static-rails 0.0.7 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 71c1a0e6ce72ea1feb691e3cbfae0bec8bf723f1512cda383aeae57d56fd9765
-  data.tar.gz: 4d8d3c148661b2498ccfeb3677553e94a91c2cb68b5c48ba47aaace89be8adfe
+  metadata.gz: 760a85803ecdc64592ce6f0f29e948fe744ff7e0d5d893f62f713f11aa7de9cb
+  data.tar.gz: 235ed594c1bf01dba53e028e3419ce1f5919e14de31441c5fb3f6a0b3b3de382
 SHA512:
-  metadata.gz: cc39f818e745f67930b8821dbf3b38cdfd34d33accd25979801a4fbc34df67cdf600e517a2fe806f6094e43bc2e797fcef2aa4b1bb7006f3d75317a26b19ea82
-  data.tar.gz: c0879dc6ef5950806aaa662035ac7593a78c334dc578f65bd5e13526d1f4c770a08b9cf1f2b8fc8e21a9d00372876736924e05687e4d33ebbb780acc5b802ea1
+  metadata.gz: fd446ac15d01e261594e66388afada570c203046d0dcaa52437c43aca8cc8f5a09c19ce1e87aa699b7b9407a3f9993328e285aa1a4aaf53035493fd2cde7a28d
+  data.tar.gz: 592a87c638a0f861c673566746b591700e256de4eae4d3b28218d6faa6e994e5c3cccf589f3a2d16d850275d8d5db079661ac03aee17e6bc62ecf62b28cdc538

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.0.8
+
+* Add support for the [CSRF
+  changes](https://github.com/rails/rails/commit/358ff18975f26e820ea355ec113ffc5228e59af8) in Rails 6.0.3.1
+
 ## 0.0.7
 
 * Ensure that CSRF tokens are valid, at the cost of some performance and

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    static-rails (0.0.7)
+    static-rails (0.0.8)
       rack-proxy (~> 0.6)
       railties (>= 5.0.0)
 
@@ -32,19 +32,18 @@ GEM
     concurrent-ruby (1.1.6)
     crass (1.0.6)
     erubi (1.9.0)
-    i18n (1.8.2)
+    i18n (1.8.3)
       concurrent-ruby (~> 1.0)
-    jaro_winkler (1.5.4)
     loofah (2.5.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     method_source (1.0.0)
     mini_portile2 (2.4.0)
-    minitest (5.14.0)
+    minitest (5.14.1)
     nokogiri (1.10.9)
       mini_portile2 (~> 2.4.0)
     parallel (1.19.1)
-    parser (2.7.1.1)
+    parser (2.7.1.3)
       ast (~> 2.4.0)
     rack (2.2.2)
     rack-proxy (0.6.5)
@@ -64,26 +63,30 @@ GEM
       thor (>= 0.20.3, < 2.0)
     rainbow (3.0.0)
     rake (13.0.1)
+    regexp_parser (1.7.1)
     rexml (3.2.4)
-    rubocop (0.80.1)
-      jaro_winkler (~> 1.5.1)
+    rubocop (0.85.1)
       parallel (~> 1.10)
       parser (>= 2.7.0.1)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
       rexml
+      rubocop-ast (>= 0.0.3)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
-    rubocop-performance (1.5.2)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.0.3)
+      parser (>= 2.7.0.1)
+    rubocop-performance (1.6.1)
       rubocop (>= 0.71.0)
     ruby-progressbar (1.10.1)
-    standard (0.2.5)
-      rubocop (~> 0.80.1)
-      rubocop-performance (~> 1.5.2)
+    standard (0.4.7)
+      rubocop (~> 0.85.0)
+      rubocop-performance (~> 1.6.0)
     thor (1.0.1)
     thread_safe (0.3.6)
     tzinfo (1.2.7)
       thread_safe (~> 0.1)
-    unicode-display_width (1.6.1)
+    unicode-display_width (1.7.0)
     zeitwerk (2.3.0)
 
 PLATFORMS

data/lib/static-rails/gets_csrf_token.rb

@@ -6,10 +6,22 @@ module StaticRails
 
     private
 
+    def csrf_token_hmac(session, identifier)
+      ActionController::RequestForgeryProtection.instance_method(:csrf_token_hmac).bind(self).call(session, identifier)
+    end
+
+    def mask_token(raw_token)
+      ActionController::RequestForgeryProtection.instance_method(:mask_token).bind(self).call(raw_token)
+    end
+
     def masked_authenticity_token(session, form_options: {})
       ActionController::RequestForgeryProtection.instance_method(:masked_authenticity_token).bind(self).call(session, form_options)
     end
 
+    def global_csrf_token(session)
+      ActionController::RequestForgeryProtection.instance_method(:global_csrf_token).bind(self).call(session)
+    end
+
     def real_csrf_token(session)
       ActionController::RequestForgeryProtection.instance_method(:real_csrf_token).bind(self).call(session)
     end

data/lib/static-rails/site_middleware.rb

@@ -40,7 +40,7 @@ module StaticRails
         #
         # (By the way, this was all Matthew Draper's bright idea. You can
         # compliment him here: https://github.com/matthewd )
-        @app.call(env.merge("PATH_INFO" => env["PATH_INFO"] + PATH_INFO_OBFUSCATION))
+        @app.call(env.merge("PATH_INFO" => PATH_INFO_OBFUSCATION + env["PATH_INFO"]))
       elsif StaticRails.config.proxy_requests
         @proxy_middleware.call(env)
       elsif StaticRails.config.serve_compiled_assets

data/lib/static-rails/site_plus_csrf_middleware.rb

@@ -13,10 +13,10 @@ module StaticRails
     end
 
     def call(env)
-      return @app.call(env) unless @determines_whether_to_handle_request.call(env)
+      return @app.call(env) unless env["PATH_INFO"]&.start_with?(PATH_INFO_OBFUSCATION) || @determines_whether_to_handle_request.call(env)
 
       env = env.merge(
-        "PATH_INFO" => env["PATH_INFO"].gsub(/#{PATH_INFO_OBFUSCATION}/, "")
+        "PATH_INFO" => env["PATH_INFO"].gsub(/^#{PATH_INFO_OBFUSCATION}/, "")
       )
       status, headers, body = super(env)
 

data/lib/static-rails/validates_csrf_token.rb

@@ -7,6 +7,9 @@ module StaticRails
     private
 
     [
+      :compare_with_global_token,
+      :global_csrf_token,
+      :csrf_token_hmac,
       :valid_authenticity_token?,
       :unmask_token,
       :compare_with_real_token,

data/lib/static-rails/version.rb

@@ -1,3 +1,3 @@
 module StaticRails
-  VERSION = "0.0.7"
+  VERSION = "0.0.8"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: static-rails
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors:
 - Justin Searls
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-29 00:00:00.000000000 Z
+date: 2020-06-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties