intra 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +2 -0
- data/app/views/intra/sessions/new.html.erb +7 -11
- data/lib/intra/engine.rb +4 -0
- data/lib/intra/request_forgery_protection.rb +67 -0
- data/lib/intra/version.rb +1 -1
- data/lib/intra.rb +1 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cf985d8472b139ca940b7bc455f3d375c7b9ca77ca89fac60eaee241819ed15f
|
|
4
|
+
data.tar.gz: 415cd8474d33c5723929227b88276d5e38dc2db190f01932052d0bbd7fa8b57a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9e4e394b9d3e97cdc2e51e320c4aecfb638029b4c854755f278e6e7aec9c6be3154d7541fc7ec79f5ce1650f4f2810d5da4fd997c49ec419ff826db5c4908f76
|
|
7
|
+
data.tar.gz: 40446b8b4658eac5bdf101958224d87dccc74d9b76451fe5cd16aebb2e5347bd904d34d9dcc644c6fea761a5338b6d1082fedb3c9798b923d353d3144a5928e9
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,22 +1,18 @@
|
|
|
1
|
-
<article style="
|
|
2
|
-
<header
|
|
1
|
+
<article style="width: 500px; margin: auto; text-align: center; padding: 5rem;">
|
|
2
|
+
<header>
|
|
3
3
|
<h1>Log in</h1>
|
|
4
4
|
</header>
|
|
5
5
|
<% if flash[:error] %>
|
|
6
6
|
<section>
|
|
7
|
-
<p
|
|
7
|
+
<p class="alert"><%= flash[:error] %></p>
|
|
8
8
|
</section>
|
|
9
9
|
<% end %>
|
|
10
10
|
<section>
|
|
11
|
-
<div
|
|
12
|
-
<%=
|
|
13
|
-
'/auth/developer',
|
|
14
|
-
style: 'padding: 1em 2em; background-color: #44f; border-radius: 3px; color: white;' %>
|
|
11
|
+
<div>
|
|
12
|
+
<%= button_to 'Log in with Developer', '/auth/developer', method: :post %>
|
|
15
13
|
</div>
|
|
16
|
-
<div
|
|
17
|
-
<%=
|
|
18
|
-
'/auth/google',
|
|
19
|
-
style: 'padding: 1em 2em; background-color: #f44; border-radius: 3px; color: white;' %>
|
|
14
|
+
<div>
|
|
15
|
+
<%= button_to 'Log in with Google', '/auth/google', method: :post %>
|
|
20
16
|
</div>
|
|
21
17
|
</section>
|
|
22
18
|
</article>
|
data/lib/intra/engine.rb
CHANGED
|
@@ -5,6 +5,10 @@ module Intra
|
|
|
5
5
|
initializer 'intra.initializer' do |app|
|
|
6
6
|
app.config.filter_parameters += [:uid]
|
|
7
7
|
app.config.middleware.use RackSession
|
|
8
|
+
OmniAuth.config.allowed_request_methods = [:post]
|
|
9
|
+
OmniAuth.config.before_request_phase do |env|
|
|
10
|
+
::Intra::RequestForgeryProtection.new(env).call
|
|
11
|
+
end
|
|
8
12
|
end
|
|
9
13
|
|
|
10
14
|
rake_tasks do
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
require 'action_dispatch/http/request'
|
|
2
|
+
|
|
3
|
+
module Intra
|
|
4
|
+
# Based on ActionController::RequestForgeryProtection.
|
|
5
|
+
|
|
6
|
+
class RequestForgeryProtection
|
|
7
|
+
def initialize(env)
|
|
8
|
+
@env = env
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def request
|
|
12
|
+
@_request ||= ActionDispatch::Request.new(@env)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def session
|
|
16
|
+
request.session
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def reset_session
|
|
20
|
+
request.reset_session
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def params
|
|
24
|
+
@_params ||= request.parameters
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def call
|
|
28
|
+
verify_authenticity_token
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def verify_authenticity_token
|
|
32
|
+
return if verified_request?
|
|
33
|
+
|
|
34
|
+
Intra.logger.warn "Can't verify CSRF token authenticity"
|
|
35
|
+
handle_unverified_request
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
40
|
+
def protect_against_forgery?
|
|
41
|
+
::ApplicationController.allow_forgery_protection
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def request_forgery_protection_token
|
|
45
|
+
::ApplicationController.request_forgery_protection_token
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def forgery_protection_strategy
|
|
49
|
+
::ApplicationController.forgery_protection_strategy
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def verified_request?
|
|
53
|
+
!protect_against_forgery? || request.get? || request.head? ||
|
|
54
|
+
form_authenticity_token == params[request_forgery_protection_token] ||
|
|
55
|
+
form_authenticity_token == request.headers['X-CSRF-Token']
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def handle_unverified_request
|
|
59
|
+
forgery_protection_strategy.new(self).handle_unverified_request
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# Sets the token value for the current session.
|
|
63
|
+
def form_authenticity_token
|
|
64
|
+
session[:_csrf_token] ||= SecureRandom.base64(32)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|
data/lib/intra/version.rb
CHANGED
data/lib/intra.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: intra
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Scott Serok
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-06-
|
|
11
|
+
date: 2019-06-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -152,6 +152,7 @@ files:
|
|
|
152
152
|
- lib/intra/engine.rb
|
|
153
153
|
- lib/intra/omniauth_failure_app.rb
|
|
154
154
|
- lib/intra/rack_session.rb
|
|
155
|
+
- lib/intra/request_forgery_protection.rb
|
|
155
156
|
- lib/intra/session.rb
|
|
156
157
|
- lib/intra/tasks/install.rake
|
|
157
158
|
- lib/intra/version.rb
|