diff --git a/.travis.yml b/.travis.yml index 60b2eb2..2b663d5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,4 +3,5 @@ rvm: - 2.2.6 - 2.3.3 - 2.4.1 + - 3.2.2 script: bundle exec rspec diff --git a/README.md b/README.md index f73f9a7..8c836ba 100644 --- a/README.md +++ b/README.md @@ -3,21 +3,22 @@ Omniauth strategy for using Swedbank as an authentication service provider. [![Gem Version](https://badge.fury.io/rb/omniauth-swedbank.png)](http://badge.fury.io/rb/omniauth-swedbank) -[![Build Status](https://travis-ci.org/mak-it/omniauth-swedbank.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-swedbank) +[![Build Status](https://travis-ci.org/mitigate-dev/omniauth-swedbank.svg?branch=master)](https://travis-ci.org/mitigate-dev/omniauth-swedbank) Supported Ruby versions: 2.2+ ## Related projects -- [omniauth-citadele](https://github.com/mak-it/omniauth-citadele) - strategy for authenticating with Citadele -- [omniauth-dnb](https://github.com/mak-it/omniauth-dnb) - strategy for authenticating with DNB -- [omniauth-nordea](https://github.com/mak-it/omniauth-nordea) - strategy for authenticating with Nordea -- [omniauth-seb-elink](https://github.com/mak-it/omniauth-seb-elink) - strategy for authenticating with SEB +- [omniauth-citadele](https://github.com/mitigate-dev/omniauth-citadele) - strategy for authenticating with Citadele +- [omniauth-dnb](https://github.com/mitigate-dev/omniauth-dnb) - strategy for authenticating with DNB +- [omniauth-nordea](https://github.com/mitigate-dev/omniauth-nordea) - strategy for authenticating with Nordea +- [omniauth-seb-elink](https://github.com/mitigate-dev/omniauth-seb-elink) - strategy for authenticating with SEB ## Installation -Add this line to your application's Gemfile: +Add these lines to your application's Gemfile (omniauth-rails_csrf_protection is required if using Rails): + gem 'omniauth-rails_csrf_protection' gem 'omniauth-swedbank' And then execute: @@ -26,7 +27,7 @@ And then execute: Or install it yourself as: - $ gem install omniauth-swedbank + $ gem install omniauth-rails_csrf_protection omniauth-swedbank ## Usage diff --git a/lib/omniauth/strategies/swedbank.rb b/lib/omniauth/strategies/swedbank.rb index 55ce20f..5ef5666 100644 --- a/lib/omniauth/strategies/swedbank.rb +++ b/lib/omniauth/strategies/swedbank.rb @@ -123,7 +123,7 @@ def request_phase 'VK_LANG' => 'LAT', 'VK_ENCODING' => 'UTF-8' }.each do |name, val| - form.html "" + form.html "" end form.button I18n.t('omniauth.swedbank.click_here_if_not_redirected') diff --git a/omniauth-swedbank.gemspec b/omniauth-swedbank.gemspec index af82002..ed2a7f5 100644 --- a/omniauth-swedbank.gemspec +++ b/omniauth-swedbank.gemspec @@ -6,11 +6,11 @@ require 'omniauth/swedbank/version' Gem::Specification.new do |spec| spec.name = 'omniauth-swedbank' spec.version = Omniauth::Swedbank::VERSION - spec.authors = ['MAK IT', 'Jānis Kiršteins', 'Kristaps Ērglis'] - spec.email = ['admin@makit.lv', 'janis@montadigital.com', 'kristaps.erglis@gmail.com' ] + spec.authors = ['Mitigate', 'Jānis Kiršteins', 'Kristaps Ērglis'] + spec.email = ['admin@mitigate.dev', 'janis@montadigital.com', 'kristaps.erglis@gmail.com' ] spec.description = %q{OmniAuth strategy for Swedbank Banklink} spec.summary = %q{OmniAuth strategy for Swedbank Banklink} - spec.homepage = 'https://github.com/mak-it/omniauth-swedbank' + spec.homepage = 'https://github.com/mitigate-dev/omniauth-swedbank' spec.license = 'MIT' spec.files = `git ls-files`.split($/) @@ -20,11 +20,12 @@ Gem::Specification.new do |spec| spec.required_ruby_version = '>= 2.2.2' - spec.add_runtime_dependency 'omniauth', '~> 1.0' - spec.add_runtime_dependency "i18n" + spec.add_runtime_dependency 'omniauth', '~> 2.1' + spec.add_runtime_dependency 'i18n' + spec.add_development_dependency 'rack', '~> 2.0' spec.add_development_dependency 'rack-test' - spec.add_development_dependency 'rspec', '~> 2.7' - spec.add_development_dependency "bundler", "~> 1.3" - spec.add_development_dependency "rake" + spec.add_development_dependency 'rspec' + spec.add_development_dependency 'bundler' + spec.add_development_dependency 'rake' end diff --git a/spec/omniauth/strategies/swedbank_spec.rb b/spec/omniauth/strategies/swedbank_spec.rb index 1055972..28d07b4 100644 --- a/spec/omniauth/strategies/swedbank_spec.rb +++ b/spec/omniauth/strategies/swedbank_spec.rb @@ -1,4 +1,5 @@ require 'spec_helper' +require 'rack-protection' describe OmniAuth::Strategies::Swedbank do @@ -11,6 +12,8 @@ b.run lambda{|env| [404, {}, ['Not Found']]} end.to_app } + let(:token){ Rack::Protection::AuthenticityToken.random_token } + let(:last_response_nonce) { last_response.body.match(/name="VK_NONCE" value="([^"]*)"/)[1] } let(:last_response_mac) { last_response.body.match(/name="VK_MAC" value="([^"]*)"/)[1] } @@ -23,7 +26,14 @@ 'VK_RETURN' => 'http://example.org/auth/swedbank/callback' } - before(:each){ get '/auth/swedbank' } + before(:each) do + post( + '/auth/swedbank', + {}, + 'rack.session' => {csrf: token}, + 'HTTP_X_CSRF_TOKEN' => token + ) + end it 'displays a single form' do expect(last_response.status).to eq(200)