RubyGems - omniauth-adfs-open-id-connect - Versions diffs - 0.0.1 → 0.0.5 - Mend

omniauth-adfs-open-id-connect 0.0.1 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +24 -0
data/.rubocop.yml +4 -1
data/Gemfile +1 -1
data/lib/omniauth/adfs_open_id_connect/version.rb +1 -1
data/lib/omniauth/strategies/adfs_open_id_connect.rb +43 -9
data/omniauth-adfs-open-id-connect.gemspec +2 -3
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53db3de00b2d52ce07e5c8868e3f0c11350c7ee9c61d812ada2461eb41ee1449
-  data.tar.gz: 2f96feca3e74a390ccf8711ad0b1ad8497bbd971ff66b1aa1216e2d426615a7c
+  metadata.gz: fc77cec391ab75442f586b5b0aa5901644fe8af59888011aced75523b41bd9dc
+  data.tar.gz: ee96183ea80abc1262ca9b2fafc8b370f2444c91a9145e894834b230cdb588e2
 SHA512:
-  metadata.gz: b4c54ed04b6a6fa172434c0b5c1190cd6a2083fac621652a321f04873412a7a16b14931b07edc493a6ffdbaa4a170cb71e8cce067adaeb45b94dca204fc488b7
-  data.tar.gz: af65e341a082bfe4ce0c03a7964c5c888354bb665b38520a2012b99281169385e16fd1061c530a72fea1094cd2011b8404dbaa3fb594d9e4fe668e82b9ae556f
+  metadata.gz: '09f0bedcf11d83f79adbc8e9cc6e4cc2ff23b30f7b76bbfc64b45285278b699536aacfc9a02c5da13bf7db1b1a5b6df24f1ac962e597bf4555506d83378e17e4'
+  data.tar.gz: eacfb72c4c3e3878569960e673a43096eea871b613bce8252094b45a18930b3c0366abf79239748039bb71007529d6399a791a958f1e1555cc6fc0e431ea20a7

data/.github/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,24 @@
+name: CI
+on: [push]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
+        with:
+          ruby-version: 2.7
+          bundler-cache: true
+      - run: bundle install
+      - run: bundle exec rspec
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
+        with:
+          ruby-version: 2.7
+          bundler-cache: true
+      - run: bundle install
+      - run: bundle exec rubocop

data/.rubocop.yml CHANGED Viewed

@@ -3,7 +3,10 @@ require:
 AllCops:
   NewCops: enable
-  TargetRubyVersion: 2.6
+  TargetRubyVersion: 2.7
+Naming/FileName:
+  Exclude:
+    - 'lib/adfs-open-id-connect.rb'
 Metrics/AbcSize:
   Enabled: false
 Metrics/BlockLength:

data/Gemfile CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-source "https://rubygems.org"
+source 'https://rubygems.org'
 # Specify your gem's dependencies in omniauth-adfs-open-id-connect.gemspec
 gemspec

data/lib/omniauth/adfs_open_id_connect/version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module OmniAuth
   module Adfs
     module OpenId
       module Connect
-        VERSION = '0.0.1'
+        VERSION = '0.0.5'
       end
     end
   end

data/lib/omniauth/strategies/adfs_open_id_connect.rb CHANGED Viewed

@@ -10,7 +10,8 @@ module OmniAuth
       DEFAULT_SCOPE = 'openid profile email'
       def client
-        options.authorize_params.scope = (options.scope if options.respond_to?(:scope) && options.scope) || DEFAULT_SCOPE
+        options.authorize_params.scope =
+          (options.scope if options.respond_to?(:scope) && options.scope) || DEFAULT_SCOPE
         options.client_options.authorize_url = "#{options.base_adfs_url}/adfs/oauth2/authorize"
         options.client_options.token_url = "#{options.base_adfs_url}/adfs/oauth2/token"
@@ -18,17 +19,17 @@ module OmniAuth
         super
       end
-      uid {
-        raw_info['oid']
-      }
+      uid do
+        raw_info['unique_name']
+      end
       info do
         {
-            name: raw_info['name'],
-            email: raw_info['email'] || raw_info['upn'],
-            nickname: raw_info['unique_name'],
-            first_name: raw_info['given_name'],
-            last_name: raw_info['family_name']
+          name: raw_info['name'],
+          email: raw_info['email'] || raw_info['upn'],
+          nickname: raw_info['unique_name'],
+          first_name: raw_info['given_name'],
+          last_name: raw_info['family_name']
         }
       end
@@ -39,6 +40,39 @@ module OmniAuth
       def callback_url
         full_host + script_name + callback_path
       end
+      # The omniauth-azure-activedirectory-v2 gem implements the raw_info method as follows.
+      # It's unclear if this is required for AD FS, but will implement with the fallback on
+      # the ID token just as a precaution and we can later remove and use access_token.token directly
+      # if it's not needed.
+      #
+      # Some account types from Microsoft seem to only have a decodable ID token,
+      # with JWT unable to decode the access token. Information is limited in those
+      # cases. Other account types provide an expanded set of data inside the auth
+      # token, which does decode as a JWT.
+      #
+      # Merge the two, allowing the expanded auth token data to overwrite the ID
+      # token data if keys collide, and use this as raw info.
+      #
+      def raw_info
+        if @raw_info.nil?
+          id_token_data = begin
+            ::JWT.decode(access_token.params['id_token'], nil, false).first
+          rescue StandardError
+            # no-op, ignore the error if token decoding fails
+          end
+          auth_token_data = begin
+            ::JWT.decode(access_token.token, nil, false).first
+          rescue StandardError
+            # no-op, ignore the error if token decoding fails
+          end
+          id_token_data.merge!(auth_token_data)
+          @raw_info = id_token_data
+        end
+        @raw_info
+      end
     end
   end
 end

data/omniauth-adfs-open-id-connect.gemspec CHANGED Viewed

@@ -1,4 +1,3 @@
-# -*- encoding: utf-8 -*-
 # frozen_string_literal: true
 lib = File.expand_path('lib', __dir__)
@@ -9,8 +8,8 @@ Gem::Specification.new do |s|
   s.name                  = 'omniauth-adfs-open-id-connect'
   s.version               = OmniAuth::Adfs::OpenId::Connect::VERSION
   s.summary               = 'OAuth 2 authentication with Active Directory Federations Services OpenId Connect.'
-  s.authors               = [ 'Diego Marcet' ]
-  s.email                 = [ 'systems@controlshiftlabs.com' ]
+  s.authors               = ['Diego Marcet']
+  s.email                 = ['systems@controlshiftlabs.com']
   s.homepage              = 'https://github.com/controlshift/omniauth-adfs-open-id-connect'
   s.license               = 'MIT'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-adfs-open-id-connect
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.5
 platform: ruby
 authors:
 - Diego Marcet
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-25 00:00:00.000000000 Z
+date: 2021-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
@@ -115,6 +115,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"