lotus-controller 0.4.3 → 0.4.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/lib/lotus/action/params.rb +40 -2
- data/lib/lotus/action/rack.rb +9 -1
- data/lib/lotus/action/session.rb +10 -0
- data/lib/lotus/controller/version.rb +1 -1
- data/lotus-controller.gemspec +1 -1
- metadata +5 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b692a62b7c7775da832e5f7367ef67c50a279e1f
|
4
|
+
data.tar.gz: f24b0ee003fb32a6f063d2e243c1e6eed2c68e83
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 381a491ce463d8051437e9f186b0181141a135d2eed5d259b0ba54f7abb1cb9f28672ebe7e71553ba553be5ce40982955a60699c38f4510ae07376a99c189eb9
|
7
|
+
data.tar.gz: 4d23ef2177b9dac081083d51c1bdf2a01b6b6620a752167612e4b7e20bcbb59200592c18d46d981892298d5c7a776590b92d0840b78a8301eb92a56e95d21614
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,13 @@
|
|
1
1
|
# Lotus::Controller
|
2
2
|
Complete, fast and testable actions for Rack
|
3
3
|
|
4
|
+
## v0.4.4 - 2015-06-23
|
5
|
+
### Added
|
6
|
+
- [Luca Guidi] Security protection against Cross Site Request Forgery (CSRF).
|
7
|
+
|
8
|
+
### Fixed
|
9
|
+
- [Matthew Bellantoni] Ensure nested params to be correctly coerced to Hash.
|
10
|
+
|
4
11
|
## v0.4.3 - 2015-05-22
|
5
12
|
### Added
|
6
13
|
- [Alfonso Uceda Pompa & Luca Guidi] Introduced `Lotus::Action#send_file`
|
data/lib/lotus/action/params.rb
CHANGED
@@ -26,6 +26,20 @@ module Lotus
|
|
26
26
|
# @since 0.1.0
|
27
27
|
ROUTER_PARAMS = 'router.params'.freeze
|
28
28
|
|
29
|
+
# CSRF params key
|
30
|
+
#
|
31
|
+
# This key is shared with <tt>lotusrb</tt> and <tt>lotus-helpers</tt>
|
32
|
+
#
|
33
|
+
# @since 0.4.4
|
34
|
+
# @api private
|
35
|
+
CSRF_TOKEN = '_csrf_token'.freeze
|
36
|
+
|
37
|
+
# Set of params that are never filtered
|
38
|
+
#
|
39
|
+
# @since 0.4.4
|
40
|
+
# @api private
|
41
|
+
DEFAULT_PARAMS = Hash[CSRF_TOKEN => true].freeze
|
42
|
+
|
29
43
|
# Separator for #get
|
30
44
|
#
|
31
45
|
# @since 0.4.0
|
@@ -105,7 +119,11 @@ module Lotus
|
|
105
119
|
# @since 0.3.2
|
106
120
|
# @api private
|
107
121
|
def self.build_validation_class(&block)
|
108
|
-
kls = Class.new(Params)
|
122
|
+
kls = Class.new(Params) do
|
123
|
+
def lotus_nested_attributes?
|
124
|
+
true
|
125
|
+
end
|
126
|
+
end
|
109
127
|
kls.class_eval(&block)
|
110
128
|
kls
|
111
129
|
end
|
@@ -201,6 +219,18 @@ module Lotus
|
|
201
219
|
end
|
202
220
|
alias_method :to_hash, :to_h
|
203
221
|
|
222
|
+
# Assign CSRF Token.
|
223
|
+
# This method is here for compatibility with <tt>Lotus::Validations</tt>.
|
224
|
+
#
|
225
|
+
# NOTE: When we will not support indifferent access anymore, we can probably
|
226
|
+
# remove this method.
|
227
|
+
#
|
228
|
+
# @since 0.4.4
|
229
|
+
# @api private
|
230
|
+
def _csrf_token=(value)
|
231
|
+
@attributes.set(CSRF_TOKEN, value)
|
232
|
+
end
|
233
|
+
|
204
234
|
private
|
205
235
|
# @since 0.3.1
|
206
236
|
# @api private
|
@@ -236,12 +266,20 @@ module Lotus
|
|
236
266
|
def _whitelisted_params
|
237
267
|
{}.tap do |result|
|
238
268
|
_raw.to_h.each do |k, v|
|
239
|
-
next unless
|
269
|
+
next unless assign_attribute?(k)
|
240
270
|
|
241
271
|
result[k] = v
|
242
272
|
end
|
243
273
|
end
|
244
274
|
end
|
275
|
+
|
276
|
+
# Override <tt>Lotus::Validations</tt> method
|
277
|
+
#
|
278
|
+
# @since 0.4.4
|
279
|
+
# @api private
|
280
|
+
def assign_attribute?(key)
|
281
|
+
DEFAULT_PARAMS[key.to_s] || super
|
282
|
+
end
|
245
283
|
end
|
246
284
|
end
|
247
285
|
end
|
data/lib/lotus/action/rack.rb
CHANGED
@@ -255,7 +255,15 @@ module Lotus
|
|
255
255
|
#
|
256
256
|
# @since 0.3.2
|
257
257
|
def head?
|
258
|
-
|
258
|
+
request_method == HEAD
|
259
|
+
end
|
260
|
+
|
261
|
+
# NOTE: <tt>Lotus::Action::CSRFProtection</tt> (<tt>lotusrb</tt> gem) depends on this.
|
262
|
+
#
|
263
|
+
# @api private
|
264
|
+
# @since 0.4.4
|
265
|
+
def request_method
|
266
|
+
@_env[REQUEST_METHOD]
|
259
267
|
end
|
260
268
|
end
|
261
269
|
end
|
data/lib/lotus/action/session.rb
CHANGED
@@ -20,6 +20,16 @@ module Lotus
|
|
20
20
|
# @api private
|
21
21
|
ERRORS_KEY = :__errors
|
22
22
|
|
23
|
+
# Add session to default exposures
|
24
|
+
#
|
25
|
+
# @since 0.4.4
|
26
|
+
# @api private
|
27
|
+
def self.included(action)
|
28
|
+
action.class_eval do
|
29
|
+
expose :session
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
23
33
|
protected
|
24
34
|
|
25
35
|
# Gets the session from the request and expose it as an Hash.
|
data/lotus-controller.gemspec
CHANGED
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.required_ruby_version = '>= 2.0.0'
|
21
21
|
|
22
22
|
spec.add_dependency 'rack', '~> 1.5'
|
23
|
-
spec.add_dependency 'lotus-utils', '~> 0.
|
23
|
+
spec.add_dependency 'lotus-utils', '~> 0.5'
|
24
24
|
spec.add_dependency 'lotus-validations', '~> 0.3'
|
25
25
|
|
26
26
|
spec.add_development_dependency 'bundler', '~> 1.6'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lotus-controller
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Luca Guidi
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-
|
12
|
+
date: 2015-06-23 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rack
|
@@ -31,20 +31,14 @@ dependencies:
|
|
31
31
|
requirements:
|
32
32
|
- - "~>"
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version: '0.
|
35
|
-
- - ">="
|
36
|
-
- !ruby/object:Gem::Version
|
37
|
-
version: 0.4.2
|
34
|
+
version: '0.5'
|
38
35
|
type: :runtime
|
39
36
|
prerelease: false
|
40
37
|
version_requirements: !ruby/object:Gem::Requirement
|
41
38
|
requirements:
|
42
39
|
- - "~>"
|
43
40
|
- !ruby/object:Gem::Version
|
44
|
-
version: '0.
|
45
|
-
- - ">="
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: 0.4.2
|
41
|
+
version: '0.5'
|
48
42
|
- !ruby/object:Gem::Dependency
|
49
43
|
name: lotus-validations
|
50
44
|
requirement: !ruby/object:Gem::Requirement
|
@@ -177,7 +171,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
177
171
|
version: '0'
|
178
172
|
requirements: []
|
179
173
|
rubyforge_project:
|
180
|
-
rubygems_version: 2.4.
|
174
|
+
rubygems_version: 2.4.8
|
181
175
|
signing_key:
|
182
176
|
specification_version: 4
|
183
177
|
summary: Complete, fast and testable actions for Rack and Lotus
|