RubyGems - clearance - Versions diffs - 2.6.0 → 2.6.1 - Mend

clearance 2.6.0 → 2.6.1

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd4f8ec16fd316714fb0f5020e634855d109e260bd164f7b68947f3e36f9d7c7
-  data.tar.gz: 5a78cfeca3fc95dee50bba6bd81026f32692de107d6be1d7aca4541837f5d579
+  metadata.gz: 136429332942ad6982566811de66424e672d356bdf19e912c8ee7dbe0ede8765
+  data.tar.gz: 1a8ec9af9ab0ec22be0a35745ee7e7880fbb9b6945cc83db1bf7b5e903d8bbe8
 SHA512:
-  metadata.gz: 6cdabe74719baedad2e9f8c221fd0abdd377856936fee0aa5b1572dd67c6a5b7925f01641116e0213ed2fcbe07cda870582acebd198aa57228fe4c0a2f90af9c
-  data.tar.gz: d0c1c9298dfdc961798bb65170f0b9b43d5eb6a25c956428cfa12ab7375be820e405d72e2c4ad34ed15c487bf7912bb6c17bb311e4a7768f302b6276f85e5920
+  metadata.gz: 24fd97a070795a1343b7e4971f154765ce0c73e57daff27f0af288769dffb4a84900ea96dc935519da6f761274cbeb4b6dc66c5189eba7b504406d95b350dd0d
+  data.tar.gz: f576ab8afb5725e4919cbb259e692c552bf301420ec61234b86f4fca66d3d34d478bb8a88112d79b95350fe29e317eb93d736d9782eea22b43482a809de5bd16

data/CHANGELOG.md CHANGED Viewed

@@ -5,7 +5,14 @@ complete changelog, see the git history for each version via the version links.
 ## [Unreleased]
-[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.0...main
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.1...main
+## [2.6.1] - September 23, 2022
+- Document how to report security issues
+- Only update the `env["QUERY_STRING"]` if the `as` parameter is present in
+  backdoor middleware
+[2.6.1]: https://github.com/thoughtbot/clearance/compare/v2.6.0...v2.6.1
 ## [2.6.0] - June 12, 2022

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.5.0)
+    clearance (2.6.1)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)

data/README.md CHANGED Viewed

@@ -475,6 +475,10 @@ Thank you, [contributors]!
 [CONTRIBUTING.md]: /CONTRIBUTING.md
 [contributors]: https://github.com/thoughtbot/clearance/graphs/contributors
+## Security
+For security issues it's better to contact <security@thoughtbot.com> (See <https://thoughtbot.com/security>)
 ## License
 Clearance is copyright © 2009-2019 thoughtbot. It is free software, and may be

data/lib/clearance/back_door.rb CHANGED Viewed

@@ -50,9 +50,9 @@ module Clearance
     def sign_in_through_the_back_door(env)
       params = Rack::Utils.parse_query(env["QUERY_STRING"])
       user_param = params.delete("as")
-      env["QUERY_STRING"] = Rack::Utils.build_query(params)
       if user_param.present?
+        env["QUERY_STRING"] = Rack::Utils.build_query(params)
         user = find_user(user_param)
         env[:clearance].sign_in(user)
       end

data/lib/clearance/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.6.0".freeze
+  VERSION = "2.6.1".freeze
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.6.0
+  version: 2.6.1
 platform: ruby
 authors:
 - Dan Croak
@@ -26,7 +26,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-12 00:00:00.000000000 Z
+date: 2022-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -314,7 +314,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.