Permalink
Browse files

Updated rails

  • Loading branch information...
1 parent 30fdeeb commit ecc430b2d1bc21c129b3a69179a38601e4e570ed @maccman committed Mar 19, 2009
Showing 589 changed files with 29,921 additions and 12,406 deletions.
@@ -3,14 +3,9 @@
class ApplicationController < ActionController::Base
helper :all # include all helpers, all the time
-
- # See ActionController::RequestForgeryProtection for details
- # Uncomment the :secret if you're not using the cookie session store
- protect_from_forgery # :secret => 'bc11bd14c7337ac474db42c2b08fc7e3'
+ protect_from_forgery # See ActionController::RequestForgeryProtection for details
- # See ActionController::Base for details
- # Uncomment this to filter the contents of submitted sensitive data parameters
- # from your application log (in this case, all fields with names like "password").
+ # Scrub sensitive parameters from your log
filter_parameter_logging :password, :password_confirmation, :card
include HoptoadNotifier::Catcher if defined?(HoptoadNotifier)
View
@@ -5,7 +5,7 @@
# ENV['RAILS_ENV'] ||= 'production'
# Specifies gem version of Rails to use when vendor/rails is not present
-RAILS_GEM_VERSION = '2.2.2' unless defined? RAILS_GEM_VERSION
+RAILS_GEM_VERSION = '2.3.2' unless defined? RAILS_GEM_VERSION
# Bootstrap the Rails environment, frameworks, and default configuration
require File.join(File.dirname(__FILE__), 'boot')
@@ -53,20 +53,6 @@
# config.i18n.load_path << Dir[File.join(RAILS_ROOT, 'my', 'locales', '*.{rb,yml}')]
# config.i18n.default_locale = :de
- # Your secret key for verifying cookie session data integrity.
- # If you change this key, all old sessions will become invalid!
- # Make sure the secret is at least 30 characters and all random,
- # no regular words or you'll be exposed to dictionary attacks.
- config.action_controller.session = {
- :session_key => '_saas_session',
- :secret => 'e9d74e30b51cd25b31620d23093c1ff9cbc4d5a12fabe170e46d732336077fb7a3b005081820ac89178423c5bc058e8559eb0476a9367cff78c05d420f3aa360'
- }
-
- # Use the database for sessions instead of the cookie-based default,
- # which shouldn't be used to store highly confidential information
- # (create the session table with "rake db:sessions:create")
- # config.action_controller.session_store = :active_record_store
-
# Use SQL instead of Active Record's schema dumper when creating the test database.
# This is necessary if your schema can't be completely dumped by the schema dumper,
# like if you have constraints or database-specific column types
@@ -0,0 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying cookie session data integrity.
+# If you change this key, all old sessions will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+ActionController::Base.session = {
+ :key => '_saasy_session',
+ :secret => '9d1cb4c1a56c842cf1af7875a0fc5d2959ee66a3d9c9d1ad03a4a0b6175364d81097bb994b31f18de97ee250aace29011dd700ae9bb0a91a07b73928be4dcc5e'
+}
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# ActionController::Base.session_store = :active_record_store
@@ -214,5 +214,18 @@ You can support it in your app by changing #open_id_authentication
{ :login => 'nickname', :email => 'email', :display_name => 'fullname' }
end
+Attribute Exchange OpenID Extension
+===================================
+
+Some OpenID providers also support the OpenID AX (attribute exchange) protocol for exchanging identity information between endpoints. See more: http://openid.net/specs/openid-attribute-exchange-1_0.html
+
+Accessing AX data is very similar to the Simple Registration process, described above -- just add the URI identifier for the AX field to your :optional or :required parameters. For example:
+
+ authenticate_with_open_id(identity_url,
+ :required => [ :email, 'http://schema.openid.net/birthDate' ]) do |result, identity_url, registration|
+
+This would provide the sreg data for :email, and the AX data for 'http://schema.openid.net/birthDate'
+
+
Copyright (c) 2007 David Heinemeier Hansson, released under the MIT license
@@ -13,5 +13,6 @@
end
config.to_prepare do
+ OpenID::Util.logger = Rails.logger
ActionController::Base.send :include, OpenIdAuthentication
end
@@ -1,7 +1,10 @@
require 'uri'
require 'openid/extensions/sreg'
+require 'openid/extensions/ax'
require 'openid/store/filesystem'
+require File.dirname(__FILE__) + '/open_id_authentication/association'
+require File.dirname(__FILE__) + '/open_id_authentication/nonce'
require File.dirname(__FILE__) + '/open_id_authentication/db_store'
require File.dirname(__FILE__) + '/open_id_authentication/mem_cache_store'
require File.dirname(__FILE__) + '/open_id_authentication/request'
@@ -70,20 +73,49 @@ def message
end
end
+ # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
+ def self.normalize_identifier(identifier)
+ # clean up whitespace
+ identifier = identifier.to_s.strip
+
+ # if an XRI has a prefix, strip it.
+ identifier.gsub!(/xri:\/\//i, '')
+
+ # dodge XRIs -- TODO: validate, don't just skip.
+ unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
+ # does it begin with http? if not, add it.
+ identifier = "http://#{identifier}" unless identifier =~ /^http/i
+
+ # strip any fragments
+ identifier.gsub!(/\#(.*)$/, '')
+
+ begin
+ uri = URI.parse(identifier)
+ uri.scheme = uri.scheme.downcase # URI should do this
+ identifier = uri.normalize.to_s
+ rescue URI::InvalidURIError
+ raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
+ end
+ end
+
+ return identifier
+ end
+
+ # deprecated for OpenID 2.0, where not all OpenIDs are URLs
def self.normalize_url(url)
- uri = URI.parse(url.to_s.strip)
- uri = URI.parse("http://#{uri}") unless uri.scheme
- uri.scheme = uri.scheme.downcase # URI should do this
- uri.normalize.to_s
- rescue URI::InvalidURIError
- raise InvalidOpenId.new("#{url} is not an OpenID URL")
+ ActiveSupport::Deprecation.warn "normalize_url has been deprecated, use normalize_identifier instead"
+ self.normalize_identifier(url)
end
protected
def normalize_url(url)
OpenIdAuthentication.normalize_url(url)
end
+ def normalize_identifier(url)
+ OpenIdAuthentication.normalize_identifier(url)
+ end
+
# The parameter name of "openid_identifier" is used rather than the Rails convention "open_id_identifier"
# because that's what the specification dictates in order to get browser auto-complete working across sites
def using_open_id?(identity_url = nil) #:doc:
@@ -103,12 +135,16 @@ def authenticate_with_open_id(identity_url = nil, options = {}, &block) #:doc:
private
def begin_open_id_authentication(identity_url, options = {})
- identity_url = normalize_url(identity_url)
+ identity_url = normalize_identifier(identity_url)
return_to = options.delete(:return_to)
method = options.delete(:method)
+
+ options[:required] ||= [] # reduces validation later
+ options[:optional] ||= []
open_id_request = open_id_consumer.begin(identity_url)
add_simple_registration_fields(open_id_request, options)
+ add_ax_fields(open_id_request, options)
redirect_to(open_id_redirect_url(open_id_request, return_to, method))
rescue OpenIdAuthentication::InvalidOpenId => e
yield Result[:invalid], identity_url, nil
@@ -121,11 +157,20 @@ def complete_open_id_authentication
params_with_path = params.reject { |key, value| request.path_parameters[key] }
params_with_path.delete(:format)
open_id_response = timeout_protection_from_identity_server { open_id_consumer.complete(params_with_path, requested_url) }
- identity_url = normalize_url(open_id_response.display_identifier) if open_id_response.display_identifier
+ identity_url = normalize_identifier(open_id_response.display_identifier) if open_id_response.display_identifier
case open_id_response.status
when OpenID::Consumer::SUCCESS
- yield Result[:successful], identity_url, OpenID::SReg::Response.from_success_response(open_id_response)
+ profile_data = {}
+
+ # merge the SReg data and the AX data into a single hash of profile data
+ [ OpenID::SReg::Response, OpenID::AX::FetchResponse ].each do |data_response|
+ if data_response.from_success_response( open_id_response )
+ profile_data.merge! data_response.from_success_response( open_id_response ).data
+ end
+ end
+
+ yield Result[:successful], identity_url, profile_data
when OpenID::Consumer::CANCEL
yield Result[:canceled], identity_url, nil
when OpenID::Consumer::FAILURE
@@ -141,29 +186,45 @@ def open_id_consumer
def add_simple_registration_fields(open_id_request, fields)
sreg_request = OpenID::SReg::Request.new
- sreg_request.request_fields(Array(fields[:required]).map(&:to_s), true) if fields[:required]
- sreg_request.request_fields(Array(fields[:optional]).map(&:to_s), false) if fields[:optional]
+
+ # filter out AX identifiers (URIs)
+ required_fields = fields[:required].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact
+ optional_fields = fields[:optional].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact
+
+ sreg_request.request_fields(required_fields, true) unless required_fields.blank?
+ sreg_request.request_fields(optional_fields, false) unless optional_fields.blank?
sreg_request.policy_url = fields[:policy_url] if fields[:policy_url]
open_id_request.add_extension(sreg_request)
end
+
+ def add_ax_fields( open_id_request, fields )
+ ax_request = OpenID::AX::FetchRequest.new
+
+ # look through the :required and :optional fields for URIs (AX identifiers)
+ fields[:required].each do |f|
+ next unless f =~ /^https?:\/\//
+ ax_request.add( OpenID::AX::AttrInfo.new( f, nil, true ) )
+ end
+ fields[:optional].each do |f|
+ next unless f =~ /^https?:\/\//
+ ax_request.add( OpenID::AX::AttrInfo.new( f, nil, false ) )
+ end
+
+ open_id_request.add_extension( ax_request )
+ end
+
def open_id_redirect_url(open_id_request, return_to = nil, method = nil)
open_id_request.return_to_args['_method'] = (method || request.method).to_s
open_id_request.return_to_args['open_id_complete'] = '1'
- if (method || request.method).to_s != 'get'
- begin
- open_id_request.return_to_args[request_forgery_protection_token.to_s] = form_authenticity_token
- rescue ActionController::InvalidAuthenticityToken
- end
- end
open_id_request.redirect_url(root_url, return_to || requested_url)
end
def requested_url
relative_url_root = self.class.respond_to?(:relative_url_root) ?
self.class.relative_url_root.to_s :
request.relative_url_root
- "#{request.protocol + request.host_with_port + relative_url_root + request.path}"
+ "#{request.protocol}#{request.host_with_port}#{ActionController::Base.relative_url_root}#{request.path}"
end
def timeout_protection_from_identity_server
@@ -14,4 +14,10 @@ def request_method_with_openid
end
end
-ActionController::AbstractRequest.send :include, OpenIdAuthentication::Request
+# In Rails 2.3, the request object has been renamed
+# from AbstractRequest to Request
+if defined? ActionController::Request
+ ActionController::Request.send :include, OpenIdAuthentication::Request
+else
+ ActionController::AbstractRequest.send :include, OpenIdAuthentication::Request
+end
@@ -16,17 +16,17 @@ class NormalizeTest < Test::Unit::TestCase
"http://loudthinking.com:8080" => "http://loudthinking.com:8080/",
"techno-weenie.net" => "http://techno-weenie.net/",
"http://techno-weenie.net" => "http://techno-weenie.net/",
- "http://techno-weenie.net " => "http://techno-weenie.net/"
+ "http://techno-weenie.net " => "http://techno-weenie.net/",
+ "=name" => "=name"
}
def test_normalizations
NORMALIZATIONS.each do |from, to|
- assert_equal to, normalize_url(from)
+ assert_equal to, normalize_identifier(from)
end
end
-
+
def test_broken_open_id
- assert_raises(InvalidOpenId) { normalize_url(nil) }
- assert_raises(InvalidOpenId) { normalize_url("=name") }
+ assert_raises(InvalidOpenId) { normalize_identifier(nil) }
end
end
@@ -4,6 +4,9 @@
gem 'activesupport'
require 'active_support'
+gem 'actionpack'
+require 'action_controller'
+
gem 'mocha'
require 'mocha'
@@ -1,11 +1,20 @@
+*2.3.2 [Final] (March 15, 2009)*
+
+* Fixed that ActionMailer should send correctly formatted Return-Path in MAIL FROM for SMTP #1842 [Matt Jones]
+
+* Fixed RFC-2045 quoted-printable bug #1421 [squadette]
+
+* Fixed that no body charset would be set when there are attachments present #740 [Paweł Kondzior]
+
+
*2.2.1 [RC2] (November 14th, 2008)*
* Turn on STARTTLS if it is available in Net::SMTP (added in Ruby 1.8.7) and the SMTP server supports it (This is required for Gmail's SMTP server) #1336 [Grant Hollingworth]
*2.2.0 [RC1] (October 24th, 2008)*
-* Add layout functionality to mailers [Pratik]
+* Add layout functionality to mailers [Pratik Naik]
Mailer layouts behaves just like controller layouts, except layout names need to
have '_mailer' postfix for them to be automatically picked up.
@@ -17,7 +26,7 @@
* Less verbose mail logging: just recipients for :info log level; the whole email for :debug only. #8000 [iaddict, Tarmo Tänav]
-* Updated TMail to version 1.2.1 [raasdnil]
+* Updated TMail to version 1.2.1 [Mikel Lindsaar]
* Fixed that you don't have to call super in ActionMailer::TestCase#setup #10406 [jamesgolick]
@@ -29,7 +38,7 @@
*2.0.1* (December 7th, 2007)
-* Update ActionMailer so it treats ActionView the same way that ActionController does. Closes #10244 [rick]
+* Update ActionMailer so it treats ActionView the same way that ActionController does. Closes #10244 [Rick Olson]
* Pass the template_root as an array as ActionView's view_path
* Request templates with the "#{mailer_name}/#{action}" as opposed to just "#{action}"
@@ -38,11 +47,11 @@
* Update README to use new smtp settings configuration API. Closes #10060 [psq]
-* Allow ActionMailer subclasses to individually set their delivery method (so two subclasses can have different delivery methods) #10033 [zdennis]
+* Allow ActionMailer subclasses to individually set their delivery method (so two subclasses can have different delivery methods) #10033 [Zach Dennis]
-* Update TMail to v1.1.0. Use an updated version of TMail if available. [mikel]
+* Update TMail to v1.1.0. Use an updated version of TMail if available. [Mikel Lindsaar]
-* Introduce a new base test class for testing Mailers. ActionMailer::TestCase [Koz]
+* Introduce a new base test class for testing Mailers. ActionMailer::TestCase [Michael Koziarski]
* Fix silent failure of rxml templates. #9879 [jstewart]
@@ -77,7 +86,7 @@
*1.3.2* (February 5th, 2007)
-* Deprecate server_settings renaming it to smtp_settings, add sendmail_settings to allow you to override the arguments to and location of the sendmail executable. [Koz]
+* Deprecate server_settings renaming it to smtp_settings, add sendmail_settings to allow you to override the arguments to and location of the sendmail executable. [Michael Koziarski]
*1.3.1* (January 16th, 2007)
@@ -97,7 +106,7 @@
* Tighten rescue clauses. #5985 [james@grayproductions.net]
-* Automatically included ActionController::UrlWriter, such that URL generation can happen within ActionMailer controllers. [DHH]
+* Automatically included ActionController::UrlWriter, such that URL generation can happen within ActionMailer controllers. [David Heinemeier Hansson]
* Replace Reloadable with Reloadable::Deprecated. [Nicholas Seckar]
@@ -1,4 +1,4 @@
-Copyright (c) 2004-2008 David Heinemeier Hansson
+Copyright (c) 2004-2009 David Heinemeier Hansson
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
@@ -55,7 +55,7 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "actionmailer"
s.homepage = "http://www.rubyonrails.org"
- s.add_dependency('actionpack', '= 2.2.2' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.3.2' + PKG_BUILD)
s.has_rdoc = true
s.requirements << 'none'
Oops, something went wrong.

0 comments on commit ecc430b

Please sign in to comment.