omniauth-rails_csrf_protection 1.0.0 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f892f67e16cc87463da3671c7109d84cf2c672ab9f48e3f15c0ea26e2d0de891
4
- data.tar.gz: 972512c31e47d1ca67255adf9e962a1082c3025ae28dbc9f27abdbdc726784c8
3
+ metadata.gz: ca8b6b6b0f1b3f05b0317c4e0f629529a44158edc57497fee9eec34a1422125d
4
+ data.tar.gz: 640c1535d81dea4a56fac9e851dc595f351d05dfc53e11ef3a720aeba1d2b770
5
5
  SHA512:
6
- metadata.gz: bd891acf5bbde8455180fe33d076bee9d62413d06c32a610336586346c40ff71a1f30adf5b3cfaf2ad4f768f9f69fbbf27040a0c805bc09462b27e3f7e10115a
7
- data.tar.gz: e17f26e0b3224a0f5c8660ec7f7d7524690b18df2f1004f9bdc097cdef04026c6d7c4c15433d0d349087333b4a381b79624b65c9361975c1a123ca34313643b2
6
+ metadata.gz: 9db585b6633c9a06372ed96fd2c4a59502d75f7eb39c69f25c92bd0706ad5d2f0ae03d8471fd8ff19342cf98b01159ed742251eb568b200960eb031956b3976a
7
+ data.tar.gz: d6ff32d88319e0072a760853da4a7dca07bfab9ad6a5243552df8eeb7a603ee133f69a38686ce3d591c29b4bb131217348c0a6bc8010c1e45aea3478235e0cb5
data/README.md CHANGED
@@ -5,8 +5,6 @@ Forgery on the request phase when using OmniAuth gem with a Ruby on Rails
5
5
  application) by implementing a CSRF token verifier that directly uses
6
6
  `ActionController::RequestForgeryProtection` code from Rails.
7
7
 
8
- [![CircleCI](https://circleci.com/gh/cookpad/omniauth-rails_csrf_protection/tree/master.svg?style=svg)](https://circleci.com/gh/cookpad/omniauth-rails_csrf_protection/tree/master)
9
-
10
8
  [CVE-2015-9284]: https://nvd.nist.gov/vuln/detail/CVE-2015-9284
11
9
 
12
10
  ## Usage
@@ -49,4 +47,4 @@ The gem is available as open source under the terms of the
49
47
 
50
48
  Everyone interacting in the this project’s codebases, issue trackers, chat
51
49
  rooms and mailing lists is expected to follow the
52
- [code of conduct](https://github.com/cookpad/omniauth-rails_csrf_protection/blob/master/CODE_OF_CONDUCT.md).
50
+ [code of conduct](https://github.com/cookpad/omniauth-rails_csrf_protection/blob/main/CODE_OF_CONDUCT.md).
@@ -1,3 +1,4 @@
1
+ require "omniauth"
1
2
  require "omniauth/rails_csrf_protection/token_verifier"
2
3
 
3
4
  module OmniAuth
@@ -28,6 +28,10 @@ module OmniAuth
28
28
  end
29
29
 
30
30
  def call(env)
31
+ dup._call(env)
32
+ end
33
+
34
+ def _call(env)
31
35
  @request = ActionDispatch::Request.new(env.dup)
32
36
 
33
37
  unless verified_request?
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module RailsCsrfProtection
3
- VERSION = "1.0.0".freeze
3
+ VERSION = "1.0.2".freeze
4
4
  end
5
5
  end
data/test/test_helper.rb CHANGED
@@ -18,7 +18,12 @@ silence_warnings do
18
18
  gemfile do
19
19
  source "https://rubygems.org"
20
20
 
21
- gem "rails"
21
+ if ENV["RAILS_VERSION"] == "edge"
22
+ gem "rails", git: "https://github.com/rails/rails.git", branch: "main"
23
+ else
24
+ gem "rails"
25
+ end
26
+
22
27
  gem "omniauth"
23
28
  gem "omniauth-rails_csrf_protection", path: File.expand_path("..", __dir__)
24
29
  end
@@ -34,7 +39,7 @@ require "minitest/autorun"
34
39
  class TestApp < Rails::Application
35
40
  config.root = __dir__
36
41
  config.session_store :cookie_store, key: "cookie_store_key"
37
- secrets.secret_key_base = "secret_key_base"
42
+ config.secret_key_base = "secret_key_base"
38
43
  config.eager_load = false
39
44
  config.hosts = []
40
45
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-rails_csrf_protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cookpad Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-14 00:00:00.000000000 Z
11
+ date: 2024-05-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -105,19 +105,12 @@ executables: []
105
105
  extensions: []
106
106
  extra_rdoc_files: []
107
107
  files:
108
- - ".circleci/config.yml"
109
- - ".gitignore"
110
- - ".rubocop.yml"
111
- - CODE_OF_CONDUCT.md
112
- - Gemfile
113
108
  - LICENSE.txt
114
109
  - README.md
115
- - Rakefile
116
110
  - lib/omniauth/rails_csrf_protection.rb
117
111
  - lib/omniauth/rails_csrf_protection/railtie.rb
118
112
  - lib/omniauth/rails_csrf_protection/token_verifier.rb
119
113
  - lib/omniauth/rails_csrf_protection/version.rb
120
- - omniauth-rails_csrf_protection.gemspec
121
114
  - test/application_test.rb
122
115
  - test/test_helper.rb
123
116
  homepage: https://github.com/cookpad/omniauth-rails_csrf_protection
@@ -139,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
139
132
  - !ruby/object:Gem::Version
140
133
  version: '0'
141
134
  requirements: []
142
- rubygems_version: 3.1.4
135
+ rubygems_version: 3.5.3
143
136
  signing_key:
144
137
  specification_version: 4
145
138
  summary: Provides CSRF protection on OmniAuth request endpoint on Rails application.
data/.circleci/config.yml DELETED
@@ -1,203 +0,0 @@
1
- version: 2.1
2
-
3
- build_steps: &build_steps
4
- steps:
5
- - checkout
6
- - run:
7
- name: Install dependencies
8
- command: bundle update
9
- - run:
10
- command: |-
11
- echo "Ruby version:" $(ruby -v)
12
- echo "Rails version: " $(rails -v)
13
- name: Show build information
14
- - run:
15
- name: Run tests
16
- command: rake
17
-
18
- ruby-2-4: &ruby-2-4
19
- docker:
20
- - image: circleci/ruby:2.4
21
-
22
- ruby-2-5: &ruby-2-5
23
- docker:
24
- - image: circleci/ruby:2.5
25
-
26
- ruby-2-6: &ruby-2-6
27
- docker:
28
- - image: circleci/ruby:2.6
29
-
30
- ruby-2-7: &ruby-2-7
31
- docker:
32
- - image: circleci/ruby:2.7
33
-
34
- ruby-3-0: &ruby-3-0
35
- docker:
36
- - image: circleci/ruby:3.0
37
-
38
- rails-4-2: &rails-4-2
39
- environment:
40
- RAILS_VERSION: "~> 4.2.0"
41
-
42
- rails-5-0: &rails-5-0
43
- environment:
44
- RAILS_VERSION: "~> 5.0.0"
45
-
46
- rails-5-1: &rails-5-1
47
- environment:
48
- RAILS_VERSION: "~> 5.1.0"
49
-
50
- rails-5-2: &rails-5-2
51
- environment:
52
- RAILS_VERSION: "~> 5.2.0"
53
-
54
- rails-6-0: &rails-6-0
55
- environment:
56
- RAILS_VERSION: "~> 6.0.0"
57
-
58
- rails-6-1: &rails-6-1
59
- environment:
60
- RAILS_VERSION: "~> 6.1.0"
61
-
62
- rails-edge: &rails-edge
63
- environment:
64
- RAILS_BRANCH: "master"
65
-
66
- jobs:
67
- "ruby-2-4-rails-4-2":
68
- <<: *ruby-2-4
69
- <<: *rails-4-2
70
- <<: *build_steps
71
- "ruby-2-4-rails-5-0":
72
- <<: *ruby-2-4
73
- <<: *rails-5-0
74
- <<: *build_steps
75
- "ruby-2-4-rails-5-1":
76
- <<: *ruby-2-4
77
- <<: *rails-5-1
78
- <<: *build_steps
79
- "ruby-2-4-rails-5-2":
80
- <<: *ruby-2-4
81
- <<: *rails-5-2
82
- <<: *build_steps
83
-
84
- "ruby-2-5-rails-5-0":
85
- <<: *ruby-2-5
86
- <<: *rails-5-0
87
- <<: *build_steps
88
- "ruby-2-5-rails-5-1":
89
- <<: *ruby-2-5
90
- <<: *rails-5-1
91
- <<: *build_steps
92
- "ruby-2-5-rails-5-2":
93
- <<: *ruby-2-5
94
- <<: *rails-5-2
95
- <<: *build_steps
96
- "ruby-2-5-rails-6-0":
97
- <<: *ruby-2-5
98
- <<: *rails-6-0
99
- <<: *build_steps
100
- "ruby-2-5-rails-6-1":
101
- <<: *ruby-2-5
102
- <<: *rails-6-1
103
- <<: *build_steps
104
- "ruby-2-5-rails-edge":
105
- <<: *ruby-2-5
106
- <<: *rails-edge
107
- <<: *build_steps
108
-
109
- "ruby-2-6-rails-5-0":
110
- <<: *ruby-2-6
111
- <<: *rails-5-0
112
- <<: *build_steps
113
- "ruby-2-6-rails-5-1":
114
- <<: *ruby-2-6
115
- <<: *rails-5-1
116
- <<: *build_steps
117
- "ruby-2-6-rails-5-2":
118
- <<: *ruby-2-6
119
- <<: *rails-5-2
120
- <<: *build_steps
121
- "ruby-2-6-rails-6-0":
122
- <<: *ruby-2-6
123
- <<: *rails-6-0
124
- <<: *build_steps
125
- "ruby-2-6-rails-6-1":
126
- <<: *ruby-2-6
127
- <<: *rails-6-1
128
- <<: *build_steps
129
- "ruby-2-6-rails-edge":
130
- <<: *ruby-2-6
131
- <<: *rails-edge
132
- <<: *build_steps
133
-
134
- "ruby-2-7-rails-5-0":
135
- <<: *ruby-2-7
136
- <<: *rails-5-0
137
- <<: *build_steps
138
- "ruby-2-7-rails-5-1":
139
- <<: *ruby-2-7
140
- <<: *rails-5-1
141
- <<: *build_steps
142
- "ruby-2-7-rails-5-2":
143
- <<: *ruby-2-7
144
- <<: *rails-5-2
145
- <<: *build_steps
146
- "ruby-2-7-rails-6-0":
147
- <<: *ruby-2-7
148
- <<: *rails-6-0
149
- <<: *build_steps
150
- "ruby-2-7-rails-6-1":
151
- <<: *ruby-2-7
152
- <<: *rails-6-1
153
- <<: *build_steps
154
- "ruby-2-7-rails-edge":
155
- <<: *ruby-2-7
156
- <<: *rails-edge
157
- <<: *build_steps
158
-
159
- "ruby-3-0-rails-6-0":
160
- <<: *ruby-3-0
161
- <<: *rails-6-0
162
- <<: *build_steps
163
- "ruby-3-0-rails-6-1":
164
- <<: *ruby-3-0
165
- <<: *rails-6-1
166
- <<: *build_steps
167
- "ruby-3-0-rails-edge":
168
- <<: *ruby-3-0
169
- <<: *rails-edge
170
- <<: *build_steps
171
-
172
- workflows:
173
- version: 2
174
- build:
175
- jobs:
176
- - "ruby-2-4-rails-4-2"
177
- - "ruby-2-4-rails-5-1"
178
- - "ruby-2-4-rails-5-2"
179
-
180
- - "ruby-2-5-rails-5-0"
181
- - "ruby-2-5-rails-5-1"
182
- - "ruby-2-5-rails-5-2"
183
- - "ruby-2-5-rails-6-0"
184
- - "ruby-2-5-rails-6-1"
185
- - "ruby-2-5-rails-edge"
186
-
187
- - "ruby-2-6-rails-5-0"
188
- - "ruby-2-6-rails-5-1"
189
- - "ruby-2-6-rails-5-2"
190
- - "ruby-2-6-rails-6-0"
191
- - "ruby-2-6-rails-6-1"
192
- - "ruby-2-6-rails-edge"
193
-
194
- - "ruby-2-7-rails-5-0"
195
- - "ruby-2-7-rails-5-1"
196
- - "ruby-2-7-rails-5-2"
197
- - "ruby-2-7-rails-6-0"
198
- - "ruby-2-7-rails-6-1"
199
- - "ruby-2-7-rails-edge"
200
-
201
- - "ruby-3-0-rails-6-0"
202
- - "ruby-3-0-rails-6-1"
203
- - "ruby-3-0-rails-edge"
data/.gitignore DELETED
@@ -1,10 +0,0 @@
1
- /.bundle/
2
- /.rubocop-*
3
- /.yardoc
4
- /Gemfile.lock
5
- /_yardoc/
6
- /coverage/
7
- /doc/
8
- /pkg/
9
- /spec/reports/
10
- /tmp/
data/.rubocop.yml DELETED
@@ -1,9 +0,0 @@
1
- inherit_from:
2
- - https://raw.githubusercontent.com/cookpad/global-style-guides/master/.rubocop.yml
3
-
4
- AllCops:
5
- TargetRubyVersion: 2.5
6
-
7
- # Disable this as this does not apply to rack-test
8
- Rails/HttpPositionalArguments:
9
- Enabled: false
data/CODE_OF_CONDUCT.md DELETED
@@ -1,75 +0,0 @@
1
- # Contributor Covenant Code of Conduct
2
-
3
- ## Our Pledge
4
-
5
- In the interest of fostering an open and welcoming environment, we as
6
- contributors and maintainers pledge to making participation in our project and
7
- our community a harassment-free experience for everyone, regardless of age,
8
- body size, disability, ethnicity, gender identity and expression, level of
9
- experience, nationality, personal appearance, race, religion, or sexual
10
- identity and orientation.
11
-
12
- ## Our Standards
13
-
14
- Examples of behavior that contributes to creating a positive environment
15
- include:
16
-
17
- * Using welcoming and inclusive language
18
- * Being respectful of differing viewpoints and experiences
19
- * Gracefully accepting constructive criticism
20
- * Focusing on what is best for the community
21
- * Showing empathy towards other community members
22
-
23
- Examples of unacceptable behavior by participants include:
24
-
25
- * The use of sexualized language or imagery and unwelcome sexual attention or
26
- advances
27
- * Trolling, insulting/derogatory comments, and personal or political attacks
28
- * Public or private harassment
29
- * Publishing others' private information, such as a physical or electronic
30
- address, without explicit permission
31
- * Other conduct which could reasonably be considered inappropriate in a
32
- professional setting
33
-
34
- ## Our Responsibilities
35
-
36
- Project maintainers are responsible for clarifying the standards of acceptable
37
- behavior and are expected to take appropriate and fair corrective action in
38
- response to any instances of unacceptable behavior.
39
-
40
- Project maintainers have the right and responsibility to remove, edit, or
41
- reject comments, commits, code, wiki edits, issues, and other contributions
42
- that are not aligned to this Code of Conduct, or to ban temporarily or
43
- permanently any contributor for other behaviors that they deem inappropriate,
44
- threatening, offensive, or harmful.
45
-
46
- ## Scope
47
-
48
- This Code of Conduct applies both within project spaces and in public spaces
49
- when an individual is representing the project or its community. Examples of
50
- representing a project or community include using an official project e-mail
51
- address, posting via an official social media account, or acting as an
52
- appointed representative at an online or offline event. Representation of a
53
- project may be further defined and clarified by project maintainers.
54
-
55
- ## Enforcement
56
-
57
- Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
- reported by contacting the project team at kaihatsu@cookpad.com. All complaints
59
- will be reviewed and investigated and will result in a response that is deemed
60
- necessary and appropriate to the circumstances. The project team is obligated
61
- to maintain confidentiality with regard to the reporter of an incident.
62
- Further details of specific enforcement policies may be posted separately.
63
-
64
- Project maintainers who do not follow or enforce the Code of Conduct in good
65
- faith may face temporary or permanent repercussions as determined by other
66
- members of the project's leadership.
67
-
68
- ## Attribution
69
-
70
- This Code of Conduct is adapted from the [Contributor Covenant][homepage],
71
- version 1.4, available at
72
- [http://contributor-covenant.org/version/1/4][version]
73
-
74
- [homepage]: http://contributor-covenant.org
75
- [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile DELETED
@@ -1,11 +0,0 @@
1
- source "https://rubygems.org"
2
-
3
- # rubocop:disable Bundler/DuplicatedGem
4
- if ENV["RAILS_VERSION"]
5
- gem "rails", ENV["RAILS_VERSION"]
6
- elsif ENV["RAILS_BRANCH"]
7
- gem "rails", git: "https://github.com/rails/rails.git", branch: ENV["RAILS_BRANCH"]
8
- end
9
- # rubocop:enable Bundler/DuplicatedGem
10
-
11
- gemspec
data/Rakefile DELETED
@@ -1,10 +0,0 @@
1
- require "bundler/gem_tasks"
2
- require "rake/testtask"
3
-
4
- Rake::TestTask.new(:test) do |t|
5
- t.libs << "test"
6
- t.libs << "lib"
7
- t.test_files = FileList["test/**/*_test.rb"]
8
- end
9
-
10
- task default: :test
@@ -1,37 +0,0 @@
1
- lib = File.expand_path("lib", __dir__)
2
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
- require "omniauth/rails_csrf_protection/version"
4
-
5
- Gem::Specification.new do |spec|
6
- spec.name = "omniauth-rails_csrf_protection"
7
- spec.version = OmniAuth::RailsCsrfProtection::VERSION
8
- spec.authors = ["Cookpad Inc."]
9
- spec.email = ["kaihatsu@cookpad.com"]
10
-
11
- spec.summary = <<~SUMMARY
12
- Provides CSRF protection on OmniAuth request endpoint on Rails application.
13
- SUMMARY
14
-
15
- spec.description = <<~DESCRIPTION
16
- This gem provides a mitigation against CVE-2015-9284 (Cross-Site Request
17
- Forgery on the request phrase when using OmniAuth gem with a Ruby on Rails
18
- application) by implementing a CSRF token verifier that directly utilize
19
- `ActionController::RequestForgeryProtection` code from Rails.
20
- DESCRIPTION
21
-
22
- spec.homepage = "https://github.com/cookpad/omniauth-rails_csrf_protection"
23
- spec.license = "MIT"
24
-
25
- spec.files = `git ls-files`.split("\n")
26
- spec.test_files = `git ls-files -- test/*`.split("\n")
27
-
28
- spec.require_paths = ["lib"]
29
-
30
- spec.add_dependency "actionpack", ">= 4.2"
31
- spec.add_dependency "omniauth", "~> 2.0"
32
-
33
- spec.add_development_dependency "bundler"
34
- spec.add_development_dependency "minitest"
35
- spec.add_development_dependency "rails"
36
- spec.add_development_dependency "rake"
37
- end