RubyGems - signed_form - Versions diffs - 0.1.1 → 0.1.2 - Mend

signed_form 0.1.1 → 0.1.2

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c2252f1f051eaa4aae342bebc6e18b690c1729e0
-  data.tar.gz: 14aed6537280fff1e06456e6810c3e82234482f8
+  metadata.gz: d48194df6c241a277cc79382344715c75aac7d9c
+  data.tar.gz: 279e08bc94e45b2ce9f5e25364104bd5433ecb34
 SHA512:
-  metadata.gz: b6ba4877c2618bfca2c6906a7ecc38fd2f86c138daafd6cee98945053ed773d615954dd0478d06059dd5bbc69a9275c612dc9f0618b7f9fe37bd7bf8e32b2879
-  data.tar.gz: 3d9aa7420195e95e2bf864482785675ac4e9e914ed257b6e9a017c6fec011533de4e12c95bb7d4f923bfdea3e698bf0845f737eba16d8d41129b00d96d09045d
+  metadata.gz: 75e21c1f42bfa9b1e8df77e4afbabb6d8ffc8a5295ddbc53d90347bfae0ed391e73f0a97b529e7b0e835957b737acf4f2deb9f692063c277408c66602a09d11a
+  data.tar.gz: 448f4016cf450248230406b3f89947f953398b81dcf56cdf06c9433eda9f9ad806e091aa93d7895ac6e62982dce271055b35101a0349b3952c62292bf1cd5498

@@ -24,7 +24,12 @@ module SignedForm
         allowed_attributes = Marshal.load Base64.strict_decode64(data)
         options            = allowed_attributes.delete(:__options__)
-        raise Errors::InvalidURL if options && (!options[:method].to_s.casecmp(request.method) || options[:url] != request.fullpath)
+        if options
+          raise Errors::InvalidURL if options[:method].to_s.casecmp(request.request_method) != 0
+          url = url_for(options[:url])
+          raise Errors::InvalidURL if url != request.fullpath && url != request.url
+        end
         allowed_attributes.each do |k, v|
           params[k] = params.require(k).permit(*v)

data/lib/signed_form/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module SignedForm
   MAJOR = 0
   MINOR = 1
-  PATCH = 1
+  PATCH = 2
   PRE   = nil
   VERSION = [MAJOR, MINOR, PATCH, PRE].compact.join '.'

data/spec/permit_signed_params_spec.rb CHANGED Viewed

@@ -12,7 +12,7 @@ describe SignedForm::ActionController::PermitSignedParams do
   before do
     SignedForm::HMAC.secret_key = "abc123"
-    Controller.any_instance.stub(request: double('request', method: 'POST', fullpath: '/users'))
+    Controller.any_instance.stub(request: double('request', method: 'POST', request_method: 'POST', fullpath: '/users', url: '/users'))
     Controller.any_instance.stub(params: { "user" => { name: "Erich Menge", occupation: 'developer' } })
   end
@@ -63,4 +63,18 @@ describe SignedForm::ActionController::PermitSignedParams do
     expect { controller.permit_signed_form_data }.to raise_error(SignedForm::Errors::InvalidURL)
   end
+  it "should reject if method doesn't match" do
+    params = controller.params
+    data      = Base64.strict_encode64(Marshal.dump("user" => [:name], :__options__ => { method: 'put', url: '/users'  }))
+    signature = SignedForm::HMAC.create_hmac(data)
+    params['form_signature'] = "#{data}--#{signature}"
+    params.stub(:require).with('user').and_return(params)
+    params.stub(:permit).with(:name).and_return(params)
+    expect { controller.permit_signed_form_data }.to raise_error(SignedForm::Errors::InvalidURL)
+  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: signed_form
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Erich Menge
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-04-10 00:00:00.000000000 Z
+date: 2013-04-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -136,4 +136,3 @@ test_files:
 - spec/hmac_spec.rb
 - spec/permit_signed_params_spec.rb
 - spec/spec_helper.rb
-has_rdoc: