RubyGems - gds-sso - Versions diffs - 18.0.0 → 18.1.0 - Mend

gds-sso 18.0.0 → 18.1.0

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/gds-sso/version.rb +1 -1
data/lib/omniauth/strategies/gds.rb +2 -0
data/spec/system/authentication_and_authorisation_spec.rb +36 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6450ab2114242674c0c5f9ddeba9d15cca06e538f2f211a1c621469f9fd2d9af
-  data.tar.gz: eedc4aaa3abd89833c43af03c841f63dc6d68f9fbbd965a15aa917bc20ad933a
+  metadata.gz: fd40185db721bf1aed57caf86387932c0308b64d7138ae09c3489bf825fd0e30
+  data.tar.gz: 4bf2659c890b40cefb9b6981c029a1aabb5ded89c200a17c91ef479029c4c39a
 SHA512:
-  metadata.gz: cfe330d97944bac31202779575770107056ca493ac5af511eb5fb316bbd4a83b459367dd683d69c01656c3e446177dabd008e47cf6d83138f29f139b7e765374
-  data.tar.gz: 01b11032563802c91717c6418150dafadd4518f95845c938bb6ad855895971d541f1a95d59cddae92060e4896ec6fdea6620af24a72515cd9fb79074d705c3c3
+  metadata.gz: 293b83f8018f1318d06a2c90717ba7f76c8b23e974085a7a0bf228b911442faa9ebbcc23f78a8945752676a34058cadf80ed406aaecbc8bc789a6bcea74b7307
+  data.tar.gz: 2345880b44e81b65fbf04198337560e84d87cbaa7a52fb2284d0f6bf7f49561975a28436d0d6898e7b3abe2125ae4effb57822c3036043a6bc35b967e01ae73f

data/lib/gds-sso/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module GDS
   module SSO
-    VERSION = "18.0.0".freeze
+    VERSION = "18.1.0".freeze
   end
 end

data/lib/omniauth/strategies/gds.rb CHANGED Viewed

@@ -4,6 +4,8 @@ require "json"
 class OmniAuth::Strategies::Gds < OmniAuth::Strategies::OAuth2
   uid { user["uid"] }
+  option :pkce, true
   info do
     {
       name: user["name"],

data/spec/system/authentication_and_authorisation_spec.rb CHANGED Viewed

@@ -1,6 +1,42 @@
 require "spec_helper"
 RSpec.describe "Authenication and authorisation" do
+  context "omniauth request phase" do
+    let(:redirect_url) { URI.parse(page.response_headers["Location"]) }
+    let(:authorize_params) { Rack::Utils.parse_query(redirect_url.query) }
+    before do
+      visit "/auth/gds"
+    end
+    it "includes pkce code_challenge_method in request for /oauth/authorize" do
+      expect(redirect_url.path).to eql("/oauth/authorize")
+      expect(authorize_params["code_challenge_method"]).to eq("S256")
+    end
+    it "includes pkce code_challenge in request for /oauth/authorize" do
+      expect(redirect_url.path).to eql("/oauth/authorize")
+      expect(authorize_params["code_challenge"]).to be_present
+    end
+  end
+  context "omniauth callback phase" do
+    it "includes pkce code_verifier in request for /oauth/access_token" do
+      visit "/auth/gds"
+      redirect_url = URI.parse(page.response_headers["Location"])
+      expect(redirect_url.path).to eql("/oauth/authorize")
+      state = Rack::Utils.parse_query(redirect_url.query)["state"]
+      stub_request(:post, "http://signon/oauth/access_token")
+      visit "/auth/gds/callback?state=#{state}"
+      expect(WebMock).to have_requested(:post, "http://signon/oauth/access_token")
+        .with(body: hash_including({ "code_verifier" => /.*/ }))
+    end
+  end
   context "when accessing a route that doesn't require permissions or authentication" do
     it "allows access" do
       visit "/not-restricted"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gds-sso
 version: !ruby/object:Gem::Version
-  version: 18.0.0
+  version: 18.1.0
 platform: ruby
 authors:
 - GOV.UK Dev
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-02 00:00:00.000000000 Z
+date: 2023-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oauth2
@@ -298,7 +298,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.18
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
 summary: Client for GDS' OAuth 2-based SSO