mauth-client 5.0.2 → 6.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1f5fc7f62399a4835be8f3f8b8158c6cdac97e9cba3b6103aa4d714755a7b876
-  data.tar.gz: e8c7414fff883d6d20a946b7486e7dc729435ef3ded2773db88a3be73ef137a3
+  metadata.gz: be045713042cd9a25e7b0219d959c1208c66b700c8a113130d7865d91e17db7d
+  data.tar.gz: 155e903f0fa2fafabf2167c9d908398259ec2c9336b7f953bda83efe13667559
 SHA512:
-  metadata.gz: 89ba02ee21708b2c9db961ab1388282e1d0ebb5255360e12a02d64fa77c1b5aa39949a21da3e55c2c5f34e4fe74e0beb86231a138db6b308284ace48f254a2ca
-  data.tar.gz: a6b343856370bec0e8e2a32dedc274209070262336ac23d7cf9cbaee7ae99a97741dfcfae4148825601b09e9381369aa0d825e801428aae1bdfc7ed5a0c2f9bb
+  metadata.gz: 8c97d131c0f9aef554ab5ebb7fd06193ec50a50f7a81fc93a184ba30b5b91bf870c560a06ce9c5dfeb19dab7cb7410c771b355fbbfb1055e56327147c32c5a6a
+  data.tar.gz: 446f8d0a681376361e3b9eabd86b20f3bfe2d28bdb028edf0b78c6e21f9222a7eaed5de3ba4fecd5afa95059698a14f6f4aaeba083d31ff5c55f618b9cbcdb12

data/.gitignore

@@ -6,5 +6,9 @@
 /yardoc
 /log
 
+# Appraisal related files
+/gemfiles/.bundle/
+/gemfiles/*.gemfile.lock
+
 /Gemfile.lock
 .byebug_history

data/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "spec/fixtures/mauth-protocol-test-suite"]
+	path = spec/fixtures/mauth-protocol-test-suite
+	url = https://github.com/mdsol/mauth-protocol-test-suite.git

data/.rspec

@@ -0,0 +1 @@
+--color

data/.travis.yml

@@ -2,24 +2,33 @@ language: ruby
 cache: bundler
 
 rvm:
-  - 2.3.8
-  - 2.4.6
-  - 2.5.5
-  - 2.6.3
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
+  - 2.7
+
+gemfile:
+  - gemfiles/faraday_0.x.gemfile
+  - gemfiles/faraday_1.x.gemfile
 
 before_install:
-  - gem update --system -N > /dev/null && echo "Rubygems version $(gem --version)"
-  - gem install bundler --force -N -v=2.0.1 && bundle --version
+  - gem update --system --force -N > /dev/null && echo "Rubygems version $(gem --version)"
+  - gem install bundler --force -N -v=2.1.4 && bundle --version
 
 install:
   - bundle install --jobs=3 --retry=3
-  - |-
-    curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/master/travis_ci/fossa_install.sh | bash -s -- -b $TRAVIS_BUILD_DIR
+  - >-
+    curl -H 'Cache-Control: no-cache'
+    https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/master/travis_ci/fossa_install.sh |
+    bash -s -- -b $TRAVIS_BUILD_DIR
 
 script:
   - bundle exec rspec
-  - |-
-    curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/master/travis_ci/fossa_run.sh | bash -s -- -b $TRAVIS_BUILD_DIR
+  - >-
+    curl -H 'Cache-Control: no-cache'
+    https://raw.githubusercontent.com/mdsol/fossa_ci_scripts/master/travis_ci/fossa_run.sh |
+    bash -s -- -b $TRAVIS_BUILD_DIR
 
 deploy:
   provider: rubygems
@@ -29,4 +38,4 @@ deploy:
   on:
     tags: true
     repo: mdsol/mauth-client-ruby
-    condition: "$TRAVIS_RUBY_VERSION == 2.6.3"
+    condition: $TRAVIS_RUBY_VERSION == 2.7 && $BUNDLE_GEMFILE == $TRAVIS_BUILD_DIR/gemfiles/faraday_1.x.gemfile

data/Appraisals

@@ -0,0 +1,7 @@
+appraise 'faraday_0.x' do
+  gem 'faraday', '0.9.0'
+end
+
+appraise 'faraday_1.x' do
+  gem 'faraday', '~> 1.0'
+end

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+## v6.2.0
+* Drop legacy security token expiry in favor of honoring server cache headers via Faraday HTTP Cache Middleware.
+
+## v6.1.1
+* Replace `URI.escape` with `CGI.escape` in SecurityTokenCacher to suppress "URI.escape is obsolete" warning.
+
+## v6.1.0
+* Allow Faraday 1.x.
+
+## v6.0.0
+- Added parsing code to test with mauth-protocol-test-suite.
+- Added unescape step in query_string encoding in order to remove 'double encoding'.
+- Added normalization of paths.
+- Added flag to sign only with V1.
+- Changed V2 to V1 fallback to be configurable.
+- Fixed bug in sorting query parameters.
+
+## v5.1.0
+- Fall back to V1 when V2 authentication fails.
+
 ## v5.0.2
 - Fix to not raise FrozenError when string to sign contains frozen value.
 

data/CONTRIBUTING.md

@@ -1,5 +1,22 @@
 # Contributing
 
+## Cloning the Repo
+
+This repo contains the submodule `mauth-protocol-test-suite` so requires a flag when initially cloning in order to clone and init submodules.
+
+```
+git clone --recurse-submodules git@github.com:mdsol/mauth-client-ruby.git
+```
+
+If you have already cloned a version of this repo before the submodule was introduced in version 6.1.2 then run
+
+```
+cd spec/fixtures/mauth-protocol-test-suite
+git submodule update --init
+```
+
+to init the submodule.
+
 ## General Information
 
 * Check out the latest develop to make sure the feature hasn't been implemented or the bug hasn't been fixed yet

data/doc/implementations.md

@@ -4,8 +4,7 @@
 - Clojure: [clojure-mauth-client](https://github.com/mdsol/clojure-mauth-client)
 - Go: [go-mauth-client](https://github.com/mdsol/go-mauth-client)
 - Java: [mauth-jvm-clients](https://github.com/mdsol/mauth-jvm-clients)
-- Python:
-  - [requests-mauth](https://github.com/mdsol/requests-mauth)
-  - [flask-mauth](https://github.com/mdsol/flask-mauth)
+- Python: [mauth-client-python](https://github.com/mdsol/mauth-client-python)
 - R: [RMauthClient](https://github.com/mdsol/RMauthClient)
 - Ruby: [mauth-client-ruby](https://github.com/mdsol/mauth-client-ruby)
+- Rust: [mauth-client-rust](https://github.com/mdsol/mauth-client-rust)

data/doc/mauth.yml.md

@@ -29,6 +29,9 @@ common: &common
     SIY2exfsy7Y8NoOnBPlGiXKhgaF21T8kqV9C7R6OAuP0U6CgMJnINx/UjozvBENH
     Ux45QdvRd6vai8nHp7AgV7rr55SxXAZVgATll84uBUpfpmC6YK/j
     -----END RSA PRIVATE KEY-----
+  v2_only_authenticate: false
+  v2_only_sign_requests: false
+  disable_fallback_to_v1_on_v2_failure: true
 
 production:
   <<: *common
@@ -46,6 +49,10 @@ common: &common
   mauth_api_version: v1
   app_uuid: 123we997-0333-44d8-8fCf-5dd555c5bd51
   private_key_file: config/my_mauth_private.key
+  v2_only_authenticate: false
+  v2_only_sign_requests: false
+  disable_fallback_to_v1_on_v2_failure: true
+  v1_only_sign_requests: false
 
 production:
   <<: *common
@@ -62,6 +69,10 @@ test:
 - `app_uuid` - Required in the same circumstances where a `private_key` is required.
 - `mauth_baseurl` - Required for authentication but not for signing. Needed for local authentication to retrieve public keys and for remote authentication. Usually this is `https://mauth.imedidata.com` for production.
 - `mauth_api_version` - Required for authentication but not for signing. only `v1` exists as of this writing.
+- `v2_only_sign_requests` - If true, all outgoing requests will be signed with only the V2 protocol. Defaults to false.
+- `v2_only_authenticate` - If true, any incoming request or incoming response that does not use the V2 protocol will be rejected. Defaults to false.
+- `disable_fallback_to_v1_on_v2_failure` - If true, any incoming V2 requests that fail authentication will not fall back to V1 authentication. Defaults to false.
+- `v1_only_sign_requests` - If true, all outgoing requests will be signed with only the V1 protocol. Defaults to true. Note, cannot be `true` if `v2_only_sign_requests` is also `true`.
 
 ## Usage in your application
 

data/examples/Gemfile

@@ -1,4 +1,4 @@
 source 'https://rubygems.org'
 
-gem 'faraday', '~> 0.15'
+gem 'faraday', '~> 1.0'
 gem 'mauth-client', path: '..'

data/examples/Gemfile.lock

@@ -1,41 +1,47 @@
 PATH
   remote: ..
   specs:
-    mauth-client (4.1.0)
+    mauth-client (6.1.0)
+      addressable (~> 2.0)
       coderay (~> 1.0)
       dice_bag (>= 0.9, < 2.0)
-      faraday (~> 0.7)
-      faraday_middleware (~> 0.9)
+      faraday (>= 0.9, < 2.0)
+      faraday_middleware (>= 0.9, < 2.0)
       rack
       term-ansicolor (~> 1.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    coderay (1.1.2)
-    dice_bag (1.3.1)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    coderay (1.1.3)
+    dice_bag (1.4.1)
       diff-lcs (~> 1.0)
       rake
-      thor (~> 0.0)
-    diff-lcs (1.3)
-    faraday (0.15.3)
+      thor (< 2.0)
+    diff-lcs (1.4.4)
+    faraday (1.0.1)
       multipart-post (>= 1.2, < 3)
-    faraday_middleware (0.12.2)
-      faraday (>= 0.7.4, < 1.0)
-    multipart-post (2.0.0)
-    rack (2.0.6)
-    rake (12.3.1)
-    term-ansicolor (1.7.0)
+    faraday_middleware (1.0.0)
+      faraday (~> 1.0)
+    multipart-post (2.1.1)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rake (13.0.1)
+    sync (0.5.0)
+    term-ansicolor (1.7.1)
       tins (~> 1.0)
-    thor (0.20.3)
-    tins (1.20.2)
+    thor (1.0.1)
+    tins (1.25.0)
+      sync
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  faraday (~> 0.15)
+  faraday (~> 1.0)
   mauth-client!
 
 BUNDLED WITH
-   1.17.1
+   2.1.4

data/examples/config.yml

@@ -6,3 +6,7 @@ mauth:
   mauth_api_version: v1
   app_uuid: <APP UUID>
   private_key_file: ./mauth_key
+  v2_only_authenticate: false
+  v2_only_sign_requests: false
+  disable_fallback_to_v1_on_v2_failure: true
+  v1_only_sign_requests: false

data/gemfiles/faraday_0.x.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "faraday", "0.9.0"
+
+gemspec path: "../"

data/gemfiles/faraday_1.x.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "faraday", "~> 1.0"
+
+gemspec path: "../"

data/lib/mauth/client.rb

@@ -153,6 +153,12 @@ module MAuth
       @config['ssl_certs_path'] = given_config['ssl_certs_path'] if given_config['ssl_certs_path']
       @config['v2_only_authenticate'] = given_config['v2_only_authenticate'].to_s.downcase == 'true'
       @config['v2_only_sign_requests'] = given_config['v2_only_sign_requests'].to_s.downcase == 'true'
+      @config['disable_fallback_to_v1_on_v2_failure'] = given_config['disable_fallback_to_v1_on_v2_failure'].to_s.downcase == 'true'
+      @config['v1_only_sign_requests'] = given_config['v1_only_sign_requests'].to_s.downcase == 'true'
+
+      if @config['v2_only_sign_requests'] && @config['v1_only_sign_requests']
+        raise MAuth::Client::ConfigurationError, "v2_only_sign_requests and v1_only_sign_requests may not both be true"
+      end
 
       # if 'authenticator' was given, don't override that - including if it was given as nil / false
       if given_config.key?('authenticator')
@@ -205,6 +211,14 @@ module MAuth
       @config['v2_only_authenticate']
     end
 
+    def disable_fallback_to_v1_on_v2_failure?
+      @config['disable_fallback_to_v1_on_v2_failure']
+    end
+
+    def v1_only_sign_requests?
+      @config['v1_only_sign_requests']
+    end
+
     def assert_private_key(err)
       raise err unless private_key
     end

data/lib/mauth/client/authenticator_base.rb

@@ -19,10 +19,22 @@ module MAuth
 
       # raises InauthenticError unless the given object is authentic. Will only
       # authenticate with v2 if the environment variable V2_ONLY_AUTHENTICATE
-      # is set. Otherwise will authenticate with only the highest protocol version present
+      # is set. Otherwise will fall back to v1 when v2 authentication fails
       def authenticate!(object)
         if object.protocol_version == 2
-          authenticate_v2!(object)
+          begin
+            authenticate_v2!(object)
+          rescue InauthenticError => e
+            raise e if v2_only_authenticate?
+            raise e if disable_fallback_to_v1_on_v2_failure?
+
+            object.fall_back_to_mws_signature_info
+            raise e unless object.signature
+
+            log_authentication_request(object)
+            authenticate_v1!(object)
+            logger.warn("Completed successful authentication attempt after fallback to v1")
+          end
         elsif object.protocol_version == 1
           if v2_only_authenticate?
             # If v2 is required but not present and v1 is present we raise MissingV2Error

data/lib/mauth/client/remote_authenticator.rb

@@ -42,7 +42,7 @@ module MAuth
       def make_mauth_request(authentication_ticket)
         begin
           response = mauth_connection.post("/mauth/#{mauth_api_version}/authentication_tickets.json", 'authentication_ticket' => authentication_ticket)
-        rescue ::Faraday::Error::ConnectionFailed, ::Faraday::Error::TimeoutError => e
+        rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
           msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
           logger.error("Unable to authenticate with MAuth. Exception #{msg}")
           raise UnableToAuthenticateError, msg

data/lib/mauth/client/security_token_cacher.rb

@@ -1,15 +1,11 @@
+require 'faraday-http-cache'
+require 'oj'
+
 module MAuth
   class Client
     module LocalAuthenticator
       class SecurityTokenCacher
 
-        class ExpirableSecurityToken < Struct.new(:security_token, :create_time)
-          CACHE_LIFE = 60
-          def expired?
-            create_time + CACHE_LIFE < Time.now
-          end
-        end
-
         def initialize(mauth_client)
           @mauth_client = mauth_client
           # TODO: should this be UnableToSignError?
@@ -20,28 +16,20 @@ module MAuth
         end
 
         def get(app_uuid)
-          if !@cache[app_uuid] || @cache[app_uuid].expired?
+          if !@cache[app_uuid]
             # url-encode the app_uuid to prevent trickery like escaping upward with ../../ in a malicious
             # app_uuid - probably not exploitable, but this is the right way to do it anyway.
-            # use UNRESERVED instead of UNSAFE (the default) as UNSAFE doesn't include /
-            url_encoded_app_uuid = URI.escape(app_uuid, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+            url_encoded_app_uuid = CGI.escape(app_uuid)
             begin
               response = signed_mauth_connection.get("/mauth/#{@mauth_client.mauth_api_version}/security_tokens/#{url_encoded_app_uuid}.json")
-            rescue ::Faraday::Error::ConnectionFailed, ::Faraday::Error::TimeoutError => e
+            rescue ::Faraday::ConnectionFailed, ::Faraday::TimeoutError => e
               msg = "mAuth service did not respond; received #{e.class}: #{e.message}"
               @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
               raise UnableToAuthenticateError, msg
             end
             if response.status == 200
-              begin
-                security_token = JSON.parse(response.body)
-              rescue JSON::ParserError => e
-                msg =  "mAuth service responded with unparseable json: #{response.body}\n#{e.class}: #{e.message}"
-                @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
-                raise UnableToAuthenticateError, msg
-              end
               @cache_write_lock.synchronize do
-                @cache[app_uuid] = ExpirableSecurityToken.new(security_token, Time.now)
+                @cache[app_uuid] = security_token_from(response.body)
               end
             elsif response.status == 404
               # signing with a key mAuth doesn't know about is considered inauthentic
@@ -50,11 +38,19 @@ module MAuth
               @mauth_client.send(:mauth_service_response_error, response)
             end
           end
-          @cache[app_uuid].security_token
+          @cache[app_uuid]
         end
 
         private
 
+        def security_token_from(response_body)
+          JSON.parse response_body
+        rescue JSON::ParserError => e
+          msg =  "mAuth service responded with unparseable json: #{response_body}\n#{e.class}: #{e.message}"
+          @mauth_client.logger.error("Unable to authenticate with MAuth. Exception #{msg}")
+          raise UnableToAuthenticateError, msg
+        end
+
         def signed_mauth_connection
           require 'faraday'
           require 'mauth/faraday'
@@ -62,6 +58,7 @@ module MAuth
           @signed_mauth_connection ||= ::Faraday.new(@mauth_client.mauth_baseurl, @mauth_client.faraday_options) do |builder|
             builder.use MAuth::Faraday::MAuthClientUserAgent
             builder.use MAuth::Faraday::RequestSigner, 'mauth_client' => @mauth_client
+            builder.use :http_cache, serializer: Oj, logger: MAuth::Client.new.logger, shared_cache: false
             builder.adapter ::Faraday.default_adapter
           end
         end

data/lib/mauth/client/signer.rb

@@ -30,6 +30,8 @@ module MAuth
       def signed_headers(object, attributes = {})
         if v2_only_sign_requests?
           signed_headers_v2(object, attributes)
+        elsif v1_only_sign_requests?
+          signed_headers_v1(object, attributes)
         else # by default sign with both the v1 and v2 protocol
           signed_headers_v1(object, attributes).merge(signed_headers_v2(object, attributes))
         end

data/lib/mauth/dice_bag/mauth.yml.dice

@@ -7,6 +7,8 @@ common: &common
   private_key_file: config/mauth_key
   v2_only_authenticate: <%= configured.v2_only_authenticate || 'false' %>
   v2_only_sign_requests: <%= configured.v2_only_sign_requests || 'false' %>
+  disable_fallback_to_v1_on_v2_failure: <%= configured.disable_fallback_to_v1_on_v2_failure || 'false' %>
+  v1_only_sign_requests: <%= configured.v1_only_sign_requests || 'true' %>
 
 production:
   <<: *common

data/lib/mauth/request_and_response.rb

@@ -1,4 +1,5 @@
 require 'digest'
+require 'addressable'
 
 module MAuth
   # module which composes a string to sign.
@@ -25,7 +26,7 @@ module MAuth
     # for responses:
     #   string_to_sign =
     #     status_code_string + <LF> +
-    #     response_body_digest + <LF> +
+    #     response_body + <LF> +
     #     app_uuid + <LF> +
     #     current_seconds_since_epoch
     def string_to_sign_v1(more_attributes)
@@ -59,9 +60,10 @@ module MAuth
 
       # memoization of body_digest to avoid hashing three times when we call
       # string_to_sign_v2 three times in client#signature_valid_v2!
-      # note that if :body is nil we hash an empty string ("")
-      attrs_with_overrides[:body_digest] ||= Digest::SHA512.hexdigest(attrs_with_overrides[:body].to_s)
-      attrs_with_overrides[:encoded_query_params] = encode_query_string(attrs_with_overrides[:query_string].to_s)
+      # note that if :body is nil we hash an empty string ('')
+      attrs_with_overrides[:body_digest] ||= Digest::SHA512.hexdigest(attrs_with_overrides[:body] || '')
+      attrs_with_overrides[:encoded_query_params] = unescape_encode_query_string(attrs_with_overrides[:query_string] || '')
+      attrs_with_overrides[:request_url] = normalize_path(attrs_with_overrides[:request_url])
 
       missing_attributes = self.class::SIGNATURE_COMPONENTS_V2.reject do |key|
         attrs_with_overrides.dig(key)
@@ -78,12 +80,26 @@ module MAuth
       end.join("\n")
     end
 
+    # Addressable::URI.parse(path).normalize.to_s.squeeze('/')
+    def normalize_path(path)
+      return if path.nil?
+
+      # Addressable::URI.normalize_path normalizes `.` and `..` in path
+      #   i.e. /./example => /example ; /example/.. => /
+      # String#squeeze removes duplicated slahes i.e. /// => /
+      # String#gsub normalizes percent encoding to uppercase i.e. %cf%80 => %CF%80
+      Addressable::URI.normalize_path(path).squeeze('/').
+        gsub(/%[a-f0-9]{2}/, &:upcase)
+    end
+
     # sorts query string parameters by codepoint, uri encodes keys and values,
     # and rejoins parameters into a query string
-    def encode_query_string(q_string)
-      q_string.split('&').sort.map do |part|
-        k, e, v = part.partition('=')
-        uri_escape(k) + e + uri_escape(v)
+    def unescape_encode_query_string(q_string)
+      fir = q_string.split('&').map do |part|
+        k, _eq, v = part.partition('=')
+        [CGI.unescape(k), CGI.unescape(v)]
+      end.sort.map do |k, v|
+        "#{uri_escape(k)}=#{uri_escape(v)}"
       end.join('&')
     end
 
@@ -115,23 +131,17 @@ module MAuth
   # - #x_mws_authentication which returns that header's value
   # - #x_mws_time
   module Signed
-    # mauth_client will authenticate with the highest protocol version present and ignore other
-    # protocol versions.
+    # mauth_client will authenticate with the highest protocol version present and if authentication fails,
+    # will fall back to lower protocol versions (if provided).
     # returns a hash with keys :token, :app_uuid, and :signature parsed from the MCC-Authentication header
     # if it is present and if not then the X-MWS-Authentication header if it is present.
     # Note MWSV2 protocol no longer allows more than one space between the token and app uuid.
     def signature_info
-      @signature_info ||= begin
-        match = if mcc_authentication
-          mcc_authentication.match(
-            /\A(#{MAuth::Client::MWSV2_TOKEN}) ([^:]+):([^:]+)#{MAuth::Client::AUTH_HEADER_DELIMITER}\z/
-          )
-        elsif x_mws_authentication
-          x_mws_authentication.match(/\A([^ ]+) *([^:]+):([^:]+)\z/)
-        end
-
-        match ? { token: match[1], app_uuid: match[2], signature: match[3] } : {}
-      end
+      @signature_info ||= build_signature_info(mcc_data || x_mws_data)
+    end
+
+    def fall_back_to_mws_signature_info
+      @signature_info = build_signature_info(x_mws_data)
     end
 
     def signature_app_uuid
@@ -153,6 +163,22 @@ module MAuth
         1
       end
     end
+
+    private
+
+    def build_signature_info(match_data)
+      match_data ? { token: match_data[1], app_uuid: match_data[2], signature: match_data[3] } : {}
+    end
+
+    def mcc_data
+      mcc_authentication&.match(
+        /\A(#{MAuth::Client::MWSV2_TOKEN}) ([^:]+):([^:]+)#{MAuth::Client::AUTH_HEADER_DELIMITER}\z/
+      )
+    end
+
+    def x_mws_data
+      x_mws_authentication&.match(/\A([^ ]+) *([^:]+):([^:]+)\z/)
+    end
   end
 
   # virtual base class for signable requests

data/lib/mauth/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module MAuth
-  VERSION = '5.0.2'.freeze
+  VERSION = '6.2.0'
 end

data/mauth-client.gemspec

@@ -18,13 +18,17 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'faraday', '~> 0.7'
-  spec.add_dependency 'faraday_middleware', '~> 0.9'
+  spec.add_dependency 'faraday', '>= 0.9', '< 2.0'
+  spec.add_dependency 'faraday_middleware', '>= 0.9', '< 2.0'
+  spec.add_dependency 'faraday-http-cache', '>= 2.0', '< 3.0'
+  spec.add_dependency 'oj', '~> 3.0'
   spec.add_dependency 'term-ansicolor', '~> 1.0'
   spec.add_dependency 'coderay', '~> 1.0'
   spec.add_dependency 'rack'
   spec.add_dependency 'dice_bag', '>= 0.9', '< 2.0'
+  spec.add_dependency 'addressable', '~> 2.0'
 
+  spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'bundler', '>= 1.17'
   spec.add_development_dependency 'byebug'
   spec.add_development_dependency 'rack-test', '~> 1.1.0'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mauth-client
 version: !ruby/object:Gem::Version
-  version: 5.0.2
+  version: 6.2.0
 platform: ruby
 authors:
 - Matthew Szenher
@@ -11,36 +11,82 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-08-21 00:00:00.000000000 Z
+date: 2021-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.9'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.9'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.9'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0.9'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: faraday-http-cache
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: oj
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement
@@ -103,6 +149,34 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -228,8 +302,11 @@ extra_rdoc_files: []
 files:
 - ".fossa.yml"
 - ".gitignore"
+- ".gitmodules"
+- ".rspec"
 - ".travis.yml"
 - ".yardopts"
+- Appraisals
 - CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile
@@ -248,6 +325,8 @@ files:
 - examples/mauth_key
 - exe/mauth-client
 - exe/mauth-proxy
+- gemfiles/faraday_0.x.gemfile
+- gemfiles/faraday_1.x.gemfile
 - lib/mauth-client.rb
 - lib/mauth/autoload.rb
 - lib/mauth/client.rb
@@ -290,8 +369,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: Sign and authenticate requests and responses with mAuth authentication.