gitlab-omniauth-openid-connect 0.8.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 62584a1fdd8af0168b5b81d04cce7f90284f9b8fcc97a59d6c4de38fc55e9ce7
-  data.tar.gz: d17b803694124786490472be60eccc9f717843c3a3b93e0fa4b449d8868b6a14
+  metadata.gz: f9e4b37ffe9ea66f041a1780fe3f8cdbb17682407bcc6d7e495af13afd2a1c85
+  data.tar.gz: 66c895a42c14a42a7f1185614f0c8a94d3798c3ea78307edcf28da72c534c2a4
 SHA512:
-  metadata.gz: 77e2a464db549e4bdc30a7ba1d37a6e160688274819af19e8caa0f10ad606d837c40f49c0f887570881d92687dc5c7db1b705e6ed4afa347d97d578365ec5d41
-  data.tar.gz: 66f5ebc52581daf1c45b2be51e5ec50096a40f979e7d8684b281c84e8fe13edf05e71e7b25d623d75049fed5b8bb1339d509560278014b680cab7247398b9019
+  metadata.gz: 9b83177983d8a47d5343e8ae27600c483057b0cfe352f3443e18354dd04bd8ea780fee62e17082be2933639a4a2dd0adc497b36c45e2ec41a605fe9277dc941a
+  data.tar.gz: 483f85f60b4ffe09ffe23673c0a992f943626053486abb8731091a837788124578dfb07bdd215a865b3304d3a3bd1e6e5de04dfb7e0578cb0245220c4ca1a4f4

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+# v0.10.0 (05.24.2022)
+
+- [Allow Omniauth v2](https:////gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/-/merge_requests/22)
+
+# v0.9.1 (01.03.2022)
+
+- [Assume public key encryption unless HMAC is specified](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/-/merge_requests/19)
+
+# v0.9.0 (01.03.2022)
+
+- [Add support for ES[256|384|512|256K] algorithms](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/-/merge_requests/17)
+
 # v0.8.0 (07.16.2021)
 
 - [Add `jwt_secret_base64` option to support binary secrets](https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect/-/merge_requests/12)

data/CONTRIBUTING.md

@@ -0,0 +1,40 @@
+## Developer Certificate of Origin and License
+
+By contributing to GitLab B.V., you accept and agree to the following terms and
+conditions for your present and future contributions submitted to GitLab B.V.
+Except for the license granted herein to GitLab B.V. and recipients of software
+distributed by GitLab B.V., you reserve all right, title, and interest in and to
+your Contributions.
+
+All contributions are subject to the Developer Certificate of Origin and license set out at [docs.gitlab.com/ce/legal/developer_certificate_of_origin](https://docs.gitlab.com/ce/legal/developer_certificate_of_origin).
+
+_This notice should stay as the first item in the CONTRIBUTING.md file._
+
+## Code of conduct
+
+As contributors and maintainers of this project, we pledge to respect all people
+who contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual
+language or imagery, derogatory comments or personal attacks, trolling, public
+or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct. Project maintainers who do not follow the
+Code of Conduct may be removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior can be
+reported by emailing contact@gitlab.com.
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://contributor-covenant.org), version 1.1.0,
+available at [https://contributor-covenant.org/version/1/1/0/](https://contributor-covenant.org/version/1/1/0/).

data/README.md

@@ -66,8 +66,8 @@ config.omniauth :openid_connect, {
 | post_logout_redirect_uri     | The logout redirect uri to use per the [session management draft](https://openid.net/specs/openid-connect-session-1_0.html)                                   | no       | empty                      | https://myapp.com/logout/callback                   |
 | uid_field                    | The field of the user info response to be used as a unique id                                                                                                 | no       | 'sub'                      | "sub", "preferred_username"                         |
 | client_options               | A hash of client options detailed in its own section                                                                                                          | yes      |                            |                                                     |
-| jwt_secret | no | client_options.secret | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. For secrets in binary, use `jwt_secret_base64`. |
-| jwt_secret_base64 | no | client_options.secret | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. |
+| jwt_secret | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. For secrets in binary, use `jwt_secret_base64`. | no | client_options.secret | "mysecret" |
+| jwt_secret_base64 | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. `jwt_secret` takes precedence. | no | client_options.secret | "bXlzZWNyZXQ=\n"
 
 ### Client Config Options
 

data/gitlab-omniauth-openid-connect.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'addressable', '~> 2.7'
-  spec.add_dependency 'omniauth', '~> 1.9'
+  spec.add_dependency 'omniauth', '>= 1.9', '< 3'
   spec.add_dependency 'openid_connect', '~> 1.2'
   spec.add_development_dependency 'coveralls', '~> 0.8'
   spec.add_development_dependency 'faker', '~> 2.17'

data/lib/omniauth/openid_connect/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module OpenIDConnect
-    VERSION = '0.8.0'
+    VERSION = '0.10.0'
   end
 end

data/lib/omniauth/strategies/openid_connect.rb

@@ -265,10 +265,10 @@ module OmniAuth
 
         keyset =
           case algorithm
-          when :RS256, :RS384, :RS512
-            public_key
           when :HS256, :HS384, :HS512
             secret
+          else
+            public_key
           end
 
         decoded.verify!(keyset)
@@ -426,6 +426,7 @@ module OmniAuth
         attr_accessor :error, :error_reason, :error_uri
 
         def initialize(data)
+          super
           self.error = data[:error]
           self.error_reason = data[:reason]
           self.error_uri = data[:uri]

data/test/lib/omniauth/strategies/openid_connect_test.rb

@@ -36,7 +36,7 @@ module OmniAuth
         ::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
 
         request.stubs(:path_info).returns('/auth/openid_connect/logout')
-
+        request.stubs(:path).returns('/auth/openid_connect/logout')
         strategy.expects(:redirect).with(regexp_matches(expected_redirect))
         strategy.other_phase
       end
@@ -60,7 +60,7 @@ module OmniAuth
         ::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
 
         request.stubs(:path_info).returns('/auth/openid_connect/logout')
-
+        request.stubs(:path).returns('/auth/openid_connect/logout')
         strategy.expects(:redirect).with(expected_redirect)
         strategy.other_phase
       end

data/test/strategy_test_case.rb

@@ -75,6 +75,7 @@ class StrategyTestCase < MiniTest::Test
       request.stubs(:env).returns({})
       request.stubs(:scheme).returns({})
       request.stubs(:ssl?).returns(false)
+      request.stubs(:path).returns('')
     end
   end
 
@@ -84,6 +85,7 @@ class StrategyTestCase < MiniTest::Test
       strategy.options.client_options.secret = @secret
       strategy.stubs(:request).returns(request)
       strategy.stubs(:user_info).returns(user_info)
+      strategy.stubs(:script_name).returns('')
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-omniauth-openid-connect
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.10.0
 platform: ruby
 authors:
 - John Bohn
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-07-16 00:00:00.000000000 Z
+date: 2022-05-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -29,16 +29,22 @@ dependencies:
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.9'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.9'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: openid_connect
   requirement: !ruby/object:Gem::Requirement
@@ -209,6 +215,7 @@ files:
 - ".rubocop.yml"
 - ".travis.yml"
 - CHANGELOG.md
+- CONTRIBUTING.md
 - Gemfile
 - Guardfile
 - LICENSE.txt
@@ -244,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: OpenID Connect Strategy for OmniAuth