RubyGems - aptible-auth - Versions diffs - 1.2.3 → 1.2.5 - Mend

aptible-auth 1.2.3 → 1.2.5

Files changed (9) hide show

checksums.yaml +4 -4
data/SECURITY.md +23 -0
data/aptible-auth.gemspec +2 -1
data/lib/aptible/auth/resource.rb +1 -0
data/lib/aptible/auth/ssh_key_pre_authorization.rb +11 -0
data/lib/aptible/auth/token.rb +6 -0
data/lib/aptible/auth/version.rb +1 -1
data/spec/aptible/auth/token_spec.rb +10 -0
metadata +23 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 41cc5579815eeb97458ce8ec7331660f45d72a4060048253561dc35f9e2d915f
-  data.tar.gz: 792e65542c8a8d367ae7c50217b19bc60fa37696f39c265bed0acb4b513e8f31
+  metadata.gz: f20bf9836f3cdf1ce3c0aa0db201eb8df10381f5e61537f10ab6d1a9d630a6a9
+  data.tar.gz: ac31487e6645012ea38e884de2105fbd0c75d928e04f44be92e905131aba17d3
 SHA512:
-  metadata.gz: ecadb75dec853d60d059c4d75202da98187e343482d93629c2919ee8cd4289d018f20f6ca58dc4cf99d3f5abf62fc565e1ee2f5d95882d3cf1a7b09d0ab2dff5
-  data.tar.gz: 967e56ed114a1580dba1affaeb12d55a1d7cb34e3535c19f775ab6c6793494a378f19f552d2b2ab339dab4b6b0e39a6c20a26d49da498ed431f4c3e82d890985
+  metadata.gz: 1b0e0e9d03317a6e0916ac45f411fcae5156d00bf26b9484b7143780c4fe44d542c235989997ff967a250102c9c51c7402645abb449649cf18f1f6961101c380
+  data.tar.gz: 52fa36acfb54ddb2c79b2b0fa35b49e29ac2f6992b7843dbf7bd4ec4ca32dd2f0ac12c9ddb83d49eb6266e9c7844a4aba18150992ca685537ca66ea3c956d303

data/SECURITY.md ADDED Viewed

@@ -0,0 +1,23 @@
+# Aptible Open Source Security Policies and Procedures
+This document outlines security procedures and general policies for the Aptible open source projects as found on https://github.com/aptible.
+  * [Reporting a Vulnerability](#reporting-a-vulnerability)
+  * [Responsible Disclosure Policy](#responsible-disclosure-policy)
+## Reporting a Vulnerability
+The Aptible team and community take all security vulnerabilities
+seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
+Report security vulnerabilities by emailing the Aptible security team at:
+    security@aptible.com
+Security researchers can also privately report security vulnerabilities to repository maintainers using the GitHub "Report a Vulnerability" feature. [See how-to here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
+The Aptible team will acknowledge your email within 24 business hours and send a detailed response within 48 business hours indicating the next steps in handling your report. The Aptible security team will keep you informed of the progress and may ask for additional information or guidance.
+## Responsible Disclosure Policy
+Please see Aptible's Responsible Disclosure Policy here: https://www.aptible.com/legal/responsible-disclosure/

data/aptible-auth.gemspec CHANGED Viewed

@@ -22,7 +22,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'aptible-resource', '~> 1.0'
   spec.add_dependency 'gem_config'
-  spec.add_dependency 'oauth2', '~> 1.4'
+  spec.add_dependency 'multipart-post', '2.1.1'
+  spec.add_dependency 'oauth2', '1.4.7'
   spec.add_development_dependency 'aptible-tasks', '>= 0.6.0'
   spec.add_development_dependency 'pry'

data/lib/aptible/auth/resource.rb CHANGED Viewed

@@ -26,3 +26,4 @@ require 'aptible/auth/ssh_key'
 require 'aptible/auth/saml_configuration'
 require 'aptible/auth/whitelist_membership'
 require 'aptible/auth/reauthenticate_organization'
+require 'aptible/auth/ssh_key_pre_authorization'

data/lib/aptible/auth/ssh_key_pre_authorization.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Aptible
+  module Auth
+    class SshKeyPreAuthorization < Resource
+      belongs_to :ssh_key
+      belongs_to :owner
+      field :created_at, type: Time
+      field :updated_at, type: Time
+    end
+  end
+end

data/lib/aptible/auth/token.rb CHANGED Viewed

@@ -106,6 +106,12 @@ module Aptible
           authenticate_impersonate(
             token_as_string(user_token), 'aptible:token', options
           )
+        elsif (href = options.delete(:ssh_key_pre_authorization_href))
+          authenticate_impersonate(
+            href,
+            'aptible:ssh_key_pre_authorization:href',
+            options
+          )
         else
           raise 'Unrecognized options'
         end

data/lib/aptible/auth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Aptible
   module Auth
-    VERSION = '1.2.3'.freeze
+    VERSION = '1.2.5'.freeze
   end
 end

data/spec/aptible/auth/token_spec.rb CHANGED Viewed

@@ -67,6 +67,16 @@ describe Aptible::Auth::Token do
         described_class.create(user_token: 'tok tok tok')
       end
+      it(
+        'should #authenticate_impersonate if passed ' \
+        'ssh_key_pre_authorization_href'
+      ) do
+        Aptible::Auth::Token.any_instance.should_receive(
+          :authenticate_impersonate
+        ).with('foo.href', 'aptible:ssh_key_pre_authorization:href', {})
+        described_class.create(ssh_key_pre_authorization_href: 'foo.href')
+      end
       it 'should not alter the hash it receives' do
         options = { email: 'some email' }
         options_before = options.dup

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aptible-auth
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.2.5
 platform: ruby
 authors:
 - Frank Macreery
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-29 00:00:00.000000000 Z
+date: 2023-04-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aptible-resource
@@ -38,20 +38,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: multipart-post
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.1.1
 - !ruby/object:Gem::Dependency
   name: oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: 1.4.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: 1.4.7
 - !ruby/object:Gem::Dependency
   name: aptible-tasks
   requirement: !ruby/object:Gem::Requirement
@@ -152,6 +166,7 @@ files:
 - Procfile
 - README.md
 - Rakefile
+- SECURITY.md
 - aptible-auth.gemspec
 - lib/aptible/auth.rb
 - lib/aptible/auth/agent.rb
@@ -165,6 +180,7 @@ files:
 - lib/aptible/auth/saml_configuration.rb
 - lib/aptible/auth/session.rb
 - lib/aptible/auth/ssh_key.rb
+- lib/aptible/auth/ssh_key_pre_authorization.rb
 - lib/aptible/auth/token.rb
 - lib/aptible/auth/user.rb
 - lib/aptible/auth/version.rb
@@ -199,7 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Ruby client for auth.aptible.com