gds-sso 18.0.0 → 19.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/gds-sso/config.rb +0 -1
  3. data/lib/gds-sso/version.rb +1 -1
  4. data/lib/omniauth/strategies/gds.rb +2 -0
  5. data/spec/internal/app/models/user.rb +1 -1
  6. data/spec/system/authentication_and_authorisation_spec.rb +36 -0
  7. metadata +3 -4
  8. data/app/views/authorisations/cant_signin.html.erb +0 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6450ab2114242674c0c5f9ddeba9d15cca06e538f2f211a1c621469f9fd2d9af
4
- data.tar.gz: eedc4aaa3abd89833c43af03c841f63dc6d68f9fbbd965a15aa917bc20ad933a
3
+ metadata.gz: 7ddad93d93075a295b1b4a6561d7c37dfba8e89892be22fc2ba54f53b594f460
4
+ data.tar.gz: 2de1bc908bd25480554df696b32a08f72f3b02f8c74c72bfa4b3ccd59227ac6a
5
5
  SHA512:
6
- metadata.gz: cfe330d97944bac31202779575770107056ca493ac5af511eb5fb316bbd4a83b459367dd683d69c01656c3e446177dabd008e47cf6d83138f29f139b7e765374
7
- data.tar.gz: 01b11032563802c91717c6418150dafadd4518f95845c938bb6ad855895971d541f1a95d59cddae92060e4896ec6fdea6620af24a72515cd9fb79074d705c3c3
6
+ metadata.gz: cdae7d624ab18260632acc9945ce7790664dde1f99fc2dca57c7fe5569f8aacdf0180286c1acd34f60d054c4100ec212b2359ae4a5b056352edecc30c3721058
7
+ data.tar.gz: 6d71aefcfa8f20aed5a479ca032bd2abab343fe71054b61766dbf3f80ed88047203929119e92183f31f735810066a9683b7c36279310f9e8044ee9f38933bc54
data/lib/gds-sso/config.rb CHANGED
@@ -26,7 +26,6 @@ module GDS
26
26
  @@auth_valid_for = 20 * 3600
27
27
 
28
28
  mattr_accessor :cache
29
- @@cache = ActiveSupport::Cache::NullStore.new
30
29
 
31
30
  mattr_accessor :api_only
32
31
 
data/lib/gds-sso/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module GDS
2
2
  module SSO
3
- VERSION = "18.0.0".freeze
3
+ VERSION = "19.0.0".freeze
4
4
  end
5
5
  end
data/lib/omniauth/strategies/gds.rb CHANGED
@@ -4,6 +4,8 @@ require "json"
4
4
  class OmniAuth::Strategies::Gds < OmniAuth::Strategies::OAuth2
5
5
  uid { user["uid"] }
6
6
 
7
+ option :pkce, true
8
+
7
9
  info do
8
10
  {
9
11
  name: user["name"],
data/spec/internal/app/models/user.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  class User < ActiveRecord::Base
2
2
  include GDS::SSO::User
3
3
 
4
- serialize :permissions, Array
4
+ serialize :permissions, type: Array
5
5
  end
data/spec/system/authentication_and_authorisation_spec.rb CHANGED
@@ -1,6 +1,42 @@
1
1
  require "spec_helper"
2
2
 
3
3
  RSpec.describe "Authenication and authorisation" do
4
+ context "omniauth request phase" do
5
+ let(:redirect_url) { URI.parse(page.response_headers["Location"]) }
6
+ let(:authorize_params) { Rack::Utils.parse_query(redirect_url.query) }
7
+
8
+ before do
9
+ visit "/auth/gds"
10
+ end
11
+
12
+ it "includes pkce code_challenge_method in request for /oauth/authorize" do
13
+ expect(redirect_url.path).to eql("/oauth/authorize")
14
+ expect(authorize_params["code_challenge_method"]).to eq("S256")
15
+ end
16
+
17
+ it "includes pkce code_challenge in request for /oauth/authorize" do
18
+ expect(redirect_url.path).to eql("/oauth/authorize")
19
+ expect(authorize_params["code_challenge"]).to be_present
20
+ end
21
+ end
22
+
23
+ context "omniauth callback phase" do
24
+ it "includes pkce code_verifier in request for /oauth/access_token" do
25
+ visit "/auth/gds"
26
+
27
+ redirect_url = URI.parse(page.response_headers["Location"])
28
+ expect(redirect_url.path).to eql("/oauth/authorize")
29
+ state = Rack::Utils.parse_query(redirect_url.query)["state"]
30
+
31
+ stub_request(:post, "http://signon/oauth/access_token")
32
+
33
+ visit "/auth/gds/callback?state=#{state}"
34
+
35
+ expect(WebMock).to have_requested(:post, "http://signon/oauth/access_token")
36
+ .with(body: hash_including({ "code_verifier" => /.*/ }))
37
+ end
38
+ end
39
+
4
40
  context "when accessing a route that doesn't require permissions or authentication" do
5
41
  it "allows access" do
6
42
  visit "/not-restricted"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gds-sso
3
3
  version: !ruby/object:Gem::Version
4
- version: 18.0.0
4
+ version: 19.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GOV.UK Dev
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-02 00:00:00.000000000 Z
11
+ date: 2024-02-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: oauth2
@@ -239,7 +239,6 @@ files:
239
239
  - app/controllers/api/user_controller.rb
240
240
  - app/controllers/authentications_controller.rb
241
241
  - app/views/authentications/failure.html.erb
242
- - app/views/authorisations/cant_signin.html.erb
243
242
  - app/views/authorisations/unauthorised.html.erb
244
243
  - app/views/layouts/unauthorised.html.erb
245
244
  - config/routes.rb
@@ -298,7 +297,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
298
297
  - !ruby/object:Gem::Version
299
298
  version: '0'
300
299
  requirements: []
301
- rubygems_version: 3.4.18
300
+ rubygems_version: 3.5.5
302
301
  signing_key:
303
302
  specification_version: 4
304
303
  summary: Client for GDS' OAuth 2-based SSO
data/app/views/authorisations/cant_signin.html.erb DELETED
@@ -1,6 +0,0 @@
1
- <h1>Sorry, you don't have permission to access this application</h1>
2
-
3
- <p>Please contact your Delivery Manager or main GDS contact if you need access.</p>
4
-
5
- <p>If you think something is wrong, try <%= link_to "signing out", gds_sign_out_path %> and then back in.</p>
6
-