clearance 2.6.0 → 2.6.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cd4f8ec16fd316714fb0f5020e634855d109e260bd164f7b68947f3e36f9d7c7
4
- data.tar.gz: 5a78cfeca3fc95dee50bba6bd81026f32692de107d6be1d7aca4541837f5d579
3
+ metadata.gz: 136429332942ad6982566811de66424e672d356bdf19e912c8ee7dbe0ede8765
4
+ data.tar.gz: 1a8ec9af9ab0ec22be0a35745ee7e7880fbb9b6945cc83db1bf7b5e903d8bbe8
5
5
  SHA512:
6
- metadata.gz: 6cdabe74719baedad2e9f8c221fd0abdd377856936fee0aa5b1572dd67c6a5b7925f01641116e0213ed2fcbe07cda870582acebd198aa57228fe4c0a2f90af9c
7
- data.tar.gz: d0c1c9298dfdc961798bb65170f0b9b43d5eb6a25c956428cfa12ab7375be820e405d72e2c4ad34ed15c487bf7912bb6c17bb311e4a7768f302b6276f85e5920
6
+ metadata.gz: 24fd97a070795a1343b7e4971f154765ce0c73e57daff27f0af288769dffb4a84900ea96dc935519da6f761274cbeb4b6dc66c5189eba7b504406d95b350dd0d
7
+ data.tar.gz: f576ab8afb5725e4919cbb259e692c552bf301420ec61234b86f4fca66d3d34d478bb8a88112d79b95350fe29e317eb93d736d9782eea22b43482a809de5bd16
data/CHANGELOG.md CHANGED
@@ -5,7 +5,14 @@ complete changelog, see the git history for each version via the version links.
5
5
 
6
6
  ## [Unreleased]
7
7
 
8
- [Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.0...main
8
+ [Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.1...main
9
+
10
+ ## [2.6.1] - September 23, 2022
11
+ - Document how to report security issues
12
+ - Only update the `env["QUERY_STRING"]` if the `as` parameter is present in
13
+ backdoor middleware
14
+
15
+ [2.6.1]: https://github.com/thoughtbot/clearance/compare/v2.6.0...v2.6.1
9
16
 
10
17
  ## [2.6.0] - June 12, 2022
11
18
 
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- clearance (2.5.0)
4
+ clearance (2.6.1)
5
5
  actionmailer (>= 5.0)
6
6
  activemodel (>= 5.0)
7
7
  activerecord (>= 5.0)
data/README.md CHANGED
@@ -475,6 +475,10 @@ Thank you, [contributors]!
475
475
  [CONTRIBUTING.md]: /CONTRIBUTING.md
476
476
  [contributors]: https://github.com/thoughtbot/clearance/graphs/contributors
477
477
 
478
+ ## Security
479
+
480
+ For security issues it's better to contact <security@thoughtbot.com> (See <https://thoughtbot.com/security>)
481
+
478
482
  ## License
479
483
 
480
484
  Clearance is copyright © 2009-2019 thoughtbot. It is free software, and may be
@@ -50,9 +50,9 @@ module Clearance
50
50
  def sign_in_through_the_back_door(env)
51
51
  params = Rack::Utils.parse_query(env["QUERY_STRING"])
52
52
  user_param = params.delete("as")
53
- env["QUERY_STRING"] = Rack::Utils.build_query(params)
54
53
 
55
54
  if user_param.present?
55
+ env["QUERY_STRING"] = Rack::Utils.build_query(params)
56
56
  user = find_user(user_param)
57
57
  env[:clearance].sign_in(user)
58
58
  end
@@ -1,3 +1,3 @@
1
1
  module Clearance
2
- VERSION = "2.6.0".freeze
2
+ VERSION = "2.6.1".freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clearance
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.6.0
4
+ version: 2.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dan Croak
@@ -26,7 +26,7 @@ authors:
26
26
  autorequire:
27
27
  bindir: bin
28
28
  cert_chain: []
29
- date: 2022-06-12 00:00:00.000000000 Z
29
+ date: 2022-09-23 00:00:00.000000000 Z
30
30
  dependencies:
31
31
  - !ruby/object:Gem::Dependency
32
32
  name: bcrypt
@@ -314,7 +314,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
314
314
  - !ruby/object:Gem::Version
315
315
  version: '0'
316
316
  requirements: []
317
- rubygems_version: 3.1.6
317
+ rubygems_version: 3.3.7
318
318
  signing_key:
319
319
  specification_version: 4
320
320
  summary: Rails authentication & authorization with email & password.