omniauth 1.8.1 → 1.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: d44b113518272f233522832707ca3d6212dca359
-  data.tar.gz: 558b3aad56d54629e5ae18ca72944008ca4d4a1e
+SHA256:
+  metadata.gz: 35d19268ad77477704f29c8bb7aa989bc4fd087dfc75cad3757f0dba77615ab0
+  data.tar.gz: 7d6405feca4e14d010330e2c577aa815b7593de7ebc2591e9b45c266af3e05b5
 SHA512:
-  metadata.gz: fc2cdd4f9decc4537dd2fdda21b9a18d005a29cff9e18f6db923571bde2c9f85d68483230c395a82983438bd16cec2754576625ed2ecb599dce3d1b752832523
-  data.tar.gz: 0beb474c0fea700dfb8032a71fdf6062d952466a31ddb496433b4935405902cf0cd2cd0b18888700ccc838e0577822bdb300a97ff3d22385deb605c252d57946
+  metadata.gz: f2f0a59be54f42f5c6747e9601599eee747d0220c8cfbfd3037e713840453c29598b325beae1e0ca8c41db8581d02cd1adada18d1dcfb5afe8cab2fb8c5c7e61
+  data.tar.gz: 945998eec68b09718830c23c75ca2cd1ad23da58f9541d38c39ec0c4c08b587cb35827390a003c3c1fb551793d2b5a1ade0cf354236035c6489b229fa66a699f

data/.rubocop.yml

@@ -1,6 +1,12 @@
+AllCops:
+  TargetRubyVersion: 2.2
+
 Layout/AccessModifierIndentation:
   EnforcedStyle: outdent
 
+Layout/AlignHash:
+  Enabled: false
+
 Layout/DotPosition:
   EnforcedStyle: trailing
 
@@ -50,6 +56,9 @@ Style/EachWithObject:
 Style/Encoding:
   Enabled: false
 
+Style/ExpandPathArguments:
+  Enabled: false
+
 Style/HashSyntax:
   EnforcedStyle: hash_rockets
 

data/.travis.yml

@@ -1,7 +1,9 @@
 bundler_args: --without development
 before_install:
-  - gem update --system
-  - gem update bundler
+  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
+  - gem install bundler -v '1.17.3'
+install:
+ - bundle _1.17.3_ install --jobs=3 --retry=3
 cache: bundler
 env:
   global:
@@ -9,11 +11,10 @@ env:
 language: ruby
 rvm:
   - jruby-9000
-  - 2.1.10 # EOL Soon
-  - 2.2.6
-  - 2.3.3
-  - 2.4.0
-  - 2.5.0
+  - 2.2.9
+  - 2.3.5
+  - 2.4.4
+  - 2.5.3
   - jruby-head
   - ruby-head
 matrix:

data/Gemfile

@@ -13,14 +13,14 @@ end
 
 group :test do
   gem 'coveralls', :require => false
-  gem 'hashie', '>= 3.4.6', '< 3.6.0', :platforms => [:jruby_18]
+  gem 'hashie', '>= 3.4.6', '~> 4.0.0', :platforms => [:jruby_18]
   gem 'json', '~> 2.0.3', :platforms => %i[jruby_18 jruby_19 ruby_19]
   gem 'mime-types', '~> 3.1', :platforms => [:jruby_18]
-  gem 'rack', '>= 1.6.2', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20 ruby_21]
+  gem 'rack', '>= 2.0.6', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20 ruby_21]
   gem 'rack-test'
   gem 'rest-client', '~> 2.0.0', :platforms => [:jruby_18]
   gem 'rspec', '~> 3.5.0'
-  gem 'rubocop', '>= 0.47', :platforms => %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
+  gem 'rubocop', '>= 0.58.2', '< 0.69.0', :platforms => %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
   gem 'tins', '~> 1.13.0', :platforms => %i[jruby_18 jruby_19 ruby_19]
 end
 

data/README.md

@@ -2,14 +2,12 @@
 
 [![Gem Version](http://img.shields.io/gem/v/omniauth.svg)][gem]
 [![Build Status](http://img.shields.io/travis/omniauth/omniauth.svg)][travis]
-[![Dependency Status](http://img.shields.io/gemnasium/omniauth/omniauth.svg)][gemnasium]
 [![Code Climate](http://img.shields.io/codeclimate/github/omniauth/omniauth.svg)][codeclimate]
 [![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth.svg)][coveralls]
 [![Security](https://hakiri.io/github/omniauth/omniauth/master.svg)](https://hakiri.io/github/omniauth/omniauth/master)
 
 [gem]: https://rubygems.org/gems/omniauth
 [travis]: http://travis-ci.org/omniauth/omniauth
-[gemnasium]: https://gemnasium.com/omniauth/omniauth
 [codeclimate]: https://codeclimate.com/github/omniauth/omniauth
 [coveralls]: https://coveralls.io/r/omniauth/omniauth
 
@@ -122,6 +120,8 @@ environment information on the callback request. It is entirely up to
 you how you want to implement the particulars of your application's
 authentication flow.
 
+**Please note:** there is currently a CSRF vulnerability which affects OmniAuth (designated [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284)) that requires mitigation at the application level. More details on how to do this can be found on the [Wiki](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284).
+
 ## Configuring The `origin` Param
 The `origin` url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to.
 

data/Rakefile

@@ -30,6 +30,7 @@ namespace :perf do
     def call_app(path = ENV['GET_PATH'] || '/')
       result = @app.get(path)
       raise "Did not succeed #{result.body}" unless result.status == 200
+
       result
     end
   end

data/lib/omniauth/auth_hash.rb

@@ -20,9 +20,7 @@ module OmniAuth
     end
 
     def regular_writer(key, value)
-      if key.to_s == 'info' && value.is_a?(::Hash) && !value.is_a?(InfoHash)
-        value = InfoHash.new(value)
-      end
+      value = InfoHash.new(value) if key.to_s == 'info' && value.is_a?(::Hash) && !value.is_a?(InfoHash)
       super
     end
 
@@ -36,6 +34,7 @@ module OmniAuth
         return "#{first_name} #{last_name}".strip if first_name? || last_name?
         return nickname if nickname?
         return email if email?
+
         nil
       end
 

data/lib/omniauth/builder.rb

@@ -1,24 +1,5 @@
 module OmniAuth
   class Builder < ::Rack::Builder
-    def initialize(app, &block)
-      @options = nil
-      if rack14? || rack2?
-        super
-      else
-        @app = app
-        super(&block)
-        @ins << @app
-      end
-    end
-
-    def rack14?
-      Rack.release.start_with?('1.') && (Rack.release.split('.')[1].to_i >= 4)
-    end
-
-    def rack2?
-      Rack.release.start_with? '2.'
-    end
-
     def on_failure(&block)
       OmniAuth.config.on_failure = block
     end
@@ -40,7 +21,8 @@ module OmniAuth
     end
 
     def options(options = false)
-      return @options || {} if options == false
+      return @options ||= {} if options == false
+
       @options = options
     end
 

data/lib/omniauth/failure_endpoint.rb

@@ -27,17 +27,19 @@ module OmniAuth
 
     def redirect_to_failure
       message_key = env['omniauth.error.type']
-      new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}#{origin_query_param}#{strategy_name_query_param}"
+      new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{Rack::Utils.escape(message_key)}#{origin_query_param}#{strategy_name_query_param}"
       Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
     end
 
     def strategy_name_query_param
       return '' unless env['omniauth.error.strategy']
+
       "&strategy=#{env['omniauth.error.strategy'].name}"
     end
 
     def origin_query_param
       return '' unless env['omniauth.origin']
+
       "&origin=#{Rack::Utils.escape(env['omniauth.origin'])}"
     end
   end

data/lib/omniauth/form.rb

@@ -82,6 +82,7 @@ module OmniAuth
 
     def footer
       return self if @footer
+
       @html << "\n<button type='submit'>Connect</button>" unless @with_custom_button
       @html << <<-HTML
       </form>

data/lib/omniauth/strategy.rb

@@ -140,6 +140,7 @@ module OmniAuth
 
       self.class.args.each do |arg|
         break if args.empty?
+
         options[arg] = args.shift
       end
 
@@ -187,6 +188,7 @@ module OmniAuth
       return request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
       return callback_call if on_callback_path?
       return other_phase if respond_to?(:other_phase)
+
       @app.call(env)
     end
 
@@ -268,6 +270,7 @@ module OmniAuth
     def mock_call!(*)
       return mock_request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
       return mock_callback_call if on_callback_path?
+
       call_app!
     end
 
@@ -361,6 +364,7 @@ module OmniAuth
     def skip_info?
       return false unless options.skip_info?
       return true unless options.skip_info.respond_to?(:call)
+
       options.skip_info.call(uid)
     end
 
@@ -377,6 +381,7 @@ module OmniAuth
       if options[kind].respond_to?(:call)
         result = options[kind].call(env)
         return nil unless result.is_a?(String)
+
         result
       else
         options[kind]
@@ -401,7 +406,7 @@ module OmniAuth
       options[:setup_path] || "#{path_prefix}/#{name}/setup"
     end
 
-    CURRENT_PATH_REGEX = %r{/$}
+    CURRENT_PATH_REGEX = %r{/$}.freeze
     EMPTY_STRING       = ''.freeze
     def current_path
       @current_path ||= request.path_info.downcase.sub(CURRENT_PATH_REGEX, EMPTY_STRING)

data/lib/omniauth/version.rb

@@ -1,3 +1,3 @@
 module OmniAuth
-  VERSION = '1.8.1'.freeze
+  VERSION = '1.9.2'.freeze
 end

data/lib/omniauth.rb

@@ -132,7 +132,7 @@ module OmniAuth
   end
 
   module Utils
-  module_function
+  module_function # rubocop:disable Layout/IndentationWidth
 
     def form_css
       "<style type='text/css'>#{OmniAuth.config.form_css}</style>"

data/omniauth.gemspec

@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'omniauth/version'
 
 Gem::Specification.new do |spec|
-  spec.add_dependency 'hashie', ['>= 3.4.6', '< 3.6.0']
+  spec.add_dependency 'hashie', ['>= 3.4.6']
   spec.add_dependency 'rack', ['>= 1.6.2', '< 3']
   spec.add_development_dependency 'bundler', '~> 1.14'
   spec.add_development_dependency 'rake', '~> 12.0'
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.name          = 'omniauth'
   spec.require_paths = %w[lib]
   spec.required_rubygems_version = '>= 1.3.5'
-  spec.required_ruby_version = '>= 2.1.9'
+  spec.required_ruby_version = '>= 2.2'
   spec.summary       = spec.description
   spec.version       = OmniAuth::VERSION
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: omniauth
 version: !ruby/object:Gem::Version
-  version: 1.8.1
+  version: 1.9.2
 platform: ruby
 authors:
 - Michael Bleigh
 - Erik Michaels-Ober
 - Tom Milewski
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-12-28 00:00:00.000000000 Z
+date: 2022-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hashie
@@ -19,9 +19,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.4.6
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 3.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,9 +26,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.4.6
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 3.6.0
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -118,7 +112,7 @@ homepage: https://github.com/omniauth/omniauth
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -126,16 +120,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.1.9
+      version: '2.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: A generalized Rack framework for multiple-provider authentication.
 test_files: []