From be5c7e4ed4da07ba5a210a8596bdf75c9b5d8c4a Mon Sep 17 00:00:00 2001
From: Gabi <gabrielafijalkowska@gmail.com>
Date: Wed, 19 Jun 2019 13:06:52 +0200
Subject: [PATCH 1/3] Fix issue with security in v3

---
 .../filestack_rails/application_helper.rb     | 37 ++++++++++++++-----
 spec/helpers/application_helper_spec.rb       |  7 ++--
 2 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/app/helpers/filestack_rails/application_helper.rb b/app/helpers/filestack_rails/application_helper.rb
index afcca85..8f14bb9 100644
--- a/app/helpers/filestack_rails/application_helper.rb
+++ b/app/helpers/filestack_rails/application_helper.rb
@@ -1,3 +1,4 @@
+require 'json'
 include FilestackRails::Transform
 include FilestackRails::Version
 
@@ -48,20 +49,29 @@ def cname
     end
 
     def create_javascript_for_picker(callback, options)
-      client_name, = get_client_and_api_key
+      client_name, _api_key = get_client_and_api_key
       json_string = if options.nil?
                       ''
                     else
                       options.to_json
                     end
-      v2 = -> { "(function(){
-        #{client_name}.pick(#{json_string}).then(function(data){#{callback}(data)})
-      })()" }
+      v2 = -> do
+        <<~HTML
+          (function(){
+            #{client_name}.pick(#{json_string}).then(function(data){#{callback}(data)})
+          })()
+        HTML
+      end
+
+      v3 = -> do
+        json_string = json_string[1..-2] # removed curly brackets help to generate pickerOptions in js
 
-      v3 = -> { json_string = "#{json_string}".slice!(1, json_string.length-2) # removed curly brackets help to generate pickerOptions in js
-                "(function(){
-                  #{client_name}.picker({#{json_string}, onUploadDone: data => #{callback}(data)}).open()
-                })()" }
+        <<~HTML
+          (function(){
+            #{client_name}.picker({ onUploadDone: data => #{callback}(data), #{json_string} }).open()
+          })()
+        HTML
+      end
       get_filestack_js_result(v2: v2, v3: v3)
     end
 
@@ -84,8 +94,15 @@ def get_policy_and_signature
 
     def get_policy_and_signature_string
       signature, policy = get_policy_and_signature
-      return "{'signature': '#{signature}', 'policy': '#{policy}'}" if policy && signature
-      return "''"
+
+      if policy && signature
+        signature_and_policy = { signature: signature, policy: policy }
+        v2 = -> { signature_and_policy.to_json }
+        v3 = -> { { security: signature_and_policy }.to_json }
+        get_filestack_js_result(v2: v2, v3: v3)
+      else
+        "''"
+      end
     end
   end
 end
diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb
index 236e9ec..1e1b810 100644
--- a/spec/helpers/application_helper_spec.rb
+++ b/spec/helpers/application_helper_spec.rb
@@ -29,10 +29,11 @@
 
   describe "#filestack_picker_element" do
     it "has the right picker element" do
-      html_string = filestack_picker_element "hello!", "console.log('hello!')"
+      html_string = filestack_picker_element("hello!", "console.log('hello!')").gsub(/\s+/, ' ')
       correct_string = '<button name="button" type="button" onclick="(function(){
-                  rich_client.picker({, onUploadDone: data =&gt; console.log(&#39;hello!&#39;)(data)}).open()
-                })()">hello!</button>'
+                          rich_client.picker({ onUploadDone: data =&gt; console.log(&#39;hello!&#39;)(data), }).open()
+                        })() ">hello!</button>'.gsub(/\s+/, ' ')
+
       expect(html_string).to eq(correct_string)
     end
   end

From 87a3e7c131fb62a21eb429e136dc860d6f4278fc Mon Sep 17 00:00:00 2001
From: Gabi <gabrielafijalkowska@gmail.com>
Date: Wed, 19 Jun 2019 13:09:14 +0200
Subject: [PATCH 2/3] Fix wrong Github Issue url

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6342781..3ab16ff 100644
--- a/README.md
+++ b/README.md
@@ -213,4 +213,4 @@ Filestack::Rails follows the [Semantic Versioning](http://semver.org/).
 
 ## Issues
 
-If you have problems, please create a [Github Issue](https://github.com/filepicker/filestack-rails/issues).
+If you have problems, please create a [Github Issue](https://github.com/filestack/filestack-rails/issues).

From 536c2056acef54af44134ec8e03c4b5e50baabe9 Mon Sep 17 00:00:00 2001
From: Gabi <gabrielafijalkowska@gmail.com>
Date: Wed, 19 Jun 2019 13:40:28 +0200
Subject: [PATCH 3/3] Add rspecs

---
 spec/helpers/application_helper_spec.rb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb
index 1e1b810..1bd11aa 100644
--- a/spec/helpers/application_helper_spec.rb
+++ b/spec/helpers/application_helper_spec.rb
@@ -45,4 +45,19 @@
       expect(image).to eq(correct)
     end
   end
+
+  describe "#get_policy_and_signature_string" do
+    it "returns correct data" do
+      allow_any_instance_of(FilestackRails::ApplicationHelper).to receive(:get_policy_and_signature)
+        .and_return(["21312SDFSDF", "4234DSFSDFDSF"])
+
+      expect(get_policy_and_signature_string).to eq(
+        "{\"security\":{\"signature\":\"21312SDFSDF\",\"policy\":\"4234DSFSDFDSF\"}}"
+      )
+    end
+
+    it "returns empty data" do
+      expect(get_policy_and_signature_string).to eq("''")
+    end
+  end
 end