RubyGems - mauth-client - Versions diffs - 6.4.1 → 6.4.3 - Mend

mauth-client 6.4.1 → 6.4.3

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9219adefc5bedb36c4994be6309d39c8cb2b2e67a91d8a12f2119caf288df26
-  data.tar.gz: aff48af8ae57b3a4cd12f094abe3ac5c002379177465f1870e739e180e4f37cc
+  metadata.gz: 2c5c8ded4837eb0121ecd7fd62c01bec223b6db9fb50a1b3980498aa36d71bf8
+  data.tar.gz: 67b03ee8a3fd10cafea89cffe72612b68b7c8069a58adf7a6b33ce59263fdb00
 SHA512:
-  metadata.gz: 5c2dac6db5f67e885d634c428b0dbe0eaeee6a3a74a5dffa64f267e8dd7f3666e7d129ac4dda66fc02d41503c5245cdd546e17d6bd88d217a80ecacbfcae11c3
-  data.tar.gz: 1fdbb74b94544f25b3827638f0ffb853beb19e6e40bcbb1b4b31b547934c9266903fb9e7386e54a251dee2fecc629fb0c6b16cfcb1cdf44a678369ed67b0f32d
+  metadata.gz: d217082d10bcedd5aa63d8149cab66743037bf53e714d5400a7fe1315684e1490a81d5b9aac5dc7d181d66c04d800daf60e79504e64422d8b9ad47c489fb4c31
+  data.tar.gz: bd187aa095910349963d0046d0426527bb89a770104b54351f49933a90a95ad91f74c965d8b48f63f2faf43c4d2d248f1f61dd07b20cb099c2f19250476fbb2e

data/.rubocop.yml CHANGED Viewed

@@ -5,6 +5,7 @@ require:
   - rubocop-performance
 AllCops:
+  TargetRubyVersion: 2.6
   Exclude:
     - gemfiles/**/*

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.6.9
1	+ 2.7.6

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,9 @@
+## v6.4.3
+- Force Rack > 2.2.3 to resolve [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr).
+## v6.4.2
+- Add MAuth::ServerHelper module with convenience methods for servers to access requester app uuid.
 ## v6.4.1
 - Fix MAuth::Rack::Response to not raise FrozenError.

data/examples/Gemfile.lock CHANGED Viewed

@@ -1,27 +1,27 @@
 PATH
   remote: ..
   specs:
-    mauth-client (6.4.0)
+    mauth-client (6.4.3)
       addressable (~> 2.0)
       coderay (~> 1.0)
       dice_bag (>= 0.9, < 2.0)
       faraday (>= 0.9, < 3.0)
       faraday-http-cache (>= 2.0, < 3.0)
-      rack
+      rack (> 2.2.3)
       term-ansicolor (~> 1.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
     coderay (1.1.3)
     dice_bag (1.6.1)
       diff-lcs (~> 1.0)
       rake
       thor (< 2.0)
     diff-lcs (1.5.0)
-    faraday (1.9.3)
+    faraday (1.10.2)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -36,26 +36,26 @@ GEM
     faraday-em_http (1.0.0)
     faraday-em_synchrony (1.0.0)
     faraday-excon (1.1.0)
-    faraday-http-cache (2.2.0)
+    faraday-http-cache (2.4.1)
       faraday (>= 0.8)
     faraday-httpclient (1.0.1)
-    faraday-multipart (1.0.3)
-      multipart-post (>= 1.2, < 3)
+    faraday-multipart (1.0.4)
+      multipart-post (~> 2)
     faraday-net_http (1.0.1)
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    multipart-post (2.1.1)
-    public_suffix (4.0.6)
-    rack (2.2.3)
+    multipart-post (2.2.3)
+    public_suffix (5.0.0)
+    rack (3.0.0)
     rake (13.0.6)
     ruby2_keywords (0.0.5)
     sync (0.5.0)
     term-ansicolor (1.7.1)
       tins (~> 1.0)
     thor (1.2.1)
-    tins (1.31.0)
+    tins (1.31.1)
       sync
 PLATFORMS

data/lib/mauth/client.rb CHANGED Viewed

@@ -29,6 +29,7 @@ module MAuth
     MWS_TOKEN = 'MWS'
     MWSV2_TOKEN = 'MWSV2'
     AUTH_HEADER_DELIMITER = ';'
+    RACK_ENV_APP_UUID_KEY = 'mauth.app_uuid'
     include AuthenticatorBase
     include Signer

data/lib/mauth/fake/rack.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module MAuth
                    env['mauth.protocol_version'] = mauth_request.protocol_version
                    if self.class.is_authentic?
-                     @app.call(env.merge!('mauth.app_uuid' => mauth_request.signature_app_uuid,
+                     @app.call(env.merge!(MAuth::Client::RACK_ENV_APP_UUID_KEY => mauth_request.signature_app_uuid,
                        'mauth.authentic' => true))
                    else
                      response_for_inauthentic_request(env)

data/lib/mauth/faraday.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module MAuth
         @app.call(request_env).on_complete do |response_env|
           mauth_response = MAuth::Faraday::Response.new(response_env)
           mauth_client.authenticate!(mauth_response) # raises MAuth::InauthenticError when inauthentic
-          response_env['mauth.app_uuid'] = mauth_response.signature_app_uuid
+          response_env[MAuth::Client::RACK_ENV_APP_UUID_KEY] = mauth_response.signature_app_uuid
           response_env['mauth.authentic'] = true
           response_env
         end

data/lib/mauth/rack.rb CHANGED Viewed

@@ -29,7 +29,7 @@ module MAuth
         begin
           if mauth_client.authentic?(mauth_request)
             @app.call(env.merge!(
-              'mauth.app_uuid' => mauth_request.signature_app_uuid,
+              MAuth::Client::RACK_ENV_APP_UUID_KEY => mauth_request.signature_app_uuid,
               'mauth.authentic' => true
             ))
           else

data/lib/mauth/server_helper.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module MAuth
+  module ServerHelper
+    def app_uuid(request)
+      request.env[MAuth::Client::RACK_ENV_APP_UUID_KEY]
+    end
+    def app_uuid_from_env(env)
+      env[MAuth::Client::RACK_ENV_APP_UUID_KEY]
+    end
+  end
+end

data/lib/mauth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module MAuth
-  VERSION = '6.4.1'
+  VERSION = '6.4.3'
 end

data/mauth-client.gemspec CHANGED Viewed

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'dice_bag', '>= 0.9', '< 2.0'
   spec.add_dependency 'faraday', '>= 0.9', '< 3.0'
   spec.add_dependency 'faraday-http-cache', '>= 2.0', '< 3.0'
-  spec.add_dependency 'rack'
+  spec.add_dependency 'rack', '> 2.2.3'
   spec.add_dependency 'term-ansicolor', '~> 1.0'
   spec.add_development_dependency 'appraisal'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mauth-client
 version: !ruby/object:Gem::Version
-  version: 6.4.1
+  version: 6.4.3
 platform: ruby
 authors:
 - Matthew Szenher
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-02-28 00:00:00.000000000 Z
+date: 2022-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -105,16 +105,16 @@ dependencies:
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement
@@ -372,6 +372,7 @@ files:
 - lib/mauth/proxy.rb
 - lib/mauth/rack.rb
 - lib/mauth/request_and_response.rb
+- lib/mauth/server_helper.rb
 - lib/mauth/version.rb
 - lib/rack/mauth.rb
 - mauth-client.gemspec
@@ -394,7 +395,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Sign and authenticate requests and responses with mAuth authentication.