Update warden which fixes a security issue.

2026-01-08 22:37:57 -05:00 · 2010-02-23 19:47:45 +01:00
parent a12ca2955f
commit e03e137c35
5 changed files with 19 additions and 7 deletions
--- a/4
+++ b/4
@@ -1,7 +1,7 @@
 source "http://gemcutter.org"

 gem "rails", "3.0.0.beta"
-gem "warden", "0.9.3"
+gem "warden", "0.9.4"
 gem "sqlite3-ruby", :require => "sqlite3"
 gem "webrat", "0.7"
 gem "mocha", :require => false
@@ -15,4 +15,4 @@ group :mongo_mapper do
  gem "mongo",        "0.18.3"
  gem "mongo_ext",    "0.18.3", :require => false
  gem "mongo_mapper", :git => "git://github.com/merbjedi/mongomapper.git", :branch => "rails3"
-end
+end
--- a/2
+++ b/2
@@ -45,7 +45,7 @@ begin
    s.authors = ['José Valim', 'Carlos Antônio']
    s.files =  FileList["[A-Z]*", "{app,config,lib}/**/*"]
    s.extra_rdoc_files = FileList["[A-Z]*"] - %w(Gemfile Rakefile)
-    s.add_dependency("warden", "~> 0.9.3")
+    s.add_dependency("warden", "~> 0.9.4")
  end

  Jeweler::GemcutterTasks.new
--- a/devise.gemspec
+++ b/devise.gemspec
@@ -9,7 +9,7 @@ Gem::Specification.new do |s|

  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
  s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
-  s.date = %q{2010-02-18}
+  s.date = %q{2010-02-23}
  s.description = %q{Flexible authentication solution for Rails with Warden}
  s.email = %q{contact@plataformatec.com.br}
  s.extra_rdoc_files = [
@@ -171,12 +171,12 @@ Gem::Specification.new do |s|
    s.specification_version = 3

    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<warden>, ["~> 0.9.3"])
+      s.add_runtime_dependency(%q<warden>, ["~> 0.9.4"])
    else
-      s.add_dependency(%q<warden>, ["~> 0.9.3"])
+      s.add_dependency(%q<warden>, ["~> 0.9.4"])
    end
  else
-    s.add_dependency(%q<warden>, ["~> 0.9.3"])
+    s.add_dependency(%q<warden>, ["~> 0.9.4"])
  end
 end

--- a/test/integration/rememberable_test.rb
+++ b/test/integration/rememberable_test.rb
@@ -28,6 +28,14 @@ class RememberMeTest < ActionController::IntegrationTest
    assert warden.user(:user) == user
  end

+  test 'does not remember other scopes' do
+    user = create_user_and_remember
+    get root_path
+    assert_response :success
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+
  test 'do not remember with invalid token' do
    user = create_user_and_remember('add')
    get users_path
--- a/test/rails_app/app/views/layouts/application.html.erb
+++ b/test/rails_app/app/views/layouts/application.html.erb
@@ -14,6 +14,10 @@
        <p>Hello User <%= current_user.email %>! You are signed in!</p>
      <% end -%>

+      <% if admin_signed_in? -%>
+        <p>Hello Admin <%= current_admin.email %>! You are signed in!</p>
+      <% end -%>
+
      <%= yield %>
    </div>
  </body>