discourse_api 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/discourse_api/single_sign_on.rb +7 -4
- data/lib/discourse_api/version.rb +1 -1
- data/spec/discourse_api/single_sign_on_spec.rb +43 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7b3a4fa6e58bafa87e83cc91ac1d064ad4a28d5a16b333348e69e5e34616656a
|
4
|
+
data.tar.gz: bf82b1cdfb447f2233166d7dced4fdcbd79c7aecbdb1e1831a4df4fa085fbdbb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3852fbddac9d6fd014683731c3d86fdebb29c2805729a0c82802362c7e0cd6a1904be8b63a514ef26520f23864b2540eae3e78f9a40bf8cf2f6d8f097bc145ff
|
7
|
+
data.tar.gz: b264bbe0726bc891188318f680425e7512a66ce7e87c5a7d41e4a3010b0c528acae122c3299e687728ec4ea4d0fb24c42802bf73eb1f3b60c3d70b6c1375b008
|
data/CHANGELOG.md
CHANGED
@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
6
6
|
|
7
7
|
## [Unreleased]
|
8
8
|
|
9
|
+
## [1.1.0] - 2022-07-05
|
10
|
+
### Changed
|
11
|
+
- `DiscourseApi::SingleSignOn.parse` now raises `DiscourseApi::SingleSignOn::ParseError` (inherits from `RuntimeError` to preserve backward compatibility) instead of `RuntimeError` when there's a signature mismatch.
|
12
|
+
- `DiscourseApi::SingleSignOn.parse` now raises `DiscourseApi::SingleSignOn::MissingConfigError` (also inherits from `RuntimeError`) if `sso_secret` or `sso_url` are missing.
|
13
|
+
|
9
14
|
## [1.0.0] - 2022-05-01
|
10
15
|
### Changed
|
11
16
|
- The package now requires ruby 2.6+
|
@@ -5,6 +5,9 @@ require 'openssl'
|
|
5
5
|
|
6
6
|
module DiscourseApi
|
7
7
|
class SingleSignOn
|
8
|
+
class ParseError < RuntimeError; end
|
9
|
+
class MissingConfigError < RuntimeError; end
|
10
|
+
|
8
11
|
ACCESSORS = [
|
9
12
|
:add_groups,
|
10
13
|
:admin,
|
@@ -52,11 +55,11 @@ module DiscourseApi
|
|
52
55
|
attr_writer :custom_fields, :sso_secret, :sso_url
|
53
56
|
|
54
57
|
def self.sso_secret
|
55
|
-
raise
|
58
|
+
raise MissingConfigError, "sso_secret not implemented on class, be sure to set it on instance"
|
56
59
|
end
|
57
60
|
|
58
61
|
def self.sso_url
|
59
|
-
raise
|
62
|
+
raise MissingConfigError, "sso_url not implemented on class, be sure to set it on instance"
|
60
63
|
end
|
61
64
|
|
62
65
|
def self.parse_hash(payload)
|
@@ -98,9 +101,9 @@ module DiscourseApi
|
|
98
101
|
if sso.sign(parsed["sso"]) != parsed["sig"]
|
99
102
|
diags = "\n\nsso: #{parsed["sso"]}\n\nsig: #{parsed["sig"]}\n\nexpected sig: #{sso.sign(parsed["sso"])}"
|
100
103
|
if parsed["sso"] =~ /[^a-zA-Z0-9=\r\n\/+]/m
|
101
|
-
raise
|
104
|
+
raise ParseError, "The SSO field should be Base64 encoded, using only A-Z, a-z, 0-9, +, /, and = characters. Your input contains characters we don't understand as Base64, see http://en.wikipedia.org/wiki/Base64 #{diags}"
|
102
105
|
else
|
103
|
-
raise
|
106
|
+
raise ParseError, "Bad signature for payload #{diags}"
|
104
107
|
end
|
105
108
|
end
|
106
109
|
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe DiscourseApi::SingleSignOn do
|
6
|
+
context "::MissingConfigError" do
|
7
|
+
it "inherits from RuntimeError for backward compatibility" do
|
8
|
+
expect(DiscourseApi::SingleSignOn::MissingConfigError).to be < RuntimeError
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
context "::ParseError" do
|
13
|
+
it "inherits from RuntimeError for backward compatibility" do
|
14
|
+
expect(DiscourseApi::SingleSignOn::ParseError).to be < RuntimeError
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
context ".sso_secret" do
|
19
|
+
it "raises MissingConfigError when sso_secret is not present" do
|
20
|
+
expect {
|
21
|
+
described_class.sso_secret
|
22
|
+
}.to raise_error(DiscourseApi::SingleSignOn::MissingConfigError)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
context ".sso_url" do
|
27
|
+
it "raises MissingConfigError when sso_url is not present" do
|
28
|
+
expect {
|
29
|
+
described_class.sso_url
|
30
|
+
}.to raise_error(DiscourseApi::SingleSignOn::MissingConfigError)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
context ".parse" do
|
35
|
+
it "raises ParseError when there's a signature mismatch" do
|
36
|
+
sso = described_class.new
|
37
|
+
sso.sso_secret = "abcd"
|
38
|
+
expect {
|
39
|
+
described_class.parse(sso.payload, "dcba")
|
40
|
+
}.to raise_error(DiscourseApi::SingleSignOn::ParseError)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: discourse_api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Saffron
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2022-05
|
14
|
+
date: 2022-07-05 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: faraday
|
@@ -274,6 +274,7 @@ files:
|
|
274
274
|
- spec/discourse_api/api/user_actions_spec.rb
|
275
275
|
- spec/discourse_api/api/users_spec.rb
|
276
276
|
- spec/discourse_api/client_spec.rb
|
277
|
+
- spec/discourse_api/single_sign_on_spec.rb
|
277
278
|
- spec/fixtures/admin_user.json
|
278
279
|
- spec/fixtures/api_key.json
|
279
280
|
- spec/fixtures/backups.json
|
@@ -372,6 +373,7 @@ test_files:
|
|
372
373
|
- spec/discourse_api/api/user_actions_spec.rb
|
373
374
|
- spec/discourse_api/api/users_spec.rb
|
374
375
|
- spec/discourse_api/client_spec.rb
|
376
|
+
- spec/discourse_api/single_sign_on_spec.rb
|
375
377
|
- spec/fixtures/admin_user.json
|
376
378
|
- spec/fixtures/api_key.json
|
377
379
|
- spec/fixtures/backups.json
|