web-console 2.2.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: bde2832a1ef7a0ace010d61011afb4c74a116a93
4
- data.tar.gz: c0e5de96dab453f1a3e233d969bf5ada72ba848a
3
+ metadata.gz: c224d95365158b5d6c2c74a723e0f980d6ec2cc1
4
+ data.tar.gz: 96c1809b1e11969901c710bd3d6f316bbc1221c5
5
5
  SHA512:
6
- metadata.gz: eb74d0994835ccc223df24cb3a5ee1e034ca2456580f99962724864994438f04a14c67aa05f9425263f1c36773623969abdc7bca5a2b255535e90449b6394ac3
7
- data.tar.gz: 31f90bb5c32ed53a95f43cb1a0f25cf89765847c92010255a9df5c0235423203711be37e09eda9af4f435616772d247502b682a2ef367f5409cbbbcc23cca963
6
+ metadata.gz: 43fb7f5387311dde55c6464a64ff9f9498486b7afc35f7c0254c851ce77027d288b190cfdd73c56bfebf7987e87d3f33315f7c626fef97b4da044892dbf135c5
7
+ data.tar.gz: 51395dfa02548a44395e5bffa801d3c28a4e95b556fa1982ba7045d279871e1c98de4e0bf1fd1b6a5273348ac5ad3c405bde530ffa394d6becab9ea39cf24bc3
data/CHANGELOG.markdown CHANGED
@@ -2,15 +2,20 @@
2
2
 
3
3
  ## master (unreleased)
4
4
 
5
+ ## 2.2.1
6
+
7
+ * [#150](https://github.com/rails/web-console/pull/150) Change config.development_only default until 4.2.4 is released.
8
+
5
9
  ## 2.2.0
6
10
 
7
11
  * [#140](https://github.com/rails/web-console/pull/140) Add the ability to close the console on each page ([@sh19910711])
8
12
  * [#135](https://github.com/rails/web-console/pull/135) Run the console only in development mode and raise warning in tests ([@frenesim])
13
+ * [#134](https://github.com/rails/web-conscle/pull/134) Force development only web console by default ([@gsamokovarov])
14
+ * [#123](https://github.com/rails/web-console/pull/123) Replace deprecated `alias_method_chain` with `alias_method` ([@jonatack])
9
15
 
10
16
  ## 2.1.3
11
17
 
12
18
  * Fix remote code execution vulnerability in Web Console. CVE-2015-3224.
13
- * [#123](https://github.com/rails/web-console/pull/123) Replace deprecated `alias_method_chain` with `alias_method` ([@jonatack])
14
19
 
15
20
  ## 2.1.2
16
21
 
@@ -16,6 +16,8 @@ module WebConsole
16
16
  this request hit doesn't store %{id} in memory.
17
17
  END
18
18
 
19
+ UNACCEPTABLE_REQUEST_MESSAGE = "A supported version is expected in the Accept header."
20
+
19
21
  cattr_accessor :whiny_requests
20
22
  @@whiny_requests = true
21
23
 
@@ -29,9 +31,9 @@ module WebConsole
29
31
  return @app.call(env) unless request.from_whitelited_ip?
30
32
 
31
33
  if id = id_for_repl_session_update(request)
32
- return update_repl_session(id, request.params)
34
+ return update_repl_session(id, request)
33
35
  elsif id = id_for_repl_session_stack_frame_change(request)
34
- return change_stack_trace(id, request.params)
36
+ return change_stack_trace(id, request)
35
37
  end
36
38
 
37
39
  status, headers, body = @app.call(env)
@@ -43,6 +45,7 @@ module WebConsole
43
45
  end
44
46
 
45
47
  if session && request.acceptable_content_type?
48
+ headers["X-Web-Console-Session-Id"] = session.id
46
49
  response = Rack::Response.new(body, status, headers)
47
50
  template = Template.new(env, session)
48
51
 
@@ -55,6 +58,28 @@ module WebConsole
55
58
 
56
59
  private
57
60
 
61
+ def json_response(opts = {})
62
+ status = opts.fetch(:status, 200)
63
+ headers = { 'Content-Type' => 'application/json; charset = utf-8' }
64
+ body = yield.to_json
65
+
66
+ Rack::Response.new(body, status, headers).finish
67
+ end
68
+
69
+ def json_response_with_session(id, request, opts = {})
70
+ json_response(opts) do
71
+ unless request.acceptable?
72
+ return respond_with_unacceptable_request
73
+ end
74
+
75
+ unless session = Session.find(id)
76
+ return respond_with_unavailable_session(id)
77
+ end
78
+
79
+ yield session
80
+ end
81
+ end
82
+
58
83
  def create_regular_or_whiny_request(env)
59
84
  request = Request.new(env)
60
85
  whiny_requests ? WhinyRequest.new(request) : request
@@ -80,38 +105,30 @@ module WebConsole
80
105
  end
81
106
  end
82
107
 
83
- def update_repl_session(id, params)
84
- unless session = Session.find(id)
85
- return respond_with_unavailable_session(id)
108
+ def update_repl_session(id, request)
109
+ json_response_with_session(id, request) do |session|
110
+ { output: session.eval(request.params[:input]) }
86
111
  end
87
-
88
- status = 200
89
- headers = { 'Content-Type' => 'application/json; charset = utf-8' }
90
- body = { output: session.eval(params[:input]) }.to_json
91
-
92
- Rack::Response.new(body, status, headers).finish
93
112
  end
94
113
 
95
- def change_stack_trace(id, params)
96
- unless session = Session.find(id)
97
- return respond_with_unavailable_session(id)
98
- end
99
-
100
- session.switch_binding_to(params[:frame_id])
114
+ def change_stack_trace(id, request)
115
+ json_response_with_session(id, request) do |session|
116
+ session.switch_binding_to(request.params[:frame_id])
101
117
 
102
- status = 200
103
- headers = { 'Content-Type' => 'application/json; charset = utf-8' }
104
- body = { ok: true }.to_json
105
-
106
- Rack::Response.new(body, status, headers).finish
118
+ { ok: true }
119
+ end
107
120
  end
108
121
 
109
122
  def respond_with_unavailable_session(id)
110
- status = 404
111
- headers = { 'Content-Type' => 'application/json; charset = utf-8' }
112
- body = { output: format(UNAVAILABLE_SESSION_MESSAGE, id: id)}.to_json
123
+ json_response(status: 404) do
124
+ { output: format(UNAVAILABLE_SESSION_MESSAGE, id: id)}
125
+ end
126
+ end
113
127
 
114
- Rack::Response.new(body, status, headers).finish
128
+ def respond_with_unacceptable_request
129
+ json_response(status: 406) do
130
+ { error: UNACCEPTABLE_REQUEST_MESSAGE }
131
+ end
115
132
  end
116
133
  end
117
134
  end
@@ -5,6 +5,10 @@ module WebConsole
5
5
  config.web_console = ActiveSupport::OrderedOptions.new
6
6
  config.web_console.whitelisted_ips = %w( 127.0.0.1 ::1 )
7
7
 
8
+ # See rails/web-console#150 and rails/rails#20319. Revert when Ruby on
9
+ # Rails 4.2.4 is released.
10
+ config.web_console.development_only = false
11
+
8
12
  initializer 'web_console.initialize' do
9
13
  require 'web_console/extensions'
10
14
 
@@ -10,6 +10,9 @@ module WebConsole
10
10
  cattr_accessor :whitelisted_ips
11
11
  @@whitelisted_ips = Whitelist.new
12
12
 
13
+ # Define a vendor MIME type. We can call it using Mime::WEB_CONSOLE_V2 constant.
14
+ Mime::Type.register 'application/vnd.web-console.v2', :web_console_v2
15
+
13
16
  # Returns whether a request came from a whitelisted IP.
14
17
  #
15
18
  # For a request to hit Web Console features, it needs to come from a white
@@ -32,6 +35,11 @@ module WebConsole
32
35
  content_type.blank? || content_type.in?(acceptable_content_types)
33
36
  end
34
37
 
38
+ # Returns whether the request is acceptable.
39
+ def acceptable?
40
+ xhr? && accepts.any? { |mime| Mime::WEB_CONSOLE_V2 == mime }
41
+ end
42
+
35
43
  class GetSecureIp < ActionDispatch::RemoteIp::GetIp
36
44
  def initialize(env, proxies)
37
45
  @env = env
@@ -476,6 +476,7 @@ function request(method, url, params, callback) {
476
476
  xhr.open(method, url, true);
477
477
  xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
478
478
  xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
479
+ xhr.setRequestHeader("Accept", "<%= Mime::WEB_CONSOLE_V2 %>");
479
480
  xhr.send(params);
480
481
 
481
482
  xhr.onreadystatechange = function() {
@@ -1,3 +1,3 @@
1
1
  module WebConsole
2
- VERSION = '2.2.0'
2
+ VERSION = '2.2.1'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: web-console
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.0
4
+ version: 2.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Charlie Somerville