sinatra-security 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/lib/sinatra/security/helpers.rb +7 -1
- data/sinatra-security.gemspec +2 -2
- data/test/test_sinatra-security.rb +41 -0
- metadata +3 -3
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.4
|
|
@@ -20,7 +20,9 @@ module Sinatra
|
|
|
20
20
|
if logged_in?
|
|
21
21
|
return true
|
|
22
22
|
else
|
|
23
|
-
|
|
23
|
+
if should_return_to?(request.fullpath)
|
|
24
|
+
session[:return_to] = request.fullpath
|
|
25
|
+
end
|
|
24
26
|
redirect "/login"
|
|
25
27
|
return false
|
|
26
28
|
end
|
|
@@ -41,6 +43,10 @@ module Sinatra
|
|
|
41
43
|
def logout!
|
|
42
44
|
session.delete(:user)
|
|
43
45
|
end
|
|
46
|
+
|
|
47
|
+
def should_return_to?(path)
|
|
48
|
+
!(path =~ /(jpe?g|png|gif|css|js)$/)
|
|
49
|
+
end
|
|
44
50
|
end
|
|
45
51
|
end
|
|
46
52
|
end
|
data/sinatra-security.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{sinatra-security}
|
|
8
|
-
s.version = "0.1.
|
|
8
|
+
s.version = "0.1.4"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Cyril David"]
|
|
12
|
-
s.date = %q{2010-
|
|
12
|
+
s.date = %q{2010-05-17}
|
|
13
13
|
s.description = %q{For use with Sinatra + Monk + OHM}
|
|
14
14
|
s.email = %q{cyx.ucron@gmail.com}
|
|
15
15
|
s.extra_rdoc_files = [
|
|
@@ -12,6 +12,24 @@ class BasicApp < Sinatra::Base
|
|
|
12
12
|
get '/private' do
|
|
13
13
|
require_login
|
|
14
14
|
end
|
|
15
|
+
|
|
16
|
+
get '/css/main.css' do
|
|
17
|
+
require_login
|
|
18
|
+
|
|
19
|
+
"body { color: black }"
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
get '/images/:image' do
|
|
23
|
+
require_login
|
|
24
|
+
|
|
25
|
+
params[:image]
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
get '/js/main.js' do
|
|
29
|
+
require_login
|
|
30
|
+
|
|
31
|
+
"alert('hey')"
|
|
32
|
+
end
|
|
15
33
|
end
|
|
16
34
|
|
|
17
35
|
class TestSinatraSecurity < Test::Unit::TestCase
|
|
@@ -62,6 +80,29 @@ class TestSinatraSecurity < Test::Unit::TestCase
|
|
|
62
80
|
end
|
|
63
81
|
end
|
|
64
82
|
|
|
83
|
+
describe "accessing a private url with GET but as (js|css|png) etc" do
|
|
84
|
+
should "not save any return_to" do
|
|
85
|
+
get "/css/main.css"
|
|
86
|
+
assert ! session[:return_to]
|
|
87
|
+
|
|
88
|
+
get "/js/main.js"
|
|
89
|
+
assert ! session[:return_to]
|
|
90
|
+
|
|
91
|
+
get "/images/test.png"
|
|
92
|
+
assert ! session[:return_to]
|
|
93
|
+
|
|
94
|
+
get "/images/test.gif"
|
|
95
|
+
assert ! session[:return_to]
|
|
96
|
+
|
|
97
|
+
get "/images/test.jpg"
|
|
98
|
+
assert ! session[:return_to]
|
|
99
|
+
|
|
100
|
+
get "/images/test.jpeg"
|
|
101
|
+
assert ! session[:return_to]
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
|
|
65
106
|
describe "being redirected and then logging in" do
|
|
66
107
|
setup do
|
|
67
108
|
get '/private'
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 1
|
|
8
|
-
-
|
|
9
|
-
version: 0.1.
|
|
8
|
+
- 4
|
|
9
|
+
version: 0.1.4
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Cyril David
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2010-
|
|
17
|
+
date: 2010-05-17 00:00:00 +08:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies: []
|
|
20
20
|
|