safe_redirect 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/safe_redirect/safe_redirect.rb +3 -2
  3. data/lib/safe_redirect/version.rb +1 -1
  4. data/safe_redirect.gemspec +4 -0
  5. data/spec/lib/safe_redirect/configuration_spec.rb +31 -0
  6. data/spec/lib/safe_redirect/safe_redirect_spec.rb +61 -0
  7. data/spec/spec_helper.rb +23 -0
  8. metadata +26 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 994d65b4b777046399df62f71dea891f3dee1e5b
4
- data.tar.gz: 1d2260242c9dd0c4338b3c3baf45247f2156a32b
3
+ metadata.gz: 9b628c68916ed992402ee971523c5937b30538de
4
+ data.tar.gz: c497d1e8882776fe69f94f8d6095567e76d12036
5
5
  SHA512:
6
- metadata.gz: cd5c9ca9136f6b84935e754d502d9716acf9c0c4cddf4789862fbe6e2c0839ec8590a64fd12f498c7a06234ca3479c42f1237bc0411a39208ecd21a1750a8dd8
7
- data.tar.gz: ff2e823f75d81029b5ae4d9648fe77732f70f8e27dd74d51a67302faeb93b1640db62d71c857d87c0b147b1a3bd151c078efff5a4aefc73d6f29072c0b734bec
6
+ metadata.gz: 10e83cc957953e5ac78ea5e892ca18b01270663b8afbca3805df74880a62071e98ab3c5e4a919da994adadd882d018f45f4210fbde7d830831d6ee5db043d2a6
7
+ data.tar.gz: 1a2c4f2755aee51acbeee1014a55246568b4711cfde312b6d49b8a91f6e3dc9e4a2c99209016833f9ac1fc11fe61de51742e7140bb3367e6ad278dd81041057a
data/lib/safe_redirect/safe_redirect.rb CHANGED
@@ -12,7 +12,7 @@ module SafeRedirect
12
12
  if safe_domain?(stripped_path)
13
13
  stripped_path
14
14
  else
15
- stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:]*/i, '')
15
+ stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
16
16
  stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
17
17
  stripped_path
18
18
  end
@@ -21,7 +21,8 @@ module SafeRedirect
21
21
  end
22
22
  end
23
23
 
24
- def redirect_to(path, options)
24
+ def redirect_to(path, options={})
25
25
  super safe_path(path), options
26
+ rescue NoMethodError
26
27
  end
27
28
  end
data/lib/safe_redirect/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeRedirect
2
- VERSION = '0.1.1'
2
+ VERSION = '0.1.2'
3
3
  end
data/safe_redirect.gemspec CHANGED
@@ -12,7 +12,11 @@ Gem::Specification.new do |gem|
12
12
  gem.description = %q{Preventing open redirects in Rails apps}
13
13
  gem.summary = %q{Preventing open redirects in Rails apps}
14
14
  gem.homepage = "https://github.com/sdsdkkk/safe_redirect"
15
+ gem.licenses = ['MIT']
16
+
17
+ gem.add_development_dependency 'rspec'
15
18
 
16
19
  gem.files = `git ls-files`.split($/)
20
+ gem.test_files = gem.files.grep(%r{^spec/})
17
21
  gem.require_paths = ["lib", "lib/safe_redirect"]
18
22
  end
data/spec/lib/safe_redirect/configuration_spec.rb ADDED
@@ -0,0 +1,31 @@
1
+ require 'spec_helper'
2
+
3
+ module SafeRedirect
4
+ describe Configuration do
5
+ before(:each) do
6
+ reset_config
7
+ end
8
+
9
+ it "default default_path is '/'" do
10
+ expect(SafeRedirect.configuration.default_path).to eq('/')
11
+ end
12
+
13
+ it "default domain_whitelists is []" do
14
+ expect(SafeRedirect.configuration.domain_whitelists).to eq([])
15
+ end
16
+
17
+ it "can update default_path" do
18
+ SafeRedirect.configure do |config|
19
+ config.default_path = 'https://www.bukalapak.com'
20
+ end
21
+ expect(SafeRedirect.configuration.default_path).to eq('https://www.bukalapak.com')
22
+ end
23
+
24
+ it "can update domain_whitelists" do
25
+ SafeRedirect.configure do |config|
26
+ config.domain_whitelists = ['www.bukalapak.com']
27
+ end
28
+ expect(SafeRedirect.configuration.domain_whitelists).to eq(['www.bukalapak.com'])
29
+ end
30
+ end
31
+ end
data/spec/lib/safe_redirect/safe_redirect_spec.rb ADDED
@@ -0,0 +1,61 @@
1
+ require 'spec_helper'
2
+
3
+ module SafeRedirect
4
+ describe SafeRedirect do
5
+ class Controller
6
+ extend SafeRedirect
7
+ end
8
+
9
+ before(:all) do
10
+ load_config
11
+ end
12
+
13
+ it "considers https://www.bukalapak.com a safe domain" do
14
+ expect(Controller.safe_domain?('https://www.bukalapak.com')).to eq(true)
15
+ end
16
+
17
+ it "considers / a safe domain" do
18
+ expect(Controller.safe_domain?('/')).to eq(true)
19
+ end
20
+
21
+ it "considers // an unsafe domain" do
22
+ expect(Controller.safe_domain?('//')).to eq(false)
23
+ end
24
+
25
+ it "considers http://www.twitter.com a safe domain" do
26
+ expect(Controller.safe_domain?('http://www.twitter.com')).to eq(true)
27
+ end
28
+
29
+ it "considers https://www.bukalapak.com@google.com an unsafe domain" do
30
+ expect(Controller.safe_domain?('https://www.bukalapak.com@google.com')).to eq(false)
31
+ end
32
+
33
+ it "considers https://www.bukalapak.com a safe path" do
34
+ expect(Controller.safe_path('https://www.bukalapak.com')).to eq('https://www.bukalapak.com')
35
+ end
36
+
37
+ it "considers / a safe path" do
38
+ expect(Controller.safe_path('/')).to eq('/')
39
+ end
40
+
41
+ it "considers // an unsafe path" do
42
+ expect(Controller.safe_path('//')).to eq('')
43
+ end
44
+
45
+ it "considers http://www.twitter.com a safe path" do
46
+ expect(Controller.safe_path('http://www.twitter.com')).to eq('http://www.twitter.com')
47
+ end
48
+
49
+ it "considers https://www.bukalapak.com@google.com an unsafe path" do
50
+ expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('')
51
+ end
52
+
53
+ it "can use redirect_to method with only the target path" do
54
+ Controller.redirect_to '/'
55
+ end
56
+
57
+ it "can use redirect_to method with both the target path and the options" do
58
+ Controller.redirect_to '/', notice: 'Back to home page'
59
+ end
60
+ end
61
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,23 @@
1
+ require 'rubygems'
2
+ require 'rspec'
3
+
4
+ require File.join(File.dirname(__FILE__), '..', 'lib', 'safe_redirect')
5
+
6
+ def reset_config
7
+ SafeRedirect.reset_config
8
+ end
9
+
10
+ def load_config
11
+ SafeRedirect.configure do |config|
12
+ config.default_path = '/sdsdkkk'
13
+ config.domain_whitelists = ['www.twitter.com', 'www.bukalapak.com']
14
+ end
15
+ end
16
+
17
+ module SafeRedirect
18
+ class << self
19
+ def reset_config
20
+ @configuration = Configuration.new
21
+ end
22
+ end
23
+ end
metadata CHANGED
@@ -1,15 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_redirect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edwin Tunggawan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-01 00:00:00.000000000 Z
12
- dependencies: []
11
+ date: 2016-05-03 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rspec
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
13
27
  description: Preventing open redirects in Rails apps
14
28
  email:
15
29
  - vcc.edwint@gmail.com
@@ -25,8 +39,12 @@ files:
25
39
  - lib/safe_redirect/safe_redirect.rb
26
40
  - lib/safe_redirect/version.rb
27
41
  - safe_redirect.gemspec
42
+ - spec/lib/safe_redirect/configuration_spec.rb
43
+ - spec/lib/safe_redirect/safe_redirect_spec.rb
44
+ - spec/spec_helper.rb
28
45
  homepage: https://github.com/sdsdkkk/safe_redirect
29
- licenses: []
46
+ licenses:
47
+ - MIT
30
48
  metadata: {}
31
49
  post_install_message:
32
50
  rdoc_options: []
@@ -49,4 +67,7 @@ rubygems_version: 2.5.1
49
67
  signing_key:
50
68
  specification_version: 4
51
69
  summary: Preventing open redirects in Rails apps
52
- test_files: []
70
+ test_files:
71
+ - spec/lib/safe_redirect/configuration_spec.rb
72
+ - spec/lib/safe_redirect/safe_redirect_spec.rb
73
+ - spec/spec_helper.rb