RubyGems - clearance - Versions diffs - 2.6.0 → 2.6.1 - Mend

clearance 2.6.0 → 2.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd4f8ec16fd316714fb0f5020e634855d109e260bd164f7b68947f3e36f9d7c7
-  data.tar.gz: 5a78cfeca3fc95dee50bba6bd81026f32692de107d6be1d7aca4541837f5d579
+  metadata.gz: 136429332942ad6982566811de66424e672d356bdf19e912c8ee7dbe0ede8765
+  data.tar.gz: 1a8ec9af9ab0ec22be0a35745ee7e7880fbb9b6945cc83db1bf7b5e903d8bbe8
 SHA512:
-  metadata.gz: 6cdabe74719baedad2e9f8c221fd0abdd377856936fee0aa5b1572dd67c6a5b7925f01641116e0213ed2fcbe07cda870582acebd198aa57228fe4c0a2f90af9c
-  data.tar.gz: d0c1c9298dfdc961798bb65170f0b9b43d5eb6a25c956428cfa12ab7375be820e405d72e2c4ad34ed15c487bf7912bb6c17bb311e4a7768f302b6276f85e5920
+  metadata.gz: 24fd97a070795a1343b7e4971f154765ce0c73e57daff27f0af288769dffb4a84900ea96dc935519da6f761274cbeb4b6dc66c5189eba7b504406d95b350dd0d
+  data.tar.gz: f576ab8afb5725e4919cbb259e692c552bf301420ec61234b86f4fca66d3d34d478bb8a88112d79b95350fe29e317eb93d736d9782eea22b43482a809de5bd16

data/CHANGELOG.md CHANGED Viewed

@@ -5,7 +5,14 @@ complete changelog, see the git history for each version via the version links.
 ## [Unreleased]
-[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.0...main
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.1...main
+## [2.6.1] - September 23, 2022
+- Document how to report security issues
+- Only update the `env["QUERY_STRING"]` if the `as` parameter is present in
+  backdoor middleware
+[2.6.1]: https://github.com/thoughtbot/clearance/compare/v2.6.0...v2.6.1
 ## [2.6.0] - June 12, 2022

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.5.0)
+    clearance (2.6.1)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)

data/README.md CHANGED Viewed

@@ -475,6 +475,10 @@ Thank you, [contributors]!
 [CONTRIBUTING.md]: /CONTRIBUTING.md
 [contributors]: https://github.com/thoughtbot/clearance/graphs/contributors
+## Security
+For security issues it's better to contact <security@thoughtbot.com> (See <https://thoughtbot.com/security>)
 ## License
 Clearance is copyright © 2009-2019 thoughtbot. It is free software, and may be

data/lib/clearance/back_door.rb CHANGED Viewed

@@ -50,9 +50,9 @@ module Clearance
     def sign_in_through_the_back_door(env)
       params = Rack::Utils.parse_query(env["QUERY_STRING"])
       user_param = params.delete("as")
-      env["QUERY_STRING"] = Rack::Utils.build_query(params)
       if user_param.present?
+        env["QUERY_STRING"] = Rack::Utils.build_query(params)
         user = find_user(user_param)
         env[:clearance].sign_in(user)
       end

data/lib/clearance/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.6.0".freeze
+  VERSION = "2.6.1".freeze
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.6.0
+  version: 2.6.1
 platform: ruby
 authors:
 - Dan Croak
@@ -26,7 +26,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-12 00:00:00.000000000 Z
+date: 2022-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -314,7 +314,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.