go_to_param 0.0.10 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fea100cfef7c5232e51c706f26493d87d58d00d7
-  data.tar.gz: 1151e3917f4c57433a2c2aa9bf5506ab217a1b0c
+  metadata.gz: 5bcdbdc10ad6e75c56494c44096fcc98e3da7034
+  data.tar.gz: 1b9a9d937839c56c37a6c172ef424e500f9dbeed
 SHA512:
-  metadata.gz: 19ea749058f98d09dd82ff29d3e530096176b2e618b2f4fe03928bd23257af0f65e1f6057b4f6317fe14892564e20453aaf62cc7d70c91940648b60753eea6f7
-  data.tar.gz: c00954fd5782fcc27411ac6b3271404c986afefc8a19f88b96c7b6bb2f996dcc85f421f898721c8b83fca32758392c52bdcb00d0d114fcb91c7cb4f23f603944
+  metadata.gz: ea38bfd2bd3a76343a031e19b6fd106bb856863ed35017fcfefe3609150e3e5e72cd906bf2eb1a3e082ab16dc3a5987dfd6717c6832379872f3d274beed3f901
+  data.tar.gz: 446c1c4f865e199c74d42cdc3575e1a9adee83962078b7450b8aff67b0fac812ec767ce5380293bee7a57a9d2710d4c2d7ee4047e7ca78f0364c0a73a4b1e4cb

data/README.md

@@ -42,11 +42,20 @@ Or a view:
 
 ``` erb
 <h1>Show item</h1>
-<%= link_to("Edit item", edit_item_path(@item, go_to_here_params))
+<%= link_to("Edit item", edit_item_path(@item, go_to_here_params)) %>
 ```
 
 This only picks up the requested path if it's a GET, since we can't redirect back to a non-GET later. Otherwise an empty hash is returned.
 
+You can pass additional query parameters to include, which could be suitable if you want to trigger some action after redirecting:
+
+``` erb
+<%= link_to("Add item after logging in", login_path(@item, go_to_here_params(perform_action: "add"))) %>
+```
+
+Note that these parameters always become transformed into a query string: if you're using Ruby on Rails, they won't be interpreted through your route definitions.
+
+
 ### hidden_go_to_tag
 
 Pass the `go_to` parameter along with a form.
@@ -90,6 +99,8 @@ class SessionsController < ActionController::Base
 end
 ```
 
+Returns nil if the parameter value is not a relative path, to counter phishing attempts like `/login?go_to=http://evil.com/success_now_give_me_your_cc_details`.
+
 ### go_to_path_or
 
 Syntactic sugar. These are equivalent:

data/lib/go_to_param/version.rb

@@ -1,3 +1,3 @@
 module GoToParam
-  VERSION = "0.0.10"
+  VERSION = "0.1.0"
 end

data/lib/go_to_param.rb

@@ -1,3 +1,4 @@
+require "cgi"
 require "go_to_param/version"
 
 module GoToParam
@@ -15,9 +16,10 @@ module GoToParam
     { go_to: go_to_path }.merge(other_params)
   end
 
-  def go_to_here_params
+  def go_to_here_params(additional_query_params = {})
     if request.get?
-      { go_to: request.fullpath }
+      path = _go_to_add_query_string_from_hash(request.fullpath, additional_query_params)
+      { go_to: path }
     else
       {}
     end
@@ -41,4 +43,15 @@ module GoToParam
   def go_to_param_value
     params[:go_to]
   end
+
+  # Named this way to avoid conflicts. TODO: http://thepugautomatic.com/2014/02/private-api/
+  def _go_to_add_query_string_from_hash(path, hash)
+    if hash.empty?
+      path
+    else
+      separator = path.include?("?") ? "&" : "?"
+      query_string = hash.map { |k, v| "#{k}=#{CGI.escape v.to_s}" }.join("&")
+      [ path, separator, query_string ].join
+    end
+  end
 end

data/spec/go_to_param_spec.rb

@@ -19,7 +19,7 @@ describe GoToParam do
 
   describe "#hidden_go_to_tag" do
     it "becomes a helper method" do
-      FakeController.helper_methods.should include :hidden_go_to_tag
+      expect(FakeController.helper_methods).to include :hidden_go_to_tag
     end
 
     it "adds a hidden field tag" do
@@ -27,75 +27,84 @@ describe GoToParam do
       view = double
       controller.view_context = view
 
-      view.should_receive(:hidden_field_tag).
-        with(:go_to, "/example")
+      expect(view).to receive(:hidden_field_tag).with(:go_to, "/example")
       controller.hidden_go_to_tag
     end
   end
 
   describe "#go_to_params" do
     it "becomes a helper method" do
-      FakeController.helper_methods.should include :go_to_params
+      expect(FakeController.helper_methods).to include :go_to_params
     end
 
     it "includes the go_to parameter" do
       controller.params = { go_to: "/example", id: "1" }
 
-      controller.go_to_params.should == { go_to: "/example" }
+      expect(controller.go_to_params).to eq({ go_to: "/example" })
     end
 
     it "accepts additional parameters" do
       controller.params = { go_to: "/example", id: "1" }
 
-      controller.go_to_params(a: "b").should == { go_to: "/example", a: "b" }
+      expect(controller.go_to_params(a: "b")).to eq({ go_to: "/example", a: "b" })
     end
   end
 
   describe "#go_to_here_params" do
     it "becomes a helper method" do
-      FakeController.helper_methods.should include :go_to_here_params
+      expect(FakeController.helper_methods).to include :go_to_here_params
     end
 
     it "gets the request path as the go_to parameter" do
       controller.request = double(get?: true, fullpath: "/example")
-      controller.go_to_here_params.should == { go_to: "/example" }
+      expect(controller.go_to_here_params).to eq({ go_to: "/example" })
     end
 
     it "returns an empty hash for a non-GET request" do
       controller.request = double(get?: false, fullpath: "/example")
-      controller.go_to_here_params.should == {}
+      expect(controller.go_to_here_params).to eq({})
     end
+
+    it "accepts additional query parameters" do
+      controller.request = double(get?: true, fullpath: "/example")
+      expect(controller.go_to_here_params(foo: "1 2", bar: 3)).to eq({ go_to: "/example?foo=1+2&bar=3" })
+
+      # Handles pre-existing "?"
+      controller.request = double(get?: true, fullpath: "/example?foo")
+      expect(controller.go_to_here_params(bar: 3)).to eq({ go_to: "/example?foo&bar=3" })
+    end
+
   end
 
   describe "#go_to_path" do
     it "becomes a helper method" do
-      FakeController.helper_methods.should include :go_to_path
+      expect(FakeController.helper_methods).to include :go_to_path
     end
 
     it "is the go_to parameter value" do
       controller.params = { go_to: "/example", id: "1" }
-      controller.go_to_path.should == "/example"
+      expect(controller.go_to_path).to eq("/example")
     end
 
     it "is nil if the parameter value is not a relative path" do
       controller.params = { go_to: "http://evil.com", id: "1" }
-      controller.go_to_path.should be_nil
+      expect(controller.go_to_path).to be_nil
     end
   end
 
   describe "#go_to_path_or" do
     it "becomes a helper method" do
-      FakeController.helper_methods.should include :go_to_path_or
+      expect(FakeController.helper_methods).to include :go_to_path_or
     end
 
     it "is the go_to parameter value" do
       controller.params = { go_to: "/example", id: "1" }
-      controller.go_to_path_or("/default").should == "/example"
+      expect(controller.go_to_path_or("/default")).to eq("/example")
     end
 
     it "is the passed-in value if the parameter value is not a relative path" do
       controller.params = { go_to: "http://evil.com", id: "1" }
-      controller.go_to_path_or("/default").should == "/default"
+      expect(controller.go_to_path_or("/default")).to eq("/default")
     end
   end
 end

metadata

@@ -1,55 +1,55 @@
 --- !ruby/object:Gem::Specification
 name: go_to_param
 version: !ruby/object:Gem::Version
-  version: 0.0.10
+  version: 0.1.0
 platform: ruby
 authors:
 - Henrik N
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-24 00:00:00.000000000 Z
+date: 2015-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: 
@@ -59,7 +59,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - Gemfile
 - README.md
 - Rakefile
@@ -77,20 +77,19 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Rails "go_to" redirection param utilities.
 test_files:
 - spec/go_to_param_spec.rb
-has_rdoc: