roda 2.25.0 → 2.26.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +6 -0
- data/doc/release_notes/2.26.0.txt +13 -0
- data/lib/roda/plugins/csrf.rb +6 -0
- data/lib/roda/plugins/mailer.rb +1 -1
- data/lib/roda/plugins/type_routing.rb +1 -1
- data/lib/roda/version.rb +1 -1
- data/spec/plugin/content_for_spec.rb +2 -2
- data/spec/plugin/csrf_spec.rb +59 -0
- data/spec/plugin/type_routing_spec.rb +21 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4ac08181ea0c35fe056de0d73654c46acd01a541
|
4
|
+
data.tar.gz: bafe66a0feb7e5b3e4d461f8eb05fd3762ccf730
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '01974a864d4ba36f2173c6a166405f77359a8329e8ae8a7eba65ad1b28549377c52ca50fc4e61f61a828c2323fb5bb1d2dc80bcdb555449117c227144f8d3160'
|
7
|
+
data.tar.gz: bfec42253904890e2ba6104f9d07b47eae8a3ade1cb45e43f36f5def8280219bce70baec7322545e4040195d5d946ec8038002e6e73edfe15e18c48151d261bb
|
data/CHANGELOG
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
= 2.26.0 (2017-05-16)
|
2
|
+
|
3
|
+
* Support :skip_middleware option to csrf plugin to add only the methods and not add the middleware (luciusgone) (#118)
|
4
|
+
|
5
|
+
* Handle multiple types with matching suffixes in the type_routing plugin (e.g. tar.gz and gz) (tomdalling) (#117)
|
6
|
+
|
1
7
|
= 2.25.0 (2017-04-18)
|
2
8
|
|
3
9
|
* Add error_mail plugin, similar to error_email but using mail instead of net/smtp directly (jeremyevans)
|
@@ -0,0 +1,13 @@
|
|
1
|
+
= New Features
|
2
|
+
|
3
|
+
* The csrf plugin now supports a :skip_middleware option, which adds
|
4
|
+
the methods without adding the middleware. This is designed for
|
5
|
+
cases where you are using multiple rack apps, where the rack_csrf
|
6
|
+
middleware is loaded in an earlier rack app, and you want to avoid
|
7
|
+
the duplicate CSRF checks.
|
8
|
+
|
9
|
+
= Other Improvements
|
10
|
+
|
11
|
+
* The type_routing plugin now supports using multiple extensions
|
12
|
+
where one extension is a suffix of another extension, such as
|
13
|
+
using gz and tar.gz.
|
data/lib/roda/plugins/csrf.rb
CHANGED
@@ -10,6 +10,11 @@ class Roda
|
|
10
10
|
#
|
11
11
|
# plugin :csrf, :raise=>true
|
12
12
|
#
|
13
|
+
# Optionally you can choose not to setup rack_csrf middleware on the
|
14
|
+
# roda app if you already have one configured:
|
15
|
+
#
|
16
|
+
# plugin :csrf, :skip_middleware=>true
|
17
|
+
#
|
13
18
|
# This adds the following instance methods:
|
14
19
|
#
|
15
20
|
# csrf_field :: The field name to use for the hidden/meta csrf tag.
|
@@ -26,6 +31,7 @@ class Roda
|
|
26
31
|
|
27
32
|
# Load the Rack::Csrf middleware into the app with the given options.
|
28
33
|
def self.configure(app, opts={})
|
34
|
+
return if opts[:skip_middleware]
|
29
35
|
app.instance_exec do
|
30
36
|
@middleware.each do |(mid, *rest), _|
|
31
37
|
if mid.equal?(CSRF)
|
data/lib/roda/plugins/mailer.rb
CHANGED
@@ -240,7 +240,7 @@ class Roda
|
|
240
240
|
|
241
241
|
# Delay adding a file to the message until after the message body has been set.
|
242
242
|
# If a block is given, the block is called after the file has been added, and you
|
243
|
-
# can access the attachment via <tt>response.
|
243
|
+
# can access the attachment via <tt>response.mail_attachments.last</tt>.
|
244
244
|
def add_file(*a, &block)
|
245
245
|
response.mail_attachments << [a, block]
|
246
246
|
nil
|
@@ -130,7 +130,7 @@ class Roda
|
|
130
130
|
mimes.freeze
|
131
131
|
|
132
132
|
type_keys = config[:types].keys
|
133
|
-
config[:extension_regexp] = /(
|
133
|
+
config[:extension_regexp] = /(.+?)\.(#{Regexp.union(type_keys.map(&:to_s))})\z/
|
134
134
|
|
135
135
|
type_keys.each do |type|
|
136
136
|
app::RodaRequest.send(:define_method, type) do |&block|
|
data/lib/roda/version.rb
CHANGED
@@ -87,8 +87,8 @@ describe "content_for plugin with haml" do
|
|
87
87
|
end
|
88
88
|
|
89
89
|
it "should work with alternate rendering engines" do
|
90
|
-
body.strip.must_equal "bar\nfoo"
|
91
|
-
body('/a').strip.must_equal "bar\nfoo"
|
90
|
+
body.strip.sub(/\n+/, "\n").must_equal "bar\nfoo"
|
91
|
+
body('/a').strip.sub(/\n+/, "\n").must_equal "bar\nfoo"
|
92
92
|
end
|
93
93
|
end
|
94
94
|
|
data/spec/plugin/csrf_spec.rb
CHANGED
@@ -48,5 +48,64 @@ describe "csrf plugin" do
|
|
48
48
|
app.plugin :csrf
|
49
49
|
body('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'bar'
|
50
50
|
end
|
51
|
+
|
52
|
+
it "can optionally skip setting up the middleware" do
|
53
|
+
sub_app = Class.new(Roda)
|
54
|
+
sub_app.class_eval do
|
55
|
+
plugin :csrf, :skip_middleware=>true
|
56
|
+
|
57
|
+
route do |r|
|
58
|
+
r.get do
|
59
|
+
response['TAG'] = csrf_tag
|
60
|
+
response['METATAG'] = csrf_metatag
|
61
|
+
response['TOKEN'] = csrf_token
|
62
|
+
response['FIELD'] = csrf_field
|
63
|
+
response['HEADER'] = csrf_header
|
64
|
+
'g'
|
65
|
+
end
|
66
|
+
r.post 'bar' do
|
67
|
+
'foobar'
|
68
|
+
end
|
69
|
+
r.post do
|
70
|
+
'p'
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
app(:bare) do
|
76
|
+
use Rack::Session::Cookie, :secret=>'1'
|
77
|
+
plugin :csrf, :skip=>['POST:/foo/bar']
|
78
|
+
|
79
|
+
route do |r|
|
80
|
+
r.on 'foo' do
|
81
|
+
r.run sub_app
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
io = StringIO.new
|
87
|
+
status('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 403
|
88
|
+
body('/foo/bar', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'foobar'
|
89
|
+
|
90
|
+
env = proc{|h| h['Set-Cookie'] ? {'HTTP_COOKIE'=>h['Set-Cookie'].sub("; path=/; HttpOnly", '')} : {}}
|
91
|
+
s, h, b = req('/foo')
|
92
|
+
s.must_equal 200
|
93
|
+
field = h['FIELD']
|
94
|
+
token = Regexp.escape(h['TOKEN'])
|
95
|
+
h['TAG'].must_match(/\A<input type="hidden" name="#{field}" value="#{token}" \/>\z/)
|
96
|
+
h['METATAG'].must_match(/\A<meta name="#{field}" content="#{token}" \/>\z/)
|
97
|
+
b.must_equal ['g']
|
98
|
+
s, _, b = req('/foo', env[h].merge('REQUEST_METHOD'=>'POST', 'rack.input'=>io, "HTTP_#{h['HEADER']}"=>h['TOKEN']))
|
99
|
+
s.must_equal 200
|
100
|
+
b.must_equal ['p']
|
101
|
+
|
102
|
+
sub_app.plugin :csrf, :skip_middleware=>true
|
103
|
+
body('/foo/bar', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'foobar'
|
104
|
+
|
105
|
+
@app = sub_app
|
106
|
+
s, _, b = req('/bar', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io)
|
107
|
+
s.must_equal 200
|
108
|
+
b.must_equal ['foobar']
|
109
|
+
end
|
51
110
|
end
|
52
111
|
end
|
@@ -292,4 +292,25 @@ describe "type_routing plugin" do
|
|
292
292
|
|
293
293
|
body('/a.html').must_equal '.html'
|
294
294
|
end
|
295
|
+
|
296
|
+
it "takes the longest file extension first, when ambiguous" do
|
297
|
+
app(:bare) do
|
298
|
+
plugin :type_routing, :types => {
|
299
|
+
:gz => 'application/octet-stream',
|
300
|
+
:'tar.gz' => 'application/octet-stream',
|
301
|
+
}
|
302
|
+
|
303
|
+
route do |r|
|
304
|
+
r.is 'a' do
|
305
|
+
r.on_type(:gz) { 'GZ' }
|
306
|
+
r.on_type(:'tar.gz') { 'TAR.GZ' }
|
307
|
+
"NO"
|
308
|
+
end
|
309
|
+
end
|
310
|
+
end
|
311
|
+
|
312
|
+
body('/a').must_equal "NO"
|
313
|
+
body('/a.gz').must_equal 'GZ'
|
314
|
+
body('/a.tar.gz').must_equal 'TAR.GZ'
|
315
|
+
end
|
295
316
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: roda
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.26.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeremy Evans
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-05-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -205,6 +205,7 @@ extra_rdoc_files:
|
|
205
205
|
- doc/release_notes/2.23.0.txt
|
206
206
|
- doc/release_notes/2.24.0.txt
|
207
207
|
- doc/release_notes/2.25.0.txt
|
208
|
+
- doc/release_notes/2.26.0.txt
|
208
209
|
files:
|
209
210
|
- CHANGELOG
|
210
211
|
- MIT-LICENSE
|
@@ -234,6 +235,7 @@ files:
|
|
234
235
|
- doc/release_notes/2.23.0.txt
|
235
236
|
- doc/release_notes/2.24.0.txt
|
236
237
|
- doc/release_notes/2.25.0.txt
|
238
|
+
- doc/release_notes/2.26.0.txt
|
237
239
|
- doc/release_notes/2.3.0.txt
|
238
240
|
- doc/release_notes/2.4.0.txt
|
239
241
|
- doc/release_notes/2.5.0.txt
|