rack-cerberus 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/rack/cerberus.rb +5 -1
- data/spec/rack_cerberus_spec.rb +21 -5
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bda08956b38e4898a4230985bf562a70a9ecf50a
|
|
4
|
+
data.tar.gz: 6a3e4ebddeafa5208a32babee28ab3e0fea06d31
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e5d2fec915ce81fd648339e7f6aefc5f12dca26df92b84c20116f569c3b3d99ea657e2bbd7325e2cb272398c31b1e4211a08aeedcf6e3ecadee06e3a3c3ceb98
|
|
7
|
+
data.tar.gz: 2232cd7f89419f33b95a9ee0c8f51c46bb7f5de7d1666ff098dc953714383b8a9906103f61689edf6bb02028ee05dd16f9a47ca28a6b61abaf05f4837966f37a
|
data/lib/rack/cerberus.rb
CHANGED
|
@@ -4,9 +4,11 @@ module Rack
|
|
|
4
4
|
|
|
5
5
|
class Cerberus
|
|
6
6
|
|
|
7
|
-
VERSION = '1.0.
|
|
7
|
+
VERSION = '1.0.1'
|
|
8
8
|
|
|
9
9
|
class NoSessionError < RuntimeError; end
|
|
10
|
+
|
|
11
|
+
def self.new(*); ::Rack::MethodOverride.new(super); end
|
|
10
12
|
|
|
11
13
|
def initialize(app, options={}, &block)
|
|
12
14
|
@app = app
|
|
@@ -49,6 +51,7 @@ module Rack
|
|
|
49
51
|
401, {'Content-Type' => 'text/html'},
|
|
50
52
|
[AUTH_PAGE % @options.merge({
|
|
51
53
|
error: err, submit_path: env['REQUEST_URI'],
|
|
54
|
+
request_method: req.request_method,
|
|
52
55
|
login: Rack::Utils.escape_html(login),
|
|
53
56
|
pass: Rack::Utils.escape_html(pass)
|
|
54
57
|
})]
|
|
@@ -107,6 +110,7 @@ module Rack
|
|
|
107
110
|
<form action="%{submit_path}" method="post" accept-charset="utf-8">
|
|
108
111
|
<input type="text" name="cerberus_login" value="%{login}" id='login' title='Login' placeholder='Login'><br />
|
|
109
112
|
<input type="password" name="cerberus_pass" value="%{pass}" id='pass' title='Password' placeholder='Password'>
|
|
113
|
+
<input type="hidden" name="_method" value="%{request_method}">
|
|
110
114
|
<p><input type="submit" value="SIGN IN →"></p>
|
|
111
115
|
</form>
|
|
112
116
|
<script type="text/javascript" charset="utf-8">
|
data/spec/rack_cerberus_spec.rb
CHANGED
|
@@ -40,8 +40,8 @@ RSpec.describe Rack::Cerberus do
|
|
|
40
40
|
expect(last_response.status).to eq 401
|
|
41
41
|
body = last_response.body
|
|
42
42
|
expect(body.class).to eq String
|
|
43
|
-
expect(body).to
|
|
44
|
-
expect(body).to
|
|
43
|
+
expect(body).to include('name="cerberus_login" value=""')
|
|
44
|
+
expect(body).to include('name="cerberus_pass" value=""')
|
|
45
45
|
end
|
|
46
46
|
end
|
|
47
47
|
|
|
@@ -51,12 +51,12 @@ RSpec.describe Rack::Cerberus do
|
|
|
51
51
|
it 'Stops requests' do
|
|
52
52
|
post('/', {'cerberus_login' => 'fake_login', 'cerberus_pass' => 'fake_pass'})
|
|
53
53
|
expect(last_response.status).to eq 401
|
|
54
|
-
expect(last_response.body).to
|
|
54
|
+
expect(last_response.body).to include('Wrong login or password')
|
|
55
55
|
end
|
|
56
56
|
it 'Keeps what was entered in the fields' do
|
|
57
57
|
post('/', {'cerberus_login' => 'fake_login', 'cerberus_pass' => 'fake_pass'})
|
|
58
|
-
expect(last_response.body).to
|
|
59
|
-
expect(last_response.body).to
|
|
58
|
+
expect(last_response.body).to include('name="cerberus_login" value="fake_login"')
|
|
59
|
+
expect(last_response.body).to include('name="cerberus_pass" value="fake_pass"')
|
|
60
60
|
end
|
|
61
61
|
it 'Escapes HTML on submitted info' do
|
|
62
62
|
expect(Rack::Utils).to receive(:escape_html).with('<script>bad</script>').twice
|
|
@@ -65,10 +65,25 @@ RSpec.describe Rack::Cerberus do
|
|
|
65
65
|
end
|
|
66
66
|
|
|
67
67
|
context 'Login details are correct' do
|
|
68
|
+
let(:secret_app) {
|
|
69
|
+
lambda {|env|
|
|
70
|
+
[200, {'Content-Type'=>'text/plain'}, env['REQUEST_METHOD']]
|
|
71
|
+
}
|
|
72
|
+
}
|
|
68
73
|
it 'Gives access' do
|
|
69
74
|
get('/', {'cerberus_login' => 'mario@nintendo.com', 'cerberus_pass' => 'bros'})
|
|
70
75
|
expect(last_response.status).to eq 200
|
|
71
76
|
end
|
|
77
|
+
it 'Calls the final page with the original method' do
|
|
78
|
+
get('/')
|
|
79
|
+
expect(last_response.body).to include('name="_method" value="GET"')
|
|
80
|
+
post('/', {
|
|
81
|
+
'cerberus_login' => 'mario@nintendo.com',
|
|
82
|
+
'cerberus_pass' => 'bros',
|
|
83
|
+
'_method' => 'GET'
|
|
84
|
+
})
|
|
85
|
+
expect(last_response.body).to eq 'GET'
|
|
86
|
+
end
|
|
72
87
|
end
|
|
73
88
|
|
|
74
89
|
end
|
|
@@ -131,3 +146,4 @@ RSpec.describe Rack::Cerberus do
|
|
|
131
146
|
end
|
|
132
147
|
|
|
133
148
|
end
|
|
149
|
+
|