ucb_rails_user 8.0.0 → 8.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/concerns/ucb_rails_user/sessions_controller_concerns.rb +5 -5
  3. data/app/views/ucb_rails_user/sessions/new.html.erb +21 -0
  4. data/config/routes.rb +2 -2
  5. data/lib/ucb_rails_user/configuration/cas.rb +9 -0
  6. data/lib/ucb_rails_user/spec_helpers.rb +1 -0
  7. data/lib/ucb_rails_user/version.rb +1 -1
  8. metadata +13 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3a52f47b67f3941ef82192caf5fd352e71e9d85074d366da8a6a44897fbafd82
4
- data.tar.gz: 64fa7bda12ce85ba806ebc4000131d700a8317ef5d95e2f49079f099d1f33ea9
3
+ metadata.gz: '09287b7395b9051f836da163e113b19e79b97f2ca1a4244ac647fb01de4ef398'
4
+ data.tar.gz: 91ed2a6b9f2d2aa7a1a8d41c16bca50d179e17eeaec497fce684d606eef3d9ce
5
5
  SHA512:
6
- metadata.gz: 4c0288fd05fee9438c59fd518bbb143721b43c8109aec25248ba162f8a8e3ce2abd70ab96b228caa37dbdc111288d9be1c3ccb804deb191afce17e683bb07de3
7
- data.tar.gz: ee2fb735c92576d9cd596721ed3c6f3d4f30e2899725ce522c99121c3c05d3e77385d4b32b1c2aef80a13d27a5901ec3192de3b6990e751c4f7d77d4f09ed5c3
6
+ metadata.gz: 14686fd6c41309f33ae5d16d427c7d6270f6a0f1601d2f2ded8d22562c4cfd124e92f2ca3e3d59a5079309cc1413514c1448c1ce6583b3c51e005c02d5799cb7
7
+ data.tar.gz: 5273939befe8db63989e4e4f6940ec23e93f9cecaf1a7aeb20c7acbcad60cd415154b0e4b87b25391bb7dc3a05f3e80c04759d64e7fcc5ce335d6e17a0bc9ff1
data/app/controllers/concerns/ucb_rails_user/sessions_controller_concerns.rb CHANGED
@@ -5,12 +5,12 @@ module UcbRailsUser::SessionsControllerConcerns
5
5
  skip_before_action :ensure_authenticated_user, :log_request, raise: false
6
6
  end
7
7
 
8
- # Redirects to authentication provider
8
+ # Renders login form for authentication provider
9
9
  #
10
10
  # @return [nil]
11
11
  def new
12
- provider = UcbRailsUser[:omniauth_provider] || :cas
13
- redirect_to "/auth/#{provider}"
12
+ @provider = UcbRailsUser[:omniauth_provider] || :cas
13
+ render 'ucb_rails_user/sessions/new'
14
14
  end
15
15
 
16
16
  # Login user after authentication by provider
@@ -42,7 +42,7 @@ module UcbRailsUser::SessionsControllerConcerns
42
42
  #
43
43
  # @return [nil]
44
44
  def not_authorized
45
- render(:text => "Not Authorized", :status => 401)
45
+ render(plain: "Not Authorized", status: 401)
46
46
  end
47
47
 
48
48
  # Handler for authentication failure.
@@ -50,7 +50,7 @@ module UcbRailsUser::SessionsControllerConcerns
50
50
  # @return [nil]
51
51
  def failure
52
52
  Rails.logger.debug("Authentication Failed for: #{request.env['omniauth.auth']}")
53
- render(:text => "Not Authorized", :status => 401)
53
+ render(plain: "Not Authorized", status: 401)
54
54
  end
55
55
 
56
56
  private
data/app/views/ucb_rails_user/sessions/new.html.erb ADDED
@@ -0,0 +1,21 @@
1
+ <div style="display: flex; justify-content: center; align-items: center; min-height: 100vh; background-color: #f5f5f5;">
2
+ <div style="background: white; padding: 2rem; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); text-align: center; max-width: 400px; width: 100%;">
3
+ <h1 style="margin-bottom: 1.5rem; color: #333;">Sign In Required</h1>
4
+
5
+ <p style="margin-bottom: 2rem; color: #666;">Please sign in to continue</p>
6
+
7
+ <%= button_to "/auth/#{@provider}",
8
+ method: :post,
9
+ data: { turbo: false },
10
+ style: "background-color: #003262; color: white; padding: 12px 24px; font-size: 16px; border: none; border-radius: 4px; cursor: pointer; width: 100%; font-weight: 500;" do %>
11
+ Sign in with CalNet
12
+ <% end %>
13
+
14
+ <% if Rails.env.development? %>
15
+ <p style="margin-top: 2rem; font-size: 12px; color: #999;">
16
+ Environment: Development<br>
17
+ Provider: <%= @provider %>
18
+ </p>
19
+ <% end %>
20
+ </div>
21
+ </div>
data/config/routes.rb CHANGED
@@ -5,8 +5,8 @@ Rails.application.routes.draw do
5
5
  match "/logout", to: UcbRailsUser::SessionsController.action(:destroy),
6
6
  as: "logout", via: [:all]
7
7
  match "/auth/:omniauth_provider/callback", to: UcbRailsUser::SessionsController.action(:create),
8
- via: [:get]
9
- match "/auth/failure", to: UcbRailsUser::SessionsController.action(:failure), via: [:get]
8
+ via: [:get, :post]
9
+ match "/auth/failure", to: UcbRailsUser::SessionsController.action(:failure), via: [:get, :post]
10
10
  match "/not_authorized", to: UcbRailsUser::SessionsController.action(:not_authorized),
11
11
  as: "not_authorized", via: [:get]
12
12
 
data/lib/ucb_rails_user/configuration/cas.rb CHANGED
@@ -15,6 +15,15 @@ module UcbRailsUser
15
15
 
16
16
  def configure_omniauth
17
17
  host_name = host
18
+
19
+ # Configure OmniAuth to only accept POST requests for security (CVE-2015-9284)
20
+ OmniAuth.config.allowed_request_methods = [:post]
21
+ OmniAuth.config.silence_get_warning = true
22
+
23
+ # Disable CSRF protection for OmniAuth - we handle security through POST-only
24
+ # This is safe because we're only allowing POST requests and CAS provides its own security
25
+ OmniAuth.config.request_validation_phase = nil
26
+
18
27
  Rails.application.config.middleware.use OmniAuth::Builder do
19
28
 
20
29
  unless Rails.env.production?
data/lib/ucb_rails_user/spec_helpers.rb CHANGED
@@ -13,6 +13,7 @@ module UcbRailsUser
13
13
  OmniAuth.config.test_mode = true
14
14
  auth_mock(user.ldap_uid)
15
15
  visit login_path()
16
+ click_on "Sign in with CalNet"
16
17
  end
17
18
 
18
19
  def auth_mock(uid)
data/lib/ucb_rails_user/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module UcbRailsUser
2
- VERSION = '8.0.0'
2
+ VERSION = '8.1.0'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ucb_rails_user
3
3
  version: !ruby/object:Gem::Version
4
- version: 8.0.0
4
+ version: 8.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Steve Downey
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
- date: 2025-03-04 00:00:00.000000000 Z
16
+ date: 2025-08-28 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: rails
@@ -146,7 +146,7 @@ dependencies:
146
146
  version: '1.8'
147
147
  - - "<"
148
148
  - !ruby/object:Gem::Version
149
- version: '3.0'
149
+ version: '4.0'
150
150
  type: :runtime
151
151
  prerelease: false
152
152
  version_requirements: !ruby/object:Gem::Requirement
@@ -156,21 +156,21 @@ dependencies:
156
156
  version: '1.8'
157
157
  - - "<"
158
158
  - !ruby/object:Gem::Version
159
- version: '3.0'
159
+ version: '4.0'
160
160
  - !ruby/object:Gem::Dependency
161
161
  name: omniauth-cas
162
162
  requirement: !ruby/object:Gem::Requirement
163
163
  requirements:
164
- - - "~>"
164
+ - - ">="
165
165
  - !ruby/object:Gem::Version
166
- version: '1.1'
166
+ version: '3.0'
167
167
  type: :runtime
168
168
  prerelease: false
169
169
  version_requirements: !ruby/object:Gem::Requirement
170
170
  requirements:
171
- - - "~>"
171
+ - - ">="
172
172
  - !ruby/object:Gem::Version
173
- version: '1.1'
173
+ version: '3.0'
174
174
  - !ruby/object:Gem::Dependency
175
175
  name: ucb_ldap
176
176
  requirement: !ruby/object:Gem::Requirement
@@ -189,16 +189,16 @@ dependencies:
189
189
  name: faraday
190
190
  requirement: !ruby/object:Gem::Requirement
191
191
  requirements:
192
- - - "~>"
192
+ - - ">="
193
193
  - !ruby/object:Gem::Version
194
- version: 2.12.1
194
+ version: '2.12'
195
195
  type: :runtime
196
196
  prerelease: false
197
197
  version_requirements: !ruby/object:Gem::Requirement
198
198
  requirements:
199
- - - "~>"
199
+ - - ">="
200
200
  - !ruby/object:Gem::Version
201
- version: 2.12.1
201
+ version: '2.12'
202
202
  - !ruby/object:Gem::Dependency
203
203
  name: puma
204
204
  requirement: !ruby/object:Gem::Requirement
@@ -390,6 +390,7 @@ files:
390
390
  - app/views/ucb_rails_user/lps/_modal.html.erb
391
391
  - app/views/ucb_rails_user/lps/_results.html.erb
392
392
  - app/views/ucb_rails_user/lps/search.js.erb
393
+ - app/views/ucb_rails_user/sessions/new.html.erb
393
394
  - app/views/ucb_rails_user/users/_form.html.erb
394
395
  - app/views/ucb_rails_user/users/_search_results.html.erb
395
396
  - app/views/ucb_rails_user/users/_user.html.erb