RubyGems - oauth2 - Versions diffs - 1.4.10 → 2.0.3 - Mend

oauth2 1.4.10 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +97 -28
data/CONTRIBUTING.md +27 -1
data/README.md +186 -93
data/SECURITY.md +5 -5
data/lib/oauth2/access_token.rb +29 -20
data/lib/oauth2/authenticator.rb +9 -4
data/lib/oauth2/client.rb +116 -79
data/lib/oauth2/error.rb +27 -18
data/lib/oauth2/response.rb +73 -22
data/lib/oauth2/snaky_hash.rb +8 -0
data/lib/oauth2/strategy/assertion.rb +63 -38
data/lib/oauth2/strategy/auth_code.rb +12 -1
data/lib/oauth2/strategy/implicit.rb +7 -0
data/lib/oauth2/version.rb +1 -59
data/lib/oauth2.rb +19 -1
metadata +74 -59
data/lib/oauth2/mac_token.rb +0 -130

data/lib/oauth2/strategy/implicit.rb CHANGED Viewed

@@ -17,6 +17,7 @@ module OAuth2
       #
       # @param [Hash] params additional query parameters for the URL
       def authorize_url(params = {})
+        assert_valid_params(params)
         @client.authorize_url(authorize_params.merge(params))
       end
@@ -26,6 +27,12 @@ module OAuth2
       def get_token(*)
         raise(NotImplementedError, 'The token is accessed differently in this strategy')
       end
+    private
+      def assert_valid_params(params)
+        raise(ArgumentError, 'client_secret is not allowed in authorize URL query params') if params.key?(:client_secret) || params.key?('client_secret')
+      end
     end
   end
 end

data/lib/oauth2/version.rb CHANGED Viewed

@@ -2,64 +2,6 @@
 module OAuth2
   module Version
-    VERSION = to_s
-  module_function
-    # The major version
-    #
-    # @return [Integer]
-    def major
-      1
-    end
-    # The minor version
-    #
-    # @return [Integer]
-    def minor
-      4
-    end
-    # The patch version
-    #
-    # @return [Integer]
-    def patch
-      10
-    end
-    # The pre-release version, if any
-    #
-    # @return [String, NilClass]
-    def pre
-      nil
-    end
-    # The version number as a hash
-    #
-    # @return [Hash]
-    def to_h
-      {
-        :major => major,
-        :minor => minor,
-        :patch => patch,
-        :pre => pre,
-      }
-    end
-    # The version number as an array
-    #
-    # @return [Array]
-    def to_a
-      [major, minor, patch, pre].compact
-    end
-    # The version number as a string
-    #
-    # @return [String]
-    def to_s
-      v = [major, minor, patch].compact.join('.')
-      v += "-#{pre}" if pre
-      v
-    end
+    VERSION = '2.0.3'.freeze
   end
 end

data/lib/oauth2.rb CHANGED Viewed

@@ -1,6 +1,17 @@
 # frozen_string_literal: true
+# includes modules from stdlib
+require 'cgi'
+require 'time'
+# third party gems
+require 'rash'
+require 'version_gem'
+# includes gem files
+require 'oauth2/version'
 require 'oauth2/error'
+require 'oauth2/snaky_hash'
 require 'oauth2/authenticator'
 require 'oauth2/client'
 require 'oauth2/strategy/base'
@@ -10,5 +21,12 @@ require 'oauth2/strategy/password'
 require 'oauth2/strategy/client_credentials'
 require 'oauth2/strategy/assertion'
 require 'oauth2/access_token'
-require 'oauth2/mac_token'
 require 'oauth2/response'
+# The namespace of this library
+module OAuth2
+end
+OAuth2::Version.class_eval do
+  extend VersionGem::Basic
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 1.4.10
+  version: 2.0.3
 platform: ruby
 authors:
 - Peter Boling
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-07-01 00:00:00.000000000 Z
+date: 2022-06-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -53,123 +53,157 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: multi_json
+  name: multi_xml
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0.5'
 - !ruby/object:Gem::Dependency
-  name: multi_xml
+  name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: rack
+  name: rash_alt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '0.4'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '0.4'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '1'
 - !ruby/object:Gem::Dependency
-  name: addressable
+  name: version_gem
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
-  type: :development
+        version: '1.0'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: backports
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '12'
 - !ruby/object:Gem::Dependency
   name: rexml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rspec-block_is_expected
   requirement: !ruby/object:Gem::Requirement
@@ -216,22 +250,16 @@ dependencies:
   name: rubocop-lts
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.3
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '8.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.3
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: silent_stream
   requirement: !ruby/object:Gem::Requirement
@@ -265,8 +293,8 @@ files:
 - lib/oauth2/authenticator.rb
 - lib/oauth2/client.rb
 - lib/oauth2/error.rb
-- lib/oauth2/mac_token.rb
 - lib/oauth2/response.rb
+- lib/oauth2/snaky_hash.rb
 - lib/oauth2/strategy/assertion.rb
 - lib/oauth2/strategy/auth_code.rb
 - lib/oauth2/strategy/base.rb
@@ -278,27 +306,14 @@ homepage: https://github.com/oauth-xx/oauth2
 licenses:
 - MIT
 metadata:
+  homepage_uri: https://github.com/oauth-xx/oauth2
+  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.3
+  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.3/CHANGELOG.md
   bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
-  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v1.4.10/CHANGELOG.md
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/1.4.10
-  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v1.4.10
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.3
   wiki_uri: https://github.com/oauth-xx/oauth2/wiki
-  funding_uri: https://github.com/sponsors/pboling
   rubygems_mfa_required: 'true'
-post_install_message: |2+
-  You have installed oauth2 version 1.4.10, which is EOL.
-  No further support is anticipated for the 1.4.x series.
-  OAuth2 version 2 is released.
-  There are BREAKING changes, but most will not encounter them, and upgrading should be easy!
-  Please see:
-  • https://github.com/oauth-xx/oauth2#what-is-new-for-v20
-  • https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md
-  Please upgrade, report issues, and support the project! Thanks, |7eter l-|. l3oling
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -306,7 +321,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.9.0
+      version: 2.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/lib/oauth2/mac_token.rb DELETED Viewed

@@ -1,130 +0,0 @@
-# frozen_string_literal: true
-require 'base64'
-require 'digest'
-require 'openssl'
-require 'securerandom'
-module OAuth2
-  class MACToken < AccessToken
-    # Generates a MACToken from an AccessToken and secret
-    #
-    # @param [AccessToken] token the OAuth2::Token instance
-    # @option [String] secret the secret key value
-    # @param [Hash] opts the options to create the Access Token with
-    # @see MACToken#initialize
-    def self.from_access_token(token, secret, options = {})
-      new(token.client, token.token, secret, token.params.merge(:refresh_token => token.refresh_token, :expires_in => token.expires_in, :expires_at => token.expires_at).merge(options))
-    end
-    attr_reader :secret, :algorithm
-    # Initalize a MACToken
-    #
-    # @param [Client] client the OAuth2::Client instance
-    # @param [String] token the Access Token value
-    # @option [String] secret the secret key value
-    # @param [Hash] opts the options to create the Access Token with
-    # @option opts [String] :refresh_token (nil) the refresh_token value
-    # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire
-    # @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire
-    # @option opts [FixNum, String] :algorithm (hmac-sha-256) the algorithm to use for the HMAC digest (one of 'hmac-sha-256', 'hmac-sha-1')
-    def initialize(client, token, secret, opts = {})
-      @secret = secret
-      self.algorithm = opts.delete(:algorithm) || 'hmac-sha-256'
-      super(client, token, opts)
-    end
-    # Make a request with the MAC Token
-    #
-    # @param [Symbol] verb the HTTP request method
-    # @param [String] path the HTTP URL path of the request
-    # @param [Hash] opts the options to make the request with
-    # @see Client#request
-    def request(verb, path, opts = {}, &block)
-      url = client.connection.build_url(path, opts[:params]).to_s
-      opts[:headers] ||= {}
-      opts[:headers]['Authorization'] = header(verb, url)
-      @client.request(verb, path, opts, &block)
-    end
-    # Get the headers hash (always an empty hash)
-    def headers
-      {}
-    end
-    # Generate the MAC header
-    #
-    # @param [Symbol] verb the HTTP request method
-    # @param [String] url the HTTP URL path of the request
-    def header(verb, url)
-      timestamp = Time.now.utc.to_i
-      nonce = Digest::SHA256.hexdigest([timestamp, SecureRandom.hex].join(':'))
-      uri = URI.parse(url)
-      raise(ArgumentError, "could not parse \"#{url}\" into URI") unless uri.is_a?(URI::HTTP)
-      mac = signature(timestamp, nonce, verb, uri)
-      "MAC id=\"#{token}\", ts=\"#{timestamp}\", nonce=\"#{nonce}\", mac=\"#{mac}\""
-    end
-    # Generate the Base64-encoded HMAC digest signature
-    #
-    # @param [Fixnum] timestamp the timestamp of the request in seconds since epoch
-    # @param [String] nonce the MAC header nonce
-    # @param [Symbol] verb the HTTP request method
-    # @param [String] url the HTTP URL path of the request
-    def signature(timestamp, nonce, verb, uri)
-      signature = [
-        timestamp,
-        nonce,
-        verb.to_s.upcase,
-        uri.request_uri,
-        uri.host,
-        uri.port,
-        '', nil
-      ].join("\n")
-      strict_encode64(OpenSSL::HMAC.digest(@algorithm, secret, signature))
-    end
-    # Set the HMAC algorithm
-    #
-    # @param [String] alg the algorithm to use (one of 'hmac-sha-1', 'hmac-sha-256')
-    def algorithm=(alg)
-      @algorithm = case alg.to_s
-                   when 'hmac-sha-1'
-                     begin
-                       OpenSSL::Digest('SHA1').new
-                     rescue StandardError
-                       OpenSSL::Digest.new('SHA1')
-                     end
-                   when 'hmac-sha-256'
-                     begin
-                       OpenSSL::Digest('SHA256').new
-                     rescue StandardError
-                       OpenSSL::Digest.new('SHA256')
-                     end
-                   else
-                     raise(ArgumentError, 'Unsupported algorithm')
-                   end
-    end
-  private
-    # No-op since we need the verb and path
-    # and the MAC always goes in a header
-    def token=(_noop)
-    end
-    # Base64.strict_encode64 is not available on Ruby 1.8.7
-    def strict_encode64(str)
-      Base64.encode64(str).delete("\n")
-    end
-  end
-end