sinatra-security 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/sinatra/security/helpers.rb +7 -1
- data/sinatra-security.gemspec +2 -2
- data/test/test_sinatra-security.rb +41 -0
- metadata +3 -3
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.4
|
|
@@ -20,7 +20,9 @@ module Sinatra
|
|
|
20
20
|
if logged_in?
|
|
21
21
|
return true
|
|
22
22
|
else
|
|
23
|
-
|
|
23
|
+
if should_return_to?(request.fullpath)
|
|
24
|
+
session[:return_to] = request.fullpath
|
|
25
|
+
end
|
|
24
26
|
redirect "/login"
|
|
25
27
|
return false
|
|
26
28
|
end
|
|
@@ -41,6 +43,10 @@ module Sinatra
|
|
|
41
43
|
def logout!
|
|
42
44
|
session.delete(:user)
|
|
43
45
|
end
|
|
46
|
+
|
|
47
|
+
def should_return_to?(path)
|
|
48
|
+
!(path =~ /(jpe?g|png|gif|css|js)$/)
|
|
49
|
+
end
|
|
44
50
|
end
|
|
45
51
|
end
|
|
46
52
|
end
|
data/sinatra-security.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{sinatra-security}
|
|
8
|
-
s.version = "0.1.
|
|
8
|
+
s.version = "0.1.4"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Cyril David"]
|
|
12
|
-
s.date = %q{2010-
|
|
12
|
+
s.date = %q{2010-05-17}
|
|
13
13
|
s.description = %q{For use with Sinatra + Monk + OHM}
|
|
14
14
|
s.email = %q{cyx.ucron@gmail.com}
|
|
15
15
|
s.extra_rdoc_files = [
|
|
@@ -12,6 +12,24 @@ class BasicApp < Sinatra::Base
|
|
|
12
12
|
get '/private' do
|
|
13
13
|
require_login
|
|
14
14
|
end
|
|
15
|
+
|
|
16
|
+
get '/css/main.css' do
|
|
17
|
+
require_login
|
|
18
|
+
|
|
19
|
+
"body { color: black }"
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
get '/images/:image' do
|
|
23
|
+
require_login
|
|
24
|
+
|
|
25
|
+
params[:image]
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
get '/js/main.js' do
|
|
29
|
+
require_login
|
|
30
|
+
|
|
31
|
+
"alert('hey')"
|
|
32
|
+
end
|
|
15
33
|
end
|
|
16
34
|
|
|
17
35
|
class TestSinatraSecurity < Test::Unit::TestCase
|
|
@@ -62,6 +80,29 @@ class TestSinatraSecurity < Test::Unit::TestCase
|
|
|
62
80
|
end
|
|
63
81
|
end
|
|
64
82
|
|
|
83
|
+
describe "accessing a private url with GET but as (js|css|png) etc" do
|
|
84
|
+
should "not save any return_to" do
|
|
85
|
+
get "/css/main.css"
|
|
86
|
+
assert ! session[:return_to]
|
|
87
|
+
|
|
88
|
+
get "/js/main.js"
|
|
89
|
+
assert ! session[:return_to]
|
|
90
|
+
|
|
91
|
+
get "/images/test.png"
|
|
92
|
+
assert ! session[:return_to]
|
|
93
|
+
|
|
94
|
+
get "/images/test.gif"
|
|
95
|
+
assert ! session[:return_to]
|
|
96
|
+
|
|
97
|
+
get "/images/test.jpg"
|
|
98
|
+
assert ! session[:return_to]
|
|
99
|
+
|
|
100
|
+
get "/images/test.jpeg"
|
|
101
|
+
assert ! session[:return_to]
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
|
|
65
106
|
describe "being redirected and then logging in" do
|
|
66
107
|
setup do
|
|
67
108
|
get '/private'
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 1
|
|
8
|
-
-
|
|
9
|
-
version: 0.1.
|
|
8
|
+
- 4
|
|
9
|
+
version: 0.1.4
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Cyril David
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2010-
|
|
17
|
+
date: 2010-05-17 00:00:00 +08:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies: []
|
|
20
20
|
|