doorkeeper 1.4.0 → 1.4.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of doorkeeper might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/doorkeeper/application_controller.rb +6 -0
  3. data/lib/doorkeeper/version.rb +1 -1
  4. data/spec/requests/endpoints/authorization_spec.rb +23 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2effc07ab96a92f6ce4bf22833e99079c1309b01
4
- data.tar.gz: b2d4793140041f6a71b3eddc5ce74c61bca8de8e
3
+ metadata.gz: 3980ae7bb2071ab9aa5f29952fc42fd5b04c0d7e
4
+ data.tar.gz: 71725d944d80d72391f12ab12056f28ae3a6e963
5
5
  SHA512:
6
- metadata.gz: 55e4089805323ebc56efff0306872bfea4b19b814131632c62885975aebe452338612ced9f3137e20500b9dfa298bec2f8b3de7b385d3e1be16df804a0c8ccb7
7
- data.tar.gz: 50b4631d1e4f14557aba937edb12d225e2a704d80142b3e3e487d8f36a5c097a89bfdd871bda1012e690324c3833605ca51c23820aa47a5b7baba242bf782287
6
+ metadata.gz: 48254ea12523bc9c00a1e07b512987357887453d490f9dac13b1266044c674fb713089abacb3e8213b5d1e8f1038d82d4ad8a9024f6cc9be93b11a679203d935
7
+ data.tar.gz: fa222e77888ed9373bb60e50981ba91bfeb301f548b4c8a0286593a94a6cb358a23acde563b91fde38b07e23c37b523f86c93b1b6f1bc6c18218b83d13dfa8c9
data/app/controllers/doorkeeper/application_controller.rb CHANGED
@@ -3,5 +3,11 @@ module Doorkeeper
3
3
  include Helpers::Controller
4
4
 
5
5
  helper 'doorkeeper/form_errors'
6
+
7
+ if ::Rails.version.to_i < 4
8
+ protect_from_forgery
9
+ else
10
+ protect_from_forgery with: :exception
11
+ end
6
12
  end
7
13
  end
data/lib/doorkeeper/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Doorkeeper
2
- VERSION = '1.4.0'
2
+ VERSION = '1.4.1'
3
3
  end
data/spec/requests/endpoints/authorization_spec.rb CHANGED
@@ -51,4 +51,27 @@ feature 'Authorization endpoint' do
51
51
  i_should_see_translated_error_message :unsupported_response_type
52
52
  end
53
53
  end
54
+
55
+ context 'forgery protection enabled' do
56
+ before do
57
+ ActionController::Base.allow_forgery_protection = true
58
+ end
59
+
60
+ after do
61
+ ActionController::Base.allow_forgery_protection = false
62
+ end
63
+
64
+ background do
65
+ create_resource_owner
66
+ sign_in
67
+ end
68
+
69
+ scenario 'raises exception on forged requests' do
70
+ ActionController::Base.any_instance.should_receive(:handle_unverified_request)
71
+ post "/oauth/authorize",
72
+ client_id: @client.uid,
73
+ redirect_uri: @client.redirect_uri,
74
+ response_type: 'code'
75
+ end
76
+ end
54
77
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: doorkeeper
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.0
4
+ version: 1.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Felipe Elias Philipp
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-07-31 00:00:00.000000000 Z
12
+ date: 2014-12-17 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: railties