googleauth 0.8.1 → 0.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.kokoro/build.bat +9 -1
- data/.kokoro/continuous/linux.cfg +12 -2
- data/.kokoro/continuous/osx.cfg +5 -0
- data/.kokoro/continuous/post.cfg +30 -0
- data/.kokoro/continuous/windows.cfg +27 -1
- data/.kokoro/presubmit/linux.cfg +11 -1
- data/.kokoro/presubmit/osx.cfg +5 -0
- data/.kokoro/presubmit/windows.cfg +27 -1
- data/.kokoro/release.cfg +42 -1
- data/.kokoro/trampoline.bat +10 -0
- data/.repo-metadata.json +5 -0
- data/.rubocop.yml +10 -2
- data/CHANGELOG.md +34 -0
- data/Gemfile +8 -3
- data/README.md +7 -12
- data/Rakefile +48 -5
- data/googleauth.gemspec +6 -3
- data/integration/helper.rb +31 -0
- data/integration/id_tokens/key_source_test.rb +74 -0
- data/lib/googleauth.rb +1 -0
- data/lib/googleauth/application_default.rb +1 -1
- data/lib/googleauth/compute_engine.rb +19 -17
- data/lib/googleauth/credentials.rb +318 -63
- data/lib/googleauth/credentials_loader.rb +10 -8
- data/lib/googleauth/id_tokens.rb +233 -0
- data/lib/googleauth/id_tokens/errors.rb +71 -0
- data/lib/googleauth/id_tokens/key_sources.rb +394 -0
- data/lib/googleauth/id_tokens/verifier.rb +144 -0
- data/lib/googleauth/json_key_reader.rb +6 -2
- data/lib/googleauth/service_account.rb +16 -7
- data/lib/googleauth/signet.rb +8 -5
- data/lib/googleauth/user_authorizer.rb +6 -1
- data/lib/googleauth/user_refresh.rb +2 -2
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +13 -8
- data/rakelib/devsite_builder.rb +45 -0
- data/rakelib/link_checker.rb +64 -0
- data/rakelib/repo_metadata.rb +59 -0
- data/spec/googleauth/apply_auth_examples.rb +28 -5
- data/spec/googleauth/compute_engine_spec.rb +25 -13
- data/spec/googleauth/credentials_spec.rb +366 -161
- data/spec/googleauth/service_account_spec.rb +23 -16
- data/spec/googleauth/signet_spec.rb +46 -7
- data/spec/googleauth/user_authorizer_spec.rb +21 -1
- data/spec/googleauth/user_refresh_spec.rb +1 -1
- data/spec/googleauth/web_user_authorizer_spec.rb +6 -0
- data/test/helper.rb +33 -0
- data/test/id_tokens/key_sources_test.rb +240 -0
- data/test/id_tokens/verifier_test.rb +269 -0
- metadata +46 -12
- data/.kokoro/windows.sh +0 -4
|
@@ -0,0 +1,269 @@
|
|
|
1
|
+
# Copyright 2020 Google LLC
|
|
2
|
+
#
|
|
3
|
+
# Redistribution and use in source and binary forms, with or without
|
|
4
|
+
# modification, are permitted provided that the following conditions are
|
|
5
|
+
# met:
|
|
6
|
+
#
|
|
7
|
+
# * Redistributions of source code must retain the above copyright
|
|
8
|
+
# notice, this list of conditions and the following disclaimer.
|
|
9
|
+
# * Redistributions in binary form must reproduce the above
|
|
10
|
+
# copyright notice, this list of conditions and the following disclaimer
|
|
11
|
+
# in the documentation and/or other materials provided with the
|
|
12
|
+
# distribution.
|
|
13
|
+
# * Neither the name of Google Inc. nor the names of its
|
|
14
|
+
# contributors may be used to endorse or promote products derived from
|
|
15
|
+
# this software without specific prior written permission.
|
|
16
|
+
#
|
|
17
|
+
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
18
|
+
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
19
|
+
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
20
|
+
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
21
|
+
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
22
|
+
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
23
|
+
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
24
|
+
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
25
|
+
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
26
|
+
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
27
|
+
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
28
|
+
|
|
29
|
+
require "helper"
|
|
30
|
+
|
|
31
|
+
describe Google::Auth::IDTokens::Verifier do
|
|
32
|
+
describe "verify_oidc" do
|
|
33
|
+
let(:oidc_token) {
|
|
34
|
+
"eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5MjcxMGE3ZmNkYjE1Mzk2MGNlMDFmNzYwNTIwY" \
|
|
35
|
+
"TMyYzg0NTVkZmYiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwOi8vZXhhbXBsZS5jb20" \
|
|
36
|
+
"iLCJhenAiOiI1NDIzMzkzNTc2MzgtY3IwZHNlcnIyZXZnN3N2MW1lZ2hxZXU3MDMyNzRm" \
|
|
37
|
+
"M2hAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJlbWFpbCI6IjU0MjMzOTM1N" \
|
|
38
|
+
"zYzOC1jcjBkc2VycjJldmc3c3YxbWVnaHFldTcwMzI3NGYzaEBkZXZlbG9wZXIuZ3Nlcn" \
|
|
39
|
+
"ZpY2VhY2NvdW50LmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJleHAiOjE1OTEzNDI" \
|
|
40
|
+
"3NzYsImlhdCI6MTU5MTMzOTE3NiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUu" \
|
|
41
|
+
"Y29tIiwic3ViIjoiMTA0MzQxNDczMTMxODI1OTU3NjAzIn0.GGDE_5HoLacyqdufdxnAC" \
|
|
42
|
+
"rXxYySKQYAzSQ5qfGjSUriuO3uLm2-rwSPFfLzzBeflEHdVX7XRFFszpxKajuZklF4dXd" \
|
|
43
|
+
"0evB1u5i3QeCJ8MSZKKx6qus_ETJv4rtuPNEuyhaRcShB7BwI8RY0IZ4_EDrhYqYInrO2" \
|
|
44
|
+
"wQyJGYvc41JcmoKzRoNnEVydN0Qppt9bqevq_lJg-9UjJkJ2QHjPfTgMjwhLIgNptKgtR" \
|
|
45
|
+
"qdoRpJmleFlbuUqyPPJfAzv3Tc6h3kw88tEcI8R3n04xmHOSMwERFFQYJdQDMd2F9SSDe" \
|
|
46
|
+
"rh40codO_GuPZ7bEUiKq9Lkx2LH5TuhythfsMzIwJpaEA"
|
|
47
|
+
}
|
|
48
|
+
let(:oidc_jwk_body) {
|
|
49
|
+
<<~JWK
|
|
50
|
+
{
|
|
51
|
+
"keys": [
|
|
52
|
+
{
|
|
53
|
+
"kid": "fb8ca5b7d8d9a5c6c6788071e866c6c40f3fc1f9",
|
|
54
|
+
"e": "AQAB",
|
|
55
|
+
"alg": "RS256",
|
|
56
|
+
"use": "sig",
|
|
57
|
+
"n": "zK8PHf_6V3G5rU-viUOL1HvAYn7q--dxMoUkt7x1rSWX6fimla-lpoYAKhFTLUELkRKy_6UDzfybz0P9eItqS2UxVWYpKYmKTQ08HgUBUde4GtO_B0SkSk8iLtGh653UBBjgXmfzdfQEz_DsaWn7BMtuAhY9hpMtJye8LQlwaS8ibQrsC0j0GZM5KXRITHwfx06_T1qqC_MOZRA6iJs-J2HNlgeyFuoQVBTY6pRqGXa-qaVsSG3iU-vqNIciFquIq-xydwxLqZNksRRer5VAsSHf0eD3g2DX-cf6paSy1aM40svO9EfSvG_07MuHafEE44RFvSZZ4ubEN9U7ALSjdw",
|
|
58
|
+
"kty": "RSA"
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
"kty": "RSA",
|
|
62
|
+
"kid": "492710a7fcdb153960ce01f760520a32c8455dff",
|
|
63
|
+
"e": "AQAB",
|
|
64
|
+
"alg": "RS256",
|
|
65
|
+
"use": "sig",
|
|
66
|
+
"n": "wl6TaY_3dsuLczYH_hioeQ5JjcLKLGYb--WImN9_IKMkOj49dgs25wkjsdI9XGJYhhPJLlvfjIfXH49ZGA_XKLx7fggNaBRZcj1y-I3_77tVa9N7An5JLq3HT9XVt0PNTq0mtX009z1Hva4IWZ5IhENx2rWlZOfFAXiMUqhnDc8VY3lG7vr8_VG3cw3XRKvlZQKbb6p2YIMFsUwaDGL2tVF4SkxpxIazUYfOY5lijyVugNTslOBhlEMq_43MZlkznSrbFx8ToQ2bQX4Shj-r9pLyofbo6A7K9mgWnQXGY5rQVLPYYRzUg0ThWDzwHdgxYC5MNxKyQH4RC2LPv3U0LQ"
|
|
67
|
+
}
|
|
68
|
+
]
|
|
69
|
+
}
|
|
70
|
+
JWK
|
|
71
|
+
}
|
|
72
|
+
let(:expected_aud) { "http://example.com" }
|
|
73
|
+
let(:expected_azp) { "542339357638-cr0dserr2evg7sv1meghqeu703274f3h@developer.gserviceaccount.com" }
|
|
74
|
+
let(:unexpired_test_time) { Time.at 1591339181 }
|
|
75
|
+
let(:expired_test_time) { unexpired_test_time + 86400 }
|
|
76
|
+
|
|
77
|
+
after do
|
|
78
|
+
WebMock.reset!
|
|
79
|
+
Google::Auth::IDTokens.forget_sources!
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
it "verifies a good token with iss, aud, and azp checks" do
|
|
83
|
+
stub_request(:get, Google::Auth::IDTokens::OAUTH2_V3_CERTS_URL).to_return(body: oidc_jwk_body)
|
|
84
|
+
Time.stub :now, unexpired_test_time do
|
|
85
|
+
Google::Auth::IDTokens.verify_oidc oidc_token, aud: expected_aud, azp: expected_azp
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
it "fails to verify a bad token" do
|
|
90
|
+
stub_request(:get, Google::Auth::IDTokens::OAUTH2_V3_CERTS_URL).to_return(body: oidc_jwk_body)
|
|
91
|
+
Time.stub :now, unexpired_test_time do
|
|
92
|
+
assert_raises Google::Auth::IDTokens::SignatureError do
|
|
93
|
+
Google::Auth::IDTokens.verify_oidc "#{oidc_token}x"
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
it "fails to verify a token with the wrong aud" do
|
|
99
|
+
stub_request(:get, Google::Auth::IDTokens::OAUTH2_V3_CERTS_URL).to_return(body: oidc_jwk_body)
|
|
100
|
+
Time.stub :now, unexpired_test_time do
|
|
101
|
+
assert_raises Google::Auth::IDTokens::AudienceMismatchError do
|
|
102
|
+
Google::Auth::IDTokens.verify_oidc oidc_token, aud: ["hello", "world"]
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
it "fails to verify a token with the wrong azp" do
|
|
108
|
+
stub_request(:get, Google::Auth::IDTokens::OAUTH2_V3_CERTS_URL).to_return(body: oidc_jwk_body)
|
|
109
|
+
Time.stub :now, unexpired_test_time do
|
|
110
|
+
assert_raises Google::Auth::IDTokens::AuthorizedPartyMismatchError do
|
|
111
|
+
Google::Auth::IDTokens.verify_oidc oidc_token, azp: "hello"
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
it "fails to verify a token with the wrong issuer" do
|
|
117
|
+
stub_request(:get, Google::Auth::IDTokens::OAUTH2_V3_CERTS_URL).to_return(body: oidc_jwk_body)
|
|
118
|
+
Time.stub :now, unexpired_test_time do
|
|
119
|
+
assert_raises Google::Auth::IDTokens::IssuerMismatchError do
|
|
120
|
+
Google::Auth::IDTokens.verify_oidc oidc_token, iss: "hello"
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
it "fails to verify an expired token" do
|
|
126
|
+
stub_request(:get, Google::Auth::IDTokens::OAUTH2_V3_CERTS_URL).to_return(body: oidc_jwk_body)
|
|
127
|
+
Time.stub :now, expired_test_time do
|
|
128
|
+
assert_raises Google::Auth::IDTokens::ExpiredTokenError do
|
|
129
|
+
Google::Auth::IDTokens.verify_oidc oidc_token
|
|
130
|
+
end
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
describe "verify_iap" do
|
|
136
|
+
let(:iap_token) {
|
|
137
|
+
"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjBvZUxjUSJ9.eyJhdWQiOiIvcH" \
|
|
138
|
+
"JvamVjdHMvNjUyNTYyNzc2Nzk4L2FwcHMvY2xvdWQtc2FtcGxlcy10ZXN0cy1waHAtaWFwI" \
|
|
139
|
+
"iwiZW1haWwiOiJkYXp1bWFAZ29vZ2xlLmNvbSIsImV4cCI6MTU5MTMzNTcyNCwiZ29vZ2xl" \
|
|
140
|
+
"Ijp7ImFjY2Vzc19sZXZlbHMiOlsiYWNjZXNzUG9saWNpZXMvNTE4NTUxMjgwOTI0L2FjY2V" \
|
|
141
|
+
"zc0xldmVscy9yZWNlbnRTZWN1cmVDb25uZWN0RGF0YSIsImFjY2Vzc1BvbGljaWVzLzUxOD" \
|
|
142
|
+
"U1MTI4MDkyNC9hY2Nlc3NMZXZlbHMvdGVzdE5vT3AiLCJhY2Nlc3NQb2xpY2llcy81MTg1N" \
|
|
143
|
+
"TEyODA5MjQvYWNjZXNzTGV2ZWxzL2V2YXBvcmF0aW9uUWFEYXRhRnVsbHlUcnVzdGVkIiwi" \
|
|
144
|
+
"YWNjZXNzUG9saWNpZXMvNTE4NTUxMjgwOTI0L2FjY2Vzc0xldmVscy9jYWFfZGlzYWJsZWQ" \
|
|
145
|
+
"iLCJhY2Nlc3NQb2xpY2llcy81MTg1NTEyODA5MjQvYWNjZXNzTGV2ZWxzL3JlY2VudE5vbk" \
|
|
146
|
+
"1vYmlsZVNlY3VyZUNvbm5lY3REYXRhIiwiYWNjZXNzUG9saWNpZXMvNTE4NTUxMjgwOTI0L" \
|
|
147
|
+
"2FjY2Vzc0xldmVscy9jb25jb3JkIiwiYWNjZXNzUG9saWNpZXMvNTE4NTUxMjgwOTI0L2Fj" \
|
|
148
|
+
"Y2Vzc0xldmVscy9mdWxseVRydXN0ZWRfY2FuYXJ5RGF0YSIsImFjY2Vzc1BvbGljaWVzLzU" \
|
|
149
|
+
"xODU1MTI4MDkyNC9hY2Nlc3NMZXZlbHMvZnVsbHlUcnVzdGVkX3Byb2REYXRhIl19LCJoZC" \
|
|
150
|
+
"I6Imdvb2dsZS5jb20iLCJpYXQiOjE1OTEzMzUxMjQsImlzcyI6Imh0dHBzOi8vY2xvdWQuZ" \
|
|
151
|
+
"29vZ2xlLmNvbS9pYXAiLCJzdWIiOiJhY2NvdW50cy5nb29nbGUuY29tOjExMzc3OTI1ODA4" \
|
|
152
|
+
"MTE5ODAwNDY5NCJ9.2BlagZOoonmX35rNY-KPbONiVzFAdNXKRGkX45uGFXeHryjKgv--K6" \
|
|
153
|
+
"siL8syeCFXzHvgmWpJk31sEt4YLxPKvQ"
|
|
154
|
+
}
|
|
155
|
+
let(:iap_jwk_body) {
|
|
156
|
+
<<~JWK
|
|
157
|
+
{
|
|
158
|
+
"keys" : [
|
|
159
|
+
{
|
|
160
|
+
"alg" : "ES256",
|
|
161
|
+
"crv" : "P-256",
|
|
162
|
+
"kid" : "LYyP2g",
|
|
163
|
+
"kty" : "EC",
|
|
164
|
+
"use" : "sig",
|
|
165
|
+
"x" : "SlXFFkJ3JxMsXyXNrqzE3ozl_0913PmNbccLLWfeQFU",
|
|
166
|
+
"y" : "GLSahrZfBErmMUcHP0MGaeVnJdBwquhrhQ8eP05NfCI"
|
|
167
|
+
},
|
|
168
|
+
{
|
|
169
|
+
"alg" : "ES256",
|
|
170
|
+
"crv" : "P-256",
|
|
171
|
+
"kid" : "mpf0DA",
|
|
172
|
+
"kty" : "EC",
|
|
173
|
+
"use" : "sig",
|
|
174
|
+
"x" : "fHEdeT3a6KaC1kbwov73ZwB_SiUHEyKQwUUtMCEn0aI",
|
|
175
|
+
"y" : "QWOjwPhInNuPlqjxLQyhveXpWqOFcQPhZ3t-koMNbZI"
|
|
176
|
+
},
|
|
177
|
+
{
|
|
178
|
+
"alg" : "ES256",
|
|
179
|
+
"crv" : "P-256",
|
|
180
|
+
"kid" : "b9vTLA",
|
|
181
|
+
"kty" : "EC",
|
|
182
|
+
"use" : "sig",
|
|
183
|
+
"x" : "qCByTAvci-jRAD7uQSEhTdOs8iA714IbcY2L--YzynI",
|
|
184
|
+
"y" : "WQY0uCoQyPSozWKGQ0anmFeOH5JNXiZa9i6SNqOcm7w"
|
|
185
|
+
},
|
|
186
|
+
{
|
|
187
|
+
"alg" : "ES256",
|
|
188
|
+
"crv" : "P-256",
|
|
189
|
+
"kid" : "0oeLcQ",
|
|
190
|
+
"kty" : "EC",
|
|
191
|
+
"use" : "sig",
|
|
192
|
+
"x" : "MdhRXGEoGJLtBjQEIjnYLPkeci9rXnca2TffkI0Kac0",
|
|
193
|
+
"y" : "9BoREHfX7g5OK8ELpA_4RcOnFCGSjfR4SGZpBo7juEY"
|
|
194
|
+
},
|
|
195
|
+
{
|
|
196
|
+
"alg" : "ES256",
|
|
197
|
+
"crv" : "P-256",
|
|
198
|
+
"kid" : "g5X6ig",
|
|
199
|
+
"kty" : "EC",
|
|
200
|
+
"use" : "sig",
|
|
201
|
+
"x" : "115LSuaFVzVROJiGfdPN1kT14Hv3P4RIjthfslZ010s",
|
|
202
|
+
"y" : "-FAaRtO4yvrN4uJ89xwGWOEJcSwpLmFOtb0SDJxEAuc"
|
|
203
|
+
}
|
|
204
|
+
]
|
|
205
|
+
}
|
|
206
|
+
JWK
|
|
207
|
+
}
|
|
208
|
+
let(:expected_aud) { "/projects/652562776798/apps/cloud-samples-tests-php-iap" }
|
|
209
|
+
let(:unexpired_test_time) { Time.at 1591335143 }
|
|
210
|
+
let(:expired_test_time) { unexpired_test_time + 86400 }
|
|
211
|
+
|
|
212
|
+
after do
|
|
213
|
+
WebMock.reset!
|
|
214
|
+
Google::Auth::IDTokens.forget_sources!
|
|
215
|
+
end
|
|
216
|
+
|
|
217
|
+
it "verifies a good token with iss and aud checks" do
|
|
218
|
+
stub_request(:get, Google::Auth::IDTokens::IAP_JWK_URL).to_return(body: iap_jwk_body)
|
|
219
|
+
Time.stub :now, unexpired_test_time do
|
|
220
|
+
Google::Auth::IDTokens.verify_iap iap_token, aud: expected_aud
|
|
221
|
+
end
|
|
222
|
+
end
|
|
223
|
+
|
|
224
|
+
it "fails to verify a bad token" do
|
|
225
|
+
stub_request(:get, Google::Auth::IDTokens::IAP_JWK_URL).to_return(body: iap_jwk_body)
|
|
226
|
+
Time.stub :now, unexpired_test_time do
|
|
227
|
+
assert_raises Google::Auth::IDTokens::SignatureError do
|
|
228
|
+
Google::Auth::IDTokens.verify_iap "#{iap_token}x"
|
|
229
|
+
end
|
|
230
|
+
end
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
it "fails to verify a token with the wrong aud" do
|
|
234
|
+
stub_request(:get, Google::Auth::IDTokens::IAP_JWK_URL).to_return(body: iap_jwk_body)
|
|
235
|
+
Time.stub :now, unexpired_test_time do
|
|
236
|
+
assert_raises Google::Auth::IDTokens::AudienceMismatchError do
|
|
237
|
+
Google::Auth::IDTokens.verify_iap iap_token, aud: ["hello", "world"]
|
|
238
|
+
end
|
|
239
|
+
end
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
it "fails to verify a token with the wrong azp" do
|
|
243
|
+
stub_request(:get, Google::Auth::IDTokens::IAP_JWK_URL).to_return(body: iap_jwk_body)
|
|
244
|
+
Time.stub :now, unexpired_test_time do
|
|
245
|
+
assert_raises Google::Auth::IDTokens::AuthorizedPartyMismatchError do
|
|
246
|
+
Google::Auth::IDTokens.verify_iap iap_token, azp: "hello"
|
|
247
|
+
end
|
|
248
|
+
end
|
|
249
|
+
end
|
|
250
|
+
|
|
251
|
+
it "fails to verify a token with the wrong issuer" do
|
|
252
|
+
stub_request(:get, Google::Auth::IDTokens::IAP_JWK_URL).to_return(body: iap_jwk_body)
|
|
253
|
+
Time.stub :now, unexpired_test_time do
|
|
254
|
+
assert_raises Google::Auth::IDTokens::IssuerMismatchError do
|
|
255
|
+
Google::Auth::IDTokens.verify_iap iap_token, iss: "hello"
|
|
256
|
+
end
|
|
257
|
+
end
|
|
258
|
+
end
|
|
259
|
+
|
|
260
|
+
it "fails to verify an expired token" do
|
|
261
|
+
stub_request(:get, Google::Auth::IDTokens::IAP_JWK_URL).to_return(body: iap_jwk_body)
|
|
262
|
+
Time.stub :now, expired_test_time do
|
|
263
|
+
assert_raises Google::Auth::IDTokens::ExpiredTokenError do
|
|
264
|
+
Google::Auth::IDTokens.verify_iap iap_token
|
|
265
|
+
end
|
|
266
|
+
end
|
|
267
|
+
end
|
|
268
|
+
end
|
|
269
|
+
end
|
metadata
CHANGED
|
@@ -1,29 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: googleauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.13.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Emiola
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-06-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 0.17.3
|
|
20
|
+
- - "<"
|
|
18
21
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0
|
|
22
|
+
version: '2.0'
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
24
|
-
- - "
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: 0.17.3
|
|
30
|
+
- - "<"
|
|
25
31
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0
|
|
32
|
+
version: '2.0'
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: jwt
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -98,14 +104,28 @@ dependencies:
|
|
|
98
104
|
requirements:
|
|
99
105
|
- - "~>"
|
|
100
106
|
- !ruby/object:Gem::Version
|
|
101
|
-
version: '0.
|
|
107
|
+
version: '0.14'
|
|
102
108
|
type: :runtime
|
|
103
109
|
prerelease: false
|
|
104
110
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
111
|
requirements:
|
|
106
112
|
- - "~>"
|
|
107
113
|
- !ruby/object:Gem::Version
|
|
108
|
-
version: '0.
|
|
114
|
+
version: '0.14'
|
|
115
|
+
- !ruby/object:Gem::Dependency
|
|
116
|
+
name: yard
|
|
117
|
+
requirement: !ruby/object:Gem::Requirement
|
|
118
|
+
requirements:
|
|
119
|
+
- - "~>"
|
|
120
|
+
- !ruby/object:Gem::Version
|
|
121
|
+
version: '0.9'
|
|
122
|
+
type: :development
|
|
123
|
+
prerelease: false
|
|
124
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
125
|
+
requirements:
|
|
126
|
+
- - "~>"
|
|
127
|
+
- !ruby/object:Gem::Version
|
|
128
|
+
version: '0.9'
|
|
109
129
|
description: |2
|
|
110
130
|
Allows simple authorization for accessing Google APIs.
|
|
111
131
|
Provide support for Application Default Credentials, as described at
|
|
@@ -125,6 +145,7 @@ files:
|
|
|
125
145
|
- ".kokoro/continuous/common.cfg"
|
|
126
146
|
- ".kokoro/continuous/linux.cfg"
|
|
127
147
|
- ".kokoro/continuous/osx.cfg"
|
|
148
|
+
- ".kokoro/continuous/post.cfg"
|
|
128
149
|
- ".kokoro/continuous/windows.cfg"
|
|
129
150
|
- ".kokoro/osx.sh"
|
|
130
151
|
- ".kokoro/presubmit/common.cfg"
|
|
@@ -132,8 +153,9 @@ files:
|
|
|
132
153
|
- ".kokoro/presubmit/osx.cfg"
|
|
133
154
|
- ".kokoro/presubmit/windows.cfg"
|
|
134
155
|
- ".kokoro/release.cfg"
|
|
156
|
+
- ".kokoro/trampoline.bat"
|
|
135
157
|
- ".kokoro/trampoline.sh"
|
|
136
|
-
- ".
|
|
158
|
+
- ".repo-metadata.json"
|
|
137
159
|
- ".rspec"
|
|
138
160
|
- ".rubocop.yml"
|
|
139
161
|
- CHANGELOG.md
|
|
@@ -143,6 +165,8 @@ files:
|
|
|
143
165
|
- README.md
|
|
144
166
|
- Rakefile
|
|
145
167
|
- googleauth.gemspec
|
|
168
|
+
- integration/helper.rb
|
|
169
|
+
- integration/id_tokens/key_source_test.rb
|
|
146
170
|
- lib/googleauth.rb
|
|
147
171
|
- lib/googleauth/application_default.rb
|
|
148
172
|
- lib/googleauth/client_id.rb
|
|
@@ -151,6 +175,10 @@ files:
|
|
|
151
175
|
- lib/googleauth/credentials_loader.rb
|
|
152
176
|
- lib/googleauth/default_credentials.rb
|
|
153
177
|
- lib/googleauth/iam.rb
|
|
178
|
+
- lib/googleauth/id_tokens.rb
|
|
179
|
+
- lib/googleauth/id_tokens/errors.rb
|
|
180
|
+
- lib/googleauth/id_tokens/key_sources.rb
|
|
181
|
+
- lib/googleauth/id_tokens/verifier.rb
|
|
154
182
|
- lib/googleauth/json_key_reader.rb
|
|
155
183
|
- lib/googleauth/scope_util.rb
|
|
156
184
|
- lib/googleauth/service_account.rb
|
|
@@ -162,6 +190,9 @@ files:
|
|
|
162
190
|
- lib/googleauth/user_refresh.rb
|
|
163
191
|
- lib/googleauth/version.rb
|
|
164
192
|
- lib/googleauth/web_user_authorizer.rb
|
|
193
|
+
- rakelib/devsite_builder.rb
|
|
194
|
+
- rakelib/link_checker.rb
|
|
195
|
+
- rakelib/repo_metadata.rb
|
|
165
196
|
- spec/googleauth/apply_auth_examples.rb
|
|
166
197
|
- spec/googleauth/client_id_spec.rb
|
|
167
198
|
- spec/googleauth/compute_engine_spec.rb
|
|
@@ -178,7 +209,10 @@ files:
|
|
|
178
209
|
- spec/googleauth/user_refresh_spec.rb
|
|
179
210
|
- spec/googleauth/web_user_authorizer_spec.rb
|
|
180
211
|
- spec/spec_helper.rb
|
|
181
|
-
|
|
212
|
+
- test/helper.rb
|
|
213
|
+
- test/id_tokens/key_sources_test.rb
|
|
214
|
+
- test/id_tokens/verifier_test.rb
|
|
215
|
+
homepage: https://github.com/googleapis/google-auth-library-ruby
|
|
182
216
|
licenses:
|
|
183
217
|
- Apache-2.0
|
|
184
218
|
metadata: {}
|
|
@@ -190,14 +224,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
190
224
|
requirements:
|
|
191
225
|
- - ">="
|
|
192
226
|
- !ruby/object:Gem::Version
|
|
193
|
-
version:
|
|
227
|
+
version: 2.4.0
|
|
194
228
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
195
229
|
requirements:
|
|
196
230
|
- - ">="
|
|
197
231
|
- !ruby/object:Gem::Version
|
|
198
232
|
version: '0'
|
|
199
233
|
requirements: []
|
|
200
|
-
rubygems_version: 3.
|
|
234
|
+
rubygems_version: 3.1.3
|
|
201
235
|
signing_key:
|
|
202
236
|
specification_version: 4
|
|
203
237
|
summary: Google Auth Library for Ruby
|
data/.kokoro/windows.sh
DELETED