omniauth-rails_csrf_protection 1.0.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b7c9f0953f60f411b88e66c914509308274d46c44a5fa42e1531740fc94c0be5
-  data.tar.gz: 1420e37a8f982fded587e1960309871054fc7e4a6ae4e237d5783025983a4c31
+  metadata.gz: ca8b6b6b0f1b3f05b0317c4e0f629529a44158edc57497fee9eec34a1422125d
+  data.tar.gz: 640c1535d81dea4a56fac9e851dc595f351d05dfc53e11ef3a720aeba1d2b770
 SHA512:
-  metadata.gz: 95efbe6ce15fd93acf8e4953ffbc058e681dda33f0a129a3b0a33c1c9000faf25a4bb789de45cd89603cfa2e5702b15c51db6468bbf616754199cf54e55cf750
-  data.tar.gz: dabea2ed5fddeda77f46fd7cee2a4f1b5f79d8dc042eba02dc64fda6ef304f828cce81d63c42a2592cd059511d080a6dd77db4ceb5de8dc17740e6d58fea04fb
+  metadata.gz: 9db585b6633c9a06372ed96fd2c4a59502d75f7eb39c69f25c92bd0706ad5d2f0ae03d8471fd8ff19342cf98b01159ed742251eb568b200960eb031956b3976a
+  data.tar.gz: d6ff32d88319e0072a760853da4a7dca07bfab9ad6a5243552df8eeb7a603ee133f69a38686ce3d591c29b4bb131217348c0a6bc8010c1e45aea3478235e0cb5

data/README.md

@@ -5,8 +5,6 @@ Forgery on the request phase when using OmniAuth gem with a Ruby on Rails
 application) by implementing a CSRF token verifier that directly uses
 `ActionController::RequestForgeryProtection` code from Rails.
 
-[![CircleCI](https://circleci.com/gh/cookpad/omniauth-rails_csrf_protection/tree/main.svg?style=svg)](https://circleci.com/gh/cookpad/omniauth-rails_csrf_protection/tree/main)
-
 [CVE-2015-9284]: https://nvd.nist.gov/vuln/detail/CVE-2015-9284
 
 ## Usage

data/lib/omniauth/rails_csrf_protection/token_verifier.rb

@@ -28,6 +28,10 @@ module OmniAuth
       end
 
       def call(env)
+        dup._call(env)
+      end
+
+      def _call(env)
         @request = ActionDispatch::Request.new(env.dup)
 
         unless verified_request?

data/lib/omniauth/rails_csrf_protection/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module RailsCsrfProtection
-    VERSION = "1.0.1".freeze
+    VERSION = "1.0.2".freeze
   end
 end

data/test/test_helper.rb

@@ -18,7 +18,12 @@ silence_warnings do
   gemfile do
     source "https://rubygems.org"
 
-    gem "rails"
+    if ENV["RAILS_VERSION"] == "edge"
+      gem "rails", git: "https://github.com/rails/rails.git", branch: "main"
+    else
+      gem "rails"
+    end
+
     gem "omniauth"
     gem "omniauth-rails_csrf_protection", path: File.expand_path("..", __dir__)
   end
@@ -34,7 +39,7 @@ require "minitest/autorun"
 class TestApp < Rails::Application
   config.root = __dir__
   config.session_store :cookie_store, key: "cookie_store_key"
-  secrets.secret_key_base = "secret_key_base"
+  config.secret_key_base = "secret_key_base"
   config.eager_load = false
   config.hosts = []
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-rails_csrf_protection
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Cookpad Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-07 00:00:00.000000000 Z
+date: 2024-05-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -105,19 +105,12 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".circleci/config.yml"
-- ".gitignore"
-- ".rubocop.yml"
-- CODE_OF_CONDUCT.md
-- Gemfile
 - LICENSE.txt
 - README.md
-- Rakefile
 - lib/omniauth/rails_csrf_protection.rb
 - lib/omniauth/rails_csrf_protection/railtie.rb
 - lib/omniauth/rails_csrf_protection/token_verifier.rb
 - lib/omniauth/rails_csrf_protection/version.rb
-- omniauth-rails_csrf_protection.gemspec
 - test/application_test.rb
 - test/test_helper.rb
 homepage: https://github.com/cookpad/omniauth-rails_csrf_protection
@@ -139,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Provides CSRF protection on OmniAuth request endpoint on Rails application.

data/.circleci/config.yml

@@ -1,241 +0,0 @@
-version: 2.1
-
-build_steps: &build_steps
-  steps:
-    - checkout
-    - run:
-        name: Install dependencies
-        command: bundle update
-    - run:
-        command: |-
-          echo "Ruby version:" $(ruby -v)
-          echo "Rails version: " $(rails -v)
-        name: Show build information
-    - run:
-        name: Run tests
-        command: rake
-
-ruby-2-4: &ruby-2-4
-  docker:
-    - image: circleci/ruby:2.4
-
-ruby-2-5: &ruby-2-5
-  docker:
-    - image: cimg/ruby:2.5
-
-ruby-2-6: &ruby-2-6
-  docker:
-    - image: cimg/ruby:2.6
-
-ruby-2-7: &ruby-2-7
-  docker:
-    - image: cimg/ruby:2.7
-
-ruby-3-0: &ruby-3-0
-  docker:
-    - image: cimg/ruby:3.0
-
-ruby-3-1: &ruby-3-1
-  docker:
-    - image: cimg/ruby:3.1
-
-rails-4-2: &rails-4-2
-  environment:
-      RAILS_VERSION: "~> 4.2.0"
-
-rails-5-0: &rails-5-0
-  environment:
-      RAILS_VERSION: "~> 5.0.0"
-
-rails-5-1: &rails-5-1
-  environment:
-      RAILS_VERSION: "~> 5.1.0"
-
-rails-5-2: &rails-5-2
-  environment:
-      RAILS_VERSION: "~> 5.2.0"
-
-rails-6-0: &rails-6-0
-  environment:
-      RAILS_VERSION: "~> 6.0.0"
-
-rails-6-1: &rails-6-1
-  environment:
-      RAILS_VERSION: "~> 6.1.0"
-
-rails-7-0: &rails-7-0
-  environment:
-      RAILS_VERSION: "~> 7.0.0"
-
-rails-edge: &rails-edge
-  environment:
-      RAILS_BRANCH: "main"
-
-jobs:
-  "ruby-2-4-rails-4-2":
-    <<: *ruby-2-4
-    <<: *rails-4-2
-    <<: *build_steps
-  "ruby-2-4-rails-5-0":
-    <<: *ruby-2-4
-    <<: *rails-5-0
-    <<: *build_steps
-  "ruby-2-4-rails-5-1":
-    <<: *ruby-2-4
-    <<: *rails-5-1
-    <<: *build_steps
-  "ruby-2-4-rails-5-2":
-    <<: *ruby-2-4
-    <<: *rails-5-2
-    <<: *build_steps
-
-  "ruby-2-5-rails-5-0":
-    <<: *ruby-2-5
-    <<: *rails-5-0
-    <<: *build_steps
-  "ruby-2-5-rails-5-1":
-    <<: *ruby-2-5
-    <<: *rails-5-1
-    <<: *build_steps
-  "ruby-2-5-rails-5-2":
-    <<: *ruby-2-5
-    <<: *rails-5-2
-    <<: *build_steps
-  "ruby-2-5-rails-6-0":
-    <<: *ruby-2-5
-    <<: *rails-6-0
-    <<: *build_steps
-  "ruby-2-5-rails-6-1":
-    <<: *ruby-2-5
-    <<: *rails-6-1
-    <<: *build_steps
-  "ruby-2-5-rails-edge":
-    <<: *ruby-2-5
-    <<: *rails-edge
-    <<: *build_steps
-
-  "ruby-2-6-rails-5-0":
-    <<: *ruby-2-6
-    <<: *rails-5-0
-    <<: *build_steps
-  "ruby-2-6-rails-5-1":
-    <<: *ruby-2-6
-    <<: *rails-5-1
-    <<: *build_steps
-  "ruby-2-6-rails-5-2":
-    <<: *ruby-2-6
-    <<: *rails-5-2
-    <<: *build_steps
-  "ruby-2-6-rails-6-0":
-    <<: *ruby-2-6
-    <<: *rails-6-0
-    <<: *build_steps
-  "ruby-2-6-rails-6-1":
-    <<: *ruby-2-6
-    <<: *rails-6-1
-    <<: *build_steps
-  "ruby-2-6-rails-edge":
-    <<: *ruby-2-6
-    <<: *rails-edge
-    <<: *build_steps
-
-  "ruby-2-7-rails-5-0":
-    <<: *ruby-2-7
-    <<: *rails-5-0
-    <<: *build_steps
-  "ruby-2-7-rails-5-1":
-    <<: *ruby-2-7
-    <<: *rails-5-1
-    <<: *build_steps
-  "ruby-2-7-rails-5-2":
-    <<: *ruby-2-7
-    <<: *rails-5-2
-    <<: *build_steps
-  "ruby-2-7-rails-6-0":
-    <<: *ruby-2-7
-    <<: *rails-6-0
-    <<: *build_steps
-  "ruby-2-7-rails-6-1":
-    <<: *ruby-2-7
-    <<: *rails-6-1
-    <<: *build_steps
-  "ruby-2-7-rails-7-0":
-    <<: *ruby-2-7
-    <<: *rails-7-0
-    <<: *build_steps
-  "ruby-2-7-rails-edge":
-    <<: *ruby-2-7
-    <<: *rails-edge
-    <<: *build_steps
-
-  "ruby-3-0-rails-6-0":
-    <<: *ruby-3-0
-    <<: *rails-6-0
-    <<: *build_steps
-  "ruby-3-0-rails-6-1":
-    <<: *ruby-3-0
-    <<: *rails-6-1
-    <<: *build_steps
-  "ruby-3-0-rails-7-0":
-    <<: *ruby-3-0
-    <<: *rails-7-0
-    <<: *build_steps
-  "ruby-3-0-rails-edge":
-    <<: *ruby-3-0
-    <<: *rails-edge
-    <<: *build_steps
-
-  "ruby-3-1-rails-6-0":
-    <<: *ruby-3-1
-    <<: *rails-6-0
-    <<: *build_steps
-  "ruby-3-1-rails-6-1":
-    <<: *ruby-3-1
-    <<: *rails-6-1
-    <<: *build_steps
-  "ruby-3-1-rails-7-0":
-    <<: *ruby-3-1
-    <<: *rails-7-0
-    <<: *build_steps
-  "ruby-3-1-rails-edge":
-    <<: *ruby-3-1
-    <<: *rails-edge
-    <<: *build_steps
-
-workflows:
-  version: 2
-  build:
-    jobs:
-      - "ruby-2-4-rails-4-2"
-      - "ruby-2-4-rails-5-1"
-      - "ruby-2-4-rails-5-2"
-
-      - "ruby-2-5-rails-5-0"
-      - "ruby-2-5-rails-5-1"
-      - "ruby-2-5-rails-5-2"
-      - "ruby-2-5-rails-6-0"
-      - "ruby-2-5-rails-6-1"
-
-      - "ruby-2-6-rails-5-0"
-      - "ruby-2-6-rails-5-1"
-      - "ruby-2-6-rails-5-2"
-      - "ruby-2-6-rails-6-0"
-      - "ruby-2-6-rails-6-1"
-
-      - "ruby-2-7-rails-5-0"
-      - "ruby-2-7-rails-5-1"
-      - "ruby-2-7-rails-5-2"
-      - "ruby-2-7-rails-6-0"
-      - "ruby-2-7-rails-6-1"
-      - "ruby-2-7-rails-7-0"
-      - "ruby-2-7-rails-edge"
-
-      - "ruby-3-0-rails-6-0"
-      - "ruby-3-0-rails-6-1"
-      - "ruby-3-0-rails-7-0"
-      - "ruby-3-0-rails-edge"
-
-      - "ruby-3-1-rails-6-0"
-      - "ruby-3-1-rails-6-1"
-      - "ruby-3-1-rails-7-0"
-      - "ruby-3-1-rails-edge"

data/.gitignore

@@ -1,10 +0,0 @@
-/.bundle/
-/.rubocop-*
-/.yardoc
-/Gemfile.lock
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/

data/.rubocop.yml

@@ -1,9 +0,0 @@
-inherit_from:
-  - https://raw.githubusercontent.com/cookpad/global-style-guides/master/.rubocop.yml
-
-AllCops:
-  TargetRubyVersion: 2.5
-
-# Disable this as this does not apply to rack-test
-Rails/HttpPositionalArguments:
-  Enabled: false

data/CODE_OF_CONDUCT.md

@@ -1,75 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age,
-body size, disability, ethnicity, gender identity and expression, level of
-experience, nationality, personal appearance, race, religion, or sexual
-identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-  advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an
-appointed representative at an online or offline event. Representation of a
-project may be further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at kaihatsu@cookpad.com. All complaints
-will be reviewed and investigated and will result in a response that is deemed
-necessary and appropriate to the circumstances. The project team is obligated
-to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 1.4, available at
-[http://contributor-covenant.org/version/1/4][version]
-
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -1,11 +0,0 @@
-source "https://rubygems.org"
-
-# rubocop:disable Bundler/DuplicatedGem
-if ENV["RAILS_VERSION"]
-  gem "rails", ENV["RAILS_VERSION"]
-elsif ENV["RAILS_BRANCH"]
-  gem "rails", git: "https://github.com/rails/rails.git", branch: ENV["RAILS_BRANCH"]
-end
-# rubocop:enable Bundler/DuplicatedGem
-
-gemspec

data/Rakefile

@@ -1,10 +0,0 @@
-require "bundler/gem_tasks"
-require "rake/testtask"
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.libs << "lib"
-  t.test_files = FileList["test/**/*_test.rb"]
-end
-
-task default: :test

data/omniauth-rails_csrf_protection.gemspec

@@ -1,37 +0,0 @@
-lib = File.expand_path("lib", __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "omniauth/rails_csrf_protection/version"
-
-Gem::Specification.new do |spec|
-  spec.name        = "omniauth-rails_csrf_protection"
-  spec.version     = OmniAuth::RailsCsrfProtection::VERSION
-  spec.authors     = ["Cookpad Inc."]
-  spec.email       = ["kaihatsu@cookpad.com"]
-
-  spec.summary     = <<~SUMMARY
-    Provides CSRF protection on OmniAuth request endpoint on Rails application.
-  SUMMARY
-
-  spec.description = <<~DESCRIPTION
-    This gem provides a mitigation against CVE-2015-9284 (Cross-Site Request
-    Forgery on the request phrase when using OmniAuth gem with a Ruby on Rails
-    application) by implementing a CSRF token verifier that directly utilize
-    `ActionController::RequestForgeryProtection` code from Rails.
-  DESCRIPTION
-
-  spec.homepage    = "https://github.com/cookpad/omniauth-rails_csrf_protection"
-  spec.license     = "MIT"
-
-  spec.files       = `git ls-files`.split("\n")
-  spec.test_files  = `git ls-files -- test/*`.split("\n")
-
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "actionpack", ">= 4.2"
-  spec.add_dependency "omniauth", "~> 2.0"
-
-  spec.add_development_dependency "bundler"
-  spec.add_development_dependency "minitest"
-  spec.add_development_dependency "rails"
-  spec.add_development_dependency "rake"
-end