rack_csrf 2.1.0 → 2.2.0

data/Changelog.md

@@ -1,3 +1,16 @@
+# v2.2.0 (2011-04-12)
+
+* Simplified specs and some Cucumber's steps.
+* Added handling of empty PATH_INFO.
+* Added Gemfiles to the examples. Tweaked the READMEs.
+* Extended API: added shorter aliases for the public methods.
+* Tweaked example groups' names.
+* Added support for PATCH verb.
+* Added license metadata to gemspec via Jeweler's task.
+* Replace lambdas with expect()... RSpec's white magic!
+
+
+
 # v2.1.0 (2010-10-11)
 
 * Tiny improvements to Rakefile.

data/LICENSE.rdoc

@@ -2,7 +2,7 @@
 
 (The MIT License)
 
-Copyright (c) 2009, 2010 Emanuele Vicentini
+Copyright (c) 2009, 2010, 2011 Emanuele Vicentini
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the 'Software'), to deal

data/README.rdoc

@@ -12,11 +12,11 @@ with your preferred Rack-based framework.
 First of all, beyond Rack itself, there is only one prerequisite: you must set
 up your rack with a session middleware, inserted anywhere before Rack::Csrf.
 
-Every POST, PUT and DELETE request will be searched for the anti-forging
-token, randomly generated by Rack::Csrf and stored inside the session. If
-there's a token and it matches with the stored one, then the request is handed
-over to the next rack component; if not, Rack::Csrf immediately replies with
-an empty response.
+Every POST, PUT, DELETE and PATCH request will be searched for the
+anti-forging token, randomly generated by Rack::Csrf and stored inside the
+session. If there's a token and it matches with the stored one, then the
+request is handed over to the next rack component; if not, Rack::Csrf
+immediately replies with an empty response.
 
 I have not tested Rack::Csrf with Rack 0.4.0 or earlier versions, but it could
 possibly work.
@@ -35,15 +35,16 @@ The following options allow you to tweak Rack::Csrf.
   Default value: false.
 
 [<tt>:skip</tt>]
-  By default, Rack::Csrf checks every POST, PUT and DELETE request; passing an
-  array of HTTP method/URL (regular expressions allowed) to this option you
-  can choose what to let pass unchecked:
+  By default, Rack::Csrf checks every POST, PUT, DELETE and PATCH request;
+  passing an array of HTTP method/URL (regular expressions allowed) to this
+  option you can choose what to let pass unchecked:
 
     use Rack::Csrf, :skip => ['POST:/not_checking', 'PUT:/me_too',
-      'DELETE:/cars/.*\.xml']
+      'DELETE:/cars/.*\.xml', 'PATCH:/this/.*/too']
 
   Please, note that the regular expressions are not escaped and it is your
-  duty to write them correctly.
+  duty to write them correctly. Empty PATH_INFO (see Rack's spec for details)
+  is treated as '/' for this check.
 
   Default value: empty.
 
@@ -79,19 +80,19 @@ The ill devised <tt>:browser_only</tt> option could have been used to
 The following class methods try to ease the insertion of the anti-forging
 token.
 
-[<tt>Rack::Csrf.csrf_key</tt>]
+[<tt>Rack::Csrf.csrf_key</tt> (also <tt>Rack::Csrf.key</tt>)]
   Returns the name of the key used to store/retrieve the token from the Rack
   session.
 
-[<tt>Rack::Csrf.csrf_field</tt>]
+[<tt>Rack::Csrf.csrf_field</tt> (also <tt>Rack::Csrf.field</tt>)]
   Returns the name of the field that must be present in the request.
 
-[<tt>Rack::Csrf.csrf_token(env)</tt>]
+[<tt>Rack::Csrf.csrf_token(env)</tt> (also <tt>Rack::Csrf.token(env)</tt>)]
   Given the request's environment, it generates a random token, stuffs it in
   the session and returns it to the caller or simply retrieves the already
   stored one.
 
-[<tt>Rack::Csrf.csrf_tag(env)</tt>]
+[<tt>Rack::Csrf.csrf_tag(env)</tt> (also <tt>Rack::Csrf.tag(env)</tt>)]
   Given the request's environment, it generates a small HTML fragment to
   insert the token in a standard form like an hidden input field with the
   right value already entered for you.
@@ -124,4 +125,5 @@ forgo responsibilities for keeping your application as safe as possible.
 
 == Copyright
 
-Copyright (c) 2009, 2010 Emanuele Vicentini. See LICENSE.rdoc for details.
+Copyright (c) 2009, 2010, 2011 Emanuele Vicentini. See LICENSE.rdoc for
+details.

data/Rakefile

@@ -25,9 +25,10 @@ Jeweler::Tasks.new do |gem|
   gem.name = 'rack_csrf'
   gem.summary = 'Anti-CSRF Rack middleware'
   gem.description = 'Anti-CSRF Rack middleware'
+  gem.license = 'MIT'
+  gem.authors = 'Emanuele Vicentini'
   gem.email = 'emanuele.vicentini@gmail.com'
   gem.homepage = 'http://github.com/baldowl/rack_csrf'
-  gem.authors = ['Emanuele Vicentini']
   gem.rubyforge_project = 'rackcsrf'
   gem.add_dependency 'rack', '>= 0.9'
   gem.add_development_dependency 'cucumber', '>= 0.1.13'

data/VERSION

@@ -1 +1 @@
-2.1.0
+2.2.0

data/examples/camping/Gemfile

@@ -0,0 +1,4 @@
+source 'http://rubygems.org'
+
+gem 'camping', '2.1'
+gem 'markaby', '0.7.1'

data/examples/camping/README.rdoc

@@ -1,10 +1,10 @@
 = How to use Rack::Csrf with Camping
 
 This Camping application has been provided by David Susco. All you need is
-Camping itself and Markaby.
+Camping itself and Markaby, so, assuming you have Bundler installed, run:
 
-    $ sudo gem install camping markaby
-    $ camping -p 3000 app.rb
+    $ bundle install
+    $ bundle exec camping -p 3000 app.rb
 
 The <tt>config.ru</tt> can be used to run the application with any
 Rack-compliant web server.
@@ -13,4 +13,4 @@ Please, note the way Rack::Csrf has been inserted into the stack and the
 position relative to Camping::Session (see Camping's internals for the
 reason).
 
-Tested with Camping 2.1 and Markaby 0.7.1.
+Tested with Camping and Markaby versions listed in the Gemfile.

data/examples/innate/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+
+gem 'innate', '>= 2009.07', '<= 2011.01'

data/examples/innate/README.rdoc

@@ -1,13 +1,13 @@
 = How to use Rack::Csrf with Innate
 
 These are two mini, slightly different, Innate applications. You only need
-Innate to try them.
+Innate to try them, so, assuming you have Bundler installed, run:
 
-    $ sudo gem install manveru-innate --source http://gems.github.com
-    $ ruby start.rb
-    $ ruby start-with-raise.rb
+    $ bundle install
+    $ bundle exec ruby start.rb
+    $ bundle exec ruby start-with-raise.rb
 
-Tested with Innate 2009.07.
+Tested with Innate versions listed in the Gemfile.
 
 Please, note that Innate is, to some extent, the kernel of Ramaze; "upgrading"
 these examples to use Ramaze is left as an exercise to the reader :-)

data/examples/rack/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+
+gem 'rack', '>= 1.0.0', '<= 1.2.2'

data/examples/rack/README.rdoc

@@ -1,10 +1,10 @@
 = How to use Rack::Csrf with Rack
 
 This is a mini Rack application with two slightly different rackup files. You
-only need Rack to try them.
+only need Rack to try them, so, assuming you have Bundler installed, run:
 
-    $ sudo gem install rack
-    $ thin -R config.ru -p 3000 start
-    $ thin -R config-with-raise.ru -p 3000 start
+    $ bundle install
+    $ bundle exec rackup -p 3000 config.ru
+    $ bundle exec rackup -p 3000 config-with-raise.ru
 
-Tested with Rack 1.0.0.
+Tested with Rack versions listed in the Gemfile.

data/examples/sinatra/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+
+gem 'sinatra', '>= 0.9.4', '<= 1.2.1'

data/examples/sinatra/README.rdoc

@@ -1,10 +1,11 @@
 = How to use Rack::Csrf with Sinatra
 
 This is a mini Sinatra application with two slightly different rackup files.
-Beside Rack you only need Sinatra to try them.
+Beside Rack you only need Sinatra to try them, so, assuming you have Bundler
+installed, run:
 
-    $ sudo gem install sinatra
-    $ thin -R config.ru -p 3000 start
-    $ thin -R config-with-raise.ru -p 3000 start
+    $ bundle install
+    $ bundle exec rackup -p 3000 config.ru
+    $ bundle exec rackup -p 3000 config-with-raise.ru
 
-Tested with Sinatra 0.9.4.
+Tested with Sinatra versions listed in the Gemfile.

data/features/empty_responses.feature

@@ -21,6 +21,7 @@ Feature: Handling of the HTTP requests returning an empty response
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |
 
   Scenario Outline: Handling request with the right CSRF token
     Given a rack with the anti-CSRF middleware
@@ -32,6 +33,7 @@ Feature: Handling of the HTTP requests returning an empty response
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |
 
   Scenario Outline: Handling request with the wrong CSRF token
     Given a rack with the anti-CSRF middleware
@@ -44,3 +46,4 @@ Feature: Handling of the HTTP requests returning an empty response
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |

data/features/raising_exception.feature

@@ -16,6 +16,7 @@ Feature: Handling of the HTTP requests raising an exception
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |
 
   Scenario Outline: Handling request with the right CSRF token
     Given a rack with the anti-CSRF middleware and the :raise option
@@ -27,6 +28,7 @@ Feature: Handling of the HTTP requests raising an exception
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |
 
   Scenario Outline: Handling request with the wrong CSRF token
     Given a rack with the anti-CSRF middleware and the :raise option
@@ -39,3 +41,4 @@ Feature: Handling of the HTTP requests raising an exception
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |

data/features/skip_some_routes.feature

@@ -7,6 +7,7 @@ Feature: Skipping the check for some specific routes
       | PUT:/is_wrong        |
       | POST:/not_.*\.json   |
       | DELETE:/cars/.*\.xml |
+      | PATCH:/this/one/too  |
     When it receives a <method> request for <path> without the CSRF token
     Then it lets it pass untouched
 
@@ -17,6 +18,7 @@ Feature: Skipping the check for some specific routes
       | POST   | /not_checking.json              |
       | POST   | /not_again/params/whatever.json |
       | DELETE | /cars/abc123.xml                |
+      | PATCH  | /this/one/too                   |
 
   Scenario Outline: Keep checking the requests for other method/path pairs
     Given a rack with the anti-CSRF middleware and the :skip option
@@ -25,6 +27,7 @@ Feature: Skipping the check for some specific routes
       | PUT:/is_wrong        |
       | POST:/not_.*\.json   |
       | DELETE:/cars/.*\.xml |
+      | PATCH:/this/one/too  |
     When it receives a <method> request for <path> without the CSRF token
     Then it responds with 403
     And the response body is empty
@@ -33,14 +36,39 @@ Feature: Skipping the check for some specific routes
       | method | path                            |
       | PUT    | /not_checking                   |
       | DELETE | /not_checking                   |
+      | PATCH  | /not_checking                   |
       | POST   | /is_wrong                       |
       | DELETE | /is_wrong                       |
+      | PATCH  | /is_wrong                       |
       | POST   | /                               |
       | PUT    | /not                            |
       | POST   | /is                             |
       | PUT    | /not_checking.json              |
       | DELETE | /not_checking.json              |
+      | PATCH  | /not_checking.json              |
       | PUT    | /not_again/params/whatever.json |
       | DELETE | /not_again/params/whatever.json |
+      | PATCH  | /not_again/params/whatever.json |
       | POST   | /cars/abc123.xml                |
       | PUT    | /cars/abc123.xml                |
+      | PATCH  | /cars/abc123.xml                |
+      | POST   | /this/one/too                   |
+      | PUT    | /this/one/too                   |
+      | DELETE | /this/one/too                   |
+
+  Scenario Outline: Handling correctly empty PATH_INFO
+    Given a rack with the anti-CSRF middleware and the :skip option
+      | pair     |
+      | POST:/   |
+      | PUT:/    |
+      | DELETE:/ |
+      | PATCH:/  |
+    When it receives a <method> request with neither PATH_INFO nor CSRF token
+    Then it lets it pass untouched
+
+    Examples:
+      | method |
+      | POST   |
+      | PUT    |
+      | DELETE |
+      | PATCH  |

data/features/step_definitions/request_steps.rb

@@ -6,7 +6,7 @@ end
 # Yes, they're not as DRY as possible, but I think they're more readable than
 # a single step definition with a few captures and more complex checkings.
 
-When /^it receives a (POST|PUT|DELETE) request without the CSRF token$/ do |http_method|
+When /^it receives a (POST|PUT|DELETE|PATCH) request without the CSRF token$/ do |http_method|
   begin
     @browser.request '/', :method => http_method
   rescue Exception => e
@@ -14,7 +14,7 @@ When /^it receives a (POST|PUT|DELETE) request without the CSRF token$/ do |http
   end
 end
 
-When /^it receives a (POST|PUT|DELETE) request for (.+) without the CSRF token$/ do |http_method, path|
+When /^it receives a (POST|PUT|DELETE|PATCH) request for (.+) without the CSRF token$/ do |http_method, path|
   begin
     @browser.request path, :method => http_method
   rescue Exception => e
@@ -22,13 +22,13 @@ When /^it receives a (POST|PUT|DELETE) request for (.+) without the CSRF token$/
   end
 end
 
-When /^it receives a (POST|PUT|DELETE) request with the right CSRF token$/ do |http_method|
+When /^it receives a (POST|PUT|DELETE|PATCH) request with the right CSRF token$/ do |http_method|
   @browser.request '/', :method => http_method,
     'rack.session' => {Rack::Csrf.csrf_key => 'right_token'},
     :params => {Rack::Csrf.csrf_field => 'right_token'}
 end
 
-When /^it receives a (POST|PUT|DELETE) request with the wrong CSRF token$/ do |http_method|
+When /^it receives a (POST|PUT|DELETE|PATCH) request with the wrong CSRF token$/ do |http_method|
   begin
     @browser.request '/', :method => http_method,
       :params => {Rack::Csrf.csrf_field => 'whatever'}
@@ -36,3 +36,11 @@ When /^it receives a (POST|PUT|DELETE) request with the wrong CSRF token$/ do |h
     @exception = e
   end
 end
+
+When /^it receives a (POST|PUT|DELETE|PATCH) request with neither PATH_INFO nor CSRF token$/ do |http_method|
+  begin
+    @browser.request '/doesntmatter', :method => http_method, 'PATH_INFO' => ''
+  rescue Exception => e
+    @exception = e
+  end
+end

data/features/step_definitions/response_steps.rb

@@ -12,10 +12,9 @@ Then /^the response body is empty$/ do
 end
 
 Then /^there is no response$/ do
-  lambda {@browser.last_response}.should raise_error(Rack::Test::Error)
+  expect {@browser.last_response}.to raise_exception(Rack::Test::Error)
 end
 
 Then /^an exception is climbing up the stack$/ do
-  @exception.should_not be_nil
   @exception.should be_an_instance_of(Rack::Csrf::InvalidCsrfToken)
 end

data/features/step_definitions/setup_steps.rb

@@ -37,44 +37,46 @@ end
 
 When /^I insert the anti\-CSRF middleware$/ do
   @rack_builder.use Rack::Csrf
-  toy_app
+  @app = toy_app
   @browser = Rack::Test::Session.new(Rack::MockSession.new(@app))
 end
 
 When /^I insert the anti\-CSRF middleware with the :raise option$/ do
   @rack_builder.use Rack::Csrf, :raise => true
-  toy_app
+  @app = toy_app
   @browser = Rack::Test::Session.new(Rack::MockSession.new(@app))
 end
 
 When /^I insert the anti\-CSRF middleware with the :skip option$/ do |table|
   skippable = table.hashes.collect {|t| t.values}.flatten
   @rack_builder.use Rack::Csrf, :skip => skippable
-  toy_app
+  @app = toy_app
   @browser = Rack::Test::Session.new(Rack::MockSession.new(@app))
 end
 
 When /^I insert the anti\-CSRF middleware with the :field option$/ do
   @rack_builder.use Rack::Csrf, :field => 'fantasy_name'
-  toy_app
+  @app = toy_app
   @browser = Rack::Test::Session.new(Rack::MockSession.new(@app))
 end
 
 When /^I insert the anti\-CSRF middleware with the :key option$/ do
   @rack_builder.use Rack::Csrf, :key => 'fantasy_name'
-  toy_app
+  @app = toy_app
   @browser = Rack::Test::Session.new(Rack::MockSession.new(@app))
 end
 
 Then /^I get a fully functional rack$/ do
-  lambda {Rack::MockRequest.new(@app).get('/')}.should_not raise_error
+  expect {Rack::MockRequest.new(@app).get('/')}.to_not raise_exception
 end
 
 Then /^I get an error message$/ do
-  lambda {Rack::MockRequest.new(@app).get('/')}.should raise_error(Rack::Csrf::SessionUnavailable, 'Rack::Csrf depends on session middleware')
+  expect {Rack::MockRequest.new(@app).get('/')}.to raise_exception(
+    Rack::Csrf::SessionUnavailable,
+    'Rack::Csrf depends on session middleware')
 end
 
 def toy_app
   @rack_builder.run(lambda {|env| Rack::Response.new('Hello world!').finish})
-  @app = @rack_builder.to_app
+  @rack_builder.to_app
 end

data/features/variation_on_field_name.feature

@@ -15,6 +15,7 @@ Feature: Customization of the field name
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |
 
   Scenario Outline: Handling request with the wrong CSRF token in custom field
     Given a rack with the anti-CSRF middleware and the :field option
@@ -27,3 +28,4 @@ Feature: Customization of the field name
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |

data/features/variation_on_key_name.feature

@@ -15,6 +15,7 @@ Feature: Customization of the key name
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |
 
   Scenario Outline: Handling request with the wrong CSRF token stored in custom key
     Given a rack with the anti-CSRF middleware and the :key option
@@ -27,3 +28,4 @@ Feature: Customization of the key name
       | POST   |
       | PUT    |
       | DELETE |
+      | PATCH  |

data/lib/rack/csrf.rb

@@ -21,7 +21,7 @@ module Rack
       @@field = opts[:field] if opts[:field]
       @@key = opts[:key] if opts[:key]
 
-      @http_verbs = %w(POST PUT DELETE)
+      @http_verbs = %w(POST PUT DELETE PATCH)
     end
 
     def call(env)
@@ -57,11 +57,19 @@ module Rack
       %Q(<input type="hidden" name="#{csrf_field}" value="#{csrf_token(env)}" />)
     end
 
+    class << self
+      alias_method :key, :csrf_key
+      alias_method :field, :csrf_field
+      alias_method :token, :csrf_token
+      alias_method :tag, :csrf_tag
+    end
+
     protected
 
     def skip_checking request
+      pi = request.path_info.empty? ? '/' : request.path_info
       @skippable.any? do |route|
-        route =~ (request.request_method + ':' + request.path_info)
+        route =~ (request.request_method + ':' + pi)
       end
     end
   end

data/rack_csrf.gemspec

@@ -1,76 +1,80 @@
 # Generated by jeweler
 # DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
   s.name = %q{rack_csrf}
-  s.version = "2.1.0"
+  s.version = "2.2.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Emanuele Vicentini"]
-  s.date = %q{2010-10-11}
+  s.date = %q{2011-04-12}
   s.description = %q{Anti-CSRF Rack middleware}
   s.email = %q{emanuele.vicentini@gmail.com}
   s.extra_rdoc_files = [
     "LICENSE.rdoc",
-     "README.rdoc"
+    "README.rdoc"
   ]
   s.files = [
     ".rspec",
-     "Changelog.md",
-     "LICENSE.rdoc",
-     "README.rdoc",
-     "Rakefile",
-     "VERSION",
-     "cucumber.yml",
-     "examples/camping/README.rdoc",
-     "examples/camping/app.rb",
-     "examples/camping/config.ru",
-     "examples/innate/README.rdoc",
-     "examples/innate/app.rb",
-     "examples/innate/start-with-raise.rb",
-     "examples/innate/start.rb",
-     "examples/innate/view/index.erb",
-     "examples/innate/view/notworking.erb",
-     "examples/innate/view/response.erb",
-     "examples/rack/README.rdoc",
-     "examples/rack/app.rb",
-     "examples/rack/config-with-raise.ru",
-     "examples/rack/config.ru",
-     "examples/sinatra/README.rdoc",
-     "examples/sinatra/app.rb",
-     "examples/sinatra/config-with-raise.ru",
-     "examples/sinatra/config.ru",
-     "examples/sinatra/views/form.erb",
-     "examples/sinatra/views/form_not_working.erb",
-     "examples/sinatra/views/response.erb",
-     "features/empty_responses.feature",
-     "features/raising_exception.feature",
-     "features/setup.feature",
-     "features/skip_some_routes.feature",
-     "features/step_definitions/request_steps.rb",
-     "features/step_definitions/response_steps.rb",
-     "features/step_definitions/setup_steps.rb",
-     "features/support/env.rb",
-     "features/support/fake_session.rb",
-     "features/variation_on_field_name.feature",
-     "features/variation_on_key_name.feature",
-     "lib/rack/csrf.rb",
-     "lib/rack/vendor/securerandom.rb",
-     "rack_csrf.gemspec",
-     "spec/csrf_spec.rb",
-     "spec/spec_helper.rb"
+    "Changelog.md",
+    "LICENSE.rdoc",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "cucumber.yml",
+    "examples/camping/Gemfile",
+    "examples/camping/README.rdoc",
+    "examples/camping/app.rb",
+    "examples/camping/config.ru",
+    "examples/innate/Gemfile",
+    "examples/innate/README.rdoc",
+    "examples/innate/app.rb",
+    "examples/innate/start-with-raise.rb",
+    "examples/innate/start.rb",
+    "examples/innate/view/index.erb",
+    "examples/innate/view/notworking.erb",
+    "examples/innate/view/response.erb",
+    "examples/rack/Gemfile",
+    "examples/rack/README.rdoc",
+    "examples/rack/app.rb",
+    "examples/rack/config-with-raise.ru",
+    "examples/rack/config.ru",
+    "examples/sinatra/Gemfile",
+    "examples/sinatra/README.rdoc",
+    "examples/sinatra/app.rb",
+    "examples/sinatra/config-with-raise.ru",
+    "examples/sinatra/config.ru",
+    "examples/sinatra/views/form.erb",
+    "examples/sinatra/views/form_not_working.erb",
+    "examples/sinatra/views/response.erb",
+    "features/empty_responses.feature",
+    "features/raising_exception.feature",
+    "features/setup.feature",
+    "features/skip_some_routes.feature",
+    "features/step_definitions/request_steps.rb",
+    "features/step_definitions/response_steps.rb",
+    "features/step_definitions/setup_steps.rb",
+    "features/support/env.rb",
+    "features/support/fake_session.rb",
+    "features/variation_on_field_name.feature",
+    "features/variation_on_key_name.feature",
+    "lib/rack/csrf.rb",
+    "lib/rack/vendor/securerandom.rb",
+    "rack_csrf.gemspec",
+    "spec/csrf_spec.rb",
+    "spec/spec_helper.rb"
   ]
   s.homepage = %q{http://github.com/baldowl/rack_csrf}
-  s.rdoc_options = ["--charset=UTF-8", "--line-numbers", "--inline-source", "--title", "Rack::Csrf 2.1.0", "--main", "README.rdoc"]
+  s.licenses = ["MIT"]
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Rack::Csrf 2.2.0", "--main", "README.rdoc"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{rackcsrf}
-  s.rubygems_version = %q{1.3.7}
+  s.rubygems_version = %q{1.7.2}
   s.summary = %q{Anti-CSRF Rack middleware}
 
   if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then

data/spec/csrf_spec.rb

@@ -1,7 +1,7 @@
 require File.join(File.dirname(__FILE__), 'spec_helper.rb')
 
 describe Rack::Csrf do
-  describe '#csrf_key' do
+  describe 'csrf_key' do
     it "should be 'csrf.token' by default" do
       Rack::Csrf.csrf_key.should == 'csrf.token'
     end
@@ -13,7 +13,13 @@ describe Rack::Csrf do
     end
   end
 
-  describe '#csrf_field' do
+  describe 'key' do
+    it 'should be the same as csrf_key' do
+      Rack::Csrf.method(:key).should == Rack::Csrf.method(:csrf_key)
+    end
+  end
+
+  describe 'csrf_field' do
     it "should be '_csrf' by default" do
       Rack::Csrf.csrf_field.should == '_csrf'
     end
@@ -25,7 +31,13 @@ describe Rack::Csrf do
     end
   end
 
-  describe '#csrf_token' do
+  describe 'field' do
+    it 'should be the same as csrf_field' do
+      Rack::Csrf.method(:field).should == Rack::Csrf.method(:csrf_field)
+    end
+  end
+
+  describe 'csrf_token(env)' do
     let(:env) { {'rack.session' => {}} }
 
     specify {Rack::Csrf.csrf_token(env).should have_at_least(32).characters}
@@ -39,7 +51,6 @@ describe Rack::Csrf do
       it 'should use the key provided by csrf_key' do
         env['rack.session'].should be_empty
         Rack::Csrf.csrf_token env
-        env['rack.session'].should_not be_empty
         env['rack.session'][Rack::Csrf.csrf_key].should_not be_nil
       end
     end
@@ -48,8 +59,6 @@ describe Rack::Csrf do
       it 'should store the token inside the session' do
         env['rack.session'].should be_empty
         csrf_token = Rack::Csrf.csrf_token(env)
-        env['rack.session'].should_not be_empty
-        env['rack.session'][Rack::Csrf.csrf_key].should_not be_nil
         csrf_token.should == env['rack.session'][Rack::Csrf.csrf_key]
       end
     end
@@ -60,13 +69,18 @@ describe Rack::Csrf do
       end
 
       it 'should get the token from the session' do
-        env['rack.session'].should_not be_empty
         env['rack.session'][Rack::Csrf.csrf_key].should == Rack::Csrf.csrf_token(env)
       end
     end
   end
 
-  describe '#csrf_tag' do
+  describe 'token(env)' do
+    it 'should be the same as csrf_token(env)' do
+      Rack::Csrf.method(:token).should == Rack::Csrf.method(:csrf_token)
+    end
+  end
+
+  describe 'csrf_tag(env)' do
     let(:env) { {'rack.session' => {}} }
 
     let :tag do
@@ -92,4 +106,10 @@ describe Rack::Csrf do
       tag.should =~ /#{quoted_value}/
     end
   end
+
+  describe 'tag(env)' do
+    it 'should be the same as csrf_tag(env)' do
+      Rack::Csrf.method(:tag).should == Rack::Csrf.method(:csrf_tag)
+    end
+  end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rack_csrf
 version: !ruby/object:Gem::Version 
-  hash: 11
-  prerelease: false
+  hash: 7
+  prerelease: 
   segments: 
   - 2
-  - 1
+  - 2
   - 0
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors: 
 - Emanuele Vicentini
@@ -15,8 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-11 00:00:00 +02:00
-default_executable: 
+date: 2011-04-12 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rack
@@ -96,9 +95,11 @@ files:
 - Rakefile
 - VERSION
 - cucumber.yml
+- examples/camping/Gemfile
 - examples/camping/README.rdoc
 - examples/camping/app.rb
 - examples/camping/config.ru
+- examples/innate/Gemfile
 - examples/innate/README.rdoc
 - examples/innate/app.rb
 - examples/innate/start-with-raise.rb
@@ -106,10 +107,12 @@ files:
 - examples/innate/view/index.erb
 - examples/innate/view/notworking.erb
 - examples/innate/view/response.erb
+- examples/rack/Gemfile
 - examples/rack/README.rdoc
 - examples/rack/app.rb
 - examples/rack/config-with-raise.ru
 - examples/rack/config.ru
+- examples/sinatra/Gemfile
 - examples/sinatra/README.rdoc
 - examples/sinatra/app.rb
 - examples/sinatra/config-with-raise.ru
@@ -133,17 +136,15 @@ files:
 - rack_csrf.gemspec
 - spec/csrf_spec.rb
 - spec/spec_helper.rb
-has_rdoc: true
 homepage: http://github.com/baldowl/rack_csrf
-licenses: []
-
+licenses: 
+- MIT
 post_install_message: 
 rdoc_options: 
-- --charset=UTF-8
 - --line-numbers
 - --inline-source
 - --title
-- Rack::Csrf 2.1.0
+- Rack::Csrf 2.2.0
 - --main
 - README.rdoc
 require_paths: 
@@ -169,7 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: rackcsrf
-rubygems_version: 1.3.7
+rubygems_version: 1.7.2
 signing_key: 
 specification_version: 3
 summary: Anti-CSRF Rack middleware