omniauth-oauth2 1.3.1 → 1.8.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 414a1411316ba3f8463a30120106b6a89bb62c50
4
- data.tar.gz: 6c2e2383286d4f5ed5e86daf82d74dda2611d716
2
+ SHA256:
3
+ metadata.gz: f5cd52cdcb930eb0df65da3d7659a8e46f19db3426e0ecd8b3565b51e951331f
4
+ data.tar.gz: 6ed5b399aef49e82b265ff6175c849c44415f8b19f81ee5eb5d988ebb6c95fc8
5
5
  SHA512:
6
- metadata.gz: b62f9e18f9b832f556de30b1a3f085c26266dbd108c9244d441320960e4e0e6e30fb3e9ffe5addf1adf687cab8999f255c0351e3efb2a2daef1cc21e450c1f1f
7
- data.tar.gz: b83fb3b97ef73310a898d204eed6f6501eba58535eb8829129a239f2a349ea0620cb78477697f1a75e3fcf1d600f40763340dcb27be80c12c7aff382949fce16
6
+ metadata.gz: e6bc5b97b326e37aa1e2ebb294b3459b57ba5dbb4d1e8b7e1709ed2dc9cfb8cc3b1b6f70ebbd0d5d830834af2472afe5b34762cf63f99a508334edee0d86b15a
7
+ data.tar.gz: 5c6cea848d8c9895495f7e931a3acfcee6e5e773824714e4de8bacfdc7aa70c3e40ad5cbce92b9a0d115f1dbd1f26aea7dc2b7a7bc02b1050cf38c501c3b7d45
@@ -0,0 +1,2 @@
1
+ github: bobbymcwho
2
+ tidelift: rubygems/omniauth-oauth2
@@ -0,0 +1,67 @@
1
+ name: Ruby
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-18.04
12
+ strategy:
13
+ fail-fast: false
14
+ matrix:
15
+ os: [ubuntu, macos]
16
+ ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug, truffleruby, truffleruby-head]
17
+ steps:
18
+ - uses: actions/checkout@v2
19
+ - name: Set up Ruby
20
+ uses: ruby/setup-ruby@v1
21
+ with:
22
+ ruby-version: ${{ matrix.ruby }}
23
+ bundler-cache: true
24
+ - name: Install dependencies
25
+ run: bundle install
26
+ - name: Run tests
27
+ run: bundle exec rake
28
+ test-jruby:
29
+ runs-on: ubuntu-18.04
30
+ strategy:
31
+ fail-fast: false
32
+ matrix:
33
+ os: [ubuntu, macos]
34
+ jruby: [jruby, jruby-head]
35
+ steps:
36
+ - uses: actions/checkout@v2
37
+ - name: Set up Ruby
38
+ uses: ruby/setup-ruby@v1
39
+ with:
40
+ ruby-version: ${{ matrix.jruby }}
41
+ bundler-cache: true
42
+ - name: Install dependencies
43
+ env:
44
+ JRUBY_OPTS: --debug
45
+ run: bundle install
46
+ - name: Run tests
47
+ env:
48
+ JRUBY_OPTS: --debug
49
+ run: bundle exec rake
50
+ coveralls:
51
+ runs-on: ubuntu-18.04
52
+ steps:
53
+ - uses: actions/checkout@v2
54
+ - name: Set up Ruby
55
+ uses: ruby/setup-ruby@v1
56
+ with:
57
+ ruby-version: 2.6
58
+ bundler-cache: true
59
+ - name: Install dependencies
60
+ run: bundle install
61
+ - name: Run tests
62
+ run: bundle exec rake
63
+ - name: Coveralls GitHub Action
64
+ uses: coverallsapp/github-action@v1.1.2
65
+ with:
66
+ github-token: ${{ secrets.github_token }}
67
+ path-to-lcov: './coverage/lcov/omniauth-oauth2.lcov'
data/.rubocop.yml CHANGED
@@ -1,10 +1,35 @@
1
- Metrics/BlockNesting:
2
- Max: 2
1
+ AllCops:
2
+ NewCops: enable
3
+
4
+ Gemspec/RequiredRubyVersion:
5
+ Enabled: false
3
6
 
4
- Metrics/LineLength:
7
+ Layout/AccessModifierIndentation:
8
+ EnforcedStyle: outdent
9
+
10
+ Layout/LineLength:
5
11
  AllowURI: true
6
12
  Enabled: false
7
13
 
14
+ Layout/SpaceInsideHashLiteralBraces:
15
+ EnforcedStyle: no_space
16
+
17
+ Lint/MissingSuper:
18
+ Enabled: false
19
+
20
+ Metrics/AbcSize:
21
+ Max: 18
22
+
23
+ Metrics/BlockLength:
24
+ Exclude:
25
+ - spec/omniauth/strategies/oauth2_spec.rb
26
+
27
+ Metrics/BlockNesting:
28
+ Max: 2
29
+
30
+ Metrics/ClassLength:
31
+ Max: 110
32
+
8
33
  Metrics/MethodLength:
9
34
  CountComments: false
10
35
  Max: 10
@@ -13,8 +38,9 @@ Metrics/ParameterLists:
13
38
  Max: 4
14
39
  CountKeywordArgs: true
15
40
 
16
- Style/AccessModifierIndentation:
17
- EnforcedStyle: outdent
41
+ Naming/FileName:
42
+ Exclude:
43
+ - lib/omniauth-oauth2.rb
18
44
 
19
45
  Style/CollectionMethods:
20
46
  PreferredMethods:
@@ -29,14 +55,26 @@ Style/Documentation:
29
55
  Style/DoubleNegation:
30
56
  Enabled: false
31
57
 
58
+ Style/ExpandPathArguments:
59
+ Enabled: false
60
+
61
+ Style/FrozenStringLiteralComment:
62
+ Enabled: false
63
+
32
64
  Style/HashSyntax:
33
65
  EnforcedStyle: hash_rockets
34
66
 
35
- Style/SpaceInsideHashLiteralBraces:
36
- EnforcedStyle: no_space
67
+ Style/StderrPuts:
68
+ Enabled: false
37
69
 
38
70
  Style/StringLiterals:
39
71
  EnforcedStyle: double_quotes
40
72
 
41
- Style/TrailingComma:
42
- EnforcedStyleForMultiline: 'comma'
73
+ Style/TrailingCommaInArguments:
74
+ EnforcedStyleForMultiline: comma
75
+
76
+ Style/TrailingCommaInHashLiteral:
77
+ EnforcedStyleForMultiline: comma
78
+
79
+ Style/TrailingCommaInArrayLiteral:
80
+ EnforcedStyleForMultiline: comma
data/CHANGELOG.md ADDED
@@ -0,0 +1,5 @@
1
+ ## [v1.8.0](https://github.com/omniauth/omniauth-oauth2/releases/tag/v1.7.3)
2
+ - Relaxes allowed versions of the oauth2 gem. [#146](https://github.com/omniauth/omniauth-oauth2/pull/146)
3
+ - Requires omniauth `~> 2.0` [#152](https://github.com/omniauth/omniauth-oauth2/pull/152)
4
+
5
+ Please see https://github.com/omniauth/omniauth-oauth2/releases for changelog prior to 1.8.0
data/Gemfile CHANGED
@@ -1,17 +1,19 @@
1
- source "http://rubygems.org"
1
+ source "https://rubygems.org"
2
2
 
3
- gem "rake"
3
+ gem "rake", "~> 13.0"
4
4
 
5
5
  group :test do
6
- gem "coveralls"
7
- gem "json", :platforms => [:jruby, :ruby_18, :ruby_19]
8
- gem "mime-types", "~> 1.25", :platforms => [:jruby, :ruby_18]
6
+ gem "addressable", "~> 2.3.8", :platforms => %i[jruby ruby_18]
7
+ gem 'coveralls_reborn', '~> 0.19.0', require: false
8
+ gem "json", :platforms => %i[jruby ruby_18 ruby_19]
9
+ gem "mime-types", "~> 1.25", :platforms => %i[jruby ruby_18]
9
10
  gem "rack-test"
10
- gem "rest-client", "~> 1.6.0", :platforms => [:jruby, :ruby_18]
11
+ gem "rest-client", "~> 1.8.0", :platforms => %i[jruby ruby_18]
11
12
  gem "rspec", "~> 3.2"
12
- gem "rubocop", ">= 0.30", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22]
13
- gem "simplecov", ">= 0.9"
14
- gem "webmock"
13
+ gem "rubocop", ">= 0.51", :platforms => %i[ruby_19 ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
14
+ gem 'simplecov-lcov'
15
+ gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
16
+ gem "webmock", "~> 3.0"
15
17
  end
16
18
 
17
19
  # Specify your gem's dependencies in omniauth-oauth2.gemspec
data/README.md CHANGED
@@ -1,14 +1,11 @@
1
1
  # OmniAuth OAuth2
2
2
 
3
3
  [![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
4
- [![Build Status](http://img.shields.io/travis/intridea/omniauth-oauth2.svg)][travis]
5
- [![Dependency Status](http://img.shields.io/gemnasium/intridea/omniauth-oauth2.svg)][gemnasium]
6
- [![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth-oauth2.svg)][codeclimate]
4
+ [![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
7
5
  [![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
6
+ [![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
8
7
 
9
8
  [gem]: https://rubygems.org/gems/omniauth-oauth2
10
- [travis]: http://travis-ci.org/intridea/omniauth-oauth2
11
- [gemnasium]: https://gemnasium.com/intridea/omniauth-oauth2
12
9
  [codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
13
10
  [coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
14
11
 
@@ -34,6 +31,10 @@ module OmniAuth
34
31
  # initializing your consumer from the OAuth gem.
35
32
  option :client_options, {:site => "https://api.somesite.com"}
36
33
 
34
+ # You may specify that your strategy should use PKCE by setting
35
+ # the pkce option to true: https://tools.ietf.org/html/rfc7636
36
+ option :pkce, true
37
+
37
38
  # These are called after authentication has succeeded. If
38
39
  # possible, you should try to set the UID without making
39
40
  # additional calls (if the user id is returned with the token
@@ -64,4 +65,11 @@ end
64
65
 
65
66
  That's pretty much it!
66
67
 
67
- [![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/intridea/omniauth-oauth2/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
68
+ ## OmniAuth-OAuth2 for Enterprise
69
+
70
+ Available as part of the Tidelift Subscription.
71
+
72
+ The maintainers of OmniAuth-OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise)
73
+
74
+ ## Supported Ruby Versions
75
+ OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
data/Rakefile CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env rake
2
+
2
3
  require "bundler/gem_tasks"
3
4
  require "rspec/core/rake_task"
4
5
 
@@ -15,4 +16,4 @@ rescue LoadError
15
16
  end
16
17
  end
17
18
 
18
- task :default => [:spec, :rubocop]
19
+ task :default => %i[spec rubocop]
data/SECURITY.md ADDED
@@ -0,0 +1,17 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ Use this section to tell people about which versions of your project are
6
+ currently being supported with security updates.
7
+
8
+ | Version | Supported |
9
+ | ------- | ------------------ |
10
+ | 1.7.x | :white_check_mark: |
11
+ | <= 1.6.x | :x: |
12
+
13
+ ## Security contact information
14
+
15
+ To report a security vulnerability, please use the
16
+ [Tidelift security contact](https://tidelift.com/security).
17
+ Tidelift will coordinate the fix and disclosure.
@@ -18,17 +18,28 @@ module OmniAuth
18
18
  OmniAuth::Strategy.included(subclass)
19
19
  end
20
20
 
21
- args [:client_id, :client_secret]
21
+ args %i[client_id client_secret]
22
22
 
23
23
  option :client_id, nil
24
24
  option :client_secret, nil
25
25
  option :client_options, {}
26
26
  option :authorize_params, {}
27
- option :authorize_options, [:scope]
27
+ option :authorize_options, %i[scope state]
28
28
  option :token_params, {}
29
29
  option :token_options, []
30
30
  option :auth_token_params, {}
31
31
  option :provider_ignores_state, false
32
+ option :pkce, false
33
+ option :pkce_verifier, nil
34
+ option :pkce_options, {
35
+ :code_challenge => proc { |verifier|
36
+ Base64.urlsafe_encode64(
37
+ Digest::SHA2.digest(verifier),
38
+ :padding => false,
39
+ )
40
+ },
41
+ :code_challenge_method => "S256",
42
+ }
32
43
 
33
44
  attr_accessor :access_token
34
45
 
@@ -36,15 +47,11 @@ module OmniAuth
36
47
  ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
37
48
  end
38
49
 
39
- def callback_url
40
- full_host + script_name + callback_path
41
- end
42
-
43
50
  credentials do
44
51
  hash = {"token" => access_token.token}
45
- hash.merge!("refresh_token" => access_token.refresh_token) if access_token.expires? && access_token.refresh_token
46
- hash.merge!("expires_at" => access_token.expires_at) if access_token.expires?
47
- hash.merge!("expires" => access_token.expires?)
52
+ hash["refresh_token"] = access_token.refresh_token if access_token.expires? && access_token.refresh_token
53
+ hash["expires_at"] = access_token.expires_at if access_token.expires?
54
+ hash["expires"] = access_token.expires?
48
55
  hash
49
56
  end
50
57
 
@@ -52,27 +59,34 @@ module OmniAuth
52
59
  redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
53
60
  end
54
61
 
55
- def authorize_params
62
+ def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
56
63
  options.authorize_params[:state] = SecureRandom.hex(24)
57
- params = options.authorize_params.merge(options_for("authorize"))
64
+
58
65
  if OmniAuth.config.test_mode
59
66
  @env ||= {}
60
67
  @env["rack.session"] ||= {}
61
68
  end
69
+
70
+ params = options.authorize_params
71
+ .merge(options_for("authorize"))
72
+ .merge(pkce_authorize_params)
73
+
74
+ session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
62
75
  session["omniauth.state"] = params[:state]
76
+
63
77
  params
64
78
  end
65
79
 
66
80
  def token_params
67
- options.token_params.merge(options_for("token"))
81
+ options.token_params.merge(options_for("token")).merge(pkce_token_params)
68
82
  end
69
83
 
70
- def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
84
+ def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
71
85
  error = request.params["error_reason"] || request.params["error"]
72
- if error
73
- fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
74
- elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
86
+ if !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
75
87
  fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
88
+ elsif error
89
+ fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
76
90
  else
77
91
  self.access_token = build_access_token
78
92
  self.access_token = access_token.refresh! if access_token.expired?
@@ -88,23 +102,44 @@ module OmniAuth
88
102
 
89
103
  protected
90
104
 
105
+ def pkce_authorize_params
106
+ return {} unless options.pkce
107
+
108
+ options.pkce_verifier = SecureRandom.hex(64)
109
+
110
+ # NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
111
+ {
112
+ :code_challenge => options.pkce_options[:code_challenge]
113
+ .call(options.pkce_verifier),
114
+ :code_challenge_method => options.pkce_options[:code_challenge_method],
115
+ }
116
+ end
117
+
118
+ def pkce_token_params
119
+ return {} unless options.pkce
120
+
121
+ {:code_verifier => session.delete("omniauth.pkce.verifier")}
122
+ end
123
+
91
124
  def build_access_token
92
125
  verifier = request.params["code"]
93
126
  client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
94
127
  end
95
128
 
96
129
  def deep_symbolize(options)
97
- hash = {}
98
- options.each do |key, value|
130
+ options.each_with_object({}) do |(key, value), hash|
99
131
  hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
100
132
  end
101
- hash
102
133
  end
103
134
 
104
135
  def options_for(option)
105
136
  hash = {}
106
137
  options.send(:"#{option}_options").select { |key| options[key] }.each do |key|
107
- hash[key.to_sym] = options[key]
138
+ hash[key.to_sym] = if options[key].respond_to?(:call)
139
+ options[key].call(env)
140
+ else
141
+ options[key]
142
+ end
108
143
  end
109
144
  hash
110
145
  end
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module OAuth2
3
- VERSION = "1.3.1"
3
+ VERSION = "1.8.0".freeze
4
4
  end
5
5
  end
@@ -1,2 +1,2 @@
1
- require "omniauth-oauth2/version" # rubocop:disable FileName
1
+ require "omniauth-oauth2/version"
2
2
  require "omniauth/strategies/oauth2"
@@ -3,22 +3,22 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
  require "omniauth-oauth2/version"
4
4
 
5
5
  Gem::Specification.new do |gem|
6
- gem.add_dependency "oauth2", "~> 1.0"
7
- gem.add_dependency "omniauth", "~> 1.2"
6
+ gem.add_dependency "oauth2", [">= 1.4", "< 3"]
7
+ gem.add_dependency "omniauth", "~> 2.0"
8
8
 
9
- gem.add_development_dependency "bundler", "~> 1.0"
9
+ gem.add_development_dependency "bundler", "~> 2.0"
10
10
 
11
- gem.authors = ["Michael Bleigh", "Erik Michaels-Ober"]
12
- gem.email = ["michael@intridea.com", "sferik@gmail.com"]
11
+ gem.authors = ["Michael Bleigh", "Erik Michaels-Ober", "Tom Milewski"]
12
+ gem.email = ["michael@intridea.com", "sferik@gmail.com", "tmilewski@gmail.com"]
13
13
  gem.description = "An abstract OAuth2 strategy for OmniAuth."
14
14
  gem.summary = gem.description
15
- gem.homepage = "https://github.com/intridea/omniauth-oauth2"
16
- gem.licenses = %w(MIT)
15
+ gem.homepage = "https://github.com/omniauth/omniauth-oauth2"
16
+ gem.licenses = %w[MIT]
17
17
 
18
18
  gem.executables = `git ls-files -- bin/*`.split("\n").collect { |f| File.basename(f) }
19
19
  gem.files = `git ls-files`.split("\n")
20
20
  gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
21
21
  gem.name = "omniauth-oauth2"
22
- gem.require_paths = %w(lib)
22
+ gem.require_paths = %w[lib]
23
23
  gem.version = OmniAuth::OAuth2::VERSION
24
24
  end
data/spec/helper.rb CHANGED
@@ -3,9 +3,16 @@ $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
3
3
 
4
4
  if RUBY_VERSION >= "1.9"
5
5
  require "simplecov"
6
+ require "simplecov-lcov"
6
7
  require "coveralls"
7
8
 
8
- SimpleCov.formatters = [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter]
9
+ SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true
10
+
11
+ SimpleCov.formatters = [
12
+ SimpleCov::Formatter::HTMLFormatter,
13
+ SimpleCov::Formatter::LcovFormatter,
14
+ Coveralls::SimpleCov::Formatter
15
+ ]
9
16
 
10
17
  SimpleCov.start do
11
18
  minimum_coverage(78.48)
@@ -49,9 +49,10 @@ describe OmniAuth::Strategies::OAuth2 do
49
49
  end
50
50
 
51
51
  it "includes top-level options that are marked as :authorize_options" do
52
- instance = subject.new("abc", "def", :authorize_options => [:scope, :foo, :state], :scope => "bar", :foo => "baz")
52
+ instance = subject.new("abc", "def", :authorize_options => %i[scope foo state], :scope => "bar", :foo => "baz")
53
53
  expect(instance.authorize_params["scope"]).to eq("bar")
54
54
  expect(instance.authorize_params["foo"]).to eq("baz")
55
+ expect(instance.authorize_params["state"]).not_to be_empty
55
56
  end
56
57
 
57
58
  it "includes random state in the authorize params" do
@@ -59,6 +60,19 @@ describe OmniAuth::Strategies::OAuth2 do
59
60
  expect(instance.authorize_params.keys).to eq(["state"])
60
61
  expect(instance.session["omniauth.state"]).not_to be_empty
61
62
  end
63
+
64
+ it "includes custom state in the authorize params" do
65
+ instance = subject.new("abc", "def", :state => proc { "qux" })
66
+ expect(instance.authorize_params.keys).to eq(["state"])
67
+ expect(instance.session["omniauth.state"]).to eq("qux")
68
+ end
69
+
70
+ it "includes PKCE parameters if enabled" do
71
+ instance = subject.new("abc", "def", :pkce => true)
72
+ expect(instance.authorize_params[:code_challenge]).to be_a(String)
73
+ expect(instance.authorize_params[:code_challenge_method]).to eq("S256")
74
+ expect(instance.session["omniauth.pkce.verifier"]).to be_a(String)
75
+ end
62
76
  end
63
77
 
64
78
  describe "#token_params" do
@@ -70,20 +84,60 @@ describe OmniAuth::Strategies::OAuth2 do
70
84
  end
71
85
 
72
86
  it "includes top-level options that are marked as :authorize_options" do
73
- instance = subject.new("abc", "def", :token_options => [:scope, :foo], :scope => "bar", :foo => "baz")
87
+ instance = subject.new("abc", "def", :token_options => %i[scope foo], :scope => "bar", :foo => "baz")
74
88
  expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
75
89
  end
90
+
91
+ it "includes the PKCE code_verifier if enabled" do
92
+ instance = subject.new("abc", "def", :pkce => true)
93
+ # setup session
94
+ instance.authorize_params
95
+ expect(instance.token_params[:code_verifier]).to be_a(String)
96
+ end
76
97
  end
77
98
 
78
99
  describe "#callback_phase" do
79
- subject { fresh_strategy }
80
- it "calls fail with the client error received" do
81
- instance = subject.new("abc", "def")
100
+ subject(:instance) { fresh_strategy.new("abc", "def") }
101
+
102
+ let(:params) { {"error_reason" => "user_denied", "error" => "access_denied", "state" => state} }
103
+ let(:state) { "secret" }
104
+
105
+ before do
82
106
  allow(instance).to receive(:request) do
83
- double("Request", :params => {"error_reason" => "user_denied", "error" => "access_denied"})
107
+ double("Request", :params => params)
84
108
  end
85
109
 
110
+ allow(instance).to receive(:session) do
111
+ double("Session", :delete => state)
112
+ end
113
+ end
114
+
115
+ it "calls fail with the error received" do
86
116
  expect(instance).to receive(:fail!).with("user_denied", anything)
117
+
118
+ instance.callback_phase
119
+ end
120
+
121
+ it "calls fail with the error received if state is missing and CSRF verification is disabled" do
122
+ params["state"] = nil
123
+ instance.options.provider_ignores_state = true
124
+
125
+ expect(instance).to receive(:fail!).with("user_denied", anything)
126
+
127
+ instance.callback_phase
128
+ end
129
+
130
+ it "calls fail with a CSRF error if the state is missing" do
131
+ params["state"] = nil
132
+
133
+ expect(instance).to receive(:fail!).with(:csrf_detected, anything)
134
+ instance.callback_phase
135
+ end
136
+
137
+ it "calls fail with a CSRF error if the state is invalid" do
138
+ params["state"] = "invalid"
139
+
140
+ expect(instance).to receive(:fail!).with(:csrf_detected, anything)
87
141
  instance.callback_phase
88
142
  end
89
143
  end
metadata CHANGED
@@ -1,85 +1,96 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.1
4
+ version: 1.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Bleigh
8
8
  - Erik Michaels-Ober
9
- autorequire:
9
+ - Tom Milewski
10
+ autorequire:
10
11
  bindir: bin
11
12
  cert_chain: []
12
- date: 2015-06-22 00:00:00.000000000 Z
13
+ date: 2022-06-18 00:00:00.000000000 Z
13
14
  dependencies:
14
15
  - !ruby/object:Gem::Dependency
15
16
  name: oauth2
16
17
  requirement: !ruby/object:Gem::Requirement
17
18
  requirements:
18
- - - "~>"
19
+ - - ">="
20
+ - !ruby/object:Gem::Version
21
+ version: '1.4'
22
+ - - "<"
19
23
  - !ruby/object:Gem::Version
20
- version: '1.0'
24
+ version: '3'
21
25
  type: :runtime
22
26
  prerelease: false
23
27
  version_requirements: !ruby/object:Gem::Requirement
24
28
  requirements:
25
- - - "~>"
29
+ - - ">="
30
+ - !ruby/object:Gem::Version
31
+ version: '1.4'
32
+ - - "<"
26
33
  - !ruby/object:Gem::Version
27
- version: '1.0'
34
+ version: '3'
28
35
  - !ruby/object:Gem::Dependency
29
36
  name: omniauth
30
37
  requirement: !ruby/object:Gem::Requirement
31
38
  requirements:
32
39
  - - "~>"
33
40
  - !ruby/object:Gem::Version
34
- version: '1.2'
41
+ version: '2.0'
35
42
  type: :runtime
36
43
  prerelease: false
37
44
  version_requirements: !ruby/object:Gem::Requirement
38
45
  requirements:
39
46
  - - "~>"
40
47
  - !ruby/object:Gem::Version
41
- version: '1.2'
48
+ version: '2.0'
42
49
  - !ruby/object:Gem::Dependency
43
50
  name: bundler
44
51
  requirement: !ruby/object:Gem::Requirement
45
52
  requirements:
46
53
  - - "~>"
47
54
  - !ruby/object:Gem::Version
48
- version: '1.0'
55
+ version: '2.0'
49
56
  type: :development
50
57
  prerelease: false
51
58
  version_requirements: !ruby/object:Gem::Requirement
52
59
  requirements:
53
60
  - - "~>"
54
61
  - !ruby/object:Gem::Version
55
- version: '1.0'
62
+ version: '2.0'
56
63
  description: An abstract OAuth2 strategy for OmniAuth.
57
64
  email:
58
65
  - michael@intridea.com
59
66
  - sferik@gmail.com
67
+ - tmilewski@gmail.com
60
68
  executables: []
61
69
  extensions: []
62
70
  extra_rdoc_files: []
63
71
  files:
72
+ - ".github/FUNDING.yml"
73
+ - ".github/workflows/main.yml"
64
74
  - ".gitignore"
65
75
  - ".rspec"
66
76
  - ".rubocop.yml"
67
- - ".travis.yml"
77
+ - CHANGELOG.md
68
78
  - Gemfile
69
79
  - LICENSE.md
70
80
  - README.md
71
81
  - Rakefile
82
+ - SECURITY.md
72
83
  - lib/omniauth-oauth2.rb
73
84
  - lib/omniauth-oauth2/version.rb
74
85
  - lib/omniauth/strategies/oauth2.rb
75
86
  - omniauth-oauth2.gemspec
76
87
  - spec/helper.rb
77
88
  - spec/omniauth/strategies/oauth2_spec.rb
78
- homepage: https://github.com/intridea/omniauth-oauth2
89
+ homepage: https://github.com/omniauth/omniauth-oauth2
79
90
  licenses:
80
91
  - MIT
81
92
  metadata: {}
82
- post_install_message:
93
+ post_install_message:
83
94
  rdoc_options: []
84
95
  require_paths:
85
96
  - lib
@@ -94,9 +105,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
94
105
  - !ruby/object:Gem::Version
95
106
  version: '0'
96
107
  requirements: []
97
- rubyforge_project:
98
- rubygems_version: 2.4.8
99
- signing_key:
108
+ rubygems_version: 3.2.32
109
+ signing_key:
100
110
  specification_version: 4
101
111
  summary: An abstract OAuth2 strategy for OmniAuth.
102
112
  test_files:
data/.travis.yml DELETED
@@ -1,22 +0,0 @@
1
- before_install: gem install bundler
2
- env:
3
- global:
4
- - JRUBY_OPTS="$JRUBY_OPTS --debug"
5
- language: ruby
6
- rvm:
7
- - 1.8.7
8
- - 1.9.3
9
- - 2.0.0
10
- - 2.1
11
- - 2.2
12
- - jruby-18mode
13
- - jruby-19mode
14
- - jruby-head
15
- - rbx-2
16
- - ruby-head
17
- matrix:
18
- allow_failures:
19
- - rvm: jruby-head
20
- - rvm: ruby-head
21
- fast_finish: true
22
- sudo: false