rodauth-select-account 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +18 -0
  3. data/README.md +1 -1
  4. data/lib/rodauth/features/select_account.rb +11 -5
  5. data/lib/rodauth/select-account/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 73c3033c2a25680b2abc54db4f4f55cc9e11698d699bd70745c97184ca5a6c7e
4
- data.tar.gz: 1a94b7a28d85b55fbad68eb9800407552d9f5f2b281c84842af829174967451b
3
+ metadata.gz: 6c881e5c48400dfdb20e8c6d4c085ca195fe901477ac632cbc901217ab745b34
4
+ data.tar.gz: 8af197d3e4766928985775c4532954d3c7f519231872b1875411936b80c46fb6
5
5
  SHA512:
6
- metadata.gz: 35e2e1d8c4d162cfb0d95f1a1bc1293f9002718bc58619fd6edcebdde7fe0b71588596dbb59a167ebf82400b6d74dd6202c03707949de276fca92bf0355a4250
7
- data.tar.gz: c000c0f422f9aee6ee6d2278d77523520e7910de79ed528ccf676f4a59ee973d1e8787f53f13ca0edd51d714a751938b3344f7fa9b3dae77dcc853bd9e65d037
6
+ metadata.gz: a65a384392c409fba38c4d04087c59bd78a278fa795924414c7ff4e3269191bf07a271e448e800d843332d6e70c3bfadb861b69c64fb09d841d6b2ec15cd11df
7
+ data.tar.gz: e7ebbc98509dea51383abc86fe54f633620e5f2e16b2fa503a68c14754f8aef75016cca9d54717c26e93ac3ddae85b0880bb10060397ffcc5eed56468658b690
data/CHANGELOG.md CHANGED
@@ -1,3 +1,21 @@
1
1
  # CHANGELOG
2
2
 
3
3
  ## master
4
+
5
+ ## 0.0.4
6
+
7
+ Cookies used for selected account are now secure by default (httponly on, secure if request is TLS-enabled);
8
+
9
+ Cookie path is now "/" by default.
10
+
11
+ ## 0.0.3
12
+
13
+ bugfix: fixing calls to the view helpers when in multi-phase login mode.
14
+
15
+ ## 0.0.2
16
+
17
+ bugfix: added missing form templates.
18
+
19
+ ## 0.0.1
20
+
21
+ Initial draft, all features added.
data/README.md CHANGED
@@ -127,7 +127,7 @@ These are also available methods:
127
127
 
128
128
  ## Ruby support policy
129
129
 
130
- The minimum Ruby version required to run `rodauth-select-account` is 2.4 . Besides that, it should support all rubies that rodauth and roda support, including JRuby and (potentially, I don't know yet) truffleruby.
130
+ The minimum Ruby version required to run `rodauth-select-account` is 2.4 . Besides that, it supports all rubies that rodauth and roda support, including JRuby and truffleruby.
131
131
 
132
132
  ## Development
133
133
 
data/lib/rodauth/features/select_account.rb CHANGED
@@ -54,15 +54,18 @@ module Rodauth
54
54
  def require_select_account
55
55
  # whether an account has been selected for a certain workflow will be driven by a short-lived
56
56
  # cookie, which will hopefully be active during the duration of account selection
57
+ opts = Hash[accounts_cookie_options]
58
+ opts[:path] = "/" unless opts.key?(:path)
57
59
  if request.cookies[require_selected_account_cookie_key]
58
- ::Rack::Utils.delete_cookie_header!(response.headers, require_selected_account_cookie_key)
60
+ ::Rack::Utils.delete_cookie_header!(response.headers, require_selected_account_cookie_key, opts)
59
61
  return
60
62
  end
61
63
 
62
- opts = {
63
- value: true,
64
- expires: Time.now + require_selected_account_cookie_interval
65
- }
64
+ opts[:value] = true
65
+ opts[:expires] = Time.now + require_selected_account_cookie_interval
66
+ opts[:httponly] = true unless opts.key?(:httponly)
67
+ opts[:secure] = true unless opts.key?(:secure) || !request.ssl?
68
+
66
69
  ::Rack::Utils.set_cookie_header!(response.headers, require_selected_account_cookie_key, opts)
67
70
 
68
71
  # should redirect to the accounts page, and set this as the page to return to
@@ -170,6 +173,9 @@ module Rodauth
170
173
  opts = Hash[accounts_cookie_options]
171
174
  opts[:value] = accounts_cookie.join(",")
172
175
  opts[:expires] = Time.now + accounts_cookie_interval
176
+ opts[:path] = "/" unless opts.key?(:path)
177
+ opts[:httponly] = true unless opts.key?(:httponly)
178
+ opts[:secure] = true unless opts.key?(:secure) || !request.ssl?
173
179
  ::Rack::Utils.set_cookie_header!(response.headers, accounts_cookie_key, opts)
174
180
  end
175
181
 
data/lib/rodauth/select-account/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Rodauth
4
4
  module SelectAccount
5
- VERSION = "0.0.3"
5
+ VERSION = "0.0.4"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth-select-account
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tiago Cardoso
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-21 00:00:00.000000000 Z
11
+ date: 2021-01-16 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Multiple authenticated accounts per session in rodauth.
14
14
  email:
@@ -50,7 +50,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
50
50
  - !ruby/object:Gem::Version
51
51
  version: '0'
52
52
  requirements: []
53
- rubygems_version: 3.1.2
53
+ rubygems_version: 3.1.4
54
54
  signing_key:
55
55
  specification_version: 4
56
56
  summary: Multiple authenticated accounts per session in rodauth.