omniauth-oauth2 1.6.0 → 1.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/FUNDING.yml +2 -0
- data/.github/workflows/main.yml +67 -0
- data/.rubocop.yml +29 -4
- data/CHANGELOG.md +5 -0
- data/Gemfile +4 -3
- data/README.md +15 -7
- data/Rakefile +1 -0
- data/SECURITY.md +17 -0
- data/lib/omniauth/strategies/oauth2.rb +51 -12
- data/lib/omniauth-oauth2/version.rb +1 -1
- data/lib/omniauth-oauth2.rb +1 -1
- data/omniauth-oauth2.gemspec +3 -3
- data/spec/helper.rb +8 -1
- data/spec/omniauth/strategies/oauth2_spec.rb +59 -5
- metadata +24 -16
- data/.travis.yml +0 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f5cd52cdcb930eb0df65da3d7659a8e46f19db3426e0ecd8b3565b51e951331f
|
4
|
+
data.tar.gz: 6ed5b399aef49e82b265ff6175c849c44415f8b19f81ee5eb5d988ebb6c95fc8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e6bc5b97b326e37aa1e2ebb294b3459b57ba5dbb4d1e8b7e1709ed2dc9cfb8cc3b1b6f70ebbd0d5d830834af2472afe5b34762cf63f99a508334edee0d86b15a
|
7
|
+
data.tar.gz: 5c6cea848d8c9895495f7e931a3acfcee6e5e773824714e4de8bacfdc7aa70c3e40ad5cbce92b9a0d115f1dbd1f26aea7dc2b7a7bc02b1050cf38c501c3b7d45
|
data/.github/FUNDING.yml
ADDED
@@ -0,0 +1,67 @@
|
|
1
|
+
name: Ruby
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [ master ]
|
6
|
+
pull_request:
|
7
|
+
branches: [ master ]
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
test:
|
11
|
+
runs-on: ubuntu-18.04
|
12
|
+
strategy:
|
13
|
+
fail-fast: false
|
14
|
+
matrix:
|
15
|
+
os: [ubuntu, macos]
|
16
|
+
ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug, truffleruby, truffleruby-head]
|
17
|
+
steps:
|
18
|
+
- uses: actions/checkout@v2
|
19
|
+
- name: Set up Ruby
|
20
|
+
uses: ruby/setup-ruby@v1
|
21
|
+
with:
|
22
|
+
ruby-version: ${{ matrix.ruby }}
|
23
|
+
bundler-cache: true
|
24
|
+
- name: Install dependencies
|
25
|
+
run: bundle install
|
26
|
+
- name: Run tests
|
27
|
+
run: bundle exec rake
|
28
|
+
test-jruby:
|
29
|
+
runs-on: ubuntu-18.04
|
30
|
+
strategy:
|
31
|
+
fail-fast: false
|
32
|
+
matrix:
|
33
|
+
os: [ubuntu, macos]
|
34
|
+
jruby: [jruby, jruby-head]
|
35
|
+
steps:
|
36
|
+
- uses: actions/checkout@v2
|
37
|
+
- name: Set up Ruby
|
38
|
+
uses: ruby/setup-ruby@v1
|
39
|
+
with:
|
40
|
+
ruby-version: ${{ matrix.jruby }}
|
41
|
+
bundler-cache: true
|
42
|
+
- name: Install dependencies
|
43
|
+
env:
|
44
|
+
JRUBY_OPTS: --debug
|
45
|
+
run: bundle install
|
46
|
+
- name: Run tests
|
47
|
+
env:
|
48
|
+
JRUBY_OPTS: --debug
|
49
|
+
run: bundle exec rake
|
50
|
+
coveralls:
|
51
|
+
runs-on: ubuntu-18.04
|
52
|
+
steps:
|
53
|
+
- uses: actions/checkout@v2
|
54
|
+
- name: Set up Ruby
|
55
|
+
uses: ruby/setup-ruby@v1
|
56
|
+
with:
|
57
|
+
ruby-version: 2.6
|
58
|
+
bundler-cache: true
|
59
|
+
- name: Install dependencies
|
60
|
+
run: bundle install
|
61
|
+
- name: Run tests
|
62
|
+
run: bundle exec rake
|
63
|
+
- name: Coveralls GitHub Action
|
64
|
+
uses: coverallsapp/github-action@v1.1.2
|
65
|
+
with:
|
66
|
+
github-token: ${{ secrets.github_token }}
|
67
|
+
path-to-lcov: './coverage/lcov/omniauth-oauth2.lcov'
|
data/.rubocop.yml
CHANGED
@@ -1,15 +1,34 @@
|
|
1
|
+
AllCops:
|
2
|
+
NewCops: enable
|
3
|
+
|
4
|
+
Gemspec/RequiredRubyVersion:
|
5
|
+
Enabled: false
|
6
|
+
|
1
7
|
Layout/AccessModifierIndentation:
|
2
8
|
EnforcedStyle: outdent
|
3
9
|
|
10
|
+
Layout/LineLength:
|
11
|
+
AllowURI: true
|
12
|
+
Enabled: false
|
13
|
+
|
4
14
|
Layout/SpaceInsideHashLiteralBraces:
|
5
15
|
EnforcedStyle: no_space
|
6
16
|
|
17
|
+
Lint/MissingSuper:
|
18
|
+
Enabled: false
|
19
|
+
|
20
|
+
Metrics/AbcSize:
|
21
|
+
Max: 18
|
22
|
+
|
23
|
+
Metrics/BlockLength:
|
24
|
+
Exclude:
|
25
|
+
- spec/omniauth/strategies/oauth2_spec.rb
|
26
|
+
|
7
27
|
Metrics/BlockNesting:
|
8
28
|
Max: 2
|
9
29
|
|
10
|
-
Metrics/
|
11
|
-
|
12
|
-
Enabled: false
|
30
|
+
Metrics/ClassLength:
|
31
|
+
Max: 110
|
13
32
|
|
14
33
|
Metrics/MethodLength:
|
15
34
|
CountComments: false
|
@@ -19,6 +38,10 @@ Metrics/ParameterLists:
|
|
19
38
|
Max: 4
|
20
39
|
CountKeywordArgs: true
|
21
40
|
|
41
|
+
Naming/FileName:
|
42
|
+
Exclude:
|
43
|
+
- lib/omniauth-oauth2.rb
|
44
|
+
|
22
45
|
Style/CollectionMethods:
|
23
46
|
PreferredMethods:
|
24
47
|
map: 'collect'
|
@@ -35,6 +58,9 @@ Style/DoubleNegation:
|
|
35
58
|
Style/ExpandPathArguments:
|
36
59
|
Enabled: false
|
37
60
|
|
61
|
+
Style/FrozenStringLiteralComment:
|
62
|
+
Enabled: false
|
63
|
+
|
38
64
|
Style/HashSyntax:
|
39
65
|
EnforcedStyle: hash_rockets
|
40
66
|
|
@@ -52,4 +78,3 @@ Style/TrailingCommaInHashLiteral:
|
|
52
78
|
|
53
79
|
Style/TrailingCommaInArrayLiteral:
|
54
80
|
EnforcedStyleForMultiline: comma
|
55
|
-
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,5 @@
|
|
1
|
+
## [v1.8.0](https://github.com/omniauth/omniauth-oauth2/releases/tag/v1.7.3)
|
2
|
+
- Relaxes allowed versions of the oauth2 gem. [#146](https://github.com/omniauth/omniauth-oauth2/pull/146)
|
3
|
+
- Requires omniauth `~> 2.0` [#152](https://github.com/omniauth/omniauth-oauth2/pull/152)
|
4
|
+
|
5
|
+
Please see https://github.com/omniauth/omniauth-oauth2/releases for changelog prior to 1.8.0
|
data/Gemfile
CHANGED
@@ -1,17 +1,18 @@
|
|
1
1
|
source "https://rubygems.org"
|
2
2
|
|
3
|
-
gem "rake", "~>
|
3
|
+
gem "rake", "~> 13.0"
|
4
4
|
|
5
5
|
group :test do
|
6
6
|
gem "addressable", "~> 2.3.8", :platforms => %i[jruby ruby_18]
|
7
|
-
gem
|
7
|
+
gem 'coveralls_reborn', '~> 0.19.0', require: false
|
8
8
|
gem "json", :platforms => %i[jruby ruby_18 ruby_19]
|
9
9
|
gem "mime-types", "~> 1.25", :platforms => %i[jruby ruby_18]
|
10
10
|
gem "rack-test"
|
11
11
|
gem "rest-client", "~> 1.8.0", :platforms => %i[jruby ruby_18]
|
12
12
|
gem "rspec", "~> 3.2"
|
13
13
|
gem "rubocop", ">= 0.51", :platforms => %i[ruby_19 ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
|
14
|
-
gem
|
14
|
+
gem 'simplecov-lcov'
|
15
|
+
gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
|
15
16
|
gem "webmock", "~> 3.0"
|
16
17
|
end
|
17
18
|
|
data/README.md
CHANGED
@@ -1,17 +1,13 @@
|
|
1
1
|
# OmniAuth OAuth2
|
2
2
|
|
3
3
|
[![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
|
4
|
-
[![
|
5
|
-
[![Dependency Status](http://img.shields.io/gemnasium/omniauth/omniauth-oauth2.svg)][gemnasium]
|
6
|
-
[![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth-oauth2.svg)][codeclimate]
|
4
|
+
[![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
|
7
5
|
[![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
|
8
6
|
[![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
|
9
7
|
|
10
8
|
[gem]: https://rubygems.org/gems/omniauth-oauth2
|
11
|
-
[
|
12
|
-
[
|
13
|
-
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth-oauth2
|
14
|
-
[coveralls]: https://coveralls.io/r/omniauth/omniauth-oauth2
|
9
|
+
[codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
|
10
|
+
[coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
|
15
11
|
|
16
12
|
This gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve
|
17
13
|
as a building block strategy for other strategies and not to be used
|
@@ -35,6 +31,10 @@ module OmniAuth
|
|
35
31
|
# initializing your consumer from the OAuth gem.
|
36
32
|
option :client_options, {:site => "https://api.somesite.com"}
|
37
33
|
|
34
|
+
# You may specify that your strategy should use PKCE by setting
|
35
|
+
# the pkce option to true: https://tools.ietf.org/html/rfc7636
|
36
|
+
option :pkce, true
|
37
|
+
|
38
38
|
# These are called after authentication has succeeded. If
|
39
39
|
# possible, you should try to set the UID without making
|
40
40
|
# additional calls (if the user id is returned with the token
|
@@ -65,3 +65,11 @@ end
|
|
65
65
|
|
66
66
|
That's pretty much it!
|
67
67
|
|
68
|
+
## OmniAuth-OAuth2 for Enterprise
|
69
|
+
|
70
|
+
Available as part of the Tidelift Subscription.
|
71
|
+
|
72
|
+
The maintainers of OmniAuth-OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise)
|
73
|
+
|
74
|
+
## Supported Ruby Versions
|
75
|
+
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
|
data/Rakefile
CHANGED
data/SECURITY.md
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
Use this section to tell people about which versions of your project are
|
6
|
+
currently being supported with security updates.
|
7
|
+
|
8
|
+
| Version | Supported |
|
9
|
+
| ------- | ------------------ |
|
10
|
+
| 1.7.x | :white_check_mark: |
|
11
|
+
| <= 1.6.x | :x: |
|
12
|
+
|
13
|
+
## Security contact information
|
14
|
+
|
15
|
+
To report a security vulnerability, please use the
|
16
|
+
[Tidelift security contact](https://tidelift.com/security).
|
17
|
+
Tidelift will coordinate the fix and disclosure.
|
@@ -24,11 +24,22 @@ module OmniAuth
|
|
24
24
|
option :client_secret, nil
|
25
25
|
option :client_options, {}
|
26
26
|
option :authorize_params, {}
|
27
|
-
option :authorize_options, [
|
27
|
+
option :authorize_options, %i[scope state]
|
28
28
|
option :token_params, {}
|
29
29
|
option :token_options, []
|
30
30
|
option :auth_token_params, {}
|
31
31
|
option :provider_ignores_state, false
|
32
|
+
option :pkce, false
|
33
|
+
option :pkce_verifier, nil
|
34
|
+
option :pkce_options, {
|
35
|
+
:code_challenge => proc { |verifier|
|
36
|
+
Base64.urlsafe_encode64(
|
37
|
+
Digest::SHA2.digest(verifier),
|
38
|
+
:padding => false,
|
39
|
+
)
|
40
|
+
},
|
41
|
+
:code_challenge_method => "S256",
|
42
|
+
}
|
32
43
|
|
33
44
|
attr_accessor :access_token
|
34
45
|
|
@@ -48,27 +59,34 @@ module OmniAuth
|
|
48
59
|
redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
|
49
60
|
end
|
50
61
|
|
51
|
-
def authorize_params
|
62
|
+
def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
52
63
|
options.authorize_params[:state] = SecureRandom.hex(24)
|
53
|
-
|
64
|
+
|
54
65
|
if OmniAuth.config.test_mode
|
55
66
|
@env ||= {}
|
56
67
|
@env["rack.session"] ||= {}
|
57
68
|
end
|
69
|
+
|
70
|
+
params = options.authorize_params
|
71
|
+
.merge(options_for("authorize"))
|
72
|
+
.merge(pkce_authorize_params)
|
73
|
+
|
74
|
+
session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
|
58
75
|
session["omniauth.state"] = params[:state]
|
76
|
+
|
59
77
|
params
|
60
78
|
end
|
61
79
|
|
62
80
|
def token_params
|
63
|
-
options.token_params.merge(options_for("token"))
|
81
|
+
options.token_params.merge(options_for("token")).merge(pkce_token_params)
|
64
82
|
end
|
65
83
|
|
66
|
-
def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
|
84
|
+
def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
|
67
85
|
error = request.params["error_reason"] || request.params["error"]
|
68
|
-
if
|
69
|
-
fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
|
70
|
-
elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
|
86
|
+
if !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
|
71
87
|
fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
|
88
|
+
elsif error
|
89
|
+
fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
|
72
90
|
else
|
73
91
|
self.access_token = build_access_token
|
74
92
|
self.access_token = access_token.refresh! if access_token.expired?
|
@@ -84,23 +102,44 @@ module OmniAuth
|
|
84
102
|
|
85
103
|
protected
|
86
104
|
|
105
|
+
def pkce_authorize_params
|
106
|
+
return {} unless options.pkce
|
107
|
+
|
108
|
+
options.pkce_verifier = SecureRandom.hex(64)
|
109
|
+
|
110
|
+
# NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
|
111
|
+
{
|
112
|
+
:code_challenge => options.pkce_options[:code_challenge]
|
113
|
+
.call(options.pkce_verifier),
|
114
|
+
:code_challenge_method => options.pkce_options[:code_challenge_method],
|
115
|
+
}
|
116
|
+
end
|
117
|
+
|
118
|
+
def pkce_token_params
|
119
|
+
return {} unless options.pkce
|
120
|
+
|
121
|
+
{:code_verifier => session.delete("omniauth.pkce.verifier")}
|
122
|
+
end
|
123
|
+
|
87
124
|
def build_access_token
|
88
125
|
verifier = request.params["code"]
|
89
126
|
client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
|
90
127
|
end
|
91
128
|
|
92
129
|
def deep_symbolize(options)
|
93
|
-
|
94
|
-
options.each do |key, value|
|
130
|
+
options.each_with_object({}) do |(key, value), hash|
|
95
131
|
hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
|
96
132
|
end
|
97
|
-
hash
|
98
133
|
end
|
99
134
|
|
100
135
|
def options_for(option)
|
101
136
|
hash = {}
|
102
137
|
options.send(:"#{option}_options").select { |key| options[key] }.each do |key|
|
103
|
-
hash[key.to_sym] = options[key]
|
138
|
+
hash[key.to_sym] = if options[key].respond_to?(:call)
|
139
|
+
options[key].call(env)
|
140
|
+
else
|
141
|
+
options[key]
|
142
|
+
end
|
104
143
|
end
|
105
144
|
hash
|
106
145
|
end
|
data/lib/omniauth-oauth2.rb
CHANGED
@@ -1,2 +1,2 @@
|
|
1
|
-
require "omniauth-oauth2/version"
|
1
|
+
require "omniauth-oauth2/version"
|
2
2
|
require "omniauth/strategies/oauth2"
|
data/omniauth-oauth2.gemspec
CHANGED
@@ -3,10 +3,10 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
3
3
|
require "omniauth-oauth2/version"
|
4
4
|
|
5
5
|
Gem::Specification.new do |gem|
|
6
|
-
gem.add_dependency "oauth2", "
|
7
|
-
gem.add_dependency "omniauth", "~>
|
6
|
+
gem.add_dependency "oauth2", [">= 1.4", "< 3"]
|
7
|
+
gem.add_dependency "omniauth", "~> 2.0"
|
8
8
|
|
9
|
-
gem.add_development_dependency "bundler", "~>
|
9
|
+
gem.add_development_dependency "bundler", "~> 2.0"
|
10
10
|
|
11
11
|
gem.authors = ["Michael Bleigh", "Erik Michaels-Ober", "Tom Milewski"]
|
12
12
|
gem.email = ["michael@intridea.com", "sferik@gmail.com", "tmilewski@gmail.com"]
|
data/spec/helper.rb
CHANGED
@@ -3,9 +3,16 @@ $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
|
|
3
3
|
|
4
4
|
if RUBY_VERSION >= "1.9"
|
5
5
|
require "simplecov"
|
6
|
+
require "simplecov-lcov"
|
6
7
|
require "coveralls"
|
7
8
|
|
8
|
-
SimpleCov.
|
9
|
+
SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true
|
10
|
+
|
11
|
+
SimpleCov.formatters = [
|
12
|
+
SimpleCov::Formatter::HTMLFormatter,
|
13
|
+
SimpleCov::Formatter::LcovFormatter,
|
14
|
+
Coveralls::SimpleCov::Formatter
|
15
|
+
]
|
9
16
|
|
10
17
|
SimpleCov.start do
|
11
18
|
minimum_coverage(78.48)
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require "helper"
|
2
2
|
|
3
|
-
describe OmniAuth::Strategies::OAuth2 do
|
3
|
+
describe OmniAuth::Strategies::OAuth2 do
|
4
4
|
def app
|
5
5
|
lambda do |_env|
|
6
6
|
[200, {}, ["Hello."]]
|
@@ -52,6 +52,7 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
|
|
52
52
|
instance = subject.new("abc", "def", :authorize_options => %i[scope foo state], :scope => "bar", :foo => "baz")
|
53
53
|
expect(instance.authorize_params["scope"]).to eq("bar")
|
54
54
|
expect(instance.authorize_params["foo"]).to eq("baz")
|
55
|
+
expect(instance.authorize_params["state"]).not_to be_empty
|
55
56
|
end
|
56
57
|
|
57
58
|
it "includes random state in the authorize params" do
|
@@ -59,6 +60,19 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
|
|
59
60
|
expect(instance.authorize_params.keys).to eq(["state"])
|
60
61
|
expect(instance.session["omniauth.state"]).not_to be_empty
|
61
62
|
end
|
63
|
+
|
64
|
+
it "includes custom state in the authorize params" do
|
65
|
+
instance = subject.new("abc", "def", :state => proc { "qux" })
|
66
|
+
expect(instance.authorize_params.keys).to eq(["state"])
|
67
|
+
expect(instance.session["omniauth.state"]).to eq("qux")
|
68
|
+
end
|
69
|
+
|
70
|
+
it "includes PKCE parameters if enabled" do
|
71
|
+
instance = subject.new("abc", "def", :pkce => true)
|
72
|
+
expect(instance.authorize_params[:code_challenge]).to be_a(String)
|
73
|
+
expect(instance.authorize_params[:code_challenge_method]).to eq("S256")
|
74
|
+
expect(instance.session["omniauth.pkce.verifier"]).to be_a(String)
|
75
|
+
end
|
62
76
|
end
|
63
77
|
|
64
78
|
describe "#token_params" do
|
@@ -73,17 +87,57 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
|
|
73
87
|
instance = subject.new("abc", "def", :token_options => %i[scope foo], :scope => "bar", :foo => "baz")
|
74
88
|
expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
|
75
89
|
end
|
90
|
+
|
91
|
+
it "includes the PKCE code_verifier if enabled" do
|
92
|
+
instance = subject.new("abc", "def", :pkce => true)
|
93
|
+
# setup session
|
94
|
+
instance.authorize_params
|
95
|
+
expect(instance.token_params[:code_verifier]).to be_a(String)
|
96
|
+
end
|
76
97
|
end
|
77
98
|
|
78
99
|
describe "#callback_phase" do
|
79
|
-
subject { fresh_strategy }
|
80
|
-
|
81
|
-
|
100
|
+
subject(:instance) { fresh_strategy.new("abc", "def") }
|
101
|
+
|
102
|
+
let(:params) { {"error_reason" => "user_denied", "error" => "access_denied", "state" => state} }
|
103
|
+
let(:state) { "secret" }
|
104
|
+
|
105
|
+
before do
|
82
106
|
allow(instance).to receive(:request) do
|
83
|
-
double("Request", :params =>
|
107
|
+
double("Request", :params => params)
|
84
108
|
end
|
85
109
|
|
110
|
+
allow(instance).to receive(:session) do
|
111
|
+
double("Session", :delete => state)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
it "calls fail with the error received" do
|
86
116
|
expect(instance).to receive(:fail!).with("user_denied", anything)
|
117
|
+
|
118
|
+
instance.callback_phase
|
119
|
+
end
|
120
|
+
|
121
|
+
it "calls fail with the error received if state is missing and CSRF verification is disabled" do
|
122
|
+
params["state"] = nil
|
123
|
+
instance.options.provider_ignores_state = true
|
124
|
+
|
125
|
+
expect(instance).to receive(:fail!).with("user_denied", anything)
|
126
|
+
|
127
|
+
instance.callback_phase
|
128
|
+
end
|
129
|
+
|
130
|
+
it "calls fail with a CSRF error if the state is missing" do
|
131
|
+
params["state"] = nil
|
132
|
+
|
133
|
+
expect(instance).to receive(:fail!).with(:csrf_detected, anything)
|
134
|
+
instance.callback_phase
|
135
|
+
end
|
136
|
+
|
137
|
+
it "calls fail with a CSRF error if the state is invalid" do
|
138
|
+
params["state"] = "invalid"
|
139
|
+
|
140
|
+
expect(instance).to receive(:fail!).with(:csrf_detected, anything)
|
87
141
|
instance.callback_phase
|
88
142
|
end
|
89
143
|
end
|
metadata
CHANGED
@@ -1,59 +1,65 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Bleigh
|
8
8
|
- Erik Michaels-Ober
|
9
9
|
- Tom Milewski
|
10
|
-
autorequire:
|
10
|
+
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2022-06-18 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: oauth2
|
17
17
|
requirement: !ruby/object:Gem::Requirement
|
18
18
|
requirements:
|
19
|
-
- - "
|
19
|
+
- - ">="
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '1.4'
|
22
|
+
- - "<"
|
20
23
|
- !ruby/object:Gem::Version
|
21
|
-
version: '
|
24
|
+
version: '3'
|
22
25
|
type: :runtime
|
23
26
|
prerelease: false
|
24
27
|
version_requirements: !ruby/object:Gem::Requirement
|
25
28
|
requirements:
|
26
|
-
- - "
|
29
|
+
- - ">="
|
30
|
+
- !ruby/object:Gem::Version
|
31
|
+
version: '1.4'
|
32
|
+
- - "<"
|
27
33
|
- !ruby/object:Gem::Version
|
28
|
-
version: '
|
34
|
+
version: '3'
|
29
35
|
- !ruby/object:Gem::Dependency
|
30
36
|
name: omniauth
|
31
37
|
requirement: !ruby/object:Gem::Requirement
|
32
38
|
requirements:
|
33
39
|
- - "~>"
|
34
40
|
- !ruby/object:Gem::Version
|
35
|
-
version: '
|
41
|
+
version: '2.0'
|
36
42
|
type: :runtime
|
37
43
|
prerelease: false
|
38
44
|
version_requirements: !ruby/object:Gem::Requirement
|
39
45
|
requirements:
|
40
46
|
- - "~>"
|
41
47
|
- !ruby/object:Gem::Version
|
42
|
-
version: '
|
48
|
+
version: '2.0'
|
43
49
|
- !ruby/object:Gem::Dependency
|
44
50
|
name: bundler
|
45
51
|
requirement: !ruby/object:Gem::Requirement
|
46
52
|
requirements:
|
47
53
|
- - "~>"
|
48
54
|
- !ruby/object:Gem::Version
|
49
|
-
version: '
|
55
|
+
version: '2.0'
|
50
56
|
type: :development
|
51
57
|
prerelease: false
|
52
58
|
version_requirements: !ruby/object:Gem::Requirement
|
53
59
|
requirements:
|
54
60
|
- - "~>"
|
55
61
|
- !ruby/object:Gem::Version
|
56
|
-
version: '
|
62
|
+
version: '2.0'
|
57
63
|
description: An abstract OAuth2 strategy for OmniAuth.
|
58
64
|
email:
|
59
65
|
- michael@intridea.com
|
@@ -63,14 +69,17 @@ executables: []
|
|
63
69
|
extensions: []
|
64
70
|
extra_rdoc_files: []
|
65
71
|
files:
|
72
|
+
- ".github/FUNDING.yml"
|
73
|
+
- ".github/workflows/main.yml"
|
66
74
|
- ".gitignore"
|
67
75
|
- ".rspec"
|
68
76
|
- ".rubocop.yml"
|
69
|
-
-
|
77
|
+
- CHANGELOG.md
|
70
78
|
- Gemfile
|
71
79
|
- LICENSE.md
|
72
80
|
- README.md
|
73
81
|
- Rakefile
|
82
|
+
- SECURITY.md
|
74
83
|
- lib/omniauth-oauth2.rb
|
75
84
|
- lib/omniauth-oauth2/version.rb
|
76
85
|
- lib/omniauth/strategies/oauth2.rb
|
@@ -81,7 +90,7 @@ homepage: https://github.com/omniauth/omniauth-oauth2
|
|
81
90
|
licenses:
|
82
91
|
- MIT
|
83
92
|
metadata: {}
|
84
|
-
post_install_message:
|
93
|
+
post_install_message:
|
85
94
|
rdoc_options: []
|
86
95
|
require_paths:
|
87
96
|
- lib
|
@@ -96,9 +105,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
96
105
|
- !ruby/object:Gem::Version
|
97
106
|
version: '0'
|
98
107
|
requirements: []
|
99
|
-
|
100
|
-
|
101
|
-
signing_key:
|
108
|
+
rubygems_version: 3.2.32
|
109
|
+
signing_key:
|
102
110
|
specification_version: 4
|
103
111
|
summary: An abstract OAuth2 strategy for OmniAuth.
|
104
112
|
test_files:
|
data/.travis.yml
DELETED
@@ -1,23 +0,0 @@
|
|
1
|
-
bundler_args: --without development
|
2
|
-
before_install:
|
3
|
-
- gem update --system
|
4
|
-
- gem update bundler
|
5
|
-
cache: bundler
|
6
|
-
env:
|
7
|
-
global:
|
8
|
-
- JRUBY_OPTS="$JRUBY_OPTS --debug"
|
9
|
-
language: ruby
|
10
|
-
rvm:
|
11
|
-
- jruby-9000
|
12
|
-
- 2.2.9
|
13
|
-
- 2.3.5
|
14
|
-
- 2.4.4
|
15
|
-
- 2.5.3
|
16
|
-
- jruby-head
|
17
|
-
- ruby-head
|
18
|
-
matrix:
|
19
|
-
allow_failures:
|
20
|
-
- rvm: jruby-head
|
21
|
-
- rvm: ruby-head
|
22
|
-
fast_finish: true
|
23
|
-
sudo: false
|