linkedin_sign_in 0.4.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1ee16026971b50c11efcd2f1882de53f9ba5c3855fd4641d6901939571d7c277
4
- data.tar.gz: 23d35a4f027293b47294757ec195ae6676c5e7809f72c4c1f3d1a71619bcf41c
3
+ metadata.gz: 3f8985d4d6e80ebff3c604f93d84431384c778f4dda5fc1eb8f4a000e9cdd85d
4
+ data.tar.gz: 13111de62ee932965e347d7af6ba72cb0f5f4a876324d3e27e2286c928dab29d
5
5
  SHA512:
6
- metadata.gz: 6721873e8eff33dd2b6fead2e547f138b9a987a4d71f275e59b54462a17010891a09eff4e75da15caa695aa395baef92e529dc4b4ac4b32c186d030bb133f975
7
- data.tar.gz: '0845e4f905d41382d50b0d80e38ced16e8dfd6af72f3ba2e7487edb8275da7a1c0bd1b8c5be28618914b4ae0f755e5ac1b9bda790803c99bfbdcc36ba7a34773'
6
+ metadata.gz: cdb09852791dc5819b7c6736f2425406210c5a31dee6e996d6f991d448c4e6f26155fa6c20edc5aa9f358ec8dd877e80cbfae5328e8a649c7d2a5c3bb73ab66d
7
+ data.tar.gz: 7baf9711c87dd68155f6fdd412a5d9c3384a2ff41743f1ec2775e168b44437230256560b1be5cb719b8dc169714c2d5a1e87dff535fe4c8ee8d3dc18f388a501
data/Gemfile.lock CHANGED
@@ -1,50 +1,50 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- linkedin_sign_in (0.4.0)
4
+ linkedin_sign_in (0.5.0)
5
5
  oauth2 (>= 1.4.0)
6
6
  rails (>= 5.2.0)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- actioncable (5.2.2.1)
12
- actionpack (= 5.2.2.1)
11
+ actioncable (5.2.3)
12
+ actionpack (= 5.2.3)
13
13
  nio4r (~> 2.0)
14
14
  websocket-driver (>= 0.6.1)
15
- actionmailer (5.2.2.1)
16
- actionpack (= 5.2.2.1)
17
- actionview (= 5.2.2.1)
18
- activejob (= 5.2.2.1)
15
+ actionmailer (5.2.3)
16
+ actionpack (= 5.2.3)
17
+ actionview (= 5.2.3)
18
+ activejob (= 5.2.3)
19
19
  mail (~> 2.5, >= 2.5.4)
20
20
  rails-dom-testing (~> 2.0)
21
- actionpack (5.2.2.1)
22
- actionview (= 5.2.2.1)
23
- activesupport (= 5.2.2.1)
21
+ actionpack (5.2.3)
22
+ actionview (= 5.2.3)
23
+ activesupport (= 5.2.3)
24
24
  rack (~> 2.0)
25
25
  rack-test (>= 0.6.3)
26
26
  rails-dom-testing (~> 2.0)
27
27
  rails-html-sanitizer (~> 1.0, >= 1.0.2)
28
- actionview (5.2.2.1)
29
- activesupport (= 5.2.2.1)
28
+ actionview (5.2.3)
29
+ activesupport (= 5.2.3)
30
30
  builder (~> 3.1)
31
31
  erubi (~> 1.4)
32
32
  rails-dom-testing (~> 2.0)
33
33
  rails-html-sanitizer (~> 1.0, >= 1.0.3)
34
- activejob (5.2.2.1)
35
- activesupport (= 5.2.2.1)
34
+ activejob (5.2.3)
35
+ activesupport (= 5.2.3)
36
36
  globalid (>= 0.3.6)
37
- activemodel (5.2.2.1)
38
- activesupport (= 5.2.2.1)
39
- activerecord (5.2.2.1)
40
- activemodel (= 5.2.2.1)
41
- activesupport (= 5.2.2.1)
37
+ activemodel (5.2.3)
38
+ activesupport (= 5.2.3)
39
+ activerecord (5.2.3)
40
+ activemodel (= 5.2.3)
41
+ activesupport (= 5.2.3)
42
42
  arel (>= 9.0)
43
- activestorage (5.2.2.1)
44
- actionpack (= 5.2.2.1)
45
- activerecord (= 5.2.2.1)
43
+ activestorage (5.2.3)
44
+ actionpack (= 5.2.3)
45
+ activerecord (= 5.2.3)
46
46
  marcel (~> 0.3.1)
47
- activesupport (5.2.2.1)
47
+ activesupport (5.2.3)
48
48
  concurrent-ruby (~> 1.0, >= 1.0.2)
49
49
  i18n (>= 0.7, < 2)
50
50
  minitest (~> 5.1)
@@ -81,9 +81,9 @@ GEM
81
81
  minitest (5.11.3)
82
82
  multi_json (1.13.1)
83
83
  multi_xml (0.6.0)
84
- multipart-post (2.0.0)
84
+ multipart-post (2.1.0)
85
85
  nio4r (2.3.1)
86
- nokogiri (1.10.1)
86
+ nokogiri (1.10.3)
87
87
  mini_portile2 (~> 2.4.0)
88
88
  oauth2 (1.4.1)
89
89
  faraday (>= 0.8, < 0.16.0)
@@ -92,30 +92,30 @@ GEM
92
92
  multi_xml (~> 0.5)
93
93
  rack (>= 1.2, < 3)
94
94
  public_suffix (3.0.3)
95
- rack (2.0.6)
95
+ rack (2.0.7)
96
96
  rack-test (1.1.0)
97
97
  rack (>= 1.0, < 3)
98
- rails (5.2.2.1)
99
- actioncable (= 5.2.2.1)
100
- actionmailer (= 5.2.2.1)
101
- actionpack (= 5.2.2.1)
102
- actionview (= 5.2.2.1)
103
- activejob (= 5.2.2.1)
104
- activemodel (= 5.2.2.1)
105
- activerecord (= 5.2.2.1)
106
- activestorage (= 5.2.2.1)
107
- activesupport (= 5.2.2.1)
98
+ rails (5.2.3)
99
+ actioncable (= 5.2.3)
100
+ actionmailer (= 5.2.3)
101
+ actionpack (= 5.2.3)
102
+ actionview (= 5.2.3)
103
+ activejob (= 5.2.3)
104
+ activemodel (= 5.2.3)
105
+ activerecord (= 5.2.3)
106
+ activestorage (= 5.2.3)
107
+ activesupport (= 5.2.3)
108
108
  bundler (>= 1.3.0)
109
- railties (= 5.2.2.1)
109
+ railties (= 5.2.3)
110
110
  sprockets-rails (>= 2.0.0)
111
111
  rails-dom-testing (2.0.3)
112
112
  activesupport (>= 4.2.0)
113
113
  nokogiri (>= 1.6)
114
114
  rails-html-sanitizer (1.0.4)
115
115
  loofah (~> 2.2, >= 2.2.2)
116
- railties (5.2.2.1)
117
- actionpack (= 5.2.2.1)
118
- activesupport (= 5.2.2.1)
116
+ railties (5.2.3)
117
+ actionpack (= 5.2.3)
118
+ activesupport (= 5.2.3)
119
119
  method_source
120
120
  rake (>= 0.8.7)
121
121
  thor (>= 0.19.0, < 2.0)
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- This gem is shamlessly based on [Google SignIn by Basecamp](https://github.com/basecamp/google_sign_in).
1
+ This gem is shamelessly based on [Google SignIn by Basecamp](https://github.com/basecamp/google_sign_in).
2
2
 
3
3
  # Linkedin Sign-In for Rails
4
4
 
@@ -1,6 +1,8 @@
1
1
  require 'securerandom'
2
2
 
3
3
  class LinkedinSignIn::AuthorizationsController < LinkedinSignIn::BaseController
4
+ skip_forgery_protection only: :create
5
+
4
6
  def create
5
7
  redirect_to login_url(scope: 'r_basicprofile r_emailaddress', state: state),
6
8
  flash: { proceed_to: params.require(:proceed_to), state: state }
@@ -9,8 +9,8 @@ module LinkedinSignIn
9
9
  QUALIFIED_URL_PATTERN = /\A#{URI::DEFAULT_PARSER.make_regexp}\z/
10
10
 
11
11
  def ensure_same_origin(target, source)
12
- if target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source)
13
- raise Violation, "Redirect target #{target} does not have same origin as request (expected #{origin_of(source)})"
12
+ if target.blank? || (target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source))
13
+ raise Violation, "Redirect target #{target.inspect} does not have same origin as request (expected #{origin_of(source)})"
14
14
  end
15
15
  end
16
16
 
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'linkedin_sign_in'
3
- s.version = '0.4.0'
3
+ s.version = '0.5.0'
4
4
  s.authors = ['Vincent Robert']
5
5
  s.email = ['vincent.robert@genezys.net']
6
6
  s.summary = 'Sign in (or up) with Linkedin for Rails applications'
@@ -101,6 +101,11 @@ class LinkedinSignIn::CallbacksControllerTest < ActionDispatch::IntegrationTest
101
101
  assert_response :bad_request
102
102
  end
103
103
 
104
+ test "receiving no proceed_to URL" do
105
+ get linkedin_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: 'invalid')
106
+ assert_response :bad_request
107
+ end
108
+
104
109
  private
105
110
  def stub_token_for(code, **response_body)
106
111
  stub_token_request(code, status: 200, response: response_body)
@@ -20,6 +20,13 @@ class LinkedinSignIn::RedirectProtectorTest < ActiveSupport::TestCase
20
20
  end
21
21
  end
22
22
 
23
+ test "disallows empty URL target" do
24
+ assert_raises LinkedinSignIn::RedirectProtector::Violation do
25
+ LinkedinSignIn::RedirectProtector.ensure_same_origin nil, 'http://genezys.net'
26
+ end
27
+ end
28
+
29
+
23
30
  test "allows URL target with same origin as source" do
24
31
  assert_nothing_raised do
25
32
  LinkedinSignIn::RedirectProtector.ensure_same_origin 'https://genezys.net', 'https://genezys.net'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: linkedin_sign_in
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vincent Robert
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-20 00:00:00.000000000 Z
11
+ date: 2019-05-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails