diff --git a/.travis.yml b/.travis.yml
index 60b2eb2..2b663d5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,4 +3,5 @@ rvm:
- 2.2.6
- 2.3.3
- 2.4.1
+ - 3.2.2
script: bundle exec rspec
diff --git a/README.md b/README.md
index f73f9a7..8c836ba 100644
--- a/README.md
+++ b/README.md
@@ -3,21 +3,22 @@
Omniauth strategy for using Swedbank as an authentication service provider.
[![Gem Version](https://badge.fury.io/rb/omniauth-swedbank.png)](http://badge.fury.io/rb/omniauth-swedbank)
-[![Build Status](https://travis-ci.org/mak-it/omniauth-swedbank.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-swedbank)
+[![Build Status](https://travis-ci.org/mitigate-dev/omniauth-swedbank.svg?branch=master)](https://travis-ci.org/mitigate-dev/omniauth-swedbank)
Supported Ruby versions: 2.2+
## Related projects
-- [omniauth-citadele](https://github.com/mak-it/omniauth-citadele) - strategy for authenticating with Citadele
-- [omniauth-dnb](https://github.com/mak-it/omniauth-dnb) - strategy for authenticating with DNB
-- [omniauth-nordea](https://github.com/mak-it/omniauth-nordea) - strategy for authenticating with Nordea
-- [omniauth-seb-elink](https://github.com/mak-it/omniauth-seb-elink) - strategy for authenticating with SEB
+- [omniauth-citadele](https://github.com/mitigate-dev/omniauth-citadele) - strategy for authenticating with Citadele
+- [omniauth-dnb](https://github.com/mitigate-dev/omniauth-dnb) - strategy for authenticating with DNB
+- [omniauth-nordea](https://github.com/mitigate-dev/omniauth-nordea) - strategy for authenticating with Nordea
+- [omniauth-seb-elink](https://github.com/mitigate-dev/omniauth-seb-elink) - strategy for authenticating with SEB
## Installation
-Add this line to your application's Gemfile:
+Add these lines to your application's Gemfile (omniauth-rails_csrf_protection is required if using Rails):
+ gem 'omniauth-rails_csrf_protection'
gem 'omniauth-swedbank'
And then execute:
@@ -26,7 +27,7 @@ And then execute:
Or install it yourself as:
- $ gem install omniauth-swedbank
+ $ gem install omniauth-rails_csrf_protection omniauth-swedbank
## Usage
diff --git a/lib/omniauth/strategies/swedbank.rb b/lib/omniauth/strategies/swedbank.rb
index 55ce20f..5ef5666 100644
--- a/lib/omniauth/strategies/swedbank.rb
+++ b/lib/omniauth/strategies/swedbank.rb
@@ -123,7 +123,7 @@ def request_phase
'VK_LANG' => 'LAT',
'VK_ENCODING' => 'UTF-8'
}.each do |name, val|
- form.html ""
+ form.html ""
end
form.button I18n.t('omniauth.swedbank.click_here_if_not_redirected')
diff --git a/omniauth-swedbank.gemspec b/omniauth-swedbank.gemspec
index af82002..ed2a7f5 100644
--- a/omniauth-swedbank.gemspec
+++ b/omniauth-swedbank.gemspec
@@ -6,11 +6,11 @@ require 'omniauth/swedbank/version'
Gem::Specification.new do |spec|
spec.name = 'omniauth-swedbank'
spec.version = Omniauth::Swedbank::VERSION
- spec.authors = ['MAK IT', 'Jānis Kiršteins', 'Kristaps Ērglis']
- spec.email = ['admin@makit.lv', 'janis@montadigital.com', 'kristaps.erglis@gmail.com' ]
+ spec.authors = ['Mitigate', 'Jānis Kiršteins', 'Kristaps Ērglis']
+ spec.email = ['admin@mitigate.dev', 'janis@montadigital.com', 'kristaps.erglis@gmail.com' ]
spec.description = %q{OmniAuth strategy for Swedbank Banklink}
spec.summary = %q{OmniAuth strategy for Swedbank Banklink}
- spec.homepage = 'https://github.com/mak-it/omniauth-swedbank'
+ spec.homepage = 'https://github.com/mitigate-dev/omniauth-swedbank'
spec.license = 'MIT'
spec.files = `git ls-files`.split($/)
@@ -20,11 +20,12 @@ Gem::Specification.new do |spec|
spec.required_ruby_version = '>= 2.2.2'
- spec.add_runtime_dependency 'omniauth', '~> 1.0'
- spec.add_runtime_dependency "i18n"
+ spec.add_runtime_dependency 'omniauth', '~> 2.1'
+ spec.add_runtime_dependency 'i18n'
+ spec.add_development_dependency 'rack', '~> 2.0'
spec.add_development_dependency 'rack-test'
- spec.add_development_dependency 'rspec', '~> 2.7'
- spec.add_development_dependency "bundler", "~> 1.3"
- spec.add_development_dependency "rake"
+ spec.add_development_dependency 'rspec'
+ spec.add_development_dependency 'bundler'
+ spec.add_development_dependency 'rake'
end
diff --git a/spec/omniauth/strategies/swedbank_spec.rb b/spec/omniauth/strategies/swedbank_spec.rb
index 1055972..28d07b4 100644
--- a/spec/omniauth/strategies/swedbank_spec.rb
+++ b/spec/omniauth/strategies/swedbank_spec.rb
@@ -1,4 +1,5 @@
require 'spec_helper'
+require 'rack-protection'
describe OmniAuth::Strategies::Swedbank do
@@ -11,6 +12,8 @@
b.run lambda{|env| [404, {}, ['Not Found']]}
end.to_app }
+ let(:token){ Rack::Protection::AuthenticityToken.random_token }
+
let(:last_response_nonce) { last_response.body.match(/name="VK_NONCE" value="([^"]*)"/)[1] }
let(:last_response_mac) { last_response.body.match(/name="VK_MAC" value="([^"]*)"/)[1] }
@@ -23,7 +26,14 @@
'VK_RETURN' => 'http://example.org/auth/swedbank/callback'
}
- before(:each){ get '/auth/swedbank' }
+ before(:each) do
+ post(
+ '/auth/swedbank',
+ {},
+ 'rack.session' => {csrf: token},
+ 'HTTP_X_CSRF_TOKEN' => token
+ )
+ end
it 'displays a single form' do
expect(last_response.status).to eq(200)