clearance 0.10.4 → 0.10.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- data/CHANGELOG.md +5 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +26 -26
- data/VERSION +1 -1
- data/lib/clearance/authentication.rb +7 -0
- data/lib/generators/clearance/install/templates/README +1 -0
- data/spec/controllers/forgeries_controller_spec.rb +49 -0
- metadata +4 -3
data/CHANGELOG.md
CHANGED
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -2,12 +2,12 @@ GEM
|
|
2
2
|
remote: http://rubygems.org/
|
3
3
|
specs:
|
4
4
|
abstract (1.0.0)
|
5
|
-
actionmailer (3.0.
|
6
|
-
actionpack (= 3.0.
|
5
|
+
actionmailer (3.0.6)
|
6
|
+
actionpack (= 3.0.6)
|
7
7
|
mail (~> 2.2.9)
|
8
|
-
actionpack (3.0.
|
9
|
-
activemodel (= 3.0.
|
10
|
-
activesupport (= 3.0.
|
8
|
+
actionpack (3.0.6)
|
9
|
+
activemodel (= 3.0.6)
|
10
|
+
activesupport (= 3.0.6)
|
11
11
|
builder (~> 2.1.2)
|
12
12
|
erubis (~> 2.6.6)
|
13
13
|
i18n (~> 0.4)
|
@@ -15,19 +15,19 @@ GEM
|
|
15
15
|
rack-mount (~> 0.6.13)
|
16
16
|
rack-test (~> 0.5.6)
|
17
17
|
tzinfo (~> 0.3.23)
|
18
|
-
activemodel (3.0.
|
19
|
-
activesupport (= 3.0.
|
18
|
+
activemodel (3.0.6)
|
19
|
+
activesupport (= 3.0.6)
|
20
20
|
builder (~> 2.1.2)
|
21
21
|
i18n (~> 0.4)
|
22
|
-
activerecord (3.0.
|
23
|
-
activemodel (= 3.0.
|
24
|
-
activesupport (= 3.0.
|
22
|
+
activerecord (3.0.6)
|
23
|
+
activemodel (= 3.0.6)
|
24
|
+
activesupport (= 3.0.6)
|
25
25
|
arel (~> 2.0.2)
|
26
26
|
tzinfo (~> 0.3.23)
|
27
|
-
activeresource (3.0.
|
28
|
-
activemodel (= 3.0.
|
29
|
-
activesupport (= 3.0.
|
30
|
-
activesupport (3.0.
|
27
|
+
activeresource (3.0.6)
|
28
|
+
activemodel (= 3.0.6)
|
29
|
+
activesupport (= 3.0.6)
|
30
|
+
activesupport (3.0.6)
|
31
31
|
arel (2.0.6)
|
32
32
|
aruba (0.2.8)
|
33
33
|
childprocess (~> 0.1.6)
|
@@ -58,7 +58,7 @@ GEM
|
|
58
58
|
culerity (0.2.14)
|
59
59
|
daemons (1.1.0)
|
60
60
|
diesel (0.1.4)
|
61
|
-
railties (~> 3.0.
|
61
|
+
railties (~> 3.0.6)
|
62
62
|
diff-lcs (1.1.2)
|
63
63
|
dynamic_form (1.1.3)
|
64
64
|
erubis (2.6.6)
|
@@ -93,17 +93,17 @@ GEM
|
|
93
93
|
rack (>= 1.0.0)
|
94
94
|
rack-test (0.5.7)
|
95
95
|
rack (>= 1.0)
|
96
|
-
rails (3.0.
|
97
|
-
actionmailer (= 3.0.
|
98
|
-
actionpack (= 3.0.
|
99
|
-
activerecord (= 3.0.
|
100
|
-
activeresource (= 3.0.
|
101
|
-
activesupport (= 3.0.
|
96
|
+
rails (3.0.6)
|
97
|
+
actionmailer (= 3.0.6)
|
98
|
+
actionpack (= 3.0.6)
|
99
|
+
activerecord (= 3.0.6)
|
100
|
+
activeresource (= 3.0.6)
|
101
|
+
activesupport (= 3.0.6)
|
102
102
|
bundler (~> 1.0)
|
103
|
-
railties (= 3.0.
|
104
|
-
railties (3.0.
|
105
|
-
actionpack (= 3.0.
|
106
|
-
activesupport (= 3.0.
|
103
|
+
railties (= 3.0.6)
|
104
|
+
railties (3.0.6)
|
105
|
+
actionpack (= 3.0.6)
|
106
|
+
activesupport (= 3.0.6)
|
107
107
|
rake (>= 0.8.7)
|
108
108
|
thor (~> 0.14.4)
|
109
109
|
rake (0.8.7)
|
@@ -154,7 +154,7 @@ DEPENDENCIES
|
|
154
154
|
factory_girl_rails
|
155
155
|
launchy
|
156
156
|
mocha
|
157
|
-
rails (>= 3.0.
|
157
|
+
rails (>= 3.0.6)
|
158
158
|
rake
|
159
159
|
rspec-rails
|
160
160
|
shoulda
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.10.
|
1
|
+
0.10.5
|
@@ -92,6 +92,13 @@ module Clearance
|
|
92
92
|
|
93
93
|
protected
|
94
94
|
|
95
|
+
# CSRF protection in Rails >= 3.0.4
|
96
|
+
# http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
|
97
|
+
def handle_unverified_request
|
98
|
+
super
|
99
|
+
sign_out
|
100
|
+
end
|
101
|
+
|
95
102
|
def user_from_cookie
|
96
103
|
if token = cookies[:remember_token]
|
97
104
|
::User.find_by_remember_token(token)
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
class ForgeriesController < ActionController::Base
|
4
|
+
include Clearance::Authentication
|
5
|
+
protect_from_forgery
|
6
|
+
before_filter :authenticate
|
7
|
+
|
8
|
+
# This is off in test by default, but we need it for this test
|
9
|
+
self.allow_forgery_protection = true
|
10
|
+
|
11
|
+
def create
|
12
|
+
redirect_to :action => 'index'
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
describe ForgeriesController do
|
17
|
+
context "signed in user" do
|
18
|
+
before do
|
19
|
+
Rails.application.routes.draw do
|
20
|
+
resources :forgeries
|
21
|
+
match 'sign_in' => 'clearance/sessions#new', :as => 'sign_in'
|
22
|
+
end
|
23
|
+
|
24
|
+
@user = Factory(:user)
|
25
|
+
@user.update_attribute(:remember_token, "old-token")
|
26
|
+
@request.cookies["remember_token"] = "old-token"
|
27
|
+
@request.session[:_csrf_token] = "golden-ticket"
|
28
|
+
end
|
29
|
+
|
30
|
+
after do
|
31
|
+
Rails.application.reload_routes!
|
32
|
+
end
|
33
|
+
|
34
|
+
it "succeeds with authentic token" do
|
35
|
+
post :create, :authenticity_token => "golden-ticket"
|
36
|
+
subject.should redirect_to(:action => 'index')
|
37
|
+
end
|
38
|
+
|
39
|
+
it "redirects to sign_in with invalid token" do
|
40
|
+
post :create, :authenticity_token => "hax0r"
|
41
|
+
subject.should redirect_to(sign_in_url)
|
42
|
+
end
|
43
|
+
|
44
|
+
it "redirects to sign_in with no token" do
|
45
|
+
post :create
|
46
|
+
subject.should redirect_to(sign_in_url)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 10
|
8
|
-
-
|
9
|
-
version: 0.10.
|
8
|
+
- 5
|
9
|
+
version: 0.10.5
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Dan Croak
|
@@ -31,7 +31,7 @@ autorequire:
|
|
31
31
|
bindir: bin
|
32
32
|
cert_chain: []
|
33
33
|
|
34
|
-
date: 2011-04-
|
34
|
+
date: 2011-04-19 00:00:00 -04:00
|
35
35
|
default_executable:
|
36
36
|
dependencies:
|
37
37
|
- !ruby/object:Gem::Dependency
|
@@ -155,6 +155,7 @@ files:
|
|
155
155
|
- lib/generators/clearance/install/templates/db/migrate/upgrade_clearance_to_diesel.rb
|
156
156
|
- lib/generators/clearance/install/templates/user.rb
|
157
157
|
- lib/generators/clearance/views/views_generator.rb
|
158
|
+
- spec/controllers/forgeries_controller_spec.rb
|
158
159
|
- spec/controllers/passwords_controller_spec.rb
|
159
160
|
- spec/controllers/sessions_controller_spec.rb
|
160
161
|
- spec/controllers/users_controller_spec.rb
|