omniauth-oauth2 1.6.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 0e32b47809789079fefb676477c2068c5847c8c9
4
- data.tar.gz: 8bff0bfc6b4a45c5da7cb3a9eb93d3c20cacd4f2
2
+ SHA256:
3
+ metadata.gz: '0496e01a0a03c432891358ac0bbe4ed744560f47c88c2cc32a999feafc78e576'
4
+ data.tar.gz: 6196ba4a1880c328392de4e145434fccf1c4a64fdbc8f87c94ffc2e274bb509b
5
5
  SHA512:
6
- metadata.gz: b5ffee16532d167a95ad5cf152cdddb219365da8ef87c6ff34c943cc999e02e25b0db2fb43a9067ec11659ad39108ebd1930aa44f55a94bcb5aba05befd3e427
7
- data.tar.gz: 4417d7eedb1880ba3af05f2cddedcfc894dc1f286b0760d98433dfffcbf51eff8725c371e6fd1f82ddb7a73d13fa87ee753e1fee03ee26a6dbed48ca6aee3884
6
+ metadata.gz: 5db83ecb687e9fe790f3c76f3c831aac7a6e2e444e97cf532b08629caf27400bbc242e474c50ba07d1d7e1a39dce6468a62e751981069e191483d5f99bd009d8
7
+ data.tar.gz: 3b66b0a2813184f867646699823b7434a4d7b9ce08594c6eaded5b4b37b965bc6cbae932087fe1bfd446fb126e3245d8b5fe0ec47798ef8f81083f251933d1a9
@@ -0,0 +1,49 @@
1
+ name: Ruby
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-18.04
12
+ strategy:
13
+ fail-fast: false
14
+ matrix:
15
+ os: [ubuntu, macos]
16
+ ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
17
+ steps:
18
+ - uses: actions/checkout@v2
19
+ - name: Set up Ruby
20
+ uses: ruby/setup-ruby@v1
21
+ with:
22
+ ruby-version: ${{ matrix.ruby }}
23
+ bundler-cache: true
24
+ - name: Install dependencies
25
+ run: bundle install
26
+ - name: Run tests
27
+ run: bundle exec rake
28
+ test-jruby:
29
+ runs-on: ubuntu-18.04
30
+ strategy:
31
+ fail-fast: false
32
+ matrix:
33
+ os: [ubuntu, macos]
34
+ jruby: [jruby, jruby-head]
35
+ steps:
36
+ - uses: actions/checkout@v2
37
+ - name: Set up Ruby
38
+ uses: ruby/setup-ruby@v1
39
+ with:
40
+ ruby-version: ${{ matrix.jruby }}
41
+ bundler-cache: true
42
+ - name: Install dependencies
43
+ env:
44
+ JRUBY_OPTS: --debug
45
+ run: bundle install
46
+ - name: Run tests
47
+ env:
48
+ JRUBY_OPTS: --debug
49
+ run: bundle exec rake
data/.rubocop.yml CHANGED
@@ -1,15 +1,34 @@
1
+ AllCops:
2
+ NewCops: enable
3
+
4
+ Gemspec/RequiredRubyVersion:
5
+ Enabled: false
6
+
1
7
  Layout/AccessModifierIndentation:
2
8
  EnforcedStyle: outdent
3
9
 
10
+ Layout/LineLength:
11
+ AllowURI: true
12
+ Enabled: false
13
+
4
14
  Layout/SpaceInsideHashLiteralBraces:
5
15
  EnforcedStyle: no_space
6
16
 
17
+ Lint/MissingSuper:
18
+ Enabled: false
19
+
20
+ Metrics/AbcSize:
21
+ Max: 18
22
+
23
+ Metrics/BlockLength:
24
+ Exclude:
25
+ - spec/omniauth/strategies/oauth2_spec.rb
26
+
7
27
  Metrics/BlockNesting:
8
28
  Max: 2
9
29
 
10
- Metrics/LineLength:
11
- AllowURI: true
12
- Enabled: false
30
+ Metrics/ClassLength:
31
+ Max: 110
13
32
 
14
33
  Metrics/MethodLength:
15
34
  CountComments: false
@@ -19,6 +38,10 @@ Metrics/ParameterLists:
19
38
  Max: 4
20
39
  CountKeywordArgs: true
21
40
 
41
+ Naming/FileName:
42
+ Exclude:
43
+ - lib/omniauth-oauth2.rb
44
+
22
45
  Style/CollectionMethods:
23
46
  PreferredMethods:
24
47
  map: 'collect'
@@ -35,6 +58,9 @@ Style/DoubleNegation:
35
58
  Style/ExpandPathArguments:
36
59
  Enabled: false
37
60
 
61
+ Style/FrozenStringLiteralComment:
62
+ Enabled: false
63
+
38
64
  Style/HashSyntax:
39
65
  EnforcedStyle: hash_rockets
40
66
 
@@ -52,4 +78,3 @@ Style/TrailingCommaInHashLiteral:
52
78
 
53
79
  Style/TrailingCommaInArrayLiteral:
54
80
  EnforcedStyleForMultiline: comma
55
-
data/.travis.yml CHANGED
@@ -9,12 +9,11 @@ env:
9
9
  language: ruby
10
10
  rvm:
11
11
  - jruby-9000
12
- - 2.2.9
13
- - 2.3.5
14
12
  - 2.4.4
15
13
  - 2.5.3
16
14
  - jruby-head
17
15
  - ruby-head
16
+ - truffleruby-head
18
17
  matrix:
19
18
  allow_failures:
20
19
  - rvm: jruby-head
data/README.md CHANGED
@@ -2,16 +2,14 @@
2
2
 
3
3
  [![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
4
4
  [![Build Status](http://img.shields.io/travis/omniauth/omniauth-oauth2.svg)][travis]
5
- [![Dependency Status](http://img.shields.io/gemnasium/omniauth/omniauth-oauth2.svg)][gemnasium]
6
- [![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth-oauth2.svg)][codeclimate]
5
+ [![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
7
6
  [![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
8
7
  [![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
9
8
 
10
9
  [gem]: https://rubygems.org/gems/omniauth-oauth2
11
10
  [travis]: http://travis-ci.org/omniauth/omniauth-oauth2
12
- [gemnasium]: https://gemnasium.com/github.com/omniauth/omniauth-oauth2
13
- [codeclimate]: https://codeclimate.com/github/omniauth/omniauth-oauth2
14
- [coveralls]: https://coveralls.io/r/omniauth/omniauth-oauth2
11
+ [codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
12
+ [coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
15
13
 
16
14
  This gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve
17
15
  as a building block strategy for other strategies and not to be used
@@ -34,6 +32,10 @@ module OmniAuth
34
32
  # This is where you pass the options you would pass when
35
33
  # initializing your consumer from the OAuth gem.
36
34
  option :client_options, {:site => "https://api.somesite.com"}
35
+
36
+ # You may specify that your strategy should use PKCE by setting
37
+ # the pkce option to true: https://tools.ietf.org/html/rfc7636
38
+ option :pkce, true
37
39
 
38
40
  # These are called after authentication has succeeded. If
39
41
  # possible, you should try to set the UID without making
@@ -64,4 +66,3 @@ end
64
66
  ```
65
67
 
66
68
  That's pretty much it!
67
-
data/Rakefile CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env rake
2
+
2
3
  require "bundler/gem_tasks"
3
4
  require "rspec/core/rake_task"
4
5
 
@@ -1,2 +1,2 @@
1
- require "omniauth-oauth2/version" # rubocop:disable FileName
1
+ require "omniauth-oauth2/version"
2
2
  require "omniauth/strategies/oauth2"
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module OAuth2
3
- VERSION = "1.6.0".freeze
3
+ VERSION = "1.7.1".freeze
4
4
  end
5
5
  end
@@ -24,11 +24,22 @@ module OmniAuth
24
24
  option :client_secret, nil
25
25
  option :client_options, {}
26
26
  option :authorize_params, {}
27
- option :authorize_options, [:scope]
27
+ option :authorize_options, %i[scope state]
28
28
  option :token_params, {}
29
29
  option :token_options, []
30
30
  option :auth_token_params, {}
31
31
  option :provider_ignores_state, false
32
+ option :pkce, false
33
+ option :pkce_verifier, nil
34
+ option :pkce_options, {
35
+ :code_challenge => proc { |verifier|
36
+ Base64.urlsafe_encode64(
37
+ Digest::SHA2.digest(verifier),
38
+ :padding => false,
39
+ )
40
+ },
41
+ :code_challenge_method => "S256",
42
+ }
32
43
 
33
44
  attr_accessor :access_token
34
45
 
@@ -48,22 +59,29 @@ module OmniAuth
48
59
  redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
49
60
  end
50
61
 
51
- def authorize_params
62
+ def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
52
63
  options.authorize_params[:state] = SecureRandom.hex(24)
53
- params = options.authorize_params.merge(options_for("authorize"))
64
+
54
65
  if OmniAuth.config.test_mode
55
66
  @env ||= {}
56
67
  @env["rack.session"] ||= {}
57
68
  end
69
+
70
+ params = options.authorize_params
71
+ .merge(options_for("authorize"))
72
+ .merge(pkce_authorize_params)
73
+
74
+ session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
58
75
  session["omniauth.state"] = params[:state]
76
+
59
77
  params
60
78
  end
61
79
 
62
80
  def token_params
63
- options.token_params.merge(options_for("token"))
81
+ options.token_params.merge(options_for("token")).merge(pkce_token_params)
64
82
  end
65
83
 
66
- def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
84
+ def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
67
85
  error = request.params["error_reason"] || request.params["error"]
68
86
  if error
69
87
  fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
@@ -84,23 +102,44 @@ module OmniAuth
84
102
 
85
103
  protected
86
104
 
105
+ def pkce_authorize_params
106
+ return {} unless options.pkce
107
+
108
+ options.pkce_verifier = SecureRandom.hex(64)
109
+
110
+ # NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
111
+ {
112
+ :code_challenge => options.pkce_options[:code_challenge]
113
+ .call(options.pkce_verifier),
114
+ :code_challenge_method => options.pkce_options[:code_challenge_method],
115
+ }
116
+ end
117
+
118
+ def pkce_token_params
119
+ return {} unless options.pkce
120
+
121
+ {:code_verifier => session.delete("omniauth.pkce.verifier")}
122
+ end
123
+
87
124
  def build_access_token
88
125
  verifier = request.params["code"]
89
126
  client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
90
127
  end
91
128
 
92
129
  def deep_symbolize(options)
93
- hash = {}
94
- options.each do |key, value|
130
+ options.each_with_object({}) do |(key, value), hash|
95
131
  hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
96
132
  end
97
- hash
98
133
  end
99
134
 
100
135
  def options_for(option)
101
136
  hash = {}
102
137
  options.send(:"#{option}_options").select { |key| options[key] }.each do |key|
103
- hash[key.to_sym] = options[key]
138
+ hash[key.to_sym] = if options[key].respond_to?(:call)
139
+ options[key].call(env)
140
+ else
141
+ options[key]
142
+ end
104
143
  end
105
144
  hash
106
145
  end
@@ -3,10 +3,10 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
  require "omniauth-oauth2/version"
4
4
 
5
5
  Gem::Specification.new do |gem|
6
- gem.add_dependency "oauth2", "~> 1.1"
7
- gem.add_dependency "omniauth", "~> 1.9"
6
+ gem.add_dependency "oauth2", "~> 1.4"
7
+ gem.add_dependency "omniauth", [">= 1.9", "< 3"]
8
8
 
9
- gem.add_development_dependency "bundler", "~> 1.0"
9
+ gem.add_development_dependency "bundler", "~> 2.0"
10
10
 
11
11
  gem.authors = ["Michael Bleigh", "Erik Michaels-Ober", "Tom Milewski"]
12
12
  gem.email = ["michael@intridea.com", "sferik@gmail.com", "tmilewski@gmail.com"]
@@ -1,6 +1,6 @@
1
1
  require "helper"
2
2
 
3
- describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
3
+ describe OmniAuth::Strategies::OAuth2 do
4
4
  def app
5
5
  lambda do |_env|
6
6
  [200, {}, ["Hello."]]
@@ -52,6 +52,7 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
52
52
  instance = subject.new("abc", "def", :authorize_options => %i[scope foo state], :scope => "bar", :foo => "baz")
53
53
  expect(instance.authorize_params["scope"]).to eq("bar")
54
54
  expect(instance.authorize_params["foo"]).to eq("baz")
55
+ expect(instance.authorize_params["state"]).not_to be_empty
55
56
  end
56
57
 
57
58
  it "includes random state in the authorize params" do
@@ -59,6 +60,19 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
59
60
  expect(instance.authorize_params.keys).to eq(["state"])
60
61
  expect(instance.session["omniauth.state"]).not_to be_empty
61
62
  end
63
+
64
+ it "includes custom state in the authorize params" do
65
+ instance = subject.new("abc", "def", :state => proc { "qux" })
66
+ expect(instance.authorize_params.keys).to eq(["state"])
67
+ expect(instance.session["omniauth.state"]).to eq("qux")
68
+ end
69
+
70
+ it "includes PKCE parameters if enabled" do
71
+ instance = subject.new("abc", "def", :pkce => true)
72
+ expect(instance.authorize_params[:code_challenge]).to be_a(String)
73
+ expect(instance.authorize_params[:code_challenge_method]).to eq("S256")
74
+ expect(instance.session["omniauth.pkce.verifier"]).to be_a(String)
75
+ end
62
76
  end
63
77
 
64
78
  describe "#token_params" do
@@ -73,6 +87,13 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
73
87
  instance = subject.new("abc", "def", :token_options => %i[scope foo], :scope => "bar", :foo => "baz")
74
88
  expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
75
89
  end
90
+
91
+ it "includes the PKCE code_verifier if enabled" do
92
+ instance = subject.new("abc", "def", :pkce => true)
93
+ # setup session
94
+ instance.authorize_params
95
+ expect(instance.token_params[:code_verifier]).to be_a(String)
96
+ end
76
97
  end
77
98
 
78
99
  describe "#callback_phase" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.0
4
+ version: 1.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Bleigh
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2018-12-14 00:00:00.000000000 Z
13
+ date: 2021-01-11 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: oauth2
@@ -18,42 +18,48 @@ dependencies:
18
18
  requirements:
19
19
  - - "~>"
20
20
  - !ruby/object:Gem::Version
21
- version: '1.1'
21
+ version: '1.4'
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
26
  - - "~>"
27
27
  - !ruby/object:Gem::Version
28
- version: '1.1'
28
+ version: '1.4'
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: omniauth
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
- - - "~>"
33
+ - - ">="
34
34
  - !ruby/object:Gem::Version
35
35
  version: '1.9'
36
+ - - "<"
37
+ - !ruby/object:Gem::Version
38
+ version: '3'
36
39
  type: :runtime
37
40
  prerelease: false
38
41
  version_requirements: !ruby/object:Gem::Requirement
39
42
  requirements:
40
- - - "~>"
43
+ - - ">="
41
44
  - !ruby/object:Gem::Version
42
45
  version: '1.9'
46
+ - - "<"
47
+ - !ruby/object:Gem::Version
48
+ version: '3'
43
49
  - !ruby/object:Gem::Dependency
44
50
  name: bundler
45
51
  requirement: !ruby/object:Gem::Requirement
46
52
  requirements:
47
53
  - - "~>"
48
54
  - !ruby/object:Gem::Version
49
- version: '1.0'
55
+ version: '2.0'
50
56
  type: :development
51
57
  prerelease: false
52
58
  version_requirements: !ruby/object:Gem::Requirement
53
59
  requirements:
54
60
  - - "~>"
55
61
  - !ruby/object:Gem::Version
56
- version: '1.0'
62
+ version: '2.0'
57
63
  description: An abstract OAuth2 strategy for OmniAuth.
58
64
  email:
59
65
  - michael@intridea.com
@@ -63,6 +69,7 @@ executables: []
63
69
  extensions: []
64
70
  extra_rdoc_files: []
65
71
  files:
72
+ - ".github/workflows/main.yml"
66
73
  - ".gitignore"
67
74
  - ".rspec"
68
75
  - ".rubocop.yml"
@@ -96,8 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
96
103
  - !ruby/object:Gem::Version
97
104
  version: '0'
98
105
  requirements: []
99
- rubyforge_project:
100
- rubygems_version: 2.6.11
106
+ rubygems_version: 3.0.3
101
107
  signing_key:
102
108
  specification_version: 4
103
109
  summary: An abstract OAuth2 strategy for OmniAuth.