rack-cerberus 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +1 -0
- data/cerberus.gemspec +1 -1
- data/cerberus.rb +12 -2
- data/spec.rb +7 -0
- metadata +4 -4
data/README.md
CHANGED
|
@@ -85,6 +85,7 @@ Changelog
|
|
|
85
85
|
0.1.6 Send an Array instead of a string to Rack so that it works on Ruby 1.9
|
|
86
86
|
0.2.0 External CSS file + `:text_color` option + keep details after login failure
|
|
87
87
|
0.3.0 Now sends request as a 3rd argument to the block
|
|
88
|
+
0.3.1 Escape HTML in fields now that they are kept
|
|
88
89
|
|
|
89
90
|
Copyright
|
|
90
91
|
---------
|
data/cerberus.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'rack-cerberus'
|
|
3
|
-
s.version = "0.3.
|
|
3
|
+
s.version = "0.3.1"
|
|
4
4
|
s.platform = Gem::Platform::RUBY
|
|
5
5
|
s.summary = "A Rack middleware for form-based authentication"
|
|
6
6
|
s.description = "A Rack middleware for form-based authentication. Aim is a compromise between fonctionality, beauty and customization."
|
data/cerberus.rb
CHANGED
|
@@ -29,8 +29,11 @@ class Cerberus
|
|
|
29
29
|
-webkit-border-bottom-right-radius: 10px;
|
|
30
30
|
-moz-border-radius-bottomright: 10px;
|
|
31
31
|
border-bottom-right-radius: 10px;
|
|
32
|
+
-moz-box-shadow: 0px 0px 5px #333;
|
|
33
|
+
-webkit-box-shadow: 0px 0px 5px #333;
|
|
34
|
+
box-shadow: 0px 0px 5px #333;
|
|
32
35
|
background-color: %s; }
|
|
33
|
-
input { width:
|
|
36
|
+
input[type=text], input[type=password] { width: 392px; padding: 4px; border: 0px; font-size: 20px; }
|
|
34
37
|
</style>
|
|
35
38
|
%s
|
|
36
39
|
</head><body>
|
|
@@ -102,10 +105,17 @@ PAGE
|
|
|
102
105
|
401, {'Content-Type' => 'text/html'},
|
|
103
106
|
[AUTH_PAGE % [
|
|
104
107
|
@options[:company_name], @options[:bg_color], @options[:text_color], @options[:fg_color], css, @options[:company_name],
|
|
105
|
-
icon, err, env['REQUEST_URI'], req['cerberus_login']||'login', req['cerberus_pass']||'pass'
|
|
108
|
+
icon, err, env['REQUEST_URI'], html_escape(req['cerberus_login']||'login'), html_escape(req['cerberus_pass']||'pass')
|
|
106
109
|
]]
|
|
107
110
|
]
|
|
108
111
|
end
|
|
109
112
|
end
|
|
110
113
|
|
|
114
|
+
private
|
|
115
|
+
|
|
116
|
+
# Stolen from ERB
|
|
117
|
+
def html_escape(s)
|
|
118
|
+
s.to_s.gsub(/&/, "&").gsub(/\"/, """).gsub(/>/, ">").gsub(/</, "<")
|
|
119
|
+
end
|
|
120
|
+
|
|
111
121
|
end
|
data/spec.rb
CHANGED
|
@@ -36,6 +36,13 @@ describe 'cerberus' do
|
|
|
36
36
|
res.body.should.match(/name="cerberus_pass" value="fake_pass"/)
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
+
should 'Escape HTML on submitted info' do
|
|
40
|
+
res = req.post('/', :params => {'cerberus_login' => '<script>bad</script>', 'cerberus_pass' => '<script>bad</script>'})
|
|
41
|
+
res.status.should==401
|
|
42
|
+
res.body.should.match(/name="cerberus_login" value="<script>bad<\/script>"/)
|
|
43
|
+
res.body.should.match(/name="cerberus_pass" value="<script>bad<\/script>"/)
|
|
44
|
+
end
|
|
45
|
+
|
|
39
46
|
should 'Give access with the appropriate login and pass' do
|
|
40
47
|
res = req.get('/', :params => {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
|
|
41
48
|
cookie = res["Set-Cookie"]
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-cerberus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 17
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 3
|
|
9
|
-
-
|
|
10
|
-
version: 0.3.
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.3.1
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Mickael Riga
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-
|
|
18
|
+
date: 2011-11-21 00:00:00 +00:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies: []
|
|
21
21
|
|