rack_csrf 2.4.0 → 2.5.0

data/spec/csrf_spec.rb

@@ -185,7 +185,7 @@ describe Rack::Csrf do
       let(:csrf) { Rack::Csrf.new nil }
 
       it 'should run the check' do
-        csrf.send(:skip_checking, request).should be_false
+        csrf.send(:skip_checking, request).should be false
       end
     end
 
@@ -193,7 +193,7 @@ describe Rack::Csrf do
       let(:csrf) { Rack::Csrf.new nil, :skip => ['POST:/hello'] }
 
       it 'should not run the check' do
-        csrf.send(:skip_checking, request).should be_true
+        csrf.send(:skip_checking, request).should be true
       end
     end
 
@@ -202,7 +202,7 @@ describe Rack::Csrf do
         let(:csrf) { Rack::Csrf.new nil, :skip_if => lambda { |req| req.env.key?('HTTP_X_VERY_SPECIAL_HEADER') } }
 
         it 'should not run the check' do
-          csrf.send(:skip_checking, request).should be_true
+          csrf.send(:skip_checking, request).should be true
         end
       end
 
@@ -211,7 +211,7 @@ describe Rack::Csrf do
           let(:csrf) { Rack::Csrf.new nil, :check_only => [] }
 
           it 'should run the check' do
-            csrf.send(:skip_checking, request).should be_false
+            csrf.send(:skip_checking, request).should be false
           end
         end
 
@@ -220,7 +220,7 @@ describe Rack::Csrf do
             let(:csrf) { Rack::Csrf.new nil, :check_only => ['POST:/hello'] }
 
             it 'should run the check' do
-              csrf.send(:skip_checking, request).should be_false
+              csrf.send(:skip_checking, request).should be false
             end
           end
 
@@ -228,7 +228,7 @@ describe Rack::Csrf do
             let(:csrf) { Rack::Csrf.new nil, :check_only => ['POST:/ciao'] }
 
             it 'should not run the check' do
-              csrf.send(:skip_checking, request).should be_true
+              csrf.send(:skip_checking, request).should be true
             end
           end
         end

data/spec/spec_helper.rb

@@ -1,4 +1,11 @@
 require 'rubygems'
 require 'rspec'
+require 'rspec/collection_matchers'
 
 require 'rack/csrf'
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |c|
+    c.syntax = :should
+  end
+end

metadata

@@ -1,146 +1,158 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: rack_csrf
-version: !ruby/object:Gem::Version 
-  hash: 31
-  prerelease: 
-  segments: 
-  - 2
-  - 4
-  - 0
-  version: 2.4.0
+version: !ruby/object:Gem::Version
+  version: 2.5.0
 platform: ruby
-authors: 
+authors:
 - Emanuele Vicentini
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-02-28 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
-  prerelease: false
-  type: :runtime
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 25
-        segments: 
-        - 0
-        - 9
-        version: "0.9"
-  version_requirements: *id001
+date: 2014-06-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rack
-- !ruby/object:Gem::Dependency 
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
   prerelease: false
-  type: :development
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 1
-        - 0
-        - 0
-        version: 1.0.0
-  version_requirements: *id002
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
   name: bundler
-- !ruby/object:Gem::Dependency 
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :development
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 17
-        segments: 
-        - 1
-        - 1
-        - 1
-        version: 1.1.1
-  version_requirements: *id003
-  name: cucumber
-- !ruby/object:Gem::Dependency 
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cucumber
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
   type: :development
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  version_requirements: *id004
-  name: rack-test
-- !ruby/object:Gem::Dependency 
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 2
-        - 0
-        - 0
-        version: 2.0.0
-  version_requirements: *id005
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
   name: rspec
-- !ruby/object:Gem::Dependency 
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-collection_matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  requirement: &id006 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 2
-        - 4
-        - 2
-        version: 2.4.2
-  version_requirements: *id006
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
   name: rdoc
-- !ruby/object:Gem::Dependency 
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.4.2
+  type: :development
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.4.2
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.5
   type: :development
-  requirement: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  version_requirements: *id007
-  name: jeweler
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.5
 description: Anti-CSRF Rack middleware
-email: emanuele.vicentini@gmail.com
+email:
+- emanuele.vicentini@gmail.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - LICENSE.rdoc
 - README.rdoc
-files: 
-- .rspec
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Changelog.md
 - Gemfile
 - LICENSE.rdoc
 - README.rdoc
 - Rakefile
-- VERSION
 - cucumber.yml
 - examples/camping/Gemfile
 - examples/camping/README.rdoc
@@ -192,47 +204,56 @@ files:
 - features/variation_on_header_name.feature
 - features/variation_on_key_name.feature
 - lib/rack/csrf.rb
-- lib/rack/vendor/securerandom.rb
+- lib/rack/csrf/version.rb
 - rack_csrf.gemspec
 - spec/csrf_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/baldowl/rack_csrf
-licenses: 
+licenses:
 - MIT
+metadata: {}
 post_install_message: 
-rdoc_options: 
-- --line-numbers
-- --inline-source
-- --title
-- Rack::Csrf 2.4.0
-- --main
+rdoc_options:
+- "--line-numbers"
+- "--inline-source"
+- "--title"
+- Rack::Csrf 2.5.0
+- "--main"
 - README.rdoc
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+    - !ruby/object:Gem::Version
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
-rubyforge_project: rackcsrf
-rubygems_version: 1.8.17
+rubyforge_project: 
+rubygems_version: 2.3.0
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Anti-CSRF Rack middleware
-test_files: []
-
+test_files:
+- features/check_only_some_specific_requests.feature
+- features/custom_http_methods.feature
+- features/empty_responses.feature
+- features/inspecting_also_get_requests.feature
+- features/raising_exception.feature
+- features/setup.feature
+- features/skip_if_block_passes.feature
+- features/skip_some_routes.feature
+- features/step_definitions/request_steps.rb
+- features/step_definitions/response_steps.rb
+- features/step_definitions/setup_steps.rb
+- features/support/env.rb
+- features/support/fake_session.rb
+- features/variation_on_field_name.feature
+- features/variation_on_header_name.feature
+- features/variation_on_key_name.feature
+- spec/csrf_spec.rb
+- spec/spec_helper.rb

data/VERSION

@@ -1 +0,0 @@
-2.4.0

data/lib/rack/vendor/securerandom.rb

@@ -1,256 +0,0 @@
-# Library taken from Ruby 1.9 SVN repository on 2009-04-15T10:25Z
-# For copyright and license see http://www.ruby-lang.org
-
-# = Secure random number generator interface.
-#
-# This library is an interface for secure random number generator which is
-# suitable for generating session key in HTTP cookies, etc.
-#
-# It supports following secure random number generators.
-#
-# * openssl
-# * /dev/urandom
-# * Win32
-#
-# == Example
-#
-# # random hexadecimal string.
-# p SecureRandom.hex(10) #=> "52750b30ffbc7de3b362"
-# p SecureRandom.hex(10) #=> "92b15d6c8dc4beb5f559"
-# p SecureRandom.hex(11) #=> "6aca1b5c58e4863e6b81b8"
-# p SecureRandom.hex(12) #=> "94b2fff3e7fd9b9c391a2306"
-# p SecureRandom.hex(13) #=> "39b290146bea6ce975c37cfc23"
-# ...
-#
-# # random base64 string.
-# p SecureRandom.base64(10) #=> "EcmTPZwWRAozdA=="
-# p SecureRandom.base64(10) #=> "9b0nsevdwNuM/w=="
-# p SecureRandom.base64(10) #=> "KO1nIU+p9DKxGg=="
-# p SecureRandom.base64(11) #=> "l7XEiFja+8EKEtY="
-# p SecureRandom.base64(12) #=> "7kJSM/MzBJI+75j8"
-# p SecureRandom.base64(13) #=> "vKLJ0tXBHqQOuIcSIg=="
-# ...
-#
-# # random binary string.
-# p SecureRandom.random_bytes(10) #=> "\016\t{\370g\310pbr\301"
-# p SecureRandom.random_bytes(10) #=> "\323U\030TO\234\357\020\a\337"
-# ...
-
-begin
-  require 'openssl'
-rescue LoadError
-end
-
-module SecureRandom
-  # SecureRandom.random_bytes generates a random binary string.
-  #
-  # The argument n specifies the length of the result string.
-  #
-  # If n is not specified, 16 is assumed.
-  # It may be larger in future.
-  #
-  # The result may contain any byte: "\x00" - "\xff".
-  #
-  #   p SecureRandom.random_bytes #=> "\xD8\\\xE0\xF4\r\xB2\xFC*WM\xFF\x83\x18\xF45\xB6"
-  #   p SecureRandom.random_bytes #=> "m\xDC\xFC/\a\x00Uf\xB2\xB2P\xBD\xFF6S\x97"
-  #
-  # If secure random number generator is not available,
-  # NotImplementedError is raised.
-  def self.random_bytes(n=nil)
-    n ||= 16
-
-    if defined? OpenSSL::Random
-      return OpenSSL::Random.random_bytes(n)
-    end
-
-    if !defined?(@has_urandom) || @has_urandom
-      flags = File::RDONLY
-      flags |= File::NONBLOCK if defined? File::NONBLOCK
-      flags |= File::NOCTTY if defined? File::NOCTTY
-      flags |= File::NOFOLLOW if defined? File::NOFOLLOW
-      begin
-        File.open("/dev/urandom", flags) {|f|
-          unless f.stat.chardev?
-            raise Errno::ENOENT
-          end
-          @has_urandom = true
-          ret = f.readpartial(n)
-          if ret.length != n
-            raise NotImplementedError, "Unexpected partial read from random device"
-          end
-          return ret
-        }
-      rescue Errno::ENOENT
-        @has_urandom = false
-      end
-    end
-
-    if !defined?(@has_win32)
-      begin
-        require 'Win32API'
-
-        crypt_acquire_context = Win32API.new("advapi32", "CryptAcquireContext", 'PPPII', 'L')
-        @crypt_gen_random = Win32API.new("advapi32", "CryptGenRandom", 'LIP', 'L')
-
-        hProvStr = " " * 4
-        prov_rsa_full = 1
-        crypt_verifycontext = 0xF0000000
-
-        if crypt_acquire_context.call(hProvStr, nil, nil, prov_rsa_full, crypt_verifycontext) == 0
-          raise SystemCallError, "CryptAcquireContext failed: #{lastWin32ErrorMessage}"
-        end
-        @hProv, = hProvStr.unpack('L')
-
-        @has_win32 = true
-      rescue LoadError
-        @has_win32 = false
-      end
-    end
-    if @has_win32
-      bytes = " " * n
-      if @crypt_gen_random.call(@hProv, bytes.size, bytes) == 0
-        raise SystemCallError, "CryptGenRandom failed: #{lastWin32ErrorMessage}"
-      end
-      return bytes
-    end
-
-    raise NotImplementedError, "No random device"
-  end
-
-  # SecureRandom.hex generates a random hex string.
-  #
-  # The argument n specifies the length of the random length.
-  # The length of the result string is twice of n.
-  #
-  # If n is not specified, 16 is assumed.
-  # It may be larger in future.
-  #
-  # The result may contain 0-9 and a-f.
-  #
-  #   p SecureRandom.hex #=> "eb693ec8252cd630102fd0d0fb7c3485"
-  #   p SecureRandom.hex #=> "91dc3bfb4de5b11d029d376634589b61"
-  #
-  # If secure random number generator is not available,
-  # NotImplementedError is raised.
-  def self.hex(n=nil)
-    random_bytes(n).unpack("H*")[0]
-  end
-
-  # SecureRandom.base64 generates a random base64 string.
-  #
-  # The argument n specifies the length of the random length.
-  # The length of the result string is about 4/3 of n.
-  #
-  # If n is not specified, 16 is assumed.
-  # It may be larger in future.
-  #
-  # The result may contain A-Z, a-z, 0-9, "+", "/" and "=".
-  #
-  #   p SecureRandom.base64 #=> "/2BuBuLf3+WfSKyQbRcc/A=="
-  #   p SecureRandom.base64 #=> "6BbW0pxO0YENxn38HMUbcQ=="
-  #
-  # If secure random number generator is not available,
-  # NotImplementedError is raised.
-  #
-  # See RFC 3548 for base64.
-  def self.base64(n=nil)
-    [random_bytes(n)].pack("m*").delete("\n")
-  end
-
-  # SecureRandom.urlsafe_base64 generates a random URL-safe base64 string.
-  #
-  # The argument _n_ specifies the length of the random length.
-  # The length of the result string is about 4/3 of _n_.
-  #
-  # If _n_ is not specified, 16 is assumed.
-  # It may be larger in future.
-  #
-  # The boolean argument _padding_ specifies the padding.
-  # If it is false or nil, padding is not generated.
-  # Otherwise padding is generated.
-  # By default, padding is not generated because "=" may be used as a URL delimiter.
-  #
-  # The result may contain A-Z, a-z, 0-9, "-" and "_".
-  # "=" is also used if _padding_ is true.
-  #
-  #   p SecureRandom.urlsafe_base64 #=> "b4GOKm4pOYU_-BOXcrUGDg"
-  #   p SecureRandom.urlsafe_base64 #=> "UZLdOkzop70Ddx-IJR0ABg"
-  #
-  #   p SecureRandom.urlsafe_base64(nil, true) #=> "i0XQ-7gglIsHGV2_BNPrdQ=="
-  #   p SecureRandom.urlsafe_base64(nil, true) #=> "-M8rLhr7JEpJlqFGUMmOxg=="
-  #
-  # If secure random number generator is not available,
-  # NotImplementedError is raised.
-  #
-  # See RFC 3548 for URL-safe base64.
-  def self.urlsafe_base64(n=nil, padding=false)
-    s = [random_bytes(n)].pack("m*")
-    s.delete!("\n")
-    s.tr!("+/", "-_")
-    s.delete!("=") if !padding
-    s
-  end
-
-  # SecureRandom.random_number generates a random number.
-  #
-  # If an positive integer is given as n,
-  # SecureRandom.random_number returns an integer:
-  # 0 <= SecureRandom.random_number(n) < n.
-  #
-  #   p SecureRandom.random_number(100) #=> 15
-  #   p SecureRandom.random_number(100) #=> 88
-  #
-  # If 0 is given or an argument is not given,
-  # SecureRandom.random_number returns an float:
-  # 0.0 <= SecureRandom.random_number() < 1.0.
-  #
-  #   p SecureRandom.random_number #=> 0.596506046187744
-  #   p SecureRandom.random_number #=> 0.350621695741409
-  #
-  def self.random_number(n=0)
-    if 0 < n
-      hex = n.to_s(16)
-      hex = '0' + hex if (hex.length & 1) == 1
-      bin = [hex].pack("H*")
-      mask = bin[0].ord
-      mask |= mask >> 1
-      mask |= mask >> 2
-      mask |= mask >> 4
-      begin
-        rnd = SecureRandom.random_bytes(bin.length)
-        rnd[0] = (rnd[0].ord & mask).chr
-      end until rnd < bin
-      rnd.unpack("H*")[0].hex
-    else
-      # assumption: Float::MANT_DIG <= 64
-      i64 = SecureRandom.random_bytes(8).unpack("Q")[0]
-      Math.ldexp(i64 >> (64-Float::MANT_DIG), -Float::MANT_DIG)
-    end
-  end
-
-  # SecureRandom.uuid generates a v4 random UUID (Universally Unique IDentifier).
-  #
-  #   p SecureRandom.uuid #=> "2d931510-d99f-494a-8c67-87feb05e1594"
-  #   p SecureRandom.uuid #=> "62936e70-1815-439b-bf89-8492855a7e6b"
-  #
-  # See RFC 4122 for UUID.
-  def self.uuid
-    ary = self.random_bytes(16).unpack("NnnnnN")
-    ary[2] = (ary[2] & 0x0fff) | 0x4000
-    ary[3] = (ary[3] & 0x3fff) | 0x8000
-    "%08x-%04x-%04x-%04x-%04x%08x" % ary
-  end
-
-  # Following code is based on David Garamond's GUID library for Ruby.
-  def self.lastWin32ErrorMessage # :nodoc:
-    get_last_error = Win32API.new("kernel32", "GetLastError", '', 'L')
-    format_message = Win32API.new("kernel32", "FormatMessageA", 'LPLLPLPPPPPPPP', 'L')
-    format_message_ignore_inserts = 0x00000200
-    format_message_from_system    = 0x00001000
-
-    code = get_last_error.call
-    msg = "\0" * 1024
-    len = format_message.call(format_message_ignore_inserts + format_message_from_system, 0, code, 0, msg, 1024, nil, nil, nil, nil, nil, nil, nil, nil)
-    msg[0, len].tr("\r", '').chomp
-  end
-end