omniauth-oauth2 1.6.0 → 1.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/workflows/main.yml +49 -0
- data/.rubocop.yml +29 -4
- data/.travis.yml +1 -2
- data/README.md +7 -6
- data/Rakefile +1 -0
- data/lib/omniauth-oauth2.rb +1 -1
- data/lib/omniauth-oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/oauth2.rb +48 -9
- data/omniauth-oauth2.gemspec +3 -3
- data/spec/omniauth/strategies/oauth2_spec.rb +22 -1
- metadata +16 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: '0496e01a0a03c432891358ac0bbe4ed744560f47c88c2cc32a999feafc78e576'
|
4
|
+
data.tar.gz: 6196ba4a1880c328392de4e145434fccf1c4a64fdbc8f87c94ffc2e274bb509b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5db83ecb687e9fe790f3c76f3c831aac7a6e2e444e97cf532b08629caf27400bbc242e474c50ba07d1d7e1a39dce6468a62e751981069e191483d5f99bd009d8
|
7
|
+
data.tar.gz: 3b66b0a2813184f867646699823b7434a4d7b9ce08594c6eaded5b4b37b965bc6cbae932087fe1bfd446fb126e3245d8b5fe0ec47798ef8f81083f251933d1a9
|
@@ -0,0 +1,49 @@
|
|
1
|
+
name: Ruby
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [ master ]
|
6
|
+
pull_request:
|
7
|
+
branches: [ master ]
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
test:
|
11
|
+
runs-on: ubuntu-18.04
|
12
|
+
strategy:
|
13
|
+
fail-fast: false
|
14
|
+
matrix:
|
15
|
+
os: [ubuntu, macos]
|
16
|
+
ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
|
17
|
+
steps:
|
18
|
+
- uses: actions/checkout@v2
|
19
|
+
- name: Set up Ruby
|
20
|
+
uses: ruby/setup-ruby@v1
|
21
|
+
with:
|
22
|
+
ruby-version: ${{ matrix.ruby }}
|
23
|
+
bundler-cache: true
|
24
|
+
- name: Install dependencies
|
25
|
+
run: bundle install
|
26
|
+
- name: Run tests
|
27
|
+
run: bundle exec rake
|
28
|
+
test-jruby:
|
29
|
+
runs-on: ubuntu-18.04
|
30
|
+
strategy:
|
31
|
+
fail-fast: false
|
32
|
+
matrix:
|
33
|
+
os: [ubuntu, macos]
|
34
|
+
jruby: [jruby, jruby-head]
|
35
|
+
steps:
|
36
|
+
- uses: actions/checkout@v2
|
37
|
+
- name: Set up Ruby
|
38
|
+
uses: ruby/setup-ruby@v1
|
39
|
+
with:
|
40
|
+
ruby-version: ${{ matrix.jruby }}
|
41
|
+
bundler-cache: true
|
42
|
+
- name: Install dependencies
|
43
|
+
env:
|
44
|
+
JRUBY_OPTS: --debug
|
45
|
+
run: bundle install
|
46
|
+
- name: Run tests
|
47
|
+
env:
|
48
|
+
JRUBY_OPTS: --debug
|
49
|
+
run: bundle exec rake
|
data/.rubocop.yml
CHANGED
@@ -1,15 +1,34 @@
|
|
1
|
+
AllCops:
|
2
|
+
NewCops: enable
|
3
|
+
|
4
|
+
Gemspec/RequiredRubyVersion:
|
5
|
+
Enabled: false
|
6
|
+
|
1
7
|
Layout/AccessModifierIndentation:
|
2
8
|
EnforcedStyle: outdent
|
3
9
|
|
10
|
+
Layout/LineLength:
|
11
|
+
AllowURI: true
|
12
|
+
Enabled: false
|
13
|
+
|
4
14
|
Layout/SpaceInsideHashLiteralBraces:
|
5
15
|
EnforcedStyle: no_space
|
6
16
|
|
17
|
+
Lint/MissingSuper:
|
18
|
+
Enabled: false
|
19
|
+
|
20
|
+
Metrics/AbcSize:
|
21
|
+
Max: 18
|
22
|
+
|
23
|
+
Metrics/BlockLength:
|
24
|
+
Exclude:
|
25
|
+
- spec/omniauth/strategies/oauth2_spec.rb
|
26
|
+
|
7
27
|
Metrics/BlockNesting:
|
8
28
|
Max: 2
|
9
29
|
|
10
|
-
Metrics/
|
11
|
-
|
12
|
-
Enabled: false
|
30
|
+
Metrics/ClassLength:
|
31
|
+
Max: 110
|
13
32
|
|
14
33
|
Metrics/MethodLength:
|
15
34
|
CountComments: false
|
@@ -19,6 +38,10 @@ Metrics/ParameterLists:
|
|
19
38
|
Max: 4
|
20
39
|
CountKeywordArgs: true
|
21
40
|
|
41
|
+
Naming/FileName:
|
42
|
+
Exclude:
|
43
|
+
- lib/omniauth-oauth2.rb
|
44
|
+
|
22
45
|
Style/CollectionMethods:
|
23
46
|
PreferredMethods:
|
24
47
|
map: 'collect'
|
@@ -35,6 +58,9 @@ Style/DoubleNegation:
|
|
35
58
|
Style/ExpandPathArguments:
|
36
59
|
Enabled: false
|
37
60
|
|
61
|
+
Style/FrozenStringLiteralComment:
|
62
|
+
Enabled: false
|
63
|
+
|
38
64
|
Style/HashSyntax:
|
39
65
|
EnforcedStyle: hash_rockets
|
40
66
|
|
@@ -52,4 +78,3 @@ Style/TrailingCommaInHashLiteral:
|
|
52
78
|
|
53
79
|
Style/TrailingCommaInArrayLiteral:
|
54
80
|
EnforcedStyleForMultiline: comma
|
55
|
-
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -2,16 +2,14 @@
|
|
2
2
|
|
3
3
|
[][gem]
|
4
4
|
[][travis]
|
5
|
-
[][codeclimate]
|
5
|
+
[][codeclimate]
|
7
6
|
[][coveralls]
|
8
7
|
[](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
|
9
8
|
|
10
9
|
[gem]: https://rubygems.org/gems/omniauth-oauth2
|
11
10
|
[travis]: http://travis-ci.org/omniauth/omniauth-oauth2
|
12
|
-
[
|
13
|
-
[
|
14
|
-
[coveralls]: https://coveralls.io/r/omniauth/omniauth-oauth2
|
11
|
+
[codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
|
12
|
+
[coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
|
15
13
|
|
16
14
|
This gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve
|
17
15
|
as a building block strategy for other strategies and not to be used
|
@@ -34,6 +32,10 @@ module OmniAuth
|
|
34
32
|
# This is where you pass the options you would pass when
|
35
33
|
# initializing your consumer from the OAuth gem.
|
36
34
|
option :client_options, {:site => "https://api.somesite.com"}
|
35
|
+
|
36
|
+
# You may specify that your strategy should use PKCE by setting
|
37
|
+
# the pkce option to true: https://tools.ietf.org/html/rfc7636
|
38
|
+
option :pkce, true
|
37
39
|
|
38
40
|
# These are called after authentication has succeeded. If
|
39
41
|
# possible, you should try to set the UID without making
|
@@ -64,4 +66,3 @@ end
|
|
64
66
|
```
|
65
67
|
|
66
68
|
That's pretty much it!
|
67
|
-
|
data/Rakefile
CHANGED
data/lib/omniauth-oauth2.rb
CHANGED
@@ -1,2 +1,2 @@
|
|
1
|
-
require "omniauth-oauth2/version"
|
1
|
+
require "omniauth-oauth2/version"
|
2
2
|
require "omniauth/strategies/oauth2"
|
@@ -24,11 +24,22 @@ module OmniAuth
|
|
24
24
|
option :client_secret, nil
|
25
25
|
option :client_options, {}
|
26
26
|
option :authorize_params, {}
|
27
|
-
option :authorize_options, [
|
27
|
+
option :authorize_options, %i[scope state]
|
28
28
|
option :token_params, {}
|
29
29
|
option :token_options, []
|
30
30
|
option :auth_token_params, {}
|
31
31
|
option :provider_ignores_state, false
|
32
|
+
option :pkce, false
|
33
|
+
option :pkce_verifier, nil
|
34
|
+
option :pkce_options, {
|
35
|
+
:code_challenge => proc { |verifier|
|
36
|
+
Base64.urlsafe_encode64(
|
37
|
+
Digest::SHA2.digest(verifier),
|
38
|
+
:padding => false,
|
39
|
+
)
|
40
|
+
},
|
41
|
+
:code_challenge_method => "S256",
|
42
|
+
}
|
32
43
|
|
33
44
|
attr_accessor :access_token
|
34
45
|
|
@@ -48,22 +59,29 @@ module OmniAuth
|
|
48
59
|
redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
|
49
60
|
end
|
50
61
|
|
51
|
-
def authorize_params
|
62
|
+
def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
52
63
|
options.authorize_params[:state] = SecureRandom.hex(24)
|
53
|
-
|
64
|
+
|
54
65
|
if OmniAuth.config.test_mode
|
55
66
|
@env ||= {}
|
56
67
|
@env["rack.session"] ||= {}
|
57
68
|
end
|
69
|
+
|
70
|
+
params = options.authorize_params
|
71
|
+
.merge(options_for("authorize"))
|
72
|
+
.merge(pkce_authorize_params)
|
73
|
+
|
74
|
+
session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
|
58
75
|
session["omniauth.state"] = params[:state]
|
76
|
+
|
59
77
|
params
|
60
78
|
end
|
61
79
|
|
62
80
|
def token_params
|
63
|
-
options.token_params.merge(options_for("token"))
|
81
|
+
options.token_params.merge(options_for("token")).merge(pkce_token_params)
|
64
82
|
end
|
65
83
|
|
66
|
-
def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
|
84
|
+
def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
|
67
85
|
error = request.params["error_reason"] || request.params["error"]
|
68
86
|
if error
|
69
87
|
fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
|
@@ -84,23 +102,44 @@ module OmniAuth
|
|
84
102
|
|
85
103
|
protected
|
86
104
|
|
105
|
+
def pkce_authorize_params
|
106
|
+
return {} unless options.pkce
|
107
|
+
|
108
|
+
options.pkce_verifier = SecureRandom.hex(64)
|
109
|
+
|
110
|
+
# NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
|
111
|
+
{
|
112
|
+
:code_challenge => options.pkce_options[:code_challenge]
|
113
|
+
.call(options.pkce_verifier),
|
114
|
+
:code_challenge_method => options.pkce_options[:code_challenge_method],
|
115
|
+
}
|
116
|
+
end
|
117
|
+
|
118
|
+
def pkce_token_params
|
119
|
+
return {} unless options.pkce
|
120
|
+
|
121
|
+
{:code_verifier => session.delete("omniauth.pkce.verifier")}
|
122
|
+
end
|
123
|
+
|
87
124
|
def build_access_token
|
88
125
|
verifier = request.params["code"]
|
89
126
|
client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
|
90
127
|
end
|
91
128
|
|
92
129
|
def deep_symbolize(options)
|
93
|
-
|
94
|
-
options.each do |key, value|
|
130
|
+
options.each_with_object({}) do |(key, value), hash|
|
95
131
|
hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
|
96
132
|
end
|
97
|
-
hash
|
98
133
|
end
|
99
134
|
|
100
135
|
def options_for(option)
|
101
136
|
hash = {}
|
102
137
|
options.send(:"#{option}_options").select { |key| options[key] }.each do |key|
|
103
|
-
hash[key.to_sym] = options[key]
|
138
|
+
hash[key.to_sym] = if options[key].respond_to?(:call)
|
139
|
+
options[key].call(env)
|
140
|
+
else
|
141
|
+
options[key]
|
142
|
+
end
|
104
143
|
end
|
105
144
|
hash
|
106
145
|
end
|
data/omniauth-oauth2.gemspec
CHANGED
@@ -3,10 +3,10 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
3
3
|
require "omniauth-oauth2/version"
|
4
4
|
|
5
5
|
Gem::Specification.new do |gem|
|
6
|
-
gem.add_dependency "oauth2", "~> 1.
|
7
|
-
gem.add_dependency "omniauth", "
|
6
|
+
gem.add_dependency "oauth2", "~> 1.4"
|
7
|
+
gem.add_dependency "omniauth", [">= 1.9", "< 3"]
|
8
8
|
|
9
|
-
gem.add_development_dependency "bundler", "~>
|
9
|
+
gem.add_development_dependency "bundler", "~> 2.0"
|
10
10
|
|
11
11
|
gem.authors = ["Michael Bleigh", "Erik Michaels-Ober", "Tom Milewski"]
|
12
12
|
gem.email = ["michael@intridea.com", "sferik@gmail.com", "tmilewski@gmail.com"]
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require "helper"
|
2
2
|
|
3
|
-
describe OmniAuth::Strategies::OAuth2 do
|
3
|
+
describe OmniAuth::Strategies::OAuth2 do
|
4
4
|
def app
|
5
5
|
lambda do |_env|
|
6
6
|
[200, {}, ["Hello."]]
|
@@ -52,6 +52,7 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
|
|
52
52
|
instance = subject.new("abc", "def", :authorize_options => %i[scope foo state], :scope => "bar", :foo => "baz")
|
53
53
|
expect(instance.authorize_params["scope"]).to eq("bar")
|
54
54
|
expect(instance.authorize_params["foo"]).to eq("baz")
|
55
|
+
expect(instance.authorize_params["state"]).not_to be_empty
|
55
56
|
end
|
56
57
|
|
57
58
|
it "includes random state in the authorize params" do
|
@@ -59,6 +60,19 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
|
|
59
60
|
expect(instance.authorize_params.keys).to eq(["state"])
|
60
61
|
expect(instance.session["omniauth.state"]).not_to be_empty
|
61
62
|
end
|
63
|
+
|
64
|
+
it "includes custom state in the authorize params" do
|
65
|
+
instance = subject.new("abc", "def", :state => proc { "qux" })
|
66
|
+
expect(instance.authorize_params.keys).to eq(["state"])
|
67
|
+
expect(instance.session["omniauth.state"]).to eq("qux")
|
68
|
+
end
|
69
|
+
|
70
|
+
it "includes PKCE parameters if enabled" do
|
71
|
+
instance = subject.new("abc", "def", :pkce => true)
|
72
|
+
expect(instance.authorize_params[:code_challenge]).to be_a(String)
|
73
|
+
expect(instance.authorize_params[:code_challenge_method]).to eq("S256")
|
74
|
+
expect(instance.session["omniauth.pkce.verifier"]).to be_a(String)
|
75
|
+
end
|
62
76
|
end
|
63
77
|
|
64
78
|
describe "#token_params" do
|
@@ -73,6 +87,13 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
|
|
73
87
|
instance = subject.new("abc", "def", :token_options => %i[scope foo], :scope => "bar", :foo => "baz")
|
74
88
|
expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
|
75
89
|
end
|
90
|
+
|
91
|
+
it "includes the PKCE code_verifier if enabled" do
|
92
|
+
instance = subject.new("abc", "def", :pkce => true)
|
93
|
+
# setup session
|
94
|
+
instance.authorize_params
|
95
|
+
expect(instance.token_params[:code_verifier]).to be_a(String)
|
96
|
+
end
|
76
97
|
end
|
77
98
|
|
78
99
|
describe "#callback_phase" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Bleigh
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2021-01-11 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: oauth2
|
@@ -18,42 +18,48 @@ dependencies:
|
|
18
18
|
requirements:
|
19
19
|
- - "~>"
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version: '1.
|
21
|
+
version: '1.4'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
25
|
requirements:
|
26
26
|
- - "~>"
|
27
27
|
- !ruby/object:Gem::Version
|
28
|
-
version: '1.
|
28
|
+
version: '1.4'
|
29
29
|
- !ruby/object:Gem::Dependency
|
30
30
|
name: omniauth
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
32
32
|
requirements:
|
33
|
-
- - "
|
33
|
+
- - ">="
|
34
34
|
- !ruby/object:Gem::Version
|
35
35
|
version: '1.9'
|
36
|
+
- - "<"
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: '3'
|
36
39
|
type: :runtime
|
37
40
|
prerelease: false
|
38
41
|
version_requirements: !ruby/object:Gem::Requirement
|
39
42
|
requirements:
|
40
|
-
- - "
|
43
|
+
- - ">="
|
41
44
|
- !ruby/object:Gem::Version
|
42
45
|
version: '1.9'
|
46
|
+
- - "<"
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: '3'
|
43
49
|
- !ruby/object:Gem::Dependency
|
44
50
|
name: bundler
|
45
51
|
requirement: !ruby/object:Gem::Requirement
|
46
52
|
requirements:
|
47
53
|
- - "~>"
|
48
54
|
- !ruby/object:Gem::Version
|
49
|
-
version: '
|
55
|
+
version: '2.0'
|
50
56
|
type: :development
|
51
57
|
prerelease: false
|
52
58
|
version_requirements: !ruby/object:Gem::Requirement
|
53
59
|
requirements:
|
54
60
|
- - "~>"
|
55
61
|
- !ruby/object:Gem::Version
|
56
|
-
version: '
|
62
|
+
version: '2.0'
|
57
63
|
description: An abstract OAuth2 strategy for OmniAuth.
|
58
64
|
email:
|
59
65
|
- michael@intridea.com
|
@@ -63,6 +69,7 @@ executables: []
|
|
63
69
|
extensions: []
|
64
70
|
extra_rdoc_files: []
|
65
71
|
files:
|
72
|
+
- ".github/workflows/main.yml"
|
66
73
|
- ".gitignore"
|
67
74
|
- ".rspec"
|
68
75
|
- ".rubocop.yml"
|
@@ -96,8 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
96
103
|
- !ruby/object:Gem::Version
|
97
104
|
version: '0'
|
98
105
|
requirements: []
|
99
|
-
|
100
|
-
rubygems_version: 2.6.11
|
106
|
+
rubygems_version: 3.0.3
|
101
107
|
signing_key:
|
102
108
|
specification_version: 4
|
103
109
|
summary: An abstract OAuth2 strategy for OmniAuth.
|