RubyGems - oauth2 - Versions diffs - 2.0.0.rc2 → 2.0.1 - Mend

oauth2 2.0.0.rc2 → 2.0.1

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +13 -3
data/README.md +33 -18
data/SECURITY.md +6 -0
data/lib/oauth2/client.rb +3 -3
data/lib/oauth2/strategy/assertion.rb +1 -1
data/lib/oauth2/version.rb +1 -57
data/lib/oauth2.rb +5 -0
metadata +23 -9

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dbd97bd821d080a346022a1be5b7cc638dcd21964f5f2eb1d5bef6c2feaa5d95
-  data.tar.gz: d3b376e2ffdf58445da10fb6dfffd9268a33b640e50394e57915b68fb0c6e6a9
+  metadata.gz: 0b2375593530f7a565bfe90a1534e6203bb178428ca3c9670a0dcd728cfa134a
+  data.tar.gz: 04c8289d5202d2db4f12321fc7acda898a77931c1acee21cd5bdd3a7bcbec96a
 SHA512:
-  metadata.gz: a6659d15e190363eb065b089bb2c16c1a1a76681a02608a2630f0b4af5c0ac8c7e23e479e3b77400298f861675030c218e11357518729c12d2c6c24e0a49f93f
-  data.tar.gz: 4b168e3dd8de638369477e59bbbbf6804fc29528dbf191718d7a4ceb885f359b6212856e9319ede017b91166be131105c7310677ce7b297659ed4d0412af7c13
+  metadata.gz: 78b0c341b7fa62f31227ca3217fd3db5ad9dd17c54b9a9bca492f6e4f6294f2db63d7a88a221b7d3fb671d646ee7fc85c7bd4808a82536448e7f13611a8a7598
+  data.tar.gz: 0c2374b9c939fd0c021e25bfa81c23e033af5313e294f18f802431d4c192098ade257c2aeac131a11429525450b786cf894fa7d0cf50f8171395b2ca6ccb8bd0

data/CHANGELOG.md CHANGED Viewed

@@ -1,10 +1,15 @@
 # Changelog
 All notable changes to this project will be documented in this file.
-The format (since v2.0.0) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
+The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
-## [Unreleased]
+## [2.0.1] - 2022-06-22
+### Added
+- Documentation improvements (@pboling)
+- Increased test coverage to 99% (@pboling)
+## [2.0.0] - 2022-06-21
 ### Added
 - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels)
 - [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
@@ -60,6 +65,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 - [#472](https://github.com/oauth-xx/oauth2/pull/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler)
 - [#482](https://github.com/oauth-xx/oauth2/pull/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling)
 - [#536](https://github.com/oauth-xx/oauth2/pull/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on `1-4-stable` branch (@pboling)
+- [#595](https://github.com/oauth-xx/oauth2/pull/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu)
+- [#596](https://github.com/oauth-xx/oauth2/pull/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu)
+- [#598](https://github.com/oauth-xx/oauth2/pull/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu)
 ### Removed
 - [#341](https://github.com/oauth-xx/oauth2/pull/341) - Remove Rdoc & Jeweler related files (@josephpage)
 - [#342](https://github.com/oauth-xx/oauth2/pull/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
@@ -207,7 +215,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 ## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22
-[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...HEAD
+[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...HEAD
 [0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1
 [0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2
 [0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3
@@ -243,4 +251,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 [1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7
 [1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8
 [1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9
+[2.0.0]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...v2.0.0
+[2.0.1]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...v2.0.1
 [gemfiles/readme]: gemfiles/README.md

data/README.md CHANGED Viewed

@@ -34,7 +34,8 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
 | Version | Release Date | Readme                                                   |
 |---------|--------------|----------------------------------------------------------|
-| 2.0.0   | Soon         | https://github.com/oauth-xx/oauth2/blob/master/README.md |
+| 2.0.1   | 2022-06-22   | https://github.com/oauth-xx/oauth2/blob/master/README.md |
+| 2.0.0   | 2022-06-21   | https://github.com/oauth-xx/oauth2/blob/v2.0.0/README.md |
 </details>
 ### Older Releases
@@ -140,8 +141,8 @@ The link tokens in the following sections should be kept ordered by the row and
 [🖐prs-o-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2
 [🧮prs-c]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed
 [🧮prs-c-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2
-[📗next]: https://github.com/oauth-xx/oauth2/milestone/1
-[📗next-img]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/1?label=Next%20Version
+[📗next]: https://github.com/oauth-xx/oauth2/milestone/12
+[📗next-img]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/12?label=Next%20Version
 <!-- 3️⃣ maintanence & linting -->
 [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability
@@ -238,7 +239,7 @@ Tidelift will coordinate the fix and disclosure.
 For more see [SECURITY.md][🚎sec-pol].
-## What is new for v2.0 (unreleased, `master` branch)?
+## What is new for v2.0?
 - Officially support Ruby versions >= 2.7
 - Unofficially support Ruby versions >= 2.5
@@ -253,7 +254,7 @@ For more see [SECURITY.md][🚎sec-pol].
     - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
 - Adds new option to `OAuth2::AccessToken#initialize`:
     - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
-- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#unreleased)
+- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0)
 ## Compatibility
@@ -291,7 +292,7 @@ of a major release, support for that Ruby version may be dropped.
 |     | Ruby OAuth 2 Version | Maintenance Branch | Supported Officially    | Supported Unofficially | Supported Incidentally |
 |:----|----------------------|--------------------|-------------------------|------------------------|------------------------|
-| 1️⃣ | 2.0.x (unreleased)   | `master`           | 2.7, 3.0, 3.1           | 2.5, 2.6               | 2.2, 2.3, 2.4          |
+| 1️⃣ | 2.0.x                | `master`           | 2.7, 3.0, 3.1           | 2.5, 2.6               | 2.2, 2.3, 2.4          |
 | 2️⃣ | 1.4.x                | `1-4-stable`       | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4     | 1.9, 2.0               |
 | 3️⃣ | older                | N/A                | Best of luck to you!    | Please upgrade!        |                        |
@@ -309,8 +310,8 @@ client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example
 client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callback')
 # => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
-token = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'})
-response = token.get('/api/resource', params: {'query_foo' => 'bar'})
+access = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'})
+response = access.get('/api/resource', params: {'query_foo' => 'bar'})
 response.class.name
 # => OAuth2::Response
 ```
@@ -402,28 +403,42 @@ Response instance will contain the `OAuth2::Error` instance.
 Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
 authentication grant types have helper strategy classes that simplify client
-use. They are available via the `#auth_code`, `#implicit`, `#password`, `#client_credentials`, and `#assertion` methods respectively.
+use. They are available via the [`#auth_code`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/auth_code.rb), [`#implicit`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/implicit.rb), [`#password`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/password.rb), [`#client_credentials`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/client_credentials.rb), and [`#assertion`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/assertion.rb) methods respectively.
+These aren't full examples, but demonstrative of the differences between usage for each strategy.
 ```ruby
 auth_url = client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
-token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback')
+access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback')
 auth_url = client.implicit.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
 # get the token params in the callback and
-token = OAuth2::AccessToken.from_kvform(client, query_string)
-token = client.password.get_token('username', 'password')
-token = client.client_credentials.get_token
-token = client.assertion.get_token(assertion_params)
+access = OAuth2::AccessToken.from_kvform(client, query_string)
+access = client.password.get_token('username', 'password')
+access = client.client_credentials.get_token
+# Client Assertion Strategy
+# see: https://tools.ietf.org/html/rfc7523
+claimset = {
+  :iss => "http://localhost:3001",
+  :aud => "http://localhost:8080/oauth2/token",
+  :sub => "me@example.com",
+  :exp => Time.now.utc.to_i + 3600
+}
+assertion_params = [claimset, 'HS256', 'secret_key']
+access = client.assertion.get_token(assertion_params)
+# The `access` (i.e. access token) is then used like so:
+access.token # actual access_token string, if you need it somewhere
+access.get("/api/stuff") # making api calls with access token
 ```
 If you want to specify additional headers to be sent out with the
 request, add a 'headers' hash under 'params':
 ```ruby
-token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'})
+access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'})
 ```
 You can always use the `#request` method on the `OAuth2::Client` instance to make

data/SECURITY.md CHANGED Viewed

@@ -12,3 +12,9 @@
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
+## OAuth2 for Enterprise
+Available as part of the Tidelift Subscription.
+The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)

data/lib/oauth2/client.rb CHANGED Viewed

@@ -273,13 +273,13 @@ module OAuth2
     def parse_response(response, access_token_opts, access_token_class)
       data = response.parsed
-      if options[:raise_errors] && data.is_a?(Hash) && !access_token_class.contains_token?(data)
+      unless data.is_a?(Hash) && access_token_class.contains_token?(data)
+        return unless options[:raise_errors]
         error = Error.new(response)
         raise(error)
       end
-      return unless data.is_a?(Hash)
       build_access_token(response, access_token_opts, access_token_class)
     end

data/lib/oauth2/strategy/assertion.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module OAuth2
     #
     #   claim_set = {
     #     :iss => "http://localhost:3001",
-    #     :aud => "http://localhost:8080/oauth2/token"
+    #     :aud => "http://localhost:8080/oauth2/token",
     #     :sub => "me@example.com",
     #     :exp => Time.now.utc.to_i + 3600,
     #   }

data/lib/oauth2/version.rb CHANGED Viewed

@@ -2,62 +2,6 @@
 module OAuth2
   module Version
-    VERSION = '2.0.0.rc2'.freeze
-  module_function
-    # The version number as a string
-    #
-    # @return [String]
-    def to_s
-      VERSION
-    end
-    # The major version
-    #
-    # @return [Integer]
-    def major
-      to_a[0].to_i
-    end
-    # The minor version
-    #
-    # @return [Integer]
-    def minor
-      to_a[1].to_i
-    end
-    # The patch version
-    #
-    # @return [Integer]
-    def patch
-      to_a[2].to_i
-    end
-    # The pre-release version, if any
-    #
-    # @return [String, NilClass]
-    def pre
-      to_a[3]
-    end
-    # The version number as a hash
-    #
-    # @return [Hash]
-    def to_h
-      {
-        major: major,
-        minor: minor,
-        patch: patch,
-        pre: pre,
-      }
-    end
-    # The version number as an array
-    #
-    # @return [Array]
-    def to_a
-      VERSION.split('.')
-    end
+    VERSION = '2.0.1'.freeze
   end
 end

data/lib/oauth2.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require 'time'
 # third party gems
 require 'rash'
+require 'version_gem'
 # includes gem files
 require 'oauth2/version'
@@ -25,3 +26,7 @@ require 'oauth2/response'
 # The namespace of this library
 module OAuth2
 end
+OAuth2::Version.class_eval do
+  extend VersionGem::Basic
+end

metadata CHANGED Viewed

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.0.rc2
+  version: 2.0.1
 platform: ruby
 authors:
 - Peter Boling
-- Michael Bleigh
 - Erik Michaels-Ober
+- Michael Bleigh
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-06-12 00:00:00.000000000 Z
+date: 2022-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -106,6 +106,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '1'
+- !ruby/object:Gem::Dependency
+  name: version_gem
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -293,10 +307,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/oauth-xx/oauth2
-  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.0.rc2
-  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.0.rc2/CHANGELOG.md
+  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.1
+  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.1/CHANGELOG.md
   bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.0.rc2
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.1
   wiki_uri: https://github.com/oauth-xx/oauth2/wiki
   rubygems_mfa_required: 'true'
 post_install_message:
@@ -310,11 +324,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.3.15
+rubygems_version: 3.3.16
 signing_key:
 specification_version: 4
 summary: A Ruby wrapper for the OAuth 2.0 protocol.