hanami-controller 2.3.0.beta2 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +26 -0
- data/README.md +2 -5
- data/hanami-controller.gemspec +3 -3
- data/lib/hanami/action/csrf_protection.rb +16 -5
- data/lib/hanami/action.rb +6 -1
- data/lib/hanami/controller/version.rb +1 -1
- data/lib/hanami/http/status.rb +4 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 58ef38ac204ec7e5940d6fec35a08d82d0d56cf14dcc38d04ca4ccbaaa4fa5b1
|
|
4
|
+
data.tar.gz: 63ced9248a7253f22b4b781f00a2c25cedf182297d9b9a2829304c7366674315
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5b2e5966dbb034f812dde17d173a4faf7ad514e0343f4ad81a8adfc8054ec95285f09f1b494d6d278bfef286eebfa32413a75fd3cc489db13b68bc6cb6a8c26a
|
|
7
|
+
data.tar.gz: ee83b4b9f13357dc222524af57ddd095daa29aed1d6768a1053b48ebbb35de3d00644b1e861e79e6f984c56eda707e9dd5f838053737114204b6c2d0765d4edd
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,32 @@
|
|
|
2
2
|
|
|
3
3
|
Complete, fast and testable actions for Rack
|
|
4
4
|
|
|
5
|
+
## v2.3.0 - 2025-11-12
|
|
6
|
+
|
|
7
|
+
### Added
|
|
8
|
+
|
|
9
|
+
- Fetch CSRF tokens from `X-CSRF-Token` request header, in addition to body params. (@masterT in #422)
|
|
10
|
+
|
|
11
|
+
### Changed
|
|
12
|
+
|
|
13
|
+
- Allow `config.handle_exception` to receive an exception class name as a string. (@mathewdbutton in #488)
|
|
14
|
+
|
|
15
|
+
This allows you to handle exceptions in your actions without having to require the Ruby files that define the exception constants, which is often awkward if those exceptions come from far-removed layers of your app.
|
|
16
|
+
|
|
17
|
+
```ruby
|
|
18
|
+
class MyAction < Hanami::Action
|
|
19
|
+
config.handle_exception "ROM::TupleCountMismatchError" => 404
|
|
20
|
+
end
|
|
21
|
+
```
|
|
22
|
+
- Allow both `:unprocessable_entity` and `:unprocessable_content` and to be used to refer to the 422 HTTP status code (Rack v3 dropped the former and replaced it with the latter). (@alassek in #490)
|
|
23
|
+
|
|
24
|
+
```ruby
|
|
25
|
+
def handle(request, response)
|
|
26
|
+
# Or :unprocessable_content, both work, on all Rack versions
|
|
27
|
+
response.status = :unprocessable_entity
|
|
28
|
+
end
|
|
29
|
+
```
|
|
30
|
+
|
|
5
31
|
## v2.3.0.beta2 - 2025-10-17
|
|
6
32
|
|
|
7
33
|
### Added
|
data/README.md
CHANGED
|
@@ -5,9 +5,8 @@ Complete, fast, and testable actions for Rack and [Hanami](http://hanamirb.org)
|
|
|
5
5
|
## Status
|
|
6
6
|
|
|
7
7
|
[](https://badge.fury.io/rb/hanami-controller)
|
|
8
|
-
[](https://github.com/hanami/controller/actions?query=workflow%3Aci+branch%3Amain)
|
|
9
|
-
[](https://codecov.io/gh/hanami/controller)
|
|
10
|
-
[](https://depfu.com/github/hanami/controller?project=Bundler)
|
|
8
|
+
[](https://github.com/hanami/hanami-controller/actions?query=workflow%3Aci+branch%3Amain)
|
|
9
|
+
[](https://codecov.io/gh/hanami/hanami-controller)
|
|
11
10
|
|
|
12
11
|
## Contact
|
|
13
12
|
|
|
@@ -21,8 +20,6 @@ Complete, fast, and testable actions for Rack and [Hanami](http://hanamirb.org)
|
|
|
21
20
|
|
|
22
21
|
## Installation
|
|
23
22
|
|
|
24
|
-
__Hanami::Controller__ supports Ruby (MRI) 3.1+
|
|
25
|
-
|
|
26
23
|
Add this line to your application's Gemfile:
|
|
27
24
|
|
|
28
25
|
```ruby
|
data/hanami-controller.gemspec
CHANGED
|
@@ -7,8 +7,8 @@ require "hanami/controller/version"
|
|
|
7
7
|
Gem::Specification.new do |spec|
|
|
8
8
|
spec.name = "hanami-controller"
|
|
9
9
|
spec.version = Hanami::Controller::VERSION
|
|
10
|
-
spec.authors = ["
|
|
11
|
-
spec.email = ["
|
|
10
|
+
spec.authors = ["Hanakai team"]
|
|
11
|
+
spec.email = ["info@hanakai.org"]
|
|
12
12
|
spec.description = "Complete, fast and testable actions for Rack"
|
|
13
13
|
spec.summary = "Complete, fast and testable actions for Rack and Hanami"
|
|
14
14
|
spec.homepage = "http://hanamirb.org"
|
|
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
|
|
|
21
21
|
spec.required_ruby_version = ">= 3.2"
|
|
22
22
|
|
|
23
23
|
spec.add_dependency "rack", ">= 2.1"
|
|
24
|
-
spec.add_dependency "hanami-utils", "~> 2.3.0
|
|
24
|
+
spec.add_dependency "hanami-utils", "~> 2.3.0"
|
|
25
25
|
spec.add_dependency "dry-configurable", "~> 1.0", "< 2"
|
|
26
26
|
spec.add_dependency "dry-core", "~> 1.0"
|
|
27
27
|
spec.add_dependency "zeitwerk", "~> 2.6"
|
|
@@ -13,10 +13,11 @@ module Hanami
|
|
|
13
13
|
# This security mechanism is enabled automatically if sessions are turned on.
|
|
14
14
|
#
|
|
15
15
|
# It stores a "challenge" token in session. For each "state changing request"
|
|
16
|
-
# (eg. <tt>POST</tt>, <tt>PATCH</tt> etc..), we should send a special param
|
|
17
|
-
# <tt>_csrf_token</tt
|
|
16
|
+
# (eg. <tt>POST</tt>, <tt>PATCH</tt> etc..), we should send a special param
|
|
17
|
+
# <tt>_csrf_token</tt> or header <tt>X-CSRF-Token</tt> which contain the "challenge"
|
|
18
|
+
# token.
|
|
18
19
|
#
|
|
19
|
-
# If the
|
|
20
|
+
# If the request token matches with the challenge token, the flow can continue.
|
|
20
21
|
# Otherwise the application detects an attack attempt, it reset the session
|
|
21
22
|
# and <tt>Hanami::Action::InvalidCSRFTokenError</tt> is raised.
|
|
22
23
|
#
|
|
@@ -107,6 +108,16 @@ module Hanami
|
|
|
107
108
|
res.session[CSRF_TOKEN] ||= generate_csrf_token
|
|
108
109
|
end
|
|
109
110
|
|
|
111
|
+
# Get CSRF Token in request.
|
|
112
|
+
#
|
|
113
|
+
# Retreives the CSRF token from the request param <tt>_csrf_token</tt> or the request header
|
|
114
|
+
# <tt>X-CSRF-Token</tt>.
|
|
115
|
+
#
|
|
116
|
+
# @api private
|
|
117
|
+
def request_csrf_token(req)
|
|
118
|
+
req.params.raw[CSRF_TOKEN.to_s] || req.get_header("HTTP_X_CSRF_TOKEN")
|
|
119
|
+
end
|
|
120
|
+
|
|
110
121
|
# Verify if CSRF token from params, matches the one stored in session.
|
|
111
122
|
# If not, it raises an error.
|
|
112
123
|
#
|
|
@@ -131,14 +142,14 @@ module Hanami
|
|
|
131
142
|
return false unless verify_csrf_token?(req, res)
|
|
132
143
|
|
|
133
144
|
missing_csrf_token?(req, res) ||
|
|
134
|
-
!::Rack::Utils.secure_compare(req.session[CSRF_TOKEN], req
|
|
145
|
+
!::Rack::Utils.secure_compare(req.session[CSRF_TOKEN], request_csrf_token(req))
|
|
135
146
|
end
|
|
136
147
|
|
|
137
148
|
# Verify the CSRF token was passed in params.
|
|
138
149
|
#
|
|
139
150
|
# @api private
|
|
140
151
|
def missing_csrf_token?(req, *)
|
|
141
|
-
Hanami::Utils::Blank.blank?(req
|
|
152
|
+
Hanami::Utils::Blank.blank?(request_csrf_token(req))
|
|
142
153
|
end
|
|
143
154
|
|
|
144
155
|
# Generates a random CSRF Token
|
data/lib/hanami/action.rb
CHANGED
|
@@ -433,7 +433,12 @@ module Hanami
|
|
|
433
433
|
# @api private
|
|
434
434
|
def exception_handler(exception)
|
|
435
435
|
config.handled_exceptions.each do |exception_class, handler|
|
|
436
|
-
|
|
436
|
+
case exception_class
|
|
437
|
+
when String
|
|
438
|
+
return handler if exception.class.name == exception_class # rubocop:disable Style/ClassEqualityComparison
|
|
439
|
+
else
|
|
440
|
+
return handler if exception.is_a?(exception_class)
|
|
441
|
+
end
|
|
437
442
|
end
|
|
438
443
|
|
|
439
444
|
nil
|
data/lib/hanami/http/status.rb
CHANGED
|
@@ -21,7 +21,10 @@ module Hanami
|
|
|
21
21
|
#
|
|
22
22
|
# @since 2.0.2
|
|
23
23
|
# @api private
|
|
24
|
-
SYMBOLS = ::Rack::Utils::SYMBOL_TO_STATUS_CODE
|
|
24
|
+
SYMBOLS = ::Rack::Utils::SYMBOL_TO_STATUS_CODE.merge(
|
|
25
|
+
unprocessable_content: 422,
|
|
26
|
+
unprocessable_entity: 422
|
|
27
|
+
)
|
|
25
28
|
|
|
26
29
|
# Return a status for the given code
|
|
27
30
|
#
|
metadata
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hanami-controller
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.3.0
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
-
|
|
7
|
+
- Hanakai team
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
10
|
date: 1980-01-02 00:00:00.000000000 Z
|
|
@@ -29,14 +29,14 @@ dependencies:
|
|
|
29
29
|
requirements:
|
|
30
30
|
- - "~>"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 2.3.0
|
|
32
|
+
version: 2.3.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - "~>"
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 2.3.0
|
|
39
|
+
version: 2.3.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: dry-configurable
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -163,7 +163,7 @@ dependencies:
|
|
|
163
163
|
version: '1.0'
|
|
164
164
|
description: Complete, fast and testable actions for Rack
|
|
165
165
|
email:
|
|
166
|
-
-
|
|
166
|
+
- info@hanakai.org
|
|
167
167
|
executables: []
|
|
168
168
|
extensions: []
|
|
169
169
|
extra_rdoc_files: []
|