RubyGems - subdomainbox - Versions diffs - 0.6.0 → 0.7.0 - Mend

subdomainbox 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/VERSION +1 -1
data/lib/subdomainbox/secure_csrf_token.rb +1 -1
data/spec/secure_csrf_token_spec.rb +9 -13
data/subdomainbox.gemspec +1 -1
metadata +14 -14

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.6.0
1	+ 0.7.0

data/lib/subdomainbox/secure_csrf_token.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module ActionController #:nodoc:
       # Sets the token value for the current session.
       def form_authenticity_token
         raise 'CSRF token secret must be defined' if CSRF_TOKEN_SECRET.nil? || CSRF_TOKEN_SECRET.empty?
-        if @default_subdomainbox_removed || request.session_options[:id].nil?
+        if request.session_options[:id].nil? || request.session_options[:id].empty?
           original_form_authenticity_token
         else
           Digest::SHA1.hexdigest("#{CSRF_TOKEN_SECRET}#{request.session_options[:id]}#{request.subdomain}")

data/spec/secure_csrf_token_spec.rb CHANGED Viewed

@@ -22,23 +22,11 @@ describe "ActionController::RequestForgeryProtection" do
     end
     context "when the user has a session" do
-      before(:each) do
-        request.stub_chain(:session_options, :[]).and_return('abc')
-      end
       it "should be generated from the CSRF_TOKEN_SECRET salted with the session id and the subdomain" do
+        request.stub_chain(:session_options, :[]).and_return('abc')
         CSRF_TOKEN_SECRET = 'xyz'
         form_authenticity_token.should == Digest::SHA1.hexdigest('xyzabcpets')
       end
-      context "when the default subdomainbox has been removed" do
-        it "should call the original form_authenticity_token" do
-          @default_subdomainbox_removed = true
-          self.should_receive(:original_form_authenticity_token)
-          form_authenticity_token
-        end
-      end
     end
     context "when there is no session id" do
@@ -49,6 +37,14 @@ describe "ActionController::RequestForgeryProtection" do
       end
     end
+    context "when there is an empty session id" do
+      it "should call the original form_authenticity_token" do
+        request.stub_chain(:session_options, :[]).and_return('')
+        self.should_receive(:original_form_authenticity_token)
+        form_authenticity_token
+      end
+    end
   end
 end

data/subdomainbox.gemspec CHANGED Viewed

@@ -5,7 +5,7 @@
 Gem::Specification.new do |s|
   s.name = "subdomainbox"
-  s.version = "0.6.0"
+  s.version = "0.7.0"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Daniel Nelson"]

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: subdomainbox
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
   prerelease:
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2013-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uuidtools
-  requirement: &2164367660 !ruby/object:Gem::Requirement
+  requirement: &2160194860 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2164367660
+  version_requirements: *2160194860
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2164365580 !ruby/object:Gem::Requirement
+  requirement: &2160213360 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -32,10 +32,10 @@ dependencies:
         version: 2.10.0
   type: :development
   prerelease: false
-  version_requirements: *2164365580
+  version_requirements: *2160213360
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &2164355360 !ruby/object:Gem::Requirement
+  requirement: &2160212040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -43,10 +43,10 @@ dependencies:
         version: 1.8.4
   type: :development
   prerelease: false
-  version_requirements: *2164355360
+  version_requirements: *2160212040
 - !ruby/object:Gem::Dependency
   name: pry
-  requirement: &2164354280 !ruby/object:Gem::Requirement
+  requirement: &2160210100 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2164354280
+  version_requirements: *2160210100
 - !ruby/object:Gem::Dependency
   name: pry-nav
-  requirement: &2164352920 !ruby/object:Gem::Requirement
+  requirement: &2160208180 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2164352920
+  version_requirements: *2160208180
 - !ruby/object:Gem::Dependency
   name: pry-stack_explorer
-  requirement: &2164351700 !ruby/object:Gem::Requirement
+  requirement: &2160206540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,7 +76,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2164351700
+  version_requirements: *2160206540
 description: use subdomains to prevent XSS from accessing your entire application
   if it should happen to be injected into some page in your app
 email: dnelson@centresource.com
@@ -118,7 +118,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3756000022176297036
+      hash: 4123236881766374921
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: