omniauth-nitro-id 1.0.0 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b3b09237f96562c54df18acc4a2974ee10c321d587bd2c0878865c30aa57a0ed
-  data.tar.gz: 7bf933d671741411f8184693d372ccddadc64d74158b8177eb7d7cc68bccf7a1
+  metadata.gz: d597ab3b4ec465274903767494f7261a93cb09afb365618dd6681752ee8ba0c0
+  data.tar.gz: dbd6d14de7b47202b908d9fc67919832ad75d58c11ef971c3437b2c4c2ac9629
 SHA512:
-  metadata.gz: ba8f9dcf267a4c63ba805f7fa7cca57e798534b070cd81fd40890a3b7f0b475a142a4f626bf8c93e78ce18ae54d227fc5187e98415bf1a516d16e58832813192
-  data.tar.gz: 43bf42fcd09e559514a7e16376d0f9b5c2686eb67119daeaaf7620094464acbdb891e0cad2cbd268749653d473bf7292f61b8e0bd39933d400a8dcdcf3f8ab0d
+  metadata.gz: 82db598358577adbdaccc0346501e8fd00a0dd3e24e09591b9dc51eb1e8e2d9b75a575e3115604c0916ff27bc5aed46a98df08e83de9e15daa5de7cbc358e3ce
+  data.tar.gz: 5f0a78eeb7a3660ff3688b35d6324c9a0c4f39e2724084259b5ae41038299c56794b507fc585f307ef42386a71f67eca5723d3f013053b8522f58c900b499b0a

data/.github/workflows/omniauth-nitro-id.yml

@@ -0,0 +1,13 @@
+name: omniauth-nitro-id
+
+on:
+  push:
+
+jobs:
+  ruby:
+    uses: powerhome/power-tools/.github/workflows/_ruby-package.yml@main
+    with:
+      package: '${{ github.workflow }}'
+      ruby: '["2.7", "3.0", "3.1"]'
+      rails: '["any"]'
+    secrets: inherit

data/.gitignore

@@ -4,7 +4,6 @@
 /Gemfile.lock
 /_yardoc/
 /coverage/
-/doc/
 /pkg/
 /spec/examples.txt
 /spec/reports/

data/doc/dependency_decisions.yml

@@ -0,0 +1,3 @@
+---
+- - :inherit_from
+  - https://raw.githubusercontent.com/powerhome/oss-guide/master/license_rules.yml

data/docs/CHANGELOG.md

@@ -7,11 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.1.1] - 2023-03-06
+
+### Added
+
+* Add `omniauth-rails_csrf_protection` dependency. PR [#12](https://github.com/powerhome/omniauth-nitro-id/pull/12)
+
+## [1.1.0] - 2022-12-14
+
+### Added
+
+* Add support for `id_token_hint`. PR [#8](https://github.com/powerhome/omniauth-nitro-id/pull/8)
+
 ## [1.0.0] - 2022-12-05
 
 ### Added
 
 * Initial release
 
-[Unreleased]: https://github.com/powerhome/omniauth-nitro-id/compare/v1.0.0...HEAD
+[Unreleased]: https://github.com/powerhome/omniauth-nitro-id/compare/v1.1.1...HEAD
+[1.1.1]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.1.1
+[1.1.0]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.1.0
 [1.0.0]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.0.0

data/lib/extensions/discovery.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Extensions
+  module Discovery
+    Module.new do
+      # Monkey patch allow HTTP instead of forcing HTTPS for discovery.
+
+      attr_reader :scheme
+
+      def initialize(uri)
+        @scheme = uri.scheme
+        super
+      end
+
+      def endpoint
+        URI::Generic.build(scheme: scheme, host: host, port: port, path: path)
+      rescue URI::Error => e
+        raise SWD::Exception, e.message
+      end
+
+      prepend_features(::OpenIDConnect::Discovery::Provider::Config::Resource)
+    end
+  end
+end

data/lib/omniauth/nitro_id/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module NitroId
-    VERSION = "1.0.0"
+    VERSION = "1.1.1"
   end
 end

data/lib/omniauth/strategies/base_strategy.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require "omniauth_openid_connect"
+require_relative "../../extensions/discovery"
+
+module OmniAuth
+  module Strategies
+    class BaseStrategy < OmniAuth::Strategies::OpenIDConnect
+      def public_key
+        @public_key ||= if options.discovery
+                          config.jwks
+                        elsif key_or_secret
+                          key_or_secret
+                        elsif client_options.jwks_uri
+                          fetch_key
+                        end
+      end
+
+    private
+
+      def fetch_key
+        @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get_content(client_options.jwks_uri))
+      end
+
+      def key_or_secret
+        @key_or_secret ||=
+          case options.client_signing_alg&.to_sym
+          when :HS256, :HS384, :HS512
+            client_options.secret
+          when :RS256, :RS384, :RS512
+            parse_key
+          end
+      end
+
+      def encoded_post_logout_redirect_uri
+        return unless options.post_logout_redirect_uri
+
+        query = {
+          post_logout_redirect_uri: options.post_logout_redirect_uri,
+        }
+        query = query.merge({ id_token_hint: params["id_token_hint"] }) if params["id_token_hint"]
+
+        URI.encode_www_form(query)
+      end
+
+      def parse_key
+        if options.client_jwk_signing_key
+          parse_jwk_key(options.client_jwk_signing_key)
+        elsif options.client_x509_signing_key
+          parse_x509_key(options.client_x509_signing_key)
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/strategies/nitro_id.rb

@@ -1,18 +1,14 @@
 # frozen_string_literal: true
 
-require "omniauth_openid_connect"
+require_relative "base_strategy"
 
 module OmniAuth
   module Strategies
-    class NitroId < OmniAuth::Strategies::OpenIDConnect
-      DEFAULT_STRATEGY_NAME = "nitro_id"
-      DEFAULT_ISSUER = "https://id.powerhrg.com/"
-      DEFAULT_HOST = "id.powerhrg.com"
-
-      option :name, DEFAULT_STRATEGY_NAME
+    class NitroId < BaseStrategy
+      option :name, "nitro_id"
       option :discovery, true
-      option :issuer, DEFAULT_ISSUER
-      option :client_options, host: DEFAULT_HOST
+      option :issuer, "https://id.powerhrg.com/"
+      option :client_options, host: "id.powerhrg.com"
     end
   end
 end

data/lib/omniauth/strategies/tempo_id.rb

@@ -1,18 +1,14 @@
 # frozen_string_literal: true
 
-require "omniauth_openid_connect"
+require_relative "base_strategy"
 
 module OmniAuth
   module Strategies
-    class TempoId < OmniAuth::Strategies::OpenIDConnect
-      DEFAULT_STRATEGY_NAME = "tempo_id"
-      DEFAULT_ISSUER = "https://id.streamfinancial.io/"
-      DEFAULT_HOST = "id.streamfinancial.io"
-
-      option :name, DEFAULT_STRATEGY_NAME
+    class TempoId < BaseStrategy
+      option :name, "tempo_id"
       option :discovery, true
-      option :issuer, DEFAULT_ISSUER
-      option :client_options, host: DEFAULT_HOST
+      option :issuer, "https://id.streamfinancial.io/"
+      option :client_options, host: "id.streamfinancial.io"
     end
   end
 end

data/omniauth-nitro-id.gemspec

@@ -18,9 +18,11 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "omniauth_openid_connect", "~> 0.4.0"
+  spec.add_dependency "omniauth-rails_csrf_protection", "1.0.1"
 
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "guard-rspec"
+  spec.add_development_dependency "license_finder", ">= 7.0"
   spec.add_development_dependency "net-smtp"
   spec.add_development_dependency "pry"
   spec.add_development_dependency "rake", "13.0.6"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-nitro-id
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Stephen Greer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-12-05 00:00:00.000000000 Z
+date: 2023-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth_openid_connect
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.4.0
+- !ruby/object:Gem::Dependency
+  name: omniauth-rails_csrf_protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: license_finder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: net-smtp
   requirement: !ruby/object:Gem::Requirement
@@ -144,7 +172,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/CODEOWNERS"
-- ".github/workflows/ci.yml"
+- ".github/workflows/omniauth-nitro-id.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -154,11 +182,14 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- doc/dependency_decisions.yml
 - docs/CHANGELOG.md
 - docs/README.md
+- lib/extensions/discovery.rb
 - lib/omniauth-nitro-id.rb
 - lib/omniauth/nitro_id.rb
 - lib/omniauth/nitro_id/version.rb
+- lib/omniauth/strategies/base_strategy.rb
 - lib/omniauth/strategies/nitro_id.rb
 - lib/omniauth/strategies/tempo_id.rb
 - mkdocs.yml

data/.github/workflows/ci.yml

@@ -1,34 +0,0 @@
-name: CI
-
-on: push
-
-jobs:
-  test:
-    name: Tests
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby:
-          - "2.7.4"
-          - "3.1.2"
-    steps:
-    - uses: actions/checkout@v3
-    - uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-        bundler-cache: true
-    - name: Run tests
-      run: bundle exec rake spec
-  lint:
-    name: Lint Ruby
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 3.1.2
-    - name: Bundle
-      run: bundle
-    - name: Run Rubocop
-      run: bundle exec rubocop