gds-sso 18.0.0 → 19.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/gds-sso/config.rb +0 -1
  3. data/lib/gds-sso/version.rb +1 -1
  4. data/lib/omniauth/strategies/gds.rb +2 -0
  5. data/spec/internal/app/models/user.rb +1 -1
  6. data/spec/system/authentication_and_authorisation_spec.rb +36 -0
  7. metadata +3 -4
  8. data/app/views/authorisations/cant_signin.html.erb +0 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6450ab2114242674c0c5f9ddeba9d15cca06e538f2f211a1c621469f9fd2d9af
4
- data.tar.gz: eedc4aaa3abd89833c43af03c841f63dc6d68f9fbbd965a15aa917bc20ad933a
3
+ metadata.gz: 7ddad93d93075a295b1b4a6561d7c37dfba8e89892be22fc2ba54f53b594f460
4
+ data.tar.gz: 2de1bc908bd25480554df696b32a08f72f3b02f8c74c72bfa4b3ccd59227ac6a
5
5
  SHA512:
6
- metadata.gz: cfe330d97944bac31202779575770107056ca493ac5af511eb5fb316bbd4a83b459367dd683d69c01656c3e446177dabd008e47cf6d83138f29f139b7e765374
7
- data.tar.gz: 01b11032563802c91717c6418150dafadd4518f95845c938bb6ad855895971d541f1a95d59cddae92060e4896ec6fdea6620af24a72515cd9fb79074d705c3c3
6
+ metadata.gz: cdae7d624ab18260632acc9945ce7790664dde1f99fc2dca57c7fe5569f8aacdf0180286c1acd34f60d054c4100ec212b2359ae4a5b056352edecc30c3721058
7
+ data.tar.gz: 6d71aefcfa8f20aed5a479ca032bd2abab343fe71054b61766dbf3f80ed88047203929119e92183f31f735810066a9683b7c36279310f9e8044ee9f38933bc54
data/lib/gds-sso/config.rb CHANGED
@@ -26,7 +26,6 @@ module GDS
26
26
  @@auth_valid_for = 20 * 3600
27
27
 
28
28
  mattr_accessor :cache
29
- @@cache = ActiveSupport::Cache::NullStore.new
30
29
 
31
30
  mattr_accessor :api_only
32
31
 
data/lib/gds-sso/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module GDS
2
2
  module SSO
3
- VERSION = "18.0.0".freeze
3
+ VERSION = "19.0.0".freeze
4
4
  end
5
5
  end
data/lib/omniauth/strategies/gds.rb CHANGED
@@ -4,6 +4,8 @@ require "json"
4
4
  class OmniAuth::Strategies::Gds < OmniAuth::Strategies::OAuth2
5
5
  uid { user["uid"] }
6
6
 
7
+ option :pkce, true
8
+
7
9
  info do
8
10
  {
9
11
  name: user["name"],
data/spec/internal/app/models/user.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  class User < ActiveRecord::Base
2
2
  include GDS::SSO::User
3
3
 
4
- serialize :permissions, Array
4
+ serialize :permissions, type: Array
5
5
  end
data/spec/system/authentication_and_authorisation_spec.rb CHANGED
@@ -1,6 +1,42 @@
1
1
  require "spec_helper"
2
2
 
3
3
  RSpec.describe "Authenication and authorisation" do
4
+ context "omniauth request phase" do
5
+ let(:redirect_url) { URI.parse(page.response_headers["Location"]) }
6
+ let(:authorize_params) { Rack::Utils.parse_query(redirect_url.query) }
7
+
8
+ before do
9
+ visit "/auth/gds"
10
+ end
11
+
12
+ it "includes pkce code_challenge_method in request for /oauth/authorize" do
13
+ expect(redirect_url.path).to eql("/oauth/authorize")
14
+ expect(authorize_params["code_challenge_method"]).to eq("S256")
15
+ end
16
+
17
+ it "includes pkce code_challenge in request for /oauth/authorize" do
18
+ expect(redirect_url.path).to eql("/oauth/authorize")
19
+ expect(authorize_params["code_challenge"]).to be_present
20
+ end
21
+ end
22
+
23
+ context "omniauth callback phase" do
24
+ it "includes pkce code_verifier in request for /oauth/access_token" do
25
+ visit "/auth/gds"
26
+
27
+ redirect_url = URI.parse(page.response_headers["Location"])
28
+ expect(redirect_url.path).to eql("/oauth/authorize")
29
+ state = Rack::Utils.parse_query(redirect_url.query)["state"]
30
+
31
+ stub_request(:post, "http://signon/oauth/access_token")
32
+
33
+ visit "/auth/gds/callback?state=#{state}"
34
+
35
+ expect(WebMock).to have_requested(:post, "http://signon/oauth/access_token")
36
+ .with(body: hash_including({ "code_verifier" => /.*/ }))
37
+ end
38
+ end
39
+
4
40
  context "when accessing a route that doesn't require permissions or authentication" do
5
41
  it "allows access" do
6
42
  visit "/not-restricted"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gds-sso
3
3
  version: !ruby/object:Gem::Version
4
- version: 18.0.0
4
+ version: 19.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GOV.UK Dev
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-02 00:00:00.000000000 Z
11
+ date: 2024-02-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: oauth2
@@ -239,7 +239,6 @@ files:
239
239
  - app/controllers/api/user_controller.rb
240
240
  - app/controllers/authentications_controller.rb
241
241
  - app/views/authentications/failure.html.erb
242
- - app/views/authorisations/cant_signin.html.erb
243
242
  - app/views/authorisations/unauthorised.html.erb
244
243
  - app/views/layouts/unauthorised.html.erb
245
244
  - config/routes.rb
@@ -298,7 +297,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
298
297
  - !ruby/object:Gem::Version
299
298
  version: '0'
300
299
  requirements: []
301
- rubygems_version: 3.4.18
300
+ rubygems_version: 3.5.5
302
301
  signing_key:
303
302
  specification_version: 4
304
303
  summary: Client for GDS' OAuth 2-based SSO
data/app/views/authorisations/cant_signin.html.erb DELETED
@@ -1,6 +0,0 @@
1
- <h1>Sorry, you don't have permission to access this application</h1>
2
-
3
- <p>Please contact your Delivery Manager or main GDS contact if you need access.</p>
4
-
5
- <p>If you think something is wrong, try <%= link_to "signing out", gds_sign_out_path %> and then back in.</p>
6
-