RubyGems - mauth-client - Versions diffs - 6.4.1 → 6.4.3 - Mend

mauth-client 6.4.1 → 6.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9219adefc5bedb36c4994be6309d39c8cb2b2e67a91d8a12f2119caf288df26
-  data.tar.gz: aff48af8ae57b3a4cd12f094abe3ac5c002379177465f1870e739e180e4f37cc
+  metadata.gz: 2c5c8ded4837eb0121ecd7fd62c01bec223b6db9fb50a1b3980498aa36d71bf8
+  data.tar.gz: 67b03ee8a3fd10cafea89cffe72612b68b7c8069a58adf7a6b33ce59263fdb00
 SHA512:
-  metadata.gz: 5c2dac6db5f67e885d634c428b0dbe0eaeee6a3a74a5dffa64f267e8dd7f3666e7d129ac4dda66fc02d41503c5245cdd546e17d6bd88d217a80ecacbfcae11c3
-  data.tar.gz: 1fdbb74b94544f25b3827638f0ffb853beb19e6e40bcbb1b4b31b547934c9266903fb9e7386e54a251dee2fecc629fb0c6b16cfcb1cdf44a678369ed67b0f32d
+  metadata.gz: d217082d10bcedd5aa63d8149cab66743037bf53e714d5400a7fe1315684e1490a81d5b9aac5dc7d181d66c04d800daf60e79504e64422d8b9ad47c489fb4c31
+  data.tar.gz: bd187aa095910349963d0046d0426527bb89a770104b54351f49933a90a95ad91f74c965d8b48f63f2faf43c4d2d248f1f61dd07b20cb099c2f19250476fbb2e

data/.rubocop.yml CHANGED Viewed

@@ -5,6 +5,7 @@ require:
   - rubocop-performance
 AllCops:
+  TargetRubyVersion: 2.6
   Exclude:
     - gemfiles/**/*

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.6.9
1	+ 2.7.6

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,9 @@
+## v6.4.3
+- Force Rack > 2.2.3 to resolve [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr).
+## v6.4.2
+- Add MAuth::ServerHelper module with convenience methods for servers to access requester app uuid.
 ## v6.4.1
 - Fix MAuth::Rack::Response to not raise FrozenError.

data/examples/Gemfile.lock CHANGED Viewed

@@ -1,27 +1,27 @@
 PATH
   remote: ..
   specs:
-    mauth-client (6.4.0)
+    mauth-client (6.4.3)
       addressable (~> 2.0)
       coderay (~> 1.0)
       dice_bag (>= 0.9, < 2.0)
       faraday (>= 0.9, < 3.0)
       faraday-http-cache (>= 2.0, < 3.0)
-      rack
+      rack (> 2.2.3)
       term-ansicolor (~> 1.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
     coderay (1.1.3)
     dice_bag (1.6.1)
       diff-lcs (~> 1.0)
       rake
       thor (< 2.0)
     diff-lcs (1.5.0)
-    faraday (1.9.3)
+    faraday (1.10.2)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -36,26 +36,26 @@ GEM
     faraday-em_http (1.0.0)
     faraday-em_synchrony (1.0.0)
     faraday-excon (1.1.0)
-    faraday-http-cache (2.2.0)
+    faraday-http-cache (2.4.1)
       faraday (>= 0.8)
     faraday-httpclient (1.0.1)
-    faraday-multipart (1.0.3)
-      multipart-post (>= 1.2, < 3)
+    faraday-multipart (1.0.4)
+      multipart-post (~> 2)
     faraday-net_http (1.0.1)
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    multipart-post (2.1.1)
-    public_suffix (4.0.6)
-    rack (2.2.3)
+    multipart-post (2.2.3)
+    public_suffix (5.0.0)
+    rack (3.0.0)
     rake (13.0.6)
     ruby2_keywords (0.0.5)
     sync (0.5.0)
     term-ansicolor (1.7.1)
       tins (~> 1.0)
     thor (1.2.1)
-    tins (1.31.0)
+    tins (1.31.1)
       sync
 PLATFORMS

data/lib/mauth/client.rb CHANGED Viewed

@@ -29,6 +29,7 @@ module MAuth
     MWS_TOKEN = 'MWS'
     MWSV2_TOKEN = 'MWSV2'
     AUTH_HEADER_DELIMITER = ';'
+    RACK_ENV_APP_UUID_KEY = 'mauth.app_uuid'
     include AuthenticatorBase
     include Signer

data/lib/mauth/fake/rack.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module MAuth
                    env['mauth.protocol_version'] = mauth_request.protocol_version
                    if self.class.is_authentic?
-                     @app.call(env.merge!('mauth.app_uuid' => mauth_request.signature_app_uuid,
+                     @app.call(env.merge!(MAuth::Client::RACK_ENV_APP_UUID_KEY => mauth_request.signature_app_uuid,
                        'mauth.authentic' => true))
                    else
                      response_for_inauthentic_request(env)

data/lib/mauth/faraday.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module MAuth
         @app.call(request_env).on_complete do |response_env|
           mauth_response = MAuth::Faraday::Response.new(response_env)
           mauth_client.authenticate!(mauth_response) # raises MAuth::InauthenticError when inauthentic
-          response_env['mauth.app_uuid'] = mauth_response.signature_app_uuid
+          response_env[MAuth::Client::RACK_ENV_APP_UUID_KEY] = mauth_response.signature_app_uuid
           response_env['mauth.authentic'] = true
           response_env
         end

data/lib/mauth/rack.rb CHANGED Viewed

@@ -29,7 +29,7 @@ module MAuth
         begin
           if mauth_client.authentic?(mauth_request)
             @app.call(env.merge!(
-              'mauth.app_uuid' => mauth_request.signature_app_uuid,
+              MAuth::Client::RACK_ENV_APP_UUID_KEY => mauth_request.signature_app_uuid,
               'mauth.authentic' => true
             ))
           else

data/lib/mauth/server_helper.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module MAuth
+  module ServerHelper
+    def app_uuid(request)
+      request.env[MAuth::Client::RACK_ENV_APP_UUID_KEY]
+    end
+    def app_uuid_from_env(env)
+      env[MAuth::Client::RACK_ENV_APP_UUID_KEY]
+    end
+  end
+end

data/lib/mauth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module MAuth
-  VERSION = '6.4.1'
+  VERSION = '6.4.3'
 end

data/mauth-client.gemspec CHANGED Viewed

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'dice_bag', '>= 0.9', '< 2.0'
   spec.add_dependency 'faraday', '>= 0.9', '< 3.0'
   spec.add_dependency 'faraday-http-cache', '>= 2.0', '< 3.0'
-  spec.add_dependency 'rack'
+  spec.add_dependency 'rack', '> 2.2.3'
   spec.add_dependency 'term-ansicolor', '~> 1.0'
   spec.add_development_dependency 'appraisal'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mauth-client
 version: !ruby/object:Gem::Version
-  version: 6.4.1
+  version: 6.4.3
 platform: ruby
 authors:
 - Matthew Szenher
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-02-28 00:00:00.000000000 Z
+date: 2022-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -105,16 +105,16 @@ dependencies:
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement
@@ -372,6 +372,7 @@ files:
 - lib/mauth/proxy.rb
 - lib/mauth/rack.rb
 - lib/mauth/request_and_response.rb
+- lib/mauth/server_helper.rb
 - lib/mauth/version.rb
 - lib/rack/mauth.rb
 - mauth-client.gemspec
@@ -394,7 +395,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Sign and authenticate requests and responses with mAuth authentication.