devise-passwordless 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8c2ccc142bc114ca58125c72ea17c9646a6bd602d2a70e99de49b6412df12950
4
- data.tar.gz: 7682b97e852e56559ef5babf8bf4f9e0c323083a32b3e16f8d932976e3204aea
3
+ metadata.gz: 37620b7f1717ecebc7a916630c58430fe97f76676c3dfe2e3fb05c037ab10609
4
+ data.tar.gz: ecd157b06c356f94c4d9e027bde90d6523e17154ba6ec559f24ffb7864323dce
5
5
  SHA512:
6
- metadata.gz: 4ac233d2eff38815cca3fadbe0c5b84e919b6129e7e763f30fb18cb5e75b095d10362126e8448fed612dad292463a997d82b36c8ffcb8b95252aacc20db5e46d
7
- data.tar.gz: 4feb6345e80a8f2a0ea37527f7926cbff412e70a6bfda8a35166cc686f7eef0bb28d8a63a3702c59ac5ccbba308ca2386ec86e083d748e57bd6fdcdd176f49b1
6
+ metadata.gz: b28efcfb87f0f5de6e56cb4de25fbf72fa683bb75790a7f34bd60122439e572815486fea408b4abeb2504f7c5550375f2291b8ac5dcf94d955085ec59030f6e5
7
+ data.tar.gz: df62efa3059f6f2737ca57a91e31fa4c71029e938198fa8fe9fd01bbb1a1032ed0a67f27d7bd593eeb3a6cc6ce2bb38bdd853208c8531ea82088fc70dab8fdf2
data/CHANGELOG.md CHANGED
@@ -1,4 +1,10 @@
1
- ## 1.0.0
1
+ ## 1.0.1 - Sep 18, 2023
2
+
3
+ ### Bugfixes
4
+
5
+ * Fixed bug where `filter_parameters` check erred on regex keys ([#39] - thanks [@thimo]!)
6
+
7
+ ## 1.0.0 - Sep 15, 2023
2
8
 
3
9
  ### Enhancements
4
10
 
@@ -32,6 +38,7 @@
32
38
  [@iainbeeston]: https://github.com/iainbeeston
33
39
  [@joeyparis]: https://github.com/joeyparis
34
40
  [@JoeyLeadJig]: https://github.com/JoeyLeadJig
41
+ [@thimo]: https://github.com/thimo
35
42
  [@til]: https://github.com/til
36
43
 
37
44
  [#13]: https://github.com/abevoelker/devise-passwordless/issues/13
@@ -42,3 +49,4 @@
42
49
  [#27]: https://github.com/abevoelker/devise-passwordless/pull/27
43
50
  [#33]: https://github.com/abevoelker/devise-passwordless/pull/33
44
51
  [#36]: https://github.com/abevoelker/devise-passwordless/pull/36
52
+ [#39]: https://github.com/abevoelker/devise-passwordless/issues/39
@@ -14,12 +14,7 @@ module Devise::Passwordless
14
14
  initializer "devise_passwordless.log_filter_check" do
15
15
  params = Rails.try(:application).try(:config).try(:filter_parameters) || []
16
16
 
17
- unless params.map(&:to_sym).include?(:token)
18
- warn "[DEVISE-PASSWORDLESS] We have detected that your Rails configuration does not " \
19
- "filter :token parameters out of your logs. You should append :token to your " \
20
- "config.filter_parameters Rails setting so that magic link tokens don't " \
21
- "leak out of your logs."
22
- end
17
+ ::Devise::Passwordless.check_filter_parameters(params)
23
18
  end
24
19
  end
25
20
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Devise
4
4
  module Passwordless
5
- VERSION = "1.0.0"
5
+ VERSION = "1.0.1"
6
6
  end
7
7
  end
@@ -23,5 +23,21 @@ module Devise
23
23
  Devise.secret_key
24
24
  end
25
25
  end
26
+
27
+ FILTER_PARAMS_WARNING = "[DEVISE-PASSWORDLESS] We have detected that your Rails configuration does not " \
28
+ "filter :token parameters out of your logs. You should append :token to your " \
29
+ "config.filter_parameters Rails setting so that magic link tokens don't " \
30
+ "leak out of your logs."
31
+
32
+ def self.check_filter_parameters(params)
33
+ begin
34
+ unless params.find{|p| p.to_sym == :token}
35
+ warn FILTER_PARAMS_WARNING
36
+ end
37
+ # Cancel the check if filter_parameters contains regular expressions or other exotic values
38
+ rescue NoMethodError
39
+ return
40
+ end
41
+ end
26
42
  end
27
43
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-passwordless
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Abe Voelker
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-15 00:00:00.000000000 Z
11
+ date: 2023-09-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise