RubyGems - rails-auth - Versions diffs - 2.1.2 → 2.1.3 - Mend

rails-auth 2.1.2 → 2.1.3

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 53175b906593724848fe6edf409ec1ae4587be25
-  data.tar.gz: 22fc25df91e79d8fa2930644ca29db47c3f7270a
+  metadata.gz: 04accd9068297df63d222180e00d66bb5a3cdc24
+  data.tar.gz: 36dba8c9eee4957f1defe679ae9d98ceba53393f
 SHA512:
-  metadata.gz: b25632b4984227bce11e227e4842595b7be966819876c3a2dc0d67f05b77b65e76917b788dc179b1c4aa7a4473766aab2d43de0e3958d98ed33f97877bc9796a
-  data.tar.gz: 0c584823d4fa31db393742b56a1511a9c7628caf01d6773c6b98a72491e7f6a731cd77b6245031db409f275adf840d987eaa57242c19cd8b63754d9e32614d18
+  metadata.gz: 790da2f08086cee1fd8719fff050e18e7cfc1301fb12483c327d117c0875bdc945fe404d7040a184f28dd69c352803b525acd720f94b8f7920f550776d950371
+  data.tar.gz: 4f6d90c4d94195cc5b42cd0f783d64168aa045178bea6ac6e646cbf80e221bc0668a9400358271449e570fe8358592ae7ae2d84897771da583c2a45592325426

data/CHANGES.md CHANGED

@@ -1,3 +1,9 @@
+### 2.1.3 (2017-08-04)
+* [#44](https://github.com/square/rails-auth/pull/44)
+  Normalize abnormal whitespace in PEM certificates for Passenger 5.
+  ([@drcapulet])
 ### 2.1.2 (2017-01-27)
 * [#42](https://github.com/square/rails-auth/pull/42)

data/lib/rails/auth/version.rb CHANGED

@@ -3,6 +3,6 @@
 module Rails
   # Pluggable authentication and authorization for Rack/Rails
   module Auth
-    VERSION = "2.1.2".freeze
+    VERSION = "2.1.3".freeze
   end
 end

@@ -5,7 +5,14 @@ module Rails
         # Extract OpenSSL::X509::Certificates from Privacy Enhanced Mail (PEM) certificates
         class Pem
           def call(pem)
-            OpenSSL::X509::Certificate.new(pem.delete("\t")).freeze
+            # Normalize the whitespace in the certificate to the exact format
+            # certificates are normally formatted in otherwise parsing with fail
+            # with a 'nested asn1 error'. split(" ") handles sequential whitespace
+            # characters like \t, \n, and space.
+            OpenSSL::X509::Certificate.new(pem.split(" ").instance_eval do
+              [[self[0], self[1]].join(" "), self[2...-2], [self[-2], self[-1]].join(" ")]
+                .flatten.join("\n")
+            end).freeze
           end
         end
       end

@@ -33,6 +33,13 @@ RSpec.describe Rails::Auth::X509::Middleware do
         _response, env = middleware.call(request.merge(example_key => bad_cert_pem))
         expect(Rails::Auth.credentials(env)).to be_empty
       end
+      it "normalizes abnormal whitespace" do
+        _response, env = middleware.call(request.merge(example_key => valid_cert_pem.tr("\n", "\t")))
+        credential = Rails::Auth.credentials(env).fetch("x509")
+        expect(credential).to be_a Rails::Auth::X509::Certificate
+      end
     end
     # :nocov:

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails-auth
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.1.3
 platform: ruby
 authors:
 - Tony Arcieri
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-01-27 00:00:00.000000000 Z
+date: 2017-08-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.8
+rubygems_version: 2.6.11
 signing_key:
 specification_version: 4
 summary: Modular resource-oriented authentication and authorization for Rails/Rack