omniauth-globus 0.8.7 → 0.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7cfa88e79b566cff87e814f8af69380dc2473fa7ca9e66c443fe6cde1d30e824
-  data.tar.gz: 11be01521bd7d5f5db73db1ad702bf198527c479d6a7e3bcde57139dc50763e8
+  metadata.gz: 456ad610a82e6dc94363def45d38967c3535dfe969e3c8f5cce783a9b8d9e5dc
+  data.tar.gz: 68b56ca539f3d5a5b7af8b870718975b9432dd7c1c2c81e67a54e7c60f155d19
 SHA512:
-  metadata.gz: 9fe457d52d7509efbb253bbd76e89948502a3cdae387d870e491a2d4fe42f72626d590de9e69bac3aa298209dfd05de07efb34e8b07db48d26498c4dcb441769
-  data.tar.gz: 96f098e039d385bceebacca23dbf8a87ba9e05351e973df11919cfc15c21dcc40d8bf39da4e96c2e4151d5df78dd64f26b776d47b6086d648ab245ff8b39dbf1
+  metadata.gz: dca8d521552579f8630dbf03bfcc93b27e98adc83c1212a3ab336caf6c292d7baf9758ea86722dae7b02aae3e6805340de1c2b54265a9702d1026ceff184ee7a
+  data.tar.gz: 247c8315f638c1a08ed7179ad33033feff1f2bfb11c63419abdc7ae391ec68f87e6a6cfd6809c5edf1cd8597ea62d8949038b8e57f621294bb1678f816b5965b

data/.github/workflows/build.yml

@@ -0,0 +1,37 @@
+name: Build Ruby Gem
+
+on:
+  push:
+    branches:
+      - "master"
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.6
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.6.x
+
+    - name: Build and test
+      run: |
+        gem install bundler
+        bundle install
+        bundle exec rspec
+
+    - name: Publish code coverage
+      uses: paambaati/codeclimate-action@v2.7.4
+      env:
+        CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
+
+    - name: Notify Slack
+      uses: adamkdean/simple-slack-notify@1.0.4
+      with:
+        channel: '#ops'
+        username: 'GitHub Actions'
+        color: 'good'
+        text: 'A new version of the omniauth_globus gem has been built.'
+

data/.github/workflows/changelog.yml

@@ -0,0 +1,36 @@
+name: Changelog
+
+on:
+  pull_request:
+    types: [closed]
+
+  release:
+    types: [published]
+
+  issues:
+    types: [closed, edited]
+
+jobs:
+  generate_changelog:
+    runs-on: ubuntu-latest
+    name: Generate changelog
+    steps:
+      - uses: actions/checkout@v1
+
+      - name: Generate changelog
+        uses: charmixer/auto-changelog-action@v1.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Commit files
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git add CHANGELOG.md && git commit -m 'Updated CHANGELOG.md'
+
+      - name: Push changes
+        uses: ad-m/github-push-action@v0.6.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          branch: 'refs/heads/master'
+          tags: false

data/.github/workflows/release.yml

@@ -0,0 +1,47 @@
+name: Release Ruby Gem
+
+on:
+  release:
+    types: [published]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.6
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.6.x
+
+    - name: Build and test
+      run: |
+        gem install bundler
+        bundle install
+        bundle exec rspec spec
+
+    - name: Code Climate Test Reporter
+      uses: aktions/codeclimate-test-reporter@v1
+      with:
+        codeclimate-test-reporter-id: ${{ secrets.CC_TEST_REPORTER_ID }}
+        command: after-build
+
+    - name: Publish to RubyGems
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem build *.gemspec
+        gem push *.gem
+      env:
+        GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
+
+    - name: Notify Slack
+      uses: adamkdean/simple-slack-notify@1.0.4
+      with:
+        channel: '#ops'
+        username: 'GitHub Actions'
+        color: 'good'
+        text: 'A new version of the omniauth_globus gem has been released.'

data/.rubocop.yml

@@ -10,12 +10,6 @@ AllCops:
 Style/AndOr:
   Enabled: true
 
-# Do not use braces for hash literals when they are the last argument of a
-# method call.
-Style/BracesAroundHashParameters:
-  Enabled: true
-  EnforcedStyle: context_dependent
-
 # Align `when` with `case`.
 Layout/CaseIndentation:
   Enabled: true
@@ -52,7 +46,7 @@ Layout/EmptyLinesAroundMethodBody:
 Layout/EmptyLinesAroundModuleBody:
   Enabled: true
 
-Layout/IndentFirstArgument:
+Layout/FirstArgumentIndentation:
   Enabled: true
 
 # Use Ruby >= 1.9 syntax for hashes. Prefer { a: :b } over { :a => :b }.
@@ -144,11 +138,11 @@ Style/StringLiterals:
   EnforcedStyle: double_quotes
 
 # Detect hard tabs, no hard tabs.
-Layout/Tab:
+Layout/IndentationStyle:
   Enabled: true
 
 # Blank lines should not have any spaces.
-Layout/TrailingBlankLines:
+Layout/TrailingEmptyLines:
   Enabled: true
 
 # No trailing whitespace.
@@ -156,7 +150,7 @@ Layout/TrailingWhitespace:
   Enabled: true
 
 # Use quotes for string literals when they are enough.
-Style/UnneededPercentQ:
+Style/RedundantPercentQ:
   Enabled: true
 
 Lint/AmbiguousOperator:
@@ -175,7 +169,7 @@ Lint/RequireParentheses:
 Lint/ShadowingOuterLocalVariable:
   Enabled: true
 
-Lint/StringConversionInInterpolation:
+Lint/RedundantStringCoercion:
   Enabled: true
 
 Lint/UriEscapeUnescape:

data/Gemfile

@@ -1,4 +1,6 @@
-source 'https://rubygems.org'
+# frozen_string_literal: true
+
+source "https://rubygems.org"
 
 # Specify your gem's dependencies in omniauth-github.gemspec
 gemspec

data/Gemfile.lock

@@ -1,9 +1,9 @@
 PATH
   remote: .
   specs:
-    omniauth-globus (0.8.7)
+    omniauth-globus (0.9.1)
       jwt (~> 2.0)
-      omniauth (~> 1.9)
+      omniauth (>= 1.9)
       omniauth-oauth2 (~> 1.6)
 
 GEM
@@ -11,72 +11,87 @@ GEM
   specs:
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    ast (2.4.0)
+    ast (2.4.2)
     codeclimate-test-reporter (1.0.9)
       simplecov (<= 0.13)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    diff-lcs (1.3)
+    crack (0.4.5)
+      rexml
+    diff-lcs (1.4.4)
     docile (1.1.5)
-    faraday (0.15.4)
+    faraday (1.4.1)
+      faraday-excon (~> 1.1)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.1)
       multipart-post (>= 1.2, < 3)
-    hashdiff (1.0.0)
-    hashie (3.6.0)
-    jaro_winkler (1.5.3)
-    json (2.2.0)
-    jwt (2.2.1)
-    multi_json (1.13.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-excon (1.1.0)
+    faraday-net_http (1.0.1)
+    faraday-net_http_persistent (1.1.0)
+    hashdiff (1.0.1)
+    hashie (4.1.0)
+    json (2.5.1)
+    jwt (2.2.3)
+    multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    oauth2 (1.4.1)
-      faraday (>= 0.8, < 0.16.0)
+    oauth2 (1.4.7)
+      faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    omniauth (1.9.0)
-      hashie (>= 3.4.6, < 3.7.0)
+    omniauth (2.0.4)
+      hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.9)
-    parallel (1.17.0)
-    parser (2.6.4.0)
-      ast (~> 2.4.0)
-    public_suffix (4.0.1)
-    rack (2.0.7)
+      rack-protection
+    omniauth-oauth2 (1.7.1)
+      oauth2 (~> 1.4)
+      omniauth (>= 1.9, < 3)
+    parallel (1.20.1)
+    parser (3.0.1.1)
+      ast (~> 2.4.1)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rack-protection (2.1.0)
+      rack
     rack-test (0.6.3)
       rack (>= 1.0)
     rainbow (3.0.0)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.2)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.4)
+    regexp_parser (2.1.1)
+    rexml (3.2.5)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.2)
-    rubocop (0.74.0)
-      jaro_winkler (~> 1.5.1)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    rubocop (0.93.1)
       parallel (~> 1.10)
-      parser (>= 2.6)
+      parser (>= 2.7.1.5)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8)
+      rexml
+      rubocop-ast (>= 0.6.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
-    ruby-progressbar (1.10.1)
-    safe_yaml (1.0.5)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (1.5.0)
+      parser (>= 3.0.1.1)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.4)
     simplecov (0.13.0)
       docile (~> 1.1.0)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    unicode-display_width (1.6.0)
-    webmock (3.7.2)
+    unicode-display_width (1.7.0)
+    webmock (3.12.2)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)

data/README.md

@@ -1,5 +1,6 @@
 # omniauth-globus
 
+[![Identifier](https://img.shields.io/badge/doi-10.14454%2F81gp--9y63-fca709.svg)](https://doi.org/10.14454/81gp-9y63)
 [![Gem Version](https://badge.fury.io/rb/omniauth-globus.svg)](https://badge.fury.io/rb/omniauth-globus)
 [![Build Status](https://travis-ci.com/datacite/omniauth-globus.svg?branch=master)](https://travis-ci.com/datacite/omniauth-globus)
 [![Test Coverage](https://api.codeclimate.com/v1/badges/13f9467872e9a688e9cb/test_coverage)](https://codeclimate.com/github/datacite/omniauth-globus/test_coverage)

data/codemeta.json

@@ -0,0 +1,38 @@
+{
+  "@context": "https://raw.githubusercontent.com/codemeta/codemeta/master/codemeta.jsonld",
+  "@type": "SoftwareSourceCode",
+  "@id": "https://doi.org/10.14454/81gp-9y63",
+  "agents": {
+    "@id": "http://orcid.org/0000-0003-1419-2405",
+    "@type": "person",
+    "name": "Martin Fenner",
+    "affiliation": "DataCite",
+    "mustBeCited": true,
+    "isMaintainer": true,
+    "isRightsHolder": true
+  },
+  "identifier": "https://doi.org/10.14454/81gp-9y63",
+  "codeRepository": "https://github.com/datacite/omniauth-globus",
+  "controlledTem": "software",
+  "dateCreated": "2019-09-11",
+  "datePublished": "2019-09-11",
+  "dateModified": "2019-09-11",
+  "description": "Globus OAuth 2.0 Strategy for the OmniAuth Ruby authentication framework, with support for OpenID Connect. Provides basic support for authenticating a client application via the Globus service.",
+  "isAutomatedBuild": true,
+  "licenseId": "MIT",
+  "publisher": "DataCite",
+  "tags": [
+    "omniauth",
+    "devise",
+    "globus",
+    "openid connect",
+    "authentication"
+  ],
+  "title": "Omniauth-globus: authenticate a Ruby client application via OpenID Connect and the Globus service.",
+  "programmingLanguage": {
+    "name": "Ruby",
+    "version": "≥ 2.3.",
+    "URL": "https://www.ruby-lang.org"
+  },
+  "readme": "https://github.com/datacite/omniauth-globus/blob/master/README.md"
+}

data/lib/omniauth-globus.rb

@@ -1 +1,3 @@
-require 'omniauth/globus'
+# frozen_string_literal: true
+
+require "omniauth/globus"

data/lib/omniauth/globus.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require 'omniauth/strategies/globus'
+require "omniauth/strategies/globus"

data/lib/omniauth/globus/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module Globus
-    VERSION = "0.8.7"
+    VERSION = "0.9.1"
   end
 end

data/lib/omniauth/strategies/globus.rb

@@ -12,9 +12,9 @@ module OmniAuth
       option :scope, "openid profile email"
       option :authorize_options, %i[access_type login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes openid_realm device_id device_name]
 
-      option(:client_options, site: 'https://auth.globus.org',
-                              authorize_url: 'https://auth.globus.org/v2/oauth2/authorize',
-                              token_url: 'https://auth.globus.org/v2/oauth2/token',
+      option(:client_options, site: "https://auth.globus.org",
+                              authorize_url: "https://auth.globus.org/v2/oauth2/authorize",
+                              token_url: "https://auth.globus.org/v2/oauth2/token",
                               discovery_endpoint: "https://auth.globus.org/.well-known/openid-configuration",
                               authorization_endpoint: "https://auth.globus.org/v2/oauth2/authorize",
                               token_endpoint: "https://auth.globus.org/v2/oauth2/token",
@@ -25,33 +25,33 @@ module OmniAuth
       def authorize_params
         super.tap do |params|
           options[:authorize_options].each do |k|
-            params[k] = request.params[k.to_s] unless [nil, ''].include?(request.params[k.to_s])
+            params[k] = request.params[k.to_s] unless [nil, ""].include?(request.params[k.to_s])
           end
 
           params[:scope] = get_scope(params)
-          params[:access_type] = 'offline' if params[:access_type].nil?
-          params['openid.realm'] = params.delete(:openid_realm) unless params[:openid_realm].nil?
+          params[:access_type] = "offline" if params[:access_type].nil?
+          params["openid.realm"] = params.delete(:openid_realm) unless params[:openid_realm].nil?
 
-          session['omniauth.state'] = params[:state] if params[:state]
+          session["omniauth.state"] = params[:state] if params[:state]
         end
       end
 
-      uid { raw_info['sub'] }
+      uid { raw_info["sub"] }
 
       info do
         prune!(
-          name: raw_info['name'],
-          first_name: raw_info['given_name'],
-          last_name: raw_info['family_name'],
-          email: raw_info['email']
+          name: raw_info["name"],
+          first_name: raw_info["given_name"],
+          last_name: raw_info["family_name"],
+          email: raw_info["email"]
         )
       end
 
       extra do
         hash = {}
-        hash[:id_token] = access_token['id_token']
-        if !access_token['id_token'].nil?
-          decoded = ::JWT.decode(access_token['id_token'], nil, false).first
+        hash[:id_token] = access_token["id_token"]
+        if !access_token["id_token"].nil?
+          decoded = ::JWT.decode(access_token["id_token"], nil, false).first
 
           # We have to manually verify the claims because the third parameter to
           # JWT.decode is false since no verification key is provided.
@@ -78,77 +78,77 @@ module OmniAuth
 
       private
 
-      def callback_url
-        options[:redirect_uri] || (full_host + script_name + callback_path)
-      end
+        def callback_url
+          options[:redirect_uri] || (full_host + script_name + callback_path)
+        end
 
-      def get_access_token(request)
-        verifier = request.params['code']
-        redirect_uri = request.params['redirect_uri']
-        if verifier && request.xhr?
-          client_get_token(verifier, redirect_uri || 'postmessage')
-        elsif verifier
-          client_get_token(verifier, redirect_uri || callback_url)
-        elsif verify_token(request.params['access_token'])
-          ::OAuth2::AccessToken.from_hash(client, request.params.dup)
-        elsif request.content_type =~ /json/i
-          begin
-            body = JSON.parse(request.body.read)
-            request.body.rewind # rewind request body for downstream middlewares
-            verifier = body && body['code']
-            client_get_token(verifier, 'postmessage') if verifier
-          rescue JSON::ParserError => e
-            warn "[omniauth globus] JSON parse error=#{e}"
+        def get_access_token(request)
+          verifier = request.params["code"]
+          redirect_uri = request.params["redirect_uri"]
+          if verifier && request.xhr?
+            client_get_token(verifier, redirect_uri || "postmessage")
+          elsif verifier
+            client_get_token(verifier, redirect_uri || callback_url)
+          elsif verify_token(request.params["access_token"])
+            ::OAuth2::AccessToken.from_hash(client, request.params.dup)
+          elsif request.content_type =~ /json/i
+            begin
+              body = JSON.parse(request.body.read)
+              request.body.rewind # rewind request body for downstream middlewares
+              verifier = body && body["code"]
+              client_get_token(verifier, "postmessage") if verifier
+            rescue JSON::ParserError => e
+              warn "[omniauth globus] JSON parse error=#{e}"
+            end
           end
         end
-      end
 
-      def client_get_token(verifier, redirect_uri)
-        client.auth_code.get_token(verifier, get_token_options(redirect_uri), get_token_params)
-      end
+        def client_get_token(verifier, redirect_uri)
+          client.auth_code.get_token(verifier, get_token_options(redirect_uri), get_token_params)
+        end
 
-      def get_token_params
-        deep_symbolize(options.auth_token_params || {})
-      end
+        def get_token_params
+          deep_symbolize(options.auth_token_params || {})
+        end
 
-      def get_scope(params)
-        raw_scope = params[:scope] || options.scope
-        scope_list = raw_scope.split(" ").map { |item| item.split(",") }.flatten
-        scope_list.join(" ")
-      end
+        def get_scope(params)
+          raw_scope = params[:scope] || options.scope
+          scope_list = raw_scope.split(" ").map { |item| item.split(",") }.flatten
+          scope_list.join(" ")
+        end
 
-      def get_token_options(redirect_uri = "")
-        { redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
-      end
+        def get_token_options(redirect_uri = "")
+          { redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
+        end
 
-      def prune!(hash)
-        hash.delete_if do |_, v|
-          prune!(v) if v.is_a?(Hash)
-          v.nil? || (v.respond_to?(:empty?) && v.empty?)
+        def prune!(hash)
+          hash.delete_if do |_, v|
+            prune!(v) if v.is_a?(Hash)
+            v.nil? || (v.respond_to?(:empty?) && v.empty?)
+          end
         end
-      end
 
-      def strip_unnecessary_query_parameters(query_parameters)
-        # strip `sz` parameter (defaults to sz=50) which overrides `image_size` options
-        return nil if query_parameters.nil?
+        def strip_unnecessary_query_parameters(query_parameters)
+          # strip `sz` parameter (defaults to sz=50) which overrides `image_size` options
+          return nil if query_parameters.nil?
 
-        params = CGI.parse(query_parameters)
-        stripped_params = params.delete_if { |key| key == 'sz' }
+          params = CGI.parse(query_parameters)
+          stripped_params = params.delete_if { |key| key == "sz" }
 
-        # don't return an empty Hash since that would result
-        # in URLs with a trailing ? character: http://image.url?
-        return nil if stripped_params.empty?
+          # don't return an empty Hash since that would result
+          # in URLs with a trailing ? character: http://image.url?
+          return nil if stripped_params.empty?
 
-        URI.encode_www_form(stripped_params)
-      end
+          URI.encode_www_form(stripped_params)
+        end
 
-      def verify_token(access_token)
-        return false unless access_token
+        def verify_token(access_token)
+          return false unless access_token
 
-        raw_response = client.request(:get, options.client_options.userinfo_endpoint,
-                                      params: { access_token: access_token }).parsed
-        raw_response["aud"] == options.client_id
-      end
+          raw_response = client.request(:get, options.client_options.userinfo_endpoint,
+                                        params: { access_token: access_token }).parsed
+          raw_response["aud"] == options.client_id
+        end
     end
   end
 end