omniauth-saml 1.9.0 → 1.10.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of omniauth-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +1 -1
- data/lib/omniauth-saml/version.rb +1 -1
- data/lib/omniauth/strategies/saml.rb +5 -1
- data/spec/omniauth/strategies/saml_spec.rb +9 -0
- metadata +4 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6bf6bca05fbb7097d01d4f3abe1ff2b033932051
|
|
4
|
+
data.tar.gz: 5cde5570d1457ba576f7d7d05850bcca7b4384c5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d3413b70bad6963317a2fa55389a370fea07cb3a2015b600d10461d36245feb1e3efa02ec2fc25529d391f7f8929f9918859ab51055fc6bba979b7f3b920e2ca
|
|
7
|
+
data.tar.gz: 4623b91adf535ff1e018d15007fab6a050410f806884d6cc842eec80f60a46a2838f13f35786cb7ee1e725ee70043b8c669bad62dfde10c761df97c22c72d7ff
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
<a name="v1.10.0"></a>
|
|
2
|
+
### v1.10.0 (2018-02-19)
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
#### Bug Fixes
|
|
6
|
+
|
|
7
|
+
* ambiguous path match in other phase ([1b465b9](/../../commit/1b465b9))
|
|
8
|
+
* Update ruby-saml gem to 1.7 or later to fix CVE-2017-11430 ([6bc28ad](/../../commit/6bc28ad))
|
|
9
|
+
|
|
10
|
+
|
|
1
11
|
<a name="v1.9.0"></a>
|
|
2
12
|
### v1.9.0 (2018-01-29)
|
|
3
13
|
|
data/README.md
CHANGED
|
@@ -23,7 +23,7 @@ https://github.com/omniauth/omniauth-saml
|
|
|
23
23
|
|
|
24
24
|
## Versioning
|
|
25
25
|
|
|
26
|
-
We tag and release gems according to the [Semantic Versioning](http://semver.org/) principle.
|
|
26
|
+
We tag and release gems according to the [Semantic Versioning](http://semver.org/) principle. In addition to the guidelines of Semantic Versioning, we follow a further guideline that otherwise backwards-compatible dependency upgrades for security reasons should generally be cause for a MINOR version upgrade as opposed to a PATCH version upgrade. Backwards-incompatible dependency upgrades for security reasons should still result in a MAJOR version upgrade for this library.
|
|
27
27
|
|
|
28
28
|
## Usage
|
|
29
29
|
|
|
@@ -69,7 +69,7 @@ module OmniAuth
|
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
def other_phase
|
|
72
|
-
if
|
|
72
|
+
if request_path_pattern.match(current_path)
|
|
73
73
|
@env['omniauth.strategy'] ||= self
|
|
74
74
|
setup_phase
|
|
75
75
|
|
|
@@ -120,6 +120,10 @@ module OmniAuth
|
|
|
120
120
|
|
|
121
121
|
private
|
|
122
122
|
|
|
123
|
+
def request_path_pattern
|
|
124
|
+
@request_path_pattern ||= %r{\A#{Regexp.quote(request_path)}(/|\z)}
|
|
125
|
+
end
|
|
126
|
+
|
|
123
127
|
def on_subpath?(subpath)
|
|
124
128
|
on_path?("#{request_path}/#{subpath}")
|
|
125
129
|
end
|
|
@@ -435,6 +435,15 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
|
|
|
435
435
|
specify { expect(last_response.status).to eql 404 }
|
|
436
436
|
end
|
|
437
437
|
|
|
438
|
+
context 'when hitting a route that contains a substring match for the strategy name' do
|
|
439
|
+
before { get '/auth/saml2/metadata' }
|
|
440
|
+
|
|
441
|
+
it 'should not set the strategy' do
|
|
442
|
+
expect(last_request.env['omniauth.strategy']).to be_nil
|
|
443
|
+
expect(last_response.status).to eql 404
|
|
444
|
+
end
|
|
445
|
+
end
|
|
446
|
+
|
|
438
447
|
describe 'subclass behavior' do
|
|
439
448
|
it 'registers subclasses in OmniAuth.strategies' do
|
|
440
449
|
subclass = Class.new(described_class)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Raecoo Cao
|
|
@@ -14,7 +14,7 @@ authors:
|
|
|
14
14
|
autorequire:
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
|
-
date: 2018-01
|
|
17
|
+
date: 2018-03-01 00:00:00.000000000 Z
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: omniauth
|
|
@@ -42,20 +42,14 @@ dependencies:
|
|
|
42
42
|
requirements:
|
|
43
43
|
- - "~>"
|
|
44
44
|
- !ruby/object:Gem::Version
|
|
45
|
-
version: '1.
|
|
46
|
-
- - ">="
|
|
47
|
-
- !ruby/object:Gem::Version
|
|
48
|
-
version: 1.4.3
|
|
45
|
+
version: '1.7'
|
|
49
46
|
type: :runtime
|
|
50
47
|
prerelease: false
|
|
51
48
|
version_requirements: !ruby/object:Gem::Requirement
|
|
52
49
|
requirements:
|
|
53
50
|
- - "~>"
|
|
54
51
|
- !ruby/object:Gem::Version
|
|
55
|
-
version: '1.
|
|
56
|
-
- - ">="
|
|
57
|
-
- !ruby/object:Gem::Version
|
|
58
|
-
version: 1.4.3
|
|
52
|
+
version: '1.7'
|
|
59
53
|
- !ruby/object:Gem::Dependency
|
|
60
54
|
name: rake
|
|
61
55
|
requirement: !ruby/object:Gem::Requirement
|