tina4ruby 3.10.21 → 3.10.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tina4/frond.rb +24 -3
- data/lib/tina4/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3ae8ae6d644a0cb19a5b5fc2f68b02066ecfc41c4f6b6e6bae2415fdbe078fcc
|
|
4
|
+
data.tar.gz: eb1dd0310b3ed508ea582ec186e64f050be8c4fc8925abd5f038689b20a6f551
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cdcb3bf5c7d76949b51ec90fea3eed309fb0e9ec312f5ed5a02451da2a6953c3eb46524d191c0dee3d0efb587dc50581021dabd65b4432b42b469ccaa53342bf
|
|
7
|
+
data.tar.gz: ac974932d01d89edff858d9873ac39709f88161958956763757d952d8a3d17e97fccf96cd0cc1ce2678bca88488a357f9a28b7f2243d4bcd158be26f4e7fb541
|
data/lib/tina4/frond.rb
CHANGED
|
@@ -13,6 +13,7 @@ require "cgi"
|
|
|
13
13
|
require "uri"
|
|
14
14
|
require "date"
|
|
15
15
|
require "time"
|
|
16
|
+
require "securerandom"
|
|
16
17
|
|
|
17
18
|
module Tina4
|
|
18
19
|
# Marker class for strings that should not be auto-escaped in Frond.
|
|
@@ -1839,6 +1840,8 @@ module Tina4
|
|
|
1839
1840
|
|
|
1840
1841
|
def register_builtin_globals
|
|
1841
1842
|
@globals["form_token"] = ->(descriptor = "") { Frond.generate_form_token(descriptor.to_s) }
|
|
1843
|
+
@globals["formTokenValue"] = ->(descriptor = "") { Frond.generate_form_token_value(descriptor.to_s) }
|
|
1844
|
+
@globals["form_token_value"] = ->(descriptor = "") { Frond.generate_form_token_value(descriptor.to_s) }
|
|
1842
1845
|
end
|
|
1843
1846
|
|
|
1844
1847
|
# Generate a JWT form token and return a hidden input element.
|
|
@@ -1857,11 +1860,19 @@ module Tina4
|
|
|
1857
1860
|
attr_accessor :form_token_session_id
|
|
1858
1861
|
end
|
|
1859
1862
|
|
|
1860
|
-
|
|
1863
|
+
# Generate a raw JWT form token string.
|
|
1864
|
+
#
|
|
1865
|
+
# @param descriptor [String] Optional string to enrich the token payload.
|
|
1866
|
+
# - Empty: payload is {"type" => "form"}
|
|
1867
|
+
# - "admin_panel": payload is {"type" => "form", "context" => "admin_panel"}
|
|
1868
|
+
# - "checkout|order_123": payload is {"type" => "form", "context" => "checkout", "ref" => "order_123"}
|
|
1869
|
+
#
|
|
1870
|
+
# @return [String] The raw JWT token string.
|
|
1871
|
+
def self.generate_form_jwt(descriptor = "")
|
|
1861
1872
|
require_relative "log"
|
|
1862
1873
|
require_relative "auth"
|
|
1863
1874
|
|
|
1864
|
-
payload = { "type" => "form" }
|
|
1875
|
+
payload = { "type" => "form", "nonce" => SecureRandom.hex(8) }
|
|
1865
1876
|
if descriptor && !descriptor.empty?
|
|
1866
1877
|
if descriptor.include?("|")
|
|
1867
1878
|
parts = descriptor.split("|", 2)
|
|
@@ -1878,8 +1889,18 @@ module Tina4
|
|
|
1878
1889
|
|
|
1879
1890
|
ttl_minutes = (ENV["TINA4_TOKEN_LIMIT"] || "60").to_i
|
|
1880
1891
|
expires_in = ttl_minutes * 60
|
|
1881
|
-
|
|
1892
|
+
Tina4::Auth.create_token(payload, expires_in: expires_in)
|
|
1893
|
+
end
|
|
1894
|
+
|
|
1895
|
+
def self.generate_form_token(descriptor = "")
|
|
1896
|
+
token = generate_form_jwt(descriptor)
|
|
1882
1897
|
Tina4::SafeString.new(%(<input type="hidden" name="formToken" value="#{CGI.escapeHTML(token)}">))
|
|
1883
1898
|
end
|
|
1899
|
+
|
|
1900
|
+
# Return just the raw JWT form token string (no <input> wrapper).
|
|
1901
|
+
# Registered as both formTokenValue and form_token_value template globals.
|
|
1902
|
+
def self.generate_form_token_value(descriptor = "")
|
|
1903
|
+
Tina4::SafeString.new(generate_form_jwt(descriptor))
|
|
1904
|
+
end
|
|
1884
1905
|
end
|
|
1885
1906
|
end
|
data/lib/tina4/version.rb
CHANGED