web-console 2.2.0 → 2.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: bde2832a1ef7a0ace010d61011afb4c74a116a93
4
- data.tar.gz: c0e5de96dab453f1a3e233d969bf5ada72ba848a
3
+ metadata.gz: c224d95365158b5d6c2c74a723e0f980d6ec2cc1
4
+ data.tar.gz: 96c1809b1e11969901c710bd3d6f316bbc1221c5
5
5
  SHA512:
6
- metadata.gz: eb74d0994835ccc223df24cb3a5ee1e034ca2456580f99962724864994438f04a14c67aa05f9425263f1c36773623969abdc7bca5a2b255535e90449b6394ac3
7
- data.tar.gz: 31f90bb5c32ed53a95f43cb1a0f25cf89765847c92010255a9df5c0235423203711be37e09eda9af4f435616772d247502b682a2ef367f5409cbbbcc23cca963
6
+ metadata.gz: 43fb7f5387311dde55c6464a64ff9f9498486b7afc35f7c0254c851ce77027d288b190cfdd73c56bfebf7987e87d3f33315f7c626fef97b4da044892dbf135c5
7
+ data.tar.gz: 51395dfa02548a44395e5bffa801d3c28a4e95b556fa1982ba7045d279871e1c98de4e0bf1fd1b6a5273348ac5ad3c405bde530ffa394d6becab9ea39cf24bc3
data/CHANGELOG.markdown CHANGED
@@ -2,15 +2,20 @@
2
2
 
3
3
  ## master (unreleased)
4
4
 
5
+ ## 2.2.1
6
+
7
+ * [#150](https://github.com/rails/web-console/pull/150) Change config.development_only default until 4.2.4 is released.
8
+
5
9
  ## 2.2.0
6
10
 
7
11
  * [#140](https://github.com/rails/web-console/pull/140) Add the ability to close the console on each page ([@sh19910711])
8
12
  * [#135](https://github.com/rails/web-console/pull/135) Run the console only in development mode and raise warning in tests ([@frenesim])
13
+ * [#134](https://github.com/rails/web-conscle/pull/134) Force development only web console by default ([@gsamokovarov])
14
+ * [#123](https://github.com/rails/web-console/pull/123) Replace deprecated `alias_method_chain` with `alias_method` ([@jonatack])
9
15
 
10
16
  ## 2.1.3
11
17
 
12
18
  * Fix remote code execution vulnerability in Web Console. CVE-2015-3224.
13
- * [#123](https://github.com/rails/web-console/pull/123) Replace deprecated `alias_method_chain` with `alias_method` ([@jonatack])
14
19
 
15
20
  ## 2.1.2
16
21
 
@@ -16,6 +16,8 @@ module WebConsole
16
16
  this request hit doesn't store %{id} in memory.
17
17
  END
18
18
 
19
+ UNACCEPTABLE_REQUEST_MESSAGE = "A supported version is expected in the Accept header."
20
+
19
21
  cattr_accessor :whiny_requests
20
22
  @@whiny_requests = true
21
23
 
@@ -29,9 +31,9 @@ module WebConsole
29
31
  return @app.call(env) unless request.from_whitelited_ip?
30
32
 
31
33
  if id = id_for_repl_session_update(request)
32
- return update_repl_session(id, request.params)
34
+ return update_repl_session(id, request)
33
35
  elsif id = id_for_repl_session_stack_frame_change(request)
34
- return change_stack_trace(id, request.params)
36
+ return change_stack_trace(id, request)
35
37
  end
36
38
 
37
39
  status, headers, body = @app.call(env)
@@ -43,6 +45,7 @@ module WebConsole
43
45
  end
44
46
 
45
47
  if session && request.acceptable_content_type?
48
+ headers["X-Web-Console-Session-Id"] = session.id
46
49
  response = Rack::Response.new(body, status, headers)
47
50
  template = Template.new(env, session)
48
51
 
@@ -55,6 +58,28 @@ module WebConsole
55
58
 
56
59
  private
57
60
 
61
+ def json_response(opts = {})
62
+ status = opts.fetch(:status, 200)
63
+ headers = { 'Content-Type' => 'application/json; charset = utf-8' }
64
+ body = yield.to_json
65
+
66
+ Rack::Response.new(body, status, headers).finish
67
+ end
68
+
69
+ def json_response_with_session(id, request, opts = {})
70
+ json_response(opts) do
71
+ unless request.acceptable?
72
+ return respond_with_unacceptable_request
73
+ end
74
+
75
+ unless session = Session.find(id)
76
+ return respond_with_unavailable_session(id)
77
+ end
78
+
79
+ yield session
80
+ end
81
+ end
82
+
58
83
  def create_regular_or_whiny_request(env)
59
84
  request = Request.new(env)
60
85
  whiny_requests ? WhinyRequest.new(request) : request
@@ -80,38 +105,30 @@ module WebConsole
80
105
  end
81
106
  end
82
107
 
83
- def update_repl_session(id, params)
84
- unless session = Session.find(id)
85
- return respond_with_unavailable_session(id)
108
+ def update_repl_session(id, request)
109
+ json_response_with_session(id, request) do |session|
110
+ { output: session.eval(request.params[:input]) }
86
111
  end
87
-
88
- status = 200
89
- headers = { 'Content-Type' => 'application/json; charset = utf-8' }
90
- body = { output: session.eval(params[:input]) }.to_json
91
-
92
- Rack::Response.new(body, status, headers).finish
93
112
  end
94
113
 
95
- def change_stack_trace(id, params)
96
- unless session = Session.find(id)
97
- return respond_with_unavailable_session(id)
98
- end
99
-
100
- session.switch_binding_to(params[:frame_id])
114
+ def change_stack_trace(id, request)
115
+ json_response_with_session(id, request) do |session|
116
+ session.switch_binding_to(request.params[:frame_id])
101
117
 
102
- status = 200
103
- headers = { 'Content-Type' => 'application/json; charset = utf-8' }
104
- body = { ok: true }.to_json
105
-
106
- Rack::Response.new(body, status, headers).finish
118
+ { ok: true }
119
+ end
107
120
  end
108
121
 
109
122
  def respond_with_unavailable_session(id)
110
- status = 404
111
- headers = { 'Content-Type' => 'application/json; charset = utf-8' }
112
- body = { output: format(UNAVAILABLE_SESSION_MESSAGE, id: id)}.to_json
123
+ json_response(status: 404) do
124
+ { output: format(UNAVAILABLE_SESSION_MESSAGE, id: id)}
125
+ end
126
+ end
113
127
 
114
- Rack::Response.new(body, status, headers).finish
128
+ def respond_with_unacceptable_request
129
+ json_response(status: 406) do
130
+ { error: UNACCEPTABLE_REQUEST_MESSAGE }
131
+ end
115
132
  end
116
133
  end
117
134
  end
@@ -5,6 +5,10 @@ module WebConsole
5
5
  config.web_console = ActiveSupport::OrderedOptions.new
6
6
  config.web_console.whitelisted_ips = %w( 127.0.0.1 ::1 )
7
7
 
8
+ # See rails/web-console#150 and rails/rails#20319. Revert when Ruby on
9
+ # Rails 4.2.4 is released.
10
+ config.web_console.development_only = false
11
+
8
12
  initializer 'web_console.initialize' do
9
13
  require 'web_console/extensions'
10
14
 
@@ -10,6 +10,9 @@ module WebConsole
10
10
  cattr_accessor :whitelisted_ips
11
11
  @@whitelisted_ips = Whitelist.new
12
12
 
13
+ # Define a vendor MIME type. We can call it using Mime::WEB_CONSOLE_V2 constant.
14
+ Mime::Type.register 'application/vnd.web-console.v2', :web_console_v2
15
+
13
16
  # Returns whether a request came from a whitelisted IP.
14
17
  #
15
18
  # For a request to hit Web Console features, it needs to come from a white
@@ -32,6 +35,11 @@ module WebConsole
32
35
  content_type.blank? || content_type.in?(acceptable_content_types)
33
36
  end
34
37
 
38
+ # Returns whether the request is acceptable.
39
+ def acceptable?
40
+ xhr? && accepts.any? { |mime| Mime::WEB_CONSOLE_V2 == mime }
41
+ end
42
+
35
43
  class GetSecureIp < ActionDispatch::RemoteIp::GetIp
36
44
  def initialize(env, proxies)
37
45
  @env = env
@@ -476,6 +476,7 @@ function request(method, url, params, callback) {
476
476
  xhr.open(method, url, true);
477
477
  xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
478
478
  xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
479
+ xhr.setRequestHeader("Accept", "<%= Mime::WEB_CONSOLE_V2 %>");
479
480
  xhr.send(params);
480
481
 
481
482
  xhr.onreadystatechange = function() {
@@ -1,3 +1,3 @@
1
1
  module WebConsole
2
- VERSION = '2.2.0'
2
+ VERSION = '2.2.1'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: web-console
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.0
4
+ version: 2.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Charlie Somerville