omniauth-azure-activedirectory-davevanfleet 1.0.0

data/omniauth-azure-activedirectory-davevanfleet.gemspec

@@ -0,0 +1,29 @@
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
+require 'omniauth/azure_activedirectory_davevanfleet/version'
+
+Gem::Specification.new do |s|
+  s.name            = 'omniauth-azure-activedirectory-davevanfleet'
+  s.version         = OmniAuth::AzureActiveDirectoryDavevanfleet::VERSION
+  s.author          = 'Microsoft Corporation'
+  s.email           = 'nugetaad@microsoft.com'
+  s.summary         = 'Azure Active Directory strategy for OmniAuth'
+  s.description     = 'Allows developers to authenticate to AAD'
+  s.homepage        = 'https://github.com/AzureAD/omniauth-azure-activedirectory'
+  s.license         = 'MIT'
+
+  s.files           = `git ls-files`.split("\n")
+  s.require_paths   = ['lib']
+
+  s.required_ruby_version = '>= 2.2'
+
+  s.add_runtime_dependency 'jwt', '>= 2.0'
+  s.add_runtime_dependency 'oauth2', '~> 1.1'
+  s.add_runtime_dependency 'omniauth', '~> 2.0'
+  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.7.1'
+
+  s.add_development_dependency 'rake', '~> 12.0'
+  s.add_development_dependency 'rspec', '~> 3.6'
+  s.add_development_dependency 'rubocop', '~> 0.49'
+  s.add_development_dependency 'simplecov', '~> 0.10'
+  s.add_development_dependency 'webmock', '~> 1.21'
+end

data/spec/fixtures/id_token.txt

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFiYzEyMyJ9.eyJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9idW5jaC1vZi1yYW5kb20tY2hhcnMiLCJuYW1lIjoiSm9obiBTbWl0aCIsImF1ZCI6InRoZSBjbGllbnQgaWQiLCJub25jZSI6Im15IG5vbmNlIiwiZ2l2ZW5fbmFtZSI6IkpvaG4iLCJmYW1pbHlfbmFtZSI6InNtaXRoIiwiZW1haWwiOiJqc21pdGhAY29udG9zby5jb20iLCJjX2hhc2giOiJWcFRRaWk1VF84cmd3eEEtV3RiMkJ3In0.Xz9SL1dm9xeJ3YtBIwSpL7SHEMr5lsL32mkJIugoAt7rNhj2ZauN77_N3skU9FIRTVb_XBFHrLo1AXion7RWoOGAMk8xnuQRlhamGoWsjttWE9oO6J6kuQPSDBvLTA88UqLoGNezDwFNfgUFQq-66m33ZWdkiNOFoFZ_In6DtAwxHZZUys-KoYD3iCbviUoBzU57aV-SBsWyComq39pDGpw03qZoa_xgRfujdVHG1DKlO5VG79kUE3ySYWJyBYVKUdAzjH1iotjpPA1svtqytn4CUldAMi4nnf7iq5SCJMb4ucu0mN6AhJH9ktY--fGY6_OidyiDe4F57ZzLw-3jOQ

data/spec/fixtures/id_token_bad_audience.txt

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFiYzEyMyJ9.eyJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9idW5jaC1vZi1yYW5kb20tY2hhcnMiLCJuYW1lIjoiSm9obiBTbWl0aCIsImF1ZCI6Im5vdCB0aGUgY2xpZW50IGlkIiwibm9uY2UiOiJteSBub25jZSIsImdpdmVuX25hbWUiOiJKb2huIiwiZmFtaWx5X25hbWUiOiJzbWl0aCIsImVtYWlsIjoianNtaXRoQGNvbnRvc28uY29tIn0.gGCFTcGDBb2P5tPRj2ojUUiwOJoSslQlxEVTElZY6FCzCZzcypsnrYOB9Adkztp2AWF4wW9fT58lqXwaahKquXtK4wyK4KoNBxXBhS4sDMeNpVkK4914tT_6gecvyUsI_tlJaS0epd5c0mN9-1QjgvNEirY1L-XYaT290LmLYVYIFTEJXoSlnwvv081k0txdJZKr14JXd_bSLUbhGSd-NcGZkJuVmg2F_C65zd1wUsQOkV2iVdJ-ycaDJklv8-DFfDFIHQio8S9yqyieHwArRmTW9HzcoHhWBh2MIItszoTSbmQEF062NtNBPW8gyk1OSot5X9klJUhgPAAFqJ0TJQ

data/spec/fixtures/id_token_bad_chash.txt

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFiYzEyMyJ9.eyJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9idW5jaC1vZi1yYW5kb20tY2hhcnMiLCJuYW1lIjoiSm9obiBTbWl0aCIsImF1ZCI6InRoZSBjbGllbnQgaWQiLCJub25jZSI6Im15IG5vbmNlIiwiZ2l2ZW5fbmFtZSI6IkpvaG4iLCJmYW1pbHlfbmFtZSI6InNtaXRoIiwiZW1haWwiOiJqc21pdGhAY29udG9zby5jb20iLCJjX2hhc2giOiI1WEhDdk9qcUgtbnJBXzNXNUJYaWJnIn0.EHPFrxMbr2EH1IZ15F3oP1yvrukadY4ggZSOxm625qPoMxfhv-QzFm0YMhkAG0cLM_LSHi_RgedDwTGuzOtIWqmheYzydnhtbIBeKmx0RSgdob6WeiTZwJ93VRiV4q82Qda41JaaIl_wdWd4lVyVstd9o9jPYMtKEVLgaNDrtHt6pPxEGCVraiaM6tVyKc5XIHu3wNaqle5UZZREU6oirwTCUhXDZkz1g5qY2-aWUdfFVsElSarJuMcxGDPD20hvx7T3D7SCHAF8WhKw3AwQyrodKWCo3cqDOz6vHymb_-ELkJc14GMbtJiyrf6XYySZZoseoI_WBDmLfKcK637xCw

data/spec/fixtures/id_token_bad_issuer.txt

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFiYzEyMyJ9.eyJpc3MiOiJodHRwczovL3N0cy5pbXBvc3Rlci5uZXQvYnVuY2gtb2YtcmFuZG9tLWNoYXJzIiwibmFtZSI6IkpvaG4gU21pdGgiLCJhdWQiOiJ0aGUgY2xpZW50IGlkIiwibm9uY2UiOiJteSBub25jZSIsImdpdmVuX25hbWUiOiJKb2huIiwiZmFtaWx5X25hbWUiOiJzbWl0aCIsImVtYWlsIjoianNtaXRoQGNvbnRvc28uY29tIn0.fwnJuRsif_Td3MfXoyADHidYJyPFdWSBBoLbVAu4Lz3-pmSln9Vgxl5KowqEKq2LX5n0aqyWVGLcoT-_G_PNXuizuNmssv5vreKLvDMpsFXt2irdwGYDCRki7KQPBk3bn12YjBzE2EqiRy7dTEG_0vWoh1RqoNP72BBL8xYQUlIOFleZhT5KGNYbh7rvcmDq7aA-xdaXT3QJfHCHpitW_zVzZ5Gok_awcdx_v3r3eFbG2IT0PfmT40Ljia0aP2i60KgsOLLHarYO51KFNDEfr1pUDf4IweaEzstbVLwk-_5ulJ5QgByhNJrmWDfrGeCQRk0SO2XX-EUsVn5ySVJ5CQ

data/spec/fixtures/id_token_bad_kid.txt

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFiYzEyMzQifQ.eyJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9idW5jaC1vZi1yYW5kb20tY2hhcnMiLCJuYW1lIjoiSm9obiBTbWl0aCIsImF1ZCI6InRoZSBjbGllbnQgaWQiLCJub25jZSI6Im15IG5vbmNlIiwiZ2l2ZW5fbmFtZSI6IkpvaG4iLCJmYW1pbHlfbmFtZSI6InNtaXRoIiwiZW1haWwiOiJqc21pdGhAY29udG9zby5jb20iLCJjX2hhc2giOiI1WEhDdk9qcUgtbnJBXzNXNUJYaWJnIn0.gWGBc9rH30SN17Ikm1CjqIYAyzFHX0yeRQu85sVYLE3r5k26bjS3R6rTJcCQlYqHPRdoPcnkUgT1QVbdThw34ICrODoavs7I5QYEn_jKP9zM4UJEKQaCLBAtitzrk1KDEf0GLcNKif-MYu7MiQfoOzwCGWfIs-vgqk4lv0JUs9OlSLp5LHru7G3jKy6Qswbrpxpjzm9I8BnKEdhUfhz4P6wIf9KLMmhgeGQdQ6wBuxPmOf9r6EKIij2AENhFp1qP90m8kXq9tIt5FZFjwIs_G6spLl0gQXyx0qC8rP5JTkqwrBUieWU-BRqVdax8YxA0iDKzZyfsMV92yVcZT6S_NQ

data/spec/fixtures/id_token_bad_nonce.txt

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFiYzEyMyJ9.eyJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9idW5jaC1vZi1yYW5kb20tY2hhcnMiLCJuYW1lIjoiSm9obiBTbWl0aCIsImF1ZCI6InRoZSBjbGllbnQgaWQiLCJub25jZSI6Im5vdCBteSBub25jZSIsImdpdmVuX25hbWUiOiJKb2huIiwiZmFtaWx5X25hbWUiOiJzbWl0aCIsImVtYWlsIjoianNtaXRoQGNvbnRvc28uY29tIn0.KBSOCiy0sUF33akept9nPNFgmMWxiPWDBVA0dZqQaF6gQkhQu82irAQzB2Ygkh9KDeIEf0MSZWLDq0X3W3Fke4wzjrbzL-2QM4l-KgPFbJixqtJYHSPOidHSCQ8vA0v8kES3H_zqU6QisygwwXLh2ozqKXMnsrBPIAtiZz_a0vPbHtrYbb-WIrtTruMemcTt5OkbfDIttzi5EarakQg93vraIb0jK0szuAqLkXFOzcIIGPgyAvVpHZveqm99GR04tbKyTRIyJP1vZwtIpu89PKFM3soWcWd_kjAWcS81ZTzEn5_P-1QL7YTInK53acNXZHh08Fba3Um4J_KlV2KRjw

data/spec/fixtures/id_token_no_alg.txt

@@ -0,0 +1 @@
+eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFiYzEyMyJ9.eyJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9idW5jaC1vZi1yYW5kb20tY2hhcnMiLCJuYW1lIjoiSm9obiBTbWl0aCIsImF1ZCI6InRoZSBjbGllbnQgaWQiLCJub25jZSI6Im15IG5vbmNlIiwiZ2l2ZW5fbmFtZSI6IkpvaG4iLCJmYW1pbHlfbmFtZSI6InNtaXRoIiwiZW1haWwiOiJqc21pdGhAY29udG9zby5jb20iLCJjX2hhc2giOiJWcFRRaWk1VF84cmd3eEEtV3RiMkJ3In0.Xz9SL1dm9xeJ3YtBIwSpL7SHEMr5lsL32mkJIugoAt7rNhj2ZauN77_N3skU9FIRTVb_XBFHrLo1AXion7RWoOGAMk8xnuQRlhamGoWsjttWE9oO6J6kuQPSDBvLTA88UqLoGNezDwFNfgUFQq-66m33ZWdkiNOFoFZ_In6DtAwxHZZUys-KoYD3iCbviUoBzU57aV-SBsWyComq39pDGpw03qZoa_xgRfujdVHG1DKlO5VG79kUE3ySYWJyBYVKUdAzjH1iotjpPA1svtqytn4CUldAMi4nnf7iq5SCJMb4ucu0mN6AhJH9ktY--fGY6_OidyiDe4F57ZzLw-3jOQ

data/spec/fixtures/x5c.txt

@@ -0,0 +1 @@
+MIIBwzCCAbegAwIBAgIBATADBgEAMDAxEzARBgoJkiaJk_IsZAEZFgNvcmcxGTAXBgoJkiaJk_IsZAEZFglydWJ5LWxhbmcwHhcNMTUwODA2MjMyOTE4WhcNMjUwODAzMjMyOTE4WjAwMRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyunSConbK4z1T47vukPa0OaNcY_R6l8Z0TILR1w5O_YkMbJGRXpZORFPVs83xLoxs7RcPWnibQhQ4G6m6fwEA4rutvOm-3xWyey-OOZdVqpNmxqd2VcCCI6AoUtl8m4w0UFuu-oiELj7BF8cGS5wvHYATEBEY72n_84uu-LF423Ffe8HeMEY00nO3ZVcV9MjFBVps8RAwL62ooXPZyly6fQt4728wlZPs3EMijS-Bj4auokx6ssBooaF9XiZJKKCAe16epbBB9S4XVlNXo6EhZ-PBpMFRJknDwWFFYPVOX3NlBp8chi8VaXmDXqsFJiwkkeIqg4I6WFAM4BsnDInwIDAQABMAMGAQADAQA

data/spec/fixtures/x5c_different.txt

@@ -0,0 +1 @@
+MIIBjTCCAYGgAwIBAgIBATADBgEAMBUxEzARBgoJkiaJk_IsZAEZFgNvcmcwHhcNMTUwODA3MjAyMDU1WhcNMjUwODA0MjAyMDU1WjAVMRMwEQYKCZImiZPyLGQBGRYDb3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8VyE4KHx0GDV6RMYqscBR56lal9uQNYXm_Du8O6-F8Da9Xc0h7O8JWomqFLUEE-0ogMcjzOAiQzTc8X6VhkIBbMCKYA6OQ-hiC3aaYFLNAnxaVThnUJWXxA7spbnKFG1xZK01G8bAx7s7DbbWMHlchebjWprCMkYEjnECXVuDyfkZW-8aHDCtq62JAd-WQL1LN-UkOBCgodTNW2x7e-_KBvPzPSSzYygAh7kCl727QeHwplgA83mQrdecNvYoiEBYOjSKz8bdiKRYjmogGoDv3_W4cY76a9XBZpSoNjBWdWo_w7ce4KbOsi3V0g8EZm9ccKjBPKe9pZYF4aCNQJ6QIDAQABMAMGAQADAQA

data/spec/omniauth/strategies/azure_activedirectory_davevanfleet_spec.rb

@@ -0,0 +1,222 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require 'spec_helper'
+require 'omniauth-azure-activedirectory-davevanfleet'
+
+# This was fairly awkward to test. I've stubbed every endpoint and am simulating
+# the state of the request. Especially large strings are stored in fixtures.
+describe OmniAuth::Strategies::AzureActiveDirectoryDavevanfleet do
+  let(:app) { -> _ { [200, {}, ['Hello world.']] } }
+  let(:x5c) { File.read(File.expand_path('../../../fixtures/x5c.txt', __FILE__)) }
+
+  # These values were used to create the "successful" id_token JWT.
+  let(:client_id) { 'the client id' }
+  let(:code) { 'code' }
+  let(:email) { 'jsmith@contoso.com' }
+  let(:family_name) { 'smith' }
+  let(:given_name) { 'John' }
+  let(:issuer) { 'https://sts.windows.net/bunch-of-random-chars' }
+  let(:kid) { 'abc123' }
+  let(:name) { 'John Smith' }
+  let(:nonce) { 'my nonce' }
+  let(:session_state) { 'session state' }
+  let(:auth_endpoint_host) { 'authorize.com' }
+
+  let(:hybrid_flow_params) do
+    { 'id_token' => id_token,
+      'session_state' => session_state,
+      'code' => code }
+  end
+
+  let(:tenant) { 'tenant' }
+  let(:openid_config_response) { "{\"issuer\":\"#{issuer}\",\"authorization_endpoint\":\"http://#{auth_endpoint_host}\",\"jwks_uri\":\"https://login.windows.net/common/discovery/keys\"}" }
+  let(:keys_response) { "{\"keys\":[{\"kid\":\"#{kid}\",\"x5c\":[\"#{x5c}\"]}]}" }
+
+  let(:env) { { 'rack.session' => { 'omniauth-azure-activedirectory.nonce' => nonce } } }
+
+  before(:each) do
+    stub_request(:get, "https://login.windows.net/#{tenant}/.well-known/openid-configuration")
+      .to_return(status: 200, body: openid_config_response)
+    stub_request(:get, 'https://login.windows.net/common/discovery/keys')
+      .to_return(status: 200, body: keys_response)
+  end
+
+  describe '#callback_phase' do
+    let(:request) { double('Request', params: hybrid_flow_params, path_info: 'path') }
+    let(:strategy) do
+      described_class.new(app, client_id, tenant).tap do |s|
+        allow(s).to receive(:request) { request }
+      end
+    end
+
+    subject { -> { strategy.callback_phase } }
+    before(:each) { strategy.call!(env) }
+
+    context 'with a successful response' do
+      # payload:
+      #   { 'iss' => 'https://sts.windows.net/bunch-of-random-chars',
+      #     'name' => 'John Smith',
+      #     'aud' => 'the client id',
+      #     'nonce' => 'my nonce',
+      #     'email' => 'jsmith@contoso.com',
+      #     'given_name' => 'John',
+      #     'family_name' => 'Smith' }
+      # headers:
+      #   { 'typ' => 'JWT',
+      #     'alg' => 'RS256',
+      #     'kid' => 'abc123' }
+      #
+      let(:id_token) { File.read(File.expand_path('../../../fixtures/id_token.txt', __FILE__)) }
+
+      # If it passes this test, then the id was successfully validated.
+      it { is_expected.to_not raise_error }
+
+      describe 'the auth hash' do
+        before(:each) { strategy.callback_phase }
+
+        subject { env['omniauth.auth'] }
+
+        it 'should contain the name' do
+          expect(subject.info['name']).to eq name
+        end
+
+        it 'should contain the first name' do
+          expect(subject.info['first_name']).to eq given_name
+        end
+
+        it 'should contain the last name' do
+          expect(subject.info['last_name']).to eq family_name
+        end
+
+        it 'should contain the email' do
+          expect(subject.info['email']).to eq email
+        end
+
+        it 'should contain the auth code' do
+          expect(subject.credentials['code']).to eq code
+        end
+
+        it 'should contain the session state' do
+          expect(subject.extra['session_state']).to eq session_state
+        end
+      end
+    end
+
+    context 'with an invalid issuer' do
+      # payload:
+      #   { 'iss' => 'https://sts.imposter.net/bunch-of-random-chars', ... }
+      #
+      let(:id_token) { File.read(File.expand_path('../../../fixtures/id_token_bad_issuer.txt', __FILE__)) }
+      it { is_expected.to raise_error JWT::InvalidIssuerError }
+    end
+
+    context 'with an invalid audience' do
+      # payload:
+      #   { 'aud' => 'not the client id', ... }
+      #
+      let(:id_token) { File.read(File.expand_path('../../../fixtures/id_token_bad_audience.txt', __FILE__)) }
+      it { is_expected.to raise_error JWT::InvalidAudError }
+    end
+
+    context 'with a non-matching nonce' do
+      # payload:
+      #   { 'nonce' => 'not my nonce', ... }
+      #
+      let(:id_token) { File.read(File.expand_path('../../../fixtures/id_token_bad_nonce.txt', __FILE__)) }
+      it { is_expected.to raise_error JWT::DecodeError }
+    end
+
+    context 'with the wrong x5c' do
+      let(:x5c) { File.read(File.expand_path('../../../fixtures/x5c_different.txt', __FILE__)) }
+      let(:id_token) { File.read(File.expand_path('../../../fixtures/id_token.txt', __FILE__)) }
+      it { is_expected.to raise_error JWT::VerificationError }
+    end
+
+    context 'with a non-matching c_hash' do
+      let(:id_token) { File.read(File.expand_path('../../../fixtures/id_token_bad_chash.txt', __FILE__)) }
+      it { is_expected.to raise_error JWT::VerificationError }
+    end
+
+    context 'with a non-matching kid' do
+      let(:id_token) { File.read(File.expand_path('../../../fixtures/id_token_bad_kid.txt', __FILE__)) }
+      it { is_expected.to raise_error JWT::VerificationError }
+    end
+
+    context 'with no alg header' do
+      let(:id_token) { File.read(File.expand_path('../../../fixtures/id_token_no_alg.txt', __FILE__)) }
+
+      it 'should correctly parse using default RS256' do
+        expect(subject).to_not raise_error
+      end
+
+      describe 'the auth hash' do
+        subject { env['omniauth.auth'] }
+        before(:each) { strategy.callback_phase }
+
+        it 'should default to RS256' do
+          expect(subject.info['name']).to eq name
+        end
+      end
+    end
+  end
+
+  describe '#request_phase' do
+    let(:strategy) { described_class.new(app, client_id, tenant) }
+    subject { strategy.request_phase }
+    before(:each) { strategy.call!(env) }
+
+    it 'should make a redirect' do
+      expect(subject.first).to eq 302
+    end
+
+    it 'should redirect to the correct endpoint' do
+      expect(URI(subject[1]['Location']).host).to eq auth_endpoint_host
+    end
+  end
+
+  describe '#read_nonce' do
+    let(:strategy) { described_class.new(app, client_id, tenant) }
+    let(:env) { { 'rack.session' => {} } }
+    before(:each) { strategy.call!(env) }
+    subject { strategy.send(:read_nonce) }
+
+    context 'before a nonce is set' do
+      it { is_expected.to be nil }
+    end
+
+    context 'after a nonce is set' do
+      before(:each) { @nonce = strategy.send(:new_nonce) }
+      it 'should match' do
+        expect(subject).to eq @nonce
+      end
+    end
+
+    context 'twice in a row' do
+      before(:each) do
+        strategy.send(:new_nonce)
+        strategy.send(:read_nonce)
+      end
+      it { is_expected.to be nil }
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,44 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require 'webmock/rspec'
+require 'simplecov'
+
+SimpleCov.start do
+  # Don't measure coverage on test files.
+  add_filter 'spec'
+end
+
+WebMock.disable_net_connect!(allow_localhost: true)
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |expectations|
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
+
+  config.warnings = true
+  config.order = :random
+end

metadata

@@ -0,0 +1,245 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-azure-activedirectory-davevanfleet
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Microsoft Corporation
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-03-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.7.1
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+description: Allows developers to authenticate to AAD
+email: nugetaad@microsoft.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- ".rubocop_todo.yml"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- RELEASES.md
+- Rakefile
+- examples/rails-todo-list-app/.gitignore
+- examples/rails-todo-list-app/Gemfile
+- examples/rails-todo-list-app/README.md
+- examples/rails-todo-list-app/Rakefile
+- examples/rails-todo-list-app/app/assets/javascripts/application.js
+- examples/rails-todo-list-app/app/assets/stylesheets/application.css
+- examples/rails-todo-list-app/app/controllers/application_controller.rb
+- examples/rails-todo-list-app/app/controllers/home_controller.rb
+- examples/rails-todo-list-app/app/controllers/profile_controller.rb
+- examples/rails-todo-list-app/app/controllers/sessions_controller.rb
+- examples/rails-todo-list-app/app/controllers/signed_in_controller.rb
+- examples/rails-todo-list-app/app/controllers/tasks_controller.rb
+- examples/rails-todo-list-app/app/models/task.rb
+- examples/rails-todo-list-app/app/models/user.rb
+- examples/rails-todo-list-app/app/views/home/index.html.haml
+- examples/rails-todo-list-app/app/views/layouts/application.html.haml
+- examples/rails-todo-list-app/app/views/layouts/signed_in.html.haml
+- examples/rails-todo-list-app/app/views/profile/index.html.haml
+- examples/rails-todo-list-app/app/views/tasks/index.html.haml
+- examples/rails-todo-list-app/bin/bundle
+- examples/rails-todo-list-app/bin/rails
+- examples/rails-todo-list-app/bin/rake
+- examples/rails-todo-list-app/bin/setup
+- examples/rails-todo-list-app/config.ru
+- examples/rails-todo-list-app/config/application.rb
+- examples/rails-todo-list-app/config/boot.rb
+- examples/rails-todo-list-app/config/database.yml
+- examples/rails-todo-list-app/config/environment.rb
+- examples/rails-todo-list-app/config/environments/development.rb
+- examples/rails-todo-list-app/config/environments/production.rb
+- examples/rails-todo-list-app/config/environments/test.rb
+- examples/rails-todo-list-app/config/initializers/assets.rb
+- examples/rails-todo-list-app/config/initializers/backtrace_silencers.rb
+- examples/rails-todo-list-app/config/initializers/cookies_serializer.rb
+- examples/rails-todo-list-app/config/initializers/filter_parameter_logging.rb
+- examples/rails-todo-list-app/config/initializers/inflections.rb
+- examples/rails-todo-list-app/config/initializers/mime_types.rb
+- examples/rails-todo-list-app/config/initializers/omniauth.rb
+- examples/rails-todo-list-app/config/initializers/session_store.rb
+- examples/rails-todo-list-app/config/initializers/wrap_parameters.rb
+- examples/rails-todo-list-app/config/routes.rb
+- examples/rails-todo-list-app/config/secrets.yml
+- examples/rails-todo-list-app/db/schema.rb
+- examples/rails-todo-list-app/public/404.html
+- examples/rails-todo-list-app/public/422.html
+- examples/rails-todo-list-app/public/500.html
+- examples/rails-todo-list-app/public/favicon.ico
+- examples/sinatra-multiple-providers-app/.env
+- examples/sinatra-multiple-providers-app/Gemfile
+- examples/sinatra-multiple-providers-app/README.md
+- examples/sinatra-multiple-providers-app/app.rb
+- examples/sinatra-multiple-providers-app/config.ru
+- lib/omniauth-azure-activedirectory-davevanfleet.rb
+- lib/omniauth/azure_activedirectory_davevanfleet.rb
+- lib/omniauth/azure_activedirectory_davevanfleet/version.rb
+- lib/omniauth/strategies/azure_activedirectory_davevanfleet.rb
+- omniauth-azure-activedirectory-davevanfleet.gemspec
+- spec/fixtures/id_token.txt
+- spec/fixtures/id_token_bad_audience.txt
+- spec/fixtures/id_token_bad_chash.txt
+- spec/fixtures/id_token_bad_issuer.txt
+- spec/fixtures/id_token_bad_kid.txt
+- spec/fixtures/id_token_bad_nonce.txt
+- spec/fixtures/id_token_no_alg.txt
+- spec/fixtures/x5c.txt
+- spec/fixtures/x5c_different.txt
+- spec/omniauth/strategies/azure_activedirectory_davevanfleet_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/AzureAD/omniauth-azure-activedirectory
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.3
+signing_key:
+specification_version: 4
+summary: Azure Active Directory strategy for OmniAuth
+test_files: []