omniauth-oauth2 1.7.0 → 1.7.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 35d242e59c9afdaf9936548a38aa617b67ff9d24be62bb019e3f2c448d0304a3
4
- data.tar.gz: 0340fe1535cf2eddaa261a5306394b7a5381136df2f735c77fc4441eaeb8e107
3
+ metadata.gz: 1cfccae8e5d95ff37c5a88596fc3464bfdc10471b94d25be1276b47588307e63
4
+ data.tar.gz: 260bb7870be94104e5c40508efccbc0553f6bd10a73f9181638f4879e8e7c4be
5
5
  SHA512:
6
- metadata.gz: e87d41e2854c624939d2142654ab9adf11a7336a199d2cfc3790f3eaccc07a62a43715fbb07c9353bccc5160c2dd06369415da70f69e9ed8d980ef6d76b415bc
7
- data.tar.gz: bae2d1d3f173a93cceb14809efdc72bba6c40373102e65da1df03881ba4799a4d18446e2de072da56572e94c73d807cffe00e55daaf7de370325563409798a5b
6
+ metadata.gz: 16a414cb96f9b74322df084c76ee88ed97c54d881dc202df9b7d1ff63810bbe55c5b00add89d4a3230b50ecf8130f3c25c7c38ca446a6b954fcacd219c6f0c89
7
+ data.tar.gz: cc57ebdec3e22f48f9e8b780960152c115976ff4cc76e289b0dc37f0ced30105fb9512048e27123466c44202c8788a6786839d4f07fc71856fd87c461b5a7680
@@ -0,0 +1,2 @@
1
+ github: bobbymcwho
2
+ tidelift: rubygems/omniauth-oauth2
@@ -0,0 +1,67 @@
1
+ name: Ruby
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-18.04
12
+ strategy:
13
+ fail-fast: false
14
+ matrix:
15
+ os: [ubuntu, macos]
16
+ ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug, truffleruby, truffleruby-head]
17
+ steps:
18
+ - uses: actions/checkout@v2
19
+ - name: Set up Ruby
20
+ uses: ruby/setup-ruby@v1
21
+ with:
22
+ ruby-version: ${{ matrix.ruby }}
23
+ bundler-cache: true
24
+ - name: Install dependencies
25
+ run: bundle install
26
+ - name: Run tests
27
+ run: bundle exec rake
28
+ test-jruby:
29
+ runs-on: ubuntu-18.04
30
+ strategy:
31
+ fail-fast: false
32
+ matrix:
33
+ os: [ubuntu, macos]
34
+ jruby: [jruby, jruby-head]
35
+ steps:
36
+ - uses: actions/checkout@v2
37
+ - name: Set up Ruby
38
+ uses: ruby/setup-ruby@v1
39
+ with:
40
+ ruby-version: ${{ matrix.jruby }}
41
+ bundler-cache: true
42
+ - name: Install dependencies
43
+ env:
44
+ JRUBY_OPTS: --debug
45
+ run: bundle install
46
+ - name: Run tests
47
+ env:
48
+ JRUBY_OPTS: --debug
49
+ run: bundle exec rake
50
+ coveralls:
51
+ runs-on: ubuntu-18.04
52
+ steps:
53
+ - uses: actions/checkout@v2
54
+ - name: Set up Ruby
55
+ uses: ruby/setup-ruby@v1
56
+ with:
57
+ ruby-version: 2.6
58
+ bundler-cache: true
59
+ - name: Install dependencies
60
+ run: bundle install
61
+ - name: Run tests
62
+ run: bundle exec rake
63
+ - name: Coveralls GitHub Action
64
+ uses: coverallsapp/github-action@v1.1.2
65
+ with:
66
+ github-token: ${{ secrets.github_token }}
67
+ path-to-lcov: './coverage/lcov/omniauth-oauth2.lcov'
data/Gemfile CHANGED
@@ -1,17 +1,18 @@
1
1
  source "https://rubygems.org"
2
2
 
3
- gem "rake", "~> 12.0"
3
+ gem "rake", "~> 13.0"
4
4
 
5
5
  group :test do
6
6
  gem "addressable", "~> 2.3.8", :platforms => %i[jruby ruby_18]
7
- gem "coveralls"
7
+ gem 'coveralls_reborn', '~> 0.19.0', require: false
8
8
  gem "json", :platforms => %i[jruby ruby_18 ruby_19]
9
9
  gem "mime-types", "~> 1.25", :platforms => %i[jruby ruby_18]
10
10
  gem "rack-test"
11
11
  gem "rest-client", "~> 1.8.0", :platforms => %i[jruby ruby_18]
12
12
  gem "rspec", "~> 3.2"
13
13
  gem "rubocop", ">= 0.51", :platforms => %i[ruby_19 ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
14
- gem "simplecov", ">= 0.9"
14
+ gem 'simplecov-lcov'
15
+ gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
15
16
  gem "webmock", "~> 3.0"
16
17
  end
17
18
 
data/README.md CHANGED
@@ -1,13 +1,11 @@
1
1
  # OmniAuth OAuth2
2
2
 
3
3
  [![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
4
- [![Build Status](http://img.shields.io/travis/omniauth/omniauth-oauth2.svg)][travis]
5
4
  [![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
6
5
  [![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
7
6
  [![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
8
7
 
9
8
  [gem]: https://rubygems.org/gems/omniauth-oauth2
10
- [travis]: http://travis-ci.org/omniauth/omniauth-oauth2
11
9
  [codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
12
10
  [coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
13
11
 
@@ -32,7 +30,7 @@ module OmniAuth
32
30
  # This is where you pass the options you would pass when
33
31
  # initializing your consumer from the OAuth gem.
34
32
  option :client_options, {:site => "https://api.somesite.com"}
35
-
33
+
36
34
  # You may specify that your strategy should use PKCE by setting
37
35
  # the pkce option to true: https://tools.ietf.org/html/rfc7636
38
36
  option :pkce, true
@@ -66,3 +64,12 @@ end
66
64
  ```
67
65
 
68
66
  That's pretty much it!
67
+
68
+ ## OmniAuth-OAuth2 for Enterprise
69
+
70
+ Available as part of the Tidelift Subscription.
71
+
72
+ The maintainers of OmniAuth-OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise)
73
+
74
+ ## Supported Ruby Versions
75
+ OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
data/SECURITY.md ADDED
@@ -0,0 +1,17 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ Use this section to tell people about which versions of your project are
6
+ currently being supported with security updates.
7
+
8
+ | Version | Supported |
9
+ | ------- | ------------------ |
10
+ | 1.7.x | :white_check_mark: |
11
+ | <= 1.6.x | :x: |
12
+
13
+ ## Security contact information
14
+
15
+ To report a security vulnerability, please use the
16
+ [Tidelift security contact](https://tidelift.com/security).
17
+ Tidelift will coordinate the fix and disclosure.
@@ -83,10 +83,10 @@ module OmniAuth
83
83
 
84
84
  def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
85
85
  error = request.params["error_reason"] || request.params["error"]
86
- if error
87
- fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
88
- elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
86
+ if !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
89
87
  fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
88
+ elsif error
89
+ fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
90
90
  else
91
91
  self.access_token = build_access_token
92
92
  self.access_token = access_token.refresh! if access_token.expired?
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module OAuth2
3
- VERSION = "1.7.0".freeze
3
+ VERSION = "1.7.3".freeze
4
4
  end
5
5
  end
@@ -3,8 +3,8 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
  require "omniauth-oauth2/version"
4
4
 
5
5
  Gem::Specification.new do |gem|
6
- gem.add_dependency "oauth2", "~> 1.4"
7
- gem.add_dependency "omniauth", "~> 1.9"
6
+ gem.add_dependency "oauth2", [">= 1.4", "< 3"]
7
+ gem.add_dependency "omniauth", [">= 1.9", "< 3"]
8
8
 
9
9
  gem.add_development_dependency "bundler", "~> 2.0"
10
10
 
data/spec/helper.rb CHANGED
@@ -3,9 +3,16 @@ $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
3
3
 
4
4
  if RUBY_VERSION >= "1.9"
5
5
  require "simplecov"
6
+ require "simplecov-lcov"
6
7
  require "coveralls"
7
8
 
8
- SimpleCov.formatters = [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter]
9
+ SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true
10
+
11
+ SimpleCov.formatters = [
12
+ SimpleCov::Formatter::HTMLFormatter,
13
+ SimpleCov::Formatter::LcovFormatter,
14
+ Coveralls::SimpleCov::Formatter
15
+ ]
9
16
 
10
17
  SimpleCov.start do
11
18
  minimum_coverage(78.48)
@@ -97,14 +97,47 @@ describe OmniAuth::Strategies::OAuth2 do
97
97
  end
98
98
 
99
99
  describe "#callback_phase" do
100
- subject { fresh_strategy }
101
- it "calls fail with the client error received" do
102
- instance = subject.new("abc", "def")
100
+ subject(:instance) { fresh_strategy.new("abc", "def") }
101
+
102
+ let(:params) { {"error_reason" => "user_denied", "error" => "access_denied", "state" => state} }
103
+ let(:state) { "secret" }
104
+
105
+ before do
103
106
  allow(instance).to receive(:request) do
104
- double("Request", :params => {"error_reason" => "user_denied", "error" => "access_denied"})
107
+ double("Request", :params => params)
108
+ end
109
+
110
+ allow(instance).to receive(:session) do
111
+ double("Session", :delete => state)
105
112
  end
113
+ end
114
+
115
+ it "calls fail with the error received" do
116
+ expect(instance).to receive(:fail!).with("user_denied", anything)
117
+
118
+ instance.callback_phase
119
+ end
120
+
121
+ it "calls fail with the error received if state is missing and CSRF verification is disabled" do
122
+ params["state"] = nil
123
+ instance.options.provider_ignores_state = true
106
124
 
107
125
  expect(instance).to receive(:fail!).with("user_denied", anything)
126
+
127
+ instance.callback_phase
128
+ end
129
+
130
+ it "calls fail with a CSRF error if the state is missing" do
131
+ params["state"] = nil
132
+
133
+ expect(instance).to receive(:fail!).with(:csrf_detected, anything)
134
+ instance.callback_phase
135
+ end
136
+
137
+ it "calls fail with a CSRF error if the state is invalid" do
138
+ params["state"] = "invalid"
139
+
140
+ expect(instance).to receive(:fail!).with(:csrf_detected, anything)
108
141
  instance.callback_phase
109
142
  end
110
143
  end
metadata CHANGED
@@ -1,45 +1,57 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 1.7.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Bleigh
8
8
  - Erik Michaels-Ober
9
9
  - Tom Milewski
10
- autorequire:
10
+ autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2020-08-11 00:00:00.000000000 Z
13
+ date: 2022-06-19 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: oauth2
17
17
  requirement: !ruby/object:Gem::Requirement
18
18
  requirements:
19
- - - "~>"
19
+ - - ">="
20
20
  - !ruby/object:Gem::Version
21
21
  version: '1.4'
22
+ - - "<"
23
+ - !ruby/object:Gem::Version
24
+ version: '3'
22
25
  type: :runtime
23
26
  prerelease: false
24
27
  version_requirements: !ruby/object:Gem::Requirement
25
28
  requirements:
26
- - - "~>"
29
+ - - ">="
27
30
  - !ruby/object:Gem::Version
28
31
  version: '1.4'
32
+ - - "<"
33
+ - !ruby/object:Gem::Version
34
+ version: '3'
29
35
  - !ruby/object:Gem::Dependency
30
36
  name: omniauth
31
37
  requirement: !ruby/object:Gem::Requirement
32
38
  requirements:
33
- - - "~>"
39
+ - - ">="
34
40
  - !ruby/object:Gem::Version
35
41
  version: '1.9'
42
+ - - "<"
43
+ - !ruby/object:Gem::Version
44
+ version: '3'
36
45
  type: :runtime
37
46
  prerelease: false
38
47
  version_requirements: !ruby/object:Gem::Requirement
39
48
  requirements:
40
- - - "~>"
49
+ - - ">="
41
50
  - !ruby/object:Gem::Version
42
51
  version: '1.9'
52
+ - - "<"
53
+ - !ruby/object:Gem::Version
54
+ version: '3'
43
55
  - !ruby/object:Gem::Dependency
44
56
  name: bundler
45
57
  requirement: !ruby/object:Gem::Requirement
@@ -63,14 +75,16 @@ executables: []
63
75
  extensions: []
64
76
  extra_rdoc_files: []
65
77
  files:
78
+ - ".github/FUNDING.yml"
79
+ - ".github/workflows/main.yml"
66
80
  - ".gitignore"
67
81
  - ".rspec"
68
82
  - ".rubocop.yml"
69
- - ".travis.yml"
70
83
  - Gemfile
71
84
  - LICENSE.md
72
85
  - README.md
73
86
  - Rakefile
87
+ - SECURITY.md
74
88
  - lib/omniauth-oauth2.rb
75
89
  - lib/omniauth-oauth2/version.rb
76
90
  - lib/omniauth/strategies/oauth2.rb
@@ -81,7 +95,7 @@ homepage: https://github.com/omniauth/omniauth-oauth2
81
95
  licenses:
82
96
  - MIT
83
97
  metadata: {}
84
- post_install_message:
98
+ post_install_message:
85
99
  rdoc_options: []
86
100
  require_paths:
87
101
  - lib
@@ -96,8 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
96
110
  - !ruby/object:Gem::Version
97
111
  version: '0'
98
112
  requirements: []
99
- rubygems_version: 3.0.0
100
- signing_key:
113
+ rubygems_version: 3.2.32
114
+ signing_key:
101
115
  specification_version: 4
102
116
  summary: An abstract OAuth2 strategy for OmniAuth.
103
117
  test_files:
data/.travis.yml DELETED
@@ -1,21 +0,0 @@
1
- bundler_args: --without development
2
- before_install:
3
- - gem update --system
4
- - gem update bundler
5
- cache: bundler
6
- env:
7
- global:
8
- - JRUBY_OPTS="$JRUBY_OPTS --debug"
9
- language: ruby
10
- rvm:
11
- - jruby-9000
12
- - 2.4.4
13
- - 2.5.3
14
- - jruby-head
15
- - ruby-head
16
- matrix:
17
- allow_failures:
18
- - rvm: jruby-head
19
- - rvm: ruby-head
20
- fast_finish: true
21
- sudo: false