discourse_api 0.48.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '047378d84854b5dae025d57550c071bf9944257a4048bd1be5b51b389e995dc3'
-  data.tar.gz: af75df86361c631aba91dc685c26e2f0d392597fbd561ef93b628f319f907457
+  metadata.gz: 7b3a4fa6e58bafa87e83cc91ac1d064ad4a28d5a16b333348e69e5e34616656a
+  data.tar.gz: bf82b1cdfb447f2233166d7dced4fdcbd79c7aecbdb1e1831a4df4fa085fbdbb
 SHA512:
-  metadata.gz: 7a435c702c930231c817d8192a20ddd859c3102cb3a9928ad4402dc1c019330d4dca79bd407f00ffa9e9038cebe7a0c138c081a019f4373711bfea67104c1a00
-  data.tar.gz: 8664b7d0efa3982e223a61af2a7d28ea2744100fdf1f3dcef99c9c1c3f7c59481c264ac04092c9b0c4c6a5f7559bd1fa99c4010d69fb1451f1a7875678a06d19
+  metadata.gz: 3852fbddac9d6fd014683731c3d86fdebb29c2805729a0c82802362c7e0cd6a1904be8b63a514ef26520f23864b2540eae3e78f9a40bf8cf2f6d8f097bc145ff
+  data.tar.gz: b264bbe0726bc891188318f680425e7512a66ce7e87c5a7d41e4a3010b0c528acae122c3299e687728ec4ea4d0fb24c42802bf73eb1f3b60c3d70b6c1375b008

data/.github/workflows/ci.yml

@@ -4,7 +4,6 @@ on:
   pull_request:
   push:
     branches:
-      - master
       - main
 
 jobs:
@@ -14,13 +13,13 @@ jobs:
     strategy:
       matrix:
         ruby:
-          - 2.5
-          - 2.6
-          - 2.7
-          - 3.0
+          - '2.6'
+          - '2.7'
+          - '3.0'
+          - '3.1'
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Setup ruby
         uses: ruby/setup-ruby@v1
@@ -35,15 +34,15 @@ jobs:
         run: bundle exec rake test
 
   publish:
-    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     needs: build
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Release Gem
-        uses: discourse/publish-rubygems-action@v2-beta
+        uses: discourse/publish-rubygems-action@v2
         env:
           RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}
           GIT_EMAIL: team@discourse.org

data/CHANGELOG.md

@@ -6,6 +6,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.1.0] - 2022-07-05
+### Changed
+- `DiscourseApi::SingleSignOn.parse` now raises `DiscourseApi::SingleSignOn::ParseError` (inherits from `RuntimeError` to preserve backward compatibility) instead of `RuntimeError` when there's a signature mismatch.
+- `DiscourseApi::SingleSignOn.parse` now raises `DiscourseApi::SingleSignOn::MissingConfigError` (also inherits from `RuntimeError`) if `sso_secret` or `sso_url` are missing.
+
+## [1.0.0] - 2022-05-01
+### Changed
+- The package now requires ruby 2.6+
+
+## [0.48.1] - 2022-04-13
+### Added
+- New attributes for Discourse Connect (aka SSO)
+
 ## [0.48.0] - 2022-01-28
 ### Added
 - `group_add_owners` method (#239)
@@ -61,7 +74,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [0.43.1] - 2020-11-04
 ### Fixed
-- Tagged version 0.43.0 got pushed without commmit due to new master branch
+- Tagged version 0.43.0 got pushed without commit due to new master branch
   protections in github. No, code changes here just making sure tags align with
   commits.
 
@@ -114,7 +127,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.38.0] - 2019-10-18
 ### Added
 - Allow setting locale in SingleSignOn
-- Optional param to group memebrs to include owners as well as members
+- Optional param to group members to include owners as well as members
 
 ## [0.37.0] - 2019-09-23
 ### Added
@@ -127,7 +140,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added poll methods
 ### Fixed
 - Updated create topic example
-- Fixed capialization for header auth keys
+- Fixed capitalization for header auth keys
 
 ## [0.35.0] - 2019-05-15
 ### Added
@@ -289,7 +302,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - group_members: Allows you to retrieve more than 100 users with pagination (offset &
   limit)
 ### Fixed
-- Deprication warning with SimpleCov
+- Deprecation warning with SimpleCov
 - updated rack dependency and added ruby 2.3 to travis config
 
 ## [0.9.1] - 2016-03-23

data/discourse_api.gemspec

@@ -30,7 +30,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec', '~> 3.4'
   spec.add_development_dependency 'simplecov', '~> 0.11'
   spec.add_development_dependency 'webmock', '~> 3.0'
-  spec.add_development_dependency 'rubocop-discourse', '~> 2.4.1'
+  spec.add_development_dependency 'rubocop-discourse', '~> 2.5.0'
 
-  spec.required_ruby_version = '>= 2.5.0'
+  spec.required_ruby_version = '>= 2.6.0'
 end

data/lib/discourse_api/single_sign_on.rb

@@ -5,12 +5,49 @@ require 'openssl'
 
 module DiscourseApi
   class SingleSignOn
-    ACCESSORS = [:nonce, :name, :username, :email, :avatar_url, :profile_background_url, :card_background_url, :avatar_force_update, :require_activation,
-                 :bio, :external_id, :return_sso_url, :admin, :moderator, :suppress_welcome_message, :title,
-                 :add_groups, :remove_groups, :groups, :locale, :locale_force_update]
+    class ParseError < RuntimeError; end
+    class MissingConfigError < RuntimeError; end
+
+    ACCESSORS = [
+      :add_groups,
+      :admin,
+      :avatar_force_update,
+      :avatar_url,
+      :bio,
+      :card_background_url,
+      :confirmed_2fa,
+      :email,
+      :external_id,
+      :groups,
+      :locale,
+      :locale_force_update,
+      :moderator,
+      :name,
+      :no_2fa_methods,
+      :nonce,
+      :profile_background_url,
+      :remove_groups,
+      :require_2fa,
+      :require_activation,
+      :return_sso_url,
+      :suppress_welcome_message,
+      :title,
+      :username,
+    ]
+
     FIXNUMS = []
-    BOOLS = [:avatar_force_update, :admin, :moderator, :require_activation, :suppress_welcome_message,
-      :locale_force_update]
+
+    BOOLS = [
+      :admin,
+      :avatar_force_update,
+      :confirmed_2fa,
+      :locale_force_update,
+      :moderator,
+      :no_2fa_methods,
+      :require_2fa,
+      :require_activation,
+      :suppress_welcome_message,
+    ]
     ARRAYS = [:groups]
     #NONCE_EXPIRY_TIME = 10.minutes # minutes is a rails method and is causing an error. Is this needed in the api?
 
@@ -18,11 +55,11 @@ module DiscourseApi
     attr_writer :custom_fields, :sso_secret, :sso_url
 
     def self.sso_secret
-      raise RuntimeError, "sso_secret not implemented on class, be sure to set it on instance"
+      raise MissingConfigError, "sso_secret not implemented on class, be sure to set it on instance"
     end
 
     def self.sso_url
-      raise RuntimeError, "sso_url not implemented on class, be sure to set it on instance"
+      raise MissingConfigError, "sso_url not implemented on class, be sure to set it on instance"
     end
 
     def self.parse_hash(payload)
@@ -64,9 +101,9 @@ module DiscourseApi
       if sso.sign(parsed["sso"]) != parsed["sig"]
         diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}"
         if parsed["sso"] =~ /[^a-zA-Z0-9=\r\n\/+]/m
-          raise RuntimeError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}"
+          raise ParseError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}"
         else
-          raise RuntimeError, "Bad signature for payload #{diags}"
+          raise ParseError, "Bad signature for payload #{diags}"
         end
       end
 

data/lib/discourse_api/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module DiscourseApi
-  VERSION = "0.48.0"
+  VERSION = "1.1.0"
 end

data/spec/discourse_api/api/sso_spec.rb

@@ -27,10 +27,10 @@ describe DiscourseApi::API::SSO do
     }
   end
   let(:expected_unsigned_payload) do
-    'name=Some+User&username=some_user&email=some%40email.com&'\
-    'avatar_url=https%3A%2F%2Fwww.website.com&external_id=abc&title=ruby'\
-    '&add_groups=a&add_groups=b&remove_groups=c&remove_groups=d&custom.field_2=potato&'\
-    'custom.custom.field_1=tomato'
+    'add_groups=a&add_groups=b&avatar_url=https%3A%2F%2Fwww.website.com'\
+    '&email=some%40email.com&external_id=abc&name=Some+User&remove_groups=c'\
+    '&remove_groups=d&title=ruby&username=some_user&custom.field_2=potato'\
+    '&custom.custom.field_1=tomato'
   end
   let(:sso_double) { DiscourseApi::SingleSignOn.parse_hash(params) }
 

data/spec/discourse_api/single_sign_on_spec.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe DiscourseApi::SingleSignOn do
+  context "::MissingConfigError" do
+    it "inherits from RuntimeError for backward compatibility" do
+      expect(DiscourseApi::SingleSignOn::MissingConfigError).to be < RuntimeError
+    end
+  end
+
+  context "::ParseError" do
+    it "inherits from RuntimeError for backward compatibility" do
+      expect(DiscourseApi::SingleSignOn::ParseError).to be < RuntimeError
+    end
+  end
+
+  context ".sso_secret" do
+    it "raises MissingConfigError when sso_secret is not present" do
+      expect {
+        described_class.sso_secret
+      }.to raise_error(DiscourseApi::SingleSignOn::MissingConfigError)
+    end
+  end
+
+  context ".sso_url" do
+    it "raises MissingConfigError when sso_url is not present" do
+      expect {
+        described_class.sso_url
+      }.to raise_error(DiscourseApi::SingleSignOn::MissingConfigError)
+    end
+  end
+
+  context ".parse" do
+    it "raises ParseError when there's a signature mismatch" do
+      sso = described_class.new
+      sso.sso_secret = "abcd"
+      expect {
+        described_class.parse(sso.payload, "dcba")
+      }.to raise_error(DiscourseApi::SingleSignOn::ParseError)
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: discourse_api
 version: !ruby/object:Gem::Version
-  version: 0.48.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Sam Saffron
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-01-28 00:00:00.000000000 Z
+date: 2022-07-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -173,14 +173,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.1
+        version: 2.5.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.1
+        version: 2.5.0
 description: Discourse API
 email:
 - sam.saffron@gmail.com
@@ -274,6 +274,7 @@ files:
 - spec/discourse_api/api/user_actions_spec.rb
 - spec/discourse_api/api/users_spec.rb
 - spec/discourse_api/client_spec.rb
+- spec/discourse_api/single_sign_on_spec.rb
 - spec/fixtures/admin_user.json
 - spec/fixtures/api_key.json
 - spec/fixtures/backups.json
@@ -340,7 +341,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -372,6 +373,7 @@ test_files:
 - spec/discourse_api/api/user_actions_spec.rb
 - spec/discourse_api/api/users_spec.rb
 - spec/discourse_api/client_spec.rb
+- spec/discourse_api/single_sign_on_spec.rb
 - spec/fixtures/admin_user.json
 - spec/fixtures/api_key.json
 - spec/fixtures/backups.json