janus 0.9.0 → 0.9.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.travis.yml +7 -2
- data/CHANGELOG.md +8 -0
- data/README.rdoc +9 -8
- data/VERSION +1 -1
- data/janus.gemspec +1 -1
- data/lib/janus/controllers/confirmations_controller.rb +1 -1
- data/lib/janus/controllers/internal_helpers.rb +8 -0
- data/lib/janus/controllers/passwords_controller.rb +1 -1
- data/lib/janus/controllers/sessions_controller.rb +22 -15
- data/test/functional/users/sessions_controller_test.rb +7 -0
- data/test/rails_app/app/controllers/users/sessions_controller.rb +4 -0
- metadata +4 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: efac9f377f862b38faf519a989cdbeccc08251c8
|
4
|
+
data.tar.gz: 40c57afe330efb056c7ed7e2219c5d0968fc0cf6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ff9cd1ececaa6405979cc93693788311c387743951817b49fde59ac7501ac8366b236ae620469ab721d2140dfb87f73c95ed792dec34678fddc62b8240e8ffeb
|
7
|
+
data.tar.gz: 2b94e5e8545101c77a20044ac59fb2b05671cc3943948fe405225db692b2bd7de1f4df06662c77ba5e053fd7e6f031198ab9401c360f6fd187798eb7cf45a699
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/.travis.yml
CHANGED
@@ -3,8 +3,7 @@ script: bundle exec rake test
|
|
3
3
|
|
4
4
|
rvm:
|
5
5
|
- 1.9.3
|
6
|
-
- 2.
|
7
|
-
- 2.1.0
|
6
|
+
- 2.1.2
|
8
7
|
|
9
8
|
gemfile:
|
10
9
|
- Gemfile
|
@@ -13,6 +12,12 @@ gemfile:
|
|
13
12
|
- gemfiles/Gemfile.rails-head
|
14
13
|
|
15
14
|
matrix:
|
15
|
+
exclude:
|
16
|
+
- rvm: 1.9.3
|
17
|
+
gemfile: gemfiles/Gemfile.rails-head
|
16
18
|
allow_failures:
|
17
19
|
- gemfile: gemfiles/Gemfile.rails-head
|
18
20
|
|
21
|
+
env:
|
22
|
+
global:
|
23
|
+
- NOKOGIRI_USE_SYSTEM_LIBRARIES=1
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
v0.9.1
|
2
|
+
|
3
|
+
- Fixed compatibility with the latest Rails 4.0 and 4.1 releases that fixed a
|
4
|
+
bug with strong parameters. See 5b5a7e7
|
5
|
+
- `Janus::SessionsController#valid_host?(host)` to interrupt a blind redirection
|
6
|
+
when `params[:return_to]` is the current host. See b120010.
|
7
|
+
|
8
|
+
Compare: https://github.com/ysbaddaden/janus/compare/v0.9.0...v0.9.1
|
data/README.rdoc
CHANGED
@@ -33,22 +33,23 @@ As for the strategies and hooks:
|
|
33
33
|
|
34
34
|
== Getting Started
|
35
35
|
|
36
|
-
First add the janus gem to your Gemfile, then run
|
36
|
+
First add the janus gem to your Gemfile, then run +bundle+ to install it:
|
37
37
|
|
38
38
|
gem 'janus'
|
39
|
-
gem 'bcrypt
|
39
|
+
gem 'bcrypt'
|
40
40
|
# gem 'scrypt'
|
41
41
|
|
42
|
-
You
|
43
|
-
|
42
|
+
You also need either the bcrypt or scrypt gems, depending on which library
|
43
|
+
you want to use to encrypt the passwords. Janus uses bcrypt by default,
|
44
44
|
to be compatible with Devise, but you may prefer scrypt, which is stronger.
|
45
45
|
|
46
46
|
Run the <tt>janus:install</tt> generator to setup janus in your app:
|
47
47
|
|
48
48
|
$ rails generate janus:install
|
49
49
|
|
50
|
-
If you are running Rails 4.1+ you must add a
|
51
|
-
|
50
|
+
If you are running Rails 4.1+ you must add a <tt>secret_pepper</tt> to your
|
51
|
+
<tt>config/secrets.yml</tt> file after generating a secure token with
|
52
|
+
<tt>rake secret</tt>:
|
52
53
|
|
53
54
|
# config/secrets.yml
|
54
55
|
development:
|
@@ -62,8 +63,8 @@ If you are running Rails 4.1+ you must add a `secret_pepper` to your
|
|
62
63
|
secret_pepper: ENV["SECRET_PEPPER"]
|
63
64
|
|
64
65
|
If you are running a previous version of Rails, then you should edit
|
65
|
-
|
66
|
-
generated token.
|
66
|
+
<tt>config/initializers/janus.rb</tt> to use an environment variable instead of
|
67
|
+
the generated token.
|
67
68
|
|
68
69
|
Then create your first authenticatable resource, let's say +User+:
|
69
70
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.9.
|
1
|
+
0.9.1
|
data/janus.gemspec
CHANGED
@@ -21,7 +21,7 @@ Gem::Specification.new do |gem|
|
|
21
21
|
|
22
22
|
gem.add_development_dependency 'rails', '>= 3.0.0'
|
23
23
|
gem.add_development_dependency 'sqlite3'
|
24
|
-
gem.add_development_dependency 'bcrypt
|
24
|
+
gem.add_development_dependency 'bcrypt'
|
25
25
|
gem.add_development_dependency 'scrypt'
|
26
26
|
gem.add_development_dependency 'minitest'
|
27
27
|
gem.add_development_dependency 'capybara'
|
@@ -38,7 +38,7 @@ class Janus::ConfirmationsController < ApplicationController
|
|
38
38
|
end
|
39
39
|
|
40
40
|
def create
|
41
|
-
self.resource = resource_class.find_for_database_authentication(
|
41
|
+
self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
|
42
42
|
|
43
43
|
if resource
|
44
44
|
deliver_confirmation_instructions(resource)
|
@@ -43,6 +43,14 @@ module Janus
|
|
43
43
|
janus_scope
|
44
44
|
end
|
45
45
|
|
46
|
+
def resource_authentication_params
|
47
|
+
if params.respond_to?(:permit)
|
48
|
+
params.require(janus_scope).permit(*resource_class.authentication_keys)
|
49
|
+
else
|
50
|
+
params[janus_scope].slice(*resource_class.authentication_keys)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
46
54
|
# Returns the `UserMailer` class (or `AdminMailer` or whatever) as detected
|
47
55
|
# by janus_scope.
|
48
56
|
def mailer_class
|
@@ -11,7 +11,7 @@ class Janus::PasswordsController < ApplicationController
|
|
11
11
|
end
|
12
12
|
|
13
13
|
def create
|
14
|
-
self.resource = resource_class.find_for_database_authentication(
|
14
|
+
self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
|
15
15
|
|
16
16
|
if resource
|
17
17
|
resource.generate_reset_password_token!
|
@@ -27,7 +27,7 @@ class Janus::SessionsController < ApplicationController
|
|
27
27
|
end
|
28
28
|
|
29
29
|
def create
|
30
|
-
self.resource = resource_class.find_for_database_authentication(
|
30
|
+
self.resource = resource_class.find_for_database_authentication(resource_authentication_params)
|
31
31
|
|
32
32
|
if resource && resource.valid_password?(params[resource_name][:password])
|
33
33
|
janus.login(resource, :scope => janus_scope, :rememberable => params[:remember_me])
|
@@ -39,7 +39,7 @@ class Janus::SessionsController < ApplicationController
|
|
39
39
|
else
|
40
40
|
respond_to do |format|
|
41
41
|
format.html do
|
42
|
-
self.resource ||= resource_class.new(
|
42
|
+
self.resource ||= resource_class.new(resource_authentication_params)
|
43
43
|
resource.clean_up_passwords
|
44
44
|
resource.errors.add(:base, :not_found)
|
45
45
|
render "new", :status => :unauthorized
|
@@ -71,7 +71,16 @@ class Janus::SessionsController < ApplicationController
|
|
71
71
|
root_url
|
72
72
|
end
|
73
73
|
|
74
|
-
# Returns true if host is
|
74
|
+
# Returns true if host is request.host. You may want to overwrite this method
|
75
|
+
# to check if a user can access the current host and return false otherwise.
|
76
|
+
#
|
77
|
+
# For instance when a user signed in from a subdomain she can't access, and
|
78
|
+
# you want to redirect her to another subdomain.
|
79
|
+
def valid_host?(host)
|
80
|
+
host == request.host
|
81
|
+
end
|
82
|
+
|
83
|
+
# Must return true if host is known and we allow to redirect the user
|
75
84
|
# with an auth_token.
|
76
85
|
#
|
77
86
|
# Warning: must be overwritten by child classes because it always
|
@@ -108,17 +117,23 @@ class Janus::SessionsController < ApplicationController
|
|
108
117
|
# to this URL or not, in order to secure auth tokens for
|
109
118
|
# RemoteAuthenticatable to leak into the wild.
|
110
119
|
def redirect_after_sign_in(user)
|
111
|
-
|
120
|
+
if params[:return_to].present?
|
112
121
|
return_to = Addressable::URI.parse(params[:return_to])
|
113
122
|
|
114
123
|
unless never_return_to(user).include?(return_to.path)
|
115
|
-
|
124
|
+
# path or same host redirection
|
125
|
+
if valid_host?(return_to.host || request.host)
|
116
126
|
redirect_to params[:return_to]
|
117
127
|
return
|
118
|
-
|
128
|
+
end
|
129
|
+
|
130
|
+
# external host redirection
|
131
|
+
if valid_remote_host?(return_to.host)
|
119
132
|
if user.class.include?(Janus::Models::RemoteAuthenticatable)
|
120
133
|
query = return_to.query_values || {}
|
121
|
-
return_to.query_values = query.merge(
|
134
|
+
return_to.query_values = query.merge(
|
135
|
+
user.class.remote_authentication_key => user.generate_remote_token!
|
136
|
+
)
|
122
137
|
end
|
123
138
|
|
124
139
|
redirect_to return_to.to_s
|
@@ -129,12 +144,4 @@ class Janus::SessionsController < ApplicationController
|
|
129
144
|
|
130
145
|
redirect_to after_sign_in_url(user)
|
131
146
|
end
|
132
|
-
|
133
|
-
def resource_params
|
134
|
-
if params.respond_to?(:permit)
|
135
|
-
params.require(janus_scope).permit(*resource_class.authentication_keys)
|
136
|
-
else
|
137
|
-
params[janus_scope].slice(*resource_class.authentication_keys)
|
138
|
-
end
|
139
|
-
end
|
140
147
|
end
|
@@ -48,6 +48,13 @@ class Users::SessionsControllerTest < ActionController::TestCase
|
|
48
48
|
assert_authenticated(:user)
|
49
49
|
end
|
50
50
|
|
51
|
+
test "create should skip redirect on invalid host" do
|
52
|
+
request.host = "invalid.test.host"
|
53
|
+
post :create, :user => @valid, :return_to => root_path
|
54
|
+
assert_redirected_to user_url
|
55
|
+
assert_authenticated(:user)
|
56
|
+
end
|
57
|
+
|
51
58
|
test "create should not redirect to unknown host" do
|
52
59
|
post :create, :user => @valid, :return_to => root_url(:host => 'www.bad-host.com')
|
53
60
|
assert_redirected_to user_url
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: janus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.
|
4
|
+
version: 0.9.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Julien Portalier
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
30
30
|
KVqCN//9bevjMk5OiMi9X3Wu/GtVWDwC6OTWFWKd54KgbuWlakO8LC1SMmStnCIF
|
31
31
|
W4qpyMWMZMcB4ZN/0mUVzY5xwrislBtsmQVUSw==
|
32
32
|
-----END CERTIFICATE-----
|
33
|
-
date: 2014-
|
33
|
+
date: 2014-08-27 00:00:00.000000000 Z
|
34
34
|
dependencies:
|
35
35
|
- !ruby/object:Gem::Dependency
|
36
36
|
name: addressable
|
@@ -75,7 +75,7 @@ dependencies:
|
|
75
75
|
- !ruby/object:Gem::Version
|
76
76
|
version: '0'
|
77
77
|
- !ruby/object:Gem::Dependency
|
78
|
-
name: bcrypt
|
78
|
+
name: bcrypt
|
79
79
|
requirement: !ruby/object:Gem::Requirement
|
80
80
|
requirements:
|
81
81
|
- - ">="
|
@@ -139,6 +139,7 @@ extra_rdoc_files: []
|
|
139
139
|
files:
|
140
140
|
- ".gitignore"
|
141
141
|
- ".travis.yml"
|
142
|
+
- CHANGELOG.md
|
142
143
|
- LICENSE
|
143
144
|
- README.rdoc
|
144
145
|
- Rakefile
|
metadata.gz.sig
CHANGED
Binary file
|