omniauth-artsy 0.2.3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 15d23f5b99553dd48c01bb24fcf4c6687d44db3b
-  data.tar.gz: 34f42bb7bcfc043a0d4ee22761b7f7c36759cfc9
+SHA256:
+  metadata.gz: 288c57c8e47b184a09c410179705501e5c09f4d0594f7278cef990d7842c12f3
+  data.tar.gz: 0acc42b621eb30cc637da2a8a55d002c7739dbbe4ac9cd7d8d9a49b0d2290268
 SHA512:
-  metadata.gz: 3ebed18a95a73622fb93da0b159eb151d97fb1b450ffb5558f6c4e2d2f57bb02e7d7c0b7a5290452e2e42ea7c902366bbfafa040f6b2d40669686fd992b951aa
-  data.tar.gz: 98090a7a6cefec8129ec7a181279b4a68d3601733450d9baea5816675e3f88238c7bd43027cc0e2661043ddaaeaba0c4fed7162fd6692a13c4f26ececb6fd157
+  metadata.gz: 656a8269b399888fbbd912bad9527bd694c0fa14af85e93eecd0cc5cbca6b45b1a738d21e07ccd13239946ab45aa80878318c4aa02735101c8d47bbd06e9c370
+  data.tar.gz: 759dee1cfa6c4c99e3bfc1129d7ac6cd6996756c86abf9fb5ebcb80bfcdfc04dad0aee3a1afd9933006eb61ea0c45c41c1a34726cb3e80f8c88d28431b6fae6c

data/.gitignore

@@ -1,4 +1,4 @@
 Gemfile.lock
 .bundle
 pkg
-
+.rspec_status

data/.rspec

@@ -1,3 +1,2 @@
 --color
---format documentation
-
+--order random

data/.rubocop.yml

@@ -1 +1,7 @@
 inherit_from: .rubocop_todo.yml
+
+AllCops:
+  NewCops: enable
+
+Style/ModuleFunction:
+  Enabled: false

data/.rubocop_todo.yml

@@ -1,21 +1,23 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2017-03-31 17:08:47 -0400 using RuboCop version 0.48.0.
+# on 2020-09-11 17:57:36 UTC using RuboCop version 0.90.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
 # Offense count: 2
-# Configuration parameters: CountComments, ExcludedMethods.
+# Configuration parameters: CountComments, CountAsOne, ExcludedMethods.
+# ExcludedMethods: refine
 Metrics/BlockLength:
   Max: 67
 
-# Offense count: 8
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
-# URISchemes: http, https
-Metrics/LineLength:
-  Max: 154
+# Offense count: 1
+# Configuration parameters: ExpectMatchingDefinition, CheckDefinitionPathHierarchy, Regex, IgnoreExecutableScripts, AllowedAcronyms.
+# AllowedAcronyms: CLI, DSL, ACL, API, ASCII, CPU, CSS, DNS, EOF, GUID, HTML, HTTP, HTTPS, ID, IP, JSON, LHS, QPS, RAM, RHS, RPC, SLA, SMTP, SQL, SSH, TCP, TLS, TTL, UDP, UI, UID, UUID, URI, URL, UTF8, VM, XML, XMPP, XSRF, XSS
+Naming/FileName:
+  Exclude:
+    - 'lib/omniauth-artsy.rb'
 
 # Offense count: 3
 Style/Documentation:
@@ -25,23 +27,9 @@ Style/Documentation:
     - 'lib/omniauth-artsy/config.rb'
     - 'lib/omniauth/strategies/artsy.rb'
 
-# Offense count: 1
-# Configuration parameters: ExpectMatchingDefinition, Regex, IgnoreExecutableScripts, AllowedAcronyms.
-# AllowedAcronyms: CLI, DSL, ACL, API, ASCII, CPU, CSS, DNS, EOF, GUID, HTML, HTTP, HTTPS, ID, IP, JSON, LHS, QPS, RAM, RHS, RPC, SLA, SMTP, SQL, SSH, TCP, TLS, TTL, UDP, UI, UID, UUID, URI, URL, UTF8, VM, XML, XMPP, XSRF, XSS
-Style/FileName:
-  Exclude:
-    - 'lib/omniauth-artsy.rb'
-
-# Offense count: 1
-# Configuration parameters: EnforcedStyle, SupportedStyles.
-# SupportedStyles: module_function, extend_self
-Style/ModuleFunction:
-  Exclude:
-    - 'lib/omniauth-artsy/config.rb'
-
-# Offense count: 1
+# Offense count: 3
 # Cop supports --auto-correct.
-# Configuration parameters: SupportedStyles.
-# SupportedStyles: percent, brackets
-Style/SymbolArray:
-  EnforcedStyle: brackets
+# Configuration parameters: AutoCorrect, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# URISchemes: http, https
+Layout/LineLength:
+  Max: 154

data/.travis.yml

@@ -3,17 +3,17 @@ language: ruby
 cache: bundler
 
 rvm:
-  - 2.3.0
-  - 2.2
-  - rbx-2
-  - jruby-19mode
+  - 2.6.0
+  - 2.5.3
+  - 2.4.4
+  - jruby-9.2.5.0
   - ruby-head
   - jruby-head
 
 matrix:
   allow_failures:
-    - rvm: rbx-2
     - rvm: ruby-head
+    - rvm: jruby-9.2.5.0
     - rvm: jruby-head
 
 before_install:

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 gemspec

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bundler'
 Bundler::GemHelper.install_tasks
 
@@ -9,4 +11,4 @@ end
 require 'rubocop/rake_task'
 RuboCop::RakeTask.new(:rubocop)
 
-task default: [:rubocop, :spec]
+task default: %i[rubocop spec]

data/lib/omniauth-artsy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'omniauth-artsy/version'
 require 'omniauth-artsy/config'
 require 'omniauth/strategies/artsy'

data/lib/omniauth-artsy/config.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OmniAuth
   module Artsy
     module Config

data/lib/omniauth-artsy/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module Omniauth
   module Artsy
-    VERSION = '0.2.3'.freeze
+    VERSION = '0.3.0'
   end
 end

data/lib/omniauth/strategies/artsy.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'omniauth-oauth2'
 
 module OmniAuth
@@ -8,14 +10,16 @@ module OmniAuth
                site: OmniAuth::Artsy.config.artsy_api_url || ENV['ARTSY_API_URL'] || ENV['gravity_url'],
                authorize_url: '/oauth2/authorize?scope=offline_access&response_type=code',
                token_url: '/oauth2/access_token?scope=offline_access&response_type=code&grant_type=authorization_code'
+        # TODO: Allow GET requests to redirect to /auth/artsy for now, which exposes us
+        # to CSRF attacks. We'll want to change the auth redirect behavior to a POST
+        # request at some point in the future.
+        # https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
+        OmniAuth.config.allowed_request_methods = %i[post get] if OmniAuth.config.respond_to?(:allowed_request_methods=)
+        OmniAuth.config.silence_get_warning = true if OmniAuth.config.respond_to?(:silence_get_warning=)
       end
 
       configure
 
-      def request_phase
-        super
-      end
-
       uid do
         raw_info['id']
       end

data/omniauth-artsy.gemspec

@@ -1,24 +1,32 @@
-$LOAD_PATH.push File.expand_path('lib', __dir__)
-require 'omniauth-artsy/version'
-
-Gem::Specification.new do |s|
-  s.name = 'omniauth-artsy'
-  s.version = Omniauth::Artsy::VERSION
-  s.platform = Gem::Platform::RUBY
-  s.authors = ['Dylan Fareed']
-  s.email = ['dylan@artsy.net']
-  s.homepage = 'https://github.com/artsy/omniauth-artsy'
-  s.summary = 'Omniauth plugin for Artsy authentication.  '
-  s.description = 'Omniauth plugin for Artsy authentication.  '
-  s.files = `git ls-files`.split("\n")
-  s.test_files = `git ls-files -- spec/*`.split("\n")
-  s.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
-  s.require_paths = ['lib']
-  s.license = 'MIT'
-
-  s.add_runtime_dependency 'omniauth-oauth2', '>= 1.1.2'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop'
-  s.add_development_dependency 'webmock'
+# frozen_string_literal: true
+
+require_relative 'lib/omniauth-artsy/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'omniauth-artsy'
+  spec.version = Omniauth::Artsy::VERSION
+  spec.authors = ['Artsy']
+  spec.email = ['dev@artsy.net']
+
+  spec.summary = 'Omniauth plugin for Artsy authentication.'
+  spec.description = 'Omniauth plugin for Artsy authentication.'
+  spec.homepage = 'https://github.com/artsy/omniauth-artsy'
+  spec.license = 'MIT'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = spec.homepage
+  spec.metadata['changelog_uri'] = 'https://github.com/artsy/omniauth-artsy/blob/master/CHANGELOG.md'
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency 'omniauth-oauth2', '>= 1.1.2'
+
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rubocop'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-artsy
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.0
 platform: ruby
 authors:
-- Dylan Fareed
-autorequire: 
+- Artsy
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-25 00:00:00.000000000 Z
+date: 2021-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
@@ -66,23 +66,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: webmock
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-description: 'Omniauth plugin for Artsy authentication.  '
+description: Omniauth plugin for Artsy authentication.
 email:
-- dylan@artsy.net
+- dev@artsy.net
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -102,14 +88,14 @@ files:
 - lib/omniauth-artsy/version.rb
 - lib/omniauth/strategies/artsy.rb
 - omniauth-artsy.gemspec
-- spec/lib/config_spec.rb
-- spec/omniauth/strategies/artsy_spec.rb
-- spec/spec_helper.rb
 homepage: https://github.com/artsy/omniauth-artsy
 licenses:
 - MIT
-metadata: {}
-post_install_message: 
+metadata:
+  homepage_uri: https://github.com/artsy/omniauth-artsy
+  source_code_uri: https://github.com/artsy/omniauth-artsy
+  changelog_uri: https://github.com/artsy/omniauth-artsy/blob/master/CHANGELOG.md
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -117,19 +103,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.8
-signing_key: 
+rubygems_version: 3.0.9
+signing_key:
 specification_version: 4
 summary: Omniauth plugin for Artsy authentication.
-test_files:
-- spec/lib/config_spec.rb
-- spec/omniauth/strategies/artsy_spec.rb
-- spec/spec_helper.rb
+test_files: []

data/spec/lib/config_spec.rb

@@ -1,18 +0,0 @@
-require 'spec_helper'
-
-describe OmniAuth::Artsy::Config do
-  describe '#configure' do
-    before do
-      expect(OmniAuth::Artsy).to receive(:reconfigure_strategy).once
-      OmniAuth::Artsy.configure do |config|
-        config.artsy_api_url = 'http://localhost:3000/api'
-      end
-    end
-    after do
-      OmniAuth::Artsy.config.reset
-    end
-    it 'sets token' do
-      expect(OmniAuth::Artsy.config.artsy_api_url).to eq 'http://localhost:3000/api'
-    end
-  end
-end

data/spec/omniauth/strategies/artsy_spec.rb

@@ -1,84 +0,0 @@
-require 'spec_helper'
-
-describe OmniAuth::Strategies::Artsy do
-  before :each do
-    @request = double('Request')
-    allow(@request).to receive(:params) { {} }
-
-    @client_id = '912831askljfd2'
-    @client_secret = 'dfallksdfoads'
-    @domain = 'artsy.net'
-    @uid = 'asdfasdfadsfcdad'
-    @name = 'Bobert Smithson'
-    @email = 'email@spiraljeezey.com'
-
-    @raw_info_hash = { 'id' => @uid, 'name' => @name, 'email' => @email }
-  end
-
-  subject do
-    OmniAuth::Strategies::Artsy.new(nil, @options || {}).tap do |strategy|
-      allow(strategy).to receive(:request) { @request }
-    end
-  end
-
-  describe '#client_options' do
-    it 'returns correct url for Artsy API URL when it was set' do
-      OmniAuth::Artsy.configure do |config|
-        config.artsy_api_url = 'http://api.test.url'
-      end
-      expect(subject.options.client_options.site).to eq 'http://api.test.url'
-    end
-
-    it 'has correct authorize url' do
-      expect(subject.options.client_options.authorize_url).to eq('/oauth2/authorize?scope=offline_access&response_type=code')
-    end
-
-    it 'has correct token_url url' do
-      expect(subject.options.client_options.token_url).to eq('/oauth2/access_token?scope=offline_access&response_type=code&grant_type=authorization_code')
-    end
-  end
-
-  it 'fetches raw_info' do
-    access_token = instance_double(OAuth2::AccessToken, token: 'secret')
-    allow(subject).to receive(:access_token).and_return(access_token)
-
-    response = instance_double(OAuth2::Response, parsed: @raw_info_hash)
-    expect(access_token).to receive(:get).with('/api/current_user', headers: { 'X-ACCESS-TOKEN' => 'secret' }).and_return(response)
-
-    expect(subject.raw_info).to eq(@raw_info_hash)
-  end
-
-  describe 'with raw_info' do
-    before :each do
-      allow(subject).to receive(:raw_info) { @raw_info_hash }
-    end
-
-    describe '#uid' do
-      it 'returns the uid from raw_info' do
-        expect(subject.uid).to eq(@uid)
-      end
-    end
-
-    describe '#info' do
-      context 'when data is present in raw info' do
-        it 'returns the name' do
-          expect(subject.info[:raw_info]['name']).to eq(@name)
-        end
-        it 'returns the email' do
-          expect(subject.info[:raw_info]['email']).to eq(@email)
-        end
-      end
-    end
-
-    describe '#info' do
-      context 'when data is present in raw info' do
-        it 'returns the name' do
-          expect(subject.info[:raw_info]['name']).to eq(@name)
-        end
-        it 'returns the email' do
-          expect(subject.info[:raw_info]['email']).to eq(@email)
-        end
-      end
-    end
-  end
-end

data/spec/spec_helper.rb

@@ -1,8 +0,0 @@
-$LOAD_PATH.unshift File.expand_path(__dir__)
-$LOAD_PATH.unshift File.expand_path('../lib', __dir__)
-
-require 'omniauth-artsy'
-require 'rspec'
-require 'webmock/rspec'
-
-RSpec.configure(&:raise_errors_for_deprecations!)