omniauth-oauth2 1.6.0 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +29 -4
- data/.travis.yml +0 -2
- data/README.md +7 -6
- data/Rakefile +1 -0
- data/lib/omniauth-oauth2.rb +1 -1
- data/lib/omniauth-oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/oauth2.rb +48 -9
- data/omniauth-oauth2.gemspec +2 -2
- data/spec/omniauth/strategies/oauth2_spec.rb +22 -1
- metadata +7 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 35d242e59c9afdaf9936548a38aa617b67ff9d24be62bb019e3f2c448d0304a3
|
4
|
+
data.tar.gz: 0340fe1535cf2eddaa261a5306394b7a5381136df2f735c77fc4441eaeb8e107
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e87d41e2854c624939d2142654ab9adf11a7336a199d2cfc3790f3eaccc07a62a43715fbb07c9353bccc5160c2dd06369415da70f69e9ed8d980ef6d76b415bc
|
7
|
+
data.tar.gz: bae2d1d3f173a93cceb14809efdc72bba6c40373102e65da1df03881ba4799a4d18446e2de072da56572e94c73d807cffe00e55daaf7de370325563409798a5b
|
data/.rubocop.yml
CHANGED
@@ -1,15 +1,34 @@
|
|
1
|
+
AllCops:
|
2
|
+
NewCops: enable
|
3
|
+
|
4
|
+
Gemspec/RequiredRubyVersion:
|
5
|
+
Enabled: false
|
6
|
+
|
1
7
|
Layout/AccessModifierIndentation:
|
2
8
|
EnforcedStyle: outdent
|
3
9
|
|
10
|
+
Layout/LineLength:
|
11
|
+
AllowURI: true
|
12
|
+
Enabled: false
|
13
|
+
|
4
14
|
Layout/SpaceInsideHashLiteralBraces:
|
5
15
|
EnforcedStyle: no_space
|
6
16
|
|
17
|
+
Lint/MissingSuper:
|
18
|
+
Enabled: false
|
19
|
+
|
20
|
+
Metrics/AbcSize:
|
21
|
+
Max: 18
|
22
|
+
|
23
|
+
Metrics/BlockLength:
|
24
|
+
Exclude:
|
25
|
+
- spec/omniauth/strategies/oauth2_spec.rb
|
26
|
+
|
7
27
|
Metrics/BlockNesting:
|
8
28
|
Max: 2
|
9
29
|
|
10
|
-
Metrics/
|
11
|
-
|
12
|
-
Enabled: false
|
30
|
+
Metrics/ClassLength:
|
31
|
+
Max: 110
|
13
32
|
|
14
33
|
Metrics/MethodLength:
|
15
34
|
CountComments: false
|
@@ -19,6 +38,10 @@ Metrics/ParameterLists:
|
|
19
38
|
Max: 4
|
20
39
|
CountKeywordArgs: true
|
21
40
|
|
41
|
+
Naming/FileName:
|
42
|
+
Exclude:
|
43
|
+
- lib/omniauth-oauth2.rb
|
44
|
+
|
22
45
|
Style/CollectionMethods:
|
23
46
|
PreferredMethods:
|
24
47
|
map: 'collect'
|
@@ -35,6 +58,9 @@ Style/DoubleNegation:
|
|
35
58
|
Style/ExpandPathArguments:
|
36
59
|
Enabled: false
|
37
60
|
|
61
|
+
Style/FrozenStringLiteralComment:
|
62
|
+
Enabled: false
|
63
|
+
|
38
64
|
Style/HashSyntax:
|
39
65
|
EnforcedStyle: hash_rockets
|
40
66
|
|
@@ -52,4 +78,3 @@ Style/TrailingCommaInHashLiteral:
|
|
52
78
|
|
53
79
|
Style/TrailingCommaInArrayLiteral:
|
54
80
|
EnforcedStyleForMultiline: comma
|
55
|
-
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -2,16 +2,14 @@
|
|
2
2
|
|
3
3
|
[![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]
|
4
4
|
[![Build Status](http://img.shields.io/travis/omniauth/omniauth-oauth2.svg)][travis]
|
5
|
-
[![
|
6
|
-
[![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth-oauth2.svg)][codeclimate]
|
5
|
+
[![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]
|
7
6
|
[![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]
|
8
7
|
[![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
|
9
8
|
|
10
9
|
[gem]: https://rubygems.org/gems/omniauth-oauth2
|
11
10
|
[travis]: http://travis-ci.org/omniauth/omniauth-oauth2
|
12
|
-
[
|
13
|
-
[
|
14
|
-
[coveralls]: https://coveralls.io/r/omniauth/omniauth-oauth2
|
11
|
+
[codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
|
12
|
+
[coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
|
15
13
|
|
16
14
|
This gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve
|
17
15
|
as a building block strategy for other strategies and not to be used
|
@@ -34,6 +32,10 @@ module OmniAuth
|
|
34
32
|
# This is where you pass the options you would pass when
|
35
33
|
# initializing your consumer from the OAuth gem.
|
36
34
|
option :client_options, {:site => "https://api.somesite.com"}
|
35
|
+
|
36
|
+
# You may specify that your strategy should use PKCE by setting
|
37
|
+
# the pkce option to true: https://tools.ietf.org/html/rfc7636
|
38
|
+
option :pkce, true
|
37
39
|
|
38
40
|
# These are called after authentication has succeeded. If
|
39
41
|
# possible, you should try to set the UID without making
|
@@ -64,4 +66,3 @@ end
|
|
64
66
|
```
|
65
67
|
|
66
68
|
That's pretty much it!
|
67
|
-
|
data/Rakefile
CHANGED
data/lib/omniauth-oauth2.rb
CHANGED
@@ -1,2 +1,2 @@
|
|
1
|
-
require "omniauth-oauth2/version"
|
1
|
+
require "omniauth-oauth2/version"
|
2
2
|
require "omniauth/strategies/oauth2"
|
@@ -24,11 +24,22 @@ module OmniAuth
|
|
24
24
|
option :client_secret, nil
|
25
25
|
option :client_options, {}
|
26
26
|
option :authorize_params, {}
|
27
|
-
option :authorize_options, [
|
27
|
+
option :authorize_options, %i[scope state]
|
28
28
|
option :token_params, {}
|
29
29
|
option :token_options, []
|
30
30
|
option :auth_token_params, {}
|
31
31
|
option :provider_ignores_state, false
|
32
|
+
option :pkce, false
|
33
|
+
option :pkce_verifier, nil
|
34
|
+
option :pkce_options, {
|
35
|
+
:code_challenge => proc { |verifier|
|
36
|
+
Base64.urlsafe_encode64(
|
37
|
+
Digest::SHA2.digest(verifier),
|
38
|
+
:padding => false,
|
39
|
+
)
|
40
|
+
},
|
41
|
+
:code_challenge_method => "S256",
|
42
|
+
}
|
32
43
|
|
33
44
|
attr_accessor :access_token
|
34
45
|
|
@@ -48,22 +59,29 @@ module OmniAuth
|
|
48
59
|
redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
|
49
60
|
end
|
50
61
|
|
51
|
-
def authorize_params
|
62
|
+
def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
52
63
|
options.authorize_params[:state] = SecureRandom.hex(24)
|
53
|
-
|
64
|
+
|
54
65
|
if OmniAuth.config.test_mode
|
55
66
|
@env ||= {}
|
56
67
|
@env["rack.session"] ||= {}
|
57
68
|
end
|
69
|
+
|
70
|
+
params = options.authorize_params
|
71
|
+
.merge(options_for("authorize"))
|
72
|
+
.merge(pkce_authorize_params)
|
73
|
+
|
74
|
+
session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
|
58
75
|
session["omniauth.state"] = params[:state]
|
76
|
+
|
59
77
|
params
|
60
78
|
end
|
61
79
|
|
62
80
|
def token_params
|
63
|
-
options.token_params.merge(options_for("token"))
|
81
|
+
options.token_params.merge(options_for("token")).merge(pkce_token_params)
|
64
82
|
end
|
65
83
|
|
66
|
-
def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
|
84
|
+
def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
|
67
85
|
error = request.params["error_reason"] || request.params["error"]
|
68
86
|
if error
|
69
87
|
fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
|
@@ -84,23 +102,44 @@ module OmniAuth
|
|
84
102
|
|
85
103
|
protected
|
86
104
|
|
105
|
+
def pkce_authorize_params
|
106
|
+
return {} unless options.pkce
|
107
|
+
|
108
|
+
options.pkce_verifier = SecureRandom.hex(64)
|
109
|
+
|
110
|
+
# NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
|
111
|
+
{
|
112
|
+
:code_challenge => options.pkce_options[:code_challenge]
|
113
|
+
.call(options.pkce_verifier),
|
114
|
+
:code_challenge_method => options.pkce_options[:code_challenge_method],
|
115
|
+
}
|
116
|
+
end
|
117
|
+
|
118
|
+
def pkce_token_params
|
119
|
+
return {} unless options.pkce
|
120
|
+
|
121
|
+
{:code_verifier => session.delete("omniauth.pkce.verifier")}
|
122
|
+
end
|
123
|
+
|
87
124
|
def build_access_token
|
88
125
|
verifier = request.params["code"]
|
89
126
|
client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
|
90
127
|
end
|
91
128
|
|
92
129
|
def deep_symbolize(options)
|
93
|
-
|
94
|
-
options.each do |key, value|
|
130
|
+
options.each_with_object({}) do |(key, value), hash|
|
95
131
|
hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
|
96
132
|
end
|
97
|
-
hash
|
98
133
|
end
|
99
134
|
|
100
135
|
def options_for(option)
|
101
136
|
hash = {}
|
102
137
|
options.send(:"#{option}_options").select { |key| options[key] }.each do |key|
|
103
|
-
hash[key.to_sym] = options[key]
|
138
|
+
hash[key.to_sym] = if options[key].respond_to?(:call)
|
139
|
+
options[key].call(env)
|
140
|
+
else
|
141
|
+
options[key]
|
142
|
+
end
|
104
143
|
end
|
105
144
|
hash
|
106
145
|
end
|
data/omniauth-oauth2.gemspec
CHANGED
@@ -3,10 +3,10 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
3
3
|
require "omniauth-oauth2/version"
|
4
4
|
|
5
5
|
Gem::Specification.new do |gem|
|
6
|
-
gem.add_dependency "oauth2", "~> 1.
|
6
|
+
gem.add_dependency "oauth2", "~> 1.4"
|
7
7
|
gem.add_dependency "omniauth", "~> 1.9"
|
8
8
|
|
9
|
-
gem.add_development_dependency "bundler", "~>
|
9
|
+
gem.add_development_dependency "bundler", "~> 2.0"
|
10
10
|
|
11
11
|
gem.authors = ["Michael Bleigh", "Erik Michaels-Ober", "Tom Milewski"]
|
12
12
|
gem.email = ["michael@intridea.com", "sferik@gmail.com", "tmilewski@gmail.com"]
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require "helper"
|
2
2
|
|
3
|
-
describe OmniAuth::Strategies::OAuth2 do
|
3
|
+
describe OmniAuth::Strategies::OAuth2 do
|
4
4
|
def app
|
5
5
|
lambda do |_env|
|
6
6
|
[200, {}, ["Hello."]]
|
@@ -52,6 +52,7 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
|
|
52
52
|
instance = subject.new("abc", "def", :authorize_options => %i[scope foo state], :scope => "bar", :foo => "baz")
|
53
53
|
expect(instance.authorize_params["scope"]).to eq("bar")
|
54
54
|
expect(instance.authorize_params["foo"]).to eq("baz")
|
55
|
+
expect(instance.authorize_params["state"]).not_to be_empty
|
55
56
|
end
|
56
57
|
|
57
58
|
it "includes random state in the authorize params" do
|
@@ -59,6 +60,19 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
|
|
59
60
|
expect(instance.authorize_params.keys).to eq(["state"])
|
60
61
|
expect(instance.session["omniauth.state"]).not_to be_empty
|
61
62
|
end
|
63
|
+
|
64
|
+
it "includes custom state in the authorize params" do
|
65
|
+
instance = subject.new("abc", "def", :state => proc { "qux" })
|
66
|
+
expect(instance.authorize_params.keys).to eq(["state"])
|
67
|
+
expect(instance.session["omniauth.state"]).to eq("qux")
|
68
|
+
end
|
69
|
+
|
70
|
+
it "includes PKCE parameters if enabled" do
|
71
|
+
instance = subject.new("abc", "def", :pkce => true)
|
72
|
+
expect(instance.authorize_params[:code_challenge]).to be_a(String)
|
73
|
+
expect(instance.authorize_params[:code_challenge_method]).to eq("S256")
|
74
|
+
expect(instance.session["omniauth.pkce.verifier"]).to be_a(String)
|
75
|
+
end
|
62
76
|
end
|
63
77
|
|
64
78
|
describe "#token_params" do
|
@@ -73,6 +87,13 @@ describe OmniAuth::Strategies::OAuth2 do # rubocop:disable Metrics/BlockLength
|
|
73
87
|
instance = subject.new("abc", "def", :token_options => %i[scope foo], :scope => "bar", :foo => "baz")
|
74
88
|
expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
|
75
89
|
end
|
90
|
+
|
91
|
+
it "includes the PKCE code_verifier if enabled" do
|
92
|
+
instance = subject.new("abc", "def", :pkce => true)
|
93
|
+
# setup session
|
94
|
+
instance.authorize_params
|
95
|
+
expect(instance.token_params[:code_verifier]).to be_a(String)
|
96
|
+
end
|
76
97
|
end
|
77
98
|
|
78
99
|
describe "#callback_phase" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Bleigh
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2020-08-11 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: oauth2
|
@@ -18,14 +18,14 @@ dependencies:
|
|
18
18
|
requirements:
|
19
19
|
- - "~>"
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version: '1.
|
21
|
+
version: '1.4'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
25
|
requirements:
|
26
26
|
- - "~>"
|
27
27
|
- !ruby/object:Gem::Version
|
28
|
-
version: '1.
|
28
|
+
version: '1.4'
|
29
29
|
- !ruby/object:Gem::Dependency
|
30
30
|
name: omniauth
|
31
31
|
requirement: !ruby/object:Gem::Requirement
|
@@ -46,14 +46,14 @@ dependencies:
|
|
46
46
|
requirements:
|
47
47
|
- - "~>"
|
48
48
|
- !ruby/object:Gem::Version
|
49
|
-
version: '
|
49
|
+
version: '2.0'
|
50
50
|
type: :development
|
51
51
|
prerelease: false
|
52
52
|
version_requirements: !ruby/object:Gem::Requirement
|
53
53
|
requirements:
|
54
54
|
- - "~>"
|
55
55
|
- !ruby/object:Gem::Version
|
56
|
-
version: '
|
56
|
+
version: '2.0'
|
57
57
|
description: An abstract OAuth2 strategy for OmniAuth.
|
58
58
|
email:
|
59
59
|
- michael@intridea.com
|
@@ -96,8 +96,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
96
96
|
- !ruby/object:Gem::Version
|
97
97
|
version: '0'
|
98
98
|
requirements: []
|
99
|
-
|
100
|
-
rubygems_version: 2.6.11
|
99
|
+
rubygems_version: 3.0.0
|
101
100
|
signing_key:
|
102
101
|
specification_version: 4
|
103
102
|
summary: An abstract OAuth2 strategy for OmniAuth.
|