janus 0.9.0 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.travis.yml +7 -2
- data/CHANGELOG.md +8 -0
- data/README.rdoc +9 -8
- data/VERSION +1 -1
- data/janus.gemspec +1 -1
- data/lib/janus/controllers/confirmations_controller.rb +1 -1
- data/lib/janus/controllers/internal_helpers.rb +8 -0
- data/lib/janus/controllers/passwords_controller.rb +1 -1
- data/lib/janus/controllers/sessions_controller.rb +22 -15
- data/test/functional/users/sessions_controller_test.rb +7 -0
- data/test/rails_app/app/controllers/users/sessions_controller.rb +4 -0
- metadata +4 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: efac9f377f862b38faf519a989cdbeccc08251c8
|
|
4
|
+
data.tar.gz: 40c57afe330efb056c7ed7e2219c5d0968fc0cf6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ff9cd1ececaa6405979cc93693788311c387743951817b49fde59ac7501ac8366b236ae620469ab721d2140dfb87f73c95ed792dec34678fddc62b8240e8ffeb
|
|
7
|
+
data.tar.gz: 2b94e5e8545101c77a20044ac59fb2b05671cc3943948fe405225db692b2bd7de1f4df06662c77ba5e053fd7e6f031198ab9401c360f6fd187798eb7cf45a699
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
data/.travis.yml
CHANGED
|
@@ -3,8 +3,7 @@ script: bundle exec rake test
|
|
|
3
3
|
|
|
4
4
|
rvm:
|
|
5
5
|
- 1.9.3
|
|
6
|
-
- 2.
|
|
7
|
-
- 2.1.0
|
|
6
|
+
- 2.1.2
|
|
8
7
|
|
|
9
8
|
gemfile:
|
|
10
9
|
- Gemfile
|
|
@@ -13,6 +12,12 @@ gemfile:
|
|
|
13
12
|
- gemfiles/Gemfile.rails-head
|
|
14
13
|
|
|
15
14
|
matrix:
|
|
15
|
+
exclude:
|
|
16
|
+
- rvm: 1.9.3
|
|
17
|
+
gemfile: gemfiles/Gemfile.rails-head
|
|
16
18
|
allow_failures:
|
|
17
19
|
- gemfile: gemfiles/Gemfile.rails-head
|
|
18
20
|
|
|
21
|
+
env:
|
|
22
|
+
global:
|
|
23
|
+
- NOKOGIRI_USE_SYSTEM_LIBRARIES=1
|
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
v0.9.1
|
|
2
|
+
|
|
3
|
+
- Fixed compatibility with the latest Rails 4.0 and 4.1 releases that fixed a
|
|
4
|
+
bug with strong parameters. See 5b5a7e7
|
|
5
|
+
- `Janus::SessionsController#valid_host?(host)` to interrupt a blind redirection
|
|
6
|
+
when `params[:return_to]` is the current host. See b120010.
|
|
7
|
+
|
|
8
|
+
Compare: https://github.com/ysbaddaden/janus/compare/v0.9.0...v0.9.1
|
data/README.rdoc
CHANGED
|
@@ -33,22 +33,23 @@ As for the strategies and hooks:
|
|
|
33
33
|
|
|
34
34
|
== Getting Started
|
|
35
35
|
|
|
36
|
-
First add the janus gem to your Gemfile, then run
|
|
36
|
+
First add the janus gem to your Gemfile, then run +bundle+ to install it:
|
|
37
37
|
|
|
38
38
|
gem 'janus'
|
|
39
|
-
gem 'bcrypt
|
|
39
|
+
gem 'bcrypt'
|
|
40
40
|
# gem 'scrypt'
|
|
41
41
|
|
|
42
|
-
You
|
|
43
|
-
|
|
42
|
+
You also need either the bcrypt or scrypt gems, depending on which library
|
|
43
|
+
you want to use to encrypt the passwords. Janus uses bcrypt by default,
|
|
44
44
|
to be compatible with Devise, but you may prefer scrypt, which is stronger.
|
|
45
45
|
|
|
46
46
|
Run the <tt>janus:install</tt> generator to setup janus in your app:
|
|
47
47
|
|
|
48
48
|
$ rails generate janus:install
|
|
49
49
|
|
|
50
|
-
If you are running Rails 4.1+ you must add a
|
|
51
|
-
|
|
50
|
+
If you are running Rails 4.1+ you must add a <tt>secret_pepper</tt> to your
|
|
51
|
+
<tt>config/secrets.yml</tt> file after generating a secure token with
|
|
52
|
+
<tt>rake secret</tt>:
|
|
52
53
|
|
|
53
54
|
# config/secrets.yml
|
|
54
55
|
development:
|
|
@@ -62,8 +63,8 @@ If you are running Rails 4.1+ you must add a `secret_pepper` to your
|
|
|
62
63
|
secret_pepper: ENV["SECRET_PEPPER"]
|
|
63
64
|
|
|
64
65
|
If you are running a previous version of Rails, then you should edit
|
|
65
|
-
|
|
66
|
-
generated token.
|
|
66
|
+
<tt>config/initializers/janus.rb</tt> to use an environment variable instead of
|
|
67
|
+
the generated token.
|
|
67
68
|
|
|
68
69
|
Then create your first authenticatable resource, let's say +User+:
|
|
69
70
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.9.
|
|
1
|
+
0.9.1
|
data/janus.gemspec
CHANGED
|
@@ -21,7 +21,7 @@ Gem::Specification.new do |gem|
|
|
|
21
21
|
|
|
22
22
|
gem.add_development_dependency 'rails', '>= 3.0.0'
|
|
23
23
|
gem.add_development_dependency 'sqlite3'
|
|
24
|
-
gem.add_development_dependency 'bcrypt
|
|
24
|
+
gem.add_development_dependency 'bcrypt'
|
|
25
25
|
gem.add_development_dependency 'scrypt'
|
|
26
26
|
gem.add_development_dependency 'minitest'
|
|
27
27
|
gem.add_development_dependency 'capybara'
|
|
@@ -38,7 +38,7 @@ class Janus::ConfirmationsController < ApplicationController
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
def create
|
|
41
|
-
self.resource = resource_class.find_for_database_authentication(
|
|
41
|
+
self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
|
|
42
42
|
|
|
43
43
|
if resource
|
|
44
44
|
deliver_confirmation_instructions(resource)
|
|
@@ -43,6 +43,14 @@ module Janus
|
|
|
43
43
|
janus_scope
|
|
44
44
|
end
|
|
45
45
|
|
|
46
|
+
def resource_authentication_params
|
|
47
|
+
if params.respond_to?(:permit)
|
|
48
|
+
params.require(janus_scope).permit(*resource_class.authentication_keys)
|
|
49
|
+
else
|
|
50
|
+
params[janus_scope].slice(*resource_class.authentication_keys)
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
46
54
|
# Returns the `UserMailer` class (or `AdminMailer` or whatever) as detected
|
|
47
55
|
# by janus_scope.
|
|
48
56
|
def mailer_class
|
|
@@ -11,7 +11,7 @@ class Janus::PasswordsController < ApplicationController
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def create
|
|
14
|
-
self.resource = resource_class.find_for_database_authentication(
|
|
14
|
+
self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
|
|
15
15
|
|
|
16
16
|
if resource
|
|
17
17
|
resource.generate_reset_password_token!
|
|
@@ -27,7 +27,7 @@ class Janus::SessionsController < ApplicationController
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def create
|
|
30
|
-
self.resource = resource_class.find_for_database_authentication(
|
|
30
|
+
self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
|
|
31
31
|
|
|
32
32
|
if resource && resource.valid_password?(params[resource_name][:password])
|
|
33
33
|
janus.login(resource, :scope => janus_scope, :rememberable => params[:remember_me])
|
|
@@ -39,7 +39,7 @@ class Janus::SessionsController < ApplicationController
|
|
|
39
39
|
else
|
|
40
40
|
respond_to do |format|
|
|
41
41
|
format.html do
|
|
42
|
-
self.resource ||= resource_class.new(
|
|
42
|
+
self.resource ||= resource_class.new(resource_authentication_params)
|
|
43
43
|
resource.clean_up_passwords
|
|
44
44
|
resource.errors.add(:base, :not_found)
|
|
45
45
|
render "new", :status => :unauthorized
|
|
@@ -71,7 +71,16 @@ class Janus::SessionsController < ApplicationController
|
|
|
71
71
|
root_url
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
-
# Returns true if host is
|
|
74
|
+
# Returns true if host is request.host. You may want to overwrite this method
|
|
75
|
+
# to check if a user can access the current host and return false otherwise.
|
|
76
|
+
#
|
|
77
|
+
# For instance when a user signed in from a subdomain she can't access, and
|
|
78
|
+
# you want to redirect her to another subdomain.
|
|
79
|
+
def valid_host?(host)
|
|
80
|
+
host == request.host
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
# Must return true if host is known and we allow to redirect the user
|
|
75
84
|
# with an auth_token.
|
|
76
85
|
#
|
|
77
86
|
# Warning: must be overwritten by child classes because it always
|
|
@@ -108,17 +117,23 @@ class Janus::SessionsController < ApplicationController
|
|
|
108
117
|
# to this URL or not, in order to secure auth tokens for
|
|
109
118
|
# RemoteAuthenticatable to leak into the wild.
|
|
110
119
|
def redirect_after_sign_in(user)
|
|
111
|
-
|
|
120
|
+
if params[:return_to].present?
|
|
112
121
|
return_to = Addressable::URI.parse(params[:return_to])
|
|
113
122
|
|
|
114
123
|
unless never_return_to(user).include?(return_to.path)
|
|
115
|
-
|
|
124
|
+
# path or same host redirection
|
|
125
|
+
if valid_host?(return_to.host || request.host)
|
|
116
126
|
redirect_to params[:return_to]
|
|
117
127
|
return
|
|
118
|
-
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
# external host redirection
|
|
131
|
+
if valid_remote_host?(return_to.host)
|
|
119
132
|
if user.class.include?(Janus::Models::RemoteAuthenticatable)
|
|
120
133
|
query = return_to.query_values || {}
|
|
121
|
-
return_to.query_values = query.merge(
|
|
134
|
+
return_to.query_values = query.merge(
|
|
135
|
+
user.class.remote_authentication_key => user.generate_remote_token!
|
|
136
|
+
)
|
|
122
137
|
end
|
|
123
138
|
|
|
124
139
|
redirect_to return_to.to_s
|
|
@@ -129,12 +144,4 @@ class Janus::SessionsController < ApplicationController
|
|
|
129
144
|
|
|
130
145
|
redirect_to after_sign_in_url(user)
|
|
131
146
|
end
|
|
132
|
-
|
|
133
|
-
def resource_params
|
|
134
|
-
if params.respond_to?(:permit)
|
|
135
|
-
params.require(janus_scope).permit(*resource_class.authentication_keys)
|
|
136
|
-
else
|
|
137
|
-
params[janus_scope].slice(*resource_class.authentication_keys)
|
|
138
|
-
end
|
|
139
|
-
end
|
|
140
147
|
end
|
|
@@ -48,6 +48,13 @@ class Users::SessionsControllerTest < ActionController::TestCase
|
|
|
48
48
|
assert_authenticated(:user)
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
+
test "create should skip redirect on invalid host" do
|
|
52
|
+
request.host = "invalid.test.host"
|
|
53
|
+
post :create, :user => @valid, :return_to => root_path
|
|
54
|
+
assert_redirected_to user_url
|
|
55
|
+
assert_authenticated(:user)
|
|
56
|
+
end
|
|
57
|
+
|
|
51
58
|
test "create should not redirect to unknown host" do
|
|
52
59
|
post :create, :user => @valid, :return_to => root_url(:host => 'www.bad-host.com')
|
|
53
60
|
assert_redirected_to user_url
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: janus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Julien Portalier
|
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
|
30
30
|
KVqCN//9bevjMk5OiMi9X3Wu/GtVWDwC6OTWFWKd54KgbuWlakO8LC1SMmStnCIF
|
|
31
31
|
W4qpyMWMZMcB4ZN/0mUVzY5xwrislBtsmQVUSw==
|
|
32
32
|
-----END CERTIFICATE-----
|
|
33
|
-
date: 2014-
|
|
33
|
+
date: 2014-08-27 00:00:00.000000000 Z
|
|
34
34
|
dependencies:
|
|
35
35
|
- !ruby/object:Gem::Dependency
|
|
36
36
|
name: addressable
|
|
@@ -75,7 +75,7 @@ dependencies:
|
|
|
75
75
|
- !ruby/object:Gem::Version
|
|
76
76
|
version: '0'
|
|
77
77
|
- !ruby/object:Gem::Dependency
|
|
78
|
-
name: bcrypt
|
|
78
|
+
name: bcrypt
|
|
79
79
|
requirement: !ruby/object:Gem::Requirement
|
|
80
80
|
requirements:
|
|
81
81
|
- - ">="
|
|
@@ -139,6 +139,7 @@ extra_rdoc_files: []
|
|
|
139
139
|
files:
|
|
140
140
|
- ".gitignore"
|
|
141
141
|
- ".travis.yml"
|
|
142
|
+
- CHANGELOG.md
|
|
142
143
|
- LICENSE
|
|
143
144
|
- README.rdoc
|
|
144
145
|
- Rakefile
|
metadata.gz.sig
CHANGED
|
Binary file
|