omniauth-auth0 2.3.1 → 2.4.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of omniauth-auth0 might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 735b9218b77206e4e3c8d2a3e0aa983fa4b5fc41591a593ea681d5bcaa8c12d6
4
- data.tar.gz: d66683b025e4dbe28c3986e5f271b71087145d1f3b9f8c425b89bc139a77750f
3
+ metadata.gz: 33f4a34bf39a6fb628e07ed669624f1917d07353ed6f1b90d1a7e49f159c34f0
4
+ data.tar.gz: 75b2362d94d4dfaa802a5a858c2b6c9c01dbd594393670c69280f21b96732ff2
5
5
  SHA512:
6
- metadata.gz: '02885a905400e376c738b6fd01892e372902f8394b10d5c1436d6105127e28055827c4ca2b09f3d31df0d163dd01ea8f5dd8d53fdf2f8fc1201ba116cdcb6b9f'
7
- data.tar.gz: e7b50a03c9ed21e981d89a4fa36f220da3bac9e963999fc56762ada02b19873e3452d6084198595924fa4e2be8480bfac6150e56d4536c5cf93b53369ded3253
6
+ metadata.gz: bd3d007acf54fdf777fd9793eb24a0512504969436bc88420f51c21647fb4099815bb099e980e1d27bcbb3e187efb3a767bdb9b59b9f08b549ebf9e011072bc9
7
+ data.tar.gz: 36c5a4202d76c35d52dfdf1168895a03a66cad08400150444642f1dae4c9a285b0c856ffcbed3d49763c14a9c2201dc8ab96e3dffa9c50aad3c8c201e2784f59
@@ -2,7 +2,7 @@ version: 2.1
2
2
  jobs:
3
3
  run-tests:
4
4
  docker:
5
- - image: circleci/ruby:2.4.6-jessie
5
+ - image: circleci/ruby:2.5.7-buster
6
6
  steps:
7
7
  - checkout
8
8
  - restore_cache:
@@ -10,12 +10,6 @@ jobs:
10
10
  - gems-v2-{{ checksum "Gemfile.lock" }}
11
11
  - gems-v2-
12
12
  - run: bundle check || bundle install
13
- - persist_to_workspace:
14
- root: .
15
- paths:
16
- - Gemfile
17
- - Gemfile.lock
18
- - .snyk
19
13
  - save_cache:
20
14
  key: gems-v2--{{ checksum "Gemfile.lock" }}
21
15
  paths:
@@ -1,5 +1,18 @@
1
1
  # Change Log
2
2
 
3
+ ## [v2.4.0](https://github.com/auth0/omniauth-auth0/tree/v2.4.0) (2020-09-22)
4
+
5
+ [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.1...v2.4.0)
6
+
7
+ **Security**
8
+ - Bump rack from 2.2.2 to 2.2.3 [\#107](https://github.com/auth0/omniauth-auth0/pull/107) ([dependabot](https://github.com/dependabot))
9
+ - Update dependencies [\#100](https://github.com/auth0/omniauth-auth0/pull/100) ([Albalmaceda](https://github.com/Albalmaceda))
10
+
11
+ **Added**
12
+ - Add support for screen_hint=signup param [\#103](https://github.com/auth0/omniauth-auth0/pull/103) ([bbean86](https://github.com/bbean86))
13
+ - Add support for `connection_scope` in params [\#99](https://github.com/auth0/omniauth-auth0/pull/99) ([felixclack](https://github.com/felixclack))
14
+
15
+
3
16
  ## [v2.3.1](https://github.com/auth0/omniauth-auth0/tree/v2.3.1) (2020-03-27)
4
17
 
5
18
  [Full Changelog](https://github.com/auth0/omniauth-auth0/compare/v2.3.0...v2.3.1)
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- omniauth-auth0 (2.3.1)
4
+ omniauth-auth0 (2.4.0)
5
5
  omniauth-oauth2 (~> 1.5)
6
6
 
7
7
  GEM
@@ -9,22 +9,20 @@ GEM
9
9
  specs:
10
10
  addressable (2.7.0)
11
11
  public_suffix (>= 2.0.2, < 5.0)
12
- ast (2.4.0)
13
- codecov (0.1.16)
12
+ ast (2.4.1)
13
+ codecov (0.2.11)
14
14
  json
15
15
  simplecov
16
- url
17
- coderay (1.1.2)
18
- crack (0.4.3)
19
- safe_yaml (~> 1.0.0)
16
+ coderay (1.1.3)
17
+ crack (0.4.4)
20
18
  daemons (1.3.1)
21
- diff-lcs (1.3)
19
+ diff-lcs (1.4.4)
22
20
  docile (1.3.2)
23
- dotenv (2.7.5)
21
+ dotenv (2.7.6)
24
22
  eventmachine (1.2.7)
25
- faraday (1.0.0)
23
+ faraday (1.0.1)
26
24
  multipart-post (>= 1.2, < 3)
27
- ffi (1.12.2)
25
+ ffi (1.13.1)
28
26
  formatador (0.2.5)
29
27
  gem-release (2.1.1)
30
28
  guard (2.16.2)
@@ -43,16 +41,15 @@ GEM
43
41
  rspec (>= 2.99.0, < 4.0)
44
42
  hashdiff (1.0.1)
45
43
  hashie (4.1.0)
46
- jaro_winkler (1.5.4)
47
- json (2.3.0)
48
- jwt (2.2.1)
44
+ json (2.3.1)
45
+ jwt (2.2.2)
49
46
  listen (3.1.5)
50
47
  rb-fsevent (~> 0.9, >= 0.9.4)
51
48
  rb-inotify (~> 0.9, >= 0.9.7)
52
49
  ruby_dep (~> 1.2)
53
- lumberjack (1.2.4)
50
+ lumberjack (1.2.8)
54
51
  method_source (1.0.0)
55
- multi_json (1.14.1)
52
+ multi_json (1.15.0)
56
53
  multi_xml (0.6.0)
57
54
  multipart-post (2.1.1)
58
55
  mustermann (1.1.1)
@@ -70,63 +67,66 @@ GEM
70
67
  omniauth (1.9.1)
71
68
  hashie (>= 3.4.6)
72
69
  rack (>= 1.6.2, < 3)
73
- omniauth-oauth2 (1.6.0)
74
- oauth2 (~> 1.1)
70
+ omniauth-oauth2 (1.7.0)
71
+ oauth2 (~> 1.4)
75
72
  omniauth (~> 1.9)
76
- parallel (1.19.1)
77
- parser (2.7.0.5)
78
- ast (~> 2.4.0)
79
- pry (0.13.0)
73
+ parallel (1.19.2)
74
+ parser (2.7.1.4)
75
+ ast (~> 2.4.1)
76
+ pry (0.13.1)
80
77
  coderay (~> 1.1)
81
78
  method_source (~> 1.0)
82
- public_suffix (4.0.3)
83
- rack (2.2.2)
84
- rack-protection (2.0.8.1)
79
+ public_suffix (4.0.6)
80
+ rack (2.2.3)
81
+ rack-protection (2.1.0)
85
82
  rack
86
83
  rack-test (1.1.0)
87
84
  rack (>= 1.0, < 3)
88
85
  rainbow (3.0.0)
89
86
  rake (13.0.1)
90
- rb-fsevent (0.10.3)
87
+ rb-fsevent (0.10.4)
91
88
  rb-inotify (0.10.1)
92
89
  ffi (~> 1.0)
90
+ regexp_parser (1.8.0)
93
91
  rexml (3.2.4)
94
92
  rspec (3.9.0)
95
93
  rspec-core (~> 3.9.0)
96
94
  rspec-expectations (~> 3.9.0)
97
95
  rspec-mocks (~> 3.9.0)
98
- rspec-core (3.9.1)
99
- rspec-support (~> 3.9.1)
100
- rspec-expectations (3.9.1)
96
+ rspec-core (3.9.2)
97
+ rspec-support (~> 3.9.3)
98
+ rspec-expectations (3.9.2)
101
99
  diff-lcs (>= 1.2.0, < 2.0)
102
100
  rspec-support (~> 3.9.0)
103
101
  rspec-mocks (3.9.1)
104
102
  diff-lcs (>= 1.2.0, < 2.0)
105
103
  rspec-support (~> 3.9.0)
106
- rspec-support (3.9.2)
107
- rubocop (0.80.1)
108
- jaro_winkler (~> 1.5.1)
104
+ rspec-support (3.9.3)
105
+ rubocop (0.91.0)
109
106
  parallel (~> 1.10)
110
- parser (>= 2.7.0.1)
107
+ parser (>= 2.7.1.1)
111
108
  rainbow (>= 2.2.2, < 4.0)
109
+ regexp_parser (>= 1.7)
112
110
  rexml
111
+ rubocop-ast (>= 0.4.0, < 1.0)
113
112
  ruby-progressbar (~> 1.7)
114
- unicode-display_width (>= 1.4.0, < 1.7)
113
+ unicode-display_width (>= 1.4.0, < 2.0)
114
+ rubocop-ast (0.4.2)
115
+ parser (>= 2.7.1.4)
115
116
  ruby-progressbar (1.10.1)
116
117
  ruby2_keywords (0.0.2)
117
118
  ruby_dep (1.5.0)
118
- safe_yaml (1.0.5)
119
119
  shellany (0.0.1)
120
120
  shotgun (0.9.2)
121
121
  rack (>= 1.0)
122
- simplecov (0.18.5)
122
+ simplecov (0.19.0)
123
123
  docile (~> 1.1)
124
124
  simplecov-html (~> 0.11)
125
125
  simplecov-html (0.12.2)
126
- sinatra (2.0.8.1)
126
+ sinatra (2.1.0)
127
127
  mustermann (~> 1.0)
128
- rack (~> 2.0)
129
- rack-protection (= 2.0.8.1)
128
+ rack (~> 2.2)
129
+ rack-protection (= 2.1.0)
130
130
  tilt (~> 2.0)
131
131
  thin (1.7.2)
132
132
  daemons (~> 1.0, >= 1.0.9)
@@ -134,9 +134,8 @@ GEM
134
134
  rack (>= 1, < 3)
135
135
  thor (1.0.1)
136
136
  tilt (2.0.10)
137
- unicode-display_width (1.6.1)
138
- url (0.3.2)
139
- webmock (3.8.3)
137
+ unicode-display_width (1.7.0)
138
+ webmock (3.9.1)
140
139
  addressable (>= 2.3.6)
141
140
  crack (>= 0.3.2)
142
141
  hashdiff (>= 0.4.0, < 2.0.0)
data/README.md CHANGED
@@ -1,13 +1,14 @@
1
1
  # OmniAuth Auth0
2
2
 
3
- An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating with [Auth0](https://auth0.com). This strategy is based on the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy.
3
+ An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating with [Auth0](https://auth0.com). This strategy is based on the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy.
4
4
 
5
- **Important security note:** The parent library for this strategy currently has an unresolved security issue. Please see the discussion, including mitigations for Rails and non-Rails applications, [here](https://github.com/auth0/omniauth-auth0/issues/82).
5
+ > :warning: **Important security note:** This solution uses a 3rd party library with an unresolved [security issue(s)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284). Please review the details of the vulnerability, including [Auth0](https://github.com/auth0/omniauth-auth0/issues/82 ) and other recommended [mitigations](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284), before implementing the solution.
6
6
 
7
7
  [![CircleCI](https://img.shields.io/circleci/project/github/auth0/omniauth-auth0/master.svg)](https://circleci.com/gh/auth0/omniauth-auth0)
8
8
  [![codecov](https://codecov.io/gh/auth0/omniauth-auth0/branch/master/graph/badge.svg)](https://codecov.io/gh/auth0/omniauth-auth0)
9
9
  [![Gem Version](https://badge.fury.io/rb/omniauth-auth0.svg)](https://badge.fury.io/rb/omniauth-auth0)
10
10
  [![MIT licensed](https://img.shields.io/dub/l/vibe-d.svg?style=flat)](https://github.com/auth0/omniauth-auth0/blob/master/LICENSE)
11
+ [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_shield)
11
12
 
12
13
  ## Table of Contents
13
14
 
@@ -45,7 +46,7 @@ Then install:
45
46
  $ bundle install
46
47
  ```
47
48
 
48
- See our [contributing guide](CONTRIBUTING.md) for information on local installation for development.
49
+ See our [contributing guide](CONTRIBUTING.md) for information on local installation for development.
49
50
 
50
51
  ## Getting Started
51
52
 
@@ -63,7 +64,7 @@ All of these tasks and more are covered in our [Ruby on Rails Quickstart](https:
63
64
  To send additional parameters during login, you can specify them when you register the provider:
64
65
 
65
66
  ```ruby
66
- provider
67
+ provider
67
68
  :auth0,
68
69
  ENV['AUTH0_CLIENT_ID'],
69
70
  ENV['AUTH0_CLIENT_SECRET'],
@@ -121,6 +122,17 @@ The Auth0 strategy will provide the standard OmniAuth hash attributes:
121
122
  }
122
123
  ```
123
124
 
125
+ ### Query Parameter Options
126
+
127
+ In some scenarios, you may need to pass specific query parameters to `/authorize`. The following parameters are available to enable this:
128
+
129
+ - `connection`
130
+ - `connection_scope`
131
+ - `prompt`
132
+ - `screen_hint` (only relevant to New Universal Login Experience)
133
+
134
+ Simply pass these query parameters to your OmniAuth redirect endpoint to enable their behavior.
135
+
124
136
  ## Contribution
125
137
 
126
138
  We appreciate feedback and contribution to this repo! Before you get started, please see the following:
@@ -133,7 +145,7 @@ We appreciate feedback and contribution to this repo! Before you get started, pl
133
145
 
134
146
  - Use [Community](https://community.auth0.com/) for usage, questions, specific cases.
135
147
  - Use [Issues](https://github.com/auth0/omniauth-auth0/issues) here for code-level support and bug reports.
136
- - Paid customers can use [Support](https://support.auth0.com/) to submit a trouble ticket for production-affecting issues.
148
+ - Paid customers can use [Support](https://support.auth0.com/) to submit a trouble ticket for production-affecting issues.
137
149
 
138
150
  ## Vulnerability Reporting
139
151
 
@@ -155,3 +167,6 @@ Auth0 helps you to easily:
155
167
  ## License
156
168
 
157
169
  The OmniAuth Auth0 strategy is licensed under MIT - [LICENSE](LICENSE)
170
+
171
+
172
+ [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fomniauth-auth0?ref=badge_large)
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Auth0
3
- VERSION = '2.3.1'.freeze
3
+ VERSION = '2.4.0'.freeze
4
4
  end
5
5
  end
@@ -86,7 +86,7 @@ module OmniAuth
86
86
  def authorize_params
87
87
  params = super
88
88
  parsed_query = Rack::Utils.parse_query(request.query_string)
89
- %w[connection prompt].each do |key|
89
+ %w[connection connection_scope prompt screen_hint].each do |key|
90
90
  params[key] = parsed_query[key] if parsed_query.key?(key)
91
91
  end
92
92
 
@@ -94,7 +94,7 @@ module OmniAuth
94
94
  params[:nonce] = SecureRandom.hex
95
95
  # Generate leeway if none exists
96
96
  params[:leeway] = 60 unless params[:leeway]
97
-
97
+
98
98
  # Store authorize params in the session for token verification
99
99
  session['authorize_params'] = params
100
100
 
@@ -83,7 +83,9 @@ describe OmniAuth::Strategies::Auth0 do
83
83
  expect(redirect_url).to have_query('redirect_uri')
84
84
  expect(redirect_url).not_to have_query('auth0Client')
85
85
  expect(redirect_url).not_to have_query('connection')
86
+ expect(redirect_url).not_to have_query('connection_scope')
86
87
  expect(redirect_url).not_to have_query('prompt')
88
+ expect(redirect_url).not_to have_query('screen_hint')
87
89
  end
88
90
 
89
91
  it 'redirects to hosted login page' do
@@ -97,7 +99,18 @@ describe OmniAuth::Strategies::Auth0 do
97
99
  expect(redirect_url).to have_query('redirect_uri')
98
100
  expect(redirect_url).to have_query('connection', 'abcd')
99
101
  expect(redirect_url).not_to have_query('auth0Client')
102
+ expect(redirect_url).not_to have_query('connection_scope')
100
103
  expect(redirect_url).not_to have_query('prompt')
104
+ expect(redirect_url).not_to have_query('screen_hint')
105
+ end
106
+
107
+ it 'redirects to the hosted login page with connection_scope' do
108
+ get 'auth/auth0?connection_scope=identity_provider_scope'
109
+ expect(last_response.status).to eq(302)
110
+ redirect_url = last_response.headers['Location']
111
+ expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
112
+ expect(redirect_url)
113
+ .to have_query('connection_scope', 'identity_provider_scope')
101
114
  end
102
115
 
103
116
  it 'redirects to hosted login page with prompt=login' do
@@ -114,6 +127,20 @@ describe OmniAuth::Strategies::Auth0 do
114
127
  expect(redirect_url).not_to have_query('connection')
115
128
  end
116
129
 
130
+ it 'redirects to hosted login page with screen_hint=signup' do
131
+ get 'auth/auth0?screen_hint=signup'
132
+ expect(last_response.status).to eq(302)
133
+ redirect_url = last_response.headers['Location']
134
+ expect(redirect_url).to start_with('https://samples.auth0.com/authorize')
135
+ expect(redirect_url).to have_query('response_type', 'code')
136
+ expect(redirect_url).to have_query('state')
137
+ expect(redirect_url).to have_query('client_id')
138
+ expect(redirect_url).to have_query('redirect_uri')
139
+ expect(redirect_url).to have_query('screen_hint', 'signup')
140
+ expect(redirect_url).not_to have_query('auth0Client')
141
+ expect(redirect_url).not_to have_query('connection')
142
+ end
143
+
117
144
  describe 'callback' do
118
145
  let(:access_token) { 'access token' }
119
146
  let(:expires_in) { 2000 }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-auth0
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.1
4
+ version: 2.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Auth0
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-03-27 00:00:00.000000000 Z
11
+ date: 2020-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-oauth2
@@ -88,7 +88,7 @@ homepage: https://github.com/auth0/omniauth-auth0
88
88
  licenses:
89
89
  - MIT
90
90
  metadata: {}
91
- post_install_message:
91
+ post_install_message:
92
92
  rdoc_options: []
93
93
  require_paths:
94
94
  - lib
@@ -103,8 +103,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
103
103
  - !ruby/object:Gem::Version
104
104
  version: '0'
105
105
  requirements: []
106
- rubygems_version: 3.0.1
107
- signing_key:
106
+ rubygems_version: 3.1.2
107
+ signing_key:
108
108
  specification_version: 4
109
109
  summary: OmniAuth OAuth2 strategy for the Auth0 platform.
110
110
  test_files: