omniauth-oauth2 1.6.0 → 1.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 0e32b47809789079fefb676477c2068c5847c8c9
4
- data.tar.gz: 8bff0bfc6b4a45c5da7cb3a9eb93d3c20cacd4f2
2
+ SHA256:
3
+ metadata.gz: 35d242e59c9afdaf9936548a38aa617b67ff9d24be62bb019e3f2c448d0304a3
4
+ data.tar.gz: 0340fe1535cf2eddaa261a5306394b7a5381136df2f735c77fc4441eaeb8e107
5
5
  SHA512:
6
- metadata.gz: b5ffee16532d167a95ad5cf152cdddb219365da8ef87c6ff34c943cc999e02e25b0db2fb43a9067ec11659ad39108ebd1930aa44f55a94bcb5aba05befd3e427
7
- data.tar.gz: 4417d7eedb1880ba3af05f2cddedcfc894dc1f286b0760d98433dfffcbf51eff8725c371e6fd1f82ddb7a73d13fa87ee753e1fee03ee26a6dbed48ca6aee3884
6
+ metadata.gz: e87d41e2854c624939d2142654ab9adf11a7336a199d2cfc3790f3eaccc07a62a43715fbb07c9353bccc5160c2dd06369415da70f69e9ed8d980ef6d76b415bc
7
+ data.tar.gz: bae2d1d3f173a93cceb14809efdc72bba6c40373102e65da1df03881ba4799a4d18446e2de072da56572e94c73d807cffe00e55daaf7de370325563409798a5b
@@ -1,15 +1,34 @@
1
+ AllCops:
2
+ NewCops: enable
3
+
4
+ Gemspec/RequiredRubyVersion:
5
+ Enabled: false
6
+
1
7
  Layout/AccessModifierIndentation:
2
8
  EnforcedStyle: outdent
3
9
 
10
+ Layout/LineLength:
11
+ AllowURI: true
12
+ Enabled: false
13
+
4
14
  Layout/SpaceInsideHashLiteralBraces:
5
15
  EnforcedStyle: no_space
6
16
 
17
+ Lint/MissingSuper:
18
+ Enabled: false
19
+
20
+ Metrics/AbcSize:
21
+ Max: 18
22
+
23
+ Metrics/BlockLength:
24
+ Exclude:
25
+ - spec/omniauth/strategies/oauth2_spec.rb
26
+
7
27
  Metrics/BlockNesting:
8
28
  Max: 2
9
29
 
10
- Metrics/LineLength:
11
- AllowURI: true
12
- Enabled: false
30
+ Metrics/ClassLength:
31
+ Max: 110
13
32
 
14
33
  Metrics/MethodLength:
15
34
  CountComments: false
@@ -19,6 +38,10 @@ Metrics/ParameterLists:
19
38
  Max: 4
20
39
  CountKeywordArgs: true
21
40
 
41
+ Naming/FileName:
42
+ Exclude:
43
+ - lib/omniauth-oauth2.rb
44
+
22
45
  Style/CollectionMethods:
23
46
  PreferredMethods:
24
47
  map: 'collect'
@@ -35,6 +58,9 @@ Style/DoubleNegation:
35
58
  Style/ExpandPathArguments:
36
59
  Enabled: false
37
60
 
61
+ Style/FrozenStringLiteralComment:
62
+ Enabled: false
63
+
38
64
  Style/HashSyntax:
39
65
  EnforcedStyle: hash_rockets
40
66
 
@@ -52,4 +78,3 @@ Style/TrailingCommaInHashLiteral:
52
78
 
53
79
  Style/TrailingCommaInArrayLiteral:
54
80
  EnforcedStyleForMultiline: comma
55
-
@@ -9,8 +9,6 @@ env:
9
9
  language: ruby
10
10
  rvm:
11
11
  - jruby-9000
12
- - 2.2.9
13
- - 2.3.5
14
12
  - 2.4.4
15
13
  - 2.5.3
16
14
  - jruby-head
data/README.md CHANGED
@@ -2,16 +2,14 @@
2
2
 
3
3
  [![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
4
4
  [![Build Status](http://img.shields.io/travis/omniauth/omniauth-oauth2.svg)][travis]
5
- [![Dependency Status](http://img.shields.io/gemnasium/omniauth/omniauth-oauth2.svg)][gemnasium]
6
- [![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth-oauth2.svg)][codeclimate]
5
+ [![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
7
6
  [![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
8
7
  [![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
9
8
 
10
9
  [gem]: https://rubygems.org/gems/omniauth-oauth2
11
10
  [travis]: http://travis-ci.org/omniauth/omniauth-oauth2
12
- [gemnasium]: https://gemnasium.com/github.com/omniauth/omniauth-oauth2
13
- [codeclimate]: https://codeclimate.com/github/omniauth/omniauth-oauth2
14
- [coveralls]: https://coveralls.io/r/omniauth/omniauth-oauth2
11
+ [codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
12
+ [coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
15
13
 
16
14
  This gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve
17
15
  as a building block strategy for other strategies and not to be used
@@ -34,6 +32,10 @@ module OmniAuth
34
32
  # This is where you pass the options you would pass when
35
33
  # initializing your consumer from the OAuth gem.
36
34
  option :client_options, {:site => "https://api.somesite.com"}
35
+
36
+ # You may specify that your strategy should use PKCE by setting
37
+ # the pkce option to true: https://tools.ietf.org/html/rfc7636
38
+ option :pkce, true
37
39
 
38
40
  # These are called after authentication has succeeded. If
39
41
  # possible, you should try to set the UID without making
@@ -64,4 +66,3 @@ end
64
66
  ```
65
67
 
66
68
  That's pretty much it!
67
-
data/Rakefile CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env rake
2
+
2
3
  require "bundler/gem_tasks"
3
4
  require "rspec/core/rake_task"
4
5
 
@@ -1,2 +1,2 @@
1
- require "omniauth-oauth2/version" # rubocop:disable FileName
1
+ require "omniauth-oauth2/version"
2
2
  require "omniauth/strategies/oauth2"
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module OAuth2
3
- VERSION = "1.6.0".freeze
3
+ VERSION = "1.7.0".freeze
4
4
  end
5
5
  end
@@ -24,11 +24,22 @@ module OmniAuth
24
24
  option :client_secret, nil
25
25
  option :client_options, {}
26
26
  option :authorize_params, {}
27
- option :authorize_options, [:scope]
27
+ option :authorize_options, %i[scope state]
28
28
  option :token_params, {}
29
29
  option :token_options, []
30
30
  option :auth_token_params, {}
31
31
  option :provider_ignores_state, false
32
+ option :pkce, false
33
+ option :pkce_verifier, nil
34
+ option :pkce_options, {
35
+ :code_challenge => proc { |verifier|
36
+ Base64.urlsafe_encode64(
37
+ Digest::SHA2.digest(verifier),
38
+ :padding => false,
39
+ )
40
+ },
41
+ :code_challenge_method => "S256",
42
+ }
32
43
 
33
44
  attr_accessor :access_token
34
45
 
@@ -48,22 +59,29 @@ module OmniAuth
48
59
  redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
49
60
  end
50
61
 
51
- def authorize_params
62
+ def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
52
63
  options.authorize_params[:state] = SecureRandom.hex(24)
53
- params = options.authorize_params.merge(options_for("authorize"))
64
+
54
65
  if OmniAuth.config.test_mode
55
66
  @env ||= {}
56
67
  @env["rack.session"] ||= {}
57
68
  end
69
+
70
+ params = options.authorize_params
71
+ .merge(options_for("authorize"))
72
+ .merge(pkce_authorize_params)
73
+
74
+ session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
58
75
  session["omniauth.state"] = params[:state]
76
+
59
77
  params
60
78
  end
61
79
 
62
80
  def token_params
63
- options.token_params.merge(options_for("token"))
81
+ options.token_params.merge(options_for("token")).merge(pkce_token_params)
64
82
  end
65
83
 
66
- def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
84
+ def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
67
85
  error = request.params["error_reason"] || request.params["error"]
68
86
  if error
69
87
  fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
@@ -84,23 +102,44 @@ module OmniAuth
84
102
 
85
103
  protected
86
104
 
105
+ def pkce_authorize_params
106
+ return {} unless options.pkce
107
+
108
+ options.pkce_verifier = SecureRandom.hex(64)
109
+
110
+ # NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
111
+ {
112
+ :code_challenge => options.pkce_options[:code_challenge]
113
+ .call(options.pkce_verifier),
114
+ :code_challenge_method => options.pkce_options[:code_challenge_method],
115
+ }
116
+ end
117
+
118
+ def pkce_token_params
119
+ return {} unless options.pkce
120
+
121
+ {:code_verifier => session.delete("omniauth.pkce.verifier")}
122
+ end
123
+
87
124
  def build_access_token
88
125
  verifier = request.params["code"]
89
126
  client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
90
127
  end
91
128
 
92
129
  def deep_symbolize(options)
93
- hash = {}
94
- options.each do |key, value|
130
+ options.each_with_object({}) do |(key, value), hash|
95
131
  hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
96
132
  end
97
- hash
98
133
  end
99
134
 
100
135
  def options_for(option)
101
136
  hash = {}
102
137
  options.send(:"#{option}_options").select { |key| options[key] }.each do |key|
103
- hash[key.to_sym] = options[key]
138
+ hash[key.to_sym] = if options[key].respond_to?(:call)
139
+ options[key].call(env)
140
+ else
141
+ options[key]
142
+ end
104
143
  end
105
144
  hash
106
145
  end
@@ -3,10 +3,10 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
  require "omniauth-oauth2/version"
4
4
 
5
5
  Gem::Specification.new do |gem|
6
- gem.add_dependency "oauth2", "~> 1.1"
6
+ gem.add_dependency "oauth2", "~> 1.4"
7
7
  gem.add_dependency "omniauth", "~> 1.9"
8
8
 
9
- gem.add_development_dependency "bundler", "~> 1.0"
9
+ gem.add_development_dependency "bundler", "~> 2.0"
10
10
 
11
11
  gem.authors = ["Michael Bleigh", "Erik Michaels-Ober", "Tom Milewski"]
12
12
  gem.email = ["michael@intridea.com", "sferik@gmail.com", "tmilewski@gmail.com"]
@@ -1,6 +1,6 @@
1
1
  require "helper"
2
2
 
3
- describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
3
+ describe OmniAuth::Strategies::OAuth2 do
4
4
  def app
5
5
  lambda do |_env|
6
6
  [200, {}, ["Hello."]]
@@ -52,6 +52,7 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
52
52
  instance = subject.new("abc", "def", :authorize_options => %i[scope foo state], :scope => "bar", :foo => "baz")
53
53
  expect(instance.authorize_params["scope"]).to eq("bar")
54
54
  expect(instance.authorize_params["foo"]).to eq("baz")
55
+ expect(instance.authorize_params["state"]).not_to be_empty
55
56
  end
56
57
 
57
58
  it "includes random state in the authorize params" do
@@ -59,6 +60,19 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
59
60
  expect(instance.authorize_params.keys).to eq(["state"])
60
61
  expect(instance.session["omniauth.state"]).not_to be_empty
61
62
  end
63
+
64
+ it "includes custom state in the authorize params" do
65
+ instance = subject.new("abc", "def", :state => proc { "qux" })
66
+ expect(instance.authorize_params.keys).to eq(["state"])
67
+ expect(instance.session["omniauth.state"]).to eq("qux")
68
+ end
69
+
70
+ it "includes PKCE parameters if enabled" do
71
+ instance = subject.new("abc", "def", :pkce => true)
72
+ expect(instance.authorize_params[:code_challenge]).to be_a(String)
73
+ expect(instance.authorize_params[:code_challenge_method]).to eq("S256")
74
+ expect(instance.session["omniauth.pkce.verifier"]).to be_a(String)
75
+ end
62
76
  end
63
77
 
64
78
  describe "#token_params" do
@@ -73,6 +87,13 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
73
87
  instance = subject.new("abc", "def", :token_options => %i[scope foo], :scope => "bar", :foo => "baz")
74
88
  expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
75
89
  end
90
+
91
+ it "includes the PKCE code_verifier if enabled" do
92
+ instance = subject.new("abc", "def", :pkce => true)
93
+ # setup session
94
+ instance.authorize_params
95
+ expect(instance.token_params[:code_verifier]).to be_a(String)
96
+ end
76
97
  end
77
98
 
78
99
  describe "#callback_phase" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.0
4
+ version: 1.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Bleigh
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2018-12-14 00:00:00.000000000 Z
13
+ date: 2020-08-11 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: oauth2
@@ -18,14 +18,14 @@ dependencies:
18
18
  requirements:
19
19
  - - "~>"
20
20
  - !ruby/object:Gem::Version
21
- version: '1.1'
21
+ version: '1.4'
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
26
  - - "~>"
27
27
  - !ruby/object:Gem::Version
28
- version: '1.1'
28
+ version: '1.4'
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: omniauth
31
31
  requirement: !ruby/object:Gem::Requirement
@@ -46,14 +46,14 @@ dependencies:
46
46
  requirements:
47
47
  - - "~>"
48
48
  - !ruby/object:Gem::Version
49
- version: '1.0'
49
+ version: '2.0'
50
50
  type: :development
51
51
  prerelease: false
52
52
  version_requirements: !ruby/object:Gem::Requirement
53
53
  requirements:
54
54
  - - "~>"
55
55
  - !ruby/object:Gem::Version
56
- version: '1.0'
56
+ version: '2.0'
57
57
  description: An abstract OAuth2 strategy for OmniAuth.
58
58
  email:
59
59
  - michael@intridea.com
@@ -96,8 +96,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
96
96
  - !ruby/object:Gem::Version
97
97
  version: '0'
98
98
  requirements: []
99
- rubyforge_project:
100
- rubygems_version: 2.6.11
99
+ rubygems_version: 3.0.0
101
100
  signing_key:
102
101
  specification_version: 4
103
102
  summary: An abstract OAuth2 strategy for OmniAuth.