RubyGems - devise_openid_authenticatable - Versions diffs - 1.1.3 → 1.1.4 - Mend

devise_openid_authenticatable 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

data/.travis.yml +2 -3
data/CHANGELOG.rdoc +4 -0
data/Gemfile.devise30 +11 -0
data/lib/devise_openid_authenticatable/model.rb +1 -1
data/lib/devise_openid_authenticatable/strategy.rb +5 -3
data/lib/devise_openid_authenticatable/version.rb +1 -1
data/spec/scenario/app/views/{sessions → devise/sessions}/new.html.erb +0 -0
data/spec/scenario/config/routes.rb +3 -3
data/spec/strategy_spec.rb +2 -2
metadata +6 -6
data/spec/scenario/app/controllers/sessions_controller.rb +0 -4

data/.travis.yml CHANGED

@@ -1,9 +1,8 @@
 rvm:
-  - 1.8.7
-  - 1.9.2
   - 1.9.3
-  - ree
+  - 2.0.0
 gemfile:
+  - Gemfile.devise30
   - Gemfile.devise21
   - Gemfile.devise15
   - Gemfile.devise13

data/CHANGELOG.rdoc CHANGED

@@ -1,3 +1,7 @@
+== 1.1.4
+* Remove authenticity token from return parameters, and instead stop requiring it for successful authentication.  This is required to be compatible with Devise's recent security fixes.
+* Test suite is now fully passing on Devise 1.4 through 3.0
 == 1.1.3
 * Add authenticity token to return parameters (thanks Alexander Greim!)

data/Gemfile.devise30 ADDED

@@ -0,0 +1,11 @@
+source "http://rubygems.org"
+# Specify your gem's dependencies in devise_cas_authenticatable.gemspec
+gemspec
+gem 'rails', '~> 4.0.0'
+gem 'devise', '~> 3.0.0'
+group :test do
+  gem "rots", :git => "http://github.com/roman/rots.git"
+end

data/lib/devise_openid_authenticatable/model.rb CHANGED

@@ -7,7 +7,7 @@ module Devise
       module ClassMethods
         def find_by_identity_url(identity_url)
-          find(:first, :conditions => {:identity_url => identity_url})
+          where(:identity_url => identity_url).first
         end
       end

data/lib/devise_openid_authenticatable/strategy.rb CHANGED

@@ -19,6 +19,11 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
       custom! [401, { Rack::OpenID::AUTHENTICATE_HEADER => Rack::OpenID.build_header(opts) }, "Sign in with OpenID"]
     end
   end
+  # CSRF won't be able to be verified on returning from the OpenID server, so we will bypass that check for this strategy
+  def store?
+    true
+  end
   protected
@@ -120,9 +125,6 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
         request_params["#{scope}[#{param}]"] = value
         request_params
       end
-      if params[:authenticity_token]
-        return_params['authenticity_token'] = params[:authenticity_token]
-      end
       return_to.query = Rack::Utils.build_query(return_params)
       return_to.to_s
     end

data/lib/devise_openid_authenticatable/version.rb CHANGED

@@ -1,3 +1,3 @@
 module DeviseOpenidAuthenticatable
-  VERSION = "1.1.3"
+  VERSION = "1.1.4"
 end

data/spec/scenario/app/views/{sessions → devise/sessions}/new.html.erb RENAMED

File without changes

data/spec/scenario/config/routes.rb CHANGED

@@ -1,6 +1,6 @@
 Rails.application.routes.draw do
-  devise_for :users, :controllers => { :sessions => 'sessions' }
-  devise_for :database_users, :controllers => { :sessions => 'sessions' }
-  devise_for :legacy_users, :controllers => { :sessions => 'sessions' }
+  devise_for :users
+  devise_for :database_users
+  devise_for :legacy_users
   root :to => "home#index"
 end

data/spec/strategy_spec.rb CHANGED

@@ -95,7 +95,7 @@ describe Devise::Strategies::OpenidAuthenticatable do
   describe "POST /users/sign_in (with a valid identity URL param)" do
     before do
-      Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'location' => 'http://openid.example.org/server'}, ['']])
+      Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'Location' => 'http://openid.example.org/server'}, ['']])
       post '/users/sign_in', 'user' => { 'identity_url' => 'http://openid.example.org/myid' }
     end
@@ -262,7 +262,7 @@ describe Devise::Strategies::OpenidAuthenticatable do
   describe "POST /database_users/sign_in (using OpenID, begin_authentication)" do
     before do
-      Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'location' => 'http://openid.example.org/server'}, ['']])
+      Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'Location' => 'http://openid.example.org/server'}, ['']])
       post '/database_users/sign_in', 'database_user' => { 'identity_url' => 'http://openid.example.org/myid' }
     end

metadata CHANGED

@@ -2,14 +2,14 @@
 name: devise_openid_authenticatable
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 1.1.3
+  version: 1.1.4
 platform: ruby
 authors:
 - Nat Budin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-04-07 00:00:00.000000000 Z
+date: 2013-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   version_requirements: !ruby/object:Gem::Requirement
@@ -154,6 +154,7 @@ files:
 - Gemfile.devise14
 - Gemfile.devise15
 - Gemfile.devise21
+- Gemfile.devise30
 - LICENSE
 - README.md
 - Rakefile
@@ -168,12 +169,11 @@ files:
 - spec/model_spec.rb
 - spec/scenario/app/controllers/application_controller.rb
 - spec/scenario/app/controllers/home_controller.rb
-- spec/scenario/app/controllers/sessions_controller.rb
 - spec/scenario/app/models/database_user.rb
 - spec/scenario/app/models/legacy_user.rb
 - spec/scenario/app/models/user.rb
+- spec/scenario/app/views/devise/sessions/new.html.erb
 - spec/scenario/app/views/layouts/application.html.erb
-- spec/scenario/app/views/sessions/new.html.erb
 - spec/scenario/config.ru
 - spec/scenario/config/application.rb
 - spec/scenario/config/boot.rb
@@ -218,12 +218,11 @@ test_files:
 - spec/model_spec.rb
 - spec/scenario/app/controllers/application_controller.rb
 - spec/scenario/app/controllers/home_controller.rb
-- spec/scenario/app/controllers/sessions_controller.rb
 - spec/scenario/app/models/database_user.rb
 - spec/scenario/app/models/legacy_user.rb
 - spec/scenario/app/models/user.rb
+- spec/scenario/app/views/devise/sessions/new.html.erb
 - spec/scenario/app/views/layouts/application.html.erb
-- spec/scenario/app/views/sessions/new.html.erb
 - spec/scenario/config.ru
 - spec/scenario/config/application.rb
 - spec/scenario/config/boot.rb
@@ -240,3 +239,4 @@ test_files:
 - spec/spec_helper.rb
 - spec/strategy_spec.rb
 - spec/support/migrations.rb
+has_rdoc:

data/spec/scenario/app/controllers/sessions_controller.rb DELETED

@@ -1,4 +0,0 @@
-class SessionsController < Devise::SessionsController
-  def new
-  end
-end