gitlab_omniauth-ldap 2.0.2 → 2.0.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 490e5818be98881b26e804e7d75021b1a22aaca2
4
- data.tar.gz: 185305045176824f1f43de77cf762fc0094a3db9
3
+ metadata.gz: ac7ceaa4ec67ee276ca4d7f8c20bc1326f31fc3f
4
+ data.tar.gz: 43ac5e5252e03e8780695d7a05c15aa0c2f4df0a
5
5
  SHA512:
6
- metadata.gz: e74ed52e82763ff87707d60339b24107737dc03c62e25fca0897e18b25bf4cfa3a0af8eb27e7899ebb9141c90918eac200eb699394ff0165fef059a68d63760d
7
- data.tar.gz: 20aff7c1a787d21313981cdc6849245306d17778602f368f8f11a0c5a3c69c08f16aaa4b57982d9d1e101512f3fc8890255f1d3b8cf1c19a40204eeb9f9bd378
6
+ metadata.gz: b772560d1bdf110ce019fddc837e0332cd9449934f20deed0bbf034c91fe683f19f1a492f258ebd86f920427c4813227669a18a05b955cd2f4c3bd4538c7665e
7
+ data.tar.gz: bd91d1d785dd0931e3c2602622324eec46017c9b91d30b695d6edbacb1cb920b2a8ff80855d97363b59873dee1bfe50ee152a1f25da9a86e2ebd9b17fa29c0d6
data/CHANGELOG ADDED
@@ -0,0 +1,2 @@
1
+ ## 2.0.3
2
+ - Protects against wrong request method call to callback
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module LDAP
3
- VERSION = "2.0.2"
3
+ VERSION = "2.0.3"
4
4
  end
5
5
  end
@@ -40,6 +40,7 @@ module OmniAuth
40
40
  def callback_phase
41
41
  @adaptor = OmniAuth::LDAP::Adaptor.new @options
42
42
 
43
+ return fail!(:invalid_request_method) unless valid_request_method?
43
44
  return fail!(:missing_credentials) if missing_credentials?
44
45
  begin
45
46
  @ldap_user_info = @adaptor.bind_as(:filter => filter(@adaptor), :size => 1, :password => request['password'])
@@ -96,6 +97,10 @@ module OmniAuth
96
97
 
97
98
  protected
98
99
 
100
+ def valid_request_method?
101
+ request.env['REQUEST_METHOD'] == 'POST'
102
+ end
103
+
99
104
  def missing_credentials?
100
105
  request['username'].nil? or request['username'].empty? or request['password'].nil? or request['password'].empty?
101
106
  end # missing_credentials?
@@ -80,6 +80,15 @@ describe "OmniAuth::Strategies::LDAP" do
80
80
  last_response.headers['Location'].should =~ %r{ldap_error}
81
81
  end
82
82
 
83
+ context 'wrong request method' do
84
+ it 'redirects to error page' do
85
+ get('/auth/ldap/callback', { username: 'ping', password: 'password' })
86
+
87
+ expect(last_response).to be_redirect
88
+ expect(last_response.headers['Location']).to match('invalid_request_method')
89
+ end
90
+ end
91
+
83
92
  context "when username is not preset" do
84
93
  it 'should redirect to error page' do
85
94
  post('/auth/ldap/callback', {})
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab_omniauth-ldap
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ping Yu
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-06-13 00:00:00.000000000 Z
11
+ date: 2017-07-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -139,6 +139,7 @@ files:
139
139
  - ".gitlab-ci.yml"
140
140
  - ".rspec"
141
141
  - ".travis.yml"
142
+ - CHANGELOG
142
143
  - Gemfile
143
144
  - Guardfile
144
145
  - README.md
@@ -171,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
171
172
  version: '0'
172
173
  requirements: []
173
174
  rubyforge_project:
174
- rubygems_version: 2.6.8
175
+ rubygems_version: 2.5.1
175
176
  signing_key:
176
177
  specification_version: 4
177
178
  summary: A LDAP strategy for OmniAuth.