RubyGems - cf-uaa-lib - Versions diffs - 4.0.6 → 4.0.8 - Mend

cf-uaa-lib 4.0.6 → 4.0.8

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c0e403a09ef6239150df20123d5596e3990054b67f718d1c08ed4a157475c14b
-  data.tar.gz: 2707255f7d895a3c1a56f1cb67af4200eeb16bf9311dfe00accaf23645c8afc4
+  metadata.gz: c1d85a9e186e6f61fe473527aac3465589b12f415d30b22d05f99731c4d604bf
+  data.tar.gz: 71a5e80bebadaa224e51f39ef59ccdb3bf263bfc375f3d9624d5c888b79c1094
 SHA512:
-  metadata.gz: 94eebb8323b3f10f4afffa26c87eb2a36725b20c3d7926b0ca17aa6edab9e389cdb10a2e2d117a0e9152d8d97a75378c5785c3433ec673c44b82747398966873
-  data.tar.gz: 6b4a915f3adcc507943830d0b0ed438931fa29780c09b14bf9e2c3f0a48cd66e4d53c775bbfa489bb725536a12fa6eb64707090014d508974871cda0b284e59b
+  metadata.gz: 1d12f9f7255e3e7728bbcbccf89593d3e3e13edc7547b9b420a985442903d91c29f708d79593b536e02619332060a18c74198ff530dac264d1048d923412bf08
+  data.tar.gz: 35e4042dccf44ff0e1dd36fd1ef639759648d226e09fe175c7fbe477d75ac601b9fc74c2c8e6a3665a1cb9ea4288c532c48f98e53b5018714f33a13113643ae4

data/.github/workflows/ruby.yml CHANGED Viewed

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['2.5', '2.7', '3.0', '3.1', '3.2']
+        ruby-version: ['2.5', '2.7', '3.1', '3.2', '3.3', '3.4']
     steps:
     - uses: actions/checkout@v4

data/Gemfile CHANGED Viewed

@@ -11,7 +11,7 @@
 # subcomponent's license, as noted in the LICENSE file.
 #++
-source "http://rubygems.org"
+source "https://rubygems.org"
 # Specify your gem's dependencies in uaa.gemspec
 gemspec

data/LICENSE CHANGED Viewed

@@ -227,7 +227,6 @@ SECTION 1: BSD-STYLE, MIT-STYLE, OR SIMILAR STYLE LICENSES
    >>> daemons-1.1.4
    >>> diff-lcs-1.1.3
    >>> machinist-1.0.6
-   >>> multi_json-1.0.4
    >>> rack-protection-1.1.4
    >>> rack-test-0.5.7
    >>> rails-3.0.3
@@ -383,7 +382,6 @@ SECTION 1: BSD-STYLE, MIT-STYLE, OR SIMILAR STYLE LICENSES
    >>> mime-1.2.4
    >>> mkdirp-0.0.7
    >>> mocha-0.9.12
-   >>> multi_json-1.0.4
    >>> mysql2-0.2.7
    >>> nats-0.3.9
    >>> nats-0.4.10
@@ -529,7 +527,6 @@ SECTION 6: Ruby Clause-6
    >>> highline-1.6.1
    >>> httpclient-2.1.6.1
    >>> json-1.4.6
-   >>> json_pure-1.5.1
    >>> logging-1.5.0
    >>> main-4.4.0
    >>> mime-types-1.16
@@ -724,50 +721,6 @@ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
->>> multi_json-1.0.4
-Copyright (c) 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-Copyright (c) 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 >>> rack-protection-1.1.4
 Copyright (c) 2011 Konstantin Haase
@@ -4336,50 +4289,6 @@ The above copyright notice and this permission notice shall be included in all c
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
->>> multi_json-1.0.4
-Copyright (c) 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-Copyright (c) 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 >>> mysql2-0.2.7
 Copyright (c) 2010 Brian Lopez - http://github.com/brianmario
@@ -9716,78 +9625,6 @@ You can redistribute it and/or modify it under either the terms of the GPL
      PURPOSE.
->>> json_pure-1.5.1
-[PLEASE NOTE:  VMWARE, INC. ELECTS TO USE AND DISTRIBUTE THIS COMPONENT UNDER THE TERMS OF THE RUBY LICENSE.  THE ORIGINAL LICENSE TERMS ARE REPRODUCED BELOW ONLY AS A REFERENCE.]
-== Author
-Florian Frank <mailto:flori@ping.de>
-== License
-Ruby License, see the COPYING file included in the source distribution. The
-Ruby License includes the GNU General Public License (GPL), Version 2, so see
-the file GPL as well.
-Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.co.jp>.
-You can redistribute it and/or modify it under either the terms of the GPL
-(see GPL file), or the conditions below:
-  1. You may make and give away verbatim copies of the source form of the
-     software without restriction, provided that you duplicate all of the
-     original copyright notices and associated disclaimers.
-  2. You may modify your copy of the software in any way, provided that
-     you do at least ONE of the following:
-       a) place your modifications in the Public Domain or otherwise
-          make them Freely Available, such as by posting said
-	  modifications to Usenet or an equivalent medium, or by allowing
-	  the author to include your modifications in the software.
-       b) use the modified software only within your corporation or
-          organization.
-       c) rename any non-standard executables so the names do not conflict
-	  with standard executables, which must also be provided.
-       d) make other distribution arrangements with the author.
-  3. You may distribute the software in object code or executable
-     form, provided that you do at least ONE of the following:
-       a) distribute the executables and library files of the software,
-	  together with instructions (in the manual page or equivalent)
-	  on where to get the original distribution.
-       b) accompany the distribution with the machine-readable source of
-	  the software.
-       c) give non-standard executables non-standard names, with
-          instructions on where to get the original software distribution.
-       d) make other distribution arrangements with the author.
-  4. You may modify and include the part of the software into any other
-     software (possibly commercial).  But some files in the distribution
-     are not written by the author, so that they are not under this terms.
-     They are gc.c(partly), utils.c(partly), regex.[ch], st.[ch] and some
-     files under the ./missing directory.  See each file for the copying
-     condition.
-  5. The scripts and library files supplied as input to or produced as
-     output from the software do not automatically fall under the
-     copyright of the software, but belong to whomever generated them,
-     and may be sold commercially, and may be aggregated with this
-     software.
-  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
-     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-     PURPOSE.
 >>> logging-1.5.0

data/cf-uaa-lib.gemspec CHANGED Viewed

@@ -31,8 +31,9 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib']
   # dependencies
-  s.add_dependency 'multi_json', '>= 1.12.1', '< 1.16'
-  s.add_dependency 'json_pure', '~>2.7'
+  s.add_dependency 'json', '~>2.7'
+  s.add_dependency 'mutex_m'
+  s.add_dependency 'base64'
   s.add_dependency 'httpclient', '~> 2.8', '>= 2.8.2.4'
   s.add_dependency 'addressable', '~> 2.8', '>= 2.8.0'
@@ -42,7 +43,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'simplecov', '~> 0.22.0'
   s.add_development_dependency 'simplecov-rcov', '~> 0.3.0'
   s.add_development_dependency 'ci_reporter', '>= 1.9.2', '~> 2.0'
-  s.add_development_dependency 'json_pure', '~>2.7'
   s.add_development_dependency 'ci_reporter_rspec', '~> 1.0'
 end

data/lib/uaa/http.rb CHANGED Viewed

@@ -11,6 +11,7 @@
 # subcomponent's license, as noted in the LICENSE file.
 #++
+require 'mutex_m'
 require 'base64'
 require 'uaa/util'
 require 'httpclient'

data/lib/uaa/token_issuer.rb CHANGED Viewed

@@ -83,6 +83,9 @@ class TokenIssuer
         headers['X-CF-ENCODED-CREDENTIALS'] = 'true'
         headers['authorization'] = Http.basic_auth(CGI.escape(@client_id), CGI.escape(@client_secret))
       end
+    elsif @client_auth_method == 'client_secret_post' && @client_secret && @client_id
+      params[:client_id] = @client_id
+      params[:client_secret] = @client_secret
     elsif @client_id && params[:code_verifier]
       params[:client_id] = @client_id
     else

data/lib/uaa/util.rb CHANGED Viewed

@@ -11,8 +11,8 @@
 # subcomponent's license, as noted in the LICENSE file.
 #++
-require 'json/pure'
-require "base64"
+require 'json'
+require 'base64'
 require 'logger'
 require 'uri'

data/lib/uaa/version.rb CHANGED Viewed

@@ -14,6 +14,6 @@
 # Cloud Foundry namespace
 module CF
   module UAA
-    VERSION = '4.0.6'
+    VERSION = '4.0.8'
   end
 end

data/spec/token_issuer_spec.rb CHANGED Viewed

@@ -310,6 +310,41 @@ describe TokenIssuer do
   end
+  context 'with basic_auth using auth code grant' do
+    let(:options) { {basic_auth: true} }
+    it 'basic_auth with authorization code' do
+      subject.set_request_handler do |url, method, body, headers|
+        headers['content-type'].should =~ /application\/x-www-form-urlencoded/
+        headers['accept'].should =~ /application\/json/
+        headers['X-CF-ENCODED-CREDENTIALS'].should_not
+        headers['authorization'].should == 'Basic dGVzdF9jbGllbnQ6dGVzdCFzZWNyZXQ='
+        params = Util.decode_form(body)
+        params['code_verifier'].should_not
+        params['grant_type'].should == 'authorization_code'
+        url.should match 'http://test.uaa.target/oauth/token'
+        method.should == :post
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+                 scope: 'openid', expires_in: 98765}
+        [200, Util.json(reply), {'content-type' => 'application/json'}]
+      end
+      cburi = 'http://call.back/uri_path'
+      params = Util.decode_form(cburi[1])
+      params['code_challenge'].should_not
+      params['code_challenge_method'].should_not
+      redir_uri = subject.authcode_uri(cburi)
+      state = /state=([^&]+)/.match(redir_uri)[1]
+      reply_query = "state=#{state}&code=kz8%2F5gQZ2pc%3D"
+      token = subject.authcode_grant(redir_uri, reply_query)
+      token.should be_an_instance_of TokenInfo
+      token.info['access_token'].should == 'test_access_token'
+      token.info['token_type'].should =~ /^bearer$/i
+      token.info['scope'].should == 'openid'
+      token.info['expires_in'].should == 98765
+    end
+  end
   context 'pkce with own code verifier' do
     let(:options) { {basic_auth: false, code_verifier: 'umoq1e_4XMYXvfHlaO9mSlSI17OKfxnwfR5ZD-oYreFxyn8yQZ-ZHPZfUZ4n3WjY_tkOB_MAisSy4ddqsa6aoTU5ZOcX4ps3de933PczYlC8pZpKL8EQWaDZOnpOyB2W'} }
@@ -324,6 +359,38 @@ describe TokenIssuer do
       code_verifier.should == options[:code_verifier]
       code_challenge.should == 'TAnM2AKGgiQKOC16cRpMdF_55qwmz3B333cq6T18z0s'
     end
+    let(:client_secret) { nil }
+    it 'public token request with pkce without client_secret' do
+      subject.set_request_handler do |url, method, body, headers|
+        headers['content-type'].should =~ /application\/x-www-form-urlencoded/
+        headers['accept'].should =~ /application\/json/
+        headers['X-CF-ENCODED-CREDENTIALS'].should_not
+        headers['authorization'].should_not
+        params = Util.decode_form(body)
+        params['code_verifier'].should_not
+        params['grant_type'].should == 'authorization_code'
+        params['client_secret'].should_not
+        url.should match 'http://test.uaa.target/oauth/token'
+        method.should == :post
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+                 scope: 'openid', expires_in: 98765}
+        [200, Util.json(reply), {'content-type' => 'application/json'}]
+      end
+      cburi = 'http://call.back/uri_path'
+      params = Util.decode_form(cburi[1])
+      params['code_challenge'].should_not
+      params['code_challenge_method'].should_not
+      redir_uri = subject.authcode_uri(cburi)
+      state = /state=([^&]+)/.match(redir_uri)[1]
+      reply_query = "state=#{state}&code=kz8%2F5gQZ2pc%3D"
+      token = subject.authcode_grant(redir_uri, reply_query)
+      token.should be_an_instance_of TokenInfo
+      token.info['access_token'].should == 'test_access_token'
+      token.info['token_type'].should =~ /^bearer$/i
+      token.info['scope'].should == 'openid'
+      token.info['expires_in'].should == 98765
+    end
   end
   context 'no pkce active as this is the default' do
@@ -338,6 +405,40 @@ describe TokenIssuer do
       end
   end
+  context 'with client_auth_method using client_secret_post' do
+    let(:options) { {client_auth_method: 'client_secret_post'} }
+    let(:client_secret) { 'body!secret' }
+    it 'use client_secret_post in authorization code and expect client_id and secret in body' do
+      subject.set_request_handler do |url, method, body, headers|
+        headers['content-type'].should =~ /application\/x-www-form-urlencoded/
+        headers['accept'].should =~ /application\/json/
+        headers['X-CF-ENCODED-CREDENTIALS'].should_not
+        headers['authorization'].should_not
+        params = Util.decode_form(body)
+        params['code_verifier'].should_not
+        params['grant_type'].should == 'authorization_code'
+        params['client_id'].should == 'test_client'
+        params['client_secret'].should == 'body!secret'
+        url.should match 'http://test.uaa.target/oauth/token'
+        method.should == :post
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+                 scope: 'openid', expires_in: 98765}
+        [200, Util.json(reply), {'content-type' => 'application/json'}]
+      end
+      cburi = 'http://call.back/uri_path'
+      redir_uri = subject.authcode_uri(cburi)
+      state = /state=([^&]+)/.match(redir_uri)[1]
+      reply_query = "state=#{state}&code=kz8%2F5gQZ2pc%3D"
+      token = subject.authcode_grant(redir_uri, reply_query)
+      token.should be_an_instance_of TokenInfo
+      token.info['access_token'].should == 'test_access_token'
+      token.info['token_type'].should =~ /^bearer$/i
+      token.info['scope'].should == 'openid'
+      token.info['expires_in'].should == 98765
+    end
+  end
 end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cf-uaa-lib
 version: !ruby/object:Gem::Version
-  version: 4.0.6
+  version: 4.0.8
 platform: ruby
 authors:
 - Dave Syer
@@ -9,45 +9,52 @@ authors:
 - Joel D'sa
 - Vidya Valmikinathan
 - Luke Taylor
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-01 00:00:00.000000000 Z
+date: 2025-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: multi_json
+  name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.12.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: mutex_m
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.12.1
-    - - "<"
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: json_pure
+  name: base64
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: httpclient
   requirement: !ruby/object:Gem::Requirement
@@ -190,20 +197,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: json_pure
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: ci_reporter_rspec
   requirement: !ruby/object:Gem::Requirement
@@ -266,7 +259,6 @@ homepage: https://github.com/cloudfoundry/cf-uaa-lib
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -281,8 +273,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.16
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Client library for CloudFoundry UAA
 test_files: []