omniauth 1.8.0 → 2.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/FUNDING.yml +2 -0
- data/.github/workflows/jruby.yml +30 -0
- data/.github/workflows/main.yml +67 -0
- data/.github/workflows/truffle_ruby.yml +26 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +9 -0
- data/Gemfile +12 -11
- data/README.md +111 -53
- data/Rakefile +1 -0
- data/SECURITY.md +18 -0
- data/lib/omniauth/auth_hash.rb +2 -3
- data/lib/omniauth/authenticity_token_protection.rb +32 -0
- data/lib/omniauth/builder.rb +5 -24
- data/lib/omniauth/failure_endpoint.rb +12 -1
- data/lib/omniauth/form.rb +2 -1
- data/lib/omniauth/strategy.rb +86 -28
- data/lib/omniauth/version.rb +1 -1
- data/lib/omniauth.rb +19 -7
- data/omniauth.gemspec +5 -4
- metadata +28 -22
- data/.travis.yml +0 -24
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 6cb3de3ad6a305065fef63ef3a4344db5bcb3b27694b9283b34df9b60db53071
|
4
|
+
data.tar.gz: 2f2534e820313a07c1ff46e515b9e07124de20324df8c76735dd121c17c02bf3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e05402733493a06ee4e3c26b30431d0a89c4883350ce4cedad9af29151d6310f0a106f79291c4d634ba955e4618b9be7c796942b08adcee4b6730396f1c1a7af
|
7
|
+
data.tar.gz: 052fca22fac4152907799ab29e112230ad972f227e49616f5537c12a4d000e702c1bbb3b184f0ee29f09a96a1d7a6fe4dbd82e32c5e167269048979993236f3f
|
data/.github/FUNDING.yml
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
name: JRuby
|
2
|
+
on:
|
3
|
+
push:
|
4
|
+
branches: [ master ]
|
5
|
+
pull_request:
|
6
|
+
branches: [ master ]
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
test:
|
10
|
+
runs-on: ubuntu-18.04
|
11
|
+
strategy:
|
12
|
+
fail-fast: false
|
13
|
+
matrix:
|
14
|
+
os: [ubuntu, macos]
|
15
|
+
jruby: [jruby] # TODO: Add back jruby-head once we figure out why there's a bundler mismatch
|
16
|
+
steps:
|
17
|
+
- uses: actions/checkout@v2
|
18
|
+
- name: Set up Ruby
|
19
|
+
uses: ruby/setup-ruby@v1
|
20
|
+
with:
|
21
|
+
ruby-version: ${{ matrix.jruby }}
|
22
|
+
bundler-cache: true
|
23
|
+
- name: Install dependencies
|
24
|
+
env:
|
25
|
+
JRUBY_OPTS: --debug
|
26
|
+
run: bundle install
|
27
|
+
- name: Run tests
|
28
|
+
env:
|
29
|
+
JRUBY_OPTS: --debug
|
30
|
+
run: bundle exec rake
|
@@ -0,0 +1,67 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ master ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ master ]
|
15
|
+
|
16
|
+
jobs:
|
17
|
+
test:
|
18
|
+
runs-on: ubuntu-18.04
|
19
|
+
strategy:
|
20
|
+
fail-fast: false
|
21
|
+
matrix:
|
22
|
+
os: [ubuntu, macos]
|
23
|
+
ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug]
|
24
|
+
steps:
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
- name: Set up Ruby
|
27
|
+
uses: ruby/setup-ruby@v1
|
28
|
+
with:
|
29
|
+
ruby-version: ${{ matrix.ruby }}
|
30
|
+
bundler-cache: true
|
31
|
+
- name: Install dependencies
|
32
|
+
run: bundle install
|
33
|
+
- name: Run tests
|
34
|
+
run: bundle exec rake
|
35
|
+
frozen-string-compat:
|
36
|
+
runs-on: ubuntu-18.04
|
37
|
+
steps:
|
38
|
+
- uses: actions/checkout@v2
|
39
|
+
- name: Set up Ruby
|
40
|
+
uses: ruby/setup-ruby@v1
|
41
|
+
with:
|
42
|
+
ruby-version: 2.6
|
43
|
+
bundler-cache: true
|
44
|
+
- name: Install dependencies
|
45
|
+
run: bundle install
|
46
|
+
- name: Run tests
|
47
|
+
env:
|
48
|
+
RUBYOPT: "--enable-frozen-string-literal"
|
49
|
+
run: bundle exec rake
|
50
|
+
coveralls:
|
51
|
+
runs-on: ubuntu-18.04
|
52
|
+
steps:
|
53
|
+
- uses: actions/checkout@v2
|
54
|
+
- name: Set up Ruby
|
55
|
+
uses: ruby/setup-ruby@v1
|
56
|
+
with:
|
57
|
+
ruby-version: 2.6
|
58
|
+
bundler-cache: true
|
59
|
+
- name: Install dependencies
|
60
|
+
run: bundle install
|
61
|
+
- name: Run tests
|
62
|
+
run: bundle exec rake
|
63
|
+
- name: Coveralls GitHub Action
|
64
|
+
uses: coverallsapp/github-action@v1.1.2
|
65
|
+
with:
|
66
|
+
github-token: ${{ secrets.github_token }}
|
67
|
+
path-to-lcov: './coverage/lcov/omniauth.lcov'
|
@@ -0,0 +1,26 @@
|
|
1
|
+
name: TruffleRuby
|
2
|
+
on:
|
3
|
+
push:
|
4
|
+
branches: [ master ]
|
5
|
+
pull_request:
|
6
|
+
branches: [ master ]
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
test:
|
10
|
+
runs-on: ubuntu-18.04
|
11
|
+
strategy:
|
12
|
+
fail-fast: false
|
13
|
+
matrix:
|
14
|
+
os: [ubuntu, macos]
|
15
|
+
ruby: [truffleruby, truffleruby-head]
|
16
|
+
steps:
|
17
|
+
- uses: actions/checkout@v2
|
18
|
+
- name: Set up Ruby
|
19
|
+
uses: ruby/setup-ruby@v1
|
20
|
+
with:
|
21
|
+
ruby-version: ${{ matrix.ruby }}
|
22
|
+
bundler-cache: true
|
23
|
+
- name: Install dependencies
|
24
|
+
run: bundle install
|
25
|
+
- name: Run tests
|
26
|
+
run: bundle exec rake
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -1,6 +1,12 @@
|
|
1
|
+
AllCops:
|
2
|
+
TargetRubyVersion: 2.2
|
3
|
+
|
1
4
|
Layout/AccessModifierIndentation:
|
2
5
|
EnforcedStyle: outdent
|
3
6
|
|
7
|
+
Layout/AlignHash:
|
8
|
+
Enabled: false
|
9
|
+
|
4
10
|
Layout/DotPosition:
|
5
11
|
EnforcedStyle: trailing
|
6
12
|
|
@@ -50,6 +56,9 @@ Style/EachWithObject:
|
|
50
56
|
Style/Encoding:
|
51
57
|
Enabled: false
|
52
58
|
|
59
|
+
Style/ExpandPathArguments:
|
60
|
+
Enabled: false
|
61
|
+
|
53
62
|
Style/HashSyntax:
|
54
63
|
EnforcedStyle: hash_rockets
|
55
64
|
|
data/Gemfile
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gem 'jruby-openssl', '~> 0.
|
3
|
+
gem 'jruby-openssl', '~> 0.10.5', platforms: :jruby
|
4
4
|
gem 'rake', '>= 12.0'
|
5
|
-
gem 'yard', '>= 0.9'
|
5
|
+
gem 'yard', '>= 0.9.11'
|
6
6
|
|
7
7
|
group :development do
|
8
8
|
gem 'benchmark-ips'
|
@@ -12,16 +12,17 @@ group :development do
|
|
12
12
|
end
|
13
13
|
|
14
14
|
group :test do
|
15
|
-
gem '
|
16
|
-
gem 'hashie', '>= 3.4.6', '
|
17
|
-
gem 'json', '~> 2.0
|
18
|
-
gem 'mime-types', '~> 3.1', :
|
19
|
-
gem 'rack', '>= 1.6.2', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20 ruby_21]
|
15
|
+
gem 'coveralls_reborn', '~> 0.19.0', require: false
|
16
|
+
gem 'hashie', '>= 3.4.6', '~> 4.0.0', platforms: [:jruby_18]
|
17
|
+
gem 'json', '~> 2.3.0', platforms: %i[jruby_18 jruby_19 ruby_19]
|
18
|
+
gem 'mime-types', '~> 3.1', platforms: [:jruby_18]
|
20
19
|
gem 'rack-test'
|
21
|
-
gem 'rest-client', '~> 2.0.0', :
|
22
|
-
gem 'rspec', '~> 3.5
|
23
|
-
gem '
|
24
|
-
gem '
|
20
|
+
gem 'rest-client', '~> 2.0.0', platforms: [:jruby_18]
|
21
|
+
gem 'rspec', '~> 3.5'
|
22
|
+
gem 'rack-freeze'
|
23
|
+
gem 'rubocop', '>= 0.58.2', '< 0.69.0', platforms: %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
|
24
|
+
gem 'simplecov-lcov'
|
25
|
+
gem 'tins', '~> 1.13', platforms: %i[jruby_18 jruby_19 ruby_19]
|
25
26
|
end
|
26
27
|
|
27
28
|
gemspec
|
data/README.md
CHANGED
@@ -1,18 +1,22 @@
|
|
1
1
|
# OmniAuth: Standardized Multi-Provider Authentication
|
2
2
|
|
3
3
|
[![Gem Version](http://img.shields.io/gem/v/omniauth.svg)][gem]
|
4
|
-
[![
|
5
|
-
[![
|
6
|
-
[![
|
4
|
+
[![Ruby](https://github.com/omniauth/omniauth/actions/workflows/main.yml/badge.svg)][githubactions]
|
5
|
+
[![TruffleRuby](https://github.com/omniauth/omniauth/actions/workflows/truffle_ruby.yml/badge.svg)][githubactionstruffle]
|
6
|
+
[![JRuby](https://github.com/omniauth/omniauth/actions/workflows/jruby.yml/badge.svg)][githubactionsjruby]
|
7
|
+
[![Code Climate](https://api.codeclimate.com/v1/badges/ffd33970723587806744/maintainability)][codeclimate]
|
7
8
|
[![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth.svg)][coveralls]
|
8
|
-
[![Security](https://hakiri.io/github/omniauth/omniauth/master.svg)](https://hakiri.io/github/omniauth/omniauth/master)
|
9
9
|
|
10
10
|
[gem]: https://rubygems.org/gems/omniauth
|
11
|
-
[
|
12
|
-
[
|
11
|
+
[githubactions]: https://github.com/omniauth/omniauth/actions/workflows/main.yml
|
12
|
+
[githubactionstruffle]: https://github.com/omniauth/omniauth/actions/workflows/truffle_ruby.yml
|
13
|
+
[githubactionsjruby]: https://github.com/omniauth/omniauth/actions/workflows/jruby.yml
|
13
14
|
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
|
14
15
|
[coveralls]: https://coveralls.io/r/omniauth/omniauth
|
15
16
|
|
17
|
+
This is the documentation for the in-development branch of OmniAuth.
|
18
|
+
You can find the documentation for the latest stable release [here](https://github.com/omniauth/omniauth/tree/v2.1.1)
|
19
|
+
|
16
20
|
## An Introduction
|
17
21
|
OmniAuth is a library that standardizes multi-provider authentication for
|
18
22
|
web applications. It was created to be powerful, flexible, and do as
|
@@ -34,8 +38,8 @@ development and easily swap in other strategies later.
|
|
34
38
|
## Getting Started
|
35
39
|
Each OmniAuth strategy is a Rack Middleware. That means that you can use
|
36
40
|
it the same way that you use any other Rack middleware. For example, to
|
37
|
-
use the built-in Developer strategy in a Sinatra application
|
38
|
-
this:
|
41
|
+
use the built-in Developer strategy in a Sinatra application you might
|
42
|
+
do this:
|
39
43
|
|
40
44
|
```ruby
|
41
45
|
require 'sinatra'
|
@@ -47,7 +51,7 @@ class MyApplication < Sinatra::Base
|
|
47
51
|
end
|
48
52
|
```
|
49
53
|
|
50
|
-
Because OmniAuth is built for *multi-provider* authentication,
|
54
|
+
Because OmniAuth is built for *multi-provider* authentication, you may
|
51
55
|
want to leave room to run multiple strategies. For this, the built-in
|
52
56
|
`OmniAuth::Builder` class gives you an easy way to specify multiple
|
53
57
|
strategies. Note that there is **no difference** between the following
|
@@ -84,33 +88,9 @@ environment of a request to `/auth/:provider/callback`. This hash
|
|
84
88
|
contains as much information about the user as OmniAuth was able to
|
85
89
|
glean from the utilized strategy. You should set up an endpoint in your
|
86
90
|
application that matches to the callback URL and then performs whatever
|
87
|
-
steps are necessary for your application.
|
88
|
-
would add a line in my `routes.rb` file like this:
|
89
|
-
|
90
|
-
```ruby
|
91
|
-
get '/auth/:provider/callback', to: 'sessions#create'
|
92
|
-
```
|
93
|
-
|
94
|
-
And I might then have a `SessionsController` with code that looks
|
95
|
-
something like this:
|
96
|
-
|
97
|
-
```ruby
|
98
|
-
class SessionsController < ApplicationController
|
99
|
-
def create
|
100
|
-
@user = User.find_or_create_from_auth_hash(auth_hash)
|
101
|
-
self.current_user = @user
|
102
|
-
redirect_to '/'
|
103
|
-
end
|
104
|
-
|
105
|
-
protected
|
106
|
-
|
107
|
-
def auth_hash
|
108
|
-
request.env['omniauth.auth']
|
109
|
-
end
|
110
|
-
end
|
111
|
-
```
|
91
|
+
steps are necessary for your application.
|
112
92
|
|
113
|
-
The `omniauth.auth` key in the environment hash
|
93
|
+
The `omniauth.auth` key in the environment hash provides an
|
114
94
|
Authentication Hash which will contain information about the just
|
115
95
|
authenticated user including a unique id, the strategy they just used
|
116
96
|
for authentication, and personal details such as name and email address
|
@@ -122,33 +102,74 @@ environment information on the callback request. It is entirely up to
|
|
122
102
|
you how you want to implement the particulars of your application's
|
123
103
|
authentication flow.
|
124
104
|
|
125
|
-
##
|
126
|
-
The `origin` url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to.
|
105
|
+
## rack_csrf
|
127
106
|
|
128
|
-
|
107
|
+
`omniauth` is not OOTB-compatible with [rack_csrf](https://github.com/baldowl/rack_csrf). In order to do so, the following code needs to be added to the application bootstrapping code:
|
129
108
|
|
130
|
-
Default Flow:
|
131
109
|
```ruby
|
132
|
-
|
133
|
-
# No change
|
134
|
-
# If blank, `omniauth.origin` is set to HTTP_REFERER
|
110
|
+
OmniAuth::AuthenticityTokenProtection.default_options(key: "csrf.token", authenticity_param: "_csrf")
|
135
111
|
```
|
136
112
|
|
137
|
-
|
113
|
+
## Rails (without Devise)
|
114
|
+
To get started, add the following gems
|
115
|
+
|
116
|
+
**Gemfile**:
|
138
117
|
```ruby
|
139
|
-
|
140
|
-
|
141
|
-
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
|
118
|
+
gem 'omniauth'
|
119
|
+
gem "omniauth-rails_csrf_protection"
|
142
120
|
```
|
143
121
|
|
144
|
-
|
122
|
+
Then insert OmniAuth as a middleware
|
123
|
+
|
124
|
+
**config/initializers/omniauth.rb**:
|
145
125
|
```ruby
|
146
|
-
|
147
|
-
|
148
|
-
|
126
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
127
|
+
provider :developer if Rails.env.development?
|
128
|
+
end
|
149
129
|
```
|
150
130
|
|
151
|
-
|
131
|
+
Additional providers can be added here in the future. Next we wire it
|
132
|
+
all up using routes, a controller and a login view.
|
133
|
+
|
134
|
+
**config/routes.rb**:
|
135
|
+
|
136
|
+
```ruby
|
137
|
+
get 'auth/:provider/callback', to: 'sessions#create'
|
138
|
+
get '/login', to: 'sessions#new'
|
139
|
+
```
|
140
|
+
|
141
|
+
**app/controllers/sessions_controller.rb**:
|
142
|
+
```ruby
|
143
|
+
class SessionsController < ApplicationController
|
144
|
+
def new
|
145
|
+
render :new
|
146
|
+
end
|
147
|
+
|
148
|
+
def create
|
149
|
+
user_info = request.env['omniauth.auth']
|
150
|
+
raise user_info # Your own session management should be placed here.
|
151
|
+
end
|
152
|
+
end
|
153
|
+
```
|
154
|
+
|
155
|
+
**app/views/sessions/new.html.erb**:
|
156
|
+
```erb
|
157
|
+
<%= form_tag('/auth/developer', method: 'post', data: {turbo: false}) do %>
|
158
|
+
<button type='submit'>Login with Developer</button>
|
159
|
+
<% end %>
|
160
|
+
```
|
161
|
+
|
162
|
+
Now if you visit `/login` and click the Login button, you should see the
|
163
|
+
OmniAuth developer login screen. After submitting it, you are returned to your
|
164
|
+
application at `Sessions#create`. The raise should now display all the Omniauth
|
165
|
+
details you have available to integrate it into your own user management.
|
166
|
+
|
167
|
+
If you want out of the box usermanagement, you should consider using Omniauth
|
168
|
+
through Devise. Please visit the [Devise Github page](https://github.com/heartcombo/devise#omniauth)
|
169
|
+
for more information.
|
170
|
+
|
171
|
+
|
172
|
+
## Rails API
|
152
173
|
The following middleware are (by default) included for session management in
|
153
174
|
Rails applications. When using OmniAuth with a Rails API, you'll need to add
|
154
175
|
one of these required middleware back in:
|
@@ -163,7 +184,7 @@ a `session_store.rb` initializer, add `use ActionDispatch::Session::CookieStore`
|
|
163
184
|
and have sessions functioning as normal.
|
164
185
|
|
165
186
|
To be clear: sessions may work, but your session options will be ignored
|
166
|
-
(i.e the session key will default to `_session_id`). Instead of the
|
187
|
+
(i.e. the session key will default to `_session_id`). Instead of the
|
167
188
|
initializer, you'll have to set the relevant options somewhere
|
168
189
|
before your middleware is built (like `application.rb`) and pass them to your
|
169
190
|
preferred middleware, like this:
|
@@ -187,14 +208,51 @@ to `STDOUT` but you can configure this using `OmniAuth.config.logger`:
|
|
187
208
|
OmniAuth.config.logger = Rails.logger
|
188
209
|
```
|
189
210
|
|
211
|
+
## Origin Param
|
212
|
+
The `origin` url parameter is typically used to inform where a user came from
|
213
|
+
and where, should you choose to use it, they'd want to return to.
|
214
|
+
Omniauth supports the following settings which can be configured on a provider level:
|
215
|
+
|
216
|
+
**Default**:
|
217
|
+
```ruby
|
218
|
+
provider :twitter, ENV['KEY'], ENV['SECRET']
|
219
|
+
POST /auth/twitter/?origin=[URL]
|
220
|
+
# If the `origin` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
|
221
|
+
```
|
222
|
+
|
223
|
+
**Using a differently named origin parameter**:
|
224
|
+
```ruby
|
225
|
+
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
|
226
|
+
POST /auth/twitter/?return_to=[URL]
|
227
|
+
# If the `return_to` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
|
228
|
+
```
|
229
|
+
|
230
|
+
**Disabled**:
|
231
|
+
```ruby
|
232
|
+
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
|
233
|
+
POST /auth/twitter
|
234
|
+
# This means the origin should be handled by your own application.
|
235
|
+
# Note that `omniauth.origin` will always be blank.
|
236
|
+
```
|
237
|
+
|
190
238
|
## Resources
|
191
239
|
The [OmniAuth Wiki](https://github.com/omniauth/omniauth/wiki) has
|
192
240
|
actively maintained in-depth documentation for OmniAuth. It should be
|
193
241
|
your first stop if you are wondering about a more in-depth look at
|
194
242
|
OmniAuth, how it works, and how to use it.
|
195
243
|
|
244
|
+
## OmniAuth for Enterprise
|
245
|
+
|
246
|
+
Available as part of the Tidelift Subscription.
|
247
|
+
|
248
|
+
The maintainers of OmniAuth and thousands of other packages are working with
|
249
|
+
Tidelift to deliver commercial support and maintenance for the open source
|
250
|
+
packages you use to build your applications. Save time, reduce risk, and
|
251
|
+
improve code health, while paying the maintainers of the exact packages you use.
|
252
|
+
[Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
|
253
|
+
|
196
254
|
## Supported Ruby Versions
|
197
|
-
OmniAuth is tested under 2.
|
255
|
+
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
|
198
256
|
|
199
257
|
## Versioning
|
200
258
|
This library aims to adhere to [Semantic Versioning 2.0.0][semver]. Violations
|
data/Rakefile
CHANGED
data/SECURITY.md
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
Use this section to tell people about which versions of your project are
|
6
|
+
currently being supported with security updates.
|
7
|
+
|
8
|
+
| Version | Supported |
|
9
|
+
| ------- | ------------------ |
|
10
|
+
| 2.1.x | :white_check_mark: |
|
11
|
+
| 2.0.x | :white_check_mark: |
|
12
|
+
| <= 1.9.1 | :x: |
|
13
|
+
|
14
|
+
## Security contact information
|
15
|
+
|
16
|
+
To report a security vulnerability, please use the
|
17
|
+
[Tidelift security contact](https://tidelift.com/security).
|
18
|
+
Tidelift will coordinate the fix and disclosure.
|
data/lib/omniauth/auth_hash.rb
CHANGED
@@ -20,9 +20,7 @@ module OmniAuth
|
|
20
20
|
end
|
21
21
|
|
22
22
|
def regular_writer(key, value)
|
23
|
-
if key.to_s == 'info' && value.is_a?(::Hash) && !value.is_a?(InfoHash)
|
24
|
-
value = InfoHash.new(value)
|
25
|
-
end
|
23
|
+
value = InfoHash.new(value) if key.to_s == 'info' && value.is_a?(::Hash) && !value.is_a?(InfoHash)
|
26
24
|
super
|
27
25
|
end
|
28
26
|
|
@@ -36,6 +34,7 @@ module OmniAuth
|
|
36
34
|
return "#{first_name} #{last_name}".strip if first_name? || last_name?
|
37
35
|
return nickname if nickname?
|
38
36
|
return email if email?
|
37
|
+
|
39
38
|
nil
|
40
39
|
end
|
41
40
|
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'rack-protection'
|
2
|
+
|
3
|
+
module OmniAuth
|
4
|
+
class AuthenticityError < StandardError; end
|
5
|
+
class AuthenticityTokenProtection < Rack::Protection::AuthenticityToken
|
6
|
+
def initialize(options = {})
|
7
|
+
@options = default_options.merge(options)
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.call(env)
|
11
|
+
new.call!(env)
|
12
|
+
end
|
13
|
+
|
14
|
+
def call!(env)
|
15
|
+
return if accepts?(env)
|
16
|
+
|
17
|
+
instrument env
|
18
|
+
react env
|
19
|
+
end
|
20
|
+
|
21
|
+
alias_method :call, :call!
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def deny(_env)
|
26
|
+
OmniAuth.logger.send(:warn, "Attack prevented by #{self.class}")
|
27
|
+
raise AuthenticityError.new(options[:message])
|
28
|
+
end
|
29
|
+
|
30
|
+
alias default_reaction deny
|
31
|
+
end
|
32
|
+
end
|
data/lib/omniauth/builder.rb
CHANGED
@@ -1,24 +1,5 @@
|
|
1
1
|
module OmniAuth
|
2
2
|
class Builder < ::Rack::Builder
|
3
|
-
def initialize(app, &block)
|
4
|
-
@options = nil
|
5
|
-
if rack14? || rack2?
|
6
|
-
super
|
7
|
-
else
|
8
|
-
@app = app
|
9
|
-
super(&block)
|
10
|
-
@ins << @app
|
11
|
-
end
|
12
|
-
end
|
13
|
-
|
14
|
-
def rack14?
|
15
|
-
Rack.release.start_with?('1.') && (Rack.release.split('.')[1].to_i >= 4)
|
16
|
-
end
|
17
|
-
|
18
|
-
def rack2?
|
19
|
-
Rack.release.start_with? '2.'
|
20
|
-
end
|
21
|
-
|
22
3
|
def on_failure(&block)
|
23
4
|
OmniAuth.config.on_failure = block
|
24
5
|
end
|
@@ -40,23 +21,23 @@ module OmniAuth
|
|
40
21
|
end
|
41
22
|
|
42
23
|
def options(options = false)
|
43
|
-
return @options
|
24
|
+
return @options ||= {} if options == false
|
25
|
+
|
44
26
|
@options = options
|
45
27
|
end
|
46
28
|
|
47
|
-
def provider(klass, *args, &block)
|
29
|
+
def provider(klass, *args, **opts, &block)
|
48
30
|
if klass.is_a?(Class)
|
49
31
|
middleware = klass
|
50
32
|
else
|
51
33
|
begin
|
52
|
-
middleware = OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(klass.to_s).to_s)
|
34
|
+
middleware = OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(klass.to_s).to_s, false)
|
53
35
|
rescue NameError
|
54
36
|
raise(LoadError.new("Could not find matching strategy for #{klass.inspect}. You may need to install an additional gem (such as omniauth-#{klass})."))
|
55
37
|
end
|
56
38
|
end
|
57
39
|
|
58
|
-
|
59
|
-
use middleware, *args, &block
|
40
|
+
use middleware, *args, **options.merge(opts), &block
|
60
41
|
end
|
61
42
|
|
62
43
|
def call(env)
|
@@ -27,17 +27,28 @@ module OmniAuth
|
|
27
27
|
|
28
28
|
def redirect_to_failure
|
29
29
|
message_key = env['omniauth.error.type']
|
30
|
-
|
30
|
+
|
31
|
+
new_path = "#{env['SCRIPT_NAME']}#{strategy_path_prefix}/failure?message=#{Rack::Utils.escape(message_key)}#{origin_query_param}#{strategy_name_query_param}"
|
31
32
|
Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
|
32
33
|
end
|
33
34
|
|
35
|
+
def strategy_path_prefix
|
36
|
+
if env['omniauth.error.strategy']
|
37
|
+
env['omniauth.error.strategy'].path_prefix
|
38
|
+
else
|
39
|
+
OmniAuth.config.path_prefix
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
34
43
|
def strategy_name_query_param
|
35
44
|
return '' unless env['omniauth.error.strategy']
|
45
|
+
|
36
46
|
"&strategy=#{env['omniauth.error.strategy'].name}"
|
37
47
|
end
|
38
48
|
|
39
49
|
def origin_query_param
|
40
50
|
return '' unless env['omniauth.origin']
|
51
|
+
|
41
52
|
"&origin=#{Rack::Utils.escape(env['omniauth.origin'])}"
|
42
53
|
end
|
43
54
|
end
|
data/lib/omniauth/form.rb
CHANGED
@@ -9,7 +9,7 @@ module OmniAuth
|
|
9
9
|
options[:header_info] ||= ''
|
10
10
|
self.options = options
|
11
11
|
|
12
|
-
@html = ''
|
12
|
+
@html = +'' # unary + string allows it to be mutable if strings are frozen
|
13
13
|
@with_custom_button = false
|
14
14
|
@footer = nil
|
15
15
|
header(options[:title], options[:header_info])
|
@@ -82,6 +82,7 @@ module OmniAuth
|
|
82
82
|
|
83
83
|
def footer
|
84
84
|
return self if @footer
|
85
|
+
|
85
86
|
@html << "\n<button type='submit'>Connect</button>" unless @with_custom_button
|
86
87
|
@html << <<-HTML
|
87
88
|
</form>
|
data/lib/omniauth/strategy.rb
CHANGED
@@ -140,6 +140,7 @@ module OmniAuth
|
|
140
140
|
|
141
141
|
self.class.args.each do |arg|
|
142
142
|
break if args.empty?
|
143
|
+
|
143
144
|
options[arg] = args.shift
|
144
145
|
end
|
145
146
|
|
@@ -180,16 +181,47 @@ module OmniAuth
|
|
180
181
|
end
|
181
182
|
|
182
183
|
@env = env
|
184
|
+
|
185
|
+
warn_if_using_get_on_request_path
|
186
|
+
|
183
187
|
@env['omniauth.strategy'] = self if on_auth_path?
|
184
188
|
|
185
189
|
return mock_call!(env) if OmniAuth.config.test_mode
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
+
|
191
|
+
begin
|
192
|
+
return options_call if on_auth_path? && options_request?
|
193
|
+
return request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
|
194
|
+
return callback_call if on_callback_path?
|
195
|
+
return other_phase if respond_to?(:other_phase)
|
196
|
+
rescue StandardError => e
|
197
|
+
raise e if env.delete('omniauth.error.app')
|
198
|
+
|
199
|
+
return fail!(e.message, e)
|
200
|
+
end
|
201
|
+
|
190
202
|
@app.call(env)
|
191
203
|
end
|
192
204
|
|
205
|
+
def warn_if_using_get_on_request_path
|
206
|
+
return unless on_request_path?
|
207
|
+
return unless OmniAuth.config.allowed_request_methods.include?(:get)
|
208
|
+
return if OmniAuth.config.silence_get_warning
|
209
|
+
|
210
|
+
log :warn, <<-WARN
|
211
|
+
You are using GET as an allowed request method for OmniAuth. This may leave
|
212
|
+
you open to CSRF attacks. As of v2.0.0, OmniAuth by default allows only POST
|
213
|
+
to its own routes. You should review the following resources to guide your
|
214
|
+
mitigation:
|
215
|
+
https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
|
216
|
+
https://github.com/omniauth/omniauth/issues/960
|
217
|
+
https://nvd.nist.gov/vuln/detail/CVE-2015-9284
|
218
|
+
https://github.com/omniauth/omniauth/pull/809
|
219
|
+
|
220
|
+
You can ignore this warning by setting:
|
221
|
+
OmniAuth.config.silence_get_warning = true
|
222
|
+
WARN
|
223
|
+
end
|
224
|
+
|
193
225
|
# Responds to an OPTIONS request.
|
194
226
|
def options_call
|
195
227
|
OmniAuth.config.before_options_phase.call(env) if OmniAuth.config.before_options_phase
|
@@ -200,17 +232,19 @@ module OmniAuth
|
|
200
232
|
# Performs the steps necessary to run the request phase of a strategy.
|
201
233
|
def request_call # rubocop:disable CyclomaticComplexity, MethodLength, PerceivedComplexity
|
202
234
|
setup_phase
|
203
|
-
log :
|
235
|
+
log :debug, 'Request phase initiated.'
|
204
236
|
|
205
237
|
# store query params from the request url, extracted in the callback_phase
|
206
238
|
session['omniauth.params'] = request.GET
|
239
|
+
|
240
|
+
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
207
241
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
208
242
|
|
209
243
|
if options.form.respond_to?(:call)
|
210
|
-
log :
|
244
|
+
log :debug, 'Rendering form from supplied Rack endpoint.'
|
211
245
|
options.form.call(env)
|
212
246
|
elsif options.form
|
213
|
-
log :
|
247
|
+
log :debug, 'Rendering form from underlying application.'
|
214
248
|
call_app!
|
215
249
|
elsif !options.origin_param
|
216
250
|
request_phase
|
@@ -223,12 +257,14 @@ module OmniAuth
|
|
223
257
|
|
224
258
|
request_phase
|
225
259
|
end
|
260
|
+
rescue OmniAuth::AuthenticityError => e
|
261
|
+
fail!(:authenticity_error, e)
|
226
262
|
end
|
227
263
|
|
228
264
|
# Performs the steps necessary to run the callback phase of a strategy.
|
229
265
|
def callback_call
|
230
266
|
setup_phase
|
231
|
-
log :
|
267
|
+
log :debug, 'Callback phase initiated.'
|
232
268
|
@env['omniauth.origin'] = session.delete('omniauth.origin')
|
233
269
|
@env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
|
234
270
|
@env['omniauth.params'] = session.delete('omniauth.params') || {}
|
@@ -266,8 +302,15 @@ module OmniAuth
|
|
266
302
|
# in the event that OmniAuth has been configured to be
|
267
303
|
# in test mode.
|
268
304
|
def mock_call!(*)
|
269
|
-
|
270
|
-
|
305
|
+
begin
|
306
|
+
return mock_request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
|
307
|
+
return mock_callback_call if on_callback_path?
|
308
|
+
rescue StandardError => e
|
309
|
+
raise e if env.delete('omniauth.error.app')
|
310
|
+
|
311
|
+
return fail!(e.message, e)
|
312
|
+
end
|
313
|
+
|
271
314
|
call_app!
|
272
315
|
end
|
273
316
|
|
@@ -275,7 +318,10 @@ module OmniAuth
|
|
275
318
|
setup_phase
|
276
319
|
|
277
320
|
session['omniauth.params'] = request.GET
|
321
|
+
|
322
|
+
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
278
323
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
324
|
+
|
279
325
|
if options.origin_param
|
280
326
|
if request.params[options.origin_param]
|
281
327
|
session['omniauth.origin'] = request.params[options.origin_param]
|
@@ -309,10 +355,10 @@ module OmniAuth
|
|
309
355
|
# underlying application. This will default to `/auth/:provider/setup`.
|
310
356
|
def setup_phase
|
311
357
|
if options[:setup].respond_to?(:call)
|
312
|
-
log :
|
358
|
+
log :debug, 'Setup endpoint detected, running now.'
|
313
359
|
options[:setup].call(env)
|
314
360
|
elsif options[:setup]
|
315
|
-
log :
|
361
|
+
log :debug, 'Calling through to underlying application for setup.'
|
316
362
|
setup_env = env.merge('PATH_INFO' => setup_path, 'REQUEST_METHOD' => 'GET')
|
317
363
|
call_app!(setup_env)
|
318
364
|
end
|
@@ -342,11 +388,13 @@ module OmniAuth
|
|
342
388
|
end
|
343
389
|
|
344
390
|
def auth_hash
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
391
|
+
credentials_data = credentials
|
392
|
+
extra_data = extra
|
393
|
+
AuthHash.new(:provider => name, :uid => uid).tap do |auth|
|
394
|
+
auth.info = info unless skip_info?
|
395
|
+
auth.credentials = credentials_data if credentials_data
|
396
|
+
auth.extra = extra_data if extra_data
|
397
|
+
end
|
350
398
|
end
|
351
399
|
|
352
400
|
# Determines whether or not user info should be retrieved. This
|
@@ -361,6 +409,7 @@ module OmniAuth
|
|
361
409
|
def skip_info?
|
362
410
|
return false unless options.skip_info?
|
363
411
|
return true unless options.skip_info.respond_to?(:call)
|
412
|
+
|
364
413
|
options.skip_info.call(uid)
|
365
414
|
end
|
366
415
|
|
@@ -377,6 +426,7 @@ module OmniAuth
|
|
377
426
|
if options[kind].respond_to?(:call)
|
378
427
|
result = options[kind].call(env)
|
379
428
|
return nil unless result.is_a?(String)
|
429
|
+
|
380
430
|
result
|
381
431
|
else
|
382
432
|
options[kind]
|
@@ -384,7 +434,12 @@ module OmniAuth
|
|
384
434
|
end
|
385
435
|
|
386
436
|
def request_path
|
387
|
-
@request_path ||=
|
437
|
+
@request_path ||=
|
438
|
+
if options[:request_path].is_a?(String)
|
439
|
+
options[:request_path]
|
440
|
+
else
|
441
|
+
"#{script_name}#{path_prefix}/#{name}"
|
442
|
+
end
|
388
443
|
end
|
389
444
|
|
390
445
|
def callback_path
|
@@ -392,7 +447,7 @@ module OmniAuth
|
|
392
447
|
path = options[:callback_path] if options[:callback_path].is_a?(String)
|
393
448
|
path ||= current_path if options[:callback_path].respond_to?(:call) && options[:callback_path].call(env)
|
394
449
|
path ||= custom_path(:request_path)
|
395
|
-
path ||= "#{path_prefix}/#{name}/callback"
|
450
|
+
path ||= "#{script_name}#{path_prefix}/#{name}/callback"
|
396
451
|
path
|
397
452
|
end
|
398
453
|
end
|
@@ -401,10 +456,10 @@ module OmniAuth
|
|
401
456
|
options[:setup_path] || "#{path_prefix}/#{name}/setup"
|
402
457
|
end
|
403
458
|
|
404
|
-
CURRENT_PATH_REGEX = %r{/$}
|
459
|
+
CURRENT_PATH_REGEX = %r{/$}.freeze
|
405
460
|
EMPTY_STRING = ''.freeze
|
406
461
|
def current_path
|
407
|
-
@current_path ||= request.
|
462
|
+
@current_path ||= request.path.downcase.sub(CURRENT_PATH_REGEX, EMPTY_STRING)
|
408
463
|
end
|
409
464
|
|
410
465
|
def query_string
|
@@ -413,6 +468,9 @@ module OmniAuth
|
|
413
468
|
|
414
469
|
def call_app!(env = @env)
|
415
470
|
@app.call(env)
|
471
|
+
rescue StandardError => e
|
472
|
+
env['omniauth.error.app'] = true
|
473
|
+
raise e
|
416
474
|
end
|
417
475
|
|
418
476
|
def full_host
|
@@ -436,10 +494,11 @@ module OmniAuth
|
|
436
494
|
end
|
437
495
|
|
438
496
|
def callback_url
|
439
|
-
full_host +
|
497
|
+
full_host + callback_path + query_string
|
440
498
|
end
|
441
499
|
|
442
500
|
def script_name
|
501
|
+
return '' if @env.nil?
|
443
502
|
@env['SCRIPT_NAME'] || ''
|
444
503
|
end
|
445
504
|
|
@@ -486,16 +545,15 @@ module OmniAuth
|
|
486
545
|
OmniAuth.config.on_failure.call(env)
|
487
546
|
end
|
488
547
|
|
489
|
-
def dup
|
490
|
-
super.tap do
|
491
|
-
@options = @options.dup
|
492
|
-
end
|
493
|
-
end
|
494
|
-
|
495
548
|
class Options < OmniAuth::KeyStore; end
|
496
549
|
|
497
550
|
protected
|
498
551
|
|
552
|
+
def initialize_copy(*args)
|
553
|
+
super
|
554
|
+
@options = @options.dup
|
555
|
+
end
|
556
|
+
|
499
557
|
def merge_stack(stack)
|
500
558
|
stack.inject({}) do |a, e|
|
501
559
|
a.merge!(e)
|
data/lib/omniauth/version.rb
CHANGED
data/lib/omniauth.rb
CHANGED
@@ -15,6 +15,7 @@ module OmniAuth
|
|
15
15
|
autoload :Form, 'omniauth/form'
|
16
16
|
autoload :AuthHash, 'omniauth/auth_hash'
|
17
17
|
autoload :FailureEndpoint, 'omniauth/failure_endpoint'
|
18
|
+
autoload :AuthenticityTokenProtection, 'omniauth/authenticity_token_protection'
|
18
19
|
|
19
20
|
def self.strategies
|
20
21
|
@strategies ||= []
|
@@ -29,20 +30,22 @@ module OmniAuth
|
|
29
30
|
logger
|
30
31
|
end
|
31
32
|
|
32
|
-
def self.defaults
|
33
|
+
def self.defaults # rubocop:disable MethodLength
|
33
34
|
@defaults ||= {
|
34
35
|
:camelizations => {},
|
35
36
|
:path_prefix => '/auth',
|
36
37
|
:on_failure => OmniAuth::FailureEndpoint,
|
37
38
|
:failure_raise_out_environments => ['development'],
|
39
|
+
:request_validation_phase => OmniAuth::AuthenticityTokenProtection,
|
38
40
|
:before_request_phase => nil,
|
39
41
|
:before_callback_phase => nil,
|
40
42
|
:before_options_phase => nil,
|
41
43
|
:form_css => Form::DEFAULT_CSS,
|
42
44
|
:test_mode => false,
|
43
45
|
:logger => default_logger,
|
44
|
-
:allowed_request_methods => %i[
|
45
|
-
:mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})}
|
46
|
+
:allowed_request_methods => %i[post],
|
47
|
+
:mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})},
|
48
|
+
:silence_get_warning => false
|
46
49
|
}
|
47
50
|
end
|
48
51
|
|
@@ -74,6 +77,14 @@ module OmniAuth
|
|
74
77
|
end
|
75
78
|
end
|
76
79
|
|
80
|
+
def request_validation_phase(&block)
|
81
|
+
if block_given?
|
82
|
+
@request_validation_phase = block
|
83
|
+
else
|
84
|
+
@request_validation_phase
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
77
88
|
def before_request_phase(&block)
|
78
89
|
if block_given?
|
79
90
|
@before_request_phase = block
|
@@ -111,8 +122,9 @@ module OmniAuth
|
|
111
122
|
camelizations[name.to_s] = camelized.to_s
|
112
123
|
end
|
113
124
|
|
114
|
-
attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase
|
115
|
-
attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css,
|
125
|
+
attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase, :request_validation_phase
|
126
|
+
attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css,
|
127
|
+
:test_mode, :mock_auth, :full_host, :camelizations, :logger, :silence_get_warning
|
116
128
|
end
|
117
129
|
|
118
130
|
def self.config
|
@@ -132,7 +144,7 @@ module OmniAuth
|
|
132
144
|
end
|
133
145
|
|
134
146
|
module Utils
|
135
|
-
module_function
|
147
|
+
module_function # rubocop:disable Layout/IndentationWidth
|
136
148
|
|
137
149
|
def form_css
|
138
150
|
"<style type='text/css'>#{OmniAuth.config.form_css}</style>"
|
@@ -159,7 +171,7 @@ module OmniAuth
|
|
159
171
|
if first_letter_in_uppercase
|
160
172
|
word.to_s.gsub(%r{/(.?)}) { '::' + Regexp.last_match[1].upcase }.gsub(/(^|_)(.)/) { Regexp.last_match[2].upcase }
|
161
173
|
else
|
162
|
-
word.
|
174
|
+
camelize(word).tap { |w| w[0] = w[0].downcase }
|
163
175
|
end
|
164
176
|
end
|
165
177
|
end
|
data/omniauth.gemspec
CHANGED
@@ -5,9 +5,10 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
5
5
|
require 'omniauth/version'
|
6
6
|
|
7
7
|
Gem::Specification.new do |spec|
|
8
|
-
spec.add_dependency 'hashie', ['>= 3.4.6'
|
9
|
-
spec.add_dependency 'rack',
|
10
|
-
spec.add_development_dependency 'bundler', '~>
|
8
|
+
spec.add_dependency 'hashie', ['>= 3.4.6']
|
9
|
+
spec.add_dependency 'rack', '>= 2.2.3'
|
10
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
11
|
+
spec.add_dependency 'rack-protection'
|
11
12
|
spec.add_development_dependency 'rake', '~> 12.0'
|
12
13
|
spec.authors = ['Michael Bleigh', 'Erik Michaels-Ober', 'Tom Milewski']
|
13
14
|
spec.description = 'A generalized Rack framework for multiple-provider authentication.'
|
@@ -18,7 +19,7 @@ Gem::Specification.new do |spec|
|
|
18
19
|
spec.name = 'omniauth'
|
19
20
|
spec.require_paths = %w[lib]
|
20
21
|
spec.required_rubygems_version = '>= 1.3.5'
|
21
|
-
spec.required_ruby_version = '>= 2.
|
22
|
+
spec.required_ruby_version = '>= 2.2'
|
22
23
|
spec.summary = spec.description
|
23
24
|
spec.version = OmniAuth::VERSION
|
24
25
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 2.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Bleigh
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2023-01-20 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: hashie
|
@@ -19,9 +19,6 @@ dependencies:
|
|
19
19
|
- - ">="
|
20
20
|
- !ruby/object:Gem::Version
|
21
21
|
version: 3.4.6
|
22
|
-
- - "<"
|
23
|
-
- !ruby/object:Gem::Version
|
24
|
-
version: 3.6.0
|
25
22
|
type: :runtime
|
26
23
|
prerelease: false
|
27
24
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,43 +26,48 @@ dependencies:
|
|
29
26
|
- - ">="
|
30
27
|
- !ruby/object:Gem::Version
|
31
28
|
version: 3.4.6
|
32
|
-
- - "<"
|
33
|
-
- !ruby/object:Gem::Version
|
34
|
-
version: 3.6.0
|
35
29
|
- !ruby/object:Gem::Dependency
|
36
30
|
name: rack
|
37
31
|
requirement: !ruby/object:Gem::Requirement
|
38
32
|
requirements:
|
39
33
|
- - ">="
|
40
34
|
- !ruby/object:Gem::Version
|
41
|
-
version:
|
42
|
-
- - "<"
|
43
|
-
- !ruby/object:Gem::Version
|
44
|
-
version: '3'
|
35
|
+
version: 2.2.3
|
45
36
|
type: :runtime
|
46
37
|
prerelease: false
|
47
38
|
version_requirements: !ruby/object:Gem::Requirement
|
48
39
|
requirements:
|
49
40
|
- - ">="
|
50
41
|
- !ruby/object:Gem::Version
|
51
|
-
version:
|
52
|
-
- - "<"
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: '3'
|
42
|
+
version: 2.2.3
|
55
43
|
- !ruby/object:Gem::Dependency
|
56
44
|
name: bundler
|
57
45
|
requirement: !ruby/object:Gem::Requirement
|
58
46
|
requirements:
|
59
47
|
- - "~>"
|
60
48
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
49
|
+
version: '2.0'
|
62
50
|
type: :development
|
63
51
|
prerelease: false
|
64
52
|
version_requirements: !ruby/object:Gem::Requirement
|
65
53
|
requirements:
|
66
54
|
- - "~>"
|
67
55
|
- !ruby/object:Gem::Version
|
68
|
-
version: '
|
56
|
+
version: '2.0'
|
57
|
+
- !ruby/object:Gem::Dependency
|
58
|
+
name: rack-protection
|
59
|
+
requirement: !ruby/object:Gem::Requirement
|
60
|
+
requirements:
|
61
|
+
- - ">="
|
62
|
+
- !ruby/object:Gem::Version
|
63
|
+
version: '0'
|
64
|
+
type: :runtime
|
65
|
+
prerelease: false
|
66
|
+
version_requirements: !ruby/object:Gem::Requirement
|
67
|
+
requirements:
|
68
|
+
- - ">="
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '0'
|
69
71
|
- !ruby/object:Gem::Dependency
|
70
72
|
name: rake
|
71
73
|
requirement: !ruby/object:Gem::Requirement
|
@@ -89,18 +91,23 @@ executables: []
|
|
89
91
|
extensions: []
|
90
92
|
extra_rdoc_files: []
|
91
93
|
files:
|
94
|
+
- ".github/FUNDING.yml"
|
92
95
|
- ".github/ISSUE_TEMPLATE.md"
|
96
|
+
- ".github/workflows/jruby.yml"
|
97
|
+
- ".github/workflows/main.yml"
|
98
|
+
- ".github/workflows/truffle_ruby.yml"
|
93
99
|
- ".gitignore"
|
94
100
|
- ".rspec"
|
95
101
|
- ".rubocop.yml"
|
96
|
-
- ".travis.yml"
|
97
102
|
- ".yardopts"
|
98
103
|
- Gemfile
|
99
104
|
- LICENSE.md
|
100
105
|
- README.md
|
101
106
|
- Rakefile
|
107
|
+
- SECURITY.md
|
102
108
|
- lib/omniauth.rb
|
103
109
|
- lib/omniauth/auth_hash.rb
|
110
|
+
- lib/omniauth/authenticity_token_protection.rb
|
104
111
|
- lib/omniauth/builder.rb
|
105
112
|
- lib/omniauth/failure_endpoint.rb
|
106
113
|
- lib/omniauth/form.css
|
@@ -126,15 +133,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
126
133
|
requirements:
|
127
134
|
- - ">="
|
128
135
|
- !ruby/object:Gem::Version
|
129
|
-
version: 2.
|
136
|
+
version: '2.2'
|
130
137
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
131
138
|
requirements:
|
132
139
|
- - ">="
|
133
140
|
- !ruby/object:Gem::Version
|
134
141
|
version: 1.3.5
|
135
142
|
requirements: []
|
136
|
-
|
137
|
-
rubygems_version: 2.6.11
|
143
|
+
rubygems_version: 3.1.6
|
138
144
|
signing_key:
|
139
145
|
specification_version: 4
|
140
146
|
summary: A generalized Rack framework for multiple-provider authentication.
|
data/.travis.yml
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
bundler_args: --without development
|
2
|
-
before_install:
|
3
|
-
- gem update --system
|
4
|
-
- gem update bundler
|
5
|
-
cache: bundler
|
6
|
-
env:
|
7
|
-
global:
|
8
|
-
- JRUBY_OPTS="$JRUBY_OPTS --debug"
|
9
|
-
language: ruby
|
10
|
-
rvm:
|
11
|
-
- jruby-9000
|
12
|
-
- 2.1.10 # EOL Soon
|
13
|
-
- 2.2.6
|
14
|
-
- 2.3.3
|
15
|
-
- 2.4.0
|
16
|
-
- 2.5.0
|
17
|
-
- jruby-head
|
18
|
-
- ruby-head
|
19
|
-
matrix:
|
20
|
-
allow_failures:
|
21
|
-
- rvm: jruby-head
|
22
|
-
- rvm: ruby-head
|
23
|
-
fast_finish: true
|
24
|
-
sudo: false
|