rails-auth 0.5.2 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +6 -0
  3. data/lib/rails/auth/acl/resource.rb +3 -2
  4. data/lib/rails/auth/version.rb +1 -1
  5. data/spec/rails/auth/acl/resource_spec.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 859d0073cd6debe3a360ae76e53e1776515fed4f
4
- data.tar.gz: 94af3585ac7dec94d5f1c4abe30e71abadcb1a0c
3
+ metadata.gz: 342d0a06b03a2d2baf6208c62ca0640a76a863c5
4
+ data.tar.gz: c3f50f64a4897170496c74b2d9769dee3b1a53ff
5
5
  SHA512:
6
- metadata.gz: 9e1524d42f7431b3bc348ca4f31cafc4adbd0ae21fc7cd10545449d7bc8b383ba7eadd84d53be205c7aa06683d3002a25de294699edd58d60326ca8cc550d758
7
- data.tar.gz: 2272cf19faa31c19dfede2f602752e873c126d09a4dc31773e18a63ba963f0e3d2c42efe789e23d24a5ea5f7e6b7de0ce2abfbaa5fbd2b51b451d86afb80a119
6
+ metadata.gz: b77b9de690846b7aeb69d2a966df81679536a47ce743803397e4e4d644804493ac36a8cb5ef8530f48a4a6d51014b66bcb24dd7994baec8f60bf5b40a7797ab5
7
+ data.tar.gz: e9dbee7122a450b03a1a8a475534dbdd250ce6ff5560636ee551b8fd0a9dc5b334618c3189229c4a0bf5214c486576b173fa21ae9230bbb5a09f70aac01fd04e
data/CHANGES.md CHANGED
@@ -1,3 +1,9 @@
1
+ ### 0.5.3 (2016-04-28)
2
+
3
+ * [#22](https://github.com/square/rails-auth/pull/22)
4
+ Use explicit HTTP_METHODS whitelist when 'ALL' method is used.
5
+ ([@tarcieri])
6
+
1
7
  ### 0.5.2 (2016-04-27)
2
8
 
3
9
  * [#21](https://github.com/square/rails-auth/pull/21)
data/lib/rails/auth/acl/resource.rb CHANGED
@@ -57,7 +57,7 @@ module Rails
57
57
  # @return [Boolean] method and path *only* match the given environment
58
58
  #
59
59
  def match!(env)
60
- return false unless @http_methods.nil? || @http_methods.include?(env["REQUEST_METHOD".freeze])
60
+ return false unless @http_methods.include?(env["REQUEST_METHOD".freeze])
61
61
  return false unless @path =~ env["PATH_INFO".freeze]
62
62
  return false unless @host.nil? || @host =~ env["HTTP_HOST".freeze]
63
63
  true
@@ -68,7 +68,8 @@ module Rails
68
68
  def extract_methods(methods)
69
69
  methods = Array(methods)
70
70
 
71
- return nil if methods.include?("ALL")
71
+ return HTTP_METHODS if methods == ["ALL"]
72
+ raise ParseError, "method 'ALL' cannot be used with other methods" if methods.include?("ALL")
72
73
 
73
74
  methods.each do |method|
74
75
  raise ParseError, "invalid HTTP method: #{method}" unless HTTP_METHODS.include?(method)
data/lib/rails/auth/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
  module Rails
4
4
  # Pluggable authentication and authorization for Rack/Rails
5
5
  module Auth
6
- VERSION = "0.5.2".freeze
6
+ VERSION = "0.5.3".freeze
7
7
  end
8
8
  end
data/spec/rails/auth/acl/resource_spec.rb CHANGED
@@ -30,7 +30,7 @@ RSpec.describe Rails::Auth::ACL::Resource do
30
30
  {}
31
31
  )
32
32
 
33
- expect(resource.http_methods).to eq nil
33
+ expect(resource.http_methods).to eq Rails::Auth::ACL::Resource::HTTP_METHODS
34
34
  end
35
35
 
36
36
  context "errors" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.2
4
+ version: 0.5.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Arcieri
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-04-28 00:00:00.000000000 Z
11
+ date: 2016-04-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack