rack-cerberus 1.0.5 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/rack/cerberus.rb +95 -71
- data/lib/rack/cerberus/version.rb +1 -1
- data/test/test_rack_cerberus.rb +32 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d5be22a712c8f939dc7e1c7d0553790a523b66d1
|
|
4
|
+
data.tar.gz: a2a95fcf19e13b89b48dae89991bdefac7aa3068
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 38d848a439fd4674ce640badfe8a1ffa6437da8fd2e83f03c8ec7bcab7209cf0a9efe580e5ea9a3da3a178dfd05129173f7c164e55fd62c15204f79e9a4b3535
|
|
7
|
+
data.tar.gz: 239191c798d5988020c1ddfd02f8cd797f9333fcfe984a0c21203ecdf8635a202013f925e8411e18f36d82a3000bbbfdf86bd532cb079f9fcdba055a5051beac
|
data/lib/rack/cerberus.rb
CHANGED
|
@@ -16,7 +16,8 @@ module Rack
|
|
|
16
16
|
bg_color: '#93a1a1',
|
|
17
17
|
fg_color: '#002b36',
|
|
18
18
|
text_color: '#fdf6e3',
|
|
19
|
-
session_key: 'cerberus_user'
|
|
19
|
+
session_key: 'cerberus_user',
|
|
20
|
+
forgot_password_uri: nil
|
|
20
21
|
}
|
|
21
22
|
@options = defaults.merge(options)
|
|
22
23
|
@options[:icon] = @options[:icon_url].nil? ?
|
|
@@ -101,12 +102,19 @@ module Rack
|
|
|
101
102
|
def form_response req
|
|
102
103
|
if provided_fields? req
|
|
103
104
|
error = "<p class='err'>Wrong login or password</p>"
|
|
105
|
+
unless @options[:forgot_password_uri].nil?
|
|
106
|
+
forgot_password = FORGOT_PASSWORD % {
|
|
107
|
+
action: @options[:forgot_password_uri],
|
|
108
|
+
login: h(login(req))
|
|
109
|
+
}
|
|
110
|
+
end
|
|
104
111
|
end
|
|
105
112
|
ensure_logged_out! req
|
|
106
113
|
[
|
|
107
114
|
401, {'Content-Type' => 'text/html'},
|
|
108
115
|
[AUTH_PAGE % @options.merge({
|
|
109
116
|
error: error, submit_path: h(req.env['REQUEST_URI']),
|
|
117
|
+
forgot_password: forgot_password,
|
|
110
118
|
request_method: req.request_method,
|
|
111
119
|
login: h(login(req)),
|
|
112
120
|
pass: h(pass(req))
|
|
@@ -116,78 +124,94 @@ module Rack
|
|
|
116
124
|
|
|
117
125
|
AUTH_PAGE = <<-PAGE
|
|
118
126
|
<!DOCTYPE html>
|
|
119
|
-
<html
|
|
120
|
-
<
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
<
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
127
|
+
<html>
|
|
128
|
+
<head>
|
|
129
|
+
<title>%{company_name} Authentication</title>
|
|
130
|
+
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
|
131
|
+
<style type='text/css'>
|
|
132
|
+
* {
|
|
133
|
+
-moz-box-sizing: border-box;
|
|
134
|
+
-ms-box-sizing: border-box;
|
|
135
|
+
box-sizing: border-box;
|
|
136
|
+
}
|
|
137
|
+
body {
|
|
138
|
+
background-color: %{bg_color};
|
|
139
|
+
font-family: sans-serif;
|
|
140
|
+
text-align: center;
|
|
141
|
+
margin: 0px;
|
|
142
|
+
}
|
|
143
|
+
h1, p { color: %{text_color}; }
|
|
144
|
+
.err {
|
|
145
|
+
padding: 1em;
|
|
146
|
+
-moz-border-radius: 3px;
|
|
147
|
+
-webkit-border-radius: 3px;
|
|
148
|
+
border-radius: 3px;
|
|
149
|
+
background-color: #dc322f; color: white;
|
|
150
|
+
}
|
|
151
|
+
div {
|
|
152
|
+
text-align: left;
|
|
153
|
+
width: 500px;
|
|
154
|
+
margin: 0px auto; padding: 2em;
|
|
155
|
+
-webkit-border-bottom-left-radius: 3px;
|
|
156
|
+
-moz-border-radius-bottomleft: 3px;
|
|
157
|
+
border-bottom-left-radius: 3px;
|
|
158
|
+
-webkit-border-bottom-right-radius: 3px;
|
|
159
|
+
-moz-border-radius-bottomright: 3px;
|
|
160
|
+
border-bottom-right-radius: 3px;
|
|
161
|
+
-moz-box-shadow: 0px 0px 5px #333;
|
|
162
|
+
-webkit-box-shadow: 0px 0px 5px #555;
|
|
163
|
+
box-shadow: 0px 0px 5px #555;
|
|
164
|
+
background-color: %{fg_color};
|
|
165
|
+
}
|
|
166
|
+
input[type=text], input[type=password] {
|
|
167
|
+
display: block;
|
|
168
|
+
width: 100%%;
|
|
169
|
+
padding: 0.5em;
|
|
170
|
+
border: 0px;
|
|
171
|
+
font-size: 1.25em;
|
|
172
|
+
background-color: %{text_color};
|
|
173
|
+
}
|
|
174
|
+
input[type=submit] {
|
|
175
|
+
background-color: %{bg_color}; color: %{fg_color};
|
|
176
|
+
padding: 0.5em; border: 0;
|
|
177
|
+
-webkit-appearance: none;
|
|
178
|
+
-moz-appearance: none;
|
|
179
|
+
appearance: none;
|
|
180
|
+
cursor: pointer;
|
|
181
|
+
}
|
|
182
|
+
input[type=submit]:hover { background-color: %{text_color}; }
|
|
183
|
+
::-webkit-input-placeholder { color: %{bg_color}; }
|
|
184
|
+
:-moz-placeholder { color: %{bg_color}; }
|
|
185
|
+
::-moz-placeholder { color: %{bg_color}; }
|
|
186
|
+
:-ms-input-placeholder { color: %{bg_color}; }
|
|
187
|
+
</style>
|
|
188
|
+
%{css}
|
|
189
|
+
</head>
|
|
190
|
+
<body>
|
|
191
|
+
<div>
|
|
192
|
+
<h1>%{company_name}</h1>
|
|
193
|
+
%{icon}
|
|
194
|
+
%{error}
|
|
195
|
+
<p>Please Sign In</p>
|
|
196
|
+
<form action="%{submit_path}" method="post" accept-charset="utf-8">
|
|
197
|
+
<input type="text" name="cerberus_login" value="%{login}" id='login' title='Login' placeholder='Login'><br />
|
|
198
|
+
<input type="password" name="cerberus_pass" value="%{pass}" id='pass' title='Password' placeholder='Password'>
|
|
199
|
+
<input type="hidden" name="_method" value="%{request_method}">
|
|
200
|
+
<p><input type="submit" value="SIGN IN →"></p>
|
|
201
|
+
</form>
|
|
202
|
+
%{forgot_password}
|
|
203
|
+
</div>
|
|
204
|
+
</body>
|
|
205
|
+
</html>
|
|
189
206
|
PAGE
|
|
190
207
|
|
|
208
|
+
FORGOT_PASSWORD = <<-FORM
|
|
209
|
+
<form action="%{action}" method="post" accept-charset="utf-8">
|
|
210
|
+
<input type="hidden" name="cerberus_login" value="%{login}" />
|
|
211
|
+
<p><input type="submit" value="Forgot your password? →"></p>
|
|
212
|
+
</form>
|
|
213
|
+
FORM
|
|
214
|
+
|
|
191
215
|
end
|
|
192
216
|
|
|
193
217
|
end
|
data/test/test_rack_cerberus.rb
CHANGED
|
@@ -151,5 +151,37 @@ class TestRackCerberus < Minitest::Test
|
|
|
151
151
|
assert_match '"different_user"=>"mario@nintendo.com"', body
|
|
152
152
|
end
|
|
153
153
|
|
|
154
|
+
def test_forgot_password_uri_when_logins_provided
|
|
155
|
+
@app = mounted_app '/', forgot_password_uri: '/forgot-password'
|
|
156
|
+
post '/', wrong_logins
|
|
157
|
+
assert_equal 401, last_response.status
|
|
158
|
+
assert_match /form action="\/forgot-password" method="post"/, body
|
|
159
|
+
assert_match /type="hidden" name="cerberus_login" value="fake_login"/, body
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
def test_forgot_password_uri_when_logins_not_provided
|
|
163
|
+
@app = mounted_app '/', forgot_password_uri: '/forgot-password'
|
|
164
|
+
post '/'
|
|
165
|
+
assert_equal 401, last_response.status
|
|
166
|
+
refute_match /form action="\/forgot-password" method="post"/, body
|
|
167
|
+
refute_match /type="hidden" name="cerberus_login" value="fake_login"/, body
|
|
168
|
+
end
|
|
169
|
+
|
|
170
|
+
def test_no_forgot_password_form_when_no_uri
|
|
171
|
+
post '/', wrong_logins
|
|
172
|
+
assert_equal 401, last_response.status
|
|
173
|
+
refute_match /form action="\/forgot-password" method="post"/, body
|
|
174
|
+
end
|
|
175
|
+
|
|
176
|
+
def test_forgot_password_submitted_info_is_html_escaped
|
|
177
|
+
@app = mounted_app '/', forgot_password_uri: '/forgot-password'
|
|
178
|
+
post('/', {
|
|
179
|
+
'cerberus_login' => '<script>bad</script>',
|
|
180
|
+
'cerberus_pass' => '<script>bad</script>'
|
|
181
|
+
})
|
|
182
|
+
assert_match 'bad', body
|
|
183
|
+
refute_match '<script>bad</script>', body
|
|
184
|
+
end
|
|
185
|
+
|
|
154
186
|
end
|
|
155
187
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-cerberus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mickael Riga
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-11-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -105,7 +105,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
105
105
|
version: '0'
|
|
106
106
|
requirements: []
|
|
107
107
|
rubyforge_project:
|
|
108
|
-
rubygems_version: 2.6.
|
|
108
|
+
rubygems_version: 2.6.13
|
|
109
109
|
signing_key:
|
|
110
110
|
specification_version: 4
|
|
111
111
|
summary: A Rack middleware for form-based authentication
|