oauth2 2.0.7 → 2.0.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fb9943fbd1a1592461b1397edb9ac16faf301da6ac1c8a2f9e441218c1a51924
4
- data.tar.gz: 4435312a9b4cc0392dc49a15f9f71e8a1ed3ff3ca71ba6a7fbaf480aeede052a
3
+ metadata.gz: 71b8f6f9abb6afbd1cdeffbdb50b84906b0f8b44e35f9db1ebbb8c6e7acd50ba
4
+ data.tar.gz: a1e958b150f5909cf05734724371df99121e24d1c6581b64fa83d6326e448a6d
5
5
  SHA512:
6
- metadata.gz: 82997d8c41529574701ef25565735fe46d7e343689e5cc07f93cd9bcb074aaa78370aa50062aa59adcfa078f432fb9d2b7ada58d17fae4ac3874a51843e881d6
7
- data.tar.gz: c3ce8c8fec91b43a570392791bcab65ccf0b4e4051e3ad6c726c0d23575ae7caf600adbf2a07c27eb1363be6aa9d5019c3adb34d7c166cd5e2c9ae411af9aac9
6
+ metadata.gz: 5d3f859ea2a0b1ab53de9fda075f44b23c6c0426ba9af339b7cccadd9a613c44b252182819cd0221bac2cd97a9a21e91873af32d4e9bdbe0c5414f0ab0b5563f
7
+ data.tar.gz: 1802ba5465d719b80fc99f0802d0e1531288e3e4449e08b76abf070de0e26ebbf92a027fe468bfe4ba768293a6cda5f4b7458cfcb6d2d59cf297e269691ed22c
data/CHANGELOG.md CHANGED
@@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file.
4
4
  The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
5
5
  and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
6
6
 
7
+ ## [Unreleased]
8
+ ### Added
9
+ ### Changed
10
+ ### Fixed
11
+ ### Removed
12
+
13
+ ## [2.0.8] - 2022-09-01
14
+ ### Changed
15
+ - [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling)
16
+
17
+ ### Added
18
+ - [!631](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/oauth-xx/oauth2/-/issues/628)
19
+
7
20
  ## [2.0.7] - 2022-08-22
8
21
  ### Added
9
22
  - [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta)
@@ -306,5 +319,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
306
319
  [2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4
307
320
  [2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5
308
321
  [2.0.6]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...v2.0.6
309
- [Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.6...HEAD
322
+ [2.0.7]: https://github.com/oauth-xx/oauth2/compare/v2.0.6...v2.0.7
323
+ [Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.7...HEAD
310
324
  [gemfiles/readme]: gemfiles/README.md
data/README.md CHANGED
@@ -32,6 +32,7 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
32
32
 
33
33
  | Version | Release Date | Readme |
34
34
  |---------|--------------|----------------------------------------------------------|
35
+ | 2.0.7 | 2022-08-22 | https://github.com/oauth-xx/oauth2/blob/v2.0.7/README.md |
35
36
  | 2.0.6 | 2022-07-13 | https://github.com/oauth-xx/oauth2/blob/v2.0.6/README.md |
36
37
  | 2.0.5 | 2022-07-07 | https://github.com/oauth-xx/oauth2/blob/v2.0.5/README.md |
37
38
  | 2.0.4 | 2022-07-01 | https://github.com/oauth-xx/oauth2/blob/v2.0.4/README.md |
data/SECURITY.md CHANGED
@@ -2,11 +2,15 @@
2
2
 
3
3
  ## Supported Versions
4
4
 
5
- | Version | Supported |
6
- |----------|---------------------------|
7
- | 2.latest | ✅ |
8
- | 1.latest | ✅ (security updates only) |
9
- | older | ⛔️ |
5
+ | Version | Supported | EOL | Post-EOL / Enterprise |
6
+ |----------|-----------|---------|---------------------------------------|
7
+ | 2.latest | ✅ | 04/2024 | [Tidelift Subscription][tidelift-ref] |
8
+ | 1.latest | ✅ | 04/2023 | [Tidelift Subscription][tidelift-ref] |
9
+ | <= 1 | | ⛔ | ⛔ |
10
+
11
+ ### EOL Policy
12
+
13
+ Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.
10
14
 
11
15
  ## Reporting a Vulnerability
12
16
 
@@ -17,4 +21,6 @@ Tidelift will coordinate the fix and disclosure.
17
21
 
18
22
  Available as part of the Tidelift Subscription.
19
23
 
20
- The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
24
+ The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
25
+
26
+ [tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo
@@ -20,8 +20,7 @@ module OAuth2
20
20
  fresh = hash.dup
21
21
  supported_keys = TOKEN_KEY_LOOKUP & fresh.keys
22
22
  key = supported_keys[0]
23
- # Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token).
24
- warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") if supported_keys.length > 1
23
+ extra_tokens_warning(supported_keys, key)
25
24
  token = fresh.delete(key)
26
25
  new(client, token, fresh)
27
26
  end
@@ -34,6 +33,16 @@ module OAuth2
34
33
  def from_kvform(client, kvform)
35
34
  from_hash(client, Rack::Utils.parse_query(kvform))
36
35
  end
36
+
37
+ private
38
+
39
+ # Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token).
40
+ def extra_tokens_warning(supported_keys, key)
41
+ return if OAuth2.config.silence_extra_tokens_warning
42
+ return if supported_keys.length <= 1
43
+
44
+ warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.")
45
+ end
37
46
  end
38
47
 
39
48
  # Initialize an AccessToken
@@ -46,7 +46,7 @@ module OAuth2
46
46
  # @param [Symbol] parse (:automatic) how to parse the response body. one of :query (for x-www-form-urlencoded),
47
47
  # :json, or :automatic (determined by Content-Type response header)
48
48
  # @param [true, false] snaky (true) Convert @parsed to a snake-case,
49
- # indifferent-access OAuth2::SnakyHash, which is a subclass of Hashie::Mash::Rash (from rash_alt gem)?
49
+ # indifferent-access SnakyHash::StringKeyed, which is a subclass of Hashie::Mash (from hashie gem)?
50
50
  # @param [Hash] options all other options for initializing the instance
51
51
  def initialize(response, parse: :automatic, snaky: true, **options)
52
52
  @response = response
@@ -90,7 +90,7 @@ module OAuth2
90
90
  end
91
91
  end
92
92
 
93
- @parsed = OAuth2::SnakyHash.new(@parsed) if options[:snaky] && @parsed.is_a?(Hash)
93
+ @parsed = SnakyHash::StringKeyed.new(@parsed) if options[:snaky] && @parsed.is_a?(Hash)
94
94
 
95
95
  @parsed
96
96
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OAuth2
4
4
  module Version
5
- VERSION = '2.0.7'.freeze
5
+ VERSION = '2.0.8'.freeze
6
6
  end
7
7
  end
data/lib/oauth2.rb CHANGED
@@ -5,13 +5,12 @@ require 'cgi'
5
5
  require 'time'
6
6
 
7
7
  # third party gems
8
- require 'rash'
8
+ require 'snaky_hash'
9
9
  require 'version_gem'
10
10
 
11
11
  # includes gem files
12
12
  require 'oauth2/version'
13
13
  require 'oauth2/error'
14
- require 'oauth2/snaky_hash'
15
14
  require 'oauth2/authenticator'
16
15
  require 'oauth2/client'
17
16
  require 'oauth2/strategy/base'
@@ -25,6 +24,15 @@ require 'oauth2/response'
25
24
 
26
25
  # The namespace of this library
27
26
  module OAuth2
27
+ DEFAULT_CONFIG = SnakyHash::SymbolKeyed.new(silence_extra_tokens_warning: false)
28
+ @config = DEFAULT_CONFIG.dup
29
+ class << self
30
+ attr_accessor :config
31
+ end
32
+ def configure
33
+ yield @config
34
+ end
35
+ module_function :configure
28
36
  end
29
37
 
30
38
  OAuth2::Version.class_eval do
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.7
4
+ version: 2.0.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Peter Boling
8
8
  - Erik Michaels-Ober
9
9
  - Michael Bleigh
10
- autorequire:
10
+ autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2022-08-22 00:00:00.000000000 Z
13
+ date: 2022-09-01 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: faraday
@@ -87,25 +87,19 @@ dependencies:
87
87
  - !ruby/object:Gem::Version
88
88
  version: '3'
89
89
  - !ruby/object:Gem::Dependency
90
- name: rash_alt
90
+ name: snaky_hash
91
91
  requirement: !ruby/object:Gem::Requirement
92
92
  requirements:
93
- - - ">="
94
- - !ruby/object:Gem::Version
95
- version: '0.4'
96
- - - "<"
93
+ - - "~>"
97
94
  - !ruby/object:Gem::Version
98
- version: '1'
95
+ version: '2.0'
99
96
  type: :runtime
100
97
  prerelease: false
101
98
  version_requirements: !ruby/object:Gem::Requirement
102
99
  requirements:
103
- - - ">="
104
- - !ruby/object:Gem::Version
105
- version: '0.4'
106
- - - "<"
100
+ - - "~>"
107
101
  - !ruby/object:Gem::Version
108
- version: '1'
102
+ version: '2.0'
109
103
  - !ruby/object:Gem::Dependency
110
104
  name: version_gem
111
105
  requirement: !ruby/object:Gem::Requirement
@@ -294,7 +288,6 @@ files:
294
288
  - lib/oauth2/client.rb
295
289
  - lib/oauth2/error.rb
296
290
  - lib/oauth2/response.rb
297
- - lib/oauth2/snaky_hash.rb
298
291
  - lib/oauth2/strategy/assertion.rb
299
292
  - lib/oauth2/strategy/auth_code.rb
300
293
  - lib/oauth2/strategy/base.rb
@@ -307,15 +300,15 @@ licenses:
307
300
  - MIT
308
301
  metadata:
309
302
  homepage_uri: https://github.com/oauth-xx/oauth2
310
- source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.7
311
- changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.7/CHANGELOG.md
303
+ source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.8
304
+ changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.8/CHANGELOG.md
312
305
  bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
313
- documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.7
306
+ documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.8
314
307
  wiki_uri: https://github.com/oauth-xx/oauth2/wiki
315
308
  rubygems_mfa_required: 'true'
316
309
  post_install_message: |2+
317
310
 
318
- You have installed oauth2 version 2.0.7, congratulations!
311
+ You have installed oauth2 version 2.0.8, congratulations!
319
312
 
320
313
  There are BREAKING changes, but most will not encounter them, and updating your code should be easy!
321
314
 
@@ -339,8 +332,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
339
332
  - !ruby/object:Gem::Version
340
333
  version: '0'
341
334
  requirements: []
342
- rubygems_version: 3.3.18
343
- signing_key:
335
+ rubygems_version: 3.3.21
336
+ signing_key:
344
337
  specification_version: 4
345
338
  summary: A Ruby wrapper for the OAuth 2.0 protocol.
346
339
  test_files: []
340
+ ...
@@ -1,8 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module OAuth2
4
- # Hash which allow assign string key in camel case
5
- # and query on both camel and snake case
6
- class SnakyHash < ::Hashie::Mash::Rash
7
- end
8
- end