exvo_auth 0.16.2 → 0.16.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/README.md +3 -1
  2. data/lib/exvo_auth/controllers/base.rb +6 -0
  3. data/lib/exvo_auth/version.rb +1 -1
  4. metadata +2 -2
data/README.md CHANGED
@@ -38,7 +38,8 @@ ENV['AUTH_CLIENT_SECRET'] = "bar"
38
38
  ENV['AUTH_DEBUG'] = "true" # [OPTIONAL] dumps all HTTP traffic to STDERR, useful during development; it *has to be a string, not a boolean*
39
39
  ENV['AUTH_REQUIRE_SSL'] = "false" # [OPTIONAL] disable SSL, useful in development (note that all apps API urls must be http, not https); it *has to be a string, not a boolean*
40
40
  ENV['AUTH_HOST'] = "test.exvo.com" # [OPTIONAL] override the default auth host
41
- ENV['SSO_COOKIE_SECRET'] = "secret" # Generate using `SecureRandom.hex(16)`
41
+ ENV['SSO_COOKIE_DOMAIN'] = "example.com" # [OPTIONAL] set the domain for which the Signle Sign On cookie will be set (default: exvo.com)
42
+ ENV['SSO_COOKIE_SECRET'] = "secret" # Single Sign On secret key (generate using `SecureRandom.hex(16)`)
42
43
  ```
43
44
 
44
45
  But you can also set things directly in the `config/application.rb` file (before the middleware declaration):
@@ -49,6 +50,7 @@ Exvo::Helpers.auth_client_secret = "bar"
49
50
  Exvo::Helpers.auth_debug = true # boolean
50
51
  Exvo::Helpers.auth_require_ssl = false # boolean
51
52
  Exvo::Helpers.auth_host = "test.exvo.com"
53
+ Exvo::Helpers.sso_cookie_domain = "example.com"
52
54
  Exvo::Helpers.sso_cookie_secret = "secret"
53
55
  ```
54
56
 
data/lib/exvo_auth/controllers/base.rb CHANGED
@@ -95,6 +95,12 @@ module ExvoAuth::Controllers::Base
95
95
  request.env["omniauth.auth"]
96
96
  end
97
97
 
98
+ # CSRF protection for SSO (http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/)
99
+ def handle_unverified_request
100
+ super
101
+ sign_out_user
102
+ end
103
+
98
104
  protected
99
105
 
100
106
  def find_or_create_user_by_uid(uid)
data/lib/exvo_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ExvoAuth
2
- VERSION = "0.16.2"
2
+ VERSION = "0.16.3"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: exvo_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.16.2
4
+ version: 0.16.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-06-22 00:00:00.000000000 Z
13
+ date: 2012-07-02 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: httparty