mini_auth 0.3.1 → 0.3.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +3 -0
- data/Gemfile +4 -4
- data/README.md +1 -1
- data/lib/mini_auth/version.rb +1 -1
- data/lib/mini_auth.rb +4 -7
- data/mini_auth.gemspec +4 -4
- data/spec/fake_app.rb +21 -1
- data/spec/mini_auth/mass_assignment_security_spec.rb +8 -0
- data/spec/mini_auth/password_digest_spec.rb +15 -1
- data/test_on_multiple_environments.sh +6 -12
- metadata +11 -11
- data/test_on_multiple_environments2.sh +0 -24
data/CHANGELOG.md
CHANGED
data/Gemfile
CHANGED
@@ -7,13 +7,13 @@ if rails_version == "edge"
|
|
7
7
|
elsif rails_version && rails_version.strip != ""
|
8
8
|
gem "rails", rails_version
|
9
9
|
else
|
10
|
-
gem "rails", ">= 3.2.
|
10
|
+
gem "rails", ">= 3.2.8"
|
11
11
|
end
|
12
12
|
|
13
13
|
gem "bcrypt-ruby", "~> 3.0.1"
|
14
14
|
|
15
15
|
group :test do
|
16
|
-
gem "rspec-rails", "~> 2.11.
|
17
|
-
gem "sqlite3", "~> 1.3.
|
18
|
-
gem "database_cleaner", "~> 0.
|
16
|
+
gem "rspec-rails", "~> 2.11.4"
|
17
|
+
gem "sqlite3", "~> 1.3.6"
|
18
|
+
gem "database_cleaner", "~> 0.9.1"
|
19
19
|
end
|
data/README.md
CHANGED
data/lib/mini_auth/version.rb
CHANGED
data/lib/mini_auth.rb
CHANGED
@@ -13,15 +13,8 @@ module MiniAuth
|
|
13
13
|
included do
|
14
14
|
attr_accessor :changing_password, :setting_password
|
15
15
|
attr_accessor *BASIC_ATTRIBUTES
|
16
|
-
attr_accessible *BASIC_ATTRIBUTES
|
17
16
|
|
18
17
|
validates :password, :new_password, :confirmation => true
|
19
|
-
|
20
|
-
if respond_to?(:attributes_protected_by_default)
|
21
|
-
def self.attributes_protected_by_default
|
22
|
-
super + [ 'password_digest', 'changing_password', 'setting_password' ]
|
23
|
-
end
|
24
|
-
end
|
25
18
|
|
26
19
|
validate do
|
27
20
|
if changing_password?
|
@@ -86,5 +79,9 @@ module MiniAuth
|
|
86
79
|
METHOD
|
87
80
|
end
|
88
81
|
end
|
82
|
+
|
83
|
+
def attributes_protected_by_default
|
84
|
+
super + [ 'password_digest', 'changing_password', 'setting_password' ]
|
85
|
+
end
|
89
86
|
end
|
90
87
|
end
|
data/mini_auth.gemspec
CHANGED
@@ -17,9 +17,9 @@ Gem::Specification.new do |s|
|
|
17
17
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
18
18
|
s.require_paths = ["lib"]
|
19
19
|
|
20
|
-
s.add_runtime_dependency "rails", ">= 3.1.
|
20
|
+
s.add_runtime_dependency "rails", ">= 3.1.8"
|
21
21
|
s.add_runtime_dependency "bcrypt-ruby", "~> 3.0.1"
|
22
|
-
s.add_development_dependency "rspec-rails", "~> 2.11.
|
23
|
-
s.add_development_dependency "sqlite3", "~> 1.3.
|
24
|
-
s.add_development_dependency "database_cleaner", "~> 0.
|
22
|
+
s.add_development_dependency "rspec-rails", "~> 2.11.4"
|
23
|
+
s.add_development_dependency "sqlite3", "~> 1.3.6"
|
24
|
+
s.add_development_dependency "database_cleaner", "~> 0.9.1"
|
25
25
|
end
|
data/spec/fake_app.rb
CHANGED
@@ -16,6 +16,17 @@ class CreateAllTables < ActiveRecord::Migration
|
|
16
16
|
t.string :auto_login_token
|
17
17
|
t.string :mail_confirmation_token
|
18
18
|
end
|
19
|
+
|
20
|
+
create_table(:members) do |t|
|
21
|
+
t.string :name
|
22
|
+
t.string :password_digest
|
23
|
+
end
|
24
|
+
|
25
|
+
create_table(:administrators) do |t|
|
26
|
+
t.string :name
|
27
|
+
t.string :password_digest
|
28
|
+
t.boolean :deleted
|
29
|
+
end
|
19
30
|
end
|
20
31
|
end
|
21
32
|
|
@@ -28,6 +39,15 @@ migration.change
|
|
28
39
|
class User < ActiveRecord::Base
|
29
40
|
include MiniAuth
|
30
41
|
|
31
|
-
attr_accessible :name
|
32
42
|
token :auto_login, :mail_confirmation
|
33
43
|
end
|
44
|
+
|
45
|
+
class Member < ActiveRecord::Base
|
46
|
+
include MiniAuth
|
47
|
+
attr_accessible :name
|
48
|
+
end
|
49
|
+
|
50
|
+
class Administrator < ActiveRecord::Base
|
51
|
+
include MiniAuth
|
52
|
+
attr_protected :deleted
|
53
|
+
end
|
@@ -1,10 +1,24 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe "password_digest" do
|
4
|
-
it "should be protected against mass assignment" do
|
4
|
+
it "should be protected against mass assignment by default" do
|
5
5
|
u = User.create!(:name => 'alice', :password => 'hotyoga')
|
6
6
|
d = u.password_digest.to_s
|
7
7
|
u.update_attributes :password_digest => 'dummy'
|
8
8
|
u.password_digest.to_s.should == d
|
9
9
|
end
|
10
|
+
|
11
|
+
it "should be protected against mass assignment when using white list protection" do
|
12
|
+
m = Member.create!(:name => 'alice', :password => 'hotyoga')
|
13
|
+
d = m.password_digest.to_s
|
14
|
+
m.update_attributes :password_digest => 'dummy'
|
15
|
+
m.password_digest.to_s.should == d
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should be protected against mass assignment when using black list protection" do
|
19
|
+
a = Administrator.create!(:name => 'alice', :password => 'hotyoga')
|
20
|
+
d = a.password_digest.to_s
|
21
|
+
a.update_attributes :password_digest => 'dummy'
|
22
|
+
a.password_digest.to_s.should == d
|
23
|
+
end
|
10
24
|
end
|
@@ -1,30 +1,24 @@
|
|
1
1
|
#!/bin/bash
|
2
|
+
#
|
3
|
+
# rbenv version
|
2
4
|
|
3
5
|
set -e
|
4
6
|
|
5
|
-
if [[ -s "$HOME/.rvm/scripts/rvm" ]] ; then
|
6
|
-
source "$HOME/.rvm/scripts/rvm"
|
7
|
-
elif [[ -s "/usr/local/rvm/scripts/rvm" ]] ; then
|
8
|
-
source "/usr/local/rvm/scripts/rvm"
|
9
|
-
else
|
10
|
-
printf "ERROR: An RVM installation was not found.\n"
|
11
|
-
fi
|
12
|
-
|
13
7
|
function run {
|
14
8
|
gem list --local bundler | grep bundler || gem install bundler --no-ri --no-rdoc
|
15
9
|
|
16
|
-
for version in 3.1.
|
10
|
+
for version in 3.1.8 3.2.8
|
17
11
|
do
|
18
12
|
echo "Running bundle exec rspec spec against rails $version..."
|
19
13
|
MINI_AUTH_RAILS_VERSION=$version bundle update rails
|
20
|
-
MINI_AUTH_RAILS_VERSION=$version bundle exec
|
14
|
+
MINI_AUTH_RAILS_VERSION=$version bundle exec rake spec
|
21
15
|
done
|
22
16
|
}
|
23
17
|
|
24
|
-
|
18
|
+
export RBENV_VERSION=1.8.7-p358
|
25
19
|
run
|
26
20
|
|
27
|
-
|
21
|
+
export RBENV_VERSION=1.9.3-p286
|
28
22
|
run
|
29
23
|
|
30
24
|
echo 'Success!'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mini_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-11-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
@@ -18,7 +18,7 @@ dependencies:
|
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version: 3.1.
|
21
|
+
version: 3.1.8
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -26,7 +26,7 @@ dependencies:
|
|
26
26
|
requirements:
|
27
27
|
- - ! '>='
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
version: 3.1.
|
29
|
+
version: 3.1.8
|
30
30
|
- !ruby/object:Gem::Dependency
|
31
31
|
name: bcrypt-ruby
|
32
32
|
requirement: !ruby/object:Gem::Requirement
|
@@ -50,7 +50,7 @@ dependencies:
|
|
50
50
|
requirements:
|
51
51
|
- - ~>
|
52
52
|
- !ruby/object:Gem::Version
|
53
|
-
version: 2.11.
|
53
|
+
version: 2.11.4
|
54
54
|
type: :development
|
55
55
|
prerelease: false
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -58,7 +58,7 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - ~>
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 2.11.
|
61
|
+
version: 2.11.4
|
62
62
|
- !ruby/object:Gem::Dependency
|
63
63
|
name: sqlite3
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
@@ -66,7 +66,7 @@ dependencies:
|
|
66
66
|
requirements:
|
67
67
|
- - ~>
|
68
68
|
- !ruby/object:Gem::Version
|
69
|
-
version: 1.3.
|
69
|
+
version: 1.3.6
|
70
70
|
type: :development
|
71
71
|
prerelease: false
|
72
72
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -74,7 +74,7 @@ dependencies:
|
|
74
74
|
requirements:
|
75
75
|
- - ~>
|
76
76
|
- !ruby/object:Gem::Version
|
77
|
-
version: 1.3.
|
77
|
+
version: 1.3.6
|
78
78
|
- !ruby/object:Gem::Dependency
|
79
79
|
name: database_cleaner
|
80
80
|
requirement: !ruby/object:Gem::Requirement
|
@@ -82,7 +82,7 @@ dependencies:
|
|
82
82
|
requirements:
|
83
83
|
- - ~>
|
84
84
|
- !ruby/object:Gem::Version
|
85
|
-
version: 0.
|
85
|
+
version: 0.9.1
|
86
86
|
type: :development
|
87
87
|
prerelease: false
|
88
88
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -90,7 +90,7 @@ dependencies:
|
|
90
90
|
requirements:
|
91
91
|
- - ~>
|
92
92
|
- !ruby/object:Gem::Version
|
93
|
-
version: 0.
|
93
|
+
version: 0.9.1
|
94
94
|
description: A minimal authentication module for Rails
|
95
95
|
email:
|
96
96
|
- hermes@oiax.jp
|
@@ -110,12 +110,12 @@ files:
|
|
110
110
|
- spec/fake_app.rb
|
111
111
|
- spec/mini_auth/authenticate_spec.rb
|
112
112
|
- spec/mini_auth/change_password_spec.rb
|
113
|
+
- spec/mini_auth/mass_assignment_security_spec.rb
|
113
114
|
- spec/mini_auth/password_digest_spec.rb
|
114
115
|
- spec/mini_auth/setting_password_spec.rb
|
115
116
|
- spec/mini_auth/token_spec.rb
|
116
117
|
- spec/spec_helper.rb
|
117
118
|
- test_on_multiple_environments.sh
|
118
|
-
- test_on_multiple_environments2.sh
|
119
119
|
homepage: https://github.com/kuroda/mini_auth
|
120
120
|
licenses: []
|
121
121
|
post_install_message:
|
@@ -1,24 +0,0 @@
|
|
1
|
-
#!/bin/bash
|
2
|
-
#
|
3
|
-
# rbenv version
|
4
|
-
|
5
|
-
set -e
|
6
|
-
|
7
|
-
function run {
|
8
|
-
gem list --local bundler | grep bundler || gem install bundler --no-ri --no-rdoc
|
9
|
-
|
10
|
-
for version in 3.1.6 3.2.6
|
11
|
-
do
|
12
|
-
echo "Running bundle exec rspec spec against rails $version..."
|
13
|
-
MINI_AUTH_RAILS_VERSION=$version bundle update rails
|
14
|
-
MINI_AUTH_RAILS_VERSION=$version bundle exec rake spec
|
15
|
-
done
|
16
|
-
}
|
17
|
-
|
18
|
-
export RBENV_VERSION=1.8.7-p358
|
19
|
-
run
|
20
|
-
|
21
|
-
export RBENV_VERSION=1.9.3-p194
|
22
|
-
run
|
23
|
-
|
24
|
-
echo 'Success!'
|