitioning from restful_authentication, deprecated in 4.1.0
|
|
13
|
-
* Uses `frozen_string_literal`, so assume all strings returned are frozen
|
|
15
|
+
* None
|
|
14
16
|
* Added
|
|
15
17
|
* None
|
|
16
18
|
* Fixed
|
|
17
19
|
* None
|
|
18
20
|
|
|
21
|
+
## 4.5.0 (2020-03-23)
|
|
22
|
+
|
|
23
|
+
* Breaking Changes
|
|
24
|
+
* None
|
|
25
|
+
* Added
|
|
26
|
+
* [#701](https://github.com/binarylogic/authlogic/pull/701) - Ability to
|
|
27
|
+
specify None as a valid value to SameSite cookie attribute
|
|
28
|
+
* Fixed
|
|
29
|
+
* None
|
|
30
|
+
|
|
19
31
|
## 4.4.3 (2019-03-23)
|
|
20
32
|
|
|
21
33
|
* Breaking Changes
|
data/README.md
CHANGED
|
@@ -15,7 +15,7 @@ A clean, simple, and unobtrusive ruby authentication solution.
|
|
|
15
15
|
| Version | Documentation |
|
|
16
16
|
| ----------- | ------------- |
|
|
17
17
|
| Unreleased | https://github.com/binarylogic/authlogic/blob/master/README.md |
|
|
18
|
-
| 4.
|
|
18
|
+
| 4.5.0 | https://github.com/binarylogic/authlogic/blob/v4.5.0/README.md |
|
|
19
19
|
| 3.7.0 | https://github.com/binarylogic/authlogic/blob/v3.7.0/README.md |
|
|
20
20
|
| 2.1.11 | https://github.com/binarylogic/authlogic/blob/v2.1.11/README.rdoc |
|
|
21
21
|
| 1.4.3 | https://github.com/binarylogic/authlogic/blob/v1.4.3/README.rdoc |
|
|
@@ -382,6 +382,15 @@ class ApplicationController < ActionController::Base
|
|
|
382
382
|
end
|
|
383
383
|
```
|
|
384
384
|
|
|
385
|
+
### 2.e SameSite Cookie Attribute
|
|
386
|
+
The SameSite attribute tells browsers when and how to fire cookies in first- or third-party situations. SameSite is used by a variety of browsers to identify whether or not to allow a cookie to be accessed.
|
|
387
|
+
|
|
388
|
+
Up until recently, the standard default value when SameSite was not explicitly defined was to allow cookies in both first- and third-party contexts. However, starting with Chrome 80+, the SameSite attribute will not default to Lax behavior meaning cookies will only be permitted in first-party contexts.
|
|
389
|
+
|
|
390
|
+
Authlogic can allow you to explicitly set the value of SameSite to one of: Lax, Strict, or None. Note that when setting SameSite to None, the `secure` flag must also be set (secure is the default in Authlogic).
|
|
391
|
+
|
|
392
|
+
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#SameSite
|
|
393
|
+
|
|
385
394
|
## 3. Testing
|
|
386
395
|
|
|
387
396
|
See [Authlogic::TestCase](https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/test_case.rb)
|
|
@@ -3,7 +3,7 @@ module Authlogic
|
|
|
3
3
|
# Handles all authentication that deals with cookies, such as persisting,
|
|
4
4
|
# saving, and destroying.
|
|
5
5
|
module Cookies
|
|
6
|
-
VALID_SAME_SITE_VALUES = [nil, "Lax", "Strict"].freeze
|
|
6
|
+
VALID_SAME_SITE_VALUES = [nil, "Lax", "Strict", "None"].freeze
|
|
7
7
|
|
|
8
8
|
def self.included(klass)
|
|
9
9
|
klass.class_eval do
|
data/lib/authlogic/version.rb
CHANGED
|
@@ -76,6 +76,8 @@ module SessionTest
|
|
|
76
76
|
assert_equal "Strict", session.same_site
|
|
77
77
|
session.same_site = "Lax"
|
|
78
78
|
assert_equal "Lax", session.same_site
|
|
79
|
+
session.same_site = "None"
|
|
80
|
+
assert_equal "None", session.same_site
|
|
79
81
|
|
|
80
82
|
assert_raise(ArgumentError) { UserSession.same_site "foo" }
|
|
81
83
|
assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authlogic
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Johnson
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2020-03-24 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activerecord
|
|
@@ -326,8 +326,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
326
326
|
- !ruby/object:Gem::Version
|
|
327
327
|
version: '0'
|
|
328
328
|
requirements: []
|
|
329
|
-
|
|
330
|
-
rubygems_version: 2.7.6
|
|
329
|
+
rubygems_version: 3.0.3
|
|
331
330
|
signing_key:
|
|
332
331
|
specification_version: 4
|
|
333
332
|
summary: A clean, simple, and unobtrusive ruby authentication solution.
|