roda 2.25.0 → 2.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8a70fe0e0ab208cb5ca42d42d60633e1c03ec77a
-  data.tar.gz: 5aedc804b0e884c1a05d87d325bf4c28e4798c6c
+  metadata.gz: 4ac08181ea0c35fe056de0d73654c46acd01a541
+  data.tar.gz: bafe66a0feb7e5b3e4d461f8eb05fd3762ccf730
 SHA512:
-  metadata.gz: c9ea6a8f1ea687572e874af5d6ff92a06617bc7881d1337a307b64f63c125912e836a577944f156da1c340a8b11eecf78cf780bcef42be122d29fe3887f8f457
-  data.tar.gz: 6ef1c484659735450a053f3f3d5dddf7bc4f65c78bfe52e54d1930529938f3a99c8810c2b0ea69846fc11cb757727f9dbe2df43ae90aae60af1c5d0bac75a893
+  metadata.gz: '01974a864d4ba36f2173c6a166405f77359a8329e8ae8a7eba65ad1b28549377c52ca50fc4e61f61a828c2323fb5bb1d2dc80bcdb555449117c227144f8d3160'
+  data.tar.gz: bfec42253904890e2ba6104f9d07b47eae8a3ade1cb45e43f36f5def8280219bce70baec7322545e4040195d5d946ec8038002e6e73edfe15e18c48151d261bb

data/CHANGELOG

@@ -1,3 +1,9 @@
+= 2.26.0 (2017-05-16)
+
+* Support :skip_middleware option to csrf plugin to add only the methods and not add the middleware (luciusgone) (#118)
+
+* Handle multiple types with matching suffixes in the type_routing plugin (e.g. tar.gz and gz) (tomdalling) (#117)
+
 = 2.25.0 (2017-04-18)
 
 * Add error_mail plugin, similar to error_email but using mail instead of net/smtp directly (jeremyevans)

data/doc/release_notes/2.26.0.txt

@@ -0,0 +1,13 @@
+= New Features
+
+* The csrf plugin now supports a :skip_middleware option, which adds
+  the methods without adding the middleware.  This is designed for
+  cases where you are using multiple rack apps, where the rack_csrf
+  middleware is loaded in an earlier rack app, and you want to avoid
+  the duplicate CSRF checks.
+
+= Other Improvements
+
+* The type_routing plugin now supports using multiple extensions
+  where one extension is a suffix of another extension, such as
+  using gz and tar.gz.

data/lib/roda/plugins/csrf.rb

@@ -10,6 +10,11 @@ class Roda
     #
     #   plugin :csrf, :raise=>true
     #
+    # Optionally you can choose not to setup rack_csrf middleware on the
+    # roda app if you already have one configured:
+    #
+    #   plugin :csrf, :skip_middleware=>true
+    #
     # This adds the following instance methods:
     #
     # csrf_field :: The field name to use for the hidden/meta csrf tag.
@@ -26,6 +31,7 @@ class Roda
 
       # Load the Rack::Csrf middleware into the app with the given options.
       def self.configure(app, opts={})
+        return if opts[:skip_middleware]
         app.instance_exec do
           @middleware.each do |(mid, *rest), _|
             if mid.equal?(CSRF)

data/lib/roda/plugins/mailer.rb

@@ -240,7 +240,7 @@ class Roda
 
         # Delay adding a file to the message until after the message body has been set.
         # If a block is given, the block is called after the file has been added, and you
-        # can access the attachment via <tt>response.mail.attachments.last</tt>.
+        # can access the attachment via <tt>response.mail_attachments.last</tt>.
         def add_file(*a, &block)
           response.mail_attachments << [a, block]
           nil

data/lib/roda/plugins/type_routing.rb

@@ -130,7 +130,7 @@ class Roda
         mimes.freeze
 
         type_keys = config[:types].keys
-        config[:extension_regexp] = /(.+)\.(#{Regexp.union(type_keys.map(&:to_s))})\z/
+        config[:extension_regexp] = /(.+?)\.(#{Regexp.union(type_keys.map(&:to_s))})\z/
 
         type_keys.each do |type|
           app::RodaRequest.send(:define_method, type) do |&block|

data/lib/roda/version.rb

@@ -4,7 +4,7 @@ class Roda
   RodaMajorVersion = 2
 
   # The minor version of Roda, updated for new feature releases of Roda.
-  RodaMinorVersion = 25
+  RodaMinorVersion = 26
 
   # The patch version of Roda, updated only for bug fixes from the last
   # feature release.

data/spec/plugin/content_for_spec.rb

@@ -87,8 +87,8 @@ describe "content_for plugin with haml" do
   end
 
   it "should work with alternate rendering engines" do
-    body.strip.must_equal "bar\nfoo"
-    body('/a').strip.must_equal "bar\nfoo"
+    body.strip.sub(/\n+/, "\n").must_equal "bar\nfoo"
+    body('/a').strip.sub(/\n+/, "\n").must_equal "bar\nfoo"
   end
 end
 

data/spec/plugin/csrf_spec.rb

@@ -48,5 +48,64 @@ describe "csrf plugin" do
     app.plugin :csrf
     body('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'bar'
   end
+
+  it "can optionally skip setting up the middleware" do
+    sub_app = Class.new(Roda)
+    sub_app.class_eval do
+      plugin :csrf, :skip_middleware=>true
+
+      route do |r|
+        r.get do
+          response['TAG'] = csrf_tag
+          response['METATAG'] = csrf_metatag
+          response['TOKEN'] = csrf_token
+          response['FIELD'] = csrf_field
+          response['HEADER'] = csrf_header
+          'g'
+        end
+        r.post 'bar' do
+          'foobar'
+        end
+        r.post do
+          'p'
+        end
+      end
+    end
+
+    app(:bare) do
+      use Rack::Session::Cookie, :secret=>'1'
+      plugin :csrf, :skip=>['POST:/foo/bar']
+
+      route do |r|
+        r.on 'foo' do
+          r.run sub_app
+        end
+      end
+    end
+
+    io = StringIO.new
+    status('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 403
+    body('/foo/bar', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'foobar'
+
+    env = proc{|h| h['Set-Cookie'] ? {'HTTP_COOKIE'=>h['Set-Cookie'].sub("; path=/; HttpOnly", '')} : {}}
+    s, h, b = req('/foo')
+    s.must_equal 200
+    field = h['FIELD']
+    token = Regexp.escape(h['TOKEN'])
+    h['TAG'].must_match(/\A<input type="hidden" name="#{field}" value="#{token}" \/>\z/)
+    h['METATAG'].must_match(/\A<meta name="#{field}" content="#{token}" \/>\z/)
+    b.must_equal ['g']
+    s, _, b = req('/foo', env[h].merge('REQUEST_METHOD'=>'POST', 'rack.input'=>io, "HTTP_#{h['HEADER']}"=>h['TOKEN']))
+    s.must_equal 200
+    b.must_equal ['p']
+
+    sub_app.plugin :csrf, :skip_middleware=>true
+    body('/foo/bar', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'foobar'
+
+    @app = sub_app
+    s, _, b = req('/bar', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io)
+    s.must_equal 200
+    b.must_equal ['foobar']
+  end
 end
 end

data/spec/plugin/type_routing_spec.rb

@@ -292,4 +292,25 @@ describe "type_routing plugin" do
 
     body('/a.html').must_equal '.html'
   end
+
+  it "takes the longest file extension first, when ambiguous" do
+    app(:bare) do
+      plugin :type_routing, :types => {
+        :gz => 'application/octet-stream',
+        :'tar.gz' => 'application/octet-stream',
+      }
+
+      route do |r|
+        r.is 'a' do
+          r.on_type(:gz) { 'GZ' }
+          r.on_type(:'tar.gz') { 'TAR.GZ' }
+          "NO"
+        end
+      end
+    end
+
+    body('/a').must_equal "NO"
+    body('/a.gz').must_equal 'GZ'
+    body('/a.tar.gz').must_equal 'TAR.GZ'
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roda
 version: !ruby/object:Gem::Version
-  version: 2.25.0
+  version: 2.26.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-18 00:00:00.000000000 Z
+date: 2017-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -205,6 +205,7 @@ extra_rdoc_files:
 - doc/release_notes/2.23.0.txt
 - doc/release_notes/2.24.0.txt
 - doc/release_notes/2.25.0.txt
+- doc/release_notes/2.26.0.txt
 files:
 - CHANGELOG
 - MIT-LICENSE
@@ -234,6 +235,7 @@ files:
 - doc/release_notes/2.23.0.txt
 - doc/release_notes/2.24.0.txt
 - doc/release_notes/2.25.0.txt
+- doc/release_notes/2.26.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt