RubyGems - mini_auth - Versions diffs - 0.3.1 → 0.3.2 - Mend

mini_auth 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

data/CHANGELOG.md +3 -0
data/Gemfile +4 -4
data/README.md +1 -1
data/lib/mini_auth/version.rb +1 -1
data/lib/mini_auth.rb +4 -7
data/mini_auth.gemspec +4 -4
data/spec/fake_app.rb +21 -1
data/spec/mini_auth/mass_assignment_security_spec.rb +8 -0
data/spec/mini_auth/password_digest_spec.rb +15 -1
data/test_on_multiple_environments.sh +6 -12
metadata +11 -11
data/test_on_multiple_environments2.sh +0 -24

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,6 @@
+## 0.3.2 (2012-11-08)
+* Don't protect all columns from mass assignment by default.
 ## 0.3.1 (2012-07-18)
 * Set `password_digest` when the user is saved without validation.

data/Gemfile CHANGED Viewed

@@ -7,13 +7,13 @@ if rails_version == "edge"
 elsif rails_version && rails_version.strip != ""
   gem "rails", rails_version
 else
-  gem "rails", ">= 3.2.6"
+  gem "rails", ">= 3.2.8"
 end
 gem "bcrypt-ruby", "~> 3.0.1"
 group :test do
-  gem "rspec-rails", "~> 2.11.0"
-  gem "sqlite3", "~> 1.3.4"
-  gem "database_cleaner", "~> 0.7.0"
+  gem "rspec-rails", "~> 2.11.4"
+  gem "sqlite3", "~> 1.3.6"
+  gem "database_cleaner", "~> 0.9.1"
 end

data/README.md CHANGED Viewed

@@ -269,4 +269,4 @@ License
 Copyright
 ---------
-Copyright (c) 2011 Tsutomu Kuroda <t-kuroda@oiax.jp>.
+Copyright (c) 2011-2012 Tsutomu Kuroda <t-kuroda@oiax.jp>.

data/lib/mini_auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module MiniAuth
-  VERSION = "0.3.1"
+  VERSION = "0.3.2"
 end

data/lib/mini_auth.rb CHANGED Viewed

@@ -13,15 +13,8 @@ module MiniAuth
   included do
     attr_accessor :changing_password, :setting_password
     attr_accessor *BASIC_ATTRIBUTES
-    attr_accessible *BASIC_ATTRIBUTES
     validates :password, :new_password, :confirmation => true
-    if respond_to?(:attributes_protected_by_default)
-      def self.attributes_protected_by_default
-        super + [ 'password_digest', 'changing_password', 'setting_password' ]
-      end
-    end
     validate do
       if changing_password?
@@ -86,5 +79,9 @@ module MiniAuth
         METHOD
       end
     end
+    def attributes_protected_by_default
+      super + [ 'password_digest', 'changing_password', 'setting_password' ]
+    end
   end
 end

data/mini_auth.gemspec CHANGED Viewed

@@ -17,9 +17,9 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  s.add_runtime_dependency "rails", ">= 3.1.6"
+  s.add_runtime_dependency "rails", ">= 3.1.8"
   s.add_runtime_dependency "bcrypt-ruby", "~> 3.0.1"
-  s.add_development_dependency "rspec-rails", "~> 2.11.0"
-  s.add_development_dependency "sqlite3", "~> 1.3.4"
-  s.add_development_dependency "database_cleaner", "~> 0.7.0"
+  s.add_development_dependency "rspec-rails", "~> 2.11.4"
+  s.add_development_dependency "sqlite3", "~> 1.3.6"
+  s.add_development_dependency "database_cleaner", "~> 0.9.1"
 end

data/spec/fake_app.rb CHANGED Viewed

@@ -16,6 +16,17 @@ class CreateAllTables < ActiveRecord::Migration
       t.string :auto_login_token
       t.string :mail_confirmation_token
     end
+    create_table(:members) do |t|
+      t.string :name
+      t.string :password_digest
+    end
+    create_table(:administrators) do |t|
+      t.string :name
+      t.string :password_digest
+      t.boolean :deleted
+    end
   end
 end
@@ -28,6 +39,15 @@ migration.change
 class User < ActiveRecord::Base
   include MiniAuth
-  attr_accessible :name
   token :auto_login, :mail_confirmation
 end
+class Member < ActiveRecord::Base
+  include MiniAuth
+  attr_accessible :name
+end
+class Administrator < ActiveRecord::Base
+  include MiniAuth
+  attr_protected :deleted
+end

data/spec/mini_auth/mass_assignment_security_spec.rb ADDED Viewed

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "mass assignment security" do
+  it "should not protect all columns by default" do
+    u = User.create!(:name => 'alice', :password => 'hotyoga')
+    u.name.should eq 'alice'
+  end
+end

data/spec/mini_auth/password_digest_spec.rb CHANGED Viewed

@@ -1,10 +1,24 @@
 require 'spec_helper'
 describe "password_digest" do
-  it "should be protected against mass assignment" do
+  it "should be protected against mass assignment by default" do
     u = User.create!(:name => 'alice', :password => 'hotyoga')
     d = u.password_digest.to_s
     u.update_attributes :password_digest => 'dummy'
     u.password_digest.to_s.should == d
   end
+  it "should be protected against mass assignment when using white list protection" do
+    m = Member.create!(:name => 'alice', :password => 'hotyoga')
+    d = m.password_digest.to_s
+    m.update_attributes :password_digest => 'dummy'
+    m.password_digest.to_s.should == d
+  end
+  it "should be protected against mass assignment when using black list protection" do
+    a = Administrator.create!(:name => 'alice', :password => 'hotyoga')
+    d = a.password_digest.to_s
+    a.update_attributes :password_digest => 'dummy'
+    a.password_digest.to_s.should == d
+  end
 end

data/test_on_multiple_environments.sh CHANGED Viewed

@@ -1,30 +1,24 @@
 #!/bin/bash
+#
+# rbenv version
 set -e
-if [[ -s "$HOME/.rvm/scripts/rvm" ]] ; then
-  source "$HOME/.rvm/scripts/rvm"
-elif [[ -s "/usr/local/rvm/scripts/rvm" ]] ; then
-  source "/usr/local/rvm/scripts/rvm"
-else
-  printf "ERROR: An RVM installation was not found.\n"
-fi
 function run {
   gem list --local bundler | grep bundler || gem install bundler --no-ri --no-rdoc
-  for version in 3.1.3 3.2.0.rc1
+  for version in 3.1.8 3.2.8
   do
     echo "Running bundle exec rspec spec against rails $version..."
     MINI_AUTH_RAILS_VERSION=$version bundle update rails
-    MINI_AUTH_RAILS_VERSION=$version bundle exec rspec spec
+    MINI_AUTH_RAILS_VERSION=$version bundle exec rake spec
   done
 }
-rvm use ruby-1.8.7@mini_auth --create
+export RBENV_VERSION=1.8.7-p358
 run
-rvm use ruby-1.9.3@mini_auth --create
+export RBENV_VERSION=1.9.3-p286
 run
 echo 'Success!'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mini_auth
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-07-18 00:00:00.000000000 Z
+date: 2012-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -18,7 +18,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 3.1.6
+        version: 3.1.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 3.1.6
+        version: 3.1.8
 - !ruby/object:Gem::Dependency
   name: bcrypt-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -50,7 +50,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.11.0
+        version: 2.11.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -58,7 +58,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.11.0
+        version: 2.11.4
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -66,7 +66,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -74,7 +74,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.6
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
@@ -82,7 +82,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: 0.9.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -90,7 +90,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: 0.9.1
 description: A minimal authentication module for Rails
 email:
 - hermes@oiax.jp
@@ -110,12 +110,12 @@ files:
 - spec/fake_app.rb
 - spec/mini_auth/authenticate_spec.rb
 - spec/mini_auth/change_password_spec.rb
+- spec/mini_auth/mass_assignment_security_spec.rb
 - spec/mini_auth/password_digest_spec.rb
 - spec/mini_auth/setting_password_spec.rb
 - spec/mini_auth/token_spec.rb
 - spec/spec_helper.rb
 - test_on_multiple_environments.sh
-- test_on_multiple_environments2.sh
 homepage: https://github.com/kuroda/mini_auth
 licenses: []
 post_install_message:

data/test_on_multiple_environments2.sh DELETED Viewed

@@ -1,24 +0,0 @@
-#!/bin/bash
-#
-# rbenv version
-set -e
-function run {
-  gem list --local bundler | grep bundler || gem install bundler --no-ri --no-rdoc
-  for version in 3.1.6 3.2.6
-  do
-    echo "Running bundle exec rspec spec against rails $version..."
-    MINI_AUTH_RAILS_VERSION=$version bundle update rails
-    MINI_AUTH_RAILS_VERSION=$version bundle exec rake spec
-  done
-}
-export RBENV_VERSION=1.8.7-p358
-run
-export RBENV_VERSION=1.9.3-p194
-run
-echo 'Success!'