vidibus-secure 0.0.1 → 0.0.2

data/Gemfile.lock

@@ -36,14 +36,14 @@ GEM
     erubis (2.6.6)
       abstract (>= 1.0.0)
     i18n (0.4.1)
-    mail (2.2.5)
+    mail (2.2.6.1)
       activesupport (>= 2.3.6)
       mime-types
       treetop (>= 1.4.5)
     mime-types (1.16)
     mongo (1.0.7)
       bson (>= 1.0.4)
-    mongoid (2.0.0.beta.17)
+    mongoid (2.0.0.beta.18)
       activemodel (~> 3.0.0)
       bson (= 1.0.4)
       mongo (= 1.0.7)
@@ -53,7 +53,7 @@ GEM
     rack (1.2.1)
     rack-mount (0.6.13)
       rack (>= 1.0.0)
-    rack-test (0.5.4)
+    rack-test (0.5.6)
       rack (>= 1.0)
     rails (3.0.0)
       actionmailer (= 3.0.0)
@@ -71,19 +71,21 @@ GEM
     rake (0.8.7)
     relevance-rcov (0.9.2.1)
     rr (1.0.0)
-    rspec (2.0.0.beta.20)
-      rspec-core (= 2.0.0.beta.20)
-      rspec-expectations (= 2.0.0.beta.20)
-      rspec-mocks (= 2.0.0.beta.20)
-    rspec-core (2.0.0.beta.20)
-    rspec-expectations (2.0.0.beta.20)
+    rspec (2.0.0.beta.22)
+      rspec-core (= 2.0.0.beta.22)
+      rspec-expectations (= 2.0.0.beta.22)
+      rspec-mocks (= 2.0.0.beta.22)
+    rspec-core (2.0.0.beta.22)
+    rspec-expectations (2.0.0.beta.22)
       diff-lcs (>= 1.1.2)
-    rspec-mocks (2.0.0.beta.20)
-    thor (0.14.0)
+    rspec-mocks (2.0.0.beta.22)
+      rspec-core (= 2.0.0.beta.22)
+      rspec-expectations (= 2.0.0.beta.22)
+    thor (0.14.2)
     treetop (1.4.8)
       polyglot (>= 0.3.1)
     tzinfo (0.3.23)
-    vidibus-core_extensions (0.3.5)
+    vidibus-core_extensions (0.3.7)
     will_paginate (3.0.pre2)
 
 PLATFORMS

data/VERSION

@@ -1 +1 @@
-0.0.1
+0.0.2

data/lib/vidibus/secure/extensions/controller.rb

@@ -1,3 +1,6 @@
+require "uri"
+require "rack/utils"
+
 module Vidibus
   module Secure
     module Extensions
@@ -25,7 +28,10 @@ module Vidibus
         def valid_request?(secret, options = {})
           method = options.delete(:method) || request.method
           uri = options.delete(:uri) || request.protocol + request.host_with_port + request.fullpath
-          params = options.delete(:params) || request.params.except(:action, "action", :controller, "controller", :id, "id")
+          params = options.delete(:params) || begin
+            query = URI.parse(uri).query
+            query ? Rack::Utils.parse_query(query) : {}
+          end
           Vidibus::Secure.verify_request(method, uri, params, secret)
         end
       end

data/spec/vidibus/secure/extensions/controller_spec.rb

@@ -34,9 +34,9 @@ describe "Vidibus::Secure::Extensions::Controller" do
       controller.valid_request?(secret, :uri => "something", :params => {})
     end
 
-    it "should use request.params if no :params are provided" do
-      mock(controller.request).params {{}}
-      controller.valid_request?(secret, :uri => "something", :method => "get")
+    it "should extract params from request uri unless params are provided" do
+      mock(Rack::Utils).parse_query("with=params").twice {{}}
+      controller.valid_request?(secret, :uri => "something/?with=params", :method => "get")
     end
 
     it "should use given params" do
@@ -45,23 +45,13 @@ describe "Vidibus::Secure::Extensions::Controller" do
     end
 
     it "should return true for valid requests" do
-      Vidibus::Secure.sign_request(:get, "http://vidibus.org/", controller.request.params, secret)
-      controller.valid_request?(secret).should be_true
-    end
-
-    it "should omit :action, :controller, and :id from request.params" do
-      Vidibus::Secure.sign_request(:get, "http://vidibus.org/", controller.request.params, secret)
-      controller.request.params.merge(:action => "index", :controller => "application", :id => nil)
-      controller.valid_request?(secret).should be_true
-    end
-
-    it "should omit 'action', 'controller', and 'id' from request.params" do
-      Vidibus::Secure.sign_request(:get, "http://vidibus.org/", controller.request.params, secret)
-      controller.request.params.merge("action" => "index", "controller" => "application", "id" => nil)
+      params = {}
+      Vidibus::Secure.sign_request(:get, "http://vidibus.org/", params, secret)
+      controller.request.fullpath = "?sign=#{params[:sign]}"
       controller.valid_request?(secret).should be_true
     end
 
-    it "should keep :action, :controller, and :id in custom params" do
+    it "should use given custom params" do
       params = { :action => "index", :controller => "application", :id => "12" }
       Vidibus::Secure.sign_request(:get, "http://vidibus.org/", params, secret)
       controller.valid_request?(secret, :params => params).should be_true

data/vidibus-secure.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{vidibus-secure}
-  s.version = "0.0.1"
+  s.version = "0.0.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Andre Pankratz"]
-  s.date = %q{2010-09-23}
+  s.date = %q{2010-09-29}
   s.description = %q{Description...}
   s.email = %q{andre@vidibus.com}
   s.extra_rdoc_files = [

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: vidibus-secure
 version: !ruby/object:Gem::Version 
-  hash: 29
+  hash: 27
   prerelease: false
   segments: 
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors: 
 - Andre Pankratz
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-23 00:00:00 +02:00
+date: 2010-09-29 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency