frikandel 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0eb78e7fc8890e920f675060d65d1305ab310caa
4
- data.tar.gz: dfe7532de11f1b0e4deacd6b5d9476256a6cfb22
3
+ metadata.gz: 9b482779b62ba9385e517c2ca292f171c2420cf3
4
+ data.tar.gz: 9201f44fbbf1310bfdd3d92ae00ba24647481ea6
5
5
  SHA512:
6
- metadata.gz: c9f94142388dd71adff1c529b0b43c6216f4f4819afca102cedbc523693ddd253b54dad9642c44229ea25ba730b44c08b1769a560eefdd6ae08aa5cd81c8f54c
7
- data.tar.gz: 5723a7adfe0d66d77e4a9a37749f337536a21a8c5bb24109c51b4bb1089ff6e58766b8c51d8f9f07586a8caf88a5c37106c6ba6210ebfc40c6cd7dda34b8d98e
6
+ metadata.gz: 53963f5b2b74abe4aed3137a203fc7b267635ff419b4ec43c48aa54c2fcf75bfd76619bb1e68cbf13b51babd4858bdfe3f4dee892e85cc80ef68cab052edfae4
7
+ data.tar.gz: 9dce96d7ab8fd9f7a5ac986109ebdc36d911f657ef0ba11f3ae2afe6c9c33987b9083e212a6e19a7b772ce749f7d9e55a0b30793a0d60bd9ad028aa9ea5868d6
@@ -2,15 +2,34 @@ language: ruby
2
2
  rvm:
3
3
  - "1.9.3"
4
4
  - "2.0.0"
5
- - "2.1.1"
5
+ - "2.1.9"
6
+ - "2.2.5"
7
+ - "2.3.1"
6
8
  - ruby-head
7
9
  - jruby-19mode
8
10
  gemfile:
9
11
  - Gemfile.rails-3.2.x
10
12
  - Gemfile.rails-4.0.x
11
13
  - Gemfile.rails-4.1.x
14
+ - Gemfile.rails-4.2.x
15
+ - Gemfile.rails-5.0.x
12
16
  - Gemfile.rails-head
17
+ before_install:
18
+ - gem install bundler
13
19
  matrix:
14
20
  allow_failures:
15
21
  - rvm: ruby-head
16
22
  - gemfile: Gemfile.rails-head
23
+ exclude:
24
+ - rvm: "2.2.5"
25
+ gemfile: Gemfile.rails-3.2.x
26
+ - rvm: "2.2.5"
27
+ gemfile: Gemfile.rails-4.0.x
28
+ - rvm: "1.9.3"
29
+ gemfile: Gemfile.rails-5.0.x
30
+ - rvm: "2.0.0"
31
+ gemfile: Gemfile.rails-5.0.x
32
+ - rvm: "2.1.9"
33
+ gemfile: Gemfile.rails-5.0.x
34
+ - rvm: "jruby-19mode"
35
+ gemfile: Gemfile.rails-5.0.x
@@ -4,3 +4,5 @@ source 'https://rubygems.org'
4
4
  gemspec
5
5
 
6
6
  gem 'rails', '~> 3.2.0'
7
+ gem 'mime-types', '< 3.0'
8
+ gem 'listen', '< 3.1'
@@ -4,3 +4,5 @@ source 'https://rubygems.org'
4
4
  gemspec
5
5
 
6
6
  gem 'rails', '~> 4.0.0'
7
+ gem 'mime-types', '< 3.0'
8
+ gem 'listen', '< 3.1'
@@ -4,3 +4,5 @@ source 'https://rubygems.org'
4
4
  gemspec
5
5
 
6
6
  gem 'rails', '~> 4.1.0'
7
+ gem 'mime-types', '< 3.0'
8
+ gem 'listen', '< 3.1'
@@ -0,0 +1,8 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in frikandel.gemspec
4
+ gemspec
5
+
6
+ gem 'rails', '~> 4.2.0'
7
+ gem 'mime-types', '< 3.0'
8
+ gem 'listen', '< 3.1'
@@ -0,0 +1,6 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in frikandel.gemspec
4
+ gemspec
5
+
6
+ gem 'rails', '~> 5.0.0'
data/README.md CHANGED
@@ -1,7 +1,8 @@
1
1
  # Frikandel
2
- [![Gem Version](https://badge.fury.io/rb/frikandel.png)](http://badge.fury.io/rb/frikandel)
2
+ [![Gem Version](https://badge.fury.io/rb/frikandel.png)](http://badge.fury.io/rb/frikandel)
3
3
  [![Build Status](https://api.travis-ci.org/taktsoft/frikandel.png)](https://travis-ci.org/taktsoft/frikandel)
4
4
  [![Code Climate](https://codeclimate.com/github/taktsoft/frikandel.png)](https://codeclimate.com/github/taktsoft/frikandel)
5
+ [![Dependency Status](https://gemnasium.com/taktsoft/frikandel.svg)](https://gemnasium.com/taktsoft/frikandel)
5
6
 
6
7
  This gem aims to improve the security of your rails application. It allows you to add a TTL (Time To Live) to the session cookie and allows you to bind the session to an IP address.
7
8
 
@@ -99,9 +100,11 @@ end
99
100
 
100
101
  To run the test suite with different rails version by selecting the corresponding gemfile. You can use this one liners:
101
102
 
102
- $ BUNDLE_GEMFILE=Gemfile.rails-3.2.x bundle update && bundle exec rake spec
103
- $ BUNDLE_GEMFILE=Gemfile.rails-4.0.x bundle update && bundle exec rake spec
104
- $ BUNDLE_GEMFILE=Gemfile.rails-4.1.x bundle update && bundle exec rake spec
103
+ $ export BUNDLE_GEMFILE=Gemfile.rails-3.2.x && bundle update && bundle exec rake spec
104
+ $ export BUNDLE_GEMFILE=Gemfile.rails-4.0.x && bundle update && bundle exec rake spec
105
+ $ export BUNDLE_GEMFILE=Gemfile.rails-4.1.x && bundle update && bundle exec rake spec
106
+ $ export BUNDLE_GEMFILE=Gemfile.rails-4.2.x && bundle update && bundle exec rake spec
107
+ $ export BUNDLE_GEMFILE=Gemfile.rails-5.0.x && bundle update && bundle exec rake spec
105
108
 
106
109
  ## Contributing
107
110
  1. Fork it
@@ -18,14 +18,18 @@ Gem::Specification.new do |spec|
18
18
  spec.test_files = Dir["spec/**/*"]
19
19
  spec.require_paths = ["lib"]
20
20
 
21
+ spec.required_ruby_version = '>= 1.9.3'
22
+ spec.required_rubygems_version = ">= 1.3.6"
23
+
21
24
  spec.add_development_dependency "bundler", "~> 1.5"
22
25
  spec.add_development_dependency "rake"
23
26
  spec.add_development_dependency "sqlite3" unless RUBY_PLATFORM == 'java'
24
27
  spec.add_development_dependency "jdbc-sqlite3" if RUBY_PLATFORM == 'java'
25
28
  spec.add_development_dependency "activerecord-jdbcsqlite3-adapter" if RUBY_PLATFORM == 'java'
26
- spec.add_development_dependency "rspec-rails"
29
+ spec.add_development_dependency "rspec-rails", ["> 3.0", "< 3.6"]
27
30
  spec.add_development_dependency "guard-rspec"
28
31
  spec.add_development_dependency "pry"
32
+ spec.add_development_dependency "test-unit"
29
33
 
30
- spec.add_dependency "rails", [">= 3.2.0", "< 5.0"]
34
+ spec.add_dependency "rails", [">= 3.2.0", "< 5.1"]
31
35
  end
@@ -1,9 +1,14 @@
1
1
  module Frikandel
2
2
  module BindSessionToIpAddress
3
3
  extend ActiveSupport::Concern
4
+ include SessionInvalidation
4
5
 
5
6
  included do
6
- append_before_filter :validate_session_ip_address
7
+ if respond_to?(:before_action)
8
+ append_before_action :validate_session_ip_address
9
+ else
10
+ append_before_filter :validate_session_ip_address
11
+ end
7
12
  end
8
13
 
9
14
  private
@@ -4,7 +4,11 @@ module Frikandel
4
4
  include SessionInvalidation
5
5
 
6
6
  included do
7
- append_before_filter :validate_session_timestamp
7
+ if respond_to?(:before_action)
8
+ append_before_action :validate_session_timestamp
9
+ else
10
+ append_before_filter :validate_session_timestamp
11
+ end
8
12
  end
9
13
 
10
14
  private
@@ -1,3 +1,3 @@
1
1
  module Frikandel
2
- VERSION = "2.1.0"
2
+ VERSION = "2.2.0"
3
3
  end
@@ -1,14 +1,22 @@
1
- require "spec_helper"
1
+ require "rails_helper"
2
2
  require "support/application_controller"
3
3
 
4
4
 
5
5
  class BindSessionToIpAddressController < ApplicationController
6
6
  include Frikandel::BindSessionToIpAddress
7
7
 
8
- before_filter :flash_alert_and_redirect_home, only: [:redirect_home]
8
+ if respond_to?(:before_action)
9
+ before_action :flash_alert_and_redirect_home, only: [:redirect_home]
10
+ else
11
+ before_filter :flash_alert_and_redirect_home, only: [:redirect_home]
12
+ end
9
13
 
10
14
  def home
11
- render text: "bind test"
15
+ if Rails::VERSION::MAJOR >= 5
16
+ render plain: "bind test"
17
+ else
18
+ render text: "bind test"
19
+ end
12
20
  end
13
21
 
14
22
  def redirect_home
@@ -23,7 +31,7 @@ protected
23
31
  end
24
32
 
25
33
 
26
- describe BindSessionToIpAddressController do
34
+ RSpec.describe BindSessionToIpAddressController do
27
35
  context "requests" do
28
36
  it "writes current ip address to session" do
29
37
  expect(session[:ip_address]).to be_nil
@@ -40,13 +48,13 @@ describe BindSessionToIpAddressController do
40
48
 
41
49
  expect(session[:ip_address]).to eql("0.0.0.0")
42
50
 
43
- flash.should_not be_empty
44
- flash[:alert].should eql("alert test")
51
+ expect(flash).not_to be_empty
52
+ expect(flash[:alert]).to eql("alert test")
45
53
  end
46
54
 
47
55
  it "raises an exception if session address and current ip address don't match" do
48
56
  session[:ip_address] = "1.2.3.4"
49
- controller.should_receive(:on_invalid_session)
57
+ expect(controller).to receive(:on_invalid_session)
50
58
 
51
59
  get :home
52
60
  end
@@ -59,21 +67,21 @@ describe BindSessionToIpAddressController do
59
67
  session[:ttl] = "SomeTTL"
60
68
  session[:max_ttl] = "SomeMaxTTL"
61
69
 
62
- controller.should_receive(:reset_session).and_call_original
63
- controller.should_receive(:persist_session_ip_address).and_call_original
70
+ expect(controller).to receive(:reset_session).and_call_original
71
+ expect(controller).to receive(:persist_session_ip_address).and_call_original
64
72
  get :home
65
73
 
66
- session[:user_id].should be_blank
67
- session[:ip_address].should be_present
68
- session[:ip_address].should eql("0.0.0.0")
69
- session[:ttl].should be_blank
70
- session[:max_ttl].should be_blank
74
+ expect(session[:user_id]).to be_blank
75
+ expect(session[:ip_address]).to be_present
76
+ expect(session[:ip_address]).to eql("0.0.0.0")
77
+ expect(session[:ttl]).to be_blank
78
+ expect(session[:max_ttl]).to be_blank
71
79
  end
72
80
 
73
81
  it "allows the request to be rendered as normal" do
74
82
  get :home
75
83
 
76
- response.body.should eql("bind test")
84
+ expect(response.body).to eql("bind test")
77
85
  end
78
86
  end
79
87
  end
@@ -83,8 +91,8 @@ describe BindSessionToIpAddressController do
83
91
  it "calls on_invalid_session if ip address doesn't match with current" do
84
92
  session[:ip_address] = "1.3.3.7"
85
93
 
86
- controller.should_receive(:ip_address_match_with_current?).and_return(false)
87
- controller.should_receive(:on_invalid_session)
94
+ expect(controller).to receive(:ip_address_match_with_current?).and_return(false)
95
+ expect(controller).to receive(:on_invalid_session)
88
96
 
89
97
  controller.send(:validate_session_ip_address)
90
98
  end
@@ -92,8 +100,8 @@ describe BindSessionToIpAddressController do
92
100
  it "calls reset_session if ip address isn't persisted in session" do
93
101
  session.delete(:ip_address)
94
102
 
95
- controller.should_not_receive(:ip_address_match_with_current?)
96
- controller.should_receive(:reset_session)
103
+ expect(controller).not_to receive(:ip_address_match_with_current?)
104
+ expect(controller).to receive(:reset_session)
97
105
 
98
106
  controller.send(:validate_session_ip_address)
99
107
  end
@@ -101,8 +109,8 @@ describe BindSessionToIpAddressController do
101
109
  it "calls persist_session_ip_address if validation passes" do
102
110
  session[:ip_address] = "1.3.3.7"
103
111
 
104
- controller.should_receive(:ip_address_match_with_current?).and_return(true)
105
- controller.should_receive(:persist_session_ip_address)
112
+ expect(controller).to receive(:ip_address_match_with_current?).and_return(true)
113
+ expect(controller).to receive(:persist_session_ip_address)
106
114
 
107
115
  controller.send(:validate_session_ip_address)
108
116
  end
@@ -112,7 +120,7 @@ describe BindSessionToIpAddressController do
112
120
  context ".persist_session_ip_address" do
113
121
  it "sets the current ip address in session on key ip_address" do
114
122
  expect {
115
- controller.should_receive(:current_ip_address).and_return("1.3.3.7")
123
+ expect(controller).to receive(:current_ip_address).and_return("1.3.3.7")
116
124
  controller.send(:persist_session_ip_address)
117
125
  }.to change {
118
126
  session[:ip_address]
@@ -123,31 +131,31 @@ describe BindSessionToIpAddressController do
123
131
 
124
132
  context ".current_ip_address" do
125
133
  it "returns the remote_ip from request" do
126
- request.should_receive(:remote_ip).and_return(:request_remote_ip)
134
+ expect(request).to receive(:remote_ip).and_return(:request_remote_ip)
127
135
 
128
- controller.send(:current_ip_address).should eql(:request_remote_ip)
136
+ expect(controller.send(:current_ip_address)).to eql(:request_remote_ip)
129
137
  end
130
138
  end
131
139
 
132
140
 
133
141
  context ".ip_address_match_with_current?" do
134
142
  it "compares ip address from session with the current ip address" do
135
- controller.stub(:current_ip_address).and_return("1.3.3.7")
143
+ allow(controller).to receive(:current_ip_address).and_return("1.3.3.7")
136
144
 
137
145
  session[:ip_address] = "1.3.3.7"
138
146
 
139
- controller.send(:ip_address_match_with_current?).should be_true
147
+ expect(controller.send(:ip_address_match_with_current?)).to be_truthy
140
148
 
141
149
  session[:ip_address] = "7.3.3.1"
142
150
 
143
- controller.send(:ip_address_match_with_current?).should be_false
151
+ expect(controller.send(:ip_address_match_with_current?)).to be_falsey
144
152
  end
145
153
  end
146
154
 
147
155
 
148
156
  context ".reset_session" do
149
157
  it "calls persist_session_ip_address" do
150
- controller.should_receive(:persist_session_ip_address).and_call_original
158
+ expect(controller).to receive(:persist_session_ip_address).and_call_original
151
159
  controller.send(:reset_session)
152
160
  end
153
161
  end
@@ -1,4 +1,4 @@
1
- require "spec_helper"
1
+ require "rails_helper"
2
2
  require "support/application_controller"
3
3
 
4
4
 
@@ -6,10 +6,18 @@ class CombinedController < ApplicationController
6
6
  include Frikandel::LimitSessionLifetime
7
7
  include Frikandel::BindSessionToIpAddress
8
8
 
9
- before_filter :flash_alert_and_redirect_home, only: [:redirect_home]
9
+ if respond_to?(:before_action)
10
+ before_action :flash_alert_and_redirect_home, only: [:redirect_home]
11
+ else
12
+ before_filter :flash_alert_and_redirect_home, only: [:redirect_home]
13
+ end
10
14
 
11
15
  def home
12
- render text: "combined test"
16
+ if Rails::VERSION::MAJOR >= 5
17
+ render plain: "combined test"
18
+ else
19
+ render text: "combined test"
20
+ end
13
21
  end
14
22
 
15
23
  def redirect_home
@@ -24,38 +32,38 @@ protected
24
32
  end
25
33
 
26
34
 
27
- describe CombinedController do
35
+ RSpec.describe CombinedController do
28
36
  context "ttl nor ip isn't present in session" do
29
37
  it "resets the session and persists ip address, ttl & max_ttl" do
30
38
  session[:user_id] = 4337
31
39
 
32
40
  get :home
33
41
 
34
- session[:user_id].should be_blank
35
- session[:ip_address].should be_present
36
- session[:ttl].should be_present
37
- session[:max_ttl].should be_present
42
+ expect(session[:user_id]).to be_blank
43
+ expect(session[:ip_address]).to be_present
44
+ expect(session[:ttl]).to be_present
45
+ expect(session[:max_ttl]).to be_present
38
46
  end
39
47
 
40
48
  it "allows the request to be rendered as normal" do
41
49
  get :home
42
50
 
43
- response.body.should eql("combined test")
51
+ expect(response.body).to eql("combined test")
44
52
  end
45
53
 
46
54
  it "persists ttl, max_ttl and ip even on redirect in another before filter" do
47
- session[:ip_address].should be_nil
48
- session[:ttl].should be_nil
49
- session[:max_ttl].should be_nil
55
+ expect(session[:ip_address]).to be_nil
56
+ expect(session[:ttl]).to be_nil
57
+ expect(session[:max_ttl]).to be_nil
50
58
 
51
59
  simulate_redirect!(:redirect_home, :home)
52
60
 
53
- session[:ip_address].should be_present
54
- session[:ttl].should be_present
55
- session[:max_ttl].should be_present
61
+ expect(session[:ip_address]).to be_present
62
+ expect(session[:ttl]).to be_present
63
+ expect(session[:max_ttl]).to be_present
56
64
 
57
- flash.should_not be_empty
58
- flash[:alert].should eql("alert test")
65
+ expect(flash).not_to be_empty
66
+ expect(flash[:alert]).to eql("alert test")
59
67
  end
60
68
  end
61
69
 
@@ -68,12 +76,12 @@ describe CombinedController do
68
76
 
69
77
  get :home
70
78
 
71
- session[:user_id].should be_blank
72
- session[:ip_address].should be_present
73
- session[:ttl].should be_present
74
- session[:ttl].should_not eql(last_ttl)
75
- session[:max_ttl].should be_present
76
- session[:max_ttl].should_not eql(last_max_ttl)
79
+ expect(session[:user_id]).to be_blank
80
+ expect(session[:ip_address]).to be_present
81
+ expect(session[:ttl]).to be_present
82
+ expect(session[:ttl]).not_to eql(last_ttl)
83
+ expect(session[:max_ttl]).to be_present
84
+ expect(session[:max_ttl]).not_to eql(last_max_ttl)
77
85
  end
78
86
 
79
87
  it "resets the session and persists ip address, ttl & max_ttl if ttl is missing" do
@@ -83,12 +91,12 @@ describe CombinedController do
83
91
 
84
92
  get :home
85
93
 
86
- session[:user_id].should be_blank
87
- session[:ip_address].should be_present
88
- session[:ip_address].should eql("0.0.0.0")
89
- session[:ttl].should be_present
90
- session[:max_ttl].should be_present
91
- session[:max_ttl].should_not eql(last_max_ttl)
94
+ expect(session[:user_id]).to be_blank
95
+ expect(session[:ip_address]).to be_present
96
+ expect(session[:ip_address]).to eql("0.0.0.0")
97
+ expect(session[:ttl]).to be_present
98
+ expect(session[:max_ttl]).to be_present
99
+ expect(session[:max_ttl]).not_to eql(last_max_ttl)
92
100
  end
93
101
 
94
102
  it "resets the session and persists ip address, ttl & max_ttl if max_ttl is missing" do
@@ -98,12 +106,12 @@ describe CombinedController do
98
106
 
99
107
  get :home
100
108
 
101
- session[:user_id].should be_blank
102
- session[:ip_address].should be_present
103
- session[:ip_address].should eql("0.0.0.0")
104
- session[:ttl].should be_present
105
- session[:ttl].should_not eql(last_ttl)
106
- session[:max_ttl].should be_present
109
+ expect(session[:user_id]).to be_blank
110
+ expect(session[:ip_address]).to be_present
111
+ expect(session[:ip_address]).to eql("0.0.0.0")
112
+ expect(session[:ttl]).to be_present
113
+ expect(session[:ttl]).not_to eql(last_ttl)
114
+ expect(session[:max_ttl]).to be_present
107
115
  end
108
116
  end
109
117
  end