omniauth-saml 1.9.0 → 1.10.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of omniauth-saml might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a3895e66de86a36af32ed2a4307562e1d549d69a
4
- data.tar.gz: 413848e6bdb2dc31758a1b60f5aeae811afb9b2c
3
+ metadata.gz: 6bf6bca05fbb7097d01d4f3abe1ff2b033932051
4
+ data.tar.gz: 5cde5570d1457ba576f7d7d05850bcca7b4384c5
5
5
  SHA512:
6
- metadata.gz: f27b3b76a2859c680bdc446b0f678616b43cd2d2e1896bba9297d673e00689c25e55170b1f2a4ea021653704bff92f7885df322518100431c3ac50ef97271782
7
- data.tar.gz: 0f0e9056f26ff234e92e000c9a360e12038b8c25e7ae56599eda22b7eb06a8434befbe85ec564d388d9fb0396f3b329db7e66c9bb69ff70afc3ff5bcfa008350
6
+ metadata.gz: d3413b70bad6963317a2fa55389a370fea07cb3a2015b600d10461d36245feb1e3efa02ec2fc25529d391f7f8929f9918859ab51055fc6bba979b7f3b920e2ca
7
+ data.tar.gz: 4623b91adf535ff1e018d15007fab6a050410f806884d6cc842eec80f60a46a2838f13f35786cb7ee1e725ee70043b8c669bad62dfde10c761df97c22c72d7ff
@@ -1,3 +1,13 @@
1
+ <a name="v1.10.0"></a>
2
+ ### v1.10.0 (2018-02-19)
3
+
4
+
5
+ #### Bug Fixes
6
+
7
+ * ambiguous path match in other phase ([1b465b9](/../../commit/1b465b9))
8
+ * Update ruby-saml gem to 1.7 or later to fix CVE-2017-11430 ([6bc28ad](/../../commit/6bc28ad))
9
+
10
+
1
11
  <a name="v1.9.0"></a>
2
12
  ### v1.9.0 (2018-01-29)
3
13
 
data/README.md CHANGED
@@ -23,7 +23,7 @@ https://github.com/omniauth/omniauth-saml
23
23
 
24
24
  ## Versioning
25
25
 
26
- We tag and release gems according to the [Semantic Versioning](http://semver.org/) principle.
26
+ We tag and release gems according to the [Semantic Versioning](http://semver.org/) principle. In addition to the guidelines of Semantic Versioning, we follow a further guideline that otherwise backwards-compatible dependency upgrades for security reasons should generally be cause for a MINOR version upgrade as opposed to a PATCH version upgrade. Backwards-incompatible dependency upgrades for security reasons should still result in a MAJOR version upgrade for this library.
27
27
 
28
28
  ## Usage
29
29
 
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module SAML
3
- VERSION = '1.9.0'
3
+ VERSION = '1.10.0'
4
4
  end
5
5
  end
@@ -69,7 +69,7 @@ module OmniAuth
69
69
  end
70
70
 
71
71
  def other_phase
72
- if current_path.start_with?(request_path)
72
+ if request_path_pattern.match(current_path)
73
73
  @env['omniauth.strategy'] ||= self
74
74
  setup_phase
75
75
 
@@ -120,6 +120,10 @@ module OmniAuth
120
120
 
121
121
  private
122
122
 
123
+ def request_path_pattern
124
+ @request_path_pattern ||= %r{\A#{Regexp.quote(request_path)}(/|\z)}
125
+ end
126
+
123
127
  def on_subpath?(subpath)
124
128
  on_path?("#{request_path}/#{subpath}")
125
129
  end
@@ -435,6 +435,15 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
435
435
  specify { expect(last_response.status).to eql 404 }
436
436
  end
437
437
 
438
+ context 'when hitting a route that contains a substring match for the strategy name' do
439
+ before { get '/auth/saml2/metadata' }
440
+
441
+ it 'should not set the strategy' do
442
+ expect(last_request.env['omniauth.strategy']).to be_nil
443
+ expect(last_response.status).to eql 404
444
+ end
445
+ end
446
+
438
447
  describe 'subclass behavior' do
439
448
  it 'registers subclasses in OmniAuth.strategies' do
440
449
  subclass = Class.new(described_class)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.9.0
4
+ version: 1.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Raecoo Cao
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2018-01-31 00:00:00.000000000 Z
17
+ date: 2018-03-01 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: omniauth
@@ -42,20 +42,14 @@ dependencies:
42
42
  requirements:
43
43
  - - "~>"
44
44
  - !ruby/object:Gem::Version
45
- version: '1.4'
46
- - - ">="
47
- - !ruby/object:Gem::Version
48
- version: 1.4.3
45
+ version: '1.7'
49
46
  type: :runtime
50
47
  prerelease: false
51
48
  version_requirements: !ruby/object:Gem::Requirement
52
49
  requirements:
53
50
  - - "~>"
54
51
  - !ruby/object:Gem::Version
55
- version: '1.4'
56
- - - ">="
57
- - !ruby/object:Gem::Version
58
- version: 1.4.3
52
+ version: '1.7'
59
53
  - !ruby/object:Gem::Dependency
60
54
  name: rake
61
55
  requirement: !ruby/object:Gem::Requirement