oauth2 2.0.5 → 2.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b016b4a0d35d5e6b17d60c9417f7a456b78a38462120fff7d68021235dee6f6d
-  data.tar.gz: 5627dc50a7dfc395f226a1209606aa63d1c8c9642ba6aba390f5ba3605567b33
+  metadata.gz: 6ca4e3435d4b69bcdf5607cf41d9b5f67b3671160d860cda0e8a66fdc6ca9ea7
+  data.tar.gz: 74170cea4731366ce12134db250ca23b937791a349b3cb62c6833a729d8964fa
 SHA512:
-  metadata.gz: cbbfb987df74ec80833a13f2d7ae5fc090af533cfe3e0ce7146ed3f1dcec45159a8ac4447c0aacbc5ad2c9e8490d76a9c227dcb857b9fc2cc4a5b6b6634d1b41
-  data.tar.gz: ebf819a7fcfb1c66041bb01b46f023fcfd8cb06f1762ff938795faab71e4871d00986899c592465e8424ebd40eff1e90c6a85a77e4717f4211a07ec41a148144
+  metadata.gz: '02886a1ab24fe6cc0f2a0624646fd07b74f1151540e4a79c2a7b50b4fa9d051bdc801d22413ee1c815e0df95f8c20185e98a8edce6e8909b276d0f3be3d3e5e3'
+  data.tar.gz: c23909dd4d2502a9ecd0e7ea8832d9611542af282230bd7c7b126bf76394a80acd14e8cf73be0362ea90875c63192cac4102878cfafab5cfc0419adfeb236a7d

data/CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.6] - 2022-07-13
+### Fixed
+- [#624](https://github.com/oauth-xx/oauth2/pull/624) - Fixes a [regression](https://github.com/oauth-xx/oauth2/pull/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
+
 ## [2.0.5] - 2022-07-07
 ### Fixed
 - [#620](https://github.com/oauth-xx/oauth2/pull/620) - Documentation improvements, to help with upgrading (@swanson)
@@ -292,5 +296,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 [2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3
 [2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4
 [2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5
-[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...HEAD
+[2.0.6]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...v2.0.6
+[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.6...HEAD
 [gemfiles/readme]: gemfiles/README.md

data/README.md

@@ -32,6 +32,8 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
 
 | Version | Release Date | Readme                                                   |
 |---------|--------------|----------------------------------------------------------|
+| 2.0.6   | 2022-07-13   | https://github.com/oauth-xx/oauth2/blob/v2.0.6/README.md |
+| 2.0.5   | 2022-07-07   | https://github.com/oauth-xx/oauth2/blob/v2.0.5/README.md |
 | 2.0.4   | 2022-07-01   | https://github.com/oauth-xx/oauth2/blob/v2.0.4/README.md |
 | 2.0.3   | 2022-06-28   | https://github.com/oauth-xx/oauth2/blob/v2.0.3/README.md |
 | 2.0.2   | 2022-06-24   | https://github.com/oauth-xx/oauth2/blob/v2.0.2/README.md |
@@ -143,8 +145,8 @@ The link tokens in the following sections should be kept ordered by the row and
 [🖐prs-o-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2
 [🧮prs-c]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed
 [🧮prs-c-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2
-[📗next♻️]: https://github.com/oauth-xx/oauth2/milestone/15
-[📗next-img♻️]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/15?label=Next%20Version
+[📗next♻️]: https://github.com/oauth-xx/oauth2/milestone/2
+[📗next-img♻️]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/2?label=Next%20Version
 
 <!-- 3️⃣ maintenance & linting -->
 [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability

data/lib/oauth2/access_token.rb

@@ -2,6 +2,10 @@
 
 module OAuth2
   class AccessToken # rubocop:disable Metrics/ClassLength
+    TOKEN_KEYS_STR = %w[access_token id_token token accessToken idToken].freeze
+    TOKEN_KEYS_SYM = %i[access_token id_token token accessToken idToken].freeze
+    TOKEN_KEY_LOOKUP = TOKEN_KEYS_STR + TOKEN_KEYS_SYM
+
     attr_reader :client, :token, :expires_in, :expires_at, :expires_latency, :params
     attr_accessor :options, :refresh_token, :response
 
@@ -13,13 +17,13 @@ module OAuth2
       # @option hash [String] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token
       # @return [AccessToken] the initialized AccessToken
       def from_hash(client, hash)
-        hash = hash.dup
-        token = hash.delete('access_token') || hash.delete(:access_token) ||
-                hash.delete('id_token') || hash.delete(:id_token) ||
-                hash.delete('token') || hash.delete(:token) ||
-                hash.delete('accessToken') || hash.delete(:accessToken) ||
-                hash.delete('idToken') || hash.delete(:idToken)
-        new(client, token, hash)
+        fresh = hash.dup
+        supported_keys = fresh.keys & TOKEN_KEY_LOOKUP
+        key = supported_keys[0]
+        # Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token).
+        warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") if supported_keys.length > 1
+        token = fresh.delete(key)
+        new(client, token, fresh)
       end
 
       # Initializes an AccessToken from a key/value application/x-www-form-urlencoded string
@@ -35,7 +39,7 @@ module OAuth2
     # Initialize an AccessToken
     #
     # @param [Client] client the OAuth2::Client instance
-    # @param [String] token the Access Token value
+    # @param [String] token the Access Token value (optional, may not be used in refresh flows)
     # @param [Hash] opts the options to create the Access Token with
     # @option opts [String] :refresh_token (nil) the refresh_token value
     # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire
@@ -50,14 +54,19 @@ module OAuth2
       @client = client
       @token = token.to_s
 
-      if @client.options[:raise_errors] && (@token.nil? || @token.empty?)
-        error = Error.new(opts)
-        raise(error)
-      end
       opts = opts.dup
       %i[refresh_token expires_in expires_at expires_latency].each do |arg|
         instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
       end
+      no_tokens = (@token.nil? || @token.empty?) && (@refresh_token.nil? || @refresh_token.empty?)
+      if no_tokens
+        if @client.options[:raise_errors]
+          error = Error.new(opts)
+          raise(error)
+        else
+          warn('OAuth2::AccessToken has no token')
+        end
+      end
       @expires_in ||= opts.delete('expires')
       @expires_in &&= @expires_in.to_i
       @expires_at &&= convert_expires_at(@expires_at)

data/lib/oauth2/version.rb

@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = '2.0.5'.freeze
+    VERSION = '2.0.6'.freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 2.0.6
 platform: ruby
 authors:
 - Peter Boling
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-07-07 00:00:00.000000000 Z
+date: 2022-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -307,10 +307,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/oauth-xx/oauth2
-  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.5
-  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.5/CHANGELOG.md
+  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.6
+  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.6/CHANGELOG.md
   bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.5
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.6
   wiki_uri: https://github.com/oauth-xx/oauth2/wiki
   rubygems_mfa_required: 'true'
 post_install_message: |2+