rack-cerberus 1.1.1 → 1.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/lib/rack/cerberus.rb +38 -28
  3. data/lib/rack/cerberus/version.rb +1 -1
  4. data/test/test_rack_cerberus.rb +13 -11
  5. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: c0a16529022026e68a25f50bb8bd1755fcd95f15
4
- data.tar.gz: bba2b29bfd9675f3842d6bd11b2405e839ae5150
2
+ SHA256:
3
+ metadata.gz: 04476e934cbfbf2e5b6db0b2b3aa2fd9253054a5ce34c37e6f51f91ed4a86415
4
+ data.tar.gz: 77f9067621c9f7f234311af391da6b25c187b536eecf366a79877ab47b56cf6e
5
5
  SHA512:
6
- metadata.gz: 3a3dfd597dad091e6185bbeadce7eb2eca227b42d5a1e41e36903fad39a3e07d425d6f993b4e4dd82c3cdd51ecccc024b5f72fb026b57413312fff7569cb6082
7
- data.tar.gz: 8f02554ec221ef12534a814499a6afbeb76f9748d41ec99b4eeee44723e928300e7f2a8c86f3933185ba4fdc95883698b8ada41b423a427645c5920ee052d0b1
6
+ metadata.gz: da68f032303198d2cec6c7c8d447316212eedaf883536d4ce6a8b94f4e201f96be387ae8e1b8d261b6aab9c1c9ff574f46857f635966b785f39947c80753a10b
7
+ data.tar.gz: 17e5c4a22d00f599aecd0f8d28a43af0ab9c3b6b5d398f627a64fbdc47f5b8b00449e5c01df1907da39806376d49bc536d13f054539df3f834151e08a9a87e10
data/lib/rack/cerberus.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rack/utils'
2
4
  require 'rack/cerberus/version'
3
5
 
@@ -7,19 +9,18 @@ module Rack
7
9
 
8
10
  class NoSessionError < RuntimeError; end
9
11
 
10
- def self.new(*); ::Rack::MethodOverride.new(super); end
12
+ DEFAULTS = {
13
+ company_name: 'Cerberus',
14
+ bg_color: '#93a1a1',
15
+ fg_color: '#002b36',
16
+ text_color: '#fdf6e3',
17
+ session_key: 'cerberus_user',
18
+ forgot_password_uri: nil
19
+ }.freeze
11
20
 
12
21
  def initialize app, options={}, &block
13
- @app = app
14
- defaults = {
15
- company_name: 'Cerberus',
16
- bg_color: '#93a1a1',
17
- fg_color: '#002b36',
18
- text_color: '#fdf6e3',
19
- session_key: 'cerberus_user',
20
- forgot_password_uri: nil
21
- }
22
- @options = defaults.merge(options)
22
+ @app = ::Rack::MethodOverride.new(app)
23
+ @options = DEFAULTS.merge(options)
23
24
  @options[:icon] = @options[:icon_url].nil? ?
24
25
  '' :
25
26
  "<img src='#{@options[:icon_url]}' /><br />"
@@ -30,12 +31,8 @@ module Rack
30
31
  end
31
32
 
32
33
  def call env
33
- dup._call(env)
34
- end
35
-
36
- def _call env
37
- ensure_session env
38
34
  req = Rack::Request.new env
35
+ ensure_session req
39
36
  if (logged?(req) and !logging_out?(req)) or authorized?(req)
40
37
  ensure_logged! req
41
38
  if logging_out? req
@@ -50,8 +47,12 @@ module Rack
50
47
 
51
48
  private
52
49
 
53
- def ensure_session env
54
- if env['rack.session'].nil?
50
+ def session req
51
+ req.env['rack.session']
52
+ end
53
+
54
+ def ensure_session req
55
+ if session(req).nil?
55
56
  raise(NoSessionError, 'Cerberus cannot work without Session')
56
57
  end
57
58
  end
@@ -60,16 +61,20 @@ module Rack
60
61
  Rack::Utils.escape_html text
61
62
  end
62
63
 
64
+ CERBERUS_LOGIN = 'cerberus_login'
65
+
63
66
  def login req
64
- req.params['cerberus_login']
67
+ req.params[CERBERUS_LOGIN]
65
68
  end
66
69
 
70
+ CERBERUS_PASS = 'cerberus_pass'
71
+
67
72
  def pass req
68
- req.params['cerberus_pass']
73
+ req.params[CERBERUS_PASS]
69
74
  end
70
75
 
71
76
  def logged? req
72
- req.env['rack.session'][@options[:session_key]]!=nil
77
+ not session(req)[@options[:session_key]].nil?
73
78
  end
74
79
 
75
80
  def provided_fields? req
@@ -82,26 +87,31 @@ module Rack
82
87
  end
83
88
 
84
89
  def ensure_logged! req
85
- req.env['rack.session'][@options[:session_key]] ||= login(req)
90
+ session(req)[@options[:session_key]] ||= login(req)
86
91
  end
87
92
 
88
93
  def ensure_logged_out! req
89
- req.env['rack.session'].delete @options[:session_key]
94
+ session(req).delete @options[:session_key]
90
95
  end
91
96
 
97
+ LOGOUT_PATH = '/logout'
98
+
92
99
  def logging_out? req
93
- req.path_info=='/logout'
100
+ req.path_info == LOGOUT_PATH
94
101
  end
95
102
 
96
103
  def logout_response req
97
104
  res = Rack::Response.new
98
- res.redirect(req.script_name=='' ? '/' : req.script_name)
105
+ res.redirect(req.script_name.empty? ? '/' : req.script_name)
99
106
  res.finish
100
107
  end
101
108
 
109
+ ERROR_HTML_MSG = '<p class=\'err\'>Wrong login or password</p>'
110
+ HTML_HEADERS = {'Content-Type' => 'text/html'}
111
+
102
112
  def form_response req
103
113
  if provided_fields? req
104
- error = "<p class='err'>Wrong login or password</p>"
114
+ error = ERROR_HTML_MSG
105
115
  unless @options[:forgot_password_uri].nil?
106
116
  forgot_password = FORGOT_PASSWORD % {
107
117
  action: @options[:forgot_password_uri],
@@ -111,9 +121,9 @@ module Rack
111
121
  end
112
122
  ensure_logged_out! req
113
123
  [
114
- 401, {'Content-Type' => 'text/html'},
124
+ 401, HTML_HEADERS,
115
125
  [AUTH_PAGE % @options.merge({
116
- error: error, submit_path: h(req.env['REQUEST_URI']),
126
+ error: error, submit_path: req.fullpath,
117
127
  forgot_password: forgot_password,
118
128
  request_method: req.request_method,
119
129
  login: h(login(req)),
data/lib/rack/cerberus/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Rack
2
2
  class Cerberus
3
- VERSION = '1.1.1'
3
+ VERSION = '1.1.2'
4
4
  end
5
5
  end
6
6
 
data/test/test_rack_cerberus.rb CHANGED
@@ -11,10 +11,11 @@ class TestRackCerberus < Minitest::Test
11
11
 
12
12
  def secret_app
13
13
  lambda {|env|
14
+ req = Rack::Request.new env
14
15
  [
15
16
  200,
16
17
  {'Content-Type'=>'text/plain'},
17
- "#{env['REQUEST_METHOD']} #{env['rack.session'].inspect}"
18
+ ["#{env['REQUEST_METHOD']} #{req.fullpath} #{env['rack.session'].inspect}"]
18
19
  ]
19
20
  }
20
21
  end
@@ -22,7 +23,7 @@ class TestRackCerberus < Minitest::Test
22
23
  def cerberus_app cerberus_options={}
23
24
  Rack::Cerberus.new(secret_app, cerberus_options) do |login,pass|
24
25
  [login,pass]==['mario@nintendo.com','bros']
25
- end
26
+ end.freeze
26
27
  end
27
28
 
28
29
  def mounted_app mount_path='/', cerberus_options={}
@@ -31,7 +32,7 @@ class TestRackCerberus < Minitest::Test
31
32
  })
32
33
  end
33
34
 
34
- def app; @app; end
35
+ def app; Rack::Lint.new(@app); end
35
36
 
36
37
  def body
37
38
  last_response.body
@@ -101,10 +102,11 @@ class TestRackCerberus < Minitest::Test
101
102
  end
102
103
 
103
104
  def test_calls_final_page_with_original_method
104
- get '/'
105
+ get '/foo/bar?var=1'
105
106
  assert_match 'name="_method" value="GET"', body
106
- post '/', correct_logins.merge({'_method'=>'GET'})
107
- assert_match /^GET/, body
107
+ assert_match 'action="/foo/bar?var=1"', body
108
+ post '/foo/bar?var=1', correct_logins.merge({'_method'=>'GET'})
109
+ assert body.start_with?('GET /foo/bar?var=1 ')
108
110
  end
109
111
 
110
112
  def test_stay_authorized_once_logged
@@ -155,22 +157,22 @@ class TestRackCerberus < Minitest::Test
155
157
  @app = mounted_app '/', forgot_password_uri: '/forgot-password'
156
158
  post '/', wrong_logins
157
159
  assert_equal 401, last_response.status
158
- assert_match /form action="\/forgot-password" method="post"/, body
159
- assert_match /type="hidden" name="cerberus_login" value="fake_login"/, body
160
+ assert_match(/form action="\/forgot-password" method="post"/, body)
161
+ assert_match(/type="hidden" name="cerberus_login" value="fake_login"/, body)
160
162
  end
161
163
 
162
164
  def test_forgot_password_uri_when_logins_not_provided
163
165
  @app = mounted_app '/', forgot_password_uri: '/forgot-password'
164
166
  post '/'
165
167
  assert_equal 401, last_response.status
166
- refute_match /form action="\/forgot-password" method="post"/, body
167
- refute_match /type="hidden" name="cerberus_login" value="fake_login"/, body
168
+ refute_match(/form action="\/forgot-password" method="post"/, body)
169
+ refute_match(/type="hidden" name="cerberus_login" value="fake_login"/, body)
168
170
  end
169
171
 
170
172
  def test_no_forgot_password_form_when_no_uri
171
173
  post '/', wrong_logins
172
174
  assert_equal 401, last_response.status
173
- refute_match /form action="\/forgot-password" method="post"/, body
175
+ refute_match(/form action="\/forgot-password" method="post"/, body)
174
176
  end
175
177
 
176
178
  def test_forgot_password_submitted_info_is_html_escaped
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-cerberus
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.1
4
+ version: 1.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mickael Riga
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-04 00:00:00.000000000 Z
11
+ date: 2019-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -104,8 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
104
104
  - !ruby/object:Gem::Version
105
105
  version: '0'
106
106
  requirements: []
107
- rubyforge_project:
108
- rubygems_version: 2.6.13
107
+ rubygems_version: 3.0.3
109
108
  signing_key:
110
109
  specification_version: 4
111
110
  summary: A Rack middleware for form-based authentication