oauth2 1.4.1 → 1.4.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (72) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +67 -10
  3. data/CODE_OF_CONDUCT.md +105 -46
  4. data/LICENSE +1 -1
  5. data/README.md +290 -98
  6. data/lib/oauth2/access_token.rb +15 -5
  7. data/lib/oauth2/authenticator.rb +13 -1
  8. data/lib/oauth2/client.rb +133 -51
  9. data/lib/oauth2/error.rb +3 -1
  10. data/lib/oauth2/mac_token.rb +18 -10
  11. data/lib/oauth2/response.rb +7 -3
  12. data/lib/oauth2/strategy/assertion.rb +6 -4
  13. data/lib/oauth2/strategy/auth_code.rb +3 -1
  14. data/lib/oauth2/strategy/base.rb +2 -0
  15. data/lib/oauth2/strategy/client_credentials.rb +3 -1
  16. data/lib/oauth2/strategy/implicit.rb +3 -1
  17. data/lib/oauth2/strategy/password.rb +5 -3
  18. data/lib/oauth2/version.rb +14 -8
  19. data/lib/oauth2.rb +2 -0
  20. data/spec/fixtures/README.md +11 -0
  21. data/spec/fixtures/RS256/jwtRS256.key +51 -0
  22. data/spec/fixtures/RS256/jwtRS256.key.pub +14 -0
  23. data/spec/helper.rb +33 -0
  24. data/spec/oauth2/access_token_spec.rb +218 -0
  25. data/spec/oauth2/authenticator_spec.rb +86 -0
  26. data/spec/oauth2/client_spec.rb +556 -0
  27. data/spec/oauth2/mac_token_spec.rb +122 -0
  28. data/spec/oauth2/response_spec.rb +96 -0
  29. data/spec/oauth2/strategy/assertion_spec.rb +113 -0
  30. data/spec/oauth2/strategy/auth_code_spec.rb +108 -0
  31. data/spec/oauth2/strategy/base_spec.rb +7 -0
  32. data/spec/oauth2/strategy/client_credentials_spec.rb +71 -0
  33. data/spec/oauth2/strategy/implicit_spec.rb +28 -0
  34. data/spec/oauth2/strategy/password_spec.rb +58 -0
  35. data/spec/oauth2/version_spec.rb +23 -0
  36. metadata +86 -77
  37. data/.document +0 -5
  38. data/.gitignore +0 -12
  39. data/.jrubyrc +0 -1
  40. data/.rspec +0 -2
  41. data/.rubocop.yml +0 -80
  42. data/.rubocop_rspec.yml +0 -26
  43. data/.rubocop_todo.yml +0 -15
  44. data/.travis.yml +0 -49
  45. data/CONTRIBUTING.md +0 -18
  46. data/Gemfile +0 -41
  47. data/Rakefile +0 -45
  48. data/gemfiles/jruby_1.7.gemfile +0 -11
  49. data/gemfiles/jruby_1.7.gemfile.lock +0 -81
  50. data/gemfiles/jruby_9.0.gemfile +0 -13
  51. data/gemfiles/jruby_9.1.gemfile +0 -17
  52. data/gemfiles/jruby_9.1.gemfile.lock +0 -112
  53. data/gemfiles/jruby_9.2.gemfile +0 -17
  54. data/gemfiles/jruby_9.2.gemfile.lock +0 -112
  55. data/gemfiles/jruby_head.gemfile +0 -17
  56. data/gemfiles/ruby_1.9.gemfile +0 -16
  57. data/gemfiles/ruby_1.9.gemfile.lock +0 -85
  58. data/gemfiles/ruby_2.0.gemfile +0 -17
  59. data/gemfiles/ruby_2.0.gemfile.lock +0 -90
  60. data/gemfiles/ruby_2.1.gemfile +0 -19
  61. data/gemfiles/ruby_2.1.gemfile.lock +0 -109
  62. data/gemfiles/ruby_2.2.gemfile +0 -17
  63. data/gemfiles/ruby_2.2.gemfile.lock +0 -108
  64. data/gemfiles/ruby_2.3.gemfile +0 -17
  65. data/gemfiles/ruby_2.3.gemfile.lock +0 -108
  66. data/gemfiles/ruby_2.4.gemfile +0 -17
  67. data/gemfiles/ruby_2.4.gemfile.lock +0 -108
  68. data/gemfiles/ruby_2.5.gemfile +0 -17
  69. data/gemfiles/ruby_2.5.gemfile.lock +0 -108
  70. data/gemfiles/ruby_head.gemfile +0 -17
  71. data/gemfiles/ruby_head.gemfile.lock +0 -108
  72. data/oauth2.gemspec +0 -40
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c91742d7784cd1d8b7e085cefa2ad5e0f5931112741ca2e6fd50a925d404854e
4
- data.tar.gz: befcd535b9af7309adf7f320b29280ee020b9d66517cd08824b143b9b41dbd79
3
+ metadata.gz: ecc51b3695e669f4853934aa43c64de29380877340685e35e44ccc1be8957226
4
+ data.tar.gz: aa8e0e388084a5374743b1fc7122fd85729f41876fdbe9d679a441813cb3e10c
5
5
  SHA512:
6
- metadata.gz: 8175756609903d2bd60b635301c6f3a67fe55a3c8ebb6bda5e1e6f8c66cc0d861685f4ed78882ec2602ba6e8ce113b50e3aa94cb4f907515ada5fe93e4bcb579
7
- data.tar.gz: 711dbe14418c8599fe5ae05cffa4dd60d0a0891a1438999ef00bcea495f87ecf0a6c1d928795f61e06396a11983b9670d4a933b5db93f10b4eb350406ea348e0
6
+ metadata.gz: 06c89fbcf461bc08dce02c484b7fef1284d31bed026c606bf966fe85ca351451063763e9c580e9f716bd7a811e0dd8d2f0b3572df5190724dcaf0c539fd9d4aa
7
+ data.tar.gz: cf59ec61aa6d7e7c595ff2b5ea73a24441364300ba846efb52508907568ed5aa62619b69dec6428bbfbd341540a4d802709b03703e431fc83ed1de9634d10523
data/CHANGELOG.md CHANGED
@@ -1,19 +1,69 @@
1
1
  # Change Log
2
2
  All notable changes to this project will be documented in this file.
3
3
 
4
- ## [unreleased]
4
+ ## unreleased
5
5
 
6
- - no changes yet
6
+ ## [1.4.9] - 2022-02-20
7
+
8
+ - Fixes compatibility with Faraday v2 [572](https://github.com/oauth-xx/oauth2/issues/572)
9
+ - Includes supported versions of Faraday in test matrix:
10
+ - Faraday ~> 2.2.0 with Ruby >= 2.6
11
+ - Faraday ~> 1.10 with Ruby >= 2.4
12
+ - Faraday ~> 0.17.3 with Ruby >= 1.9
13
+ - Add Windows and MacOS to test matrix
14
+
15
+ ## [1.4.8] - 2022-02-18
16
+
17
+ - MFA is now required to push new gem versions (@pboling)
18
+ - README overhaul w/ new Ruby Verion and Engine compatibility policies (@pboling)
19
+ - [#569](https://github.com/oauth-xx/oauth2/pull/569) Backport fixes ([#561](https://github.com/oauth-xx/oauth2/pull/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
20
+ - Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
21
+ - Add CodeQL, Security Policy, Funding info (@pboling)
22
+ - Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
23
+ - [#543](https://github.com/oauth-xx/oauth2/pull/543) - Support for more modern Open SSL libraries (@pboling)
24
+
25
+ ## [1.4.7] - 2021-03-19
26
+
27
+ - [#541](https://github.com/oauth-xx/oauth2/pull/541) - Backport fix to expires_at handling [#533](https://github.com/oauth-xx/oauth2/pull/533) to 1-4-stable branch. (@dobon)
28
+
29
+ ## [1.4.6] - 2021-03-19
30
+
31
+ - [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling)
32
+ - [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
33
+ - [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests for version 1.4 (@anderscarling)
34
+
35
+ ## [1.4.5] - 2021-03-18
36
+
37
+ - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions (@pboling)
38
+ - [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
39
+ - [#507](https://github.com/oauth-xx/oauth2/pull/507) - Fix camel case content type, response keys (@anvox)
40
+ - [#500](https://github.com/oauth-xx/oauth2/pull/500) - Fix YARD documentation formatting (@olleolleolle)
41
+
42
+ ## [1.4.4] - 2020-02-12
43
+
44
+ - [#408](https://github.com/oauth-xx/oauth2/pull/408) - Fixed expires_at for formatted time (@Lomey)
45
+
46
+ ## [1.4.3] - 2020-01-29
47
+
48
+ - [#483](https://github.com/oauth-xx/oauth2/pull/483) - add project metadata to gemspec (@orien)
49
+ - [#495](https://github.com/oauth-xx/oauth2/pull/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
50
+ - Adds support for private_key_jwt and tls_client_auth
51
+ - [#433](https://github.com/oauth-xx/oauth2/pull/433) - allow field names with square brackets and numbers in params (@asm256)
52
+
53
+ ## [1.4.2] - 2019-10-01
54
+
55
+ - [#478](https://github.com/oauth-xx/oauth2/pull/478) - support latest version of faraday & fix build (@pboling)
56
+ - officially support Ruby 2.6 and truffleruby
7
57
 
8
58
  ## [1.4.1] - 2018-10-13
9
59
 
10
- - [#417](oauth-xx/oauth2#417) - update jwt dependency (@thewoolleyman)
11
- - [#418](oauth-xx/oauth2#418) - remove rubocop dependency (temporary, added back in [#423](oauth-xx/oauth2#423)) (@pboling)
12
- - [#419](oauth-xx/oauth2#419) - update faraday dependency (@pboling)
13
- - [#420](oauth-xx/oauth2#420) - update [oauth2.gemspec](oauth2.gemspec) (@pboling)
14
- - [#421](oauth-xx/oauth2#421) - fix [CHANGELOG.md](CHANGELOG.md) for previous releases (@pboling)
15
- - [#422](oauth-xx/oauth2#422) - update [LICENSE](LICENSE) and [README.md](README.md) (@pboling)
16
- - [#423](oauth-xx/oauth2#423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](Rakefile) (@pboling)
60
+ - [#417](https://github.com/oauth-xx/oauth2/pull/417) - update jwt dependency (@thewoolleyman)
61
+ - [#419](https://github.com/oauth-xx/oauth2/pull/419) - remove rubocop dependency (temporary, added back in [#423](https://github.com/oauth-xx/oauth2/pull/423)) (@pboling)
62
+ - [#418](https://github.com/oauth-xx/oauth2/pull/418) - update faraday dependency (@pboling)
63
+ - [#420](https://github.com/oauth-xx/oauth2/pull/420) - update [oauth2.gemspec](https://github.com/oauth-xx/oauth2/blob/1-4-stable/oauth2.gemspec) (@pboling)
64
+ - [#421](https://github.com/oauth-xx/oauth2/pull/421) - fix [CHANGELOG.md](https://github.com/oauth-xx/oauth2/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling)
65
+ - [#422](https://github.com/oauth-xx/oauth2/pull/422) - update [LICENSE](https://github.com/oauth-xx/oauth2/blob/1-4-stable/LICENSE) and [README.md](https://github.com/oauth-xx/oauth2/blob/1-4-stable/README.md) (@pboling)
66
+ - [#423](https://github.com/oauth-xx/oauth2/pull/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://github.com/oauth-xx/oauth2/blob/1-4-stable/Rakefile) (@pboling)
17
67
  - officially document supported Rubies
18
68
  * Ruby 1.9.3
19
69
  * Ruby 2.0.0
@@ -136,4 +186,11 @@ All notable changes to this project will be documented in this file.
136
186
  [1.3.1]: https://github.com/oauth-xx/oauth2/compare/v1.3.0...v1.3.1
137
187
  [1.4.0]: https://github.com/oauth-xx/oauth2/compare/v1.3.1...v1.4.0
138
188
  [1.4.1]: https://github.com/oauth-xx/oauth2/compare/v1.4.0...v1.4.1
139
- [unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.0...1-4-stable
189
+ [1.4.2]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...v1.4.2
190
+ [1.4.3]: https://github.com/oauth-xx/oauth2/compare/v1.4.2...v1.4.3
191
+ [1.4.4]: https://github.com/oauth-xx/oauth2/compare/v1.4.3...v1.4.4
192
+ [1.4.5]: https://github.com/oauth-xx/oauth2/compare/v1.4.4...v1.4.5
193
+ [1.4.6]: https://github.com/oauth-xx/oauth2/compare/v1.4.5...v1.4.6
194
+ [1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7
195
+ [1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8
196
+ [unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...HEAD
data/CODE_OF_CONDUCT.md CHANGED
@@ -1,74 +1,133 @@
1
+
1
2
  # Contributor Covenant Code of Conduct
2
3
 
3
4
  ## Our Pledge
4
5
 
5
- In the interest of fostering an open and welcoming environment, we as
6
- contributors and maintainers pledge to making participation in our project and
7
- our community a harassment-free experience for everyone, regardless of age, body
8
- size, disability, ethnicity, gender identity and expression, level of experience,
9
- nationality, personal appearance, race, religion, or sexual identity and
10
- orientation.
6
+ We as members, contributors, and leaders pledge to make participation in our
7
+ community a harassment-free experience for everyone, regardless of age, body
8
+ size, visible or invisible disability, ethnicity, sex characteristics, gender
9
+ identity and expression, level of experience, education, socio-economic status,
10
+ nationality, personal appearance, race, religion, or sexual identity
11
+ and orientation.
12
+
13
+ We pledge to act and interact in ways that contribute to an open, welcoming,
14
+ diverse, inclusive, and healthy community.
11
15
 
12
16
  ## Our Standards
13
17
 
14
- Examples of behavior that contributes to creating a positive environment
15
- include:
18
+ Examples of behavior that contributes to a positive environment for our
19
+ community include:
16
20
 
17
- * Using welcoming and inclusive language
18
- * Being respectful of differing viewpoints and experiences
19
- * Gracefully accepting constructive criticism
20
- * Focusing on what is best for the community
21
- * Showing empathy towards other community members
21
+ * Demonstrating empathy and kindness toward other people
22
+ * Being respectful of differing opinions, viewpoints, and experiences
23
+ * Giving and gracefully accepting constructive feedback
24
+ * Accepting responsibility and apologizing to those affected by our mistakes,
25
+ and learning from the experience
26
+ * Focusing on what is best not just for us as individuals, but for the
27
+ overall community
22
28
 
23
- Examples of unacceptable behavior by participants include:
29
+ Examples of unacceptable behavior include:
24
30
 
25
- * The use of sexualized language or imagery and unwelcome sexual attention or
26
- advances
27
- * Trolling, insulting/derogatory comments, and personal or political attacks
31
+ * The use of sexualized language or imagery, and sexual attention or
32
+ advances of any kind
33
+ * Trolling, insulting or derogatory comments, and personal or political attacks
28
34
  * Public or private harassment
29
- * Publishing others' private information, such as a physical or electronic
30
- address, without explicit permission
35
+ * Publishing others' private information, such as a physical or email
36
+ address, without their explicit permission
31
37
  * Other conduct which could reasonably be considered inappropriate in a
32
38
  professional setting
33
39
 
34
- ## Our Responsibilities
40
+ ## Enforcement Responsibilities
35
41
 
36
- Project maintainers are responsible for clarifying the standards of acceptable
37
- behavior and are expected to take appropriate and fair corrective action in
38
- response to any instances of unacceptable behavior.
42
+ Community leaders are responsible for clarifying and enforcing our standards of
43
+ acceptable behavior and will take appropriate and fair corrective action in
44
+ response to any behavior that they deem inappropriate, threatening, offensive,
45
+ or harmful.
39
46
 
40
- Project maintainers have the right and responsibility to remove, edit, or
41
- reject comments, commits, code, wiki edits, issues, and other contributions
42
- that are not aligned to this Code of Conduct, or to ban temporarily or
43
- permanently any contributor for other behaviors that they deem inappropriate,
44
- threatening, offensive, or harmful.
47
+ Community leaders have the right and responsibility to remove, edit, or reject
48
+ comments, commits, code, wiki edits, issues, and other contributions that are
49
+ not aligned to this Code of Conduct, and will communicate reasons for moderation
50
+ decisions when appropriate.
45
51
 
46
52
  ## Scope
47
53
 
48
- This Code of Conduct applies both within project spaces and in public spaces
49
- when an individual is representing the project or its community. Examples of
50
- representing a project or community include using an official project e-mail
51
- address, posting via an official social media account, or acting as an appointed
52
- representative at an online or offline event. Representation of a project may be
53
- further defined and clarified by project maintainers.
54
+ This Code of Conduct applies within all community spaces, and also applies when
55
+ an individual is officially representing the community in public spaces.
56
+ Examples of representing our community include using an official e-mail address,
57
+ posting via an official social media account, or acting as an appointed
58
+ representative at an online or offline event.
54
59
 
55
60
  ## Enforcement
56
61
 
57
62
  Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
- reported by contacting the project team at peter.boling@gmail.com. All
59
- complaints will be reviewed and investigated and will result in a response that
60
- is deemed necessary and appropriate to the circumstances. The project team is
61
- obligated to maintain confidentiality with regard to the reporter of an incident.
62
- Further details of specific enforcement policies may be posted separately.
63
+ reported to the community leaders responsible for enforcement at
64
+ [INSERT CONTACT METHOD].
65
+ All complaints will be reviewed and investigated promptly and fairly.
66
+
67
+ All community leaders are obligated to respect the privacy and security of the
68
+ reporter of any incident.
69
+
70
+ ## Enforcement Guidelines
71
+
72
+ Community leaders will follow these Community Impact Guidelines in determining
73
+ the consequences for any action they deem in violation of this Code of Conduct:
74
+
75
+ ### 1. Correction
76
+
77
+ **Community Impact**: Use of inappropriate language or other behavior deemed
78
+ unprofessional or unwelcome in the community.
79
+
80
+ **Consequence**: A private, written warning from community leaders, providing
81
+ clarity around the nature of the violation and an explanation of why the
82
+ behavior was inappropriate. A public apology may be requested.
83
+
84
+ ### 2. Warning
63
85
 
64
- Project maintainers who do not follow or enforce the Code of Conduct in good
65
- faith may face temporary or permanent repercussions as determined by other
66
- members of the project's leadership.
86
+ **Community Impact**: A violation through a single incident or series
87
+ of actions.
88
+
89
+ **Consequence**: A warning with consequences for continued behavior. No
90
+ interaction with the people involved, including unsolicited interaction with
91
+ those enforcing the Code of Conduct, for a specified period of time. This
92
+ includes avoiding interactions in community spaces as well as external channels
93
+ like social media. Violating these terms may lead to a temporary or
94
+ permanent ban.
95
+
96
+ ### 3. Temporary Ban
97
+
98
+ **Community Impact**: A serious violation of community standards, including
99
+ sustained inappropriate behavior.
100
+
101
+ **Consequence**: A temporary ban from any sort of interaction or public
102
+ communication with the community for a specified period of time. No public or
103
+ private interaction with the people involved, including unsolicited interaction
104
+ with those enforcing the Code of Conduct, is allowed during this period.
105
+ Violating these terms may lead to a permanent ban.
106
+
107
+ ### 4. Permanent Ban
108
+
109
+ **Community Impact**: Demonstrating a pattern of violation of community
110
+ standards, including sustained inappropriate behavior, harassment of an
111
+ individual, or aggression toward or disparagement of classes of individuals.
112
+
113
+ **Consequence**: A permanent ban from any sort of public interaction within
114
+ the community.
67
115
 
68
116
  ## Attribution
69
117
 
70
- This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
- available at [http://contributor-covenant.org/version/1/4][version]
118
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage],
119
+ version 2.0, available at
120
+ [https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
121
+
122
+ Community Impact Guidelines were inspired by
123
+ [Mozilla's code of conduct enforcement ladder][Mozilla CoC].
124
+
125
+ For answers to common questions about this code of conduct, see the FAQ at
126
+ [https://www.contributor-covenant.org/faq][FAQ]. Translations are available
127
+ at [https://www.contributor-covenant.org/translations][translations].
72
128
 
73
- [homepage]: http://contributor-covenant.org
74
- [version]: http://contributor-covenant.org/version/1/4/
129
+ [homepage]: https://www.contributor-covenant.org
130
+ [v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
131
+ [Mozilla CoC]: https://github.com/mozilla/diversity
132
+ [FAQ]: https://www.contributor-covenant.org/faq
133
+ [translations]: https://www.contributor-covenant.org/translations
data/LICENSE CHANGED
@@ -1,7 +1,7 @@
1
1
  MIT License
2
2
 
3
3
  Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
4
- Copyright (c) 2017 - 2018 oauth-xx organization, https://github.com/oauth-xx
4
+ Copyright (c) 2017 - 2022 oauth-xx organization, https://github.com/oauth-xx
5
5
 
6
6
  Permission is hereby granted, free of charge, to any person obtaining a copy
7
7
  of this software and associated documentation files (the "Software"), to deal