workarea-storefront 3.4.19 → 3.4.20

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 737c47ef892d92d5bb0c542400e303b17e350978b2997659d6b0071556af4339
4
- data.tar.gz: b9a792e00a90516e303d3afcfe9d23931f640cef611863407f3d2ce833f23934
3
+ metadata.gz: fd0377b28b5104980ddcfaab6b94d6f354f186359755f3b1cf661499b7414e30
4
+ data.tar.gz: 95b5d487a08e783f7ea2d74e4363486ae2ed03f1f1abf2d45ede73324dfbac61
5
5
  SHA512:
6
- metadata.gz: 763020f58a0312ca1373a338613f24784f928b33992843a9b5f1819a692b09324050878d83ba6a84dfc106edc27b1c88e7d561c1d7cf702005ed133b2fd0fb81
7
- data.tar.gz: 24fa35b4e389fd0fab988b79431ceef21a3b3f0df33787eeecfc2fcd72b4465e9d73266cab3912856b22976a4049899ae44037b905f3dd1d209b68367ab7bcab
6
+ metadata.gz: 5794e7f6adfa4034fc3920131006a87f8d5e8150fd3a92f8565cab7fc6dd795463d5a0c342a96684c1b1bfab7af6442fc83b29212445992c7c50206160bd44ee
7
+ data.tar.gz: 5d882991a8bff9efbd5ee7064d79bf20350c5b1728c93889f85805c918d2b0a833389f6b26e6ec3bd294456a04ec05a64faf45dff4a248b810713a96c5784d20
@@ -2,6 +2,7 @@ module Workarea
2
2
  class Storefront::Users::LoginsController < Storefront::ApplicationController
3
3
  before_action :ensure_not_locked, only: :create
4
4
  skip_before_action :require_password_changes, only: :destroy
5
+ skip_before_action :verify_authenticity_token, only: :destroy
5
6
 
6
7
  def new
7
8
  @user = User.new
@@ -152,6 +152,23 @@ module Workarea
152
152
  results = JSON.parse(response.body)
153
153
  assert_equal(0, results['cart_quantity'])
154
154
  end
155
+
156
+ def test_it_doesnt_care_about_csrf_for_logout
157
+ current_forgery_protection = ActionController::Base.allow_forgery_protection
158
+
159
+ post storefront.login_path,
160
+ params: {
161
+ email: 'existing-account@workarea.com',
162
+ password: 'W3bl1nc!'
163
+ }
164
+
165
+ ActionController::Base.allow_forgery_protection = true
166
+ delete storefront.logout_path
167
+ assert(response.headers['Set-Cookie'].present?)
168
+
169
+ ensure
170
+ ActionController::Base.allow_forgery_protection = current_forgery_protection
171
+ end
155
172
  end
156
173
  end
157
174
  end
@@ -74,21 +74,6 @@ module Workarea
74
74
  end
75
75
  assert(page.has_no_content?('New Taxon'))
76
76
  end
77
-
78
- private
79
-
80
- # There is some kind of timing problem around waiting for this iframe that
81
- # after a few hours we still can't find. This is a hack to keep this
82
- # passing.
83
- #
84
- # May God have mercy on our souls.
85
- #
86
- # TODO v3.6
87
- # Remove this after we stop using an iframe for the admin toolbar
88
- #
89
- def wait_for_iframe
90
- sleep(0.5)
91
- end
92
77
  end
93
78
  end
94
79
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: workarea-storefront
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.4.19
4
+ version: 3.4.20
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ben Crouse
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-10-16 00:00:00.000000000 Z
11
+ date: 2019-10-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: workarea-core
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 3.4.19
19
+ version: 3.4.20
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 3.4.19
26
+ version: 3.4.20
27
27
  description: Provides user-facing ecommerce storefront functionality for the Workarea
28
28
  Commerce Platform.
29
29
  email: