omniauth-oauth2 1.3.0 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 97b27d270aece449c0fbd5318ef61056b3179b03
-  data.tar.gz: 94cc90831da565635c64c5ff036926c7999d3619
+SHA256:
+  metadata.gz: 35d242e59c9afdaf9936548a38aa617b67ff9d24be62bb019e3f2c448d0304a3
+  data.tar.gz: 0340fe1535cf2eddaa261a5306394b7a5381136df2f735c77fc4441eaeb8e107
 SHA512:
-  metadata.gz: 021f0ccaed1fb0bca365ea86ffc31c955e678da42fdad37f8083c71132d7f365af84d0f21da143f6328cb658a26d4e789249d9743899c776bf3872fda0529b9b
-  data.tar.gz: 68ad4394e13f8adce5aac65da939f823b572ab58d11928ee05d1fba4e932360db79893e1038ac7d039094467c9a3fe98fea564a064b4802ff06d0a53082a549e
+  metadata.gz: e87d41e2854c624939d2142654ab9adf11a7336a199d2cfc3790f3eaccc07a62a43715fbb07c9353bccc5160c2dd06369415da70f69e9ed8d980ef6d76b415bc
+  data.tar.gz: bae2d1d3f173a93cceb14809efdc72bba6c40373102e65da1df03881ba4799a4d18446e2de072da56572e94c73d807cffe00e55daaf7de370325563409798a5b

data/.rubocop.yml

@@ -1,10 +1,35 @@
-Metrics/BlockNesting:
-  Max: 2
+AllCops:
+  NewCops: enable
+
+Gemspec/RequiredRubyVersion:
+  Enabled: false
 
-Metrics/LineLength:
+Layout/AccessModifierIndentation:
+  EnforcedStyle: outdent
+
+Layout/LineLength:
   AllowURI: true
   Enabled: false
 
+Layout/SpaceInsideHashLiteralBraces:
+  EnforcedStyle: no_space
+
+Lint/MissingSuper:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 18
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/omniauth/strategies/oauth2_spec.rb
+
+Metrics/BlockNesting:
+  Max: 2
+
+Metrics/ClassLength:
+  Max: 110
+
 Metrics/MethodLength:
   CountComments: false
   Max: 10
@@ -13,8 +38,9 @@ Metrics/ParameterLists:
   Max: 4
   CountKeywordArgs: true
 
-Style/AccessModifierIndentation:
-  EnforcedStyle: outdent
+Naming/FileName:
+  Exclude:
+    - lib/omniauth-oauth2.rb
 
 Style/CollectionMethods:
   PreferredMethods:
@@ -29,14 +55,26 @@ Style/Documentation:
 Style/DoubleNegation:
   Enabled: false
 
+Style/ExpandPathArguments:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
 Style/HashSyntax:
   EnforcedStyle: hash_rockets
 
-Style/SpaceInsideHashLiteralBraces:
-  EnforcedStyle: no_space
+Style/StderrPuts:
+  Enabled: false
 
 Style/StringLiterals:
   EnforcedStyle: double_quotes
 
-Style/TrailingComma:
-  EnforcedStyleForMultiline: 'comma'
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: comma
+
+Style/TrailingCommaInHashLiteral:
+  EnforcedStyleForMultiline: comma
+
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: comma

data/.travis.yml

@@ -1,18 +1,17 @@
-before_install: gem install bundler
+bundler_args: --without development
+before_install:
+  - gem update --system
+  - gem update bundler
+cache: bundler
 env:
   global:
     - JRUBY_OPTS="$JRUBY_OPTS --debug"
 language: ruby
 rvm:
-  - 1.8.7
-  - 1.9.3
-  - 2.0.0
-  - 2.1
-  - 2.2
-  - jruby-18mode
-  - jruby-19mode
+  - jruby-9000
+  - 2.4.4
+  - 2.5.3
   - jruby-head
-  - rbx-2
   - ruby-head
 matrix:
   allow_failures:

data/Gemfile

@@ -1,17 +1,18 @@
-source "http://rubygems.org"
+source "https://rubygems.org"
 
-gem "rake"
+gem "rake", "~> 12.0"
 
 group :test do
+  gem "addressable", "~> 2.3.8", :platforms => %i[jruby ruby_18]
   gem "coveralls"
-  gem "json", :platforms => [:jruby, :ruby_18, :ruby_19]
-  gem "mime-types", "~> 1.25", :platforms => [:jruby, :ruby_18]
+  gem "json", :platforms => %i[jruby ruby_18 ruby_19]
+  gem "mime-types", "~> 1.25", :platforms => %i[jruby ruby_18]
   gem "rack-test"
-  gem "rest-client", "~> 1.6.0", :platforms => [:jruby, :ruby_18]
+  gem "rest-client", "~> 1.8.0", :platforms => %i[jruby ruby_18]
   gem "rspec", "~> 3.2"
-  gem "rubocop", ">= 0.30", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22]
+  gem "rubocop", ">= 0.51", :platforms => %i[ruby_19 ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
   gem "simplecov", ">= 0.9"
-  gem "webmock"
+  gem "webmock", "~> 3.0"
 end
 
 # Specify your gem's dependencies in omniauth-oauth2.gemspec

data/README.md

@@ -1,14 +1,13 @@
 # OmniAuth OAuth2
 
 [![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
-[![Build Status](http://img.shields.io/travis/intridea/omniauth-oauth2.svg)][travis]
-[![Dependency Status](http://img.shields.io/gemnasium/intridea/omniauth-oauth2.svg)][gemnasium]
-[![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth-oauth2.svg)][codeclimate]
+[![Build Status](http://img.shields.io/travis/omniauth/omniauth-oauth2.svg)][travis]
+[![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
 [![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
+[![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
 
 [gem]: https://rubygems.org/gems/omniauth-oauth2
-[travis]: http://travis-ci.org/intridea/omniauth-oauth2
-[gemnasium]: https://gemnasium.com/intridea/omniauth-oauth2
+[travis]: http://travis-ci.org/omniauth/omniauth-oauth2
 [codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
 [coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
 
@@ -33,6 +32,10 @@ module OmniAuth
       # This is where you pass the options you would pass when
       # initializing your consumer from the OAuth gem.
       option :client_options, {:site => "https://api.somesite.com"}
+      
+      # You may specify that your strategy should use PKCE by setting
+      # the pkce option to true: https://tools.ietf.org/html/rfc7636
+      option :pkce, true
 
       # These are called after authentication has succeeded. If
       # possible, you should try to set the UID without making
@@ -63,5 +66,3 @@ end
 ```
 
 That's pretty much it!
-
-[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/intridea/omniauth-oauth2/trend.png)](https://bitdeli.com/free "Bitdeli Badge")

data/Rakefile

@@ -1,4 +1,5 @@
 #!/usr/bin/env rake
+
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 
@@ -15,4 +16,4 @@ rescue LoadError
   end
 end
 
-task :default => [:spec, :rubocop]
+task :default => %i[spec rubocop]

data/lib/omniauth-oauth2.rb

@@ -1,2 +1,2 @@
-require "omniauth-oauth2/version" # rubocop:disable FileName
+require "omniauth-oauth2/version"
 require "omniauth/strategies/oauth2"

data/lib/omniauth-oauth2/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module OAuth2
-    VERSION = "1.3.0"
+    VERSION = "1.7.0".freeze
   end
 end

data/lib/omniauth/strategies/oauth2.rb

@@ -14,17 +14,32 @@ module OmniAuth
     class OAuth2
       include OmniAuth::Strategy
 
-      args [:client_id, :client_secret]
+      def self.inherited(subclass)
+        OmniAuth::Strategy.included(subclass)
+      end
+
+      args %i[client_id client_secret]
 
       option :client_id, nil
       option :client_secret, nil
       option :client_options, {}
       option :authorize_params, {}
-      option :authorize_options, [:scope]
+      option :authorize_options, %i[scope state]
       option :token_params, {}
       option :token_options, []
       option :auth_token_params, {}
       option :provider_ignores_state, false
+      option :pkce, false
+      option :pkce_verifier, nil
+      option :pkce_options, {
+        :code_challenge => proc { |verifier|
+          Base64.urlsafe_encode64(
+            Digest::SHA2.digest(verifier),
+            :padding => false,
+          )
+        },
+        :code_challenge_method => "S256",
+      }
 
       attr_accessor :access_token
 
@@ -32,15 +47,11 @@ module OmniAuth
         ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
       end
 
-      def callback_url
-        full_host + script_name + callback_path
-      end
-
       credentials do
         hash = {"token" => access_token.token}
-        hash.merge!("refresh_token" => access_token.refresh_token) if access_token.expires? && access_token.refresh_token
-        hash.merge!("expires_at" => access_token.expires_at) if access_token.expires?
-        hash.merge!("expires" => access_token.expires?)
+        hash["refresh_token"] = access_token.refresh_token if access_token.expires? && access_token.refresh_token
+        hash["expires_at"] = access_token.expires_at if access_token.expires?
+        hash["expires"] = access_token.expires?
         hash
       end
 
@@ -48,22 +59,29 @@ module OmniAuth
         redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
       end
 
-      def authorize_params
+      def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
         options.authorize_params[:state] = SecureRandom.hex(24)
-        params = options.authorize_params.merge(options_for("authorize"))
+
         if OmniAuth.config.test_mode
           @env ||= {}
           @env["rack.session"] ||= {}
         end
+
+        params = options.authorize_params
+                        .merge(options_for("authorize"))
+                        .merge(pkce_authorize_params)
+
+        session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
         session["omniauth.state"] = params[:state]
+
         params
       end
 
       def token_params
-        options.token_params.merge(options_for("token"))
+        options.token_params.merge(options_for("token")).merge(pkce_token_params)
       end
 
-      def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
+      def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
         error = request.params["error_reason"] || request.params["error"]
         if error
           fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
@@ -84,23 +102,44 @@ module OmniAuth
 
     protected
 
+      def pkce_authorize_params
+        return {} unless options.pkce
+
+        options.pkce_verifier = SecureRandom.hex(64)
+
+        # NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
+        {
+          :code_challenge => options.pkce_options[:code_challenge]
+                                    .call(options.pkce_verifier),
+          :code_challenge_method => options.pkce_options[:code_challenge_method],
+        }
+      end
+
+      def pkce_token_params
+        return {} unless options.pkce
+
+        {:code_verifier => session.delete("omniauth.pkce.verifier")}
+      end
+
       def build_access_token
         verifier = request.params["code"]
         client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
       end
 
       def deep_symbolize(options)
-        hash = {}
-        options.each do |key, value|
+        options.each_with_object({}) do |(key, value), hash|
           hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
         end
-        hash
       end
 
       def options_for(option)
         hash = {}
         options.send(:"#{option}_options").select { |key| options[key] }.each do |key|
-          hash[key.to_sym] = options[key]
+          hash[key.to_sym] = if options[key].respond_to?(:call)
+                               options[key].call(env)
+                             else
+                               options[key]
+                             end
         end
         hash
       end

data/omniauth-oauth2.gemspec

@@ -3,22 +3,22 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "omniauth-oauth2/version"
 
 Gem::Specification.new do |gem|
-  gem.add_dependency "oauth2",     "~> 1.0"
-  gem.add_dependency "omniauth",   "~> 1.2"
+  gem.add_dependency "oauth2",     "~> 1.4"
+  gem.add_dependency "omniauth",   "~> 1.9"
 
-  gem.add_development_dependency "bundler", "~> 1.0"
+  gem.add_development_dependency "bundler", "~> 2.0"
 
-  gem.authors       = ["Michael Bleigh", "Erik Michaels-Ober"]
-  gem.email         = ["michael@intridea.com", "sferik@gmail.com"]
+  gem.authors       = ["Michael Bleigh", "Erik Michaels-Ober", "Tom Milewski"]
+  gem.email         = ["michael@intridea.com", "sferik@gmail.com", "tmilewski@gmail.com"]
   gem.description   = "An abstract OAuth2 strategy for OmniAuth."
   gem.summary       = gem.description
-  gem.homepage      = "https://github.com/intridea/omniauth-oauth2"
-  gem.licenses      = %w(MIT)
+  gem.homepage      = "https://github.com/omniauth/omniauth-oauth2"
+  gem.licenses      = %w[MIT]
 
   gem.executables   = `git ls-files -- bin/*`.split("\n").collect { |f| File.basename(f) }
   gem.files         = `git ls-files`.split("\n")
   gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   gem.name          = "omniauth-oauth2"
-  gem.require_paths = %w(lib)
+  gem.require_paths = %w[lib]
   gem.version       = OmniAuth::OAuth2::VERSION
 end

data/spec/omniauth/strategies/oauth2_spec.rb

@@ -16,6 +16,15 @@ describe OmniAuth::Strategies::OAuth2 do
     OmniAuth.config.test_mode = false
   end
 
+  describe "Subclassing Behavior" do
+    subject { fresh_strategy }
+
+    it "performs the OmniAuth::Strategy included hook" do
+      expect(OmniAuth.strategies).to include(OmniAuth::Strategies::OAuth2)
+      expect(OmniAuth.strategies).to include(subject)
+    end
+  end
+
   describe "#client" do
     subject { fresh_strategy }
 
@@ -40,9 +49,10 @@ describe OmniAuth::Strategies::OAuth2 do
     end
 
     it "includes top-level options that are marked as :authorize_options" do
-      instance = subject.new("abc", "def", :authorize_options => [:scope, :foo, :state], :scope => "bar", :foo => "baz")
+      instance = subject.new("abc", "def", :authorize_options => %i[scope foo state], :scope => "bar", :foo => "baz")
       expect(instance.authorize_params["scope"]).to eq("bar")
       expect(instance.authorize_params["foo"]).to eq("baz")
+      expect(instance.authorize_params["state"]).not_to be_empty
     end
 
     it "includes random state in the authorize params" do
@@ -50,6 +60,19 @@ describe OmniAuth::Strategies::OAuth2 do
       expect(instance.authorize_params.keys).to eq(["state"])
       expect(instance.session["omniauth.state"]).not_to be_empty
     end
+
+    it "includes custom state in the authorize params" do
+      instance = subject.new("abc", "def", :state => proc { "qux" })
+      expect(instance.authorize_params.keys).to eq(["state"])
+      expect(instance.session["omniauth.state"]).to eq("qux")
+    end
+
+    it "includes PKCE parameters if enabled" do
+      instance = subject.new("abc", "def", :pkce => true)
+      expect(instance.authorize_params[:code_challenge]).to be_a(String)
+      expect(instance.authorize_params[:code_challenge_method]).to eq("S256")
+      expect(instance.session["omniauth.pkce.verifier"]).to be_a(String)
+    end
   end
 
   describe "#token_params" do
@@ -61,9 +84,16 @@ describe OmniAuth::Strategies::OAuth2 do
     end
 
     it "includes top-level options that are marked as :authorize_options" do
-      instance = subject.new("abc", "def", :token_options => [:scope, :foo], :scope => "bar", :foo => "baz")
+      instance = subject.new("abc", "def", :token_options => %i[scope foo], :scope => "bar", :foo => "baz")
       expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
     end
+
+    it "includes the PKCE code_verifier if enabled" do
+      instance = subject.new("abc", "def", :pkce => true)
+      # setup session
+      instance.authorize_params
+      expect(instance.token_params[:code_verifier]).to be_a(String)
+    end
   end
 
   describe "#callback_phase" do

metadata

@@ -1,15 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.7.0
 platform: ruby
 authors:
 - Michael Bleigh
 - Erik Michaels-Ober
+- Tom Milewski
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-22 00:00:00.000000000 Z
+date: 2020-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oauth2
@@ -17,46 +18,47 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.9'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
 description: An abstract OAuth2 strategy for OmniAuth.
 email:
 - michael@intridea.com
 - sferik@gmail.com
+- tmilewski@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -75,7 +77,7 @@ files:
 - omniauth-oauth2.gemspec
 - spec/helper.rb
 - spec/omniauth/strategies/oauth2_spec.rb
-homepage: https://github.com/intridea/omniauth-oauth2
+homepage: https://github.com/omniauth/omniauth-oauth2
 licenses:
 - MIT
 metadata: {}
@@ -94,8 +96,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 3.0.0
 signing_key: 
 specification_version: 4
 summary: An abstract OAuth2 strategy for OmniAuth.