omniauth-oauth2 1.6.0 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0e32b47809789079fefb676477c2068c5847c8c9
-  data.tar.gz: 8bff0bfc6b4a45c5da7cb3a9eb93d3c20cacd4f2
+SHA256:
+  metadata.gz: 35d242e59c9afdaf9936548a38aa617b67ff9d24be62bb019e3f2c448d0304a3
+  data.tar.gz: 0340fe1535cf2eddaa261a5306394b7a5381136df2f735c77fc4441eaeb8e107
 SHA512:
-  metadata.gz: b5ffee16532d167a95ad5cf152cdddb219365da8ef87c6ff34c943cc999e02e25b0db2fb43a9067ec11659ad39108ebd1930aa44f55a94bcb5aba05befd3e427
-  data.tar.gz: 4417d7eedb1880ba3af05f2cddedcfc894dc1f286b0760d98433dfffcbf51eff8725c371e6fd1f82ddb7a73d13fa87ee753e1fee03ee26a6dbed48ca6aee3884
+  metadata.gz: e87d41e2854c624939d2142654ab9adf11a7336a199d2cfc3790f3eaccc07a62a43715fbb07c9353bccc5160c2dd06369415da70f69e9ed8d980ef6d76b415bc
+  data.tar.gz: bae2d1d3f173a93cceb14809efdc72bba6c40373102e65da1df03881ba4799a4d18446e2de072da56572e94c73d807cffe00e55daaf7de370325563409798a5b

data/.rubocop.yml

@@ -1,15 +1,34 @@
+AllCops:
+  NewCops: enable
+
+Gemspec/RequiredRubyVersion:
+  Enabled: false
+
 Layout/AccessModifierIndentation:
   EnforcedStyle: outdent
 
+Layout/LineLength:
+  AllowURI: true
+  Enabled: false
+
 Layout/SpaceInsideHashLiteralBraces:
   EnforcedStyle: no_space
 
+Lint/MissingSuper:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 18
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/omniauth/strategies/oauth2_spec.rb
+
 Metrics/BlockNesting:
   Max: 2
 
-Metrics/LineLength:
-  AllowURI: true
-  Enabled: false
+Metrics/ClassLength:
+  Max: 110
 
 Metrics/MethodLength:
   CountComments: false
@@ -19,6 +38,10 @@ Metrics/ParameterLists:
   Max: 4
   CountKeywordArgs: true
 
+Naming/FileName:
+  Exclude:
+    - lib/omniauth-oauth2.rb
+
 Style/CollectionMethods:
   PreferredMethods:
     map:      'collect'
@@ -35,6 +58,9 @@ Style/DoubleNegation:
 Style/ExpandPathArguments:
   Enabled: false
 
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
 Style/HashSyntax:
   EnforcedStyle: hash_rockets
 
@@ -52,4 +78,3 @@ Style/TrailingCommaInHashLiteral:
 
 Style/TrailingCommaInArrayLiteral:
   EnforcedStyleForMultiline: comma
-  

data/.travis.yml

@@ -9,8 +9,6 @@ env:
 language: ruby
 rvm:
   - jruby-9000
-  - 2.2.9
-  - 2.3.5
   - 2.4.4
   - 2.5.3
   - jruby-head

data/README.md

@@ -2,16 +2,14 @@
 
 [![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
 [![Build Status](http://img.shields.io/travis/omniauth/omniauth-oauth2.svg)][travis]
-[![Dependency Status](http://img.shields.io/gemnasium/omniauth/omniauth-oauth2.svg)][gemnasium]
-[![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth-oauth2.svg)][codeclimate]
+[![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
 [![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
 [![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
 
 [gem]: https://rubygems.org/gems/omniauth-oauth2
 [travis]: http://travis-ci.org/omniauth/omniauth-oauth2
-[gemnasium]: https://gemnasium.com/github.com/omniauth/omniauth-oauth2
-[codeclimate]: https://codeclimate.com/github/omniauth/omniauth-oauth2
-[coveralls]: https://coveralls.io/r/omniauth/omniauth-oauth2
+[codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
+[coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
 
 This gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve
 as a building block strategy for other strategies and not to be used
@@ -34,6 +32,10 @@ module OmniAuth
       # This is where you pass the options you would pass when
       # initializing your consumer from the OAuth gem.
       option :client_options, {:site => "https://api.somesite.com"}
+      
+      # You may specify that your strategy should use PKCE by setting
+      # the pkce option to true: https://tools.ietf.org/html/rfc7636
+      option :pkce, true
 
       # These are called after authentication has succeeded. If
       # possible, you should try to set the UID without making
@@ -64,4 +66,3 @@ end
 ```
 
 That's pretty much it!
-

data/Rakefile

@@ -1,4 +1,5 @@
 #!/usr/bin/env rake
+
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 

data/lib/omniauth-oauth2.rb

@@ -1,2 +1,2 @@
-require "omniauth-oauth2/version" # rubocop:disable FileName
+require "omniauth-oauth2/version"
 require "omniauth/strategies/oauth2"

data/lib/omniauth-oauth2/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module OAuth2
-    VERSION = "1.6.0".freeze
+    VERSION = "1.7.0".freeze
   end
 end

data/lib/omniauth/strategies/oauth2.rb

@@ -24,11 +24,22 @@ module OmniAuth
       option :client_secret, nil
       option :client_options, {}
       option :authorize_params, {}
-      option :authorize_options, [:scope]
+      option :authorize_options, %i[scope state]
       option :token_params, {}
       option :token_options, []
       option :auth_token_params, {}
       option :provider_ignores_state, false
+      option :pkce, false
+      option :pkce_verifier, nil
+      option :pkce_options, {
+        :code_challenge => proc { |verifier|
+          Base64.urlsafe_encode64(
+            Digest::SHA2.digest(verifier),
+            :padding => false,
+          )
+        },
+        :code_challenge_method => "S256",
+      }
 
       attr_accessor :access_token
 
@@ -48,22 +59,29 @@ module OmniAuth
         redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
       end
 
-      def authorize_params
+      def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
         options.authorize_params[:state] = SecureRandom.hex(24)
-        params = options.authorize_params.merge(options_for("authorize"))
+
         if OmniAuth.config.test_mode
           @env ||= {}
           @env["rack.session"] ||= {}
         end
+
+        params = options.authorize_params
+                        .merge(options_for("authorize"))
+                        .merge(pkce_authorize_params)
+
+        session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
         session["omniauth.state"] = params[:state]
+
         params
       end
 
       def token_params
-        options.token_params.merge(options_for("token"))
+        options.token_params.merge(options_for("token")).merge(pkce_token_params)
       end
 
-      def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
+      def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
         error = request.params["error_reason"] || request.params["error"]
         if error
           fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
@@ -84,23 +102,44 @@ module OmniAuth
 
     protected
 
+      def pkce_authorize_params
+        return {} unless options.pkce
+
+        options.pkce_verifier = SecureRandom.hex(64)
+
+        # NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
+        {
+          :code_challenge => options.pkce_options[:code_challenge]
+                                    .call(options.pkce_verifier),
+          :code_challenge_method => options.pkce_options[:code_challenge_method],
+        }
+      end
+
+      def pkce_token_params
+        return {} unless options.pkce
+
+        {:code_verifier => session.delete("omniauth.pkce.verifier")}
+      end
+
       def build_access_token
         verifier = request.params["code"]
         client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
       end
 
       def deep_symbolize(options)
-        hash = {}
-        options.each do |key, value|
+        options.each_with_object({}) do |(key, value), hash|
           hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
         end
-        hash
       end
 
       def options_for(option)
         hash = {}
         options.send(:"#{option}_options").select { |key| options[key] }.each do |key|
-          hash[key.to_sym] = options[key]
+          hash[key.to_sym] = if options[key].respond_to?(:call)
+                               options[key].call(env)
+                             else
+                               options[key]
+                             end
         end
         hash
       end

data/omniauth-oauth2.gemspec

@@ -3,10 +3,10 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "omniauth-oauth2/version"
 
 Gem::Specification.new do |gem|
-  gem.add_dependency "oauth2",     "~> 1.1"
+  gem.add_dependency "oauth2",     "~> 1.4"
   gem.add_dependency "omniauth",   "~> 1.9"
 
-  gem.add_development_dependency "bundler", "~> 1.0"
+  gem.add_development_dependency "bundler", "~> 2.0"
 
   gem.authors       = ["Michael Bleigh", "Erik Michaels-Ober", "Tom Milewski"]
   gem.email         = ["michael@intridea.com", "sferik@gmail.com", "tmilewski@gmail.com"]

data/spec/omniauth/strategies/oauth2_spec.rb

@@ -1,6 +1,6 @@
 require "helper"
 
-describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
+describe OmniAuth::Strategies::OAuth2 do
   def app
     lambda do |_env|
       [200, {}, ["Hello."]]
@@ -52,6 +52,7 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
       instance = subject.new("abc", "def", :authorize_options => %i[scope foo state], :scope => "bar", :foo => "baz")
       expect(instance.authorize_params["scope"]).to eq("bar")
       expect(instance.authorize_params["foo"]).to eq("baz")
+      expect(instance.authorize_params["state"]).not_to be_empty
     end
 
     it "includes random state in the authorize params" do
@@ -59,6 +60,19 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
       expect(instance.authorize_params.keys).to eq(["state"])
       expect(instance.session["omniauth.state"]).not_to be_empty
     end
+
+    it "includes custom state in the authorize params" do
+      instance = subject.new("abc", "def", :state => proc { "qux" })
+      expect(instance.authorize_params.keys).to eq(["state"])
+      expect(instance.session["omniauth.state"]).to eq("qux")
+    end
+
+    it "includes PKCE parameters if enabled" do
+      instance = subject.new("abc", "def", :pkce => true)
+      expect(instance.authorize_params[:code_challenge]).to be_a(String)
+      expect(instance.authorize_params[:code_challenge_method]).to eq("S256")
+      expect(instance.session["omniauth.pkce.verifier"]).to be_a(String)
+    end
   end
 
   describe "#token_params" do
@@ -73,6 +87,13 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
       instance = subject.new("abc", "def", :token_options => %i[scope foo], :scope => "bar", :foo => "baz")
       expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
     end
+
+    it "includes the PKCE code_verifier if enabled" do
+      instance = subject.new("abc", "def", :pkce => true)
+      # setup session
+      instance.authorize_params
+      expect(instance.token_params[:code_verifier]).to be_a(String)
+    end
   end
 
   describe "#callback_phase" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.7.0
 platform: ruby
 authors:
 - Michael Bleigh
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-14 00:00:00.000000000 Z
+date: 2020-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oauth2
@@ -18,14 +18,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
@@ -46,14 +46,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
 description: An abstract OAuth2 strategy for OmniAuth.
 email:
 - michael@intridea.com
@@ -96,8 +96,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 3.0.0
 signing_key: 
 specification_version: 4
 summary: An abstract OAuth2 strategy for OmniAuth.