intra 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 71b212549b87ebf7d644679ddb73557f7ea92c092468988ef2fd51610f0583f2
4
- data.tar.gz: eaa8f0594f1827952c614c8ac157869803e2506cdc703760ef46196a5dd5c2d3
3
+ metadata.gz: cf985d8472b139ca940b7bc455f3d375c7b9ca77ca89fac60eaee241819ed15f
4
+ data.tar.gz: 415cd8474d33c5723929227b88276d5e38dc2db190f01932052d0bbd7fa8b57a
5
5
  SHA512:
6
- metadata.gz: 63fc6a4fe9910999a29e7df5c81d766ce53641b148883e655438320fbf6e5cd572f2c005f729343de54e41b7b0d4bfb07cce2dfa7865062133549d91eb886ccf
7
- data.tar.gz: 678e67a4427842ec8bf5d6fe5256d169cb03ccb0f445bc373cb37e6b5dfa5142d490257f1f3bdecc79e63f728ff13e14a4e574fc16d86cc9f165bc96a1efbbe2
6
+ metadata.gz: 9e4e394b9d3e97cdc2e51e320c4aecfb638029b4c854755f278e6e7aec9c6be3154d7541fc7ec79f5ce1650f4f2810d5da4fd997c49ec419ff826db5c4908f76
7
+ data.tar.gz: 40446b8b4658eac5bdf101958224d87dccc74d9b76451fe5cd16aebb2e5347bd904d34d9dcc644c6fea761a5338b6d1082fedb3c9798b923d353d3144a5928e9
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- intra (0.1.0)
4
+ intra (0.1.1)
5
5
  omniauth
6
6
  omniauth-google-oauth2
7
7
  rails
data/README.md CHANGED
@@ -1,3 +1,5 @@
1
+ ![travis](https://travis-ci.org/scottserok/intra.svg?branch=master)
2
+
1
3
  # Intra
2
4
 
3
5
  A relatively quick way to add Omniauth strategies to authenticate users on your
@@ -1,22 +1,18 @@
1
- <article style="font-family: Arial; border: 1px solid #ddd; width: 600px; text-align: center; margin: auto; margin-top: 5em;">
2
- <header style="border-bottom: 1px solid #ddd;">
1
+ <article style="width: 500px; margin: auto; text-align: center; padding: 5rem;">
2
+ <header>
3
3
  <h1>Log in</h1>
4
4
  </header>
5
5
  <% if flash[:error] %>
6
6
  <section>
7
- <p style="color: red;"><%= flash[:error] %></p>
7
+ <p class="alert"><%= flash[:error] %></p>
8
8
  </section>
9
9
  <% end %>
10
10
  <section>
11
- <div style="padding: 3em;">
12
- <%= link_to 'Log in with Developer',
13
- '/auth/developer',
14
- style: 'padding: 1em 2em; background-color: #44f; border-radius: 3px; color: white;' %>
11
+ <div>
12
+ <%= button_to 'Log in with Developer', '/auth/developer', method: :post %>
15
13
  </div>
16
- <div style="padding: 3em;">
17
- <%= link_to 'Log in with Google',
18
- '/auth/google',
19
- style: 'padding: 1em 2em; background-color: #f44; border-radius: 3px; color: white;' %>
14
+ <div>
15
+ <%= button_to 'Log in with Google', '/auth/google', method: :post %>
20
16
  </div>
21
17
  </section>
22
18
  </article>
data/lib/intra/engine.rb CHANGED
@@ -5,6 +5,10 @@ module Intra
5
5
  initializer 'intra.initializer' do |app|
6
6
  app.config.filter_parameters += [:uid]
7
7
  app.config.middleware.use RackSession
8
+ OmniAuth.config.allowed_request_methods = [:post]
9
+ OmniAuth.config.before_request_phase do |env|
10
+ ::Intra::RequestForgeryProtection.new(env).call
11
+ end
8
12
  end
9
13
 
10
14
  rake_tasks do
@@ -0,0 +1,67 @@
1
+ require 'action_dispatch/http/request'
2
+
3
+ module Intra
4
+ # Based on ActionController::RequestForgeryProtection.
5
+
6
+ class RequestForgeryProtection
7
+ def initialize(env)
8
+ @env = env
9
+ end
10
+
11
+ def request
12
+ @_request ||= ActionDispatch::Request.new(@env)
13
+ end
14
+
15
+ def session
16
+ request.session
17
+ end
18
+
19
+ def reset_session
20
+ request.reset_session
21
+ end
22
+
23
+ def params
24
+ @_params ||= request.parameters
25
+ end
26
+
27
+ def call
28
+ verify_authenticity_token
29
+ end
30
+
31
+ def verify_authenticity_token
32
+ return if verified_request?
33
+
34
+ Intra.logger.warn "Can't verify CSRF token authenticity"
35
+ handle_unverified_request
36
+ end
37
+
38
+ private
39
+
40
+ def protect_against_forgery?
41
+ ::ApplicationController.allow_forgery_protection
42
+ end
43
+
44
+ def request_forgery_protection_token
45
+ ::ApplicationController.request_forgery_protection_token
46
+ end
47
+
48
+ def forgery_protection_strategy
49
+ ::ApplicationController.forgery_protection_strategy
50
+ end
51
+
52
+ def verified_request?
53
+ !protect_against_forgery? || request.get? || request.head? ||
54
+ form_authenticity_token == params[request_forgery_protection_token] ||
55
+ form_authenticity_token == request.headers['X-CSRF-Token']
56
+ end
57
+
58
+ def handle_unverified_request
59
+ forgery_protection_strategy.new(self).handle_unverified_request
60
+ end
61
+
62
+ # Sets the token value for the current session.
63
+ def form_authenticity_token
64
+ session[:_csrf_token] ||= SecureRandom.base64(32)
65
+ end
66
+ end
67
+ end
data/lib/intra/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Intra
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.1"
3
3
  end
data/lib/intra.rb CHANGED
@@ -9,6 +9,7 @@ require 'intra/session'
9
9
  require 'intra/rack_session'
10
10
  require 'intra/authenticatable'
11
11
  require 'intra/authentication'
12
+ require 'intra/request_forgery_protection'
12
13
  require 'intra/engine'
13
14
 
14
15
  module Intra
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: intra
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Scott Serok
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-06-11 00:00:00.000000000 Z
11
+ date: 2019-06-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -152,6 +152,7 @@ files:
152
152
  - lib/intra/engine.rb
153
153
  - lib/intra/omniauth_failure_app.rb
154
154
  - lib/intra/rack_session.rb
155
+ - lib/intra/request_forgery_protection.rb
155
156
  - lib/intra/session.rb
156
157
  - lib/intra/tasks/install.rake
157
158
  - lib/intra/version.rb