omniauth-oauth2 1.7.0 → 1.7.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 35d242e59c9afdaf9936548a38aa617b67ff9d24be62bb019e3f2c448d0304a3
4
- data.tar.gz: 0340fe1535cf2eddaa261a5306394b7a5381136df2f735c77fc4441eaeb8e107
3
+ metadata.gz: eed560b878b25e1f2fa484d75ec45114ea450ff41e9b13ab4e65ba2af728a539
4
+ data.tar.gz: 25cb6f386671fdc7c642e87b9f3069a0da4cca234c23bbcf597cca828ad87a9f
5
5
  SHA512:
6
- metadata.gz: e87d41e2854c624939d2142654ab9adf11a7336a199d2cfc3790f3eaccc07a62a43715fbb07c9353bccc5160c2dd06369415da70f69e9ed8d980ef6d76b415bc
7
- data.tar.gz: bae2d1d3f173a93cceb14809efdc72bba6c40373102e65da1df03881ba4799a4d18446e2de072da56572e94c73d807cffe00e55daaf7de370325563409798a5b
6
+ metadata.gz: 872af8f8b8dade1df9186467c89e337f1328bc79714a3ce3178846ac4bfec339c0d29620e3b69ce7398aa3d61371b04a281fc6fe699f17f651b7a338b9dca9cb
7
+ data.tar.gz: 438d8c082691dbc31045f0be9efc650f97e1d5ff9db56c78c47b55eb55417ae0a66cfb4943717b4eaf9edceb23c4ab1ff86fb7b48301e7501f486c3c060c573b
@@ -0,0 +1,2 @@
1
+ github: bobbymcwho
2
+ tidelift: rubygems/omniauth-oauth2
@@ -0,0 +1,67 @@
1
+ name: Ruby
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-18.04
12
+ strategy:
13
+ fail-fast: false
14
+ matrix:
15
+ os: [ubuntu, macos]
16
+ ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
17
+ steps:
18
+ - uses: actions/checkout@v2
19
+ - name: Set up Ruby
20
+ uses: ruby/setup-ruby@v1
21
+ with:
22
+ ruby-version: ${{ matrix.ruby }}
23
+ bundler-cache: true
24
+ - name: Install dependencies
25
+ run: bundle install
26
+ - name: Run tests
27
+ run: bundle exec rake
28
+ test-jruby:
29
+ runs-on: ubuntu-18.04
30
+ strategy:
31
+ fail-fast: false
32
+ matrix:
33
+ os: [ubuntu, macos]
34
+ jruby: [jruby, jruby-head]
35
+ steps:
36
+ - uses: actions/checkout@v2
37
+ - name: Set up Ruby
38
+ uses: ruby/setup-ruby@v1
39
+ with:
40
+ ruby-version: ${{ matrix.jruby }}
41
+ bundler-cache: true
42
+ - name: Install dependencies
43
+ env:
44
+ JRUBY_OPTS: --debug
45
+ run: bundle install
46
+ - name: Run tests
47
+ env:
48
+ JRUBY_OPTS: --debug
49
+ run: bundle exec rake
50
+ coveralls:
51
+ runs-on: ubuntu-18.04
52
+ steps:
53
+ - uses: actions/checkout@v2
54
+ - name: Set up Ruby
55
+ uses: ruby/setup-ruby@v1
56
+ with:
57
+ ruby-version: 2.6
58
+ bundler-cache: true
59
+ - name: Install dependencies
60
+ run: bundle install
61
+ - name: Run tests
62
+ run: bundle exec rake
63
+ - name: Coveralls GitHub Action
64
+ uses: coverallsapp/github-action@v1.1.2
65
+ with:
66
+ github-token: ${{ secrets.github_token }}
67
+ path-to-lcov: './coverage/lcov/omniauth-oauth2.lcov'
data/Gemfile CHANGED
@@ -1,17 +1,18 @@
1
1
  source "https://rubygems.org"
2
2
 
3
- gem "rake", "~> 12.0"
3
+ gem "rake", "~> 13.0"
4
4
 
5
5
  group :test do
6
6
  gem "addressable", "~> 2.3.8", :platforms => %i[jruby ruby_18]
7
- gem "coveralls"
7
+ gem 'coveralls_reborn', '~> 0.19.0', require: false
8
8
  gem "json", :platforms => %i[jruby ruby_18 ruby_19]
9
9
  gem "mime-types", "~> 1.25", :platforms => %i[jruby ruby_18]
10
10
  gem "rack-test"
11
11
  gem "rest-client", "~> 1.8.0", :platforms => %i[jruby ruby_18]
12
12
  gem "rspec", "~> 3.2"
13
13
  gem "rubocop", ">= 0.51", :platforms => %i[ruby_19 ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
14
- gem "simplecov", ">= 0.9"
14
+ gem 'simplecov-lcov'
15
+ gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
15
16
  gem "webmock", "~> 3.0"
16
17
  end
17
18
 
data/README.md CHANGED
@@ -1,13 +1,11 @@
1
1
  # OmniAuth OAuth2
2
2
 
3
3
  [![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
4
- [![Build Status](http://img.shields.io/travis/omniauth/omniauth-oauth2.svg)][travis]
5
4
  [![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
6
5
  [![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
7
6
  [![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
8
7
 
9
8
  [gem]: https://rubygems.org/gems/omniauth-oauth2
10
- [travis]: http://travis-ci.org/omniauth/omniauth-oauth2
11
9
  [codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
12
10
  [coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
13
11
 
@@ -32,7 +30,7 @@ module OmniAuth
32
30
  # This is where you pass the options you would pass when
33
31
  # initializing your consumer from the OAuth gem.
34
32
  option :client_options, {:site => "https://api.somesite.com"}
35
-
33
+
36
34
  # You may specify that your strategy should use PKCE by setting
37
35
  # the pkce option to true: https://tools.ietf.org/html/rfc7636
38
36
  option :pkce, true
@@ -66,3 +64,12 @@ end
66
64
  ```
67
65
 
68
66
  That's pretty much it!
67
+
68
+ ## OmniAuth-OAuth2 for Enterprise
69
+
70
+ Available as part of the Tidelift Subscription.
71
+
72
+ The maintainers of OmniAuth-OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise)
73
+
74
+ ## Supported Ruby Versions
75
+ OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
data/SECURITY.md ADDED
@@ -0,0 +1,17 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ Use this section to tell people about which versions of your project are
6
+ currently being supported with security updates.
7
+
8
+ | Version | Supported |
9
+ | ------- | ------------------ |
10
+ | 1.7.x | :white_check_mark: |
11
+ | <= 1.6.x | :x: |
12
+
13
+ ## Security contact information
14
+
15
+ To report a security vulnerability, please use the
16
+ [Tidelift security contact](https://tidelift.com/security).
17
+ Tidelift will coordinate the fix and disclosure.
@@ -83,10 +83,10 @@ module OmniAuth
83
83
 
84
84
  def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
85
85
  error = request.params["error_reason"] || request.params["error"]
86
- if error
87
- fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
88
- elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
86
+ if !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
89
87
  fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
88
+ elsif error
89
+ fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
90
90
  else
91
91
  self.access_token = build_access_token
92
92
  self.access_token = access_token.refresh! if access_token.expired?
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module OAuth2
3
- VERSION = "1.7.0".freeze
3
+ VERSION = "1.7.2".freeze
4
4
  end
5
5
  end
@@ -4,7 +4,7 @@ require "omniauth-oauth2/version"
4
4
 
5
5
  Gem::Specification.new do |gem|
6
6
  gem.add_dependency "oauth2", "~> 1.4"
7
- gem.add_dependency "omniauth", "~> 1.9"
7
+ gem.add_dependency "omniauth", [">= 1.9", "< 3"]
8
8
 
9
9
  gem.add_development_dependency "bundler", "~> 2.0"
10
10
 
data/spec/helper.rb CHANGED
@@ -3,9 +3,16 @@ $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
3
3
 
4
4
  if RUBY_VERSION >= "1.9"
5
5
  require "simplecov"
6
+ require "simplecov-lcov"
6
7
  require "coveralls"
7
8
 
8
- SimpleCov.formatters = [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter]
9
+ SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true
10
+
11
+ SimpleCov.formatters = [
12
+ SimpleCov::Formatter::HTMLFormatter,
13
+ SimpleCov::Formatter::LcovFormatter,
14
+ Coveralls::SimpleCov::Formatter
15
+ ]
9
16
 
10
17
  SimpleCov.start do
11
18
  minimum_coverage(78.48)
@@ -97,14 +97,47 @@ describe OmniAuth::Strategies::OAuth2 do
97
97
  end
98
98
 
99
99
  describe "#callback_phase" do
100
- subject { fresh_strategy }
101
- it "calls fail with the client error received" do
102
- instance = subject.new("abc", "def")
100
+ subject(:instance) { fresh_strategy.new("abc", "def") }
101
+
102
+ let(:params) { {"error_reason" => "user_denied", "error" => "access_denied", "state" => state} }
103
+ let(:state) { "secret" }
104
+
105
+ before do
103
106
  allow(instance).to receive(:request) do
104
- double("Request", :params => {"error_reason" => "user_denied", "error" => "access_denied"})
107
+ double("Request", :params => params)
108
+ end
109
+
110
+ allow(instance).to receive(:session) do
111
+ double("Session", :delete => state)
105
112
  end
113
+ end
114
+
115
+ it "calls fail with the error received" do
116
+ expect(instance).to receive(:fail!).with("user_denied", anything)
117
+
118
+ instance.callback_phase
119
+ end
120
+
121
+ it "calls fail with the error received if state is missing and CSRF verification is disabled" do
122
+ params["state"] = nil
123
+ instance.options.provider_ignores_state = true
106
124
 
107
125
  expect(instance).to receive(:fail!).with("user_denied", anything)
126
+
127
+ instance.callback_phase
128
+ end
129
+
130
+ it "calls fail with a CSRF error if the state is missing" do
131
+ params["state"] = nil
132
+
133
+ expect(instance).to receive(:fail!).with(:csrf_detected, anything)
134
+ instance.callback_phase
135
+ end
136
+
137
+ it "calls fail with a CSRF error if the state is invalid" do
138
+ params["state"] = "invalid"
139
+
140
+ expect(instance).to receive(:fail!).with(:csrf_detected, anything)
108
141
  instance.callback_phase
109
142
  end
110
143
  end
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 1.7.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Bleigh
8
8
  - Erik Michaels-Ober
9
9
  - Tom Milewski
10
- autorequire:
10
+ autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2020-08-11 00:00:00.000000000 Z
13
+ date: 2021-11-02 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: oauth2
@@ -30,16 +30,22 @@ dependencies:
30
30
  name: omniauth
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
- - - "~>"
33
+ - - ">="
34
34
  - !ruby/object:Gem::Version
35
35
  version: '1.9'
36
+ - - "<"
37
+ - !ruby/object:Gem::Version
38
+ version: '3'
36
39
  type: :runtime
37
40
  prerelease: false
38
41
  version_requirements: !ruby/object:Gem::Requirement
39
42
  requirements:
40
- - - "~>"
43
+ - - ">="
41
44
  - !ruby/object:Gem::Version
42
45
  version: '1.9'
46
+ - - "<"
47
+ - !ruby/object:Gem::Version
48
+ version: '3'
43
49
  - !ruby/object:Gem::Dependency
44
50
  name: bundler
45
51
  requirement: !ruby/object:Gem::Requirement
@@ -63,14 +69,16 @@ executables: []
63
69
  extensions: []
64
70
  extra_rdoc_files: []
65
71
  files:
72
+ - ".github/FUNDING.yml"
73
+ - ".github/workflows/main.yml"
66
74
  - ".gitignore"
67
75
  - ".rspec"
68
76
  - ".rubocop.yml"
69
- - ".travis.yml"
70
77
  - Gemfile
71
78
  - LICENSE.md
72
79
  - README.md
73
80
  - Rakefile
81
+ - SECURITY.md
74
82
  - lib/omniauth-oauth2.rb
75
83
  - lib/omniauth-oauth2/version.rb
76
84
  - lib/omniauth/strategies/oauth2.rb
@@ -81,7 +89,7 @@ homepage: https://github.com/omniauth/omniauth-oauth2
81
89
  licenses:
82
90
  - MIT
83
91
  metadata: {}
84
- post_install_message:
92
+ post_install_message:
85
93
  rdoc_options: []
86
94
  require_paths:
87
95
  - lib
@@ -96,8 +104,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
96
104
  - !ruby/object:Gem::Version
97
105
  version: '0'
98
106
  requirements: []
99
- rubygems_version: 3.0.0
100
- signing_key:
107
+ rubygems_version: 3.2.30
108
+ signing_key:
101
109
  specification_version: 4
102
110
  summary: An abstract OAuth2 strategy for OmniAuth.
103
111
  test_files:
data/.travis.yml DELETED
@@ -1,21 +0,0 @@
1
- bundler_args: --without development
2
- before_install:
3
- - gem update --system
4
- - gem update bundler
5
- cache: bundler
6
- env:
7
- global:
8
- - JRUBY_OPTS="$JRUBY_OPTS --debug"
9
- language: ruby
10
- rvm:
11
- - jruby-9000
12
- - 2.4.4
13
- - 2.5.3
14
- - jruby-head
15
- - ruby-head
16
- matrix:
17
- allow_failures:
18
- - rvm: jruby-head
19
- - rvm: ruby-head
20
- fast_finish: true
21
- sudo: false