oauth2 2.0.4 → 2.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc4158398289799f1200f2706539766ebcec6b3be4c861427d9b11fb6f6a8d8f
-  data.tar.gz: cd7bec320053ae8d114f9c3f730ce7252872b2fbf0b4c716d5447ac1642b7e7e
+  metadata.gz: b016b4a0d35d5e6b17d60c9417f7a456b78a38462120fff7d68021235dee6f6d
+  data.tar.gz: 5627dc50a7dfc395f226a1209606aa63d1c8c9642ba6aba390f5ba3605567b33
 SHA512:
-  metadata.gz: 57f0ddd1d875238c5b98e358cea1114fb09847c01af8231e2d6a6e6c70e928500bd3f2b45c566302f70481d802ff7db6b649105765692f7107542e49edf06e2b
-  data.tar.gz: 13e0e6fcf0b7090bd5068c08522fc5ca52b8f719d230e7355334785e9795581c011b437b6eca4897f86d30ef7dd856f924a8a3e5b1488e7c99a7fa595973368b
+  metadata.gz: cbbfb987df74ec80833a13f2d7ae5fc090af533cfe3e0ce7146ed3f1dcec45159a8ac4447c0aacbc5ad2c9e8490d76a9c227dcb857b9fc2cc4a5b6b6634d1b41
+  data.tar.gz: ebf819a7fcfb1c66041bb01b46f023fcfd8cb06f1762ff938795faab71e4871d00986899c592465e8424ebd40eff1e90c6a85a77e4717f4211a07ec41a148144

data/CHANGELOG.md

@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.5] - 2022-07-07
+### Fixed
+- [#620](https://github.com/oauth-xx/oauth2/pull/620) - Documentation improvements, to help with upgrading (@swanson)
+- [#621](https://github.com/oauth-xx/oauth2/pull/621) - Fixed [#528](https://github.com/oauth-xx/oauth2/issues/528) and [#619](https://github.com/oauth-xx/oauth2/issues/619) (@pboling)
+  - All data in responses is now returned, with the access token removed and set as `token`
+    - `refresh_token` is no longer dropped
+    - **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use
+  - Remove `parse` and `snaky` from options so they don't get included in response
+  - There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
+
 ## [2.0.4] - 2022-07-01
 ### Fixed
 - [#618](https://github.com/oauth-xx/oauth2/pull/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
@@ -65,6 +75,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 - [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
 - [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
 - [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
+- [#507](https://github.com/oauth-xx/oauth2/pull/507), [#575](https://github.com/oauth-xx/oauth2/pull/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem)
+  - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
+  - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
+  - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
 - [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
 - [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
 ### Fixed
@@ -277,5 +291,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 [2.0.2]: https://github.com/oauth-xx/oauth2/compare/v2.0.1...v2.0.2
 [2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3
 [2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4
-[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...HEAD
+[2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5
+[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...HEAD
 [gemfiles/readme]: gemfiles/README.md

data/README.md

@@ -257,6 +257,12 @@ For more see [SECURITY.md][🚎sec-pol].
     - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
 - Adds new option to `OAuth2::AccessToken#initialize`:
     - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
+- By default, keys are transformed to camel case.
+  - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
+  - However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
+  - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
+- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
+  - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
 - [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0)
 
 ## Compatibility
@@ -517,7 +523,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 See [CONTRIBUTING.md][contributing]
 
-[contributing]: https://github.com/oauth-xx/oauth2/blob/main/CONTRIBUTING.md
+[contributing]: https://github.com/oauth-xx/oauth2/blob/master/CONTRIBUTING.md
 
 ## Contributors
 

data/lib/oauth2/access_token.rb

@@ -8,12 +8,18 @@ module OAuth2
     class << self
       # Initializes an AccessToken from a Hash
       #
-      # @param client [Client] the OAuth2::Client instance
-      # @param hash [Hash] a hash of AccessToken property values
+      # @param [Client] client the OAuth2::Client instance
+      # @param [Hash] hash a hash of AccessToken property values
+      # @option hash [String] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token
       # @return [AccessToken] the initialized AccessToken
       def from_hash(client, hash)
         hash = hash.dup
-        new(client, hash.delete('access_token') || hash.delete(:access_token) || hash.delete('token') || hash.delete(:token), hash)
+        token = hash.delete('access_token') || hash.delete(:access_token) ||
+                hash.delete('id_token') || hash.delete(:id_token) ||
+                hash.delete('token') || hash.delete(:token) ||
+                hash.delete('accessToken') || hash.delete(:accessToken) ||
+                hash.delete('idToken') || hash.delete(:idToken)
+        new(client, token, hash)
       end
 
       # Initializes an AccessToken from a key/value application/x-www-form-urlencoded string
@@ -24,10 +30,6 @@ module OAuth2
       def from_kvform(client, kvform)
         from_hash(client, Rack::Utils.parse_query(kvform))
       end
-
-      def contains_token?(hash)
-        hash.key?('access_token') || hash.key?('id_token') || hash.key?('token')
-      end
     end
 
     # Initialize an AccessToken
@@ -47,6 +49,11 @@ module OAuth2
     def initialize(client, token, opts = {})
       @client = client
       @token = token.to_s
+
+      if @client.options[:raise_errors] && (@token.nil? || @token.empty?)
+        error = Error.new(opts)
+        raise(error)
+      end
       opts = opts.dup
       %i[refresh_token expires_in expires_at expires_latency].each do |arg|
         instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
@@ -95,7 +102,11 @@ module OAuth2
       params[:refresh_token] = refresh_token
       new_token = @client.get_token(params, access_token_opts)
       new_token.options = options
-      new_token.refresh_token = refresh_token unless new_token.refresh_token
+      if new_token.refresh_token
+        # Keep it, if there is one
+      else
+        new_token.refresh_token = refresh_token
+      end
       new_token
     end
     # A compatibility alias

data/lib/oauth2/client.rb

@@ -165,10 +165,13 @@ module OAuth2
         end
       end.to_h
 
+      parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
+      snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
+
       request_opts = {
         raise_errors: options[:raise_errors],
-        parse: params.fetch(:parse, Response::DEFAULT_OPTIONS[:parse]),
-        snaky: params.fetch(:snaky, Response::DEFAULT_OPTIONS[:snaky]),
+        parse: parse,
+        snaky: snaky,
       }
       params = authenticator.apply(params)
       headers = params.delete(:headers) || {}
@@ -266,8 +269,8 @@ module OAuth2
         raise TimeoutError, e
       end
 
-      parse = opts.fetch(:parse, Response::DEFAULT_OPTIONS[:parse])
-      snaky = opts.fetch(:snaky, Response::DEFAULT_OPTIONS[:snaky])
+      parse = opts.key?(:parse) ? opts.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
+      snaky = opts.key?(:snaky) ? opts.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
 
       Response.new(response, parse: parse, snaky: snaky)
     end
@@ -296,7 +299,7 @@ module OAuth2
       access_token_class = options[:access_token_class]
       data = response.parsed
 
-      unless data.is_a?(Hash) && access_token_class.contains_token?(data)
+      unless data.is_a?(Hash) && !data.empty?
         return unless options[:raise_errors]
 
         error = Error.new(response)

data/lib/oauth2/error.rb

@@ -2,21 +2,29 @@
 
 module OAuth2
   class Error < StandardError
-    attr_reader :response, :code, :description
+    attr_reader :response, :body, :code, :description
 
     # standard error codes include:
     # 'invalid_request', 'invalid_client', 'invalid_token', 'invalid_grant', 'unsupported_grant_type', 'invalid_scope'
+    # response might be a Response object, or the response.parsed hash
     def initialize(response)
       @response = response
-      message_opts = {}
-
-      if response.parsed.is_a?(Hash)
-        @code = response.parsed['error']
-        @description = response.parsed['error_description']
-        message_opts = parse_error_description(@code, @description)
+      if response.respond_to?(:parsed)
+        if response.parsed.is_a?(Hash)
+          @code = response.parsed['error']
+          @description = response.parsed['error_description']
+        end
+      elsif response.is_a?(Hash)
+        @code = response['error']
+        @description = response['error_description']
       end
-
-      super(error_message(response.body, message_opts))
+      @body = if response.respond_to?(:body)
+                response.body
+              else
+                @response
+              end
+      message_opts = parse_error_description(@code, @description)
+      super(error_message(@body, message_opts))
     end
 
   private

data/lib/oauth2/strategy/assertion.rb

@@ -80,7 +80,7 @@ module OAuth2
         assertion = build_assertion(claims, encoding_opts)
         params = build_request(assertion, request_opts)
 
-        @client.get_token(params, response_opts.merge('refresh_token' => nil))
+        @client.get_token(params, response_opts)
       end
 
     private

data/lib/oauth2/strategy/auth_code.rb

@@ -25,7 +25,7 @@ module OAuth2
       #
       # @param [String] code The Authorization Code value
       # @param [Hash] params additional params
-      # @param [Hash] opts options
+      # @param [Hash] opts access_token_opts, @see Client#get_token
       # @note that you must also provide a :redirect_uri with most OAuth 2.0 providers
       def get_token(code, params = {}, opts = {})
         params = {'grant_type' => 'authorization_code', 'code' => code}.merge(@client.redirection_params).merge(params)

data/lib/oauth2/strategy/client_credentials.rb

@@ -19,7 +19,7 @@ module OAuth2
       # @param [Hash] opts options
       def get_token(params = {}, opts = {})
         params = params.merge('grant_type' => 'client_credentials')
-        @client.get_token(params, opts.merge('refresh_token' => nil))
+        @client.get_token(params, opts)
       end
     end
   end

data/lib/oauth2/version.rb

@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = '2.0.4'.freeze
+    VERSION = '2.0.5'.freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.4
+  version: 2.0.5
 platform: ruby
 authors:
 - Peter Boling
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-07-01 00:00:00.000000000 Z
+date: 2022-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -307,10 +307,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/oauth-xx/oauth2
-  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.4
-  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.4/CHANGELOG.md
+  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.5
+  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.5/CHANGELOG.md
   bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.4
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.5
   wiki_uri: https://github.com/oauth-xx/oauth2/wiki
   rubygems_mfa_required: 'true'
 post_install_message: |2+