cuba-csrf 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -5
- data/cuba-csrf.gemspec +1 -1
- data/lib/cuba/csrf.rb +2 -8
- data/test/csrf.rb +9 -13
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 94e98c48283db2c21543133020a4c7e1bb6a13d1
|
|
4
|
+
data.tar.gz: 412e34ab4a7759974478bfb6fdc24de8a09f44ff
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6cc9730a59a1f11814b6cc035f988402919af9339cf597c6c54c08eb9bd5f3ee7908b67bb4fdbb6be91dba03662d2adf10aa3f208aa306eccd7595ac9b33ccb3
|
|
7
|
+
data.tar.gz: 139fde650e30b59734b81ee0f925c202806919b1de39ed0cf242797ddebe78d242cbe155a0be3941040b08260aabcae38c8dd1d90e4739929ab6318256438716
|
data/README.md
CHANGED
|
@@ -31,11 +31,7 @@ require "cuba/csrf"
|
|
|
31
31
|
Cuba.plugin(Cuba::CSRF)
|
|
32
32
|
|
|
33
33
|
Cuba.define do
|
|
34
|
-
|
|
35
|
-
protect_from_forgery!
|
|
36
|
-
rescue Cuba::CSRF::InvalidToken
|
|
37
|
-
# In this case, if the verification fails
|
|
38
|
-
# we want to reset user's session.
|
|
34
|
+
unless csrf_safe?
|
|
39
35
|
session.clear
|
|
40
36
|
|
|
41
37
|
res.status = 403
|
data/cuba-csrf.gemspec
CHANGED
data/lib/cuba/csrf.rb
CHANGED
|
@@ -2,10 +2,8 @@ require "cuba"
|
|
|
2
2
|
require "securerandom"
|
|
3
3
|
|
|
4
4
|
module Cuba::CSRF
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
def protect_from_forgery!
|
|
8
|
-
raise InvalidToken unless _csrf_safe?
|
|
5
|
+
def csrf_safe?
|
|
6
|
+
req.get? || req.head? || req[:csrf_token] == csrf_token
|
|
9
7
|
end
|
|
10
8
|
|
|
11
9
|
def csrf_token
|
|
@@ -15,8 +13,4 @@ module Cuba::CSRF
|
|
|
15
13
|
def csrf_tag
|
|
16
14
|
%Q(<input type="hidden" name="csrf_token" value="#{csrf_token}">)
|
|
17
15
|
end
|
|
18
|
-
|
|
19
|
-
def _csrf_safe?
|
|
20
|
-
req.get? || req.head? || req[:csrf_token] == csrf_token
|
|
21
|
-
end
|
|
22
16
|
end
|
data/test/csrf.rb
CHANGED
|
@@ -18,11 +18,7 @@ scope do
|
|
|
18
18
|
|
|
19
19
|
test "safe http methods" do
|
|
20
20
|
Cuba.define do
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
on default do
|
|
24
|
-
res.write("safe")
|
|
25
|
-
end
|
|
21
|
+
raise unless csrf_safe?
|
|
26
22
|
end
|
|
27
23
|
|
|
28
24
|
assert_no_raise do
|
|
@@ -33,25 +29,25 @@ scope do
|
|
|
33
29
|
|
|
34
30
|
test "invalid csrf param" do
|
|
35
31
|
Cuba.define do
|
|
36
|
-
|
|
32
|
+
raise unless csrf_safe?
|
|
37
33
|
end
|
|
38
34
|
|
|
39
|
-
assert_raise
|
|
35
|
+
assert_raise do
|
|
40
36
|
post "/", "csrf_token" => nil
|
|
41
37
|
end
|
|
42
38
|
|
|
43
|
-
assert_raise
|
|
39
|
+
assert_raise do
|
|
44
40
|
post "/", "csrf_token" => ""
|
|
45
41
|
end
|
|
46
42
|
|
|
47
|
-
assert_raise
|
|
43
|
+
assert_raise do
|
|
48
44
|
post "/", "csrf_token" => "nonsense"
|
|
49
45
|
end
|
|
50
46
|
end
|
|
51
47
|
|
|
52
48
|
test "valid csrf param" do
|
|
53
49
|
Cuba.define do
|
|
54
|
-
|
|
50
|
+
raise unless csrf_safe?
|
|
55
51
|
|
|
56
52
|
on get do
|
|
57
53
|
res.write(csrf_token)
|
|
@@ -83,14 +79,14 @@ scope do
|
|
|
83
79
|
end
|
|
84
80
|
|
|
85
81
|
Cuba.define do
|
|
86
|
-
|
|
82
|
+
raise unless csrf_safe?
|
|
87
83
|
|
|
88
84
|
on "app" do
|
|
89
85
|
run(App)
|
|
90
86
|
end
|
|
91
87
|
end
|
|
92
88
|
|
|
93
|
-
assert_raise
|
|
89
|
+
assert_raise do
|
|
94
90
|
post "/app"
|
|
95
91
|
end
|
|
96
92
|
end
|
|
@@ -120,7 +116,7 @@ scope do
|
|
|
120
116
|
post "/"
|
|
121
117
|
end
|
|
122
118
|
|
|
123
|
-
assert_raise
|
|
119
|
+
assert_raise do
|
|
124
120
|
post "/app"
|
|
125
121
|
end
|
|
126
122
|
end
|