RubyGems - mini_auth - Versions diffs - 0.3.1 → 0.3.2 - Mend

mini_auth 0.3.1 → 0.3.2

Files changed (12) hide show

data/CHANGELOG.md +3 -0
data/Gemfile +4 -4
data/README.md +1 -1
data/lib/mini_auth/version.rb +1 -1
data/lib/mini_auth.rb +4 -7
data/mini_auth.gemspec +4 -4
data/spec/fake_app.rb +21 -1
data/spec/mini_auth/mass_assignment_security_spec.rb +8 -0
data/spec/mini_auth/password_digest_spec.rb +15 -1
data/test_on_multiple_environments.sh +6 -12
metadata +11 -11
data/test_on_multiple_environments2.sh +0 -24

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,6 @@
+## 0.3.2 (2012-11-08)
+* Don't protect all columns from mass assignment by default.
 ## 0.3.1 (2012-07-18)
 * Set `password_digest` when the user is saved without validation.

data/Gemfile CHANGED Viewed

@@ -7,13 +7,13 @@ if rails_version == "edge"
 elsif rails_version && rails_version.strip != ""
   gem "rails", rails_version
 else
-  gem "rails", ">= 3.2.6"
+  gem "rails", ">= 3.2.8"
 end
 gem "bcrypt-ruby", "~> 3.0.1"
 group :test do
-  gem "rspec-rails", "~> 2.11.0"
-  gem "sqlite3", "~> 1.3.4"
-  gem "database_cleaner", "~> 0.7.0"
+  gem "rspec-rails", "~> 2.11.4"
+  gem "sqlite3", "~> 1.3.6"
+  gem "database_cleaner", "~> 0.9.1"
 end

data/README.md CHANGED Viewed

@@ -269,4 +269,4 @@ License
 Copyright
 ---------
-Copyright (c) 2011 Tsutomu Kuroda <t-kuroda@oiax.jp>.
+Copyright (c) 2011-2012 Tsutomu Kuroda <t-kuroda@oiax.jp>.

data/lib/mini_auth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module MiniAuth
-  VERSION = "0.3.1"
+  VERSION = "0.3.2"
 end

data/lib/mini_auth.rb CHANGED Viewed

@@ -13,15 +13,8 @@ module MiniAuth
   included do
     attr_accessor :changing_password, :setting_password
     attr_accessor *BASIC_ATTRIBUTES
-    attr_accessible *BASIC_ATTRIBUTES
     validates :password, :new_password, :confirmation => true
-    if respond_to?(:attributes_protected_by_default)
-      def self.attributes_protected_by_default
-        super + [ 'password_digest', 'changing_password', 'setting_password' ]
-      end
-    end
     validate do
       if changing_password?
@@ -86,5 +79,9 @@ module MiniAuth
         METHOD
       end
     end
+    def attributes_protected_by_default
+      super + [ 'password_digest', 'changing_password', 'setting_password' ]
+    end
   end
 end

data/mini_auth.gemspec CHANGED Viewed

@@ -17,9 +17,9 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  s.add_runtime_dependency "rails", ">= 3.1.6"
+  s.add_runtime_dependency "rails", ">= 3.1.8"
   s.add_runtime_dependency "bcrypt-ruby", "~> 3.0.1"
-  s.add_development_dependency "rspec-rails", "~> 2.11.0"
-  s.add_development_dependency "sqlite3", "~> 1.3.4"
-  s.add_development_dependency "database_cleaner", "~> 0.7.0"
+  s.add_development_dependency "rspec-rails", "~> 2.11.4"
+  s.add_development_dependency "sqlite3", "~> 1.3.6"
+  s.add_development_dependency "database_cleaner", "~> 0.9.1"
 end

data/spec/fake_app.rb CHANGED Viewed

@@ -16,6 +16,17 @@ class CreateAllTables < ActiveRecord::Migration
       t.string :auto_login_token
       t.string :mail_confirmation_token
     end
+    create_table(:members) do |t|
+      t.string :name
+      t.string :password_digest
+    end
+    create_table(:administrators) do |t|
+      t.string :name
+      t.string :password_digest
+      t.boolean :deleted
+    end
   end
 end
@@ -28,6 +39,15 @@ migration.change
 class User < ActiveRecord::Base
   include MiniAuth
-  attr_accessible :name
   token :auto_login, :mail_confirmation
 end
+class Member < ActiveRecord::Base
+  include MiniAuth
+  attr_accessible :name
+end
+class Administrator < ActiveRecord::Base
+  include MiniAuth
+  attr_protected :deleted
+end

data/spec/mini_auth/mass_assignment_security_spec.rb ADDED Viewed

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "mass assignment security" do
+  it "should not protect all columns by default" do
+    u = User.create!(:name => 'alice', :password => 'hotyoga')
+    u.name.should eq 'alice'
+  end
+end

data/spec/mini_auth/password_digest_spec.rb CHANGED Viewed

@@ -1,10 +1,24 @@
 require 'spec_helper'
 describe "password_digest" do
-  it "should be protected against mass assignment" do
+  it "should be protected against mass assignment by default" do
     u = User.create!(:name => 'alice', :password => 'hotyoga')
     d = u.password_digest.to_s
     u.update_attributes :password_digest => 'dummy'
     u.password_digest.to_s.should == d
   end
+  it "should be protected against mass assignment when using white list protection" do
+    m = Member.create!(:name => 'alice', :password => 'hotyoga')
+    d = m.password_digest.to_s
+    m.update_attributes :password_digest => 'dummy'
+    m.password_digest.to_s.should == d
+  end
+  it "should be protected against mass assignment when using black list protection" do
+    a = Administrator.create!(:name => 'alice', :password => 'hotyoga')
+    d = a.password_digest.to_s
+    a.update_attributes :password_digest => 'dummy'
+    a.password_digest.to_s.should == d
+  end
 end

data/test_on_multiple_environments.sh CHANGED Viewed

@@ -1,30 +1,24 @@
 #!/bin/bash
+#
+# rbenv version
 set -e
-if [[ -s "$HOME/.rvm/scripts/rvm" ]] ; then
-  source "$HOME/.rvm/scripts/rvm"
-elif [[ -s "/usr/local/rvm/scripts/rvm" ]] ; then
-  source "/usr/local/rvm/scripts/rvm"
-else
-  printf "ERROR: An RVM installation was not found.\n"
-fi
 function run {
   gem list --local bundler | grep bundler || gem install bundler --no-ri --no-rdoc
-  for version in 3.1.3 3.2.0.rc1
+  for version in 3.1.8 3.2.8
   do
     echo "Running bundle exec rspec spec against rails $version..."
     MINI_AUTH_RAILS_VERSION=$version bundle update rails
-    MINI_AUTH_RAILS_VERSION=$version bundle exec rspec spec
+    MINI_AUTH_RAILS_VERSION=$version bundle exec rake spec
   done
 }
-rvm use ruby-1.8.7@mini_auth --create
+export RBENV_VERSION=1.8.7-p358
 run
-rvm use ruby-1.9.3@mini_auth --create
+export RBENV_VERSION=1.9.3-p286
 run
 echo 'Success!'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mini_auth
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-07-18 00:00:00.000000000 Z
+date: 2012-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -18,7 +18,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 3.1.6
+        version: 3.1.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 3.1.6
+        version: 3.1.8
 - !ruby/object:Gem::Dependency
   name: bcrypt-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -50,7 +50,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.11.0
+        version: 2.11.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -58,7 +58,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.11.0
+        version: 2.11.4
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -66,7 +66,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -74,7 +74,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.6
 - !ruby/object:Gem::Dependency
   name: database_cleaner
   requirement: !ruby/object:Gem::Requirement
@@ -82,7 +82,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: 0.9.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -90,7 +90,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: 0.9.1
 description: A minimal authentication module for Rails
 email:
 - hermes@oiax.jp
@@ -110,12 +110,12 @@ files:
 - spec/fake_app.rb
 - spec/mini_auth/authenticate_spec.rb
 - spec/mini_auth/change_password_spec.rb
+- spec/mini_auth/mass_assignment_security_spec.rb
 - spec/mini_auth/password_digest_spec.rb
 - spec/mini_auth/setting_password_spec.rb
 - spec/mini_auth/token_spec.rb
 - spec/spec_helper.rb
 - test_on_multiple_environments.sh
-- test_on_multiple_environments2.sh
 homepage: https://github.com/kuroda/mini_auth
 licenses: []
 post_install_message:

data/test_on_multiple_environments2.sh DELETED Viewed

@@ -1,24 +0,0 @@
-#!/bin/bash
-#
-# rbenv version
-set -e
-function run {
-  gem list --local bundler | grep bundler || gem install bundler --no-ri --no-rdoc
-  for version in 3.1.6 3.2.6
-  do
-    echo "Running bundle exec rspec spec against rails $version..."
-    MINI_AUTH_RAILS_VERSION=$version bundle update rails
-    MINI_AUTH_RAILS_VERSION=$version bundle exec rake spec
-  done
-}
-export RBENV_VERSION=1.8.7-p358
-run
-export RBENV_VERSION=1.9.3-p194
-run
-echo 'Success!'