linkedin_sign_in 0.4.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ee16026971b50c11efcd2f1882de53f9ba5c3855fd4641d6901939571d7c277
-  data.tar.gz: 23d35a4f027293b47294757ec195ae6676c5e7809f72c4c1f3d1a71619bcf41c
+  metadata.gz: e12e4f61db5ed79a11bb444e5dae36e4c248e270f5e1ddcaf1d0c590a27896a4
+  data.tar.gz: 45476fbc4ddde3ea6d327fff5d8ecf67670518c8c1536863e6b3bdcd91bd6b9e
 SHA512:
-  metadata.gz: 6721873e8eff33dd2b6fead2e547f138b9a987a4d71f275e59b54462a17010891a09eff4e75da15caa695aa395baef92e529dc4b4ac4b32c186d030bb133f975
-  data.tar.gz: '0845e4f905d41382d50b0d80e38ced16e8dfd6af72f3ba2e7487edb8275da7a1c0bd1b8c5be28618914b4ae0f755e5ac1b9bda790803c99bfbdcc36ba7a34773'
+  metadata.gz: 4fb3b6d5444026e8be4712a0be3098c57b2dc88133633069559ef37f3188b90f0bfcc726e00901cb30aefc436eeea19eee9d55def6887ead2c36b38ab136b1b0
+  data.tar.gz: d67d197717024c96d66e9a2f14770b6c102a20f5a3f7030265c601ac6fe23d9843a3e113cae20db11a66912032558caf9822c0e9fb8a7c2fb2dba637b18ad2b7

data/.travis.yml

@@ -6,10 +6,8 @@ cache: bundler
 before_install: gem update --system && gem install bundler -v 1.17.3
 
 rvm:
-  - 2.3
-  - 2.4
-  - 2.5
-  - 2.6
+  - 2.7
+  - 3.0
   - ruby-head
 
 matrix:

data/Gemfile.lock

@@ -1,150 +1,184 @@
 PATH
   remote: .
   specs:
-    linkedin_sign_in (0.4.0)
+    linkedin_sign_in (0.6.0)
       oauth2 (>= 1.4.0)
       rails (>= 5.2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.2.1)
-      actionpack (= 5.2.2.1)
+    actioncable (7.0.4)
+      actionpack (= 7.0.4)
+      activesupport (= 7.0.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.2.1)
-      actionpack (= 5.2.2.1)
-      actionview (= 5.2.2.1)
-      activejob (= 5.2.2.1)
+    actionmailbox (7.0.4)
+      actionpack (= 7.0.4)
+      activejob (= 7.0.4)
+      activerecord (= 7.0.4)
+      activestorage (= 7.0.4)
+      activesupport (= 7.0.4)
+      mail (>= 2.7.1)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.0.4)
+      actionpack (= 7.0.4)
+      actionview (= 7.0.4)
+      activejob (= 7.0.4)
+      activesupport (= 7.0.4)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.2.1)
-      actionview (= 5.2.2.1)
-      activesupport (= 5.2.2.1)
-      rack (~> 2.0)
+    actionpack (7.0.4)
+      actionview (= 7.0.4)
+      activesupport (= 7.0.4)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.2.1)
-      activesupport (= 5.2.2.1)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (7.0.4)
+      actionpack (= 7.0.4)
+      activerecord (= 7.0.4)
+      activestorage (= 7.0.4)
+      activesupport (= 7.0.4)
+      globalid (>= 0.6.0)
+      nokogiri (>= 1.8.5)
+    actionview (7.0.4)
+      activesupport (= 7.0.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.2.1)
-      activesupport (= 5.2.2.1)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (7.0.4)
+      activesupport (= 7.0.4)
       globalid (>= 0.3.6)
-    activemodel (5.2.2.1)
-      activesupport (= 5.2.2.1)
-    activerecord (5.2.2.1)
-      activemodel (= 5.2.2.1)
-      activesupport (= 5.2.2.1)
-      arel (>= 9.0)
-    activestorage (5.2.2.1)
-      actionpack (= 5.2.2.1)
-      activerecord (= 5.2.2.1)
-      marcel (~> 0.3.1)
-    activesupport (5.2.2.1)
+    activemodel (7.0.4)
+      activesupport (= 7.0.4)
+    activerecord (7.0.4)
+      activemodel (= 7.0.4)
+      activesupport (= 7.0.4)
+    activestorage (7.0.4)
+      actionpack (= 7.0.4)
+      activejob (= 7.0.4)
+      activerecord (= 7.0.4)
+      activesupport (= 7.0.4)
+      marcel (~> 1.0)
+      mini_mime (>= 1.1.0)
+    activesupport (7.0.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
-    arel (9.0.0)
-    builder (3.2.3)
-    byebug (11.0.1)
-    concurrent-ruby (1.1.5)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    crass (1.0.4)
-    erubi (1.8.0)
-    faraday (0.15.4)
-      multipart-post (>= 1.2, < 3)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    hashdiff (0.3.8)
-    i18n (1.6.0)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
+    builder (3.2.4)
+    byebug (11.1.3)
+    concurrent-ruby (1.1.10)
+    crack (0.4.5)
+      rexml
+    crass (1.0.6)
+    erubi (1.11.0)
+    faraday (2.7.1)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (3.0.2)
+    globalid (1.0.0)
+      activesupport (>= 5.0)
+    hashdiff (1.0.1)
+    hashie (5.0.0)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
-    jwt (2.1.0)
-    loofah (2.2.3)
+    jwt (2.5.0)
+    loofah (2.19.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
-    method_source (0.9.2)
-    mimemagic (0.3.3)
-    mini_mime (1.0.1)
-    mini_portile2 (2.4.0)
-    minitest (5.11.3)
-    multi_json (1.13.1)
+    marcel (1.0.2)
+    method_source (1.0.0)
+    mini_mime (1.1.2)
+    mini_portile2 (2.8.0)
+    minitest (5.16.3)
     multi_xml (0.6.0)
-    multipart-post (2.0.0)
-    nio4r (2.3.1)
-    nokogiri (1.10.1)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.1)
-      faraday (>= 0.8, < 0.16.0)
+    net-imap (0.3.1)
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.1.3)
+      timeout
+    net-smtp (0.3.3)
+      net-protocol
+    nio4r (2.5.8)
+    nokogiri (1.13.9)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    oauth2 (2.0.9)
+      faraday (>= 0.17.3, < 3.0)
       jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    public_suffix (3.0.3)
-    rack (2.0.6)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (5.2.2.1)
-      actioncable (= 5.2.2.1)
-      actionmailer (= 5.2.2.1)
-      actionpack (= 5.2.2.1)
-      actionview (= 5.2.2.1)
-      activejob (= 5.2.2.1)
-      activemodel (= 5.2.2.1)
-      activerecord (= 5.2.2.1)
-      activestorage (= 5.2.2.1)
-      activesupport (= 5.2.2.1)
-      bundler (>= 1.3.0)
-      railties (= 5.2.2.1)
-      sprockets-rails (>= 2.0.0)
+      rack (>= 1.2, < 4)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
+    public_suffix (5.0.0)
+    racc (1.6.0)
+    rack (2.2.4)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rails (7.0.4)
+      actioncable (= 7.0.4)
+      actionmailbox (= 7.0.4)
+      actionmailer (= 7.0.4)
+      actionpack (= 7.0.4)
+      actiontext (= 7.0.4)
+      actionview (= 7.0.4)
+      activejob (= 7.0.4)
+      activemodel (= 7.0.4)
+      activerecord (= 7.0.4)
+      activestorage (= 7.0.4)
+      activesupport (= 7.0.4)
+      bundler (>= 1.15.0)
+      railties (= 7.0.4)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (5.2.2.1)
-      actionpack (= 5.2.2.1)
-      activesupport (= 5.2.2.1)
+    rails-html-sanitizer (1.4.3)
+      loofah (~> 2.3)
+    railties (7.0.4)
+      actionpack (= 7.0.4)
+      activesupport (= 7.0.4)
       method_source
-      rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
-    rake (12.3.2)
-    safe_yaml (1.0.5)
-    sprockets (3.7.2)
+      rake (>= 12.2)
+      thor (~> 1.0)
+      zeitwerk (~> 2.5)
+    rake (13.0.6)
+    rexml (3.2.5)
+    ruby2_keywords (0.0.5)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
+    thor (1.2.1)
+    timeout (0.3.0)
+    tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    thor (0.20.3)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    webmock (3.5.1)
-      addressable (>= 2.3.6)
+    version_gem (1.1.1)
+    webmock (3.18.1)
+      addressable (>= 2.8.0)
       crack (>= 0.3.2)
-      hashdiff
-    websocket-driver (0.7.0)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.6.6)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.17.2)
+  bundler (~> 2.3.26)
   byebug
   jwt (>= 1.5.6)
   linkedin_sign_in!
@@ -152,4 +186,4 @@ DEPENDENCIES
   webmock (>= 3.4.2)
 
 BUNDLED WITH
-   1.17.2
+   2.3.26

data/README.md

@@ -1,4 +1,4 @@
-This gem is shamlessly based on [Google SignIn by Basecamp](https://github.com/basecamp/google_sign_in).
+This gem is shamelessly based on [Google SignIn by Basecamp](https://github.com/basecamp/google_sign_in).
 
 # Linkedin Sign-In for Rails
 
@@ -62,6 +62,16 @@ end
 
 **⚠️ Important:** Take care to protect your client secret from disclosure to third parties.
 
+9. (Optional) The callback route can be configured using:
+
+ ```ruby
+ # config/initializers/linkedin_sign_in.rb
+ Rails.application.configure do
+   config.linkedin_sign_in.root = "my_own/linkedin_sign_in_route"
+ end
+ ```
+
+ Which would make the callback `/my_own/linkedin_sign_in_route/callback`.
 
 ## Usage
 

data/app/controllers/linkedin_sign_in/authorizations_controller.rb

@@ -1,9 +1,11 @@
 require 'securerandom'
 
 class LinkedinSignIn::AuthorizationsController < LinkedinSignIn::BaseController
+  skip_forgery_protection only: :create
+
   def create
     redirect_to login_url(scope: 'r_basicprofile r_emailaddress', state: state),
-      flash: { proceed_to: params.require(:proceed_to), state: state }
+      allow_other_host: true, flash: { proceed_to: params.require(:proceed_to), state: state }
   end
 
   private

data/app/controllers/linkedin_sign_in/base_controller.rb

@@ -5,11 +5,6 @@ class LinkedinSignIn::BaseController < ActionController::Base
 
   private
     def client
-      @client ||= OAuth2::Client.new \
-        LinkedinSignIn.client_id,
-        LinkedinSignIn.client_secret,
-        authorize_url: 'https://www.linkedin.com/oauth/v2/authorization',
-        token_url: 'https://www.linkedin.com/oauth/v2/accessToken',
-        redirect_uri: callback_url
+      @client ||= LinkedinSignIn.oauth2_client(redirect_uri: callback_url)
     end
 end

data/lib/linkedin_sign_in/engine.rb

@@ -1,15 +1,26 @@
 require 'rails/engine'
+require 'linkedin_sign_in' unless defined?(LinkedinSignIn)
 
 module LinkedinSignIn
   class Engine < ::Rails::Engine
     isolate_namespace LinkedinSignIn
 
-    config.linkedin_sign_in = ActiveSupport::OrderedOptions.new
+    # Set default config so apps can modify rather than starting from nil, e.g.
+    #
+    #   config.linkedin_sign_in.authorize_url += "?disallow_webview=true"
+    #
+    config.linkedin_sign_in = ActiveSupport::OrderedOptions.new.update \
+      authorize_url: LinkedinSignIn.authorize_url,
+      token_url: LinkedinSignIn.token_url
 
     initializer 'linkedin_sign_in.config' do |app|
       config.after_initialize do
         LinkedinSignIn.client_id     = config.linkedin_sign_in.client_id || app.credentials.dig(:linkedin_sign_in, :client_id)
         LinkedinSignIn.client_secret = config.linkedin_sign_in.client_secret || app.credentials.dig(:linkedin_sign_in, :client_secret)
+        LinkedinSignIn.authorize_url = config.linkedin_sign_in.authorize_url
+        LinkedinSignIn.token_url     = config.linkedin_sign_in.token_url
+
+        LinkedinSignIn.oauth2_client_options = config.linkedin_sign_in.oauth2_client_options
       end
     end
 

data/lib/linkedin_sign_in/redirect_protector.rb

@@ -9,8 +9,8 @@ module LinkedinSignIn
     QUALIFIED_URL_PATTERN = /\A#{URI::DEFAULT_PARSER.make_regexp}\z/
 
     def ensure_same_origin(target, source)
-      if target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source)
-        raise Violation, "Redirect target #{target} does not have same origin as request (expected #{origin_of(source)})"
+      if target.blank? || (target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source))
+        raise Violation, "Redirect target #{target.inspect} does not have same origin as request (expected #{origin_of(source)})"
       end
     end
 

data/lib/linkedin_sign_in.rb

@@ -1,9 +1,13 @@
 require 'active_support'
 require 'active_support/rails'
+require 'oauth2'
 
 module LinkedinSignIn
   mattr_accessor :client_id
   mattr_accessor :client_secret
+  mattr_accessor :authorize_url, default: "https://www.linkedin.com/oauth/v2/authorization"
+  mattr_accessor :token_url, default: "https://www.linkedin.com/oauth/v2/accessToken"
+  mattr_accessor :oauth2_client_options, default: nil
 
   # https://tools.ietf.org/html/rfc6749#section-4.1.2.1
   authorization_request_errors = %w[
@@ -29,7 +33,17 @@ module LinkedinSignIn
   # Authorization Code Grant errors from both authorization requests
   # and access token requests.
   OAUTH2_ERRORS = authorization_request_errors | access_token_request_errors
+
+  def self.oauth2_client(redirect_uri:)
+    OAuth2::Client.new \
+      LinkedinSignIn.client_id,
+      LinkedinSignIn.client_secret,
+      authorize_url: LinkedinSignIn.authorize_url,
+      token_url: LinkedinSignIn.token_url,
+      redirect_uri: redirect_uri,
+      **LinkedinSignIn.oauth2_client_options.to_h
+  end
 end
 
 require 'linkedin_sign_in/identity'
-require 'linkedin_sign_in/engine' if defined?(Rails)
+require 'linkedin_sign_in/engine' if defined?(Rails) && !defined?(LinkedinSignIn::Engine)

data/linkedin_sign_in.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name     = 'linkedin_sign_in'
-  s.version  = '0.4.0'
+  s.version  = '0.6.0'
   s.authors  = ['Vincent Robert']
   s.email    = ['vincent.robert@genezys.net']
   s.summary  = 'Sign in (or up) with Linkedin for Rails applications'
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'rails', '>= 5.2.0'
   s.add_dependency 'oauth2', '>= 1.4.0'
 
-  s.add_development_dependency 'bundler', '~> 1.17.2'
+  s.add_development_dependency 'bundler', '~> 2.3.26'
   s.add_development_dependency 'jwt', '>= 1.5.6'
   s.add_development_dependency 'webmock', '>= 3.4.2'
 

data/test/controllers/authorizations_controller_test.rb

@@ -1,25 +1,54 @@
 require 'test_helper'
 
 class LinkedinSignIn::AuthorizationsControllerTest < ActionDispatch::IntegrationTest
-  test "redirecting to Linkedin for authorization" do
-    post linkedin_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-    assert_response :redirect
-    assert_match 'https://www.linkedin.com/oauth/v2/authorization', response.location
-
-    params = extract_query_params_from(response.location)
-    assert_equal FAKE_LINKEDIN_CLIENT_ID, params[:client_id]
-    assert_equal 'login', params[:prompt]
-    assert_equal 'code', params[:response_type]
-    assert_equal 'http://www.example.com/linkedin_sign_in/callback', params[:redirect_uri]
-    assert_equal 'r_basicprofile r_emailaddress', params[:scope]
-    assert_match /[A-Za-z0-9+\/]{32}/, params[:state]
-
-    assert_equal 'http://www.example.com/login', flash[:proceed_to]
-    assert_equal params[:state], flash[:state]
+  default_authorize_url = LinkedinSignIn.authorize_url
+
+  teardown do
+    LinkedinSignIn.authorize_url = default_authorize_url
+  end
+
+  setup do
+    @proceed_to = "http://www.example.com/login"
+  end
+
+  test "redirecting to LinkedIn for authorization" do
+    post linkedin_sign_in.authorization_url, params: { proceed_to: @proceed_to }
+
+    assert_redirected_to_authorize
+  end
+
+  test "configuring LinkedIn authorization URL including query param" do
+    LinkedinSignIn.authorize_url = "https://example.com/auth?param=value"
+
+    post linkedin_sign_in.authorization_url, params: { proceed_to: @proceed_to }
+
+    assert_redirected_to_authorize do |params|
+      assert_equal "value", params[:param]
+    end
   end
 
   private
-    def extract_query_params_from(url)
+    def assert_redirected_to_authorize(proceed_to: @proceed_to)
+      assert_response :redirect
+
+      authorize_url = URI(LinkedinSignIn.authorize_url).tap { _1.query = nil }.to_s
+      assert_match authorize_url, redirect_to_url
+
+      params = extract_query_params_from(redirect_to_url)
+      assert_equal FAKE_LINKEDIN_CLIENT_ID, params[:client_id]
+      assert_equal "login", params[:prompt]
+      assert_equal "code", params[:response_type]
+      assert_equal linkedin_sign_in.callback_url, params[:redirect_uri]
+      assert_equal "r_basicprofile r_emailaddress", params[:scope]
+      assert_match /[A-Za-z0-9+\/]{32}/, params[:state]
+
+      assert_equal proceed_to, flash[:proceed_to]
+      assert_equal params[:state], flash[:state]
+
+      yield params if block_given?
+  end
+
+  def extract_query_params_from(url)
       query = URI(url).query
       Rack::Utils.parse_query(query).symbolize_keys
     end

data/test/controllers/callbacks_controller_test.rb

@@ -101,6 +101,11 @@ class LinkedinSignIn::CallbacksControllerTest < ActionDispatch::IntegrationTest
     assert_response :bad_request
   end
 
+  test "receiving no proceed_to URL" do
+    get linkedin_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: 'invalid')
+    assert_response :bad_request
+  end
+
   private
     def stub_token_for(code, **response_body)
       stub_token_request(code, status: 200, response: response_body)

data/test/dummy/config/application.rb

@@ -10,7 +10,7 @@ Bundler.require(*Rails.groups)
 module Dummy
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
-    config.load_defaults 5.2
+    config.load_defaults 7.0
 
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration can go into files in config/initializers

data/test/dummy/config/environments/test.rb

@@ -15,7 +15,7 @@ Rails.application.configure do
   # Configure public file server for tests with Cache-Control for performance.
   config.public_file_server.enabled = true
   config.public_file_server.headers = {
-    'Cache-Control' => "public, max-age=#{1.hour.to_i}"
+    'Cache-Control' => "public, max-age=3600"
   }
 
   # Show full error reports and disable caching.

data/test/dummy/config/initializers/linkedin_sign_in.rb

@@ -1,4 +1,7 @@
 Rails.application.configure do
   config.linkedin_sign_in.client_id = FAKE_LINKEDIN_CLIENT_ID
   config.linkedin_sign_in.client_secret = FAKE_LINKEDIN_CLIENT_SECRET
+
+  # Default changed to basic auth. Use old :request_body for the sake of our test stubs.
+  config.linkedin_sign_in.oauth2_client_options = { auth_scheme: :request_body }
 end

data/test/helpers/button_helper_test.rb

@@ -4,8 +4,7 @@ class LinkedinSignIn::ButtonHelperTest < ActionView::TestCase
   test "generating a login button with text content" do
     assert_dom_equal <<-HTML, linkedin_sign_in_button("Log in with Linkedin", proceed_to: "https://www.example.com/login")
       <form action="/linkedin_sign_in/authorization" accept-charset="UTF-8" method="post">
-        <input name="utf8" type="hidden" value="&#x2713;" />
-        <input name="proceed_to" type="hidden" value="https://www.example.com/login" />
+        <input type="hidden" name="proceed_to" value="https://www.example.com/login" autocomplete="off" />
         <button type="submit">Log in with Linkedin</button>
       </form>
     HTML
@@ -14,8 +13,7 @@ class LinkedinSignIn::ButtonHelperTest < ActionView::TestCase
   test "generating a login button with HTML content" do
     assert_dom_equal <<-HTML, linkedin_sign_in_button(proceed_to: "https://www.example.com/login") { image_tag("linkedin.png") }
       <form action="/linkedin_sign_in/authorization" accept-charset="UTF-8" method="post">
-        <input name="utf8" type="hidden" value="&#x2713;" />
-        <input name="proceed_to" type="hidden" value="https://www.example.com/login" />
+        <input type="hidden" name="proceed_to" value="https://www.example.com/login" autocomplete="off" />
         <button type="submit"><img src="/images/linkedin.png"></button>
       </form>
     HTML
@@ -27,8 +25,7 @@ class LinkedinSignIn::ButtonHelperTest < ActionView::TestCase
 
     assert_dom_equal <<-HTML, button
       <form action="/linkedin_sign_in/authorization" accept-charset="UTF-8" method="post">
-        <input name="utf8" type="hidden" value="&#x2713;" />
-        <input name="proceed_to" type="hidden" value="https://www.example.com/login" />
+        <input type="hidden" name="proceed_to" value="https://www.example.com/login" autocomplete="off" />
         <button type="submit" class="login-button" data-disable-with="Loading Linkedin login…">Log in with Linkedin</button>
       </form>
     HTML

data/test/models/redirect_protector_test.rb

@@ -20,6 +20,13 @@ class LinkedinSignIn::RedirectProtectorTest < ActiveSupport::TestCase
     end
   end
 
+  test "disallows empty URL target" do
+    assert_raises LinkedinSignIn::RedirectProtector::Violation do
+      LinkedinSignIn::RedirectProtector.ensure_same_origin nil, 'http://genezys.net'
+    end
+  end
+
+
   test "allows URL target with same origin as source" do
     assert_nothing_raised do
       LinkedinSignIn::RedirectProtector.ensure_same_origin 'https://genezys.net', 'https://genezys.net'

data/test/test_helper.rb

@@ -17,6 +17,17 @@ if LINKEDIN_X509_CERTIFICATE.not_after <= Time.now
   raise "Test certificate is expired. Generate a new one and run the tests again: `bundle exec rake test:certificate:generate`."
 end
 
+# Suppress incorrect OAuth2 client warning about having both an access token
+# and an ID token. They aren't interchangeable. And ID token is returned with
+# OIDC scoped requests and is used for authentication, whereas the access token
+# is used for authorization.
+module SuppressOAuthExtraTokensWarning
+  def from_hash(client, hash)
+    new client, hash.fetch("access_token"), hash.except("access_token")
+  end
+end
+OAuth2::AccessToken.singleton_class.prepend SuppressOAuthExtraTokensWarning
+
 class ActionView::TestCase
   private
     def assert_dom_equal(expected, actual, message = nil)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: linkedin_sign_in
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Vincent Robert
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-03-20 00:00:00.000000000 Z
+date: 2022-11-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.17.2
+        version: 2.3.26
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.17.2
+        version: 2.3.26
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -80,7 +80,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.4.2
-description: 
+description:
 email:
 - vincent.robert@genezys.net
 executables: []
@@ -110,7 +110,6 @@ files:
 - test/certificate.pem
 - test/controllers/authorizations_controller_test.rb
 - test/controllers/callbacks_controller_test.rb
-- test/dummy/.ruby-version
 - test/dummy/Rakefile
 - test/dummy/app/assets/config/manifest.js
 - test/dummy/app/assets/images/.keep
@@ -170,19 +169,16 @@ files:
 - test/dummy/public/apple-touch-icon.png
 - test/dummy/public/favicon.ico
 - test/dummy/storage/.keep
-- test/dummy/tmp/.keep
-- test/dummy/tmp/storage/.keep
 - test/helpers/button_helper_test.rb
 - test/key.pem
 - test/models/identity_test.rb
 - test/models/redirect_protector_test.rb
 - test/test_helper.rb
-- tmp/.keep
 homepage: https://github.com/genezys/linkedin_sign_in
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -197,16 +193,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.2.33
+signing_key:
 specification_version: 4
 summary: Sign in (or up) with Linkedin for Rails applications
 test_files:
 - test/certificate.pem
 - test/controllers/authorizations_controller_test.rb
 - test/controllers/callbacks_controller_test.rb
-- test/dummy/.ruby-version
 - test/dummy/Rakefile
 - test/dummy/app/assets/config/manifest.js
 - test/dummy/app/assets/images/.keep
@@ -266,8 +260,6 @@ test_files:
 - test/dummy/public/apple-touch-icon.png
 - test/dummy/public/favicon.ico
 - test/dummy/storage/.keep
-- test/dummy/tmp/.keep
-- test/dummy/tmp/storage/.keep
 - test/helpers/button_helper_test.rb
 - test/key.pem
 - test/models/identity_test.rb

data/test/dummy/.ruby-version

@@ -1 +0,0 @@
-2.5.0