cf-uaa-lib 4.0.7 → 4.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b781e21fc1ba09d3b505c1364732c06796e300b3ebe6cd2aa47ae5db97273980
-  data.tar.gz: a779db80778bf2cf71a3f6e6f3d4f25f06a78893ef41fc954d7ff16fc88c11cf
+  metadata.gz: c1d85a9e186e6f61fe473527aac3465589b12f415d30b22d05f99731c4d604bf
+  data.tar.gz: 71a5e80bebadaa224e51f39ef59ccdb3bf263bfc375f3d9624d5c888b79c1094
 SHA512:
-  metadata.gz: 6db15f33f198143ae11a1cb34017c33b4aa0427342a037946e4c2b4a1e98825ee315ea3e715ddbec34a567620a262f1a24c5200f985f58d51dffcf3a1160e83e
-  data.tar.gz: de7b59d47820e1541caad9f333f62cc5b264038766e1cb5c4e8f074c857dcf36888b0920df1c98bede83735d7db67470905df181e7da23056889075222c9f136
+  metadata.gz: 1d12f9f7255e3e7728bbcbccf89593d3e3e13edc7547b9b420a985442903d91c29f708d79593b536e02619332060a18c74198ff530dac264d1048d923412bf08
+  data.tar.gz: 35e4042dccf44ff0e1dd36fd1ef639759648d226e09fe175c7fbe477d75ac601b9fc74c2c8e6a3665a1cb9ea4288c532c48f98e53b5018714f33a13113643ae4

data/.github/workflows/ruby.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby-version: ['2.5', '2.7', '3.1', '3.2', '3.3']
+        ruby-version: ['2.5', '2.7', '3.1', '3.2', '3.3', '3.4']
 
     steps:
     - uses: actions/checkout@v4

data/cf-uaa-lib.gemspec

@@ -32,6 +32,8 @@ Gem::Specification.new do |s|
 
   # dependencies
   s.add_dependency 'json', '~>2.7'
+  s.add_dependency 'mutex_m'
+  s.add_dependency 'base64'
   s.add_dependency 'httpclient', '~> 2.8', '>= 2.8.2.4'
   s.add_dependency 'addressable', '~> 2.8', '>= 2.8.0'
 

data/lib/uaa/http.rb

@@ -11,6 +11,7 @@
 # subcomponent's license, as noted in the LICENSE file.
 #++
 
+require 'mutex_m'
 require 'base64'
 require 'uaa/util'
 require 'httpclient'

data/lib/uaa/token_issuer.rb

@@ -83,6 +83,9 @@ class TokenIssuer
         headers['X-CF-ENCODED-CREDENTIALS'] = 'true'
         headers['authorization'] = Http.basic_auth(CGI.escape(@client_id), CGI.escape(@client_secret))
       end
+    elsif @client_auth_method == 'client_secret_post' && @client_secret && @client_id
+      params[:client_id] = @client_id
+      params[:client_secret] = @client_secret
     elsif @client_id && params[:code_verifier]
       params[:client_id] = @client_id
     else

data/lib/uaa/version.rb

@@ -14,6 +14,6 @@
 # Cloud Foundry namespace
 module CF
   module UAA
-    VERSION = '4.0.7'
+    VERSION = '4.0.8'
   end
 end

data/spec/token_issuer_spec.rb

@@ -310,6 +310,41 @@ describe TokenIssuer do
 
   end
 
+
+  context 'with basic_auth using auth code grant' do
+    let(:options) { {basic_auth: true} }
+
+    it 'basic_auth with authorization code' do
+      subject.set_request_handler do |url, method, body, headers|
+        headers['content-type'].should =~ /application\/x-www-form-urlencoded/
+        headers['accept'].should =~ /application\/json/
+        headers['X-CF-ENCODED-CREDENTIALS'].should_not
+        headers['authorization'].should == 'Basic dGVzdF9jbGllbnQ6dGVzdCFzZWNyZXQ='
+        params = Util.decode_form(body)
+        params['code_verifier'].should_not
+        params['grant_type'].should == 'authorization_code'
+        url.should match 'http://test.uaa.target/oauth/token'
+        method.should == :post
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+                 scope: 'openid', expires_in: 98765}
+        [200, Util.json(reply), {'content-type' => 'application/json'}]
+      end
+      cburi = 'http://call.back/uri_path'
+      params = Util.decode_form(cburi[1])
+      params['code_challenge'].should_not
+      params['code_challenge_method'].should_not
+      redir_uri = subject.authcode_uri(cburi)
+      state = /state=([^&]+)/.match(redir_uri)[1]
+      reply_query = "state=#{state}&code=kz8%2F5gQZ2pc%3D"
+      token = subject.authcode_grant(redir_uri, reply_query)
+      token.should be_an_instance_of TokenInfo
+      token.info['access_token'].should == 'test_access_token'
+      token.info['token_type'].should =~ /^bearer$/i
+      token.info['scope'].should == 'openid'
+      token.info['expires_in'].should == 98765
+    end
+  end
+
   context 'pkce with own code verifier' do
     let(:options) { {basic_auth: false, code_verifier: 'umoq1e_4XMYXvfHlaO9mSlSI17OKfxnwfR5ZD-oYreFxyn8yQZ-ZHPZfUZ4n3WjY_tkOB_MAisSy4ddqsa6aoTU5ZOcX4ps3de933PczYlC8pZpKL8EQWaDZOnpOyB2W'} }
 
@@ -324,6 +359,38 @@ describe TokenIssuer do
       code_verifier.should == options[:code_verifier]
       code_challenge.should == 'TAnM2AKGgiQKOC16cRpMdF_55qwmz3B333cq6T18z0s'
     end
+
+    let(:client_secret) { nil }
+    it 'public token request with pkce without client_secret' do
+      subject.set_request_handler do |url, method, body, headers|
+        headers['content-type'].should =~ /application\/x-www-form-urlencoded/
+        headers['accept'].should =~ /application\/json/
+        headers['X-CF-ENCODED-CREDENTIALS'].should_not
+        headers['authorization'].should_not
+        params = Util.decode_form(body)
+        params['code_verifier'].should_not
+        params['grant_type'].should == 'authorization_code'
+        params['client_secret'].should_not
+        url.should match 'http://test.uaa.target/oauth/token'
+        method.should == :post
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+                 scope: 'openid', expires_in: 98765}
+        [200, Util.json(reply), {'content-type' => 'application/json'}]
+      end
+      cburi = 'http://call.back/uri_path'
+      params = Util.decode_form(cburi[1])
+      params['code_challenge'].should_not
+      params['code_challenge_method'].should_not
+      redir_uri = subject.authcode_uri(cburi)
+      state = /state=([^&]+)/.match(redir_uri)[1]
+      reply_query = "state=#{state}&code=kz8%2F5gQZ2pc%3D"
+      token = subject.authcode_grant(redir_uri, reply_query)
+      token.should be_an_instance_of TokenInfo
+      token.info['access_token'].should == 'test_access_token'
+      token.info['token_type'].should =~ /^bearer$/i
+      token.info['scope'].should == 'openid'
+      token.info['expires_in'].should == 98765
+    end
   end
 
   context 'no pkce active as this is the default' do
@@ -338,6 +405,40 @@ describe TokenIssuer do
       end
   end
 
+  context 'with client_auth_method using client_secret_post' do
+    let(:options) { {client_auth_method: 'client_secret_post'} }
+    let(:client_secret) { 'body!secret' }
+
+    it 'use client_secret_post in authorization code and expect client_id and secret in body' do
+      subject.set_request_handler do |url, method, body, headers|
+        headers['content-type'].should =~ /application\/x-www-form-urlencoded/
+        headers['accept'].should =~ /application\/json/
+        headers['X-CF-ENCODED-CREDENTIALS'].should_not
+        headers['authorization'].should_not
+        params = Util.decode_form(body)
+        params['code_verifier'].should_not
+        params['grant_type'].should == 'authorization_code'
+        params['client_id'].should == 'test_client'
+        params['client_secret'].should == 'body!secret'
+        url.should match 'http://test.uaa.target/oauth/token'
+        method.should == :post
+        reply = {access_token: 'test_access_token', token_type: 'BEARER',
+                 scope: 'openid', expires_in: 98765}
+        [200, Util.json(reply), {'content-type' => 'application/json'}]
+      end
+      cburi = 'http://call.back/uri_path'
+      redir_uri = subject.authcode_uri(cburi)
+      state = /state=([^&]+)/.match(redir_uri)[1]
+      reply_query = "state=#{state}&code=kz8%2F5gQZ2pc%3D"
+      token = subject.authcode_grant(redir_uri, reply_query)
+      token.should be_an_instance_of TokenInfo
+      token.info['access_token'].should == 'test_access_token'
+      token.info['token_type'].should =~ /^bearer$/i
+      token.info['scope'].should == 'openid'
+      token.info['expires_in'].should == 98765
+    end
+  end
+
 end
 
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cf-uaa-lib
 version: !ruby/object:Gem::Version
-  version: 4.0.7
+  version: 4.0.8
 platform: ruby
 authors:
 - Dave Syer
@@ -9,10 +9,9 @@ authors:
 - Joel D'sa
 - Vidya Valmikinathan
 - Luke Taylor
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-11-19 00:00:00.000000000 Z
+date: 2025-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -28,6 +27,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: mutex_m
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: httpclient
   requirement: !ruby/object:Gem::Requirement
@@ -232,7 +259,6 @@ homepage: https://github.com/cloudfoundry/cf-uaa-lib
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -247,8 +273,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key: 
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Client library for CloudFoundry UAA
 test_files: []