faye-authentication 1.12 → 1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/README.md +1 -1
  4. data/VERSION +1 -1
  5. data/app/assets/javascripts/faye-authentication.js +1 -1
  6. data/lib/faye/authentication.rb +1 -1
  7. data/spec/javascripts/faye-authentication_spec.js +8 -0
  8. data/spec/lib/faye/authentication_spec.rb +5 -0
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9e267e9258a90f6c713835fa6f1f17409d717258f2e6b0d8c7aaed6b085c857b
4
- data.tar.gz: 0c358ecf0dc7f03e21d61af1b172d7a3d9335f4fc9dc4a39d6499d8db8d1be71
3
+ metadata.gz: 7df2f00525686219899b087a97cd26dda4d0beb817de711c7009e0b1f2d73172
4
+ data.tar.gz: 87ed8fcf147384cf3c2a2f43ef32488e0592cac79e00f5360b4dd4b95d40bde6
5
5
  SHA512:
6
- metadata.gz: d4a7e752c492860afb8fb7cda7e52a1a33be80a4db3f004526b35e5a4c0cb62b596248ec288c74d346b559048a425d2e62f65ca6edaca56344208c22ac0e57c5
7
- data.tar.gz: 3fe4f26c9ad2a1a83e8b8902ed60e55f3edbd46460b43a805390f28ecb61a684d2680ed729146448ce87260153b73d341604e6a33bde580fff63e9b6ad9a9eb3
6
+ metadata.gz: 4b3cd29b0f5384af09976d723a30d2878e172ff15a9c125b109b27ff3592ce684446474799f8e035664cdc9af0458d005143ef05fed3539b31347a3eed627a5a
7
+ data.tar.gz: fba06b490b06c432ea3fdd7bd897c55f75f1ee2e20c7e68f59e8900037a454d007a1665ec251d04fc83387540e152ee459cfae4c1296909fa3b68db697ba07b2
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 1.13
2
+ - Fix [CVE-2020-11020](https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5)
3
+
1
4
  ## 1.12
2
5
  - No longer retry and fetch a new signature after errors unrelated to `Faye::Authentication` (#15)
3
6
  - Internal:
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # Faye::Authentication [![Build Status](https://travis-ci.org/jarthod/faye-authentication.svg?branch=master)](https://travis-ci.org/dimelo/faye-authentication)
1
+ # Faye::Authentication [![Build Status](https://travis-ci.org/jarthod/faye-authentication.svg?branch=master)](https://travis-ci.org/jarthod/faye-authentication)
2
2
 
3
3
  Authentification implementation for faye
4
4
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.12
1
+ 1.13
data/app/assets/javascripts/faye-authentication.js CHANGED
@@ -92,7 +92,7 @@ FayeAuthentication.prototype.outgoing = function(message, callback) {
92
92
 
93
93
  FayeAuthentication.prototype.authentication_required = function(message) {
94
94
  var subscription_or_channel = message.subscription || message.channel;
95
- if (message.channel == '/meta/subscribe' || message.channel.lastIndexOf('/meta/', 0) !== 0) {
95
+ if (message.channel.lastIndexOf('/meta/subscribe') === 0 || message.channel.lastIndexOf('/meta/', 0) !== 0) {
96
96
  if(this._options.whitelist) {
97
97
  try {
98
98
  return (!this._options.whitelist(subscription_or_channel));
data/lib/faye/authentication.rb CHANGED
@@ -42,7 +42,7 @@ module Faye
42
42
  def self.authentication_required?(message, options = {})
43
43
  subscription_or_channel = message['subscription'] || message['channel']
44
44
  return false if message['channel'].nil?
45
- return false unless (message['channel'] == '/meta/subscribe' || (!(message['channel'].start_with?('/meta/'))))
45
+ return false unless (message['channel'].start_with?('/meta/subscribe') || (!(message['channel'].start_with?('/meta/'))))
46
46
  whitelist_proc = options[:whitelist]
47
47
  if whitelist_proc
48
48
  begin
data/spec/javascripts/faye-authentication_spec.js CHANGED
@@ -94,6 +94,14 @@ describe('faye-authentication', function() {
94
94
  sharedExamplesForSubscribeAndPublish();
95
95
  });
96
96
 
97
+ describe('subscribe with prefix', function() {
98
+ beforeEach(function() {
99
+ this.message = {'channel': '/meta/subscribe/x', 'subscription': '/foobar'};
100
+ });
101
+
102
+ sharedExamplesForSubscribeAndPublish();
103
+ });
104
+
97
105
  describe('handshake', function() {
98
106
  beforeEach(function() {
99
107
  this.message = {'channel': '/meta/handshake'};
data/spec/lib/faye/authentication_spec.rb CHANGED
@@ -132,6 +132,11 @@ describe Faye::Authentication do
132
132
  it_behaves_like 'subscribe_and_publish'
133
133
  end
134
134
 
135
+ context 'subscribe with prefix' do
136
+ let(:message) { {'channel' => '/meta/subscribe/x', 'subscription' => '/foobar'} }
137
+ it_behaves_like 'subscribe_and_publish'
138
+ end
139
+
135
140
  context 'handshake' do
136
141
  let(:message) { {'channel' => '/meta/handshake'} }
137
142
  it_behaves_like 'meta_except_subscribe'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: faye-authentication
3
3
  version: !ruby/object:Gem::Version
4
- version: '1.12'
4
+ version: '1.13'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adrien Siami
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2020-02-21 00:00:00.000000000 Z
14
+ date: 2020-05-26 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: jwt