csrf_token_caching 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in csrf_token_caching.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Manu S Ajith <neo@codingarena.in>
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,37 @@
+# CsrfTokenCaching
+
+One of the notable features of Rails is the use of CSRF (Cross Site Request Forgery). The CSRF token is implemented by embedding a server side generated token to all the pages that is generated. When rails render a new page, it will generate an authenticity token and will embed the same into a hidden field and will be stored in the session object. Whenever a request to Edit or Update an object is received rails will check the authenticity of the token and will reject it if it isnt valid.
+
+###CSRF token with Action Caching ###
+
+Consider an example where a user named "User1" comes to the application. For this user the CSRF token will be newly generated, also note that a cached copy of the file will be stored on the server. If another user "User2" visits the same page, then he/she will be getting the cached copy of the file with the CSRF token for the first user. Now if the second user tries to edit/update an object, then there will be mismatches in the CSRF token and he/she will get an error.
+
+###Solution ###
+
+In some cases disabling the CSRF token can solve the above problem, but it is not advisable to have CSRF disabled in your application. The workaround is to modify the module which is responsible for generating the authenticity token in such a way that we are able to split the token later and can match that against the requests.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'csrf_token_caching'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install csrf_token_caching
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/csrf_token_caching.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'csrf_token_caching/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "csrf_token_caching"
+  spec.version       = CsrfTokenCaching::VERSION
+  spec.authors       = ["Manu S Ajith"]
+  spec.email         = ["neo@codingarena.in"]
+  spec.description   = %q{Gem to handle CSRF protection token while using caching}
+  spec.summary       = %q{This gem will easily allow the users to use caching with CSRF tokens, it will insert a user specific token in the HTML pages for each response that is sent.}
+  spec.homepage      = "https://github.com/manusajith/csrf_token_caching"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/lib/csrf_token_caching.rb

@@ -0,0 +1,44 @@
+require "csrf_token_caching/version"
+
+module CsrfTokenCaching
+  def self.included(base)
+
+    ApplicationController.const_set "TOKEN_PLACEHOLDER", "__CROSS_SITE_REQUEST_FORGERY_PROTECTION_TOKEN__"
+    base.class_eval do
+      after_filter  :inject_csrf_token
+
+      private
+      def inject_csrf_token
+        if protect_against_forgery? && token = form_authenticity_token
+          if body_with_token = response.body.gsub!(ApplicationController::TOKEN_PLACEHOLDER, token)
+            response.body = body_with_token
+          end
+        end
+      end
+    end
+
+    ActionView::Helpers::FormTagHelper.class_eval do
+      alias_method :token_tag_rails, :token_tag
+
+      def token_tag(token=nil)
+        if token != false && protect_against_forgery?
+          tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => ApplicationController::TOKEN_PLACEHOLDER)
+        else
+          ''
+        end
+      end
+    end
+
+    ActionView::Helpers::CsrfHelper.class_eval do
+      def csrf_meta_tags
+        if protect_against_forgery?
+          [
+            tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token),
+            tag('meta', :name => 'csrf-token', :content => ApplicationController::TOKEN_PLACEHOLDER)
+          ].join("\n").html_safe
+        end
+      end
+    end
+
+  end # included
+end

data/lib/csrf_token_caching/version.rb

@@ -0,0 +1,3 @@
+module CsrfTokenCaching
+  VERSION = "0.0.1"
+end

metadata

@@ -0,0 +1,88 @@
+--- !ruby/object:Gem::Specification
+name: csrf_token_caching
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Manu S Ajith
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Gem to handle CSRF protection token while using caching
+email:
+- neo@codingarena.in
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- csrf_token_caching.gemspec
+- lib/csrf_token_caching.rb
+- lib/csrf_token_caching/version.rb
+homepage: https://github.com/manusajith/csrf_token_caching
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: This gem will easily allow the users to use caching with CSRF tokens, it
+  will insert a user specific token in the HTML pages for each response that is sent.
+test_files: []
+has_rdoc: