intercom-rails 0.2.29 → 0.2.30

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9c6d7c7465ed41a57577b0780f243224a7d678ca
-  data.tar.gz: 86dbf0fe02d72ab8891670e78a7491dd50b5da42
+  metadata.gz: bdbd2516ea8c1d237f5d5eafdfb4b675ea417c91
+  data.tar.gz: dd8ec09548f65b7f0487014fc85ce8e5aad158d0
 SHA512:
-  metadata.gz: 365a12c308a3e5040fef8a45e798933381d3a752fea0eb68320dc1b5239dbf46938f3e34ae076d2311985eee8e52366ad348a3ccd52e9e0f61053c1161b2c21c
-  data.tar.gz: dd94d155b10879c11689409fe95a46ad8976091dcf2eb5328a99588c64acea94b2a3aadaadc73b90ea1f6e35943903e6d14d27330cdc4afaa3c3ce705d026a41
+  metadata.gz: e89e04c7f56f65e2e94b3c9a074790f2a158142dedf59df9625e6c0e69abfb216ee881a061a513e1f98f40a89240178431e8b2b4175def08d86327e755e57797
+  data.tar.gz: 7b753faf389f74991195c5aba2d778af092e577ed2f88646a186f617a01d76f5dd290aec59708cc57dc7b1d1914675b65734432047ddfdfa02b2e358bd1d21f4

data/README.mdown

@@ -137,6 +137,12 @@ With this option enabled, clicks on any element with an id of `Intercom` will op
   <a id="Intercom">Support</a>
 ```
 
+You can customize the CSS selector, by setting
+
+```ruby
+  config.inbox.custom_activator = '.intercom-link'
+```
+
 You can read more about configuring the messenger in your applications settings, within Intercom.
 
 ### Environments
@@ -188,6 +194,58 @@ You can also override `IntercomRails::Config` options such as your `api_secret`,
   }) %>
 <% end %>
 ```
+### Content Security Policy Level 2 (CSP) support
+As of version 0.2.30 this gem supports CSP, allowing you to whitelist the include code using both nonces and SHA-256 hashes.
+#### Automatic Insertion
+CSP support for automatic insertion exposes two namespaces that can be defined by the user via monkey patching:
+ - String CoreExtensions::IntercomRails::AutoInclude.csp_nonce_hook(controller)
+ - nil CoreExtensions::IntercomRails::AutoInclude.csp_sha256_hook(controller, SHA-256 whitelist entry)
+For instance, a CSP nonce can be inserted using the [Twitter Secure Headers](https://github.com/twitter/secureheaders) gem with the following code:
+```ruby
+module CoreExtensions
+  module IntercomRails
+    module AutoInclude
+      def self.csp_nonce_hook(controller)
+        SecureHeaders.content_security_policy_script_nonce(controller.request)
+      end
+    end
+  end
+end
+```
+or, for whitelisting the SHA-256 hash:
+```ruby
+module CoreExtensions
+  module IntercomRails
+    module AutoInclude
+      def self.csp_sha256_hook(controller, sha256)
+        SecureHeaders.append_content_security_policy_directives(controller.request, {script_src: [sha256]})
+      end
+    end
+  end
+end
+```
+#### Manual Insertion
+CSP is supported in manual insertion as well, the request nonce can be passed as an option:
+```erb
+<% if logged_in? %>
+  <%= intercom_script_tag({
+    :app_id => 'your-app-id',
+    :user_id => current_user.id,
+    :email => current_user.email,
+    :name => current_user.name,
+    :created_at => current_user.created_at
+  }, {
+    :secret => 'your-apps-api-secret',
+    :widget => {:activator => '#Intercom'},
+    :nonce => get_nonce_from_your_csp_framework
+  }) %>
+<% end %>
+```
+The SHA-256 hash is available using `csp_sha256` just after generating the tag itself:
+```erb
+<%= intercom_script_tag %>
+<% add_entry_to_csp_whitelist(intercom_script_tag.csp_sha256) %>
+```
 ## Importing your users
 To get started faster with Intercom, `IntercomRails` includes a Rake task that will do an initial import of your users:
 

data/lib/intercom-rails/auto_include_filter.rb

@@ -18,6 +18,11 @@ module IntercomRails
         return unless auto_include_filter.include_javascript?
 
         auto_include_filter.include_javascript!
+
+        # User defined method to whitelist the script sha-256 when using CSP
+        if defined?(CoreExtensions::IntercomRails::AutoInclude.csp_sha256_hook) == 'method'
+          CoreExtensions::IntercomRails::AutoInclude.csp_sha256_hook(controller, auto_include_filter.csp_sha256)
+        end
       end
 
       attr_reader :controller
@@ -27,7 +32,7 @@ module IntercomRails
       end
 
       def include_javascript!
-        response.body = response.body.gsub(CLOSING_BODY_TAG, intercom_script_tag.output + '\\0')
+        response.body = response.body.gsub(CLOSING_BODY_TAG, intercom_script_tag.to_s + '\\0')
       end
 
       def include_javascript?
@@ -38,6 +43,10 @@ module IntercomRails
         intercom_script_tag.valid?
       end
 
+      def csp_sha256
+        intercom_script_tag.csp_sha256
+      end
+
       private
       def response
         controller.response
@@ -56,7 +65,19 @@ module IntercomRails
       end
 
       def intercom_script_tag
-        @script_tag ||= ScriptTag.new(:find_current_user_details => true, :find_current_company_details => true, :controller => controller, :show_everywhere => show_everywhere?)
+        options = {
+          :find_current_user_details => true,
+          :find_current_company_details => true,
+          :controller => controller,
+          :show_everywhere => show_everywhere?
+        }
+        # User defined method for applying a nonce to the inserted js tag when
+        # using CSP
+        if defined?(CoreExtensions::IntercomRails::AutoInclude.csp_nonce_hook) == 'method'
+          nonce = CoreExtensions::IntercomRails::AutoInclude.csp_nonce_hook(controller)
+          options.merge!(:nonce => nonce)
+        end
+        @script_tag = ScriptTag.new(options)
       end
 
       def show_everywhere?

data/lib/intercom-rails/config.rb

@@ -103,6 +103,7 @@ module IntercomRails
 
     config_group :inbox do
       config_accessor :counter # Keep this for backwards compatibility
+      config_accessor :custom_activator
       config_accessor :style do |value|
         raise ArgumentError, "inbox.style must be one of :default or :custom" unless [:default, :custom].include?(value)
       end

data/lib/intercom-rails/import.rb

@@ -116,13 +116,17 @@ module IntercomRails
       if IntercomRails.config.user.model.present?
         IntercomRails.config.user.model.call
       else
-        User
+        user_klass_name if user_klass_name.class != Module
       end
     rescue NameError
       # Rails lazy loads constants, so this is how we check
       nil
     end
 
+    def user_klass_name
+      User
+    end
+
     def send_users(users)
       request = Net::HTTP::Post.new(uri.request_uri)
       request.basic_auth(IntercomRails.config.app_id, IntercomRails.config.api_key)

data/lib/intercom-rails/proxy.rb

@@ -72,7 +72,7 @@ module IntercomRails
       end
 
       def identity_present?
-        self.class.identity_attributes.any? { |attribute_name| proxied_object.respond_to?(attribute_name) && proxied_object.send(attribute_name).present? }
+        self.class.identity_attributes.any? { |attribute_name| (proxied_object.is_a?(Hash) && proxied_object[attribute_name].present?) || (proxied_object.respond_to?(attribute_name) && proxied_object.send(attribute_name).present?) }
       end
 
       def self.proxy_delegator(attribute_name, options = {})

data/lib/intercom-rails/script_tag.rb

@@ -1,17 +1,16 @@
 require 'active_support/json'
 require 'active_support/core_ext/hash/indifferent_access'
 require 'active_support/core_ext/string/output_safety'
+require 'action_view'
 
 module IntercomRails
 
   class ScriptTag
 
-    def self.generate(*args)
-      new(*args).output
-    end
+    include ::ActionView::Helpers::JavaScriptHelper
 
     attr_reader :user_details, :company_details, :show_everywhere
-    attr_accessor :secret, :widget_options, :controller
+    attr_accessor :secret, :widget_options, :controller, :nonce
 
     def initialize(options = {})
       self.secret = options[:secret] || Config.api_secret
@@ -24,6 +23,7 @@ module IntercomRails
       elsif options[:user_details]
         options[:user_details].delete(:company) if options[:user_details]
       end
+      self.nonce = options[:nonce]
     end
 
     def valid?
@@ -31,6 +31,26 @@ module IntercomRails
       unless @show_everywhere
         valid = valid && (user_details[:user_id] || user_details[:email]).present?
       end
+      if nonce
+        valid = valid && valid_nonce?
+      end
+      valid
+    end
+
+    def valid_nonce?
+      valid = false
+      if nonce
+        # Base64 regexp:
+        # - blocks of 4 [A-Za-z0-9+/]
+        # followed either by:
+        # - blocks of 2 [A-Za-z0-9+/] + '=='
+        # - blocks of 3 [A-Za-z0-9+/] + '='
+        base64_regexp = Regexp.new('^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$')
+        m = base64_regexp.match(nonce)
+        if nonce == m.to_s
+          valid = true
+        end
+      end
       valid
     end
 
@@ -41,17 +61,28 @@ module IntercomRails
       hsh
     end
 
-    def output
+    def to_s
+      js_options = 'id="IntercomSettingsScriptTag"'
+      if nonce && valid_nonce?
+        js_options = js_options + " nonce=\"#{nonce}\""
+      end
+      str = "<script #{js_options}>#{intercom_javascript}</script>\n"
+      str.respond_to?(:html_safe) ? str.html_safe : str
+    end
+
+    def csp_sha256
+      base64_sha256 = Base64.encode64(Digest::SHA256.digest(intercom_javascript))
+      csp_hash = "'sha256-#{base64_sha256}'".delete("\n")
+      csp_hash
+    end
+
+    private
+    def intercom_javascript
       intercom_settings_json = ActiveSupport::JSON.encode(intercom_settings).gsub('<', '\u003C')
 
-      str = <<-INTERCOM_SCRIPT
-<script id="IntercomSettingsScriptTag">
-  window.intercomSettings = #{intercom_settings_json};
-</script>
-<script>(function(){var w=window;var ic=w.Intercom;if(typeof ic==="function"){ic('reattach_activator');ic('update',intercomSettings);}else{var d=document;var i=function(){i.c(arguments)};i.q=[];i.c=function(args){i.q.push(args)};w.Intercom=i;function l(){var s=d.createElement('script');s.type='text/javascript';s.async=true;s.src='#{Config.library_url || "https://widget.intercom.io/widget/#{app_id}"}';var x=d.getElementsByTagName('script')[0];x.parentNode.insertBefore(s,x);}if(w.attachEvent){w.attachEvent('onload',l);}else{w.addEventListener('load',l,false);}};})()</script>
-      INTERCOM_SCRIPT
+      str = "window.intercomSettings = #{intercom_settings_json};(function(){var w=window;var ic=w.Intercom;if(typeof ic===\"function\"){ic('reattach_activator');ic('update',intercomSettings);}else{var d=document;var i=function(){i.c(arguments)};i.q=[];i.c=function(args){i.q.push(args)};w.Intercom=i;function l(){var s=d.createElement('script');s.type='text/javascript';s.async=true;s.src='#{Config.library_url || "https://widget.intercom.io/widget/#{j app_id}"}';var x=d.getElementsByTagName('script')[0];x.parentNode.insertBefore(s,x);}if(w.attachEvent){w.attachEvent('onload',l);}else{w.addEventListener('load',l,false);}};})()"
 
-      str.respond_to?(:html_safe) ? str.html_safe : str
+      str
     end
 
     private
@@ -91,6 +122,7 @@ module IntercomRails
     end
 
     def app_id
+      return user_details[:app_id] if user_details[:app_id].present?
       return IntercomRails.config.app_id if IntercomRails.config.app_id.present?
       return 'abcd1234' if defined?(Rails) && Rails.env.development?
 
@@ -100,11 +132,12 @@ module IntercomRails
     def widget_options_from_config
       config = {}
 
+      custom_activator = Config.inbox.custom_activator
       activator = case Config.inbox.style
       when :default
         '#IntercomDefaultWidget'
       when :custom
-        '#Intercom'
+        custom_activator || '#Intercom'
       else
         nil
       end

data/lib/intercom-rails/script_tag_helper.rb

@@ -13,6 +13,7 @@ module IntercomRails
     # @option user_details [Hash] :custom_data custom attributes you'd like saved for this user on Intercom.
     # @option options [String] :widget a hash containing a css selector for an element which when clicked should show the Intercom widget
     # @option options [String] :secret Your app secret for secure mode
+    # @option options [String] :nonce a nonce generated by your CSP framework to be included inside the javascript tag
     # @return [String] Intercom script tag
     # @example basic example
     #   <%= intercom_script_tag({ :app_id => "your-app-id",
@@ -33,8 +34,7 @@ module IntercomRails
       options[:find_current_user_details] = !options[:user_details]
       options[:find_current_company_details] = !(options[:user_details] && options[:user_details][:company])
       options[:controller] = controller if defined?(controller)
-
-      ScriptTag.generate(options)
+      ScriptTag.new(options)
     end
   end
 end

data/lib/intercom-rails/version.rb

@@ -1,3 +1,3 @@
 module IntercomRails
-  VERSION = "0.2.29"
+  VERSION = "0.2.30"
 end

data/lib/rails/generators/intercom/config/intercom.rb.erb

@@ -111,4 +111,9 @@ IntercomRails.config do |config|
   # open the messenger.
   #
   # config.inbox.style = :custom
+  #
+  # If you'd like to use your own link activator CSS selector
+  # uncomment this line and clicks on any element that matches the query will
+  # open the messenger
+  # config.inbox.custom_activator = '.intercom'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: intercom-rails
 version: !ruby/object:Gem::Version
-  version: 0.2.29
+  version: 0.2.30
 platform: ruby
 authors:
 - Ben McRedmond
@@ -10,146 +10,146 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-02 00:00:00.000000000 Z
+date: 2016-02-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - '>'
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - '>'
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - '>'
       - !ruby/object:Gem::Version
         version: 3.2.12
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - '>'
       - !ruby/object:Gem::Version
         version: 3.2.12
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.4.5
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.4.5
 - !ruby/object:Gem::Dependency
   name: thin
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.6.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.6.2
 - !ruby/object:Gem::Dependency
   name: tzinfo
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: gem-release
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Intercom (https://www.intercom.io) is a customer relationship management
@@ -192,12 +192,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
@@ -207,4 +207,3 @@ signing_key:
 specification_version: 4
 summary: Rails helper for emitting javascript script tags for Intercom
 test_files: []
-has_rdoc: