omniauth-google-oauth2 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6b57c40e8b39a0932e633667e017b25c97d3d180
-  data.tar.gz: d6f8aa07b0c1b3ca79aa00a84612952e2f353393
+  metadata.gz: d95dd15d4421affbdbb9e1b1d42c1f58052f28ac
+  data.tar.gz: a524b2d381c0a30db4e4a8e606be5b6e95e9ea0e
 SHA512:
-  metadata.gz: 7c3664503247fc376a4ec1ea968ae68f15ff6020c178fdf57b50c4320858a184fc41b30fca322f021e525e5f62a317a3c568fe02b5ec3934ef63ca26ec0e8163
-  data.tar.gz: ccbda37d179cd87d31f92a60564120d6fca75013c990ec87583155e81bd8a51ee3f163a69d86929e38e3f151970d61327c007a670df532d4c430d67dc43ee82d
+  metadata.gz: 589d9c83dd9d3cff125d7e76e29a6dd4f99737418473eb73ebd95a55711aceb7c32ca4c63ebf8a6aa1736241119bd498f494f95d3aaa5ec0aa3199fcb21001be
+  data.tar.gz: 706f8c2c4f95f1d7575f0ebe7dea5eb08ea49bec4c86481fc075f0bfd4175e97cb1ef33cbf75b3bea8cd8cd35c101bdd4a8bb8a6c7dbde2c422523b6a927b50f

data/.travis.yml

@@ -2,7 +2,6 @@ before_install:
   - gem update --system 2.1.11
 language: ruby
 rvm:
-  - "1.9.3"
   - "2.0.0"
   - "2.1.0"
   - "2.2.0"

data/CHANGELOG.md

@@ -1,6 +1,22 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## 0.4.0 - 2016-03-11
+
+### Added
+- Addedd ability to specify multiple hosted domains.
+- Added a default leeway of 1 minute to JWT token validation.
+- Now requires ruby-jwt 1.5.x.
+
+### Deprecated
+- Nothing.
+
+### Removed
+- Removed support for ruby 1.9.3 as ruby-jwt 1.5.x does not support it.
+
+### Fixed
+- Nothing.
+
 ## 0.3.1 - 2016-01-28
 
 ### Added

data/README.md

@@ -72,9 +72,11 @@ You can configure several options, which you pass in to the `provider` method vi
 
 * `access_type`: Defaults to `offline`, so a refresh token is sent to be used when the user is not present at the browser. Can be set to `online`. More about [offline access](https://developers.google.com/identity/protocols/OAuth2WebServer#offline)
 
-* `hd`: (Optional) Limit sign-in to a particular Google Apps hosted domain.  More information at: https://developers.google.com/accounts/docs/OpenIDConnect#hd-param
+* `hd`: (Optional) Limit sign-in to a particular Google Apps hosted domain. This can be simply string `'domain.com'` or an array `%w(domain.com domain.co)`. More information at: https://developers.google.com/accounts/docs/OpenIDConnect#hd-param
 
-* `skip_jwt`: Skip JWT processing. This is for users who are seeing JWT decoding errors with the `iat` field.
+* `jwt_leeway`: Number of seconds passed to the JWT library as leeway. Defaults to 60 seconds.
+
+* `skip_jwt`: Skip JWT processing. This is for users who are seeing JWT decoding errors with the `iat` field. Always try adjusting the leeway before disabling JWT processing.
 
 * `login_hint`: When your app knows which user it is trying to authenticate, it can provide this parameter as a hint to the authentication server. Passing this hint suppresses the account chooser and either pre-fill the email box on the sign-in form, or select the proper session (if the user is using multiple sign-in), which can help you avoid problems that occur if your app logs in the wrong user account. The value can be either an email address or the sub string, which is equivalent to the user's Google+ ID.
 
@@ -303,7 +305,7 @@ OmniAuth.config.full_host = Rails.env.production? ? 'https://domain.com' : 'http
 
 ## License
 
-Copyright (c) 2015 by Josh Ellithorpe
+Copyright (c) 2016 by Josh Ellithorpe
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

data/lib/omniauth/google_oauth2/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module GoogleOauth2
-    VERSION = "0.3.1"
+    VERSION = "0.4.0"
   end
 end

data/lib/omniauth/strategies/google_oauth2.rb

@@ -14,6 +14,7 @@ module OmniAuth
       option :skip_friends, true
       option :skip_image_info, true
       option :skip_jwt, false
+      option :jwt_leeway, 60
       option :authorize_options, [:access_type, :hd, :login_hint, :prompt, :request_visible_actions, :scope, :state, :redirect_uri, :include_granted_scopes, :openid_realm]
 
       option :client_options, {
@@ -68,7 +69,8 @@ module OmniAuth
               :verify_expiration => true,
               :verify_not_before => true,
               :verify_iat => true,
-              :verify_jti => false
+              :verify_jti => false,
+              :leeway => options[:jwt_leeway]
             }).first
         end
         hash[:raw_info] = raw_info unless skip_info?
@@ -189,7 +191,9 @@ module OmniAuth
       def verify_hd(access_token)
         return true unless options.hd
         @raw_info ||= access_token.get('https://www.googleapis.com/plus/v1/people/me/openIdConnect').parsed
-        raise CallbackError.new(:invalid_hd, "Invalid Hosted Domain") unless @raw_info['hd'] == options.hd
+        allowed_hosted_domains = Array(options.hd)
+
+        raise CallbackError.new(:invalid_hd, "Invalid Hosted Domain") unless allowed_hosted_domains.include? @raw_info['hd']
         true
       end
     end

data/omniauth-google-oauth2.gemspec

@@ -14,9 +14,11 @@ Gem::Specification.new do |gem|
   gem.files         = `git ls-files`.split("\n")
   gem.require_paths = ["lib"]
 
+  gem.required_ruby_version = '>= 2.0'
+
   gem.add_runtime_dependency 'omniauth', '>= 1.1.1'
   gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.3.1'
-  gem.add_runtime_dependency 'jwt', '~> 1.0'
+  gem.add_runtime_dependency 'jwt', '~> 1.5.0'
   gem.add_runtime_dependency 'multi_json', '~> 1.3'
 
   gem.add_development_dependency 'rspec', '>= 2.14.0'

data/spec/omniauth/strategies/google_oauth2_spec.rb

@@ -615,11 +615,23 @@ describe OmniAuth::Strategies::GoogleOauth2 do
       expect(subject.send(:verify_hd, access_token)).to eq(true)
     end
 
+    it 'should verify hd if options hd is set as an array and is correct' do
+      subject.options.hd = ['example.com', 'example.co']
+      expect(subject.send(:verify_hd, access_token)).to eq(true)
+    end
+
     it 'should raise error if options hd is set and wrong' do
       subject.options.hd = 'invalid.com'
       expect {
         subject.send(:verify_hd, access_token)
       }.to raise_error(OmniAuth::Strategies::GoogleOauth2::CallbackError)
     end
+
+    it 'should raise error if options hd is set as an array and is not correct' do
+      subject.options.hd = ['invalid.com', 'invalid.co']
+      expect {
+        subject.send(:verify_hd, access_token)
+      }.to raise_error(OmniAuth::Strategies::GoogleOauth2::CallbackError)
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-google-oauth2
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Josh Ellithorpe
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-28 00:00:00.000000000 Z
+date: 2016-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -45,14 +45,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
@@ -131,7 +131,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="