omniauth-oauth2 1.7.1 → 1.7.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +2 -0
- data/.github/workflows/main.yml +18 -0
- data/Gemfile +4 -3
- data/README.md +10 -3
- data/SECURITY.md +17 -0
- data/lib/omniauth/strategies/oauth2.rb +3 -3
- data/lib/omniauth-oauth2/version.rb +1 -1
- data/spec/helper.rb +8 -1
- data/spec/omniauth/strategies/oauth2_spec.rb +37 -4
- metadata +8 -7
- data/.travis.yml +0 -22
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eed560b878b25e1f2fa484d75ec45114ea450ff41e9b13ab4e65ba2af728a539
|
4
|
+
data.tar.gz: 25cb6f386671fdc7c642e87b9f3069a0da4cca234c23bbcf597cca828ad87a9f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 872af8f8b8dade1df9186467c89e337f1328bc79714a3ce3178846ac4bfec339c0d29620e3b69ce7398aa3d61371b04a281fc6fe699f17f651b7a338b9dca9cb
|
7
|
+
data.tar.gz: 438d8c082691dbc31045f0be9efc650f97e1d5ff9db56c78c47b55eb55417ae0a66cfb4943717b4eaf9edceb23c4ab1ff86fb7b48301e7501f486c3c060c573b
|
data/.github/FUNDING.yml
ADDED
data/.github/workflows/main.yml
CHANGED
@@ -47,3 +47,21 @@ jobs:
|
|
47
47
|
env:
|
48
48
|
JRUBY_OPTS: --debug
|
49
49
|
run: bundle exec rake
|
50
|
+
coveralls:
|
51
|
+
runs-on: ubuntu-18.04
|
52
|
+
steps:
|
53
|
+
- uses: actions/checkout@v2
|
54
|
+
- name: Set up Ruby
|
55
|
+
uses: ruby/setup-ruby@v1
|
56
|
+
with:
|
57
|
+
ruby-version: 2.6
|
58
|
+
bundler-cache: true
|
59
|
+
- name: Install dependencies
|
60
|
+
run: bundle install
|
61
|
+
- name: Run tests
|
62
|
+
run: bundle exec rake
|
63
|
+
- name: Coveralls GitHub Action
|
64
|
+
uses: coverallsapp/github-action@v1.1.2
|
65
|
+
with:
|
66
|
+
github-token: ${{ secrets.github_token }}
|
67
|
+
path-to-lcov: './coverage/lcov/omniauth-oauth2.lcov'
|
data/Gemfile
CHANGED
@@ -1,17 +1,18 @@
|
|
1
1
|
source "https://rubygems.org"
|
2
2
|
|
3
|
-
gem "rake", "~>
|
3
|
+
gem "rake", "~> 13.0"
|
4
4
|
|
5
5
|
group :test do
|
6
6
|
gem "addressable", "~> 2.3.8", :platforms => %i[jruby ruby_18]
|
7
|
-
gem
|
7
|
+
gem 'coveralls_reborn', '~> 0.19.0', require: false
|
8
8
|
gem "json", :platforms => %i[jruby ruby_18 ruby_19]
|
9
9
|
gem "mime-types", "~> 1.25", :platforms => %i[jruby ruby_18]
|
10
10
|
gem "rack-test"
|
11
11
|
gem "rest-client", "~> 1.8.0", :platforms => %i[jruby ruby_18]
|
12
12
|
gem "rspec", "~> 3.2"
|
13
13
|
gem "rubocop", ">= 0.51", :platforms => %i[ruby_19 ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
|
14
|
-
gem
|
14
|
+
gem 'simplecov-lcov'
|
15
|
+
gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
|
15
16
|
gem "webmock", "~> 3.0"
|
16
17
|
end
|
17
18
|
|
data/README.md
CHANGED
@@ -1,13 +1,11 @@
|
|
1
1
|
# OmniAuth OAuth2
|
2
2
|
|
3
3
|
[![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
|
4
|
-
[![Build Status](http://img.shields.io/travis/omniauth/omniauth-oauth2.svg)][travis]
|
5
4
|
[![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
|
6
5
|
[![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
|
7
6
|
[![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
|
8
7
|
|
9
8
|
[gem]: https://rubygems.org/gems/omniauth-oauth2
|
10
|
-
[travis]: http://travis-ci.org/omniauth/omniauth-oauth2
|
11
9
|
[codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
|
12
10
|
[coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
|
13
11
|
|
@@ -32,7 +30,7 @@ module OmniAuth
|
|
32
30
|
# This is where you pass the options you would pass when
|
33
31
|
# initializing your consumer from the OAuth gem.
|
34
32
|
option :client_options, {:site => "https://api.somesite.com"}
|
35
|
-
|
33
|
+
|
36
34
|
# You may specify that your strategy should use PKCE by setting
|
37
35
|
# the pkce option to true: https://tools.ietf.org/html/rfc7636
|
38
36
|
option :pkce, true
|
@@ -66,3 +64,12 @@ end
|
|
66
64
|
```
|
67
65
|
|
68
66
|
That's pretty much it!
|
67
|
+
|
68
|
+
## OmniAuth-OAuth2 for Enterprise
|
69
|
+
|
70
|
+
Available as part of the Tidelift Subscription.
|
71
|
+
|
72
|
+
The maintainers of OmniAuth-OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise)
|
73
|
+
|
74
|
+
## Supported Ruby Versions
|
75
|
+
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
|
data/SECURITY.md
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
Use this section to tell people about which versions of your project are
|
6
|
+
currently being supported with security updates.
|
7
|
+
|
8
|
+
| Version | Supported |
|
9
|
+
| ------- | ------------------ |
|
10
|
+
| 1.7.x | :white_check_mark: |
|
11
|
+
| <= 1.6.x | :x: |
|
12
|
+
|
13
|
+
## Security contact information
|
14
|
+
|
15
|
+
To report a security vulnerability, please use the
|
16
|
+
[Tidelift security contact](https://tidelift.com/security).
|
17
|
+
Tidelift will coordinate the fix and disclosure.
|
@@ -83,10 +83,10 @@ module OmniAuth
|
|
83
83
|
|
84
84
|
def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
|
85
85
|
error = request.params["error_reason"] || request.params["error"]
|
86
|
-
if
|
87
|
-
fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
|
88
|
-
elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
|
86
|
+
if !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
|
89
87
|
fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
|
88
|
+
elsif error
|
89
|
+
fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
|
90
90
|
else
|
91
91
|
self.access_token = build_access_token
|
92
92
|
self.access_token = access_token.refresh! if access_token.expired?
|
data/spec/helper.rb
CHANGED
@@ -3,9 +3,16 @@ $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
|
|
3
3
|
|
4
4
|
if RUBY_VERSION >= "1.9"
|
5
5
|
require "simplecov"
|
6
|
+
require "simplecov-lcov"
|
6
7
|
require "coveralls"
|
7
8
|
|
8
|
-
SimpleCov.
|
9
|
+
SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true
|
10
|
+
|
11
|
+
SimpleCov.formatters = [
|
12
|
+
SimpleCov::Formatter::HTMLFormatter,
|
13
|
+
SimpleCov::Formatter::LcovFormatter,
|
14
|
+
Coveralls::SimpleCov::Formatter
|
15
|
+
]
|
9
16
|
|
10
17
|
SimpleCov.start do
|
11
18
|
minimum_coverage(78.48)
|
@@ -97,14 +97,47 @@ describe OmniAuth::Strategies::OAuth2 do
|
|
97
97
|
end
|
98
98
|
|
99
99
|
describe "#callback_phase" do
|
100
|
-
subject { fresh_strategy }
|
101
|
-
|
102
|
-
|
100
|
+
subject(:instance) { fresh_strategy.new("abc", "def") }
|
101
|
+
|
102
|
+
let(:params) { {"error_reason" => "user_denied", "error" => "access_denied", "state" => state} }
|
103
|
+
let(:state) { "secret" }
|
104
|
+
|
105
|
+
before do
|
103
106
|
allow(instance).to receive(:request) do
|
104
|
-
double("Request", :params =>
|
107
|
+
double("Request", :params => params)
|
108
|
+
end
|
109
|
+
|
110
|
+
allow(instance).to receive(:session) do
|
111
|
+
double("Session", :delete => state)
|
105
112
|
end
|
113
|
+
end
|
114
|
+
|
115
|
+
it "calls fail with the error received" do
|
116
|
+
expect(instance).to receive(:fail!).with("user_denied", anything)
|
117
|
+
|
118
|
+
instance.callback_phase
|
119
|
+
end
|
120
|
+
|
121
|
+
it "calls fail with the error received if state is missing and CSRF verification is disabled" do
|
122
|
+
params["state"] = nil
|
123
|
+
instance.options.provider_ignores_state = true
|
106
124
|
|
107
125
|
expect(instance).to receive(:fail!).with("user_denied", anything)
|
126
|
+
|
127
|
+
instance.callback_phase
|
128
|
+
end
|
129
|
+
|
130
|
+
it "calls fail with a CSRF error if the state is missing" do
|
131
|
+
params["state"] = nil
|
132
|
+
|
133
|
+
expect(instance).to receive(:fail!).with(:csrf_detected, anything)
|
134
|
+
instance.callback_phase
|
135
|
+
end
|
136
|
+
|
137
|
+
it "calls fail with a CSRF error if the state is invalid" do
|
138
|
+
params["state"] = "invalid"
|
139
|
+
|
140
|
+
expect(instance).to receive(:fail!).with(:csrf_detected, anything)
|
108
141
|
instance.callback_phase
|
109
142
|
end
|
110
143
|
end
|
metadata
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.7.
|
4
|
+
version: 1.7.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Bleigh
|
8
8
|
- Erik Michaels-Ober
|
9
9
|
- Tom Milewski
|
10
|
-
autorequire:
|
10
|
+
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2021-
|
13
|
+
date: 2021-11-02 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: oauth2
|
@@ -69,15 +69,16 @@ executables: []
|
|
69
69
|
extensions: []
|
70
70
|
extra_rdoc_files: []
|
71
71
|
files:
|
72
|
+
- ".github/FUNDING.yml"
|
72
73
|
- ".github/workflows/main.yml"
|
73
74
|
- ".gitignore"
|
74
75
|
- ".rspec"
|
75
76
|
- ".rubocop.yml"
|
76
|
-
- ".travis.yml"
|
77
77
|
- Gemfile
|
78
78
|
- LICENSE.md
|
79
79
|
- README.md
|
80
80
|
- Rakefile
|
81
|
+
- SECURITY.md
|
81
82
|
- lib/omniauth-oauth2.rb
|
82
83
|
- lib/omniauth-oauth2/version.rb
|
83
84
|
- lib/omniauth/strategies/oauth2.rb
|
@@ -88,7 +89,7 @@ homepage: https://github.com/omniauth/omniauth-oauth2
|
|
88
89
|
licenses:
|
89
90
|
- MIT
|
90
91
|
metadata: {}
|
91
|
-
post_install_message:
|
92
|
+
post_install_message:
|
92
93
|
rdoc_options: []
|
93
94
|
require_paths:
|
94
95
|
- lib
|
@@ -103,8 +104,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
104
|
- !ruby/object:Gem::Version
|
104
105
|
version: '0'
|
105
106
|
requirements: []
|
106
|
-
rubygems_version: 3.
|
107
|
-
signing_key:
|
107
|
+
rubygems_version: 3.2.30
|
108
|
+
signing_key:
|
108
109
|
specification_version: 4
|
109
110
|
summary: An abstract OAuth2 strategy for OmniAuth.
|
110
111
|
test_files:
|
data/.travis.yml
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
bundler_args: --without development
|
2
|
-
before_install:
|
3
|
-
- gem update --system
|
4
|
-
- gem update bundler
|
5
|
-
cache: bundler
|
6
|
-
env:
|
7
|
-
global:
|
8
|
-
- JRUBY_OPTS="$JRUBY_OPTS --debug"
|
9
|
-
language: ruby
|
10
|
-
rvm:
|
11
|
-
- jruby-9000
|
12
|
-
- 2.4.4
|
13
|
-
- 2.5.3
|
14
|
-
- jruby-head
|
15
|
-
- ruby-head
|
16
|
-
- truffleruby-head
|
17
|
-
matrix:
|
18
|
-
allow_failures:
|
19
|
-
- rvm: jruby-head
|
20
|
-
- rvm: ruby-head
|
21
|
-
fast_finish: true
|
22
|
-
sudo: false
|