omniauth-saml 1.9.0 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of omniauth-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +1 -1
- data/lib/omniauth-saml/version.rb +1 -1
- data/lib/omniauth/strategies/saml.rb +5 -1
- data/spec/omniauth/strategies/saml_spec.rb +9 -0
- metadata +4 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6bf6bca05fbb7097d01d4f3abe1ff2b033932051
|
|
4
|
+
data.tar.gz: 5cde5570d1457ba576f7d7d05850bcca7b4384c5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d3413b70bad6963317a2fa55389a370fea07cb3a2015b600d10461d36245feb1e3efa02ec2fc25529d391f7f8929f9918859ab51055fc6bba979b7f3b920e2ca
|
|
7
|
+
data.tar.gz: 4623b91adf535ff1e018d15007fab6a050410f806884d6cc842eec80f60a46a2838f13f35786cb7ee1e725ee70043b8c669bad62dfde10c761df97c22c72d7ff
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
<a name="v1.10.0"></a>
|
|
2
|
+
### v1.10.0 (2018-02-19)
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
#### Bug Fixes
|
|
6
|
+
|
|
7
|
+
* ambiguous path match in other phase ([1b465b9](/../../commit/1b465b9))
|
|
8
|
+
* Update ruby-saml gem to 1.7 or later to fix CVE-2017-11430 ([6bc28ad](/../../commit/6bc28ad))
|
|
9
|
+
|
|
10
|
+
|
|
1
11
|
<a name="v1.9.0"></a>
|
|
2
12
|
### v1.9.0 (2018-01-29)
|
|
3
13
|
|
data/README.md
CHANGED
|
@@ -23,7 +23,7 @@ https://github.com/omniauth/omniauth-saml
|
|
|
23
23
|
|
|
24
24
|
## Versioning
|
|
25
25
|
|
|
26
|
-
We tag and release gems according to the [Semantic Versioning](http://semver.org/) principle.
|
|
26
|
+
We tag and release gems according to the [Semantic Versioning](http://semver.org/) principle. In addition to the guidelines of Semantic Versioning, we follow a further guideline that otherwise backwards-compatible dependency upgrades for security reasons should generally be cause for a MINOR version upgrade as opposed to a PATCH version upgrade. Backwards-incompatible dependency upgrades for security reasons should still result in a MAJOR version upgrade for this library.
|
|
27
27
|
|
|
28
28
|
## Usage
|
|
29
29
|
|
|
@@ -69,7 +69,7 @@ module OmniAuth
|
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
def other_phase
|
|
72
|
-
if
|
|
72
|
+
if request_path_pattern.match(current_path)
|
|
73
73
|
@env['omniauth.strategy'] ||= self
|
|
74
74
|
setup_phase
|
|
75
75
|
|
|
@@ -120,6 +120,10 @@ module OmniAuth
|
|
|
120
120
|
|
|
121
121
|
private
|
|
122
122
|
|
|
123
|
+
def request_path_pattern
|
|
124
|
+
@request_path_pattern ||= %r{\A#{Regexp.quote(request_path)}(/|\z)}
|
|
125
|
+
end
|
|
126
|
+
|
|
123
127
|
def on_subpath?(subpath)
|
|
124
128
|
on_path?("#{request_path}/#{subpath}")
|
|
125
129
|
end
|
|
@@ -435,6 +435,15 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
|
|
|
435
435
|
specify { expect(last_response.status).to eql 404 }
|
|
436
436
|
end
|
|
437
437
|
|
|
438
|
+
context 'when hitting a route that contains a substring match for the strategy name' do
|
|
439
|
+
before { get '/auth/saml2/metadata' }
|
|
440
|
+
|
|
441
|
+
it 'should not set the strategy' do
|
|
442
|
+
expect(last_request.env['omniauth.strategy']).to be_nil
|
|
443
|
+
expect(last_response.status).to eql 404
|
|
444
|
+
end
|
|
445
|
+
end
|
|
446
|
+
|
|
438
447
|
describe 'subclass behavior' do
|
|
439
448
|
it 'registers subclasses in OmniAuth.strategies' do
|
|
440
449
|
subclass = Class.new(described_class)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Raecoo Cao
|
|
@@ -14,7 +14,7 @@ authors:
|
|
|
14
14
|
autorequire:
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
|
-
date: 2018-01
|
|
17
|
+
date: 2018-03-01 00:00:00.000000000 Z
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: omniauth
|
|
@@ -42,20 +42,14 @@ dependencies:
|
|
|
42
42
|
requirements:
|
|
43
43
|
- - "~>"
|
|
44
44
|
- !ruby/object:Gem::Version
|
|
45
|
-
version: '1.
|
|
46
|
-
- - ">="
|
|
47
|
-
- !ruby/object:Gem::Version
|
|
48
|
-
version: 1.4.3
|
|
45
|
+
version: '1.7'
|
|
49
46
|
type: :runtime
|
|
50
47
|
prerelease: false
|
|
51
48
|
version_requirements: !ruby/object:Gem::Requirement
|
|
52
49
|
requirements:
|
|
53
50
|
- - "~>"
|
|
54
51
|
- !ruby/object:Gem::Version
|
|
55
|
-
version: '1.
|
|
56
|
-
- - ">="
|
|
57
|
-
- !ruby/object:Gem::Version
|
|
58
|
-
version: 1.4.3
|
|
52
|
+
version: '1.7'
|
|
59
53
|
- !ruby/object:Gem::Dependency
|
|
60
54
|
name: rake
|
|
61
55
|
requirement: !ruby/object:Gem::Requirement
|