authlogic 4.4.3 → 4.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -4
- data/README.md +10 -1
- data/lib/authlogic/session/cookies.rb +1 -1
- data/lib/authlogic/version.rb +1 -1
- data/test/session_test/cookies_test.rb +2 -0
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 97762cbf5ee158d5a18ebe77bc96a542241f16b813ddda3ca80d2271dcbd0098
|
|
4
|
+
data.tar.gz: 5a0bbb0e964b0d71f436dbabb729f6da9dddc83d5c3fd5bdd33dc003cc15097f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c4e860a5ca9a8ccd511f99d55a25ba3a17d800eec68e8c074c40a9b5c9f2a717d906c01660878bac030d72c4d058331e6230dfaa7145889202dd1b05a0d39ea8
|
|
7
|
+
data.tar.gz: 88319378fcb41fdec36a2d35bd1b35f34d5459eb2f52d94469cfe47faf7613d4f0a4974d659d40df9812656270c8c916018e5dfb941f0699f11e7a3bf0c5de13
|
data/CHANGELOG.md
CHANGED
|
@@ -5,17 +5,29 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
|
6
6
|
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
-
##
|
|
8
|
+
## 5.0.0
|
|
9
|
+
|
|
10
|
+
See https://github.com/binarylogic/authlogic/blob/5-0-stable/CHANGELOG.md
|
|
11
|
+
|
|
12
|
+
## Unreleased
|
|
9
13
|
|
|
10
14
|
* Breaking Changes
|
|
11
|
-
*
|
|
12
|
-
* Drop support for transitioning from restful_authentication, deprecated in 4.1.0
|
|
13
|
-
* Uses `frozen_string_literal`, so assume all strings returned are frozen
|
|
15
|
+
* None
|
|
14
16
|
* Added
|
|
15
17
|
* None
|
|
16
18
|
* Fixed
|
|
17
19
|
* None
|
|
18
20
|
|
|
21
|
+
## 4.5.0 (2020-03-23)
|
|
22
|
+
|
|
23
|
+
* Breaking Changes
|
|
24
|
+
* None
|
|
25
|
+
* Added
|
|
26
|
+
* [#701](https://github.com/binarylogic/authlogic/pull/701) - Ability to
|
|
27
|
+
specify None as a valid value to SameSite cookie attribute
|
|
28
|
+
* Fixed
|
|
29
|
+
* None
|
|
30
|
+
|
|
19
31
|
## 4.4.3 (2019-03-23)
|
|
20
32
|
|
|
21
33
|
* Breaking Changes
|
data/README.md
CHANGED
|
@@ -15,7 +15,7 @@ A clean, simple, and unobtrusive ruby authentication solution.
|
|
|
15
15
|
| Version | Documentation |
|
|
16
16
|
| ----------- | ------------- |
|
|
17
17
|
| Unreleased | https://github.com/binarylogic/authlogic/blob/master/README.md |
|
|
18
|
-
| 4.
|
|
18
|
+
| 4.5.0 | https://github.com/binarylogic/authlogic/blob/v4.5.0/README.md |
|
|
19
19
|
| 3.7.0 | https://github.com/binarylogic/authlogic/blob/v3.7.0/README.md |
|
|
20
20
|
| 2.1.11 | https://github.com/binarylogic/authlogic/blob/v2.1.11/README.rdoc |
|
|
21
21
|
| 1.4.3 | https://github.com/binarylogic/authlogic/blob/v1.4.3/README.rdoc |
|
|
@@ -382,6 +382,15 @@ class ApplicationController < ActionController::Base
|
|
|
382
382
|
end
|
|
383
383
|
```
|
|
384
384
|
|
|
385
|
+
### 2.e SameSite Cookie Attribute
|
|
386
|
+
The SameSite attribute tells browsers when and how to fire cookies in first- or third-party situations. SameSite is used by a variety of browsers to identify whether or not to allow a cookie to be accessed.
|
|
387
|
+
|
|
388
|
+
Up until recently, the standard default value when SameSite was not explicitly defined was to allow cookies in both first- and third-party contexts. However, starting with Chrome 80+, the SameSite attribute will not default to Lax behavior meaning cookies will only be permitted in first-party contexts.
|
|
389
|
+
|
|
390
|
+
Authlogic can allow you to explicitly set the value of SameSite to one of: Lax, Strict, or None. Note that when setting SameSite to None, the `secure` flag must also be set (secure is the default in Authlogic).
|
|
391
|
+
|
|
392
|
+
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#SameSite
|
|
393
|
+
|
|
385
394
|
## 3. Testing
|
|
386
395
|
|
|
387
396
|
See [Authlogic::TestCase](https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/test_case.rb)
|
|
@@ -3,7 +3,7 @@ module Authlogic
|
|
|
3
3
|
# Handles all authentication that deals with cookies, such as persisting,
|
|
4
4
|
# saving, and destroying.
|
|
5
5
|
module Cookies
|
|
6
|
-
VALID_SAME_SITE_VALUES = [nil, "Lax", "Strict"].freeze
|
|
6
|
+
VALID_SAME_SITE_VALUES = [nil, "Lax", "Strict", "None"].freeze
|
|
7
7
|
|
|
8
8
|
def self.included(klass)
|
|
9
9
|
klass.class_eval do
|
data/lib/authlogic/version.rb
CHANGED
|
@@ -76,6 +76,8 @@ module SessionTest
|
|
|
76
76
|
assert_equal "Strict", session.same_site
|
|
77
77
|
session.same_site = "Lax"
|
|
78
78
|
assert_equal "Lax", session.same_site
|
|
79
|
+
session.same_site = "None"
|
|
80
|
+
assert_equal "None", session.same_site
|
|
79
81
|
|
|
80
82
|
assert_raise(ArgumentError) { UserSession.same_site "foo" }
|
|
81
83
|
assert_raise(ArgumentError) { UserSession.new.same_site "foo" }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authlogic
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Johnson
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2020-03-24 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activerecord
|
|
@@ -326,8 +326,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
326
326
|
- !ruby/object:Gem::Version
|
|
327
327
|
version: '0'
|
|
328
328
|
requirements: []
|
|
329
|
-
|
|
330
|
-
rubygems_version: 2.7.6
|
|
329
|
+
rubygems_version: 3.0.3
|
|
331
330
|
signing_key:
|
|
332
331
|
specification_version: 4
|
|
333
332
|
summary: A clean, simple, and unobtrusive ruby authentication solution.
|