faye-authentication 1.12 → 1.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/README.md +1 -1
  4. data/VERSION +1 -1
  5. data/app/assets/javascripts/faye-authentication.js +1 -1
  6. data/lib/faye/authentication.rb +1 -1
  7. data/spec/javascripts/faye-authentication_spec.js +8 -0
  8. data/spec/lib/faye/authentication_spec.rb +5 -0
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9e267e9258a90f6c713835fa6f1f17409d717258f2e6b0d8c7aaed6b085c857b
4
- data.tar.gz: 0c358ecf0dc7f03e21d61af1b172d7a3d9335f4fc9dc4a39d6499d8db8d1be71
3
+ metadata.gz: 7df2f00525686219899b087a97cd26dda4d0beb817de711c7009e0b1f2d73172
4
+ data.tar.gz: 87ed8fcf147384cf3c2a2f43ef32488e0592cac79e00f5360b4dd4b95d40bde6
5
5
  SHA512:
6
- metadata.gz: d4a7e752c492860afb8fb7cda7e52a1a33be80a4db3f004526b35e5a4c0cb62b596248ec288c74d346b559048a425d2e62f65ca6edaca56344208c22ac0e57c5
7
- data.tar.gz: 3fe4f26c9ad2a1a83e8b8902ed60e55f3edbd46460b43a805390f28ecb61a684d2680ed729146448ce87260153b73d341604e6a33bde580fff63e9b6ad9a9eb3
6
+ metadata.gz: 4b3cd29b0f5384af09976d723a30d2878e172ff15a9c125b109b27ff3592ce684446474799f8e035664cdc9af0458d005143ef05fed3539b31347a3eed627a5a
7
+ data.tar.gz: fba06b490b06c432ea3fdd7bd897c55f75f1ee2e20c7e68f59e8900037a454d007a1665ec251d04fc83387540e152ee459cfae4c1296909fa3b68db697ba07b2
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 1.13
2
+ - Fix [CVE-2020-11020](https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5)
3
+
1
4
  ## 1.12
2
5
  - No longer retry and fetch a new signature after errors unrelated to `Faye::Authentication` (#15)
3
6
  - Internal:
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # Faye::Authentication [![Build Status](https://travis-ci.org/jarthod/faye-authentication.svg?branch=master)](https://travis-ci.org/dimelo/faye-authentication)
1
+ # Faye::Authentication [![Build Status](https://travis-ci.org/jarthod/faye-authentication.svg?branch=master)](https://travis-ci.org/jarthod/faye-authentication)
2
2
 
3
3
  Authentification implementation for faye
4
4
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.12
1
+ 1.13
data/app/assets/javascripts/faye-authentication.js CHANGED
@@ -92,7 +92,7 @@ FayeAuthentication.prototype.outgoing = function(message, callback) {
92
92
 
93
93
  FayeAuthentication.prototype.authentication_required = function(message) {
94
94
  var subscription_or_channel = message.subscription || message.channel;
95
- if (message.channel == '/meta/subscribe' || message.channel.lastIndexOf('/meta/', 0) !== 0) {
95
+ if (message.channel.lastIndexOf('/meta/subscribe') === 0 || message.channel.lastIndexOf('/meta/', 0) !== 0) {
96
96
  if(this._options.whitelist) {
97
97
  try {
98
98
  return (!this._options.whitelist(subscription_or_channel));
data/lib/faye/authentication.rb CHANGED
@@ -42,7 +42,7 @@ module Faye
42
42
  def self.authentication_required?(message, options = {})
43
43
  subscription_or_channel = message['subscription'] || message['channel']
44
44
  return false if message['channel'].nil?
45
- return false unless (message['channel'] == '/meta/subscribe' || (!(message['channel'].start_with?('/meta/'))))
45
+ return false unless (message['channel'].start_with?('/meta/subscribe') || (!(message['channel'].start_with?('/meta/'))))
46
46
  whitelist_proc = options[:whitelist]
47
47
  if whitelist_proc
48
48
  begin
data/spec/javascripts/faye-authentication_spec.js CHANGED
@@ -94,6 +94,14 @@ describe('faye-authentication', function() {
94
94
  sharedExamplesForSubscribeAndPublish();
95
95
  });
96
96
 
97
+ describe('subscribe with prefix', function() {
98
+ beforeEach(function() {
99
+ this.message = {'channel': '/meta/subscribe/x', 'subscription': '/foobar'};
100
+ });
101
+
102
+ sharedExamplesForSubscribeAndPublish();
103
+ });
104
+
97
105
  describe('handshake', function() {
98
106
  beforeEach(function() {
99
107
  this.message = {'channel': '/meta/handshake'};
data/spec/lib/faye/authentication_spec.rb CHANGED
@@ -132,6 +132,11 @@ describe Faye::Authentication do
132
132
  it_behaves_like 'subscribe_and_publish'
133
133
  end
134
134
 
135
+ context 'subscribe with prefix' do
136
+ let(:message) { {'channel' => '/meta/subscribe/x', 'subscription' => '/foobar'} }
137
+ it_behaves_like 'subscribe_and_publish'
138
+ end
139
+
135
140
  context 'handshake' do
136
141
  let(:message) { {'channel' => '/meta/handshake'} }
137
142
  it_behaves_like 'meta_except_subscribe'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: faye-authentication
3
3
  version: !ruby/object:Gem::Version
4
- version: '1.12'
4
+ version: '1.13'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adrien Siami
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2020-02-21 00:00:00.000000000 Z
14
+ date: 2020-05-26 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: jwt