rack-simple_csrf 1.0.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cc1560d053a3c6e140795a8ed52edbab6718888c
-  data.tar.gz: c35998ea6d6e873baf8f98bc2fa9dfe9f53c0372
+  metadata.gz: 3bd1ac436f818ec61c32035bda83691a1e3c1be6
+  data.tar.gz: 590eb39f69fba11d6e669dc0855aab8254f70924
 SHA512:
-  metadata.gz: 61ebfca10811016cf01de6267b27ba424efd4b56ef331ddae5a7a60a587d6d4c2fddb2aac581b25a6c4e4da1bdd5c9b7c020c69194e9e855e04deb80233e4e83
-  data.tar.gz: 93d11241740bc891deb13389154fc1f64e24a36c7a94493b655cccb2dc4a9d1abdb16c0f56557155fa89fa296ce734375b4ddc88a68111cdec55b05b2af3051e
+  metadata.gz: 5ef169dc22529a218fd7da48788db481a4d62c62e27fad34862cb6bfe7476e07e4ff97d5f5b8d18879174ec88b013a1a049c8d0eba55c99eae1223af20f30a38
+  data.tar.gz: d12cd87a46cfa4c9cbc547af1d472d53af636b968a70acbdbbcd3bbeb904b5b0a11fd601ba098d14c8de3b4b7ebbb39ce914c919a24c7174574c61092894175b

data/Readme.md

@@ -18,7 +18,8 @@ class MyApp < Sinatra::Base
 
   CSRF_SKIP_LIST = [
     "/my-path",
-    "POST:/my-other-path"
+    "POST:/my-other-path",
+    "/regexp-path/.*"
   ]
 
   class << self

data/lib/rack/simple_csrf.rb

@@ -31,29 +31,47 @@ module Rack
 
       @render_with = opts[:render_with]
       @header = opts.fetch(:header, "HTTP_X_CSRF_TOKEN")
-      @methods = (%w(POST PUT DELETE PATCH) + opts.fetch(:http_methods, [])).flatten.uniq
+      @methods = (%w(POST PUT DELETE PATCH) + \
+        opts.fetch(:http_methods, [])).flatten.uniq
     end
 
     def call(env, req = Rack::Request.new(env))
       raise_if_session_unavailable_for! req
       setup_csrf_for! req
+
       return @app.call(env) if continue?(req)
       @raise ? raise(CSRFFailedToValidateError) : render_error_for!(env)
     end
 
     private
     def continue?(req)
-      req.params[@field] == req.env["rack.session"][@key] ||
-      req.env[@header] == req.env["rack.session"][@key] ||
-      ! @methods.include?(req.request_method) || any_skips?(req)
+      req.params[@field] == req.env["rack.session"][@key] || \
+        req.env[@header] == req.env["rack.session"][@key] || \
+          ! @methods.include?(req.request_method) || \
+            any_skips?(req)
     end
 
     private
     def any_skips?(req)
-      (Array === @skip && @skip.any? do |url|
-        meth, path = Regexp.escape(req.request_method), Regexp.escape(req.path)
-        url =~ /^#{meth}:#{path}$/ || url =~ /^#{path}$/
-      end)
+      return false if ! @skip.is_a?(Array) || @skip.empty?
+      method  = Regexp.escape(req.request_method)
+      path    = Regexp.escape(req.path)
+      matched = @skip.select do |p|
+        p = p.split ":"
+        if p.size > 1
+          if method !~ /\A#{p[0]}\Z/
+            return false
+          end
+
+          p = p[1..-1].join ":"
+        end
+
+        if path =~ /\A#{p}\Z/
+          return true
+        end
+      end
+
+      matched.size > 0
     end
 
     private
@@ -70,22 +88,26 @@ module Rack
 
     private
     def render_error_for!(env)
-      Proc === @render_with ? @render_with.call(env) : [403, {}, ["Unauthorized"]]
+      @render_with.is_a?(Proc) ? @render_with.call(env) : \
+        [403, {}, ["Unauthorized"]]
     end
 
     module Helpers
       extend self
 
       def csrf_meta_tag(opts = {}, session = session)
-        %Q{<meta name="#{opts[:field] || "auth"}" content="#{session[opts[:key] || "csrf"]}">}
+        %Q{<meta name="#{opts[:field] || "auth"}" content="#{ \
+          session[opts[:key] || "csrf"]}">}
       end
 
       def csrf_form_tag(opts = {}, session = session)
         session_key = session[opts[:key] || "csrf"]
         tag = opts[:tag] || "div"
+
         <<-HTML.strip_heredoc(opts[:offset])
           <#{tag} class="hidden">
-            <input type="hidden" name="#{opts[:field] || "auth"}" value="#{session_key}">
+            <input type="hidden" name="#{ \
+              opts[:field] || "auth"}" value="#{session_key}">
           </#{tag}>
         HTML
       end

data/lib/rack/simple_csrf/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class SimpleCsrf
-    VERSION = "1.0.0"
+    VERSION = "1.2.0"
   end
 end

metadata

@@ -1,85 +1,71 @@
 --- !ruby/object:Gem::Specification
 name: rack-simple_csrf
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Jordon Bedwell
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-02-03 00:00:00.000000000 Z
+date: 2014-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :runtime
-  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.5'
-- !ruby/object:Gem::Dependency
-  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '2.14'
-  type: :development
+        version: '1.5'
   prerelease: false
+  type: :runtime
+- !ruby/object:Gem::Dependency
+  name: envygeeks-coveralls
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '2.14'
-- !ruby/object:Gem::Dependency
-  name: rspec-expect_error
+        version: '0.2'
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '0.0'
-  type: :development
+        version: '0.2'
   prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency
+  name: luna-rspec-formatters
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '0.0'
-- !ruby/object:Gem::Dependency
-  name: envygeeks-coveralls
+        version: '1.2'
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '0.0'
-  type: :development
+        version: '1.2'
   prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency
+  name: rspec
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '0.0'
-- !ruby/object:Gem::Dependency
-  name: luna-rspec-formatters
+        version: '3.0'
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '0.0'
-  type: :development
+        version: '3.0'
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '0.0'
+  type: :development
 description: A simpler CSRF middleware for Rack.
 email:
 - envygeeks@gmail.com
@@ -87,17 +73,17 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- Gemfile
-- License
-- Rakefile
 - Readme.md
+- Rakefile
+- License
+- Gemfile
 - lib/rack/csrf.rb
 - lib/rack/simple_csrf.rb
 - lib/rack/simple_csrf/version.rb
 homepage: https://envygeeks.com/projects/rack-csrf
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -112,9 +98,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.1
-signing_key: 
+rubyforge_project:
+rubygems_version: 2.1.9
+signing_key:
 specification_version: 4
 summary: A simpler CSRF middleware for Rack.
 test_files: []