devise_openid_authenticatable 1.1.3 → 1.1.4
Sign up to get free protection for your applications and to get access to all the features.
- data/.travis.yml +2 -3
- data/CHANGELOG.rdoc +4 -0
- data/Gemfile.devise30 +11 -0
- data/lib/devise_openid_authenticatable/model.rb +1 -1
- data/lib/devise_openid_authenticatable/strategy.rb +5 -3
- data/lib/devise_openid_authenticatable/version.rb +1 -1
- data/spec/scenario/app/views/{sessions → devise/sessions}/new.html.erb +0 -0
- data/spec/scenario/config/routes.rb +3 -3
- data/spec/strategy_spec.rb +2 -2
- metadata +6 -6
- data/spec/scenario/app/controllers/sessions_controller.rb +0 -4
data/.travis.yml
CHANGED
data/CHANGELOG.rdoc
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
== 1.1.4
|
2
|
+
* Remove authenticity token from return parameters, and instead stop requiring it for successful authentication. This is required to be compatible with Devise's recent security fixes.
|
3
|
+
* Test suite is now fully passing on Devise 1.4 through 3.0
|
4
|
+
|
1
5
|
== 1.1.3
|
2
6
|
* Add authenticity token to return parameters (thanks Alexander Greim!)
|
3
7
|
|
data/Gemfile.devise30
ADDED
@@ -19,6 +19,11 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
|
|
19
19
|
custom! [401, { Rack::OpenID::AUTHENTICATE_HEADER => Rack::OpenID.build_header(opts) }, "Sign in with OpenID"]
|
20
20
|
end
|
21
21
|
end
|
22
|
+
|
23
|
+
# CSRF won't be able to be verified on returning from the OpenID server, so we will bypass that check for this strategy
|
24
|
+
def store?
|
25
|
+
true
|
26
|
+
end
|
22
27
|
|
23
28
|
protected
|
24
29
|
|
@@ -120,9 +125,6 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
|
|
120
125
|
request_params["#{scope}[#{param}]"] = value
|
121
126
|
request_params
|
122
127
|
end
|
123
|
-
if params[:authenticity_token]
|
124
|
-
return_params['authenticity_token'] = params[:authenticity_token]
|
125
|
-
end
|
126
128
|
return_to.query = Rack::Utils.build_query(return_params)
|
127
129
|
return_to.to_s
|
128
130
|
end
|
File without changes
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Rails.application.routes.draw do
|
2
|
-
devise_for :users
|
3
|
-
devise_for :database_users
|
4
|
-
devise_for :legacy_users
|
2
|
+
devise_for :users
|
3
|
+
devise_for :database_users
|
4
|
+
devise_for :legacy_users
|
5
5
|
root :to => "home#index"
|
6
6
|
end
|
data/spec/strategy_spec.rb
CHANGED
@@ -95,7 +95,7 @@ describe Devise::Strategies::OpenidAuthenticatable do
|
|
95
95
|
|
96
96
|
describe "POST /users/sign_in (with a valid identity URL param)" do
|
97
97
|
before do
|
98
|
-
Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'
|
98
|
+
Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'Location' => 'http://openid.example.org/server'}, ['']])
|
99
99
|
post '/users/sign_in', 'user' => { 'identity_url' => 'http://openid.example.org/myid' }
|
100
100
|
end
|
101
101
|
|
@@ -262,7 +262,7 @@ describe Devise::Strategies::OpenidAuthenticatable do
|
|
262
262
|
|
263
263
|
describe "POST /database_users/sign_in (using OpenID, begin_authentication)" do
|
264
264
|
before do
|
265
|
-
Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'
|
265
|
+
Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'Location' => 'http://openid.example.org/server'}, ['']])
|
266
266
|
post '/database_users/sign_in', 'database_user' => { 'identity_url' => 'http://openid.example.org/myid' }
|
267
267
|
end
|
268
268
|
|
metadata
CHANGED
@@ -2,14 +2,14 @@
|
|
2
2
|
name: devise_openid_authenticatable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 1.1.
|
5
|
+
version: 1.1.4
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Nat Budin
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-
|
12
|
+
date: 2013-08-20 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -154,6 +154,7 @@ files:
|
|
154
154
|
- Gemfile.devise14
|
155
155
|
- Gemfile.devise15
|
156
156
|
- Gemfile.devise21
|
157
|
+
- Gemfile.devise30
|
157
158
|
- LICENSE
|
158
159
|
- README.md
|
159
160
|
- Rakefile
|
@@ -168,12 +169,11 @@ files:
|
|
168
169
|
- spec/model_spec.rb
|
169
170
|
- spec/scenario/app/controllers/application_controller.rb
|
170
171
|
- spec/scenario/app/controllers/home_controller.rb
|
171
|
-
- spec/scenario/app/controllers/sessions_controller.rb
|
172
172
|
- spec/scenario/app/models/database_user.rb
|
173
173
|
- spec/scenario/app/models/legacy_user.rb
|
174
174
|
- spec/scenario/app/models/user.rb
|
175
|
+
- spec/scenario/app/views/devise/sessions/new.html.erb
|
175
176
|
- spec/scenario/app/views/layouts/application.html.erb
|
176
|
-
- spec/scenario/app/views/sessions/new.html.erb
|
177
177
|
- spec/scenario/config.ru
|
178
178
|
- spec/scenario/config/application.rb
|
179
179
|
- spec/scenario/config/boot.rb
|
@@ -218,12 +218,11 @@ test_files:
|
|
218
218
|
- spec/model_spec.rb
|
219
219
|
- spec/scenario/app/controllers/application_controller.rb
|
220
220
|
- spec/scenario/app/controllers/home_controller.rb
|
221
|
-
- spec/scenario/app/controllers/sessions_controller.rb
|
222
221
|
- spec/scenario/app/models/database_user.rb
|
223
222
|
- spec/scenario/app/models/legacy_user.rb
|
224
223
|
- spec/scenario/app/models/user.rb
|
224
|
+
- spec/scenario/app/views/devise/sessions/new.html.erb
|
225
225
|
- spec/scenario/app/views/layouts/application.html.erb
|
226
|
-
- spec/scenario/app/views/sessions/new.html.erb
|
227
226
|
- spec/scenario/config.ru
|
228
227
|
- spec/scenario/config/application.rb
|
229
228
|
- spec/scenario/config/boot.rb
|
@@ -240,3 +239,4 @@ test_files:
|
|
240
239
|
- spec/spec_helper.rb
|
241
240
|
- spec/strategy_spec.rb
|
242
241
|
- spec/support/migrations.rb
|
242
|
+
has_rdoc:
|