googleauth 0.15.1 → 0.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +0 -2
- data/CHANGELOG.md +7 -0
- data/Gemfile +2 -7
- data/README.md +8 -6
- data/googleauth.gemspec +2 -1
- data/lib/googleauth/credentials.rb +8 -3
- data/lib/googleauth/credentials_loader.rb +1 -1
- data/lib/googleauth/iam.rb +1 -1
- data/lib/googleauth/id_tokens/key_sources.rb +7 -5
- data/lib/googleauth/id_tokens/verifier.rb +7 -9
- data/lib/googleauth/scope_util.rb +1 -1
- data/lib/googleauth/service_account.rb +1 -1
- data/lib/googleauth/signet.rb +1 -1
- data/lib/googleauth/stores/file_token_store.rb +1 -0
- data/lib/googleauth/stores/redis_token_store.rb +1 -0
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 48c5d834a399888143ea83075944e2986844be9c39b0932a5a3ffc4b5d39ddaa
|
|
4
|
+
data.tar.gz: 5967e63455f08bbceae1f4ca0860d043fecea202c34d4792c8e868e9f0a7645a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 805fa56609f1574e85ca263be3cb8880f823db525951380ca5c3499d6600304ef81b643ce02879ea2fb4863f2ecefbbe8b37d4be658f64cb86a056fb6b67b48d
|
|
7
|
+
data.tar.gz: 57db9596321060154f8da5438ecaf96744d9102adde97b45b824c63b4c4ea2b246a1d85887de263f06d723f960dc27721509cc408af9f0cf29631ef1554cac56
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Release History
|
|
2
2
|
|
|
3
|
+
## [0.16.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/v0.15.1...v0.16.0) (2021-03-04)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Features
|
|
7
|
+
|
|
8
|
+
* Drop support for Ruby 2.4 and add support for Ruby 3.0 ([6644806](https://www.github.com/googleapis/google-auth-library-ruby/commit/6644806ab47cea6d08e1901c2ed808e53a579bc3))
|
|
9
|
+
|
|
3
10
|
## [0.15.1](https://www.github.com/googleapis/google-auth-library-ruby/compare/v0.15.0...v0.15.1) (2021-02-08)
|
|
4
11
|
|
|
5
12
|
|
data/Gemfile
CHANGED
|
@@ -8,7 +8,7 @@ group :development do
|
|
|
8
8
|
gem "coveralls", "~> 0.7"
|
|
9
9
|
gem "fakefs", "~> 0.6"
|
|
10
10
|
gem "fakeredis", "~> 0.5"
|
|
11
|
-
gem "google-style", "~> 1.
|
|
11
|
+
gem "google-style", "~> 1.25.1"
|
|
12
12
|
gem "logging", "~> 2.0"
|
|
13
13
|
gem "minitest", "~> 5.14"
|
|
14
14
|
gem "minitest-focus", "~> 1.1"
|
|
@@ -21,10 +21,5 @@ group :development do
|
|
|
21
21
|
gem "webmock", "~> 3.8"
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
-
|
|
25
|
-
group :development do
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
gem "faraday", "~> 0.17"
|
|
24
|
+
gem "faraday", ">= 0.17.3", "< 2.0"
|
|
30
25
|
gem "gems", "~> 1.2"
|
data/README.md
CHANGED
|
@@ -182,12 +182,14 @@ Custom storage implementations can also be used. See
|
|
|
182
182
|
|
|
183
183
|
## Supported Ruby Versions
|
|
184
184
|
|
|
185
|
-
This library
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
maintenance
|
|
190
|
-
|
|
185
|
+
This library is supported on Ruby 2.5+.
|
|
186
|
+
|
|
187
|
+
Google provides official support for Ruby versions that are actively supported
|
|
188
|
+
by Ruby Core—that is, Ruby versions that are either in normal maintenance or in
|
|
189
|
+
security maintenance, and not end of life. Currently, this means Ruby 2.5 and
|
|
190
|
+
later. Older versions of Ruby _may_ still work, but are unsupported and not
|
|
191
|
+
recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details
|
|
192
|
+
about the Ruby support schedule.
|
|
191
193
|
|
|
192
194
|
## License
|
|
193
195
|
|
data/googleauth.gemspec
CHANGED
|
@@ -24,8 +24,9 @@ Gem::Specification.new do |gem|
|
|
|
24
24
|
File.basename f
|
|
25
25
|
end
|
|
26
26
|
gem.require_paths = ["lib"]
|
|
27
|
+
|
|
27
28
|
gem.platform = Gem::Platform::RUBY
|
|
28
|
-
gem.required_ruby_version = ">= 2.
|
|
29
|
+
gem.required_ruby_version = ">= 2.5"
|
|
29
30
|
|
|
30
31
|
gem.add_dependency "faraday", ">= 0.17.3", "< 2.0"
|
|
31
32
|
gem.add_dependency "jwt", ">= 1.4", "< 3.0"
|
|
@@ -369,9 +369,10 @@ module Google
|
|
|
369
369
|
verify_keyfile_provided! keyfile
|
|
370
370
|
@project_id = options["project_id"] || options["project"]
|
|
371
371
|
@quota_project_id = options["quota_project_id"]
|
|
372
|
-
|
|
372
|
+
case keyfile
|
|
373
|
+
when Signet::OAuth2::Client
|
|
373
374
|
update_from_signet keyfile
|
|
374
|
-
|
|
375
|
+
when Hash
|
|
375
376
|
update_from_hash keyfile, options
|
|
376
377
|
else
|
|
377
378
|
update_from_filepath keyfile, options
|
|
@@ -503,9 +504,11 @@ module Google
|
|
|
503
504
|
|
|
504
505
|
# returns a new Hash with string keys instead of symbol keys.
|
|
505
506
|
def stringify_hash_keys hash
|
|
506
|
-
|
|
507
|
+
hash.to_h.transform_keys(&:to_s)
|
|
507
508
|
end
|
|
508
509
|
|
|
510
|
+
# rubocop:disable Metrics/AbcSize
|
|
511
|
+
|
|
509
512
|
def client_options options
|
|
510
513
|
# Keyfile options have higher priority over constructor defaults
|
|
511
514
|
options["token_credential_uri"] ||= self.class.token_credential_uri
|
|
@@ -527,6 +530,8 @@ module Google
|
|
|
527
530
|
signing_key: OpenSSL::PKey::RSA.new(options["private_key"]) }
|
|
528
531
|
end
|
|
529
532
|
|
|
533
|
+
# rubocop:enable Metrics/AbcSize
|
|
534
|
+
|
|
530
535
|
def update_from_signet client
|
|
531
536
|
@project_id ||= client.project_id if client.respond_to? :project_id
|
|
532
537
|
@quota_project_id ||= client.quota_project_id if client.respond_to? :quota_project_id
|
|
@@ -103,7 +103,7 @@ module Google
|
|
|
103
103
|
return make_creds options.merge(json_key_io: f)
|
|
104
104
|
end
|
|
105
105
|
elsif service_account_env_vars? || authorized_user_env_vars?
|
|
106
|
-
|
|
106
|
+
make_creds options
|
|
107
107
|
end
|
|
108
108
|
rescue StandardError => e
|
|
109
109
|
raise "#{NOT_FOUND_ERROR}: #{e}"
|
data/lib/googleauth/iam.rb
CHANGED
|
@@ -171,7 +171,9 @@ module Google
|
|
|
171
171
|
curve_name = CURVE_NAME_MAP[jwk[:crv]]
|
|
172
172
|
raise KeySourceError, "Unsupported EC curve #{jwk[:crv]}" unless curve_name
|
|
173
173
|
group = OpenSSL::PKey::EC::Group.new curve_name
|
|
174
|
-
|
|
174
|
+
x_hex = x_data.unpack1 "H*"
|
|
175
|
+
y_hex = y_data.unpack1 "H*"
|
|
176
|
+
bn = OpenSSL::BN.new ["04#{x_hex}#{y_hex}"].pack("H*"), 2
|
|
175
177
|
key = OpenSSL::PKey::EC.new curve_name
|
|
176
178
|
key.public_key = OpenSSL::PKey::EC::Point.new group, bn
|
|
177
179
|
key
|
|
@@ -284,10 +286,10 @@ module Google
|
|
|
284
286
|
raise KeySourceError, "Unable to retrieve data from #{uri}" unless response.is_a? Net::HTTPSuccess
|
|
285
287
|
|
|
286
288
|
data = begin
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
289
|
+
JSON.parse response.body
|
|
290
|
+
rescue JSON::ParserError
|
|
291
|
+
raise KeySourceError, "Unable to parse JSON"
|
|
292
|
+
end
|
|
291
293
|
|
|
292
294
|
@current_keys = Array(interpret_json(data))
|
|
293
295
|
end
|
|
@@ -105,15 +105,13 @@ module Google
|
|
|
105
105
|
def decode_token token, keys, aud, azp, iss
|
|
106
106
|
payload = nil
|
|
107
107
|
keys.find do |key|
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
nil # Try the next key
|
|
116
|
-
end
|
|
108
|
+
options = { algorithms: key.algorithm }
|
|
109
|
+
decoded_token = JWT.decode token, key.key, true, options
|
|
110
|
+
payload = decoded_token.first
|
|
111
|
+
rescue JWT::ExpiredSignature
|
|
112
|
+
raise ExpiredTokenError, "Token signature is expired"
|
|
113
|
+
rescue JWT::DecodeError
|
|
114
|
+
nil # Try the next key
|
|
117
115
|
end
|
|
118
116
|
|
|
119
117
|
normalize_and_verify_payload payload, aud, azp, iss
|
data/lib/googleauth/signet.rb
CHANGED
data/lib/googleauth/version.rb
CHANGED
|
@@ -189,7 +189,7 @@ module Google
|
|
|
189
189
|
# May raise an error if an authorization code is present in the session
|
|
190
190
|
# and exchange of the code fails
|
|
191
191
|
def get_credentials user_id, request = nil, scope = nil
|
|
192
|
-
if request
|
|
192
|
+
if request&.session&.key? CALLBACK_STATE_KEY
|
|
193
193
|
# Note - in theory, no need to check required scope as this is
|
|
194
194
|
# expected to be called immediately after a return from authorization
|
|
195
195
|
state_json = request.session.delete CALLBACK_STATE_KEY
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: googleauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.16.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Emiola
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-03-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -226,14 +226,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
226
226
|
requirements:
|
|
227
227
|
- - ">="
|
|
228
228
|
- !ruby/object:Gem::Version
|
|
229
|
-
version: 2.
|
|
229
|
+
version: '2.5'
|
|
230
230
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
231
231
|
requirements:
|
|
232
232
|
- - ">="
|
|
233
233
|
- !ruby/object:Gem::Version
|
|
234
234
|
version: '0'
|
|
235
235
|
requirements: []
|
|
236
|
-
rubygems_version: 3.2.
|
|
236
|
+
rubygems_version: 3.2.11
|
|
237
237
|
signing_key:
|
|
238
238
|
specification_version: 4
|
|
239
239
|
summary: Google Auth Library for Ruby
|