field_test 0.3.2 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/app/controllers/field_test/base_controller.rb +1 -1
  4. data/lib/field_test/helpers.rb +9 -4
  5. data/lib/field_test/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2a60826c451cf3807f5e111f2b4a619f4c07db0011ff27e7f2ceb0dd03bd1807
4
- data.tar.gz: 1150b7a05035bf91193dcdaca20a7075b1350d50ef037afebe6a1866baea5fb9
3
+ metadata.gz: 96def1c6805d880a03c141a421570a3e4b9f912e9427c385b132ffae646bc74b
4
+ data.tar.gz: b6eb3262d522544a40db7169364ebef0f6d9f4d2f1f4c82712c91fec5a617a4f
5
5
  SHA512:
6
- metadata.gz: 9a2644d12172b876b33ddc7faec2c4490623fed35aa7ae1848f0486a9ff176a80c2bdc2db66ec9196b93034f8566dbfc11c2027f524177a946427b6c4b10d71b
7
- data.tar.gz: 1dc282f0f054e7a95bdc4dfccd1361c11f28b53d70a2b5083ba73e40d3af13230246ad85e38990f74e7dab01a48fb5be9fefc5b2e6e1d8dff8cf066bb1dc525a
6
+ metadata.gz: 35765af19297887bae1e807aeff9f4f741687b4c3fc961b6b91a6aa9c3060098f42bb677d1055309b2698377dd6694c24770e8ab0418fa4c675146c1661559c0
7
+ data.tar.gz: 786390b24efece6a99b5db602b6b0162a2b398b319f42e61c8b0db4aca021fb4b80fba65ecfa5c5d94ebb451b7b1c852c25983e72246a3aa4640dc41613963a1
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## 0.4.0 (2020-08-04)
2
+
3
+ - Fixed CSRF vulnerability with non-session based authentication
4
+ - Fixed cache key for requests
5
+
1
6
  ## 0.3.2 (2020-04-16)
2
7
 
3
8
  - Added support for excluding IP addresses
data/app/controllers/field_test/base_controller.rb CHANGED
@@ -2,7 +2,7 @@ module FieldTest
2
2
  class BaseController < ActionController::Base
3
3
  layout "field_test/application"
4
4
 
5
- protect_from_forgery
5
+ protect_from_forgery with: :exception
6
6
 
7
7
  http_basic_authenticate_with name: ENV["FIELD_TEST_USERNAME"], password: ENV["FIELD_TEST_PASSWORD"] if ENV["FIELD_TEST_PASSWORD"]
8
8
  end
data/lib/field_test/helpers.rb CHANGED
@@ -22,11 +22,16 @@ module FieldTest
22
22
  options[:user_agent] = request.user_agent
23
23
  end
24
24
 
25
- # cache results for request
26
- @field_test_cache ||= {}
27
-
28
25
  # don't update variant when passed via params
29
- @field_test_cache[experiment] ||= params_variant || exp.variant(participants, options)
26
+ if params_variant
27
+ params_variant
28
+ else
29
+ # cache results for request
30
+ # TODO possibly remove in 0.4.0
31
+ cache_key = [exp.id, participants.map(&:where_values), options.slice(:variant, :exclude)]
32
+ @field_test_cache ||= {}
33
+ @field_test_cache[cache_key] ||= exp.variant(participants, options)
34
+ end
30
35
  end
31
36
 
32
37
  def field_test_converted(experiment, **options)
data/lib/field_test/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module FieldTest
2
- VERSION = "0.3.2"
2
+ VERSION = "0.4.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: field_test
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-16 00:00:00.000000000 Z
11
+ date: 2020-08-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties