omniauth-uaa-oauth2 0.0.7 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9a489cbe8839c4e742091c3513b60fd0f768d3b049b1b7e6e33ef1016882a9a4
-  data.tar.gz: 208380d605c1c83f3f9ee5b7dd3bcd812e589a01b87c9fb770ccfacd344094b6
+  metadata.gz: 9e8de9c63b6c5f6302ff2188fcb99045128f8af146d6014c8a0e26403e23e7b0
+  data.tar.gz: 995fc9391a8e7c91d6464adc34565a825f7c6853877e4b1467326043e38aeb21
 SHA512:
-  metadata.gz: fc2ac39ff8d9b63c6ce3e9e653c5292521b396472197c8936cf41297d4b949d90bd11057c8e6a0e5eef19a1ff1e8676b742f6e8d66ba760be7977c136cdffd2a
-  data.tar.gz: 28a719a09fc4f45c433ff38da8c87d54363c1d57040857dfcf228c58afe8560404d69082c1854ab8aeae2319fb7fdb1234677c0e2ca34f464cd2d55adf75a271
+  metadata.gz: 85a906769d31270b17cf11c0ee1c9f2f905ff7fe2d36d7024a522ffb3d2da756714854f8e3ff71b237944ab11794dbf60161ca44d115986c8c05732a57a3ae0c
+  data.tar.gz: 88982fdba7d3fc827a892bf0fc3317e8261ce7fd1b2d0cd94c9c7730d8d6c9b157bbe6d2f88b1c2d1e82f99dc52fad7c67d0ae0d5767c0689e60162a2633a1b6

data/.gitignore

@@ -1,3 +1,4 @@
 *.swp
 *.swo
 *.gem
+Gemfile.lock

data/.travis.yml

@@ -1,7 +1,12 @@
 language: ruby
 
-rvm:
-  - 1.9.3
+before_install:
+  - gem update
+  - gem install bundler
 
+rvm:
+  - 2.3.7
+  - 2.4.4
+  - 2.5.1
 
 

data/Gemfile

@@ -13,7 +13,7 @@
 
 source 'http://rubygems.org'
 
-gem 'cf-uaa-lib', '~> 3.2.4'
+gem 'rake', '< 11.0'
 
 gemspec
 

data/README.md

@@ -3,28 +3,18 @@ CloudFoundry UAA OmniAuth Strategy
 
 OmniAuth strategy for authenticating users using the CloudFoundry UAA server.
 
-Set up a local ruby environment (so sudo not required):
+Add the following to your `Gemfile`:
 
-    $ rvm use 1.9.2
+```text
+gem 'omniauth-uaa-oauth2'
+```
 
-or
+For example usage see:
 
-    $ rbenv global 1.9.2-p180
+* the `examples/config.ru` sample code
+* https://github.com/starkandwayne/ultimate-guide-to-uaa-examples/tree/master/ruby/omniauth-login-only
+* https://github.com/starkandwayne/ultimate-guide-to-uaa-examples/tree/master/ruby/omniauth-login-and-uaa-api-calls
+* https://github.com/starkandwayne/ultimate-guide-to-uaa-examples/tree/master/ruby/resource-server-wrapper-ui
 
-see: https://rvm.io/ or http://rbenv.org/
-
-Build and install the cf-uaa-lib gem located at https://github.com/cloudfoundry/cf-uaa-lib
-
-Build the gem
-
-      $ bundle install
-      $ bundle exec gem build omniauth-uaa-oauth2.gemspec
-
-Install it
-
-      $ gem install omniauth-uaa-oauth2-*.gem
-
-
-See the examples folder for details on how to use it.
 
 Warning: Unlike the omniauth-oauth2 gem, this gem does not support the oauth2 'state' security parameter.

data/examples/config.ru

@@ -1,16 +1,3 @@
-#--
-# Cloud Foundry 2012.02.03 Beta
-# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
-#
-# This product is licensed to you under the Apache License, Version 2.0 (the "License").
-# You may not use this product except in compliance with the License.
-#
-# This product includes a number of subcomponents with
-# separate copyright notices and license terms. Your use of these
-# subcomponents is subject to the terms and conditions of the
-# subcomponent's license, as noted in the LICENSE file.
-#++
-
 # Run with "bundle exec rackup"
 
 require 'rubygems'
@@ -32,7 +19,7 @@ class App < Sinatra::Base
     content_type 'application/json'
     request.env['omniauth.auth'].to_hash.to_json rescue "No Data"
   end
-  
+
   get '/auth/failure' do
     content_type 'text/plain'
     request.env['omniauth.auth'].to_hash.inspect rescue "No Data"

data/lib/omniauth/cloudfoundry.rb

@@ -1,14 +1 @@
-#--
-# Cloud Foundry 2012.02.03 Beta
-# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
-#
-# This product is licensed to you under the Apache License, Version 2.0 (the "License").
-# You may not use this product except in compliance with the License.
-#
-# This product includes a number of subcomponents with
-# separate copyright notices and license terms. Your use of these
-# subcomponents is subject to the terms and conditions of the
-# subcomponent's license, as noted in the LICENSE file.
-#++
-
 require 'omniauth/strategies/cloudfoundry'

data/lib/omniauth/strategies/cloudfoundry.rb

@@ -1,16 +1,3 @@
-#--
-# Cloud Foundry 2012.02.03 Beta
-# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
-#
-# This product is licensed to you under the Apache License, Version 2.0 (the "License").
-# You may not use this product except in compliance with the License.
-#
-# This product includes a number of subcomponents with
-# separate copyright notices and license terms. Your use of these
-# subcomponents is subject to the terms and conditions of the
-# subcomponent's license, as noted in the LICENSE file.
-#++
-
 require 'uaa'
 require 'omniauth'
 require 'timeout'
@@ -48,6 +35,8 @@ module OmniAuth
       option :scope, nil
       option :async_calls, false
       option :skip_ssl_validation, false
+      option :ssl_ca_file, nil
+      option :ssl_cert_store, nil
 
       attr_accessor :access_token
       attr_reader :token_issuer
@@ -78,8 +67,10 @@ module OmniAuth
               options.client_id,
               options.client_secret,
               {
-                 :token_target => @token_server_url,
-                 :skip_ssl_validation => options.skip_ssl_validation
+                 token_target: @token_server_url,
+                 ssl_ca_file: options.ssl_ca_file,
+                 ssl_cert_store: options.ssl_cert_store,
+                 skip_ssl_validation: options.skip_ssl_validation
               })
           log :info, "Client: #{options.client_id} auth_server: #{@auth_server_url} token_server: #{@token_server_url}"
           @token_issuer.logger = OmniAuth.logger
@@ -91,7 +82,9 @@ module OmniAuth
       def uaa_info
         @uaa_info ||= CF::UAA::Info.new(
             @token_server_url,
-            :skip_ssl_validation => options.skip_ssl_validation
+            ssl_ca_file: options.ssl_ca_file,
+            ssl_cert_store: options.ssl_cert_store,
+            skip_ssl_validation: options.skip_ssl_validation
         )
       end
 
@@ -144,10 +137,10 @@ module OmniAuth
 
       info do
         prune!({
-          :name       => raw_info["name"],
-          :email      => raw_info["email"],
-          :first_name => raw_info["given_name"],
-          :last_name  => raw_info["family_name"]
+          name:       raw_info["name"],
+          email:      raw_info["email"],
+          first_name: raw_info["given_name"],
+          last_name:  raw_info["family_name"]
         })
       end
 
@@ -187,7 +180,8 @@ module OmniAuth
 
       def expired?(access_token)
         access_token = access_token.auth_header if access_token.respond_to? :auth_header
-        expiry = CF::UAA::TokenCoder.decode(access_token.split()[1], nil, nil, false)[:expires_at]		
+        # Don't need to verify signature of token if we're just inspecting its expiry date
+        expiry = CF::UAA::TokenCoder.decode(access_token.split()[1], verify: false, symbolize_keys: true)[:expires_at]
         expiry.is_a?(Integer) && expiry <= Time.now.to_i
       end
 

data/lib/omniauth/uaa_oauth2/version.rb

@@ -1,18 +1,5 @@
-#--
-# Cloud Foundry 2012.02.03 Beta
-# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
-#
-# This product is licensed to you under the Apache License, Version 2.0 (the "License").
-# You may not use this product except in compliance with the License.
-#
-# This product includes a number of subcomponents with
-# separate copyright notices and license terms. Your use of these
-# subcomponents is subject to the terms and conditions of the
-# subcomponent's license, as noted in the LICENSE file.
-#++
-
 module OmniAuth
   module Cloudfoundry
-    VERSION = "0.0.7"
+    VERSION = "1.0.0"
   end
 end

data/lib/omniauth-uaa-oauth2.rb

@@ -1,14 +1 @@
-#--
-# Cloud Foundry 2012.02.03 Beta
-# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
-#
-# This product is licensed to you under the Apache License, Version 2.0 (the "License").
-# You may not use this product except in compliance with the License.
-#
-# This product includes a number of subcomponents with
-# separate copyright notices and license terms. Your use of these
-# subcomponents is subject to the terms and conditions of the
-# subcomponent's license, as noted in the LICENSE file.
-#++
-
 require "omniauth/cloudfoundry"

data/omniauth-uaa-oauth2.gemspec

@@ -1,17 +1,4 @@
 # -*- encoding: utf-8 -*-
-#
-# Cloud Foundry 2012.02.03 Beta
-# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
-#
-# This product is licensed to you under the Apache License, Version 2.0 (the "License").
-# You may not use this product except in compliance with the License.
-#
-# This product includes a number of subcomponents with
-# separate copyright notices and license terms. Your use of these
-# subcomponents is subject to the terms and conditions of the
-# subcomponent's license, as noted in the LICENSE file.
-#
-
 require File.expand_path('../lib/omniauth/uaa_oauth2/version', __FILE__)
 
 Gem::Specification.new do |gem|

data/spec/omniauth/strategies/uaa_oauth2_spec.rb

@@ -31,21 +31,21 @@ describe OmniAuth::Strategies::Cloudfoundry do
 
   describe 'set auth and token server' do
     it 'should set the right auth and token server' do
-      @options = {:auth_server_url => 'https://login.cloudfoundry.com'}
+      @options = {auth_server_url: 'https://login.cloudfoundry.com'}
       subject.client
       subject.auth_server_url.should eq('https://login.cloudfoundry.com')
       subject.token_server_url.should eq('https://login.cloudfoundry.com')
     end
 
     it 'should set the right auth and token server if independently set' do
-      @options = {:auth_server_url => 'https://login.cloudfoundry.com', :token_server_url => 'https://uaa.cloudfoundry.com'}
+      @options = {auth_server_url: 'https://login.cloudfoundry.com', token_server_url: 'https://uaa.cloudfoundry.com'}
       subject.client
       subject.auth_server_url.should eq('https://login.cloudfoundry.com')
       subject.token_server_url.should eq('https://uaa.cloudfoundry.com')
     end
 
     it 'should set the right auth and token server' do
-      @options = {:auth_server_url => 'login.cloudfoundry.com'}
+      @options = {auth_server_url: 'login.cloudfoundry.com'}
       subject.client
       subject.auth_server_url.should eq('https://login.cloudfoundry.com')
       subject.token_server_url.should eq('https://login.cloudfoundry.com')
@@ -111,13 +111,13 @@ describe OmniAuth::Strategies::Cloudfoundry do
 
   describe 'set scopes' do
     it 'should set the right scopes if requested' do
-      @options = {:auth_server_url => 'https://login.cloudfoundry.com', :token_server_url => 'https://uaa.cloudfoundry.com', :scope => "openid cloud_controller.read"}
+      @options = {auth_server_url: 'https://login.cloudfoundry.com', token_server_url: 'https://uaa.cloudfoundry.com', :scope => "openid cloud_controller.read"}
       subject.client
       subject.options[:scope].should eq("openid cloud_controller.read")
     end
 
     it 'should not set any scopes if not requested' do
-      @options = {:auth_server_url => 'https://login.cloudfoundry.com', :token_server_url => 'https://uaa.cloudfoundry.com'}
+      @options = {auth_server_url: 'https://login.cloudfoundry.com', token_server_url: 'https://uaa.cloudfoundry.com'}
       subject.client
       subject.options[:scope].should eq(nil)
     end
@@ -211,4 +211,15 @@ describe OmniAuth::Strategies::Cloudfoundry do
       subject.build_access_token('query-string').should be_empty
     end
   end
+
+  describe '#expired?' do
+    it 'sets params correctly on TokenCoder#decode' do
+      subject.access_token = OmniAuth::Strategies::CFAccessToken.new
+      CF::UAA::TokenCoder.should_receive(:decode)
+        .with(subject.access_token.auth_header.split()[1], verify: false, symbolize_keys: true)
+        .and_return({expires_at: 12345})
+
+      subject.expired?(subject.access_token)
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-uaa-oauth2
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 1.0.0
 platform: ruby
 authors:
 - Joel D'sa
@@ -90,7 +90,6 @@ files:
 - ".gitignore"
 - ".travis.yml"
 - Gemfile
-- Gemfile.lock
 - LICENSE
 - NOTICE
 - README.md

data/Gemfile.lock

@@ -1,48 +0,0 @@
-PATH
-  remote: .
-  specs:
-    omniauth-uaa-oauth2 (0.0.7)
-      cf-uaa-lib (>= 3.2, < 4.0)
-      omniauth (~> 1.0)
-
-GEM
-  remote: http://rubygems.org/
-  specs:
-    cf-uaa-lib (3.2.4)
-      multi_json
-    diff-lcs (1.1.3)
-    hashie (3.5.7)
-    multi_json (1.11.2)
-    omniauth (1.4.2)
-      hashie (>= 1.2, < 4)
-      rack (>= 1.0, < 3)
-    rack (1.4.1)
-    rack-protection (1.2.0)
-      rack
-    rake (0.9.2.2)
-    rspec (2.6.0)
-      rspec-core (~> 2.6.0)
-      rspec-expectations (~> 2.6.0)
-      rspec-mocks (~> 2.6.0)
-    rspec-core (2.6.4)
-    rspec-expectations (2.6.0)
-      diff-lcs (~> 1.1.2)
-    rspec-mocks (2.6.0)
-    sinatra (1.3.3)
-      rack (~> 1.3, >= 1.3.6)
-      rack-protection (~> 1.2)
-      tilt (~> 1.3, >= 1.3.3)
-    tilt (1.3.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  cf-uaa-lib (~> 3.2.4)
-  omniauth-uaa-oauth2!
-  rake
-  rspec (~> 2.6.0)
-  sinatra
-
-BUNDLED WITH
-   1.16.2