secure_escrow 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -53,7 +53,7 @@
53
53
 
54
54
  var formSubmitSelector = 'form';
55
55
 
56
- $(formSubmitSelector).live('submit.secure_escrow', function(event) {
56
+ $(document.body).on('submit.secure_escrow', 'form', function(event) {
57
57
  var form = $(this),
58
58
  escrow = form.data('escrow'),
59
59
  isEscrow = escrow !== undefined;
@@ -21,6 +21,8 @@ module SecureEscrow
21
21
  BAD_NONCE = 'Bad nonce'
22
22
  DATA_KEY = 'secure_escrow'
23
23
  REDIRECT_CODES = 300..399
24
+ HTTPS = 'HTTPS'
25
+ ON = 'on'
24
26
  end
25
27
 
26
28
  class Middleware
@@ -77,7 +79,7 @@ module SecureEscrow
77
79
  end
78
80
 
79
81
  def store_response_in_escrow?
80
- return false unless POST == env[REQUEST_METHOD]
82
+ return false unless POST == env[REQUEST_METHOD] && ON == env[HTTPS]
81
83
  recognized = recognize_path
82
84
  config[:allow_non_escrow_routes] ?
83
85
  recognized :
@@ -96,7 +98,7 @@ module SecureEscrow
96
98
 
97
99
  if headers[CONTENT_TYPE] && JSON_CONTENT.match(headers[CONTENT_TYPE])
98
100
  body = [
99
- "<html><body><script id=\"response\" type=\"text/x-json\">%s</script></body></html>" %
101
+ "<html><body><script id=\"response\" type=\"text/x-escrow-json\">%s</script></body></html>" %
100
102
  { status: status, body: body.join.to_s }.to_json
101
103
  ]
102
104
  headers[CONTENT_TYPE] = "text/html; charset=utf-8"
@@ -1,3 +1,3 @@
1
1
  module SecureEscrow
2
- VERSION = "0.0.3"
2
+ VERSION = "0.0.4"
3
3
  end
@@ -164,6 +164,7 @@ describe SecureEscrow::Middleware do
164
164
 
165
165
  it 'should not store non-escrow routes' do
166
166
  presenter.env[REQUEST_METHOD] = POST
167
+ presenter.env[HTTPS] = ON
167
168
 
168
169
  rails_app.routes.should_receive(:recognize_path).
169
170
  once.with(env[REQUEST_PATH], { method: POST }).
@@ -177,10 +178,16 @@ describe SecureEscrow::Middleware do
177
178
 
178
179
  it 'should store https existent, non-escrow routes' do
179
180
  presenter.env[REQUEST_METHOD] = POST
181
+ presenter.env[HTTPS] = ON
180
182
 
181
183
  presenter.store_response_in_escrow?.should be_true
182
184
  end
183
185
 
186
+ it 'should not store non-https requests' do
187
+ presenter.env[REQUEST_METHOD] = POST
188
+ presenter.store_response_in_escrow?.should be_false
189
+ end
190
+
184
191
  it 'should not store non-existent routes' do
185
192
  presenter.env[REQUEST_METHOD] = POST
186
193
  rails_app.routes.stub!(:recognize_path).
@@ -192,6 +199,7 @@ describe SecureEscrow::Middleware do
192
199
 
193
200
  it 'should store escrow routes' do
194
201
  presenter.env[REQUEST_METHOD] = POST
202
+ presenter.env[HTTPS] = ON
195
203
 
196
204
  rails_app.routes.should_receive(:recognize_path).
197
205
  once.with(env[REQUEST_PATH], { method: POST }).
@@ -276,7 +284,7 @@ describe SecureEscrow::Middleware do
276
284
  json_representation = "{\"status\":403,\"body\":\"text\"}"
277
285
 
278
286
  status, headers, body = presenter.serve_response_from_escrow!
279
- body.join.should eq "<html><body><script id=\"response\" type=\"text/x-json\">#{json_representation}</script></body></html>"
287
+ body.join.should eq "<html><body><script id=\"response\" type=\"text/x-escrow-json\">#{json_representation}</script></body></html>"
280
288
  end
281
289
  end
282
290
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_escrow
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.4
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2012-02-08 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70352265255060 !ruby/object:Gem::Requirement
16
+ requirement: &70188511603340 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,7 +21,7 @@ dependencies:
21
21
  version: '0'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70352265255060
24
+ version_requirements: *70188511603340
25
25
  description: SecureEscrow provides a content proxy for Rails applications allowing
26
26
  POSTing to secure actions from insecure domains without full-page refreshes
27
27
  email: