devise_openid_authenticatable 1.1.3 → 1.1.4

data/.travis.yml

@@ -1,9 +1,8 @@
 rvm:
-  - 1.8.7
-  - 1.9.2
   - 1.9.3
-  - ree
+  - 2.0.0
 gemfile:
+  - Gemfile.devise30
   - Gemfile.devise21
   - Gemfile.devise15
   - Gemfile.devise13

data/CHANGELOG.rdoc

@@ -1,3 +1,7 @@
+== 1.1.4
+* Remove authenticity token from return parameters, and instead stop requiring it for successful authentication.  This is required to be compatible with Devise's recent security fixes.
+* Test suite is now fully passing on Devise 1.4 through 3.0
+
 == 1.1.3
 * Add authenticity token to return parameters (thanks Alexander Greim!)
 

data/Gemfile.devise30

@@ -0,0 +1,11 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in devise_cas_authenticatable.gemspec
+gemspec
+
+gem 'rails', '~> 4.0.0'
+gem 'devise', '~> 3.0.0'
+
+group :test do
+  gem "rots", :git => "http://github.com/roman/rots.git"
+end

data/lib/devise_openid_authenticatable/model.rb

@@ -7,7 +7,7 @@ module Devise
 
       module ClassMethods
         def find_by_identity_url(identity_url)
-          find(:first, :conditions => {:identity_url => identity_url})
+          where(:identity_url => identity_url).first
         end
       end
       

data/lib/devise_openid_authenticatable/strategy.rb

@@ -19,6 +19,11 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
       custom! [401, { Rack::OpenID::AUTHENTICATE_HEADER => Rack::OpenID.build_header(opts) }, "Sign in with OpenID"]
     end
   end
+  
+  # CSRF won't be able to be verified on returning from the OpenID server, so we will bypass that check for this strategy
+  def store?
+    true
+  end
 
   protected
 
@@ -120,9 +125,6 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
         request_params["#{scope}[#{param}]"] = value
         request_params
       end
-      if params[:authenticity_token]
-        return_params['authenticity_token'] = params[:authenticity_token]
-      end
       return_to.query = Rack::Utils.build_query(return_params)
       return_to.to_s
     end

data/lib/devise_openid_authenticatable/version.rb

@@ -1,3 +1,3 @@
 module DeviseOpenidAuthenticatable
-  VERSION = "1.1.3"
+  VERSION = "1.1.4"
 end

data/spec/scenario/config/routes.rb

@@ -1,6 +1,6 @@
 Rails.application.routes.draw do
-  devise_for :users, :controllers => { :sessions => 'sessions' }
-  devise_for :database_users, :controllers => { :sessions => 'sessions' }
-  devise_for :legacy_users, :controllers => { :sessions => 'sessions' }
+  devise_for :users
+  devise_for :database_users
+  devise_for :legacy_users
   root :to => "home#index"
 end

data/spec/strategy_spec.rb

@@ -95,7 +95,7 @@ describe Devise::Strategies::OpenidAuthenticatable do
 
   describe "POST /users/sign_in (with a valid identity URL param)" do
     before do
-      Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'location' => 'http://openid.example.org/server'}, ['']])
+      Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'Location' => 'http://openid.example.org/server'}, ['']])
       post '/users/sign_in', 'user' => { 'identity_url' => 'http://openid.example.org/myid' }
     end
 
@@ -262,7 +262,7 @@ describe Devise::Strategies::OpenidAuthenticatable do
   
   describe "POST /database_users/sign_in (using OpenID, begin_authentication)" do
     before do
-      Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'location' => 'http://openid.example.org/server'}, ['']])
+      Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'Location' => 'http://openid.example.org/server'}, ['']])
       post '/database_users/sign_in', 'database_user' => { 'identity_url' => 'http://openid.example.org/myid' }
     end
 

metadata

@@ -2,14 +2,14 @@
 name: devise_openid_authenticatable
 version: !ruby/object:Gem::Version
   prerelease: 
-  version: 1.1.3
+  version: 1.1.4
 platform: ruby
 authors:
 - Nat Budin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-07 00:00:00.000000000 Z
+date: 2013-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   version_requirements: !ruby/object:Gem::Requirement
@@ -154,6 +154,7 @@ files:
 - Gemfile.devise14
 - Gemfile.devise15
 - Gemfile.devise21
+- Gemfile.devise30
 - LICENSE
 - README.md
 - Rakefile
@@ -168,12 +169,11 @@ files:
 - spec/model_spec.rb
 - spec/scenario/app/controllers/application_controller.rb
 - spec/scenario/app/controllers/home_controller.rb
-- spec/scenario/app/controllers/sessions_controller.rb
 - spec/scenario/app/models/database_user.rb
 - spec/scenario/app/models/legacy_user.rb
 - spec/scenario/app/models/user.rb
+- spec/scenario/app/views/devise/sessions/new.html.erb
 - spec/scenario/app/views/layouts/application.html.erb
-- spec/scenario/app/views/sessions/new.html.erb
 - spec/scenario/config.ru
 - spec/scenario/config/application.rb
 - spec/scenario/config/boot.rb
@@ -218,12 +218,11 @@ test_files:
 - spec/model_spec.rb
 - spec/scenario/app/controllers/application_controller.rb
 - spec/scenario/app/controllers/home_controller.rb
-- spec/scenario/app/controllers/sessions_controller.rb
 - spec/scenario/app/models/database_user.rb
 - spec/scenario/app/models/legacy_user.rb
 - spec/scenario/app/models/user.rb
+- spec/scenario/app/views/devise/sessions/new.html.erb
 - spec/scenario/app/views/layouts/application.html.erb
-- spec/scenario/app/views/sessions/new.html.erb
 - spec/scenario/config.ru
 - spec/scenario/config/application.rb
 - spec/scenario/config/boot.rb
@@ -240,3 +239,4 @@ test_files:
 - spec/spec_helper.rb
 - spec/strategy_spec.rb
 - spec/support/migrations.rb
+has_rdoc: 

data/spec/scenario/app/controllers/sessions_controller.rb

@@ -1,4 +0,0 @@
-class SessionsController < Devise::SessionsController
-  def new
-  end
-end