omniauth 1.2.2 → 2.1.0

data/lib/omniauth/version.rb

@@ -1,3 +1,3 @@
 module OmniAuth
-  VERSION = '1.2.2'
+  VERSION = '2.1.0'.freeze
 end

data/lib/omniauth.rb

@@ -15,6 +15,7 @@ module OmniAuth
   autoload :Form,     'omniauth/form'
   autoload :AuthHash, 'omniauth/auth_hash'
   autoload :FailureEndpoint, 'omniauth/failure_endpoint'
+  autoload :AuthenticityTokenProtection, 'omniauth/authenticity_token_protection'
 
   def self.strategies
     @strategies ||= []
@@ -29,20 +30,22 @@ module OmniAuth
       logger
     end
 
-    def self.defaults
+    def self.defaults # rubocop:disable MethodLength
       @defaults ||= {
         :camelizations => {},
         :path_prefix => '/auth',
         :on_failure => OmniAuth::FailureEndpoint,
         :failure_raise_out_environments => ['development'],
+        :request_validation_phase => OmniAuth::AuthenticityTokenProtection,
         :before_request_phase   => nil,
         :before_callback_phase  => nil,
         :before_options_phase   => nil,
         :form_css => Form::DEFAULT_CSS,
         :test_mode => false,
         :logger => default_logger,
-        :allowed_request_methods => [:get, :post],
-        :mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})}
+        :allowed_request_methods => %i[post],
+        :mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})},
+        :silence_get_warning => false
       }
     end
 
@@ -74,6 +77,14 @@ module OmniAuth
       end
     end
 
+    def request_validation_phase(&block)
+      if block_given?
+        @request_validation_phase = block
+      else
+        @request_validation_phase
+      end
+    end
+
     def before_request_phase(&block)
       if block_given?
         @before_request_phase = block
@@ -82,19 +93,15 @@ module OmniAuth
       end
     end
 
-    def add_mock(provider, mock = {})
-      # Stringify keys recursively one level.
-      mock.keys.each do |key|
-        mock[key.to_s] = mock.delete(key)
-      end
-      mock.each_pair do |_key, val|
-        if val.is_a? Hash
-          val.keys.each do |subkey|
-            val[subkey.to_s] = val.delete(subkey)
-          end
-        else
-          next
-        end
+    def add_mock(provider, original = {})
+      # Create key-stringified new hash from given auth hash
+      mock = {}
+      original.each_pair do |key, val|
+        mock[key.to_s] = if val.is_a? Hash
+                           Hash[val.each_pair { |k, v| [k.to_s, v] }]
+                         else
+                           val
+                         end
       end
 
       # Merge with the default mock and ensure provider is correct.
@@ -115,8 +122,9 @@ module OmniAuth
       camelizations[name.to_s] = camelized.to_s
     end
 
-    attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase
-    attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css, :test_mode, :mock_auth, :full_host, :camelizations, :logger
+    attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase, :request_validation_phase
+    attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css,
+                  :test_mode, :mock_auth, :full_host, :camelizations, :logger, :silence_get_warning
   end
 
   def self.config
@@ -136,7 +144,7 @@ module OmniAuth
   end
 
   module Utils
-    module_function
+  module_function # rubocop:disable Layout/IndentationWidth
 
     def form_css
       "<style type='text/css'>#{OmniAuth.config.form_css}</style>"
@@ -145,7 +153,7 @@ module OmniAuth
     def deep_merge(hash, other_hash)
       target = hash.dup
 
-      other_hash.keys.each do |key|
+      other_hash.each_key do |key|
         if other_hash[key].is_a?(::Hash) && hash[key].is_a?(::Hash)
           target[key] = deep_merge(target[key], other_hash[key])
           next
@@ -161,9 +169,9 @@ module OmniAuth
       return OmniAuth.config.camelizations[word.to_s] if OmniAuth.config.camelizations[word.to_s]
 
       if first_letter_in_uppercase
-        word.to_s.gsub(/\/(.?)/) { '::' + Regexp.last_match[1].upcase }.gsub(/(^|_)(.)/) { Regexp.last_match[2].upcase }
+        word.to_s.gsub(%r{/(.?)}) { '::' + Regexp.last_match[1].upcase }.gsub(/(^|_)(.)/) { Regexp.last_match[2].upcase }
       else
-        word.first + camelize(word)[1..-1]
+        camelize(word).tap { |w| w[0] = w[0].downcase }
       end
     end
   end

data/omniauth.gemspec

@@ -1,22 +1,25 @@
 # coding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'omniauth/version'
 
 Gem::Specification.new do |spec|
-  spec.add_dependency 'hashie', ['>= 1.2', '< 4']
-  spec.add_dependency 'rack', '~> 1.0'
-  spec.add_development_dependency 'bundler', '~> 1.0'
+  spec.add_dependency 'hashie', ['>= 3.4.6']
+  spec.add_dependency 'rack', '>= 2.2.3'
+  spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_dependency 'rack-protection'
+  spec.add_development_dependency 'rake', '~> 12.0'
   spec.authors       = ['Michael Bleigh', 'Erik Michaels-Ober', 'Tom Milewski']
   spec.description   = 'A generalized Rack framework for multiple-provider authentication.'
   spec.email         = ['michael@intridea.com', 'sferik@gmail.com', 'tmilewski@gmail.com']
-  spec.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
-  spec.homepage      = 'http://github.com/intridea/omniauth'
-  spec.licenses      = %w(MIT)
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.start_with?('spec/') }
+  spec.homepage      = 'https://github.com/omniauth/omniauth'
+  spec.licenses      = %w[MIT]
   spec.name          = 'omniauth'
-  spec.require_paths = %w(lib)
+  spec.require_paths = %w[lib]
   spec.required_rubygems_version = '>= 1.3.5'
+  spec.required_ruby_version = '>= 2.2'
   spec.summary       = spec.description
-  spec.test_files    = spec.files.grep(/^spec\//)
   spec.version       = OmniAuth::VERSION
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: omniauth
 version: !ruby/object:Gem::Version
-  version: 1.2.2
+  version: 2.1.0
 platform: ruby
 authors:
 - Michael Bleigh
 - Erik Michaels-Ober
 - Tom Milewski
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-09 00:00:00.000000000 Z
+date: 2022-04-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hashie
@@ -18,48 +18,70 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.2'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '4'
+        version: 3.4.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.2'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '4'
+        version: 3.4.6
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 2.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rack-protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '12.0'
 description: A generalized Rack framework for multiple-provider authentication.
 email:
 - michael@intridea.com
@@ -69,24 +91,26 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gemtest"
+- ".github/FUNDING.yml"
+- ".github/ISSUE_TEMPLATE.md"
+- ".github/workflows/main.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - ".yardopts"
 - Gemfile
-- Gemfile.rack-1.3.x
-- Guardfile
 - LICENSE.md
 - README.md
 - Rakefile
+- SECURITY.md
 - lib/omniauth.rb
 - lib/omniauth/auth_hash.rb
+- lib/omniauth/authenticity_token_protection.rb
 - lib/omniauth/builder.rb
 - lib/omniauth/failure_endpoint.rb
 - lib/omniauth/form.css
 - lib/omniauth/form.rb
+- lib/omniauth/key_store.rb
 - lib/omniauth/strategies/developer.rb
 - lib/omniauth/strategy.rb
 - lib/omniauth/test.rb
@@ -95,19 +119,11 @@ files:
 - lib/omniauth/test/strategy_test_case.rb
 - lib/omniauth/version.rb
 - omniauth.gemspec
-- spec/helper.rb
-- spec/omniauth/auth_hash_spec.rb
-- spec/omniauth/builder_spec.rb
-- spec/omniauth/failure_endpoint_spec.rb
-- spec/omniauth/form_spec.rb
-- spec/omniauth/strategies/developer_spec.rb
-- spec/omniauth/strategy_spec.rb
-- spec/omniauth_spec.rb
-homepage: http://github.com/intridea/omniauth
+homepage: https://github.com/omniauth/omniauth
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -115,25 +131,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: A generalized Rack framework for multiple-provider authentication.
-test_files:
-- spec/helper.rb
-- spec/omniauth/auth_hash_spec.rb
-- spec/omniauth/builder_spec.rb
-- spec/omniauth/failure_endpoint_spec.rb
-- spec/omniauth/form_spec.rb
-- spec/omniauth/strategies/developer_spec.rb
-- spec/omniauth/strategy_spec.rb
-- spec/omniauth_spec.rb
-has_rdoc: 
+test_files: []

data/.travis.yml

@@ -1,37 +0,0 @@
-bundler_args: --without development
-gemfile:
-  - Gemfile
-  - Gemfile.rack-1.3.x
-language: ruby
-rvm:
-  - 1.8.7
-  - 1.9.2
-  - 1.9.3
-  - 2.0.0
-  - 2.1.0
-  - rbx-2
-  - ruby-head
-matrix:
-  include:
-    - rvm: jruby-18mode
-      env: JRUBY_OPTS="$JRUBY_OPTS --debug"
-      gemfile: Gemfile
-    - rvm: jruby-18mode
-      env: JRUBY_OPTS="$JRUBY_OPTS --debug"
-      gemfile: Gemfile.rack-1.3.x
-    - rvm: jruby-19mode
-      env: JRUBY_OPTS="$JRUBY_OPTS --debug"
-      gemfile: Gemfile
-    - rvm: jruby-19mode
-      env: JRUBY_OPTS="$JRUBY_OPTS --debug"
-      gemfile: Gemfile.rack-1.3.x
-    - rvm: jruby-head
-      env: JRUBY_OPTS="$JRUBY_OPTS --debug"
-      gemfile: Gemfile
-    - rvm: jruby-head
-      env: JRUBY_OPTS="$JRUBY_OPTS --debug"
-      gemfile: Gemfile.rack-1.3.x
-  allow_failures:
-    - rvm: jruby-head
-    - rvm: ruby-head
-  fast_finish: true

data/Gemfile.rack-1.3.x

@@ -1,25 +0,0 @@
-source 'https://rubygems.org'
-
-gem 'jruby-openssl', :platforms => :jruby
-gem 'rack', '~> 1.3.0'
-gem 'rake'
-gem 'yard'
-
-group :test do
-  gem 'coveralls', :require => false
-  gem 'json', '>= 1.8.1', :platforms => [:jruby, :rbx, :ruby_18, :ruby_19]
-  gem 'mime-types', '~> 1.25', :platforms => [:jruby, :ruby_18]
-  gem 'rack-test'
-  gem 'rest-client', '~> 1.6.0', :platforms => [:jruby, :ruby_18]
-  gem 'rspec', '>= 2.14'
-  gem 'rubocop', '>= 0.23', :platforms => [:ruby_19, :ruby_20, :ruby_21]
-  gem 'simplecov', :require => false
-end
-
-platforms :rbx do
-  gem 'racc'
-  gem 'rubinius-coverage', '~> 2.0'
-  gem 'rubysl', '~> 2.0'
-end
-
-gemspec

data/Guardfile

@@ -1,10 +0,0 @@
-guard 'rspec', :version => 2 do
-  watch(%r{^spec/.+_spec\.rb$})
-  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
-  watch('spec/spec_helper.rb')  { "spec/" }
-end
-
-guard 'bundler' do
-  watch('Gemfile')
-  watch(/^.+\.gemspec/)
-end

data/spec/helper.rb

@@ -1,55 +0,0 @@
-require 'simplecov'
-require 'coveralls'
-
-SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
-  SimpleCov::Formatter::HTMLFormatter,
-  Coveralls::SimpleCov::Formatter
-]
-SimpleCov.start do
-  add_filter '/spec/'
-  minimum_coverage(93.05)
-end
-
-require 'rspec'
-require 'rack/test'
-require 'omniauth'
-require 'omniauth/test'
-
-OmniAuth.config.logger = Logger.new('/dev/null')
-
-RSpec.configure do |config|
-  config.include Rack::Test::Methods
-  config.extend OmniAuth::Test::StrategyMacros, :type => :strategy
-  config.expect_with :rspec do |c|
-    c.syntax = :expect
-  end
-end
-
-class ExampleStrategy
-  include OmniAuth::Strategy
-  attr_reader :last_env
-  option :name, 'test'
-
-  def call(env)
-    self.call!(env)
-  end
-
-  def initialize(*args, &block)
-    super
-    @fail = nil
-  end
-
-  def request_phase
-    @fail = fail!(options[:failure]) if options[:failure]
-    @last_env = env
-    return @fail if @fail
-    fail('Request Phase')
-  end
-
-  def callback_phase
-    @fail = fail!(options[:failure]) if options[:failure]
-    @last_env = env
-    return @fail if @fail
-    fail('Callback Phase')
-  end
-end

data/spec/omniauth/auth_hash_spec.rb

@@ -1,111 +0,0 @@
-require 'helper'
-
-describe OmniAuth::AuthHash do
-  subject { OmniAuth::AuthHash.new }
-  it 'converts a supplied info key into an InfoHash object' do
-    subject.info = {:first_name => 'Awesome'}
-    expect(subject.info).to be_kind_of(OmniAuth::AuthHash::InfoHash)
-    expect(subject.info.first_name).to eq('Awesome')
-  end
-
-  describe '#valid?' do
-    subject { OmniAuth::AuthHash.new(:uid => '123', :provider => 'example', :info => {:name => 'Steven'}) }
-
-    it 'is valid with the right parameters' do
-      expect(subject).to be_valid
-    end
-
-    it 'requires a uid' do
-      subject.uid = nil
-      expect(subject).not_to be_valid
-    end
-
-    it 'requires a provider' do
-      subject.provider = nil
-      expect(subject).not_to be_valid
-    end
-
-    it 'requires a name in the user info hash' do
-      subject.info.name = nil
-      expect(subject).not_to be_valid
-    end
-  end
-
-  describe '#name' do
-    subject do
-      OmniAuth::AuthHash.new(
-        :info => {
-          :name => 'Phillip J. Fry',
-          :first_name => 'Phillip',
-          :last_name => 'Fry',
-          :nickname => 'meatbag',
-          :email => 'fry@planetexpress.com',
-        }
-      )
-    end
-
-    it 'defaults to the name key' do
-      expect(subject.info.name).to eq('Phillip J. Fry')
-    end
-
-    it 'falls back to go to first_name last_name concatenation' do
-      subject.info.name = nil
-      expect(subject.info.name).to eq('Phillip Fry')
-    end
-
-    it 'displays only a first or last name if only that is available' do
-      subject.info.name = nil
-      subject.info.first_name = nil
-      expect(subject.info.name).to eq('Fry')
-    end
-
-    it 'displays the nickname if no name, first, or last is available' do
-      subject.info.name = nil
-      %w(first_name last_name).each { |k| subject.info[k] = nil }
-      expect(subject.info.name).to eq('meatbag')
-    end
-
-    it 'displays the email if no name, first, last, or nick is available' do
-      subject.info.name = nil
-      %w(first_name last_name nickname).each { |k| subject.info[k] = nil }
-      expect(subject.info.name).to eq('fry@planetexpress.com')
-    end
-  end
-
-  describe '#to_hash' do
-    subject { OmniAuth::AuthHash.new(:uid => '123', :provider => 'test', :name => 'Example User') }
-    let(:hash) { subject.to_hash }
-
-    it 'is a plain old hash' do
-      expect(hash.class).to eq(::Hash)
-    end
-
-    it 'has string keys' do
-      expect(hash.keys).to be_include('uid')
-    end
-
-    it 'converts an info hash as well' do
-      subject.info = {:first_name => 'Example', :last_name => 'User'}
-      expect(subject.info.class).to eq(OmniAuth::AuthHash::InfoHash)
-      expect(subject.to_hash['info'].class).to eq(::Hash)
-    end
-
-    it 'supplies the calculated name in the converted hash' do
-      subject.info = {:first_name => 'Examplar', :last_name => 'User'}
-      expect(hash['info']['name']).to eq('Examplar User')
-    end
-
-    it "does not pollute the URL hash with 'name' etc" do
-      subject.info = {'urls' => {'Homepage' => 'http://homepage.com'}}
-      expect(subject.to_hash['info']['urls']).to eq('Homepage' => 'http://homepage.com')
-    end
-  end
-
-  describe OmniAuth::AuthHash::InfoHash do
-    describe '#valid?' do
-      it 'is valid if there is a name' do
-        expect(OmniAuth::AuthHash::InfoHash.new(:name => 'Awesome')).to be_valid
-      end
-    end
-  end
-end

data/spec/omniauth/builder_spec.rb

@@ -1,50 +0,0 @@
-require 'helper'
-
-describe OmniAuth::Builder do
-  describe '#provider' do
-    it 'translates a symbol to a constant' do
-      expect(OmniAuth::Strategies).to receive(:const_get).with('MyStrategy').and_return(Class.new)
-      OmniAuth::Builder.new(nil) do
-        provider :my_strategy
-      end
-    end
-
-    it 'accepts a class' do
-      class ExampleClass; end
-
-      expect do
-        OmniAuth::Builder.new(nil) do
-          provider ::ExampleClass
-        end
-      end.not_to raise_error
-    end
-
-    it "raises a helpful LoadError message if it can't find the class" do
-      expect do
-        OmniAuth::Builder.new(nil) do
-          provider :lorax
-        end
-      end.to raise_error(LoadError, 'Could not find matching strategy for :lorax. You may need to install an additional gem (such as omniauth-lorax).')
-    end
-  end
-
-  describe '#options' do
-    it 'merges provided options in' do
-      k = Class.new
-      b = OmniAuth::Builder.new(nil)
-      expect(b).to receive(:use).with(k, :foo => 'bar', :baz => 'tik')
-
-      b.options :foo => 'bar'
-      b.provider k, :baz => 'tik'
-    end
-
-    it 'adds an argument if no options are provided' do
-      k = Class.new
-      b = OmniAuth::Builder.new(nil)
-      expect(b).to receive(:use).with(k, :foo => 'bar')
-
-      b.options :foo => 'bar'
-      b.provider k
-    end
-  end
-end