exvo_auth 0.16.2 → 0.16.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/README.md +3 -1
  2. data/lib/exvo_auth/controllers/base.rb +6 -0
  3. data/lib/exvo_auth/version.rb +1 -1
  4. metadata +2 -2
data/README.md CHANGED
@@ -38,7 +38,8 @@ ENV['AUTH_CLIENT_SECRET'] = "bar"
38
38
  ENV['AUTH_DEBUG'] = "true" # [OPTIONAL] dumps all HTTP traffic to STDERR, useful during development; it *has to be a string, not a boolean*
39
39
  ENV['AUTH_REQUIRE_SSL'] = "false" # [OPTIONAL] disable SSL, useful in development (note that all apps API urls must be http, not https); it *has to be a string, not a boolean*
40
40
  ENV['AUTH_HOST'] = "test.exvo.com" # [OPTIONAL] override the default auth host
41
- ENV['SSO_COOKIE_SECRET'] = "secret" # Generate using `SecureRandom.hex(16)`
41
+ ENV['SSO_COOKIE_DOMAIN'] = "example.com" # [OPTIONAL] set the domain for which the Signle Sign On cookie will be set (default: exvo.com)
42
+ ENV['SSO_COOKIE_SECRET'] = "secret" # Single Sign On secret key (generate using `SecureRandom.hex(16)`)
42
43
  ```
43
44
 
44
45
  But you can also set things directly in the `config/application.rb` file (before the middleware declaration):
@@ -49,6 +50,7 @@ Exvo::Helpers.auth_client_secret = "bar"
49
50
  Exvo::Helpers.auth_debug = true # boolean
50
51
  Exvo::Helpers.auth_require_ssl = false # boolean
51
52
  Exvo::Helpers.auth_host = "test.exvo.com"
53
+ Exvo::Helpers.sso_cookie_domain = "example.com"
52
54
  Exvo::Helpers.sso_cookie_secret = "secret"
53
55
  ```
54
56
 
data/lib/exvo_auth/controllers/base.rb CHANGED
@@ -95,6 +95,12 @@ module ExvoAuth::Controllers::Base
95
95
  request.env["omniauth.auth"]
96
96
  end
97
97
 
98
+ # CSRF protection for SSO (http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/)
99
+ def handle_unverified_request
100
+ super
101
+ sign_out_user
102
+ end
103
+
98
104
  protected
99
105
 
100
106
  def find_or_create_user_by_uid(uid)
data/lib/exvo_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ExvoAuth
2
- VERSION = "0.16.2"
2
+ VERSION = "0.16.3"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: exvo_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.16.2
4
+ version: 0.16.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-06-22 00:00:00.000000000 Z
13
+ date: 2012-07-02 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: httparty