omniauth-google-oauth2 0.2.9 → 0.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +0 -1
  3. data/CHANGELOG.md +14 -0
  4. data/lib/omniauth/google_oauth2/version.rb +1 -1
  5. data/lib/omniauth/strategies/google_oauth2.rb +5 -8
  6. data/spec/omniauth/strategies/google_oauth2_spec.rb +10 -10
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0643ee95f8a2b03be985a1a23c4d714bcb260f24
4
- data.tar.gz: 9a4aa200d91bde859d5a65acbea094f388028903
3
+ metadata.gz: 3ede9c8b2ed21745e5e2455baa4bffa9b080a5af
4
+ data.tar.gz: 5a7c985d8e1940b7cf07ab4dcf8025491ec69e38
5
5
  SHA512:
6
- metadata.gz: 2938e8c5d8be4d46e0f46bd709417829a249f586d26b1ef63bed5612b0c4fc70d2bbcec9ee70b1249b4f9ea4dd5ca3b06901e2b89478d94daa551bc77c7d20d6
7
- data.tar.gz: f7e105d0d91ca5e0aa7404ecf73320204941874bf9532e0d549897b835633cc6f097b4f061174c8f1a8a94a37d8821fc5ce3d6a1a76eaf590e772596d77f5b18
6
+ metadata.gz: 4d52a2e108594667e40b2334d7d5fdf3624ca2390cb7099b663747586765dc0ee0ba7527578fd4db43e2b16d82a703701be07346eef148c32e2e2e7fdfa45bb8
7
+ data.tar.gz: 06ec6644022308248167bceea0ff590b6964b24dd548497610ac28a6bd5cad64b38948caa8ca21ca4cf5a94566bfb6b9f595c5311375461ecd8d005c4eb33c7f
data/.travis.yml CHANGED
@@ -2,7 +2,6 @@ before_install:
2
2
  - gem update --system 2.1.11
3
3
  language: ruby
4
4
  rvm:
5
- - "1.8.7"
6
5
  - "1.9.2"
7
6
  - "1.9.3"
8
7
  - "2.0.0"
data/CHANGELOG.md CHANGED
@@ -1,6 +1,20 @@
1
1
  # Changelog
2
2
  All notable changes to this project will be documented in this file.
3
3
 
4
+ ## 0.2.10 - 2015-11-05
5
+
6
+ ### Added
7
+ - Nothing.
8
+
9
+ ### Deprecated
10
+ - Nothing.
11
+
12
+ ### Removed
13
+ - Removed some checks on the id_token. Now only parses the id_token in the JWT processing.
14
+
15
+ ### Fixed
16
+ - Nothing.
17
+
4
18
  ## 0.2.9 - 2015-10-29
5
19
 
6
20
  ### Added
data/lib/omniauth/google_oauth2/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module GoogleOauth2
3
- VERSION = "0.2.9"
3
+ VERSION = "0.2.10"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/google_oauth2.rb CHANGED
@@ -97,7 +97,7 @@ module OmniAuth
97
97
  verifier = request.params['code']
98
98
  redirect_uri = request.params['redirect_uri']
99
99
  client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
100
- elsif verify_token(request.params['id_token'], request.params['access_token'])
100
+ elsif verify_token(request.params['access_token'])
101
101
  ::OAuth2::AccessToken.from_hash(client, request.params.dup)
102
102
  else
103
103
  orig_build_access_token
@@ -169,13 +169,10 @@ module OmniAuth
169
169
  query_hash
170
170
  end
171
171
 
172
- def verify_token(id_token, access_token)
173
- return false unless (id_token && access_token)
174
-
175
- raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v2/tokeninfo', :params => {
176
- :id_token => id_token,
177
- :access_token => access_token
178
- }).parsed
172
+ def verify_token(access_token)
173
+ return false unless access_token
174
+ raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v2/tokeninfo',
175
+ params: { access_token: access_token }).parsed
179
176
  raw_response['issued_to'] == options.client_id
180
177
  end
181
178
  end
data/spec/omniauth/strategies/google_oauth2_spec.rb CHANGED
@@ -521,8 +521,8 @@ describe OmniAuth::Strategies::GoogleOauth2 do
521
521
 
522
522
  it 'should read access_token from hash if this is not an AJAX request with a code parameter' do
523
523
  allow(request).to receive(:xhr?).and_return(false)
524
- allow(request).to receive(:params).and_return('id_token' => 'valid_id_token', 'access_token' => 'valid_access_token')
525
- expect(subject).to receive(:verify_token).with('valid_id_token', 'valid_access_token').and_return true
524
+ allow(request).to receive(:params).and_return('access_token' => 'valid_access_token')
525
+ expect(subject).to receive(:verify_token).with('valid_access_token').and_return true
526
526
  expect(subject).to receive(:client).and_return(:client)
527
527
 
528
528
  token = subject.build_access_token
@@ -544,7 +544,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
544
544
  subject.options.client_options[:connection_build] = proc do |builder|
545
545
  builder.request :url_encoded
546
546
  builder.adapter :test do |stub|
547
- stub.get('/oauth2/v2/tokeninfo?id_token=valid_id_token&access_token=valid_access_token') do |env|
547
+ stub.get('/oauth2/v2/tokeninfo?access_token=valid_access_token') do |env|
548
548
  [200, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(
549
549
  :issued_to => '000000000000.apps.googleusercontent.com',
550
550
  :audience => '000000000000.apps.googleusercontent.com',
@@ -556,25 +556,25 @@ describe OmniAuth::Strategies::GoogleOauth2 do
556
556
  :access_type => 'online'
557
557
  )]
558
558
  end
559
- stub.get('/oauth2/v2/tokeninfo?id_token=invalid_id_token&access_token=invalid_access_token') do |env|
559
+ stub.get('/oauth2/v2/tokeninfo?access_token=invalid_access_token') do |env|
560
560
  [400, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(:error_description => 'Invalid Value')]
561
561
  end
562
562
  end
563
563
  end
564
564
  end
565
565
 
566
- it 'should verify token if access_token and id_token are valid and app_id equals' do
566
+ it 'should verify token if access_token is valid and app_id equals' do
567
567
  subject.options.client_id = '000000000000.apps.googleusercontent.com'
568
- expect(subject.send(:verify_token, 'valid_id_token', 'valid_access_token')).to eq(true)
568
+ expect(subject.send(:verify_token, 'valid_access_token')).to eq(true)
569
569
  end
570
570
 
571
- it 'should not verify token if access_token and id_token are valid but app_id is false' do
572
- expect(subject.send(:verify_token, 'valid_id_token', 'valid_access_token')).to eq(false)
571
+ it 'should not verify token if access_token is valid but app_id is false' do
572
+ expect(subject.send(:verify_token, 'valid_access_token')).to eq(false)
573
573
  end
574
574
 
575
- it 'should raise error if access_token or id_token is invalid' do
575
+ it 'should raise error if access_token is invalid' do
576
576
  expect {
577
- subject.send(:verify_token, 'invalid_id_token', 'invalid_access_token')
577
+ subject.send(:verify_token, 'invalid_access_token')
578
578
  }.to raise_error(OAuth2::Error)
579
579
  end
580
580
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-google-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.9
4
+ version: 0.2.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Ellithorpe
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2015-10-29 00:00:00.000000000 Z
12
+ date: 2015-11-05 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth