omniauth 1.3.1 → 1.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 06e30f31bdee870b242a81af5c01e813539e8030
-  data.tar.gz: c417d4689e17580d7f018205c298f41d3ff3c644
+  metadata.gz: a60cc2e4ba6c8135e9707ee25a4075b2948c5ca7
+  data.tar.gz: 8e240213e8aa84d5f37e7f1de2fae934dbc5bb70
 SHA512:
-  metadata.gz: 2b3928add7b13234a4272afa70076b7e13c76256f9ca55c40aa50fd435f108609621b7ae0954407880a51422f5354b40b4332478e6df7f15cfc5cb16167e476a
-  data.tar.gz: a2706e7afe3eb62b911c151d216f2b22fa02b92f4c0e0aa08ad89fd627bb90ec8c5a2d8fc58b0bdbca87a664775ab7654ec3f83cf568581d3402d3d78b6189a0
+  metadata.gz: cab0699b737d95347ef012062ef88a1e4c73d961a7154345157b77be0e32212d5a4a32ccc645714024a1e645926d82d3b8e7a7644e159ac9f5015d9f195e249a
+  data.tar.gz: c68c617b16b9c9bba273c150604a9bc4ab832a1f18dbe0e09e88d39c07be772718ff681c293a25515d2fdf9701f7eb50cec88810188e3fc156842503cc623551

data/.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,20 @@
+Please complete all sections.
+
+### Configuration
+
+- Provider Gem: `omniauth-*`
+- Ruby Version: ``
+- Framework: ``
+- Platform: ``
+
+### Expected Behavior
+
+Tell us what should happen.
+
+### Actual Behavior
+
+Tell us what happens instead.
+
+### Steps to Reproduce
+
+Please list all steps to reproduce the issue.

data/.rubocop.yml

@@ -1,6 +1,24 @@
+AllCops:
+  TargetRubyVersion: 2.2
+
+Layout/AccessModifierIndentation:
+  EnforcedStyle: outdent
+
+Layout/AlignHash:
+  Enabled: false
+
+Layout/DotPosition:
+  EnforcedStyle: trailing
+
+Layout/SpaceInsideHashLiteralBraces:
+  EnforcedStyle: no_space
+
 Lint/HandleExceptions:
   Enabled: false
 
+Metrics/BlockLength:
+  Enabled: false
+
 Metrics/BlockNesting:
   Max: 2
 
@@ -19,9 +37,6 @@ Metrics/ParameterLists:
 Metrics/AbcSize:
   Enabled: false
 
-Style/AccessModifierIndentation:
-  EnforcedStyle: outdent
-
 Style/CollectionMethods:
   PreferredMethods:
     map:      'collect'
@@ -32,9 +47,6 @@ Style/CollectionMethods:
 Style/Documentation:
   Enabled: false
 
-Style/DotPosition:
-  EnforcedStyle: trailing
-
 Style/DoubleNegation:
   Enabled: false
 
@@ -44,6 +56,9 @@ Style/EachWithObject:
 Style/Encoding:
   Enabled: false
 
+Style/ExpandPathArguments:
+  Enabled: false
+
 Style/HashSyntax:
   EnforcedStyle: hash_rockets
 
@@ -52,6 +67,3 @@ Style/Lambda:
 
 Style/RaiseArgs:
   EnforcedStyle: compact
-
-Style/SpaceInsideHashLiteralBraces:
-  EnforcedStyle: no_space

data/.travis.yml

@@ -1,33 +1,25 @@
 bundler_args: --without development
-before_install: gem install bundler
+before_install:
+  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
+  - gem install bundler -v '1.17.3'
+install:
+ - bundle _1.17.3_ install --jobs=3 --retry=3
 cache: bundler
 env:
   global:
     - JRUBY_OPTS="$JRUBY_OPTS --debug"
-gemfile:
-  - Gemfile
-  - Gemfile.rack-1.3.x
 language: ruby
 rvm:
-  - jruby-18mode
-  - jruby-19mode
   - jruby-9000
-  - 1.8.7
-  - 1.9.3
-  - 2.0.0
-  - 2.1
-  - 2.2
+  - 2.2.9
+  - 2.3.5
+  - 2.4.4
+  - 2.5.3
   - jruby-head
-  - rbx-2
   - ruby-head
 matrix:
-  include:
-    - rvm: 2.2.2
-      gemfile: Gemfile.rack-master
   allow_failures:
     - rvm: jruby-head
-    - rvm: rbx-2
     - rvm: ruby-head
-    - gemfile: Gemfile.rack-master
   fast_finish: true
 sudo: false

data/Gemfile

@@ -1,24 +1,27 @@
 source 'https://rubygems.org'
 
-gem 'jruby-openssl', :platforms => :jruby
-gem 'rake'
-gem 'yard'
+gem 'jruby-openssl', '~> 0.9.19', :platforms => :jruby
+gem 'rake', '>= 12.0'
+gem 'yard', '>= 0.9.11'
 
 group :development do
+  gem 'benchmark-ips'
   gem 'kramdown'
+  gem 'memory_profiler'
   gem 'pry'
 end
 
 group :test do
-  gem 'coveralls'
-  gem 'hashie', '~> 2.0.5', :platforms => [:jruby_18, :ruby_18]
-  gem 'json', '>= 1.8.1', :platforms => [:jruby_18, :jruby_19, :ruby_18, :ruby_19]
-  gem 'mime-types', '~> 1.25', :platforms => [:jruby_18, :ruby_18]
+  gem 'coveralls', :require => false
+  gem 'hashie', '>= 3.4.6', '~> 4.0.0', :platforms => [:jruby_18]
+  gem 'json', '~> 2.0.3', :platforms => %i[jruby_18 jruby_19 ruby_19]
+  gem 'mime-types', '~> 3.1', :platforms => [:jruby_18]
+  gem 'rack', '>= 2.0.6', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20 ruby_21]
   gem 'rack-test'
-  gem 'rest-client', '~> 1.6.0', :platforms => [:jruby_18, :ruby_18]
-  gem 'rspec', '~> 3.0'
-  gem 'rubocop', '>= 0.25', :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22]
-  gem 'simplecov', '>= 0.9'
+  gem 'rest-client', '~> 2.0.0', :platforms => [:jruby_18]
+  gem 'rspec', '~> 3.5.0'
+  gem 'rubocop', '>= 0.58.2', '< 0.69.0', :platforms => %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
+  gem 'tins', '~> 1.13.0', :platforms => %i[jruby_18 jruby_19 ruby_19]
 end
 
 gemspec

data/LICENSE.md

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2013 Michael Bleigh and Intridea, Inc.
+Copyright (c) 2010-2017 Michael Bleigh and Intridea, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -1,22 +1,15 @@
 # OmniAuth: Standardized Multi-Provider Authentication
 
 [![Gem Version](http://img.shields.io/gem/v/omniauth.svg)][gem]
-[![Build Status](http://img.shields.io/travis/intridea/omniauth.svg)][travis]
-[![Dependency Status](http://img.shields.io/gemnasium/intridea/omniauth.svg)][gemnasium]
-[![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth.svg)][codeclimate]
-[![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth.svg)][coveralls]
-[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/intridea/omniauth/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
+[![Build Status](http://img.shields.io/travis/omniauth/omniauth.svg)][travis]
+[![Code Climate](http://img.shields.io/codeclimate/github/omniauth/omniauth.svg)][codeclimate]
+[![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth.svg)][coveralls]
+[![Security](https://hakiri.io/github/omniauth/omniauth/master.svg)](https://hakiri.io/github/omniauth/omniauth/master)
 
 [gem]: https://rubygems.org/gems/omniauth
-[travis]: http://travis-ci.org/intridea/omniauth
-[gemnasium]: https://gemnasium.com/intridea/omniauth
-[codeclimate]: https://codeclimate.com/github/intridea/omniauth
-[coveralls]: https://coveralls.io/r/intridea/omniauth
-
-**OmniAuth 1.0 has several breaking changes from version 0.x. You can set
-the dependency to `~> 0.3.2` if you do not wish to make the more difficult
-upgrade. See [the wiki](https://github.com/intridea/omniauth/wiki/Upgrading-to-1.0)
-for more information.**
+[travis]: http://travis-ci.org/omniauth/omniauth
+[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
+[coveralls]: https://coveralls.io/r/omniauth/omniauth
 
 ## An Introduction
 OmniAuth is a library that standardizes multi-provider authentication for
@@ -27,7 +20,7 @@ have been created for everything from Facebook to LDAP.
 
 In order to use OmniAuth in your applications, you will need to leverage
 one or more strategies. These strategies are generally released
-individually as RubyGems, and you can see a [community maintained list](https://github.com/intridea/omniauth/wiki/List-of-Strategies)
+individually as RubyGems, and you can see a [community maintained list](https://github.com/omniauth/omniauth/wiki/List-of-Strategies)
 on the wiki for this project.
 
 One strategy, called `Developer`, is included with OmniAuth and provides
@@ -120,13 +113,71 @@ Authentication Hash which will contain information about the just
 authenticated user including a unique id, the strategy they just used
 for authentication, and personal details such as name and email address
 as available. For an in-depth description of what the authentication
-hash might contain, see the [Auth Hash Schema wiki page](https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema).
+hash might contain, see the [Auth Hash Schema wiki page](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema).
 
 Note that OmniAuth does not perform any actions beyond setting some
 environment information on the callback request. It is entirely up to
 you how you want to implement the particulars of your application's
 authentication flow.
 
+**Please note:** there is currently a CSRF vulnerability which affects OmniAuth (designated [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284)) that requires mitigation at the application level. More details on how to do this can be found on the [Wiki](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284).
+
+## Configuring The `origin` Param
+The `origin` url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to.
+
+There are three possible options:
+
+Default Flow:
+```ruby
+# /auth/twitter/?origin=[URL]
+# No change
+# If blank, `omniauth.origin` is set to HTTP_REFERER
+```
+
+Renaming Origin Param:
+```ruby
+# /auth/twitter/?return_to=[URL]
+# If blank, `omniauth.origin` is set to HTTP_REFERER
+provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
+```
+
+Disabling Origin Param:
+```ruby
+# /auth/twitter
+# Origin handled externally, if need be. `omniauth.origin` is not set
+provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
+```
+
+## Integrating OmniAuth Into Your Rails API
+The following middleware are (by default) included for session management in
+Rails applications. When using OmniAuth with a Rails API, you'll need to add
+one of these required middleware back in:
+
+- `ActionDispatch::Session::CacheStore`
+- `ActionDispatch::Session::CookieStore`
+- `ActionDispatch::Session::MemCacheStore`
+
+The trick to adding these back in is that, by default, they are passed
+`session_options` when added (including the session key), so you can't just add
+a `session_store.rb` initializer, add `use ActionDispatch::Session::CookieStore`
+and have sessions functioning as normal.
+
+To be clear: sessions may work, but your session options will be ignored
+(i.e the session key will default to `_session_id`).  Instead of the
+initializer, you'll have to set the relevant options somewhere
+before your middleware is built (like `application.rb`) and pass them to your
+preferred middleware, like this:
+
+**application.rb:**
+
+```ruby
+config.session_store :cookie_store, key: '_interslice_session'
+config.middleware.use ActionDispatch::Cookies # Required for all session management
+config.middleware.use ActionDispatch::Session::CookieStore, config.session_options
+```
+
+(Thanks @mltsy)
+
 ## Logging
 OmniAuth supports a configurable logger. By default, OmniAuth will log
 to `STDOUT` but you can configure this using `OmniAuth.config.logger`:
@@ -137,13 +188,13 @@ OmniAuth.config.logger = Rails.logger
 ```
 
 ## Resources
-The [OmniAuth Wiki](https://github.com/intridea/omniauth/wiki) has
+The [OmniAuth Wiki](https://github.com/omniauth/omniauth/wiki) has
 actively maintained in-depth documentation for OmniAuth. It should be
 your first stop if you are wondering about a more in-depth look at
 OmniAuth, how it works, and how to use it.
 
 ## Supported Ruby Versions
-OmniAuth is tested under 1.8.7, 1.9.3, 2.0.0, 2.1.0, JRuby, and Rubinius.
+OmniAuth is tested under 2.1.10, 2.2.6, 2.3.3, 2.4.0, 2.5.0, and JRuby.
 
 ## Versioning
 This library aims to adhere to [Semantic Versioning 2.0.0][semver]. Violations
@@ -158,10 +209,10 @@ Constraint][pvc] with two digits of precision. For example:
     spec.add_dependency 'omniauth', '~> 1.0'
 
 [semver]: http://semver.org/
-[pvc]: http://docs.rubygems.org/read/chapter/16#page74
+[pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
 
 ## License
-Copyright (c) 2010-2013 Michael Bleigh and Intridea, Inc. See [LICENSE][] for
+Copyright (c) 2010-2017 Michael Bleigh and Intridea, Inc. See [LICENSE][] for
 details.
 
 [license]: LICENSE.md

data/Rakefile

@@ -10,8 +10,44 @@ begin
   RuboCop::RakeTask.new
 rescue LoadError
   task :rubocop do
-    $stderr.puts 'RuboCop is disabled'
+    warn 'RuboCop is disabled'
   end
 end
 
-task :default => [:spec, :rubocop]
+task :default => %i[spec rubocop]
+
+namespace :perf do
+  task :setup do
+    require 'omniauth'
+    require 'rack/test'
+    app = Rack::Builder.new do |b|
+      b.use Rack::Session::Cookie, :secret => 'abc123'
+      b.use OmniAuth::Strategies::Developer
+      b.run lambda { |_env| [200, {}, ['Not Found']] }
+    end.to_app
+    @app = Rack::MockRequest.new(app)
+
+    def call_app(path = ENV['GET_PATH'] || '/')
+      result = @app.get(path)
+      raise "Did not succeed #{result.body}" unless result.status == 200
+
+      result
+    end
+  end
+
+  task :ips => :setup do
+    require 'benchmark/ips'
+    Benchmark.ips do |x|
+      x.report('ips') { call_app }
+    end
+  end
+
+  task :mem => :setup do
+    require 'memory_profiler'
+    num = Integer(ENV['CNT'] || 1)
+    report = MemoryProfiler.report do
+      num.times { call_app }
+    end
+    report.pretty_print
+  end
+end

data/lib/omniauth.rb

@@ -41,7 +41,7 @@ module OmniAuth
         :form_css => Form::DEFAULT_CSS,
         :test_mode => false,
         :logger => default_logger,
-        :allowed_request_methods => [:get, :post],
+        :allowed_request_methods => %i[get post],
         :mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})}
       }
     end
@@ -132,7 +132,7 @@ module OmniAuth
   end
 
   module Utils
-  module_function
+  module_function # rubocop:disable Layout/IndentationWidth
 
     def form_css
       "<style type='text/css'>#{OmniAuth.config.form_css}</style>"
@@ -141,7 +141,7 @@ module OmniAuth
     def deep_merge(hash, other_hash)
       target = hash.dup
 
-      other_hash.keys.each do |key|
+      other_hash.each_key do |key|
         if other_hash[key].is_a?(::Hash) && hash[key].is_a?(::Hash)
           target[key] = deep_merge(target[key], other_hash[key])
           next

data/lib/omniauth/auth_hash.rb

@@ -1,11 +1,11 @@
-require 'hashie/mash'
+require 'omniauth/key_store'
 
 module OmniAuth
   # The AuthHash is a normalized schema returned by all OmniAuth
   # strategies. It maps as much user information as the provider
   # is able to provide into the InfoHash (stored as the `'info'`
   # key).
-  class AuthHash < Hashie::Mash
+  class AuthHash < OmniAuth::KeyStore
     def self.subkey_class
       Hashie::Mash
     end
@@ -20,13 +20,11 @@ module OmniAuth
     end
 
     def regular_writer(key, value)
-      if key.to_s == 'info' && !value.is_a?(InfoHash)
-        value = InfoHash.new(value)
-      end
+      value = InfoHash.new(value) if key.to_s == 'info' && value.is_a?(::Hash) && !value.is_a?(InfoHash)
       super
     end
 
-    class InfoHash < Hashie::Mash
+    class InfoHash < OmniAuth::KeyStore
       def self.subkey_class
         Hashie::Mash
       end
@@ -36,13 +34,14 @@ module OmniAuth
         return "#{first_name} #{last_name}".strip if first_name? || last_name?
         return nickname if nickname?
         return email if email?
+
         nil
       end
 
       def name?
         !!name
       end
-      alias_method :valid?, :name?
+      alias valid? name?
 
       def to_hash
         hash = super

data/lib/omniauth/builder.rb

@@ -1,24 +1,5 @@
 module OmniAuth
   class Builder < ::Rack::Builder
-    def initialize(app, &block)
-      @options = nil
-      if rack14? || rack2?
-        super
-      else
-        @app = app
-        super(&block)
-        @ins << @app
-      end
-    end
-
-    def rack14?
-      Rack.release.start_with?('1.') && (Rack.release.split('.')[1].to_i >= 4)
-    end
-
-    def rack2?
-      Rack.release.start_with? '2.'
-    end
-
     def on_failure(&block)
       OmniAuth.config.on_failure = block
     end
@@ -40,7 +21,8 @@ module OmniAuth
     end
 
     def options(options = false)
-      return @options || {} if options == false
+      return @options ||= {} if options == false
+
       @options = options
     end
 
@@ -49,7 +31,7 @@ module OmniAuth
         middleware = klass
       else
         begin
-          middleware = OmniAuth::Strategies.const_get("#{OmniAuth::Utils.camelize(klass.to_s)}")
+          middleware = OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(klass.to_s).to_s)
         rescue NameError
           raise(LoadError.new("Could not find matching strategy for #{klass.inspect}. You may need to install an additional gem (such as omniauth-#{klass})."))
         end

data/lib/omniauth/failure_endpoint.rb

@@ -22,7 +22,7 @@ module OmniAuth
     end
 
     def raise_out!
-      fail(env['omniauth.error'] || OmniAuth::Error.new(env['omniauth.error.type']))
+      raise(env['omniauth.error'] || OmniAuth::Error.new(env['omniauth.error.type']))
     end
 
     def redirect_to_failure
@@ -33,11 +33,13 @@ module OmniAuth
 
     def strategy_name_query_param
       return '' unless env['omniauth.error.strategy']
+
       "&strategy=#{env['omniauth.error.strategy'].name}"
     end
 
     def origin_query_param
       return '' unless env['omniauth.origin']
+
       "&origin=#{Rack::Utils.escape(env['omniauth.origin'])}"
     end
   end

data/lib/omniauth/form.css

@@ -56,7 +56,7 @@ input {
 }
 
 input#identifier, input#openid_url {
-  background: url(http://openid.net/login-bg.gif) no-repeat;
+  background: url(https://openid.net/images/login-bg.gif) no-repeat;
   background-position: 0 50%;
   padding-left: 18px;
 }

data/lib/omniauth/form.rb

@@ -82,6 +82,7 @@ module OmniAuth
 
     def footer
       return self if @footer
+
       @html << "\n<button type='submit'>Connect</button>" unless @with_custom_button
       @html << <<-HTML
       </form>

data/lib/omniauth/key_store.rb

@@ -0,0 +1,22 @@
+require 'hashie/mash'
+
+module OmniAuth
+  # Generic helper hash that allows method access on deeply nested keys.
+  class KeyStore < ::Hashie::Mash
+    # Disables warnings on Hashie 3.5.0+ for overwritten keys
+    def self.override_logging
+      require 'hashie/version'
+      return unless Gem::Version.new(Hashie::VERSION) >= Gem::Version.new('3.5.0')
+
+      if respond_to?(:disable_warnings)
+        disable_warnings
+      else
+        define_method(:log_built_in_message) { |*| }
+        private :log_built_in_message
+      end
+    end
+
+    # Disable on loading of the class
+    override_logging
+  end
+end

data/lib/omniauth/strategies/developer.rb

@@ -31,7 +31,7 @@ module OmniAuth
     class Developer
       include OmniAuth::Strategy
 
-      option :fields, [:name, :email]
+      option :fields, %i[name email]
       option :uid_field, :email
 
       def request_phase

data/lib/omniauth/strategy.rb

@@ -1,4 +1,4 @@
-require 'hashie/mash'
+require 'omniauth/key_store'
 
 module OmniAuth
   class NoSessionError < StandardError; end
@@ -14,6 +14,7 @@ module OmniAuth
       base.class_eval do
         option :setup, false
         option :skip_info, false
+        option :origin_param, 'origin'
       end
     end
 
@@ -21,9 +22,9 @@ module OmniAuth
       # Returns an inherited set of default options set at the class-level
       # for each strategy.
       def default_options
-        return @default_options if instance_variable_defined?(:@default_options) && @default_options
+        # existing = superclass.default_options if superclass.respond_to?(:default_options)
         existing = superclass.respond_to?(:default_options) ? superclass.default_options : {}
-        @default_options = OmniAuth::Strategy::Options.new(existing)
+        @default_options ||= OmniAuth::Strategy::Options.new(existing)
       end
 
       # This allows for more declarative subclassing of strategies by allowing
@@ -87,10 +88,13 @@ module OmniAuth
         (instance_variable_defined?(:@args) && @args) || existing
       end
 
-      %w(uid info extra credentials).each do |fetcher|
-        class_eval <<-RUBY
+      %w[uid info extra credentials].each do |fetcher|
+        class_eval <<-RUBY, __FILE__, __LINE__ + 1
+          attr_reader :#{fetcher}_proc
+          private :#{fetcher}_proc
+
           def #{fetcher}(&block)
-            return @#{fetcher}_proc unless block_given?
+            return #{fetcher}_proc unless block_given?
             @#{fetcher}_proc = block
           end
 
@@ -132,15 +136,16 @@ module OmniAuth
       @options = self.class.default_options.dup
 
       options.deep_merge!(args.pop) if args.last.is_a?(Hash)
-      options.name ||= self.class.to_s.split('::').last.downcase
+      options[:name] ||= self.class.to_s.split('::').last.downcase
 
       self.class.args.each do |arg|
         break if args.empty?
+
         options[arg] = args.shift
       end
 
       # Make sure that all of the args have been dealt with, otherwise error out.
-      fail(ArgumentError.new("Received wrong number of arguments. #{args.inspect}")) unless args.empty?
+      raise(ArgumentError.new("Received wrong number of arguments. #{args.inspect}")) unless args.empty?
 
       yield options if block_given?
     end
@@ -172,7 +177,7 @@ module OmniAuth
     def call!(env) # rubocop:disable CyclomaticComplexity, PerceivedComplexity
       unless env['rack.session']
         error = OmniAuth::NoSessionError.new('You must provide a session to use OmniAuth.')
-        fail(error)
+        raise(error)
       end
 
       @env = env
@@ -183,6 +188,7 @@ module OmniAuth
       return request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
       return callback_call if on_callback_path?
       return other_phase if respond_to?(:other_phase)
+
       @app.call(env)
     end
 
@@ -197,21 +203,26 @@ module OmniAuth
     def request_call # rubocop:disable CyclomaticComplexity, MethodLength, PerceivedComplexity
       setup_phase
       log :info, 'Request phase initiated.'
+
       # store query params from the request url, extracted in the callback_phase
-      session['omniauth.params'] = request.params
+      session['omniauth.params'] = request.GET
       OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
+
       if options.form.respond_to?(:call)
         log :info, 'Rendering form from supplied Rack endpoint.'
         options.form.call(env)
       elsif options.form
         log :info, 'Rendering form from underlying application.'
         call_app!
+      elsif !options.origin_param
+        request_phase
       else
-        if request.params['origin']
-          env['rack.session']['omniauth.origin'] = request.params['origin']
+        if request.params[options.origin_param]
+          env['rack.session']['omniauth.origin'] = request.params[options.origin_param]
         elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
           env['rack.session']['omniauth.origin'] = env['HTTP_REFERER']
         end
+
         request_phase
       end
     end
@@ -234,8 +245,8 @@ module OmniAuth
     end
 
     def on_request_path?
-      if options.request_path.respond_to?(:call)
-        options.request_path.call(env)
+      if options[:request_path].respond_to?(:call)
+        options[:request_path].call(env)
       else
         on_path?(request_path)
       end
@@ -246,7 +257,7 @@ module OmniAuth
     end
 
     def on_path?(path)
-      current_path.casecmp(path) == 0
+      current_path.casecmp(path).zero?
     end
 
     def options_request?
@@ -257,20 +268,23 @@ module OmniAuth
     # in the event that OmniAuth has been configured to be
     # in test mode.
     def mock_call!(*)
-      return mock_request_call if on_request_path?
+      return mock_request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
       return mock_callback_call if on_callback_path?
+
       call_app!
     end
 
     def mock_request_call
       setup_phase
 
-      session['omniauth.params'] = request.params
+      session['omniauth.params'] = request.GET
       OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
-      if request.params['origin']
-        @env['rack.session']['omniauth.origin'] = request.params['origin']
-      elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
-        @env['rack.session']['omniauth.origin'] = env['HTTP_REFERER']
+      if options.origin_param
+        if request.params[options.origin_param]
+          session['omniauth.origin'] = request.params[options.origin_param]
+        elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
+          session['omniauth.origin'] = env['HTTP_REFERER']
+        end
       end
 
       redirect(callback_url)
@@ -280,12 +294,13 @@ module OmniAuth
       setup_phase
       @env['omniauth.origin'] = session.delete('omniauth.origin')
       @env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
+      @env['omniauth.params'] = session.delete('omniauth.params') || {}
+
       mocked_auth = OmniAuth.mock_auth_for(name.to_s)
       if mocked_auth.is_a?(Symbol)
         fail!(mocked_auth)
       else
         @env['omniauth.auth'] = mocked_auth
-        @env['omniauth.params'] = session.delete('omniauth.params') || {}
         OmniAuth.config.before_callback_phase.call(@env) if OmniAuth.config.before_callback_phase
         call_app!
       end
@@ -299,7 +314,7 @@ module OmniAuth
       if options[:setup].respond_to?(:call)
         log :info, 'Setup endpoint detected, running now.'
         options[:setup].call(env)
-      elsif options.setup?
+      elsif options[:setup]
         log :info, 'Calling through to underlying application for setup.'
         setup_env = env.merge('PATH_INFO' => setup_path, 'REQUEST_METHOD' => 'GET')
         call_app!(setup_env)
@@ -310,7 +325,7 @@ module OmniAuth
     # perform any information gathering you need to be able to authenticate
     # the user in this phase.
     def request_phase
-      fail(NotImplementedError)
+      raise(NotImplementedError)
     end
 
     def uid
@@ -347,14 +362,10 @@ module OmniAuth
     #
     #   use MyStrategy, :skip_info => lambda{|uid| User.find_by_uid(uid)}
     def skip_info?
-      if options.skip_info?
-        if options.skip_info.respond_to?(:call)
-          return options.skip_info.call(uid)
-        else
-          return true
-        end
-      end
-      false
+      return false unless options.skip_info?
+      return true unless options.skip_info.respond_to?(:call)
+
+      options.skip_info.call(uid)
     end
 
     def callback_phase
@@ -370,6 +381,7 @@ module OmniAuth
       if options[kind].respond_to?(:call)
         result = options[kind].call(env)
         return nil unless result.is_a?(String)
+
         result
       else
         options[kind]
@@ -394,7 +406,7 @@ module OmniAuth
       options[:setup_path] || "#{path_prefix}/#{name}/setup"
     end
 
-    CURRENT_PATH_REGEX = %r{/$}
+    CURRENT_PATH_REGEX = %r{/$}.freeze
     EMPTY_STRING       = ''.freeze
     def current_path
       @current_path ||= request.path_info.downcase.sub(CURRENT_PATH_REGEX, EMPTY_STRING)
@@ -445,7 +457,7 @@ module OmniAuth
     end
 
     def name
-      options.name
+      options[:name]
     end
 
     def redirect(uri)
@@ -485,7 +497,7 @@ module OmniAuth
       end
     end
 
-    class Options < Hashie::Mash; end
+    class Options < OmniAuth::KeyStore; end
 
   protected
 

data/lib/omniauth/test/strategy_test_case.rb

@@ -10,7 +10,7 @@ module OmniAuth
     #     include OmniAuth::Test::StrategyTestCase
     #     def strategy
     #       # return the parameters to a Rack::Builder map call:
-    #       [MyStrategy.new, :some, :configuration, :options => 'here']
+    #       [MyStrategy, :some, :configuration, :options => 'here']
     #     end
     #     setup do
     #       post '/auth/my_strategy/callback', :user => { 'name' => 'Dylan', 'id' => '445' }
@@ -37,7 +37,7 @@ module OmniAuth
 
       def strategy
         error = NotImplementedError.new('Including specs must define #strategy')
-        fail(error)
+        raise(error)
       end
     end
   end

data/lib/omniauth/version.rb

@@ -1,3 +1,3 @@
 module OmniAuth
-  VERSION = '1.3.1'
+  VERSION = '1.9.1'.freeze
 end

data/omniauth.gemspec

@@ -1,21 +1,24 @@
 # coding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'omniauth/version'
 
 Gem::Specification.new do |spec|
-  spec.add_dependency 'hashie', ['>= 1.2', '< 4']
-  spec.add_dependency 'rack', ['>= 1.0', '< 3']
-  spec.add_development_dependency 'bundler', '~> 1.0'
+  spec.add_dependency 'hashie', ['>= 3.4.6']
+  spec.add_dependency 'rack', ['>= 1.6.2', '< 3']
+  spec.add_development_dependency 'bundler', '~> 1.14'
+  spec.add_development_dependency 'rake', '~> 12.0'
   spec.authors       = ['Michael Bleigh', 'Erik Michaels-Ober', 'Tom Milewski']
   spec.description   = 'A generalized Rack framework for multiple-provider authentication.'
   spec.email         = ['michael@intridea.com', 'sferik@gmail.com', 'tmilewski@gmail.com']
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.start_with?('spec/') }
-  spec.homepage      = 'http://github.com/intridea/omniauth'
-  spec.licenses      = %w(MIT)
+  spec.homepage      = 'https://github.com/omniauth/omniauth'
+  spec.licenses      = %w[MIT]
   spec.name          = 'omniauth'
-  spec.require_paths = %w(lib)
+  spec.require_paths = %w[lib]
   spec.required_rubygems_version = '>= 1.3.5'
+  spec.required_ruby_version = '>= 2.2'
   spec.summary       = spec.description
   spec.version       = OmniAuth::VERSION
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.9.1
 platform: ruby
 authors:
 - Michael Bleigh
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-20 00:00:00.000000000 Z
+date: 2020-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hashie
@@ -18,27 +18,21 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.2'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '4'
+        version: 3.4.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.2'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '4'
+        version: 3.4.6
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 1.6.2
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -48,7 +42,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 1.6.2
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -58,14 +52,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.14'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '12.0'
 description: A generalized Rack framework for multiple-provider authentication.
 email:
 - michael@intridea.com
@@ -75,14 +83,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/ISSUE_TEMPLATE.md"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
 - ".yardopts"
 - Gemfile
-- Gemfile.rack-1.3.x
-- Gemfile.rack-master
 - LICENSE.md
 - README.md
 - Rakefile
@@ -92,6 +99,7 @@ files:
 - lib/omniauth/failure_endpoint.rb
 - lib/omniauth/form.css
 - lib/omniauth/form.rb
+- lib/omniauth/key_store.rb
 - lib/omniauth/strategies/developer.rb
 - lib/omniauth/strategy.rb
 - lib/omniauth/test.rb
@@ -100,7 +108,7 @@ files:
 - lib/omniauth/test/strategy_test_case.rb
 - lib/omniauth/version.rb
 - omniauth.gemspec
-homepage: http://github.com/intridea/omniauth
+homepage: https://github.com/omniauth/omniauth
 licenses:
 - MIT
 metadata: {}
@@ -112,7 +120,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -120,9 +128,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.5
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.14.4
 signing_key: 
 specification_version: 4
 summary: A generalized Rack framework for multiple-provider authentication.
 test_files: []
-has_rdoc: 

data/Gemfile.rack-1.3.x

@@ -1,20 +0,0 @@
-source 'https://rubygems.org'
-
-gem 'jruby-openssl', :platforms => :jruby
-gem 'rack', '~> 1.3.0'
-gem 'rake'
-gem 'yard'
-
-group :test do
-  gem 'coveralls'
-  gem 'hashie', '~> 2.0.5', :platforms => [:jruby_18, :ruby_18]
-  gem 'json', '>= 1.8.1', :platforms => [:jruby_18, :jruby_18, :ruby_18, :ruby_19]
-  gem 'mime-types', '~> 1.25', :platforms => [:jruby_18, :ruby_18]
-  gem 'rack-test'
-  gem 'rest-client', '~> 1.6.0', :platforms => [:jruby_18, :ruby_18]
-  gem 'rspec', '~> 3.0'
-  gem 'rubocop', '>= 0.25', :platforms => [:ruby_19, :ruby_20, :ruby_21]
-  gem 'simplecov', '>= 0.9'
-end
-
-gemspec

data/Gemfile.rack-master

@@ -1,16 +0,0 @@
-source 'https://rubygems.org'
-
-gem 'jruby-openssl', :platforms => :jruby
-gem 'rack', :git => 'https://github.com/rack/rack.git'
-gem 'rake'
-gem 'yard'
-
-group :test do
-  gem 'coveralls'
-  gem 'rack-test'
-  gem 'rspec', '~> 3.0'
-  gem 'rubocop', '>= 0.25'
-  gem 'simplecov', '>= 0.9'
-end
-
-gemspec