omniauth-artsy 0.3.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +16 -1
  3. data/lib/omniauth/strategies/artsy.rb +2 -7
  4. data/lib/omniauth-artsy/version.rb +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 288c57c8e47b184a09c410179705501e5c09f4d0594f7278cef990d7842c12f3
4
- data.tar.gz: 0acc42b621eb30cc637da2a8a55d002c7739dbbe4ac9cd7d8d9a49b0d2290268
3
+ metadata.gz: ca82c0fae98546412426c5ac17a13cb3b045d0b32aa215ce363c69cc26bd1987
4
+ data.tar.gz: 791642de60880e731ec20425552763b8e8eb7b85816d5c438f0dd6e9d92456ad
5
5
  SHA512:
6
- metadata.gz: 656a8269b399888fbbd912bad9527bd694c0fa14af85e93eecd0cc5cbca6b45b1a738d21e07ccd13239946ab45aa80878318c4aa02735101c8d47bbd06e9c370
7
- data.tar.gz: 759dee1cfa6c4c99e3bfc1129d7ac6cd6996756c86abf9fb5ebcb80bfcdfc04dad0aee3a1afd9933006eb61ea0c45c41c1a34726cb3e80f8c88d28431b6fae6c
6
+ metadata.gz: 98b476247df5fcda19e94667066d0c0bcdf0a2f2a6e1c75aa9c045c214ea43af7321913bd1001d0bb3149e8c3e19f6c64cea46b6f45ad877ea44a48c2d1480be
7
+ data.tar.gz: 92e1eb6839f105a18b70bea9c77f92026c6df9e148466a27336fd7acb7478cacf187c1b4e2670f13280d3b661f739c9a00134c4f397f072327b267081937803a
data/CHANGELOG.md CHANGED
@@ -1,8 +1,23 @@
1
- 0.2.3 (Next)
1
+ (Next)
2
2
  ===========
3
3
 
4
4
  * Your contribution here.
5
5
 
6
+ 0.5.0
7
+ ===========
8
+
9
+ * [#17](https://github.com/artsy/omniauth-artsy/pull/17): specify auth_scheme for compatibility with oauth2 >=2 - [@joeyAghion](https://github.com/joeyAghion).
10
+
11
+ 0.4.0
12
+ ============
13
+
14
+ * [#16](https://github.com/artsy/omniauth-artsy/pull/16): Disallow GET requests for omniauth - [@starsirius](https://github.com/starsirius).
15
+
16
+ 0.3.0
17
+ ============
18
+
19
+ * [#14](https://github.com/artsy/omniauth-artsy/pull/14): Allow GET requests for omniauth - [@ansor4](https://github.com/ansor4).
20
+
6
21
  0.2.3
7
22
  ============
8
23
 
data/lib/omniauth/strategies/artsy.rb CHANGED
@@ -9,13 +9,8 @@ module OmniAuth
9
9
  option :client_options,
10
10
  site: OmniAuth::Artsy.config.artsy_api_url || ENV['ARTSY_API_URL'] || ENV['gravity_url'],
11
11
  authorize_url: '/oauth2/authorize?scope=offline_access&response_type=code',
12
- token_url: '/oauth2/access_token?scope=offline_access&response_type=code&grant_type=authorization_code'
13
- # TODO: Allow GET requests to redirect to /auth/artsy for now, which exposes us
14
- # to CSRF attacks. We'll want to change the auth redirect behavior to a POST
15
- # request at some point in the future.
16
- # https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
17
- OmniAuth.config.allowed_request_methods = %i[post get] if OmniAuth.config.respond_to?(:allowed_request_methods=)
18
- OmniAuth.config.silence_get_warning = true if OmniAuth.config.respond_to?(:silence_get_warning=)
12
+ token_url: '/oauth2/access_token?scope=offline_access&response_type=code&grant_type=authorization_code',
13
+ auth_scheme: :request_body
19
14
  end
20
15
 
21
16
  configure
data/lib/omniauth-artsy/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Omniauth
4
4
  module Artsy
5
- VERSION = '0.3.0'
5
+ VERSION = '0.5.0'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-artsy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Artsy
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-01 00:00:00.000000000 Z
11
+ date: 2023-10-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-oauth2
@@ -110,7 +110,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
110
110
  - !ruby/object:Gem::Version
111
111
  version: '0'
112
112
  requirements: []
113
- rubygems_version: 3.0.9
113
+ rubygems_version: 3.4.19
114
114
  signing_key:
115
115
  specification_version: 4
116
116
  summary: Omniauth plugin for Artsy authentication.