oauth2 2.0.7 → 2.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -1
- data/README.md +1 -0
- data/SECURITY.md +12 -6
- data/lib/oauth2/access_token.rb +11 -2
- data/lib/oauth2/response.rb +2 -2
- data/lib/oauth2/version.rb +1 -1
- data/lib/oauth2.rb +10 -2
- metadata +15 -21
- data/lib/oauth2/snaky_hash.rb +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 71b8f6f9abb6afbd1cdeffbdb50b84906b0f8b44e35f9db1ebbb8c6e7acd50ba
|
|
4
|
+
data.tar.gz: a1e958b150f5909cf05734724371df99121e24d1c6581b64fa83d6326e448a6d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5d3f859ea2a0b1ab53de9fda075f44b23c6c0426ba9af339b7cccadd9a613c44b252182819cd0221bac2cd97a9a21e91873af32d4e9bdbe0c5414f0ab0b5563f
|
|
7
|
+
data.tar.gz: 1802ba5465d719b80fc99f0802d0e1531288e3e4449e08b76abf070de0e26ebbf92a027fe468bfe4ba768293a6cda5f4b7458cfcb6d2d59cf297e269691ed22c
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## [Unreleased]
|
|
8
|
+
### Added
|
|
9
|
+
### Changed
|
|
10
|
+
### Fixed
|
|
11
|
+
### Removed
|
|
12
|
+
|
|
13
|
+
## [2.0.8] - 2022-09-01
|
|
14
|
+
### Changed
|
|
15
|
+
- [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling)
|
|
16
|
+
|
|
17
|
+
### Added
|
|
18
|
+
- [!631](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/oauth-xx/oauth2/-/issues/628)
|
|
19
|
+
|
|
7
20
|
## [2.0.7] - 2022-08-22
|
|
8
21
|
### Added
|
|
9
22
|
- [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta)
|
|
@@ -306,5 +319,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
306
319
|
[2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4
|
|
307
320
|
[2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5
|
|
308
321
|
[2.0.6]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...v2.0.6
|
|
309
|
-
[
|
|
322
|
+
[2.0.7]: https://github.com/oauth-xx/oauth2/compare/v2.0.6...v2.0.7
|
|
323
|
+
[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.7...HEAD
|
|
310
324
|
[gemfiles/readme]: gemfiles/README.md
|
data/README.md
CHANGED
|
@@ -32,6 +32,7 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
|
|
|
32
32
|
|
|
33
33
|
| Version | Release Date | Readme |
|
|
34
34
|
|---------|--------------|----------------------------------------------------------|
|
|
35
|
+
| 2.0.7 | 2022-08-22 | https://github.com/oauth-xx/oauth2/blob/v2.0.7/README.md |
|
|
35
36
|
| 2.0.6 | 2022-07-13 | https://github.com/oauth-xx/oauth2/blob/v2.0.6/README.md |
|
|
36
37
|
| 2.0.5 | 2022-07-07 | https://github.com/oauth-xx/oauth2/blob/v2.0.5/README.md |
|
|
37
38
|
| 2.0.4 | 2022-07-01 | https://github.com/oauth-xx/oauth2/blob/v2.0.4/README.md |
|
data/SECURITY.md
CHANGED
|
@@ -2,11 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
## Supported Versions
|
|
4
4
|
|
|
5
|
-
| Version | Supported |
|
|
6
|
-
|
|
7
|
-
| 2.latest | ✅
|
|
8
|
-
| 1.latest | ✅
|
|
9
|
-
|
|
|
5
|
+
| Version | Supported | EOL | Post-EOL / Enterprise |
|
|
6
|
+
|----------|-----------|---------|---------------------------------------|
|
|
7
|
+
| 2.latest | ✅ | 04/2024 | [Tidelift Subscription][tidelift-ref] |
|
|
8
|
+
| 1.latest | ✅ | 04/2023 | [Tidelift Subscription][tidelift-ref] |
|
|
9
|
+
| <= 1 | ⛔ | ⛔ | ⛔ |
|
|
10
|
+
|
|
11
|
+
### EOL Policy
|
|
12
|
+
|
|
13
|
+
Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.
|
|
10
14
|
|
|
11
15
|
## Reporting a Vulnerability
|
|
12
16
|
|
|
@@ -17,4 +21,6 @@ Tidelift will coordinate the fix and disclosure.
|
|
|
17
21
|
|
|
18
22
|
Available as part of the Tidelift Subscription.
|
|
19
23
|
|
|
20
|
-
The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.]
|
|
24
|
+
The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
|
|
25
|
+
|
|
26
|
+
[tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo
|
data/lib/oauth2/access_token.rb
CHANGED
|
@@ -20,8 +20,7 @@ module OAuth2
|
|
|
20
20
|
fresh = hash.dup
|
|
21
21
|
supported_keys = TOKEN_KEY_LOOKUP & fresh.keys
|
|
22
22
|
key = supported_keys[0]
|
|
23
|
-
|
|
24
|
-
warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") if supported_keys.length > 1
|
|
23
|
+
extra_tokens_warning(supported_keys, key)
|
|
25
24
|
token = fresh.delete(key)
|
|
26
25
|
new(client, token, fresh)
|
|
27
26
|
end
|
|
@@ -34,6 +33,16 @@ module OAuth2
|
|
|
34
33
|
def from_kvform(client, kvform)
|
|
35
34
|
from_hash(client, Rack::Utils.parse_query(kvform))
|
|
36
35
|
end
|
|
36
|
+
|
|
37
|
+
private
|
|
38
|
+
|
|
39
|
+
# Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token).
|
|
40
|
+
def extra_tokens_warning(supported_keys, key)
|
|
41
|
+
return if OAuth2.config.silence_extra_tokens_warning
|
|
42
|
+
return if supported_keys.length <= 1
|
|
43
|
+
|
|
44
|
+
warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.")
|
|
45
|
+
end
|
|
37
46
|
end
|
|
38
47
|
|
|
39
48
|
# Initialize an AccessToken
|
data/lib/oauth2/response.rb
CHANGED
|
@@ -46,7 +46,7 @@ module OAuth2
|
|
|
46
46
|
# @param [Symbol] parse (:automatic) how to parse the response body. one of :query (for x-www-form-urlencoded),
|
|
47
47
|
# :json, or :automatic (determined by Content-Type response header)
|
|
48
48
|
# @param [true, false] snaky (true) Convert @parsed to a snake-case,
|
|
49
|
-
# indifferent-access
|
|
49
|
+
# indifferent-access SnakyHash::StringKeyed, which is a subclass of Hashie::Mash (from hashie gem)?
|
|
50
50
|
# @param [Hash] options all other options for initializing the instance
|
|
51
51
|
def initialize(response, parse: :automatic, snaky: true, **options)
|
|
52
52
|
@response = response
|
|
@@ -90,7 +90,7 @@ module OAuth2
|
|
|
90
90
|
end
|
|
91
91
|
end
|
|
92
92
|
|
|
93
|
-
@parsed =
|
|
93
|
+
@parsed = SnakyHash::StringKeyed.new(@parsed) if options[:snaky] && @parsed.is_a?(Hash)
|
|
94
94
|
|
|
95
95
|
@parsed
|
|
96
96
|
end
|
data/lib/oauth2/version.rb
CHANGED
data/lib/oauth2.rb
CHANGED
|
@@ -5,13 +5,12 @@ require 'cgi'
|
|
|
5
5
|
require 'time'
|
|
6
6
|
|
|
7
7
|
# third party gems
|
|
8
|
-
require '
|
|
8
|
+
require 'snaky_hash'
|
|
9
9
|
require 'version_gem'
|
|
10
10
|
|
|
11
11
|
# includes gem files
|
|
12
12
|
require 'oauth2/version'
|
|
13
13
|
require 'oauth2/error'
|
|
14
|
-
require 'oauth2/snaky_hash'
|
|
15
14
|
require 'oauth2/authenticator'
|
|
16
15
|
require 'oauth2/client'
|
|
17
16
|
require 'oauth2/strategy/base'
|
|
@@ -25,6 +24,15 @@ require 'oauth2/response'
|
|
|
25
24
|
|
|
26
25
|
# The namespace of this library
|
|
27
26
|
module OAuth2
|
|
27
|
+
DEFAULT_CONFIG = SnakyHash::SymbolKeyed.new(silence_extra_tokens_warning: false)
|
|
28
|
+
@config = DEFAULT_CONFIG.dup
|
|
29
|
+
class << self
|
|
30
|
+
attr_accessor :config
|
|
31
|
+
end
|
|
32
|
+
def configure
|
|
33
|
+
yield @config
|
|
34
|
+
end
|
|
35
|
+
module_function :configure
|
|
28
36
|
end
|
|
29
37
|
|
|
30
38
|
OAuth2::Version.class_eval do
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter Boling
|
|
8
8
|
- Erik Michaels-Ober
|
|
9
9
|
- Michael Bleigh
|
|
10
|
-
autorequire:
|
|
10
|
+
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2022-
|
|
13
|
+
date: 2022-09-01 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: faraday
|
|
@@ -87,25 +87,19 @@ dependencies:
|
|
|
87
87
|
- !ruby/object:Gem::Version
|
|
88
88
|
version: '3'
|
|
89
89
|
- !ruby/object:Gem::Dependency
|
|
90
|
-
name:
|
|
90
|
+
name: snaky_hash
|
|
91
91
|
requirement: !ruby/object:Gem::Requirement
|
|
92
92
|
requirements:
|
|
93
|
-
- - "
|
|
94
|
-
- !ruby/object:Gem::Version
|
|
95
|
-
version: '0.4'
|
|
96
|
-
- - "<"
|
|
93
|
+
- - "~>"
|
|
97
94
|
- !ruby/object:Gem::Version
|
|
98
|
-
version: '
|
|
95
|
+
version: '2.0'
|
|
99
96
|
type: :runtime
|
|
100
97
|
prerelease: false
|
|
101
98
|
version_requirements: !ruby/object:Gem::Requirement
|
|
102
99
|
requirements:
|
|
103
|
-
- - "
|
|
104
|
-
- !ruby/object:Gem::Version
|
|
105
|
-
version: '0.4'
|
|
106
|
-
- - "<"
|
|
100
|
+
- - "~>"
|
|
107
101
|
- !ruby/object:Gem::Version
|
|
108
|
-
version: '
|
|
102
|
+
version: '2.0'
|
|
109
103
|
- !ruby/object:Gem::Dependency
|
|
110
104
|
name: version_gem
|
|
111
105
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -294,7 +288,6 @@ files:
|
|
|
294
288
|
- lib/oauth2/client.rb
|
|
295
289
|
- lib/oauth2/error.rb
|
|
296
290
|
- lib/oauth2/response.rb
|
|
297
|
-
- lib/oauth2/snaky_hash.rb
|
|
298
291
|
- lib/oauth2/strategy/assertion.rb
|
|
299
292
|
- lib/oauth2/strategy/auth_code.rb
|
|
300
293
|
- lib/oauth2/strategy/base.rb
|
|
@@ -307,15 +300,15 @@ licenses:
|
|
|
307
300
|
- MIT
|
|
308
301
|
metadata:
|
|
309
302
|
homepage_uri: https://github.com/oauth-xx/oauth2
|
|
310
|
-
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.
|
|
311
|
-
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.
|
|
303
|
+
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.8
|
|
304
|
+
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.8/CHANGELOG.md
|
|
312
305
|
bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
|
|
313
|
-
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.
|
|
306
|
+
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.8
|
|
314
307
|
wiki_uri: https://github.com/oauth-xx/oauth2/wiki
|
|
315
308
|
rubygems_mfa_required: 'true'
|
|
316
309
|
post_install_message: |2+
|
|
317
310
|
|
|
318
|
-
You have installed oauth2 version 2.0.
|
|
311
|
+
You have installed oauth2 version 2.0.8, congratulations!
|
|
319
312
|
|
|
320
313
|
There are BREAKING changes, but most will not encounter them, and updating your code should be easy!
|
|
321
314
|
|
|
@@ -339,8 +332,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
339
332
|
- !ruby/object:Gem::Version
|
|
340
333
|
version: '0'
|
|
341
334
|
requirements: []
|
|
342
|
-
rubygems_version: 3.3.
|
|
343
|
-
signing_key:
|
|
335
|
+
rubygems_version: 3.3.21
|
|
336
|
+
signing_key:
|
|
344
337
|
specification_version: 4
|
|
345
338
|
summary: A Ruby wrapper for the OAuth 2.0 protocol.
|
|
346
339
|
test_files: []
|
|
340
|
+
...
|