lockup 1.4.3 → 1.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: eda412926fb80a7d44fb6b4ce68da4f748529b38
-  data.tar.gz: fd9ace00edb3d443744fbdd1cb34a4cbb94bcc6d
+  metadata.gz: ee323e0b4451d7c45b4c45c887e02228205fd98b
+  data.tar.gz: 54bfb4dc3a8b0d7681f98cf37ed81ba3210e0989
 SHA512:
-  metadata.gz: 9facda0b570077694acf7c37d5cf658af5cd88a0a4c0dab66477dce7d3cdb77f5cf513a3bdeb0e798ee172045d8c9fa9fd660058e265b473b82151ae7b21f219
-  data.tar.gz: 356d724b46c5dceab61493b559b3f39774dcb1c1006e3083abb2308e946dadaa89e9540e78bae4cd799d1946a653c94960491245d59a24ad9ff06f39cb803178
+  metadata.gz: 2a3ccabab609ea1485b5ff502a9db5ea74e31eca642cd0b800e5d7514f6ae07bc95eb83ccc2008784f48a673527468ee3f2f2ea588cb799f3aecb29f1ef6431d
+  data.tar.gz: fc338ecdaaadf6a0d43146eab6a0b5da03c255f32df56e8f2554f7721440f36a8f8622ca645216046b43939e679b70ec6a0089b06f49322d410e07c9fd924324

data/app/controllers/lockup/lockup_controller.rb

@@ -1,23 +1,26 @@
 module Lockup
   class LockupController < Lockup::ApplicationController
+    CRAWLER_REGEX = /crawl|googlebot|slurp|spider|bingbot|tracker|click|parser|spider/
+
     if self.respond_to?(:skip_before_action)
       skip_before_action :check_for_lockup
     else
       skip_before_filter :check_for_lockup
     end
-    
+
     def unlock
       if params[:lockup_codeword].present?
-        user_agent = request.env['HTTP_USER_AGENT'].downcase
-        unless user_agent.match(/crawl|googlebot|slurp|spider|bingbot|tracker|click|parser|spider/)
-          @codeword = params[:lockup_codeword].to_s.downcase
-          @return_to = params[:return_to]
-          if @codeword == lockup_codeword
-            set_cookie
-            run_redirect
-          end
-        else
+        user_agent = request.env['HTTP_USER_AGENT'].presence
+        if user_agent && user_agent.downcase.match(CRAWLER_REGEX)
           head :ok
+          return
+        end
+
+        @codeword = params[:lockup_codeword].to_s.downcase
+        @return_to = params[:return_to]
+        if @codeword == lockup_codeword
+          set_cookie
+          run_redirect
         end
       elsif request.post?
         if params[:lockup].present? && params[:lockup].respond_to?(:'[]')
@@ -36,13 +39,13 @@ module Lockup
         respond_to :html
       end
     end
-    
+
     private
-    
+
     def set_cookie
       cookies[:lockup] = { value: @codeword.to_s.downcase, expires: (Time.now + cookie_lifetime) }
     end
-    
+
     def run_redirect
       if @return_to.present?
         redirect_to "#{@return_to}"

data/lib/lockup.rb

@@ -17,11 +17,17 @@ module Lockup
     return unless respond_to?(:lockup) && lockup_codeword_present?
     return if cookies[:lockup].present? && cookies[:lockup] == lockup_codeword
 
-    redirect_to lockup.unlock_path(return_to: request.fullpath.split('?lockup_codeword')[0], lockup_codeword: params[:lockup_codeword])
+    redirect_to lockup.unlock_path(
+      return_to: request.fullpath.split('?lockup_codeword')[0],
+      lockup_codeword: params[:lockup_codeword],
+    )
   end
 
   def lockup_codeword_present?
-    ENV["LOCKUP_CODEWORD"].present? || ENV["lockup_codeword"].present? || (Rails.application.respond_to?(:secrets) && Rails.application.secrets.lockup_codeword.present?)
+    ENV["LOCKUP_CODEWORD"].present? ||
+    ENV["lockup_codeword"].present? ||
+    (Rails.application.respond_to?(:secrets) && Rails.application.secrets.lockup_codeword.present?) ||
+    (Rails.application.respond_to?(:credentials) && Rails.application.credentials.lockup_codeword.present?)
   end
 
   def lockup_codeword
@@ -31,6 +37,8 @@ module Lockup
       ENV["lockup_codeword"].to_s.downcase
     elsif Rails.application.respond_to?(:secrets) && Rails.application.secrets.lockup_codeword.present?
       Rails.application.secrets.lockup_codeword.to_s.downcase
+    elsif Rails.application.respond_to?(:credentials) && Rails.application.credentials.lockup_codeword.present?
+      Rails.application.credentials.lockup_codeword.to_s.downcase
     end
   end
 

data/lib/lockup/version.rb

@@ -1,3 +1,3 @@
 module Lockup
-  VERSION = "1.4.3"
+  VERSION = "1.4.4"
 end

data/spec/controllers/lockup/lockup_controller_spec.rb

@@ -9,6 +9,7 @@ describe Lockup::LockupController do
       post 'unlock', params: {foo: 'bar'}
     end
   end
+
   describe 'a malicious user requests a format that is not HTML' do
     it 'throws an unknown format error' do
       lambda { get 'unlock', format: 'text' }.should raise_error(ActionController::UnknownFormat)

data/spec/dummy/log/test.log

@@ -5185,3 +5185,162 @@ Processing by Lockup::LockupController#unlock as HTML
 Completed 200 OK in 0ms
 Processing by Lockup::LockupController#unlock as TEXT
 Completed 406 Not Acceptable in 0ms
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"foo"=>"bar"}
+Completed 200 OK in 0ms
+Processing by Lockup::LockupController#unlock as TEXT
+Completed 406 Not Acceptable in 0ms
+Started GET "/posts" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by PostsController#index as HTML
+Redirected to http://www.example.com/lockup/unlock?return_to=%2Fposts
+Filter chain halted as :check_for_lockup rendered or redirected
+Completed 302 Found in 5ms
+Started GET "/lockup/unlock?return_to=%2Fposts" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"return_to"=>"/posts"}
+  Rendering /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application (10.1ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_css.html.erb (0.3ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_js.html.erb (0.2ms)
+Completed 200 OK in 32ms (Views: 28.0ms)
+Started GET "/this-does-not-exist?lockup_codeword=omgponies" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by ApplicationController#render_404 as HTML
+  Parameters: {"lockup_codeword"=>"omgponies", "path"=>"this-does-not-exist"}
+Redirected to http://www.example.com/lockup/unlock?lockup_codeword=omgponies&return_to=%2Fthis-does-not-exist
+Filter chain halted as :check_for_lockup rendered or redirected
+Completed 302 Found in 0ms
+Started GET "/lockup/unlock?lockup_codeword=omgponies&return_to=%2Fthis-does-not-exist" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"lockup_codeword"=>"omgponies", "return_to"=>"/this-does-not-exist"}
+Redirected to http://www.example.com/this-does-not-exist
+Completed 302 Found in 2ms
+Started GET "/this-does-not-exist" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by ApplicationController#render_404 as HTML
+  Parameters: {"path"=>"this-does-not-exist"}
+  Rendering public/404.html within layouts/application
+  Rendered public/404.html within layouts/application (0.2ms)
+Completed 404 Not Found in 131ms (Views: 130.4ms)
+Started GET "/posts" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by PostsController#index as HTML
+Redirected to http://www.example.com/lockup/unlock?return_to=%2Fposts
+Filter chain halted as :check_for_lockup rendered or redirected
+Completed 302 Found in 0ms
+Started GET "/lockup/unlock?return_to=%2Fposts" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"return_to"=>"/posts"}
+  Rendering /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application (0.9ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_css.html.erb (0.3ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_js.html.erb (0.3ms)
+Completed 200 OK in 19ms (Views: 15.6ms)
+Started POST "/lockup/unlock" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"utf8"=>"✓", "lockup"=>{"codeword"=>"lolwut", "return_to"=>"/posts"}, "button"=>""}
+  Rendering /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application (1.2ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_css.html.erb (1.0ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_js.html.erb (0.3ms)
+Completed 200 OK in 24ms (Views: 19.8ms)
+Started GET "/posts?lockup_codeword=omgponies" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by PostsController#index as HTML
+  Parameters: {"lockup_codeword"=>"omgponies"}
+Redirected to http://www.example.com/lockup/unlock?lockup_codeword=omgponies&return_to=%2Fposts
+Filter chain halted as :check_for_lockup rendered or redirected
+Completed 302 Found in 1ms
+Started GET "/lockup/unlock?lockup_codeword=omgponies&return_to=%2Fposts" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"lockup_codeword"=>"omgponies", "return_to"=>"/posts"}
+Redirected to http://www.example.com/posts
+Completed 302 Found in 0ms
+Started GET "/posts" for 127.0.0.1 at 2018-10-01 13:54:08 -0700
+Processing by PostsController#index as HTML
+  Rendering posts/index.html.erb within layouts/application
+  Rendered posts/index.html.erb within layouts/application (0.6ms)
+Completed 200 OK in 34ms (Views: 8.3ms)
+Started GET "/posts/1" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by PostsController#show as HTML
+  Parameters: {"id"=>"1"}
+  Rendering posts/show.html.erb within layouts/application
+  Rendered posts/show.html.erb within layouts/application (0.3ms)
+Completed 200 OK in 10ms (Views: 7.1ms)
+Started GET "/posts" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by PostsController#index as HTML
+Redirected to http://www.example.com/lockup/unlock?return_to=%2Fposts
+Filter chain halted as :check_for_lockup rendered or redirected
+Completed 302 Found in 0ms
+Started GET "/lockup/unlock?return_to=%2Fposts" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"return_to"=>"/posts"}
+  Rendering /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application (0.9ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_css.html.erb (0.3ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_js.html.erb (0.2ms)
+Completed 200 OK in 18ms (Views: 15.1ms)
+Started POST "/lockup/unlock" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"utf8"=>"✓", "lockup"=>{"codeword"=>"omgponies", "return_to"=>"/posts"}, "button"=>""}
+Redirected to http://www.example.com/posts
+Completed 302 Found in 0ms
+Started GET "/posts" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by PostsController#index as HTML
+  Rendering posts/index.html.erb within layouts/application
+  Rendered posts/index.html.erb within layouts/application (0.5ms)
+Completed 200 OK in 10ms (Views: 7.5ms)
+Started GET "/posts?lockup_codeword=omgponies" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by PostsController#index as HTML
+  Parameters: {"lockup_codeword"=>"omgponies"}
+Redirected to http://www.example.com/lockup/unlock?lockup_codeword=omgponies&return_to=%2Fposts
+Filter chain halted as :check_for_lockup rendered or redirected
+Completed 302 Found in 1ms
+Started GET "/lockup/unlock?lockup_codeword=omgponies&return_to=%2Fposts" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"lockup_codeword"=>"omgponies", "return_to"=>"/posts"}
+Completed 200 OK in 0ms
+Started GET "/posts?lookup_codeword=lolwut" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by PostsController#index as HTML
+  Parameters: {"lookup_codeword"=>"lolwut"}
+Redirected to http://www.example.com/lockup/unlock?return_to=%2Fposts%3Flookup_codeword%3Dlolwut
+Filter chain halted as :check_for_lockup rendered or redirected
+Completed 302 Found in 0ms
+Started GET "/lockup/unlock?return_to=%2Fposts%3Flookup_codeword%3Dlolwut" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"return_to"=>"/posts?lookup_codeword=lolwut"}
+  Rendering /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application (1.2ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_css.html.erb (0.4ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_js.html.erb (0.3ms)
+Completed 200 OK in 19ms (Views: 16.0ms)
+Started GET "/posts?lockup_codeword=omgponies" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by PostsController#index as HTML
+  Parameters: {"lockup_codeword"=>"omgponies"}
+Redirected to http://www.example.com/lockup/unlock?lockup_codeword=omgponies&return_to=%2Fposts
+Filter chain halted as :check_for_lockup rendered or redirected
+Completed 302 Found in 1ms
+Started GET "/lockup/unlock?lockup_codeword=omgponies&return_to=%2Fposts" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"lockup_codeword"=>"omgponies", "return_to"=>"/posts"}
+Redirected to http://www.example.com/posts
+Completed 302 Found in 0ms
+Started GET "/posts" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by PostsController#index as HTML
+  Rendering posts/index.html.erb within layouts/application
+  Rendered posts/index.html.erb within layouts/application (0.7ms)
+Completed 200 OK in 12ms (Views: 9.7ms)
+Started GET "/posts" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by PostsController#index as HTML
+Redirected to http://www.example.com/lockup/unlock?return_to=%2Fposts
+Filter chain halted as :check_for_lockup rendered or redirected
+Completed 302 Found in 1ms
+Started GET "/lockup/unlock?return_to=%2Fposts" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by Lockup::LockupController#unlock as HTML
+  Parameters: {"return_to"=>"/posts"}
+  Rendering /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/lockup/lockup/unlock.html.erb within layouts/lockup/application (1.7ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_css.html.erb (0.5ms)
+  Rendered /Users/grantblakeman/Dropbox/-Projects/Lockup/Build/Gem/lockup_gem/app/views/layouts/lockup/_inline_js.html.erb (0.3ms)
+Completed 200 OK in 32ms (Views: 21.6ms)
+Started GET "/posts" for 127.0.0.1 at 2018-10-01 13:54:09 -0700
+Processing by PostsController#index as HTML
+  Rendering posts/index.html.erb within layouts/application
+  Rendered posts/index.html.erb within layouts/application (0.5ms)
+Completed 200 OK in 9ms (Views: 6.8ms)

data/spec/features/access_restricted_spec.rb

@@ -112,6 +112,14 @@ describe "Accessing a page in the application" do
       end
     end
 
-  end
+    context "without a user agent" do
+      before(:each) do
+        set_user_agent_to(nil)
+      end
 
+      it "doesn't blow up" do
+        visit '/posts?lockup_codeword=omgponies'
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lockup
 version: !ruby/object:Gem::Version
-  version: 1.4.3
+  version: 1.4.4
 platform: ruby
 authors:
 - gb Studio
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-29 00:00:00.000000000 Z
+date: 2018-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails