rack-cerberus 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/lib/rack/cerberus.rb +38 -28
  3. data/lib/rack/cerberus/version.rb +1 -1
  4. data/test/test_rack_cerberus.rb +13 -11
  5. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: c0a16529022026e68a25f50bb8bd1755fcd95f15
4
- data.tar.gz: bba2b29bfd9675f3842d6bd11b2405e839ae5150
2
+ SHA256:
3
+ metadata.gz: 04476e934cbfbf2e5b6db0b2b3aa2fd9253054a5ce34c37e6f51f91ed4a86415
4
+ data.tar.gz: 77f9067621c9f7f234311af391da6b25c187b536eecf366a79877ab47b56cf6e
5
5
  SHA512:
6
- metadata.gz: 3a3dfd597dad091e6185bbeadce7eb2eca227b42d5a1e41e36903fad39a3e07d425d6f993b4e4dd82c3cdd51ecccc024b5f72fb026b57413312fff7569cb6082
7
- data.tar.gz: 8f02554ec221ef12534a814499a6afbeb76f9748d41ec99b4eeee44723e928300e7f2a8c86f3933185ba4fdc95883698b8ada41b423a427645c5920ee052d0b1
6
+ metadata.gz: da68f032303198d2cec6c7c8d447316212eedaf883536d4ce6a8b94f4e201f96be387ae8e1b8d261b6aab9c1c9ff574f46857f635966b785f39947c80753a10b
7
+ data.tar.gz: 17e5c4a22d00f599aecd0f8d28a43af0ab9c3b6b5d398f627a64fbdc47f5b8b00449e5c01df1907da39806376d49bc536d13f054539df3f834151e08a9a87e10
data/lib/rack/cerberus.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rack/utils'
2
4
  require 'rack/cerberus/version'
3
5
 
@@ -7,19 +9,18 @@ module Rack
7
9
 
8
10
  class NoSessionError < RuntimeError; end
9
11
 
10
- def self.new(*); ::Rack::MethodOverride.new(super); end
12
+ DEFAULTS = {
13
+ company_name: 'Cerberus',
14
+ bg_color: '#93a1a1',
15
+ fg_color: '#002b36',
16
+ text_color: '#fdf6e3',
17
+ session_key: 'cerberus_user',
18
+ forgot_password_uri: nil
19
+ }.freeze
11
20
 
12
21
  def initialize app, options={}, &block
13
- @app = app
14
- defaults = {
15
- company_name: 'Cerberus',
16
- bg_color: '#93a1a1',
17
- fg_color: '#002b36',
18
- text_color: '#fdf6e3',
19
- session_key: 'cerberus_user',
20
- forgot_password_uri: nil
21
- }
22
- @options = defaults.merge(options)
22
+ @app = ::Rack::MethodOverride.new(app)
23
+ @options = DEFAULTS.merge(options)
23
24
  @options[:icon] = @options[:icon_url].nil? ?
24
25
  '' :
25
26
  "<img src='#{@options[:icon_url]}' /><br />"
@@ -30,12 +31,8 @@ module Rack
30
31
  end
31
32
 
32
33
  def call env
33
- dup._call(env)
34
- end
35
-
36
- def _call env
37
- ensure_session env
38
34
  req = Rack::Request.new env
35
+ ensure_session req
39
36
  if (logged?(req) and !logging_out?(req)) or authorized?(req)
40
37
  ensure_logged! req
41
38
  if logging_out? req
@@ -50,8 +47,12 @@ module Rack
50
47
 
51
48
  private
52
49
 
53
- def ensure_session env
54
- if env['rack.session'].nil?
50
+ def session req
51
+ req.env['rack.session']
52
+ end
53
+
54
+ def ensure_session req
55
+ if session(req).nil?
55
56
  raise(NoSessionError, 'Cerberus cannot work without Session')
56
57
  end
57
58
  end
@@ -60,16 +61,20 @@ module Rack
60
61
  Rack::Utils.escape_html text
61
62
  end
62
63
 
64
+ CERBERUS_LOGIN = 'cerberus_login'
65
+
63
66
  def login req
64
- req.params['cerberus_login']
67
+ req.params[CERBERUS_LOGIN]
65
68
  end
66
69
 
70
+ CERBERUS_PASS = 'cerberus_pass'
71
+
67
72
  def pass req
68
- req.params['cerberus_pass']
73
+ req.params[CERBERUS_PASS]
69
74
  end
70
75
 
71
76
  def logged? req
72
- req.env['rack.session'][@options[:session_key]]!=nil
77
+ not session(req)[@options[:session_key]].nil?
73
78
  end
74
79
 
75
80
  def provided_fields? req
@@ -82,26 +87,31 @@ module Rack
82
87
  end
83
88
 
84
89
  def ensure_logged! req
85
- req.env['rack.session'][@options[:session_key]] ||= login(req)
90
+ session(req)[@options[:session_key]] ||= login(req)
86
91
  end
87
92
 
88
93
  def ensure_logged_out! req
89
- req.env['rack.session'].delete @options[:session_key]
94
+ session(req).delete @options[:session_key]
90
95
  end
91
96
 
97
+ LOGOUT_PATH = '/logout'
98
+
92
99
  def logging_out? req
93
- req.path_info=='/logout'
100
+ req.path_info == LOGOUT_PATH
94
101
  end
95
102
 
96
103
  def logout_response req
97
104
  res = Rack::Response.new
98
- res.redirect(req.script_name=='' ? '/' : req.script_name)
105
+ res.redirect(req.script_name.empty? ? '/' : req.script_name)
99
106
  res.finish
100
107
  end
101
108
 
109
+ ERROR_HTML_MSG = '<p class=\'err\'>Wrong login or password</p>'
110
+ HTML_HEADERS = {'Content-Type' => 'text/html'}
111
+
102
112
  def form_response req
103
113
  if provided_fields? req
104
- error = "<p class='err'>Wrong login or password</p>"
114
+ error = ERROR_HTML_MSG
105
115
  unless @options[:forgot_password_uri].nil?
106
116
  forgot_password = FORGOT_PASSWORD % {
107
117
  action: @options[:forgot_password_uri],
@@ -111,9 +121,9 @@ module Rack
111
121
  end
112
122
  ensure_logged_out! req
113
123
  [
114
- 401, {'Content-Type' => 'text/html'},
124
+ 401, HTML_HEADERS,
115
125
  [AUTH_PAGE % @options.merge({
116
- error: error, submit_path: h(req.env['REQUEST_URI']),
126
+ error: error, submit_path: req.fullpath,
117
127
  forgot_password: forgot_password,
118
128
  request_method: req.request_method,
119
129
  login: h(login(req)),
data/lib/rack/cerberus/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Rack
2
2
  class Cerberus
3
- VERSION = '1.1.1'
3
+ VERSION = '1.1.2'
4
4
  end
5
5
  end
6
6
 
data/test/test_rack_cerberus.rb CHANGED
@@ -11,10 +11,11 @@ class TestRackCerberus < Minitest::Test
11
11
 
12
12
  def secret_app
13
13
  lambda {|env|
14
+ req = Rack::Request.new env
14
15
  [
15
16
  200,
16
17
  {'Content-Type'=>'text/plain'},
17
- "#{env['REQUEST_METHOD']} #{env['rack.session'].inspect}"
18
+ ["#{env['REQUEST_METHOD']} #{req.fullpath} #{env['rack.session'].inspect}"]
18
19
  ]
19
20
  }
20
21
  end
@@ -22,7 +23,7 @@ class TestRackCerberus < Minitest::Test
22
23
  def cerberus_app cerberus_options={}
23
24
  Rack::Cerberus.new(secret_app, cerberus_options) do |login,pass|
24
25
  [login,pass]==['mario@nintendo.com','bros']
25
- end
26
+ end.freeze
26
27
  end
27
28
 
28
29
  def mounted_app mount_path='/', cerberus_options={}
@@ -31,7 +32,7 @@ class TestRackCerberus < Minitest::Test
31
32
  })
32
33
  end
33
34
 
34
- def app; @app; end
35
+ def app; Rack::Lint.new(@app); end
35
36
 
36
37
  def body
37
38
  last_response.body
@@ -101,10 +102,11 @@ class TestRackCerberus < Minitest::Test
101
102
  end
102
103
 
103
104
  def test_calls_final_page_with_original_method
104
- get '/'
105
+ get '/foo/bar?var=1'
105
106
  assert_match 'name="_method" value="GET"', body
106
- post '/', correct_logins.merge({'_method'=>'GET'})
107
- assert_match /^GET/, body
107
+ assert_match 'action="/foo/bar?var=1"', body
108
+ post '/foo/bar?var=1', correct_logins.merge({'_method'=>'GET'})
109
+ assert body.start_with?('GET /foo/bar?var=1 ')
108
110
  end
109
111
 
110
112
  def test_stay_authorized_once_logged
@@ -155,22 +157,22 @@ class TestRackCerberus < Minitest::Test
155
157
  @app = mounted_app '/', forgot_password_uri: '/forgot-password'
156
158
  post '/', wrong_logins
157
159
  assert_equal 401, last_response.status
158
- assert_match /form action="\/forgot-password" method="post"/, body
159
- assert_match /type="hidden" name="cerberus_login" value="fake_login"/, body
160
+ assert_match(/form action="\/forgot-password" method="post"/, body)
161
+ assert_match(/type="hidden" name="cerberus_login" value="fake_login"/, body)
160
162
  end
161
163
 
162
164
  def test_forgot_password_uri_when_logins_not_provided
163
165
  @app = mounted_app '/', forgot_password_uri: '/forgot-password'
164
166
  post '/'
165
167
  assert_equal 401, last_response.status
166
- refute_match /form action="\/forgot-password" method="post"/, body
167
- refute_match /type="hidden" name="cerberus_login" value="fake_login"/, body
168
+ refute_match(/form action="\/forgot-password" method="post"/, body)
169
+ refute_match(/type="hidden" name="cerberus_login" value="fake_login"/, body)
168
170
  end
169
171
 
170
172
  def test_no_forgot_password_form_when_no_uri
171
173
  post '/', wrong_logins
172
174
  assert_equal 401, last_response.status
173
- refute_match /form action="\/forgot-password" method="post"/, body
175
+ refute_match(/form action="\/forgot-password" method="post"/, body)
174
176
  end
175
177
 
176
178
  def test_forgot_password_submitted_info_is_html_escaped
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-cerberus
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.1
4
+ version: 1.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mickael Riga
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-04 00:00:00.000000000 Z
11
+ date: 2019-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -104,8 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
104
104
  - !ruby/object:Gem::Version
105
105
  version: '0'
106
106
  requirements: []
107
- rubyforge_project:
108
- rubygems_version: 2.6.13
107
+ rubygems_version: 3.0.3
109
108
  signing_key:
110
109
  specification_version: 4
111
110
  summary: A Rack middleware for form-based authentication