pco-url 2.1.3 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a47c1ef878b865141332322e7f958d66fab196eae64291067e391185fdb6b0e3
-  data.tar.gz: 072b303a7a0f34857339bc3ca5b87558656ba4f23e2226b9b83bcc056ad6e50a
+  metadata.gz: '0687cb14bb063264a30307b10d9b6efcb49d8f4cbf77b711b15192fe35217048'
+  data.tar.gz: ece4ec24c39990c45bf02e44a564a6f9bc460af66348bdd5e97166319252612f
 SHA512:
-  metadata.gz: 273a73234504876c551343c81410a333a59e9859de1ddf5e2740eafc87f6a046ed255838f472ffbc66b166ab524058152a15f109a6c2a2ba3891ca96cb62e425
-  data.tar.gz: dee2c23967f577864f39e87d6605e207733b592edc8221c10fe1f5e9e19123380c65585a8247d53245f13f9d1fae7a53f61189e2c1c45703e624f16956f2586e
+  metadata.gz: 55eaac7abd9b009155137ee6cbfa8a339296bab1fbeb409dca080921591c6e623921f3d3accb6981e3552f1029a7d1ee4b4ec1984944112e5a4d74e198aa856b
+  data.tar.gz: acb674cba783b53cfe924ac820b8b5a67af7db82c0d5f399aeb81c8faabe9a3eac6a39e03322fb1fb40ef090ee8f943db784098c7572dc191a0eadbd61f92d1c

data/.circleci/config.yml

@@ -17,7 +17,7 @@ workflows:
 jobs:
   build:
     docker:
-      - image: circleci/ruby:2.5
+      - image: circleci/ruby:2.7
         environment:
           BUNDLE_JOBS: 3
           BUNDLE_RETRY: 3

data/.ruby-version

@@ -1 +1 @@
-2.5
+2.7

data/Appraisals

@@ -1,15 +1,5 @@
 # frozen_string_literal: true
 
-appraise "rails-5.0" do
-  gem "rails", "~> 5.0.0"
-  gem "sqlite3", "< 1.4"
-end
-
-appraise "rails-5.1" do
-  gem "rails", "~> 5.1.0"
-  gem "sqlite3", "< 1.4"
-end
-
 appraise "rails-5.2" do
   gem "rails", "~> 5.2.0"
 end
@@ -17,3 +7,11 @@ end
 appraise "rails-6.0" do
   gem "rails", "~> 6.0.0"
 end
+
+appraise "rails-6.1" do
+  gem "rails", "~> 6.1.0"
+end
+
+appraise "rails-edge" do
+  gem "rails", git: "https://github.com/rails/rails.git", branch: "main"
+end

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+# v3.0.0 (2021-02-25)
+
+* Feature: add middleware in production/staging to maintain second-level domain, e.g. planningcenter.com when generating URLs
+* Chore: test on more modern versions of Ruby and Rails
+
 # v2.1.3 (2020-01-14)
 
 * Chore: no code changes; just bumping the version and rebuilding the gem file with proper file permissions [Tim Morgan]

data/gemfiles/{rails_5.0.gemfile → rails_6.1.gemfile}

@@ -2,7 +2,6 @@
 
 source "https://rubygems.org"
 
-gem "rails", "~> 5.0.0"
-gem "sqlite3", "< 1.4"
+gem "rails", "~> 6.1.0"
 
 gemspec path: "../"

data/gemfiles/{rails_5.1.gemfile → rails_edge.gemfile}

@@ -2,7 +2,6 @@
 
 source "https://rubygems.org"
 
-gem "rails", "~> 5.1.0"
-gem "sqlite3", "< 1.4"
+gem "rails", git: "https://github.com/rails/rails.git", branch: "main"
 
 gemspec path: "../"

data/lib/pco/url.rb

@@ -7,6 +7,13 @@ require "uri"
 
 module PCO
   class URL
+    DOMAINS = {
+      'development' => %w[pco.test pco.codes],
+      'test' => %w[pco.test pco.codes],
+      'staging' => %w[planningcenteronline.com planningcenter.com],
+      'production' => %w[planningcenteronline.com planningcenter.com],
+    }.freeze
+
     class << self
       def decrypt_query_params(string)
         Encryption.decrypt(string)
@@ -82,13 +89,15 @@ module PCO
     def domain
       return @domain if @domain
 
+      return PCO::URL::Engine.domain if PCO::URL::Engine.domain
+
       case env
       when "production", "staging"
         "planningcenteronline.com"
       when "test"
         "pco.test"
       when "development"
-        PCO::URL::Engine.domain || "pco.test"
+        "pco.test"
       end
     end
 

data/lib/pco/url/engine.rb

@@ -12,7 +12,7 @@ module PCO
       end
 
       initializer "pco_url.add_middleware" do |app|
-        app.middleware.use PCO::URL::Engine::DomainMiddleware if Rails.env.development? || Rails.env.test?
+        app.middleware.use PCO::URL::Engine::DomainMiddleware
       end
     end
   end

data/lib/pco/url/engine/domain_middleware.rb

@@ -11,7 +11,8 @@ module PCO
         end
 
         def call(env)
-          PCO::URL::Engine.domain = env["SERVER_NAME"].downcase.match(/[a-z0-9-]+\.[a-z]+$/).to_s
+          domain = env["SERVER_NAME"].downcase.match(/[a-z0-9-]+\.[a-z]+$/).to_s
+          PCO::URL::Engine.domain = PCO::URL::DOMAINS[Rails.env].include?(domain) ? domain : nil
           @app.call(env)
         end
       end

data/lib/pco/url/version.rb

@@ -1,5 +1,5 @@
 module PCO
   class URL
-    VERSION = "2.1.3".freeze
+    VERSION = "3.0.0".freeze
   end
 end

data/spec/dummy/config/application.rb

@@ -8,7 +8,19 @@ require "pco/url"
 module Dummy
   class Application < Rails::Application
     config.eager_load = false
-    config.hosts << /accounts\.pco\.(test|codes)/ if Rails::VERSION::MAJOR >= 6
+    if Rails::VERSION::MAJOR >= 6
+      config.hosts << "accounts.pco.test"
+      config.hosts << "accounts.pco.codes"
+      config.hosts << "accounts.planningcenteronline.com"
+      config.hosts << "accounts.planningcenter.com"
+      config.hosts << "accounts-staging.planningcenteronline.com"
+      config.hosts << "accounts-staging.planningcenter.com"
+
+      # We would obviously never have this in a real Rails app, but we need it here
+      # to test that PCO::URL cannot get tricked by a bad host, should an attacker
+      # somehow sneak one through by some other means.
+      config.hosts << "accounts.evilplanningcenter.com"
+    end
     config.secret_key_base = "123abc"
   end
 end

data/spec/requests/{dev_domain_spec.rb → domain_middleware_spec.rb}

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 require "spec_helper"
 
 describe PCO::URL::Engine::DomainMiddleware, type: :request do
-  context "in development mode" do
+  context "in development" do
     before do
       ENV["DEPLOY_ENV"] = Rails.env = "development"
     end
@@ -10,48 +12,51 @@ describe PCO::URL::Engine::DomainMiddleware, type: :request do
       host! "accounts.pco.test"
       get "/test"
       expect(response.body).to eq("http://people.pco.test")
+
       host! "accounts.pco.codes"
       get "/test"
       expect(response.body).to eq("http://people.pco.codes")
     end
   end
 
-  context "in test mode" do
+  context "in staging" do
     before do
-      ENV["DEPLOY_ENV"] = Rails.env = "test"
+      ENV["DEPLOY_ENV"] = Rails.env = "staging"
     end
 
     it "sets the generated URL domain to be the same as the host" do
-      host! "accounts.pco.test"
-      get "/test"
-      expect(response.body).to eq("http://people.pco.test")
-      host! "accounts.pco.codes"
+      host! "accounts-staging.planningcenteronline.com"
       get "/test"
-      expect(response.body).to eq("http://people.pco.test")
-    end
-  end
-
-  context "in staging mode" do
-    before do
-      ENV["DEPLOY_ENV"] = Rails.env = "staging"
-    end
+      expect(response.body).to eq("https://people-staging.planningcenteronline.com")
 
-    it "does not change the domain based on host" do
-      host! "accounts.pco.test"
+      host! "accounts-staging.planningcenter.com"
       get "/test"
-      expect(response.body).to eq("https://people-staging.planningcenteronline.com")
+      expect(response.body).to eq("https://people-staging.planningcenter.com")
     end
   end
 
-  context "in production mode" do
+  context "in production" do
     before do
       ENV["DEPLOY_ENV"] = Rails.env = "production"
     end
 
-    it "does not change the domain based on host" do
-      host! "accounts.pco.test"
+    it "sets the generated URL domain to be the same as the host" do
+      host! "accounts.planningcenteronline.com"
       get "/test"
       expect(response.body).to eq("https://people.planningcenteronline.com")
+
+      host! "accounts.planningcenter.com"
+      get "/test"
+      expect(response.body).to eq("https://people.planningcenter.com")
+    end
+
+    context "when the host is something unrecognized" do
+      before { host! "accounts.evilplanningcenter.com" }
+
+      it "sets the generated URL domain to be .planningcenteronline.com" do
+        get "/test"
+        expect(response.body).to eq("https://people.planningcenteronline.com")
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pco-url
 version: !ruby/object:Gem::Version
-  version: 2.1.3
+  version: 3.0.0
 platform: ruby
 authors:
 - James Miller
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-14 00:00:00.000000000 Z
+date: 2021-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: appraisal
@@ -128,10 +128,10 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- gemfiles/rails_5.0.gemfile
-- gemfiles/rails_5.1.gemfile
 - gemfiles/rails_5.2.gemfile
 - gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
+- gemfiles/rails_edge.gemfile
 - lib/pco/url.rb
 - lib/pco/url/church_center.rb
 - lib/pco/url/encryption.rb
@@ -146,7 +146,7 @@ files:
 - spec/pco/url/church_center_spec.rb
 - spec/pco/url/encryption_spec.rb
 - spec/pco_url_spec.rb
-- spec/requests/dev_domain_spec.rb
+- spec/requests/domain_middleware_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/ministrycentered/pco-url
 licenses:
@@ -167,7 +167,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.2.6
 signing_key: 
 specification_version: 4
 summary: Generate URLs for PCO apps in all environments
@@ -178,5 +178,5 @@ test_files:
 - spec/pco/url/church_center_spec.rb
 - spec/pco/url/encryption_spec.rb
 - spec/pco_url_spec.rb
-- spec/requests/dev_domain_spec.rb
+- spec/requests/domain_middleware_spec.rb
 - spec/spec_helper.rb