devise 1.1.7 → 1.1.8
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
data/CHANGELOG.rdoc
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
devise (1.1.
|
|
4
|
+
devise (1.1.7)
|
|
5
5
|
bcrypt-ruby (~> 2.1.2)
|
|
6
6
|
warden (~> 1.0.2)
|
|
7
7
|
|
|
@@ -36,7 +36,7 @@ GEM
|
|
|
36
36
|
activesupport (= 3.0.4)
|
|
37
37
|
activesupport (3.0.4)
|
|
38
38
|
arel (2.0.8)
|
|
39
|
-
bcrypt-ruby (2.1.
|
|
39
|
+
bcrypt-ruby (2.1.4)
|
|
40
40
|
bson (1.1.2)
|
|
41
41
|
bson_ext (1.1.2)
|
|
42
42
|
builder (2.1.2)
|
|
@@ -91,7 +91,7 @@ GEM
|
|
|
91
91
|
treetop (1.4.9)
|
|
92
92
|
polyglot (>= 0.3.1)
|
|
93
93
|
tzinfo (0.3.24)
|
|
94
|
-
warden (1.0.
|
|
94
|
+
warden (1.0.3)
|
|
95
95
|
rack (>= 1.0.0)
|
|
96
96
|
webrat (0.7.2)
|
|
97
97
|
nokogiri (>= 1.2.0)
|
|
@@ -104,7 +104,6 @@ PLATFORMS
|
|
|
104
104
|
|
|
105
105
|
DEPENDENCIES
|
|
106
106
|
activerecord-jdbcsqlite3-adapter
|
|
107
|
-
bcrypt-ruby (~> 2.1.2)
|
|
108
107
|
bson_ext (= 1.1.2)
|
|
109
108
|
devise!
|
|
110
109
|
mocha
|
|
@@ -113,5 +112,4 @@ DEPENDENCIES
|
|
|
113
112
|
rails (~> 3.0.4)
|
|
114
113
|
ruby-debug (>= 0.10.3)
|
|
115
114
|
sqlite3-ruby
|
|
116
|
-
warden (~> 1.0.2)
|
|
117
115
|
webrat (= 0.7.2)
|
|
@@ -90,6 +90,7 @@ module Devise
|
|
|
90
90
|
# end
|
|
91
91
|
#
|
|
92
92
|
def find_for_authentication(conditions)
|
|
93
|
+
filter_auth_params(conditions)
|
|
93
94
|
find(:first, :conditions => conditions)
|
|
94
95
|
end
|
|
95
96
|
|
|
@@ -113,6 +114,15 @@ module Devise
|
|
|
113
114
|
record
|
|
114
115
|
end
|
|
115
116
|
|
|
117
|
+
protected
|
|
118
|
+
|
|
119
|
+
# Force keys to be string to avoid injection on mongoid related database.
|
|
120
|
+
def filter_auth_params(conditions)
|
|
121
|
+
conditions.each do |k, v|
|
|
122
|
+
conditions[k] = v.to_s
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
116
126
|
# Generate a token by looping and ensuring does not already exist.
|
|
117
127
|
def generate_token(column)
|
|
118
128
|
loop do
|
data/lib/devise/version.rb
CHANGED
|
@@ -65,6 +65,22 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
|
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
67
|
|
|
68
|
+
test 'should not be subject to injection' do
|
|
69
|
+
swap Devise, :token_authentication_key => :secret_token do
|
|
70
|
+
user1 = create_user()
|
|
71
|
+
|
|
72
|
+
# Clean up user cache
|
|
73
|
+
@user = nil
|
|
74
|
+
|
|
75
|
+
user2 = create_user(:email => "another@test.com")
|
|
76
|
+
user2.update_attribute(:authentication_token, "ANOTHERTOKEN")
|
|
77
|
+
|
|
78
|
+
assert_not_equal user1, user2
|
|
79
|
+
visit users_path(Devise.token_authentication_key.to_s + '[$ne]' => user1.authentication_token)
|
|
80
|
+
assert_nil warden.user(:user)
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
68
84
|
private
|
|
69
85
|
|
|
70
86
|
def sign_in_as_new_user_with_token(options = {})
|
|
@@ -34,4 +34,16 @@ class TokenAuthenticatableTest < ActiveSupport::TestCase
|
|
|
34
34
|
assert_nil authenticated_user
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
-
|
|
37
|
+
test 'should not be subject to injection' do
|
|
38
|
+
user1 = create_user
|
|
39
|
+
user1.ensure_authentication_token!
|
|
40
|
+
user1.confirm!
|
|
41
|
+
|
|
42
|
+
user2 = create_user
|
|
43
|
+
user2.ensure_authentication_token!
|
|
44
|
+
user2.confirm!
|
|
45
|
+
|
|
46
|
+
user = User.find_for_token_authentication(:auth_token => {'$ne' => user1.authentication_token})
|
|
47
|
+
assert_nil user
|
|
48
|
+
end
|
|
49
|
+
end
|
data/test/support/integration.rb
CHANGED
|
@@ -9,7 +9,7 @@ class ActionDispatch::IntegrationTest
|
|
|
9
9
|
@user ||= begin
|
|
10
10
|
user = User.create!(
|
|
11
11
|
:username => 'usertest',
|
|
12
|
-
:email => 'user@test.com',
|
|
12
|
+
:email => options[:email] || 'user@test.com',
|
|
13
13
|
:password => '123456',
|
|
14
14
|
:password_confirmation => '123456',
|
|
15
15
|
:created_at => Time.now.utc
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
5
|
-
prerelease:
|
|
4
|
+
hash: 3
|
|
5
|
+
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 1
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 1.1.
|
|
9
|
+
- 8
|
|
10
|
+
version: 1.1.8
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- "Jos\xC3\xA9 Valim"
|
|
@@ -16,7 +16,7 @@ autorequire:
|
|
|
16
16
|
bindir: bin
|
|
17
17
|
cert_chain: []
|
|
18
18
|
|
|
19
|
-
date: 2011-
|
|
19
|
+
date: 2011-03-11 00:00:00 +01:00
|
|
20
20
|
default_executable:
|
|
21
21
|
dependencies:
|
|
22
22
|
- !ruby/object:Gem::Dependency
|
|
@@ -246,7 +246,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
246
246
|
requirements: []
|
|
247
247
|
|
|
248
248
|
rubyforge_project:
|
|
249
|
-
rubygems_version: 1.3
|
|
249
|
+
rubygems_version: 1.5.3
|
|
250
250
|
signing_key:
|
|
251
251
|
specification_version: 3
|
|
252
252
|
summary: Flexible authentication solution for Rails with Warden
|