omniauth-uaa-oauth2 0.0.8 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +17 -0
- data/.github/workflows/gem-push.yml +41 -0
- data/.github/workflows/ruby.yml +37 -0
- data/.travis.yml +7 -2
- data/Gemfile +0 -2
- data/README.md +18 -20
- data/examples/config.ru +1 -1
- data/lib/omniauth/strategies/cloudfoundry.rb +14 -8
- data/lib/omniauth/uaa_oauth2/version.rb +1 -1
- data/omniauth-uaa-oauth2.gemspec +7 -7
- data/spec/omniauth/strategies/uaa_oauth2_spec.rb +7 -7
- metadata +27 -19
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d52b2174a96317fc6070f2b6056b9ad3574b7cd50d2c1af315b7655e986d782
|
4
|
+
data.tar.gz: a5b184719b7d83ceee0a7958cd15775134825a0ad705402f883e561922ba284a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 90cab4e75cda93e21e3bde285cd50cf2e7ae8c85a9ca9f8e3180fe2d709ce9343a25e3254058a612dae28a9f4cb2358428101f47fb2225f2da8ae5d47ebcb7d2
|
7
|
+
data.tar.gz: 471be4941b7a15a084a7d3b6facc044b8bb332f31525d69712f0d1a04ca67e58f920799abfd1cd3c5fa635e5a4a3a0dcd0fe0e9deae0e35feb20ef759a5945ee
|
@@ -0,0 +1,17 @@
|
|
1
|
+
version: 2
|
2
|
+
updates:
|
3
|
+
- package-ecosystem: "github-actions"
|
4
|
+
directory: "/"
|
5
|
+
schedule:
|
6
|
+
interval: daily
|
7
|
+
time: "11:00"
|
8
|
+
open-pull-requests-limit: 10
|
9
|
+
- package-ecosystem: bundler
|
10
|
+
directory: "/"
|
11
|
+
schedule:
|
12
|
+
interval: daily
|
13
|
+
time: "11:00"
|
14
|
+
open-pull-requests-limit: 10
|
15
|
+
allow:
|
16
|
+
- dependency-type: direct
|
17
|
+
- dependency-type: indirect
|
@@ -0,0 +1,41 @@
|
|
1
|
+
name: Ruby Gem
|
2
|
+
|
3
|
+
on: workflow_dispatch
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
build:
|
7
|
+
name: Build + Publish
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
permissions:
|
10
|
+
contents: read
|
11
|
+
packages: write
|
12
|
+
|
13
|
+
steps:
|
14
|
+
- uses: actions/checkout@v3
|
15
|
+
- name: Set up Ruby 2.6
|
16
|
+
uses: ruby/setup-ruby@v1
|
17
|
+
with:
|
18
|
+
ruby-version: '2.6'
|
19
|
+
|
20
|
+
- name: Publish to GPR
|
21
|
+
run: |
|
22
|
+
mkdir -p $HOME/.gem
|
23
|
+
touch $HOME/.gem/credentials
|
24
|
+
chmod 0600 $HOME/.gem/credentials
|
25
|
+
printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
26
|
+
gem build *.gemspec
|
27
|
+
gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
|
28
|
+
env:
|
29
|
+
GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
|
30
|
+
OWNER: ${{ github.repository_owner }}
|
31
|
+
|
32
|
+
- name: Publish to RubyGems
|
33
|
+
run: |
|
34
|
+
mkdir -p $HOME/.gem
|
35
|
+
touch $HOME/.gem/credentials
|
36
|
+
chmod 0600 $HOME/.gem/credentials
|
37
|
+
printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
38
|
+
gem build *.gemspec
|
39
|
+
gem push *.gem
|
40
|
+
env:
|
41
|
+
GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ "master" ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ "master" ]
|
15
|
+
|
16
|
+
permissions:
|
17
|
+
contents: read
|
18
|
+
|
19
|
+
jobs:
|
20
|
+
test:
|
21
|
+
|
22
|
+
runs-on: ubuntu-latest
|
23
|
+
strategy:
|
24
|
+
matrix:
|
25
|
+
ruby-version: ['3.0', '3.1', '3.2']
|
26
|
+
|
27
|
+
steps:
|
28
|
+
- uses: actions/checkout@v3
|
29
|
+
- name: Set up Ruby
|
30
|
+
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
31
|
+
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
32
|
+
uses: ruby/setup-ruby@v1
|
33
|
+
with:
|
34
|
+
ruby-version: ${{ matrix.ruby-version }}
|
35
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
36
|
+
- name: Run tests
|
37
|
+
run: bundle exec rake
|
data/.travis.yml
CHANGED
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,30 +1,28 @@
|
|
1
|
-
|
1
|
+
Cloud Foundry UAA OmniAuth Strategy
|
2
2
|
==================================
|
3
3
|
|
4
4
|
OmniAuth strategy for authenticating users using the CloudFoundry UAA server.
|
5
5
|
|
6
|
-
|
6
|
+
Add the following to your `Gemfile`:
|
7
7
|
|
8
|
-
|
8
|
+
```text
|
9
|
+
gem 'omniauth-uaa-oauth2'
|
10
|
+
```
|
9
11
|
|
10
|
-
|
12
|
+
For example usage see:
|
11
13
|
|
12
|
-
|
14
|
+
* the `examples/config.ru` sample code
|
15
|
+
* https://github.com/starkandwayne/ultimate-guide-to-uaa-examples/tree/master/ruby/omniauth-login-only
|
16
|
+
* https://github.com/starkandwayne/ultimate-guide-to-uaa-examples/tree/master/ruby/omniauth-login-and-uaa-api-calls
|
17
|
+
* https://github.com/starkandwayne/ultimate-guide-to-uaa-examples/tree/master/ruby/resource-server-wrapper-ui
|
13
18
|
|
14
|
-
|
19
|
+
Warning: Unlike the `omniauth-oauth2` gem, this gem does not support the oauth2 'state' security parameter.
|
15
20
|
|
16
|
-
|
21
|
+
Your `omniauth-uaa-oauth2` client application will need a corresponding UAA client registered that includes the `authorization_code` authorization grant type, and redirect URIs back to the full URL to your application's `/auth/cloudfoundry/callback` endpoint. For example:
|
17
22
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
$ gem install omniauth-uaa-oauth2-*.gem
|
26
|
-
|
27
|
-
|
28
|
-
See the examples folder for details on how to use it.
|
29
|
-
|
30
|
-
Warning: Unlike the omniauth-oauth2 gem, this gem does not support the oauth2 'state' security parameter.
|
23
|
+
```text
|
24
|
+
uaa create-client omniauth-login-only -s omniauth-login-only \
|
25
|
+
--authorized_grant_types authorization_code,refresh_token \
|
26
|
+
--scope openid \
|
27
|
+
--redirect_uri http://localhost:9292/auth/cloudfoundry/callback,http://127.0.0.1:9292/auth/cloudfoundry/callback
|
28
|
+
```
|
data/examples/config.ru
CHANGED
@@ -35,6 +35,8 @@ module OmniAuth
|
|
35
35
|
option :scope, nil
|
36
36
|
option :async_calls, false
|
37
37
|
option :skip_ssl_validation, false
|
38
|
+
option :ssl_ca_file, nil
|
39
|
+
option :ssl_cert_store, nil
|
38
40
|
|
39
41
|
attr_accessor :access_token
|
40
42
|
attr_reader :token_issuer
|
@@ -65,8 +67,10 @@ module OmniAuth
|
|
65
67
|
options.client_id,
|
66
68
|
options.client_secret,
|
67
69
|
{
|
68
|
-
:
|
69
|
-
:
|
70
|
+
token_target: @token_server_url,
|
71
|
+
ssl_ca_file: options.ssl_ca_file,
|
72
|
+
ssl_cert_store: options.ssl_cert_store,
|
73
|
+
skip_ssl_validation: options.skip_ssl_validation
|
70
74
|
})
|
71
75
|
log :info, "Client: #{options.client_id} auth_server: #{@auth_server_url} token_server: #{@token_server_url}"
|
72
76
|
@token_issuer.logger = OmniAuth.logger
|
@@ -78,7 +82,9 @@ module OmniAuth
|
|
78
82
|
def uaa_info
|
79
83
|
@uaa_info ||= CF::UAA::Info.new(
|
80
84
|
@token_server_url,
|
81
|
-
:
|
85
|
+
ssl_ca_file: options.ssl_ca_file,
|
86
|
+
ssl_cert_store: options.ssl_cert_store,
|
87
|
+
skip_ssl_validation: options.skip_ssl_validation
|
82
88
|
)
|
83
89
|
end
|
84
90
|
|
@@ -113,7 +119,7 @@ module OmniAuth
|
|
113
119
|
log :info, "In callback phase #{request.query_string}"
|
114
120
|
self.access_token = build_access_token(request.query_string)
|
115
121
|
self.access_token = refresh(access_token) if !access_token.empty? && expired?(access_token)
|
116
|
-
log :
|
122
|
+
log :debug, "Got access token #{access_token.inspect}"
|
117
123
|
|
118
124
|
super
|
119
125
|
end
|
@@ -131,10 +137,10 @@ module OmniAuth
|
|
131
137
|
|
132
138
|
info do
|
133
139
|
prune!({
|
134
|
-
:
|
135
|
-
:
|
136
|
-
:
|
137
|
-
:
|
140
|
+
name: raw_info["name"],
|
141
|
+
email: raw_info["email"],
|
142
|
+
first_name: raw_info["given_name"],
|
143
|
+
last_name: raw_info["family_name"]
|
138
144
|
})
|
139
145
|
end
|
140
146
|
|
data/omniauth-uaa-oauth2.gemspec
CHANGED
@@ -2,10 +2,10 @@
|
|
2
2
|
require File.expand_path('../lib/omniauth/uaa_oauth2/version', __FILE__)
|
3
3
|
|
4
4
|
Gem::Specification.new do |gem|
|
5
|
-
gem.authors = ["Joel D'sa", "Dave Syer", "Dale Olds", "Vidya Valmikinathan", "Luke Taylor"]
|
6
|
-
gem.email = ["jdsa@vmware.com", "olds@vmware.com", "dsyer@vmware.com", "vidya@vmware.com", "ltaylor@vmware.com"]
|
7
|
-
gem.description = %q{An OmniAuth strategy for the
|
8
|
-
gem.summary = %q{An OmniAuth strategy for the
|
5
|
+
gem.authors = ["Dr Nic Williams", "Joel D'sa", "Dave Syer", "Dale Olds", "Vidya Valmikinathan", "Luke Taylor"]
|
6
|
+
gem.email = ["drnicwilliams@gmail.com", "jdsa@vmware.com", "olds@vmware.com", "dsyer@vmware.com", "vidya@vmware.com", "ltaylor@vmware.com"]
|
7
|
+
gem.description = %q{An OmniAuth strategy for the Cloud Foundry UAA}
|
8
|
+
gem.summary = %q{An OmniAuth strategy for the Cloud Foundry UAA}
|
9
9
|
gem.homepage = ""
|
10
10
|
|
11
11
|
gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
@@ -15,9 +15,9 @@ Gem::Specification.new do |gem|
|
|
15
15
|
gem.require_paths = ["lib"]
|
16
16
|
gem.version = OmniAuth::Cloudfoundry::VERSION
|
17
17
|
|
18
|
-
gem.add_runtime_dependency 'omniauth', '
|
19
|
-
gem.add_runtime_dependency 'cf-uaa-lib', ['>= 3.2', '<
|
18
|
+
gem.add_runtime_dependency 'omniauth', '>= 1', '< 3'
|
19
|
+
gem.add_runtime_dependency 'cf-uaa-lib', ['>= 3.2', '< 5.0']
|
20
20
|
|
21
|
-
gem.add_development_dependency 'rspec'
|
21
|
+
gem.add_development_dependency 'rspec'
|
22
22
|
gem.add_development_dependency 'rake'
|
23
23
|
end
|
@@ -31,21 +31,21 @@ describe OmniAuth::Strategies::Cloudfoundry do
|
|
31
31
|
|
32
32
|
describe 'set auth and token server' do
|
33
33
|
it 'should set the right auth and token server' do
|
34
|
-
@options = {:
|
34
|
+
@options = {auth_server_url: 'https://login.cloudfoundry.com'}
|
35
35
|
subject.client
|
36
36
|
subject.auth_server_url.should eq('https://login.cloudfoundry.com')
|
37
37
|
subject.token_server_url.should eq('https://login.cloudfoundry.com')
|
38
38
|
end
|
39
39
|
|
40
40
|
it 'should set the right auth and token server if independently set' do
|
41
|
-
@options = {:
|
41
|
+
@options = {auth_server_url: 'https://login.cloudfoundry.com', token_server_url: 'https://uaa.cloudfoundry.com'}
|
42
42
|
subject.client
|
43
43
|
subject.auth_server_url.should eq('https://login.cloudfoundry.com')
|
44
44
|
subject.token_server_url.should eq('https://uaa.cloudfoundry.com')
|
45
45
|
end
|
46
46
|
|
47
47
|
it 'should set the right auth and token server' do
|
48
|
-
@options = {:
|
48
|
+
@options = {auth_server_url: 'login.cloudfoundry.com'}
|
49
49
|
subject.client
|
50
50
|
subject.auth_server_url.should eq('https://login.cloudfoundry.com')
|
51
51
|
subject.token_server_url.should eq('https://login.cloudfoundry.com')
|
@@ -111,13 +111,13 @@ describe OmniAuth::Strategies::Cloudfoundry do
|
|
111
111
|
|
112
112
|
describe 'set scopes' do
|
113
113
|
it 'should set the right scopes if requested' do
|
114
|
-
@options = {:
|
114
|
+
@options = {auth_server_url: 'https://login.cloudfoundry.com', token_server_url: 'https://uaa.cloudfoundry.com', :scope => "openid cloud_controller.read"}
|
115
115
|
subject.client
|
116
116
|
subject.options[:scope].should eq("openid cloud_controller.read")
|
117
117
|
end
|
118
118
|
|
119
119
|
it 'should not set any scopes if not requested' do
|
120
|
-
@options = {:
|
120
|
+
@options = {auth_server_url: 'https://login.cloudfoundry.com', token_server_url: 'https://uaa.cloudfoundry.com'}
|
121
121
|
subject.client
|
122
122
|
subject.options[:scope].should eq(nil)
|
123
123
|
end
|
@@ -126,14 +126,14 @@ describe OmniAuth::Strategies::Cloudfoundry do
|
|
126
126
|
describe 'empty?' do
|
127
127
|
it 'is empty when initialized without info' do
|
128
128
|
token = OmniAuth::Strategies::CFAccessToken.new
|
129
|
-
token.
|
129
|
+
token.should be_empty
|
130
130
|
end
|
131
131
|
|
132
132
|
it 'is not empty when initialized with info' do
|
133
133
|
token = OmniAuth::Strategies::CFAccessToken.new({
|
134
134
|
'access_token' => 'some-token',
|
135
135
|
})
|
136
|
-
token.
|
136
|
+
token.should_not be_empty
|
137
137
|
end
|
138
138
|
end
|
139
139
|
|
metadata
CHANGED
@@ -1,9 +1,10 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-uaa-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 1.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
+
- Dr Nic Williams
|
7
8
|
- Joel D'sa
|
8
9
|
- Dave Syer
|
9
10
|
- Dale Olds
|
@@ -12,22 +13,28 @@ authors:
|
|
12
13
|
autorequire:
|
13
14
|
bindir: bin
|
14
15
|
cert_chain: []
|
15
|
-
date:
|
16
|
+
date: 2023-05-11 00:00:00.000000000 Z
|
16
17
|
dependencies:
|
17
18
|
- !ruby/object:Gem::Dependency
|
18
19
|
name: omniauth
|
19
20
|
requirement: !ruby/object:Gem::Requirement
|
20
21
|
requirements:
|
21
|
-
- - "
|
22
|
+
- - ">="
|
23
|
+
- !ruby/object:Gem::Version
|
24
|
+
version: '1'
|
25
|
+
- - "<"
|
22
26
|
- !ruby/object:Gem::Version
|
23
|
-
version: '
|
27
|
+
version: '3'
|
24
28
|
type: :runtime
|
25
29
|
prerelease: false
|
26
30
|
version_requirements: !ruby/object:Gem::Requirement
|
27
31
|
requirements:
|
28
|
-
- - "
|
32
|
+
- - ">="
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: '1'
|
35
|
+
- - "<"
|
29
36
|
- !ruby/object:Gem::Version
|
30
|
-
version: '
|
37
|
+
version: '3'
|
31
38
|
- !ruby/object:Gem::Dependency
|
32
39
|
name: cf-uaa-lib
|
33
40
|
requirement: !ruby/object:Gem::Requirement
|
@@ -37,7 +44,7 @@ dependencies:
|
|
37
44
|
version: '3.2'
|
38
45
|
- - "<"
|
39
46
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
47
|
+
version: '5.0'
|
41
48
|
type: :runtime
|
42
49
|
prerelease: false
|
43
50
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -47,21 +54,21 @@ dependencies:
|
|
47
54
|
version: '3.2'
|
48
55
|
- - "<"
|
49
56
|
- !ruby/object:Gem::Version
|
50
|
-
version: '
|
57
|
+
version: '5.0'
|
51
58
|
- !ruby/object:Gem::Dependency
|
52
59
|
name: rspec
|
53
60
|
requirement: !ruby/object:Gem::Requirement
|
54
61
|
requirements:
|
55
|
-
- - "
|
62
|
+
- - ">="
|
56
63
|
- !ruby/object:Gem::Version
|
57
|
-
version:
|
64
|
+
version: '0'
|
58
65
|
type: :development
|
59
66
|
prerelease: false
|
60
67
|
version_requirements: !ruby/object:Gem::Requirement
|
61
68
|
requirements:
|
62
|
-
- - "
|
69
|
+
- - ">="
|
63
70
|
- !ruby/object:Gem::Version
|
64
|
-
version:
|
71
|
+
version: '0'
|
65
72
|
- !ruby/object:Gem::Dependency
|
66
73
|
name: rake
|
67
74
|
requirement: !ruby/object:Gem::Requirement
|
@@ -76,8 +83,9 @@ dependencies:
|
|
76
83
|
- - ">="
|
77
84
|
- !ruby/object:Gem::Version
|
78
85
|
version: '0'
|
79
|
-
description: An OmniAuth strategy for the
|
86
|
+
description: An OmniAuth strategy for the Cloud Foundry UAA
|
80
87
|
email:
|
88
|
+
- drnicwilliams@gmail.com
|
81
89
|
- jdsa@vmware.com
|
82
90
|
- olds@vmware.com
|
83
91
|
- dsyer@vmware.com
|
@@ -87,6 +95,9 @@ executables: []
|
|
87
95
|
extensions: []
|
88
96
|
extra_rdoc_files: []
|
89
97
|
files:
|
98
|
+
- ".github/dependabot.yml"
|
99
|
+
- ".github/workflows/gem-push.yml"
|
100
|
+
- ".github/workflows/ruby.yml"
|
90
101
|
- ".gitignore"
|
91
102
|
- ".travis.yml"
|
92
103
|
- Gemfile
|
@@ -120,11 +131,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
120
131
|
- !ruby/object:Gem::Version
|
121
132
|
version: '0'
|
122
133
|
requirements: []
|
123
|
-
|
124
|
-
rubygems_version: 2.7.6
|
134
|
+
rubygems_version: 3.0.3.1
|
125
135
|
signing_key:
|
126
136
|
specification_version: 4
|
127
|
-
summary: An OmniAuth strategy for the
|
128
|
-
test_files:
|
129
|
-
- spec/omniauth/strategies/uaa_oauth2_spec.rb
|
130
|
-
- spec/spec_helper.rb
|
137
|
+
summary: An OmniAuth strategy for the Cloud Foundry UAA
|
138
|
+
test_files: []
|