omniauth 1.9.1 → 2.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/FUNDING.yml +2 -0
- data/.github/workflows/main.yml +89 -0
- data/.gitignore +1 -0
- data/Gemfile +7 -5
- data/README.md +22 -12
- data/SECURITY.md +17 -0
- data/lib/omniauth.rb +18 -6
- data/lib/omniauth/authenticity_token_protection.rb +32 -0
- data/lib/omniauth/builder.rb +1 -1
- data/lib/omniauth/failure_endpoint.rb +10 -1
- data/lib/omniauth/form.rb +1 -1
- data/lib/omniauth/strategy.rb +79 -27
- data/lib/omniauth/version.rb +1 -1
- data/omniauth.gemspec +2 -1
- metadata +23 -7
- data/.travis.yml +0 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: bda926095916de4b9694aaea0102e28ba4589485ac7299e14818d16c80114e2d
|
4
|
+
data.tar.gz: 933f85d44aa3ce65274350f6b460c0c1f48bfe0e7c6231091e0fe05cc07b741c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b67754b61bea388ad20c8a2e305fdcdb0310cc6cd910eec4b3fbb6d2e5b86c24d99970e79f2b9913f4cc575ec25572408c87a4236728214edb10a7d0fe926fc0
|
7
|
+
data.tar.gz: a089f325f9b80fdba2f0f0561e0d050b36d47f49e763e33e381d427d8592009fa4da80db50e47f2d172bf96fb6d8d46455b68ec0e3fae632b752a1decbf0941f
|
data/.github/FUNDING.yml
ADDED
@@ -0,0 +1,89 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ master ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ master ]
|
15
|
+
|
16
|
+
jobs:
|
17
|
+
test:
|
18
|
+
runs-on: ubuntu-18.04
|
19
|
+
strategy:
|
20
|
+
fail-fast: false
|
21
|
+
matrix:
|
22
|
+
os: [ubuntu, macos]
|
23
|
+
ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
|
24
|
+
steps:
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
- name: Set up Ruby
|
27
|
+
uses: ruby/setup-ruby@v1
|
28
|
+
with:
|
29
|
+
ruby-version: ${{ matrix.ruby }}
|
30
|
+
bundler-cache: true
|
31
|
+
- name: Install dependencies
|
32
|
+
run: bundle install
|
33
|
+
- name: Run tests
|
34
|
+
run: bundle exec rake
|
35
|
+
test-jruby:
|
36
|
+
runs-on: ubuntu-18.04
|
37
|
+
strategy:
|
38
|
+
fail-fast: false
|
39
|
+
matrix:
|
40
|
+
os: [ubuntu, macos]
|
41
|
+
jruby: [jruby] # TODO: Add back jruby-head once we figure out why there's a bundler mismatch
|
42
|
+
steps:
|
43
|
+
- uses: actions/checkout@v2
|
44
|
+
- name: Set up Ruby
|
45
|
+
uses: ruby/setup-ruby@v1
|
46
|
+
with:
|
47
|
+
ruby-version: ${{ matrix.jruby }}
|
48
|
+
bundler-cache: true
|
49
|
+
- name: Install dependencies
|
50
|
+
env:
|
51
|
+
JRUBY_OPTS: --debug
|
52
|
+
run: bundle install
|
53
|
+
- name: Run tests
|
54
|
+
env:
|
55
|
+
JRUBY_OPTS: --debug
|
56
|
+
run: bundle exec rake
|
57
|
+
frozen-string-compat:
|
58
|
+
runs-on: ubuntu-18.04
|
59
|
+
steps:
|
60
|
+
- uses: actions/checkout@v2
|
61
|
+
- name: Set up Ruby
|
62
|
+
uses: ruby/setup-ruby@v1
|
63
|
+
with:
|
64
|
+
ruby-version: 2.6
|
65
|
+
bundler-cache: true
|
66
|
+
- name: Install dependencies
|
67
|
+
run: bundle install
|
68
|
+
- name: Run tests
|
69
|
+
env:
|
70
|
+
RUBYOPT: "--enable-frozen-string-literal"
|
71
|
+
run: bundle exec rake
|
72
|
+
coveralls:
|
73
|
+
runs-on: ubuntu-18.04
|
74
|
+
steps:
|
75
|
+
- uses: actions/checkout@v2
|
76
|
+
- name: Set up Ruby
|
77
|
+
uses: ruby/setup-ruby@v1
|
78
|
+
with:
|
79
|
+
ruby-version: 2.6
|
80
|
+
bundler-cache: true
|
81
|
+
- name: Install dependencies
|
82
|
+
run: bundle install
|
83
|
+
- name: Run tests
|
84
|
+
run: bundle exec rake
|
85
|
+
- name: Coveralls GitHub Action
|
86
|
+
uses: coverallsapp/github-action@v1.1.2
|
87
|
+
with:
|
88
|
+
github-token: ${{ secrets.github_token }}
|
89
|
+
path-to-lcov: './coverage/lcov/omniauth.lcov'
|
data/.gitignore
CHANGED
data/Gemfile
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gem 'jruby-openssl', '~> 0.
|
3
|
+
gem 'jruby-openssl', '~> 0.10.5', :platforms => :jruby
|
4
4
|
gem 'rake', '>= 12.0'
|
5
5
|
gem 'yard', '>= 0.9.11'
|
6
6
|
|
@@ -12,16 +12,18 @@ group :development do
|
|
12
12
|
end
|
13
13
|
|
14
14
|
group :test do
|
15
|
-
gem '
|
15
|
+
gem 'coveralls_reborn', '~> 0.19.0', require: false
|
16
16
|
gem 'hashie', '>= 3.4.6', '~> 4.0.0', :platforms => [:jruby_18]
|
17
|
-
gem 'json', '~> 2.0
|
17
|
+
gem 'json', '~> 2.3.0', :platforms => %i[jruby_18 jruby_19 ruby_19]
|
18
18
|
gem 'mime-types', '~> 3.1', :platforms => [:jruby_18]
|
19
19
|
gem 'rack', '>= 2.0.6', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20 ruby_21]
|
20
20
|
gem 'rack-test'
|
21
21
|
gem 'rest-client', '~> 2.0.0', :platforms => [:jruby_18]
|
22
|
-
gem 'rspec', '~> 3.5
|
22
|
+
gem 'rspec', '~> 3.5'
|
23
|
+
gem 'rack-freeze'
|
23
24
|
gem 'rubocop', '>= 0.58.2', '< 0.69.0', :platforms => %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
|
24
|
-
gem '
|
25
|
+
gem 'simplecov-lcov'
|
26
|
+
gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
|
25
27
|
end
|
26
28
|
|
27
29
|
gemspec
|
data/README.md
CHANGED
@@ -2,15 +2,16 @@
|
|
2
2
|
|
3
3
|
[![Gem Version](http://img.shields.io/gem/v/omniauth.svg)][gem]
|
4
4
|
[![Build Status](http://img.shields.io/travis/omniauth/omniauth.svg)][travis]
|
5
|
-
[![Code Climate](
|
5
|
+
[![Code Climate](https://api.codeclimate.com/v1/badges/ffd33970723587806744/maintainability)][codeclimate]
|
6
6
|
[![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth.svg)][coveralls]
|
7
|
-
[![Security](https://hakiri.io/github/omniauth/omniauth/master.svg)](https://hakiri.io/github/omniauth/omniauth/master)
|
8
7
|
|
9
8
|
[gem]: https://rubygems.org/gems/omniauth
|
10
9
|
[travis]: http://travis-ci.org/omniauth/omniauth
|
11
10
|
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
|
12
11
|
[coveralls]: https://coveralls.io/r/omniauth/omniauth
|
13
12
|
|
13
|
+
This is the documentation for the version [v2.0.4](https://github.com/omniauth/omniauth/tree/v2.0.4) of OmniAuth.
|
14
|
+
|
14
15
|
## An Introduction
|
15
16
|
OmniAuth is a library that standardizes multi-provider authentication for
|
16
17
|
web applications. It was created to be powerful, flexible, and do as
|
@@ -32,8 +33,8 @@ development and easily swap in other strategies later.
|
|
32
33
|
## Getting Started
|
33
34
|
Each OmniAuth strategy is a Rack Middleware. That means that you can use
|
34
35
|
it the same way that you use any other Rack middleware. For example, to
|
35
|
-
use the built-in Developer strategy in a Sinatra application
|
36
|
-
this:
|
36
|
+
use the built-in Developer strategy in a Sinatra application you might
|
37
|
+
do this:
|
37
38
|
|
38
39
|
```ruby
|
39
40
|
require 'sinatra'
|
@@ -45,7 +46,7 @@ class MyApplication < Sinatra::Base
|
|
45
46
|
end
|
46
47
|
```
|
47
48
|
|
48
|
-
Because OmniAuth is built for *multi-provider* authentication,
|
49
|
+
Because OmniAuth is built for *multi-provider* authentication, you may
|
49
50
|
want to leave room to run multiple strategies. For this, the built-in
|
50
51
|
`OmniAuth::Builder` class gives you an easy way to specify multiple
|
51
52
|
strategies. Note that there is **no difference** between the following
|
@@ -82,18 +83,21 @@ environment of a request to `/auth/:provider/callback`. This hash
|
|
82
83
|
contains as much information about the user as OmniAuth was able to
|
83
84
|
glean from the utilized strategy. You should set up an endpoint in your
|
84
85
|
application that matches to the callback URL and then performs whatever
|
85
|
-
steps are necessary for your application. For example, in a Rails app
|
86
|
-
would add a line in
|
86
|
+
steps are necessary for your application. For example, in a Rails app
|
87
|
+
you would add a line in your `routes.rb` file like this:
|
87
88
|
|
88
89
|
```ruby
|
89
|
-
|
90
|
+
post '/auth/:provider/callback', to: 'sessions#create'
|
90
91
|
```
|
91
92
|
|
92
|
-
And
|
93
|
+
And you might then have a `SessionsController` with code that looks
|
93
94
|
something like this:
|
94
95
|
|
95
96
|
```ruby
|
96
97
|
class SessionsController < ApplicationController
|
98
|
+
# If you're using a strategy that POSTs during callback, you'll need to skip the authenticity token check for the callback action only.
|
99
|
+
skip_before_action :verify_authenticity_token, only: :create
|
100
|
+
|
97
101
|
def create
|
98
102
|
@user = User.find_or_create_from_auth_hash(auth_hash)
|
99
103
|
self.current_user = @user
|
@@ -108,7 +112,7 @@ class SessionsController < ApplicationController
|
|
108
112
|
end
|
109
113
|
```
|
110
114
|
|
111
|
-
The `omniauth.auth` key in the environment hash
|
115
|
+
The `omniauth.auth` key in the environment hash provides an
|
112
116
|
Authentication Hash which will contain information about the just
|
113
117
|
authenticated user including a unique id, the strategy they just used
|
114
118
|
for authentication, and personal details such as name and email address
|
@@ -163,7 +167,7 @@ a `session_store.rb` initializer, add `use ActionDispatch::Session::CookieStore`
|
|
163
167
|
and have sessions functioning as normal.
|
164
168
|
|
165
169
|
To be clear: sessions may work, but your session options will be ignored
|
166
|
-
(i.e the session key will default to `_session_id`). Instead of the
|
170
|
+
(i.e. the session key will default to `_session_id`). Instead of the
|
167
171
|
initializer, you'll have to set the relevant options somewhere
|
168
172
|
before your middleware is built (like `application.rb`) and pass them to your
|
169
173
|
preferred middleware, like this:
|
@@ -193,8 +197,14 @@ actively maintained in-depth documentation for OmniAuth. It should be
|
|
193
197
|
your first stop if you are wondering about a more in-depth look at
|
194
198
|
OmniAuth, how it works, and how to use it.
|
195
199
|
|
200
|
+
## OmniAuth for Enterprise
|
201
|
+
|
202
|
+
Available as part of the Tidelift Subscription.
|
203
|
+
|
204
|
+
The maintainers of OmniAuth and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
|
205
|
+
|
196
206
|
## Supported Ruby Versions
|
197
|
-
OmniAuth is tested under 2.
|
207
|
+
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
|
198
208
|
|
199
209
|
## Versioning
|
200
210
|
This library aims to adhere to [Semantic Versioning 2.0.0][semver]. Violations
|
data/SECURITY.md
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
Use this section to tell people about which versions of your project are
|
6
|
+
currently being supported with security updates.
|
7
|
+
|
8
|
+
| Version | Supported |
|
9
|
+
| ------- | ------------------ |
|
10
|
+
| 2.0.x | :white_check_mark: |
|
11
|
+
| <= 1.9.1 | :x: |
|
12
|
+
|
13
|
+
## Security contact information
|
14
|
+
|
15
|
+
To report a security vulnerability, please use the
|
16
|
+
[Tidelift security contact](https://tidelift.com/security).
|
17
|
+
Tidelift will coordinate the fix and disclosure.
|
data/lib/omniauth.rb
CHANGED
@@ -15,6 +15,7 @@ module OmniAuth
|
|
15
15
|
autoload :Form, 'omniauth/form'
|
16
16
|
autoload :AuthHash, 'omniauth/auth_hash'
|
17
17
|
autoload :FailureEndpoint, 'omniauth/failure_endpoint'
|
18
|
+
autoload :AuthenticityTokenProtection, 'omniauth/authenticity_token_protection'
|
18
19
|
|
19
20
|
def self.strategies
|
20
21
|
@strategies ||= []
|
@@ -29,20 +30,22 @@ module OmniAuth
|
|
29
30
|
logger
|
30
31
|
end
|
31
32
|
|
32
|
-
def self.defaults
|
33
|
+
def self.defaults # rubocop:disable MethodLength
|
33
34
|
@defaults ||= {
|
34
35
|
:camelizations => {},
|
35
36
|
:path_prefix => '/auth',
|
36
37
|
:on_failure => OmniAuth::FailureEndpoint,
|
37
38
|
:failure_raise_out_environments => ['development'],
|
39
|
+
:request_validation_phase => OmniAuth::AuthenticityTokenProtection,
|
38
40
|
:before_request_phase => nil,
|
39
41
|
:before_callback_phase => nil,
|
40
42
|
:before_options_phase => nil,
|
41
43
|
:form_css => Form::DEFAULT_CSS,
|
42
44
|
:test_mode => false,
|
43
45
|
:logger => default_logger,
|
44
|
-
:allowed_request_methods => %i[
|
45
|
-
:mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})}
|
46
|
+
:allowed_request_methods => %i[post],
|
47
|
+
:mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})},
|
48
|
+
:silence_get_warning => false
|
46
49
|
}
|
47
50
|
end
|
48
51
|
|
@@ -74,6 +77,14 @@ module OmniAuth
|
|
74
77
|
end
|
75
78
|
end
|
76
79
|
|
80
|
+
def request_validation_phase(&block)
|
81
|
+
if block_given?
|
82
|
+
@request_validation_phase = block
|
83
|
+
else
|
84
|
+
@request_validation_phase
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
77
88
|
def before_request_phase(&block)
|
78
89
|
if block_given?
|
79
90
|
@before_request_phase = block
|
@@ -111,8 +122,9 @@ module OmniAuth
|
|
111
122
|
camelizations[name.to_s] = camelized.to_s
|
112
123
|
end
|
113
124
|
|
114
|
-
attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase
|
115
|
-
attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css,
|
125
|
+
attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase, :request_validation_phase
|
126
|
+
attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css,
|
127
|
+
:test_mode, :mock_auth, :full_host, :camelizations, :logger, :silence_get_warning
|
116
128
|
end
|
117
129
|
|
118
130
|
def self.config
|
@@ -159,7 +171,7 @@ module OmniAuth
|
|
159
171
|
if first_letter_in_uppercase
|
160
172
|
word.to_s.gsub(%r{/(.?)}) { '::' + Regexp.last_match[1].upcase }.gsub(/(^|_)(.)/) { Regexp.last_match[2].upcase }
|
161
173
|
else
|
162
|
-
word.
|
174
|
+
camelize(word).tap { |w| w[0] = w[0].downcase }
|
163
175
|
end
|
164
176
|
end
|
165
177
|
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'rack-protection'
|
2
|
+
|
3
|
+
module OmniAuth
|
4
|
+
class AuthenticityError < StandardError; end
|
5
|
+
class AuthenticityTokenProtection < Rack::Protection::AuthenticityToken
|
6
|
+
def initialize(options = {})
|
7
|
+
@options = default_options.merge(options)
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.call(env)
|
11
|
+
new.call!(env)
|
12
|
+
end
|
13
|
+
|
14
|
+
def call!(env)
|
15
|
+
return if accepts?(env)
|
16
|
+
|
17
|
+
instrument env
|
18
|
+
react env
|
19
|
+
end
|
20
|
+
|
21
|
+
alias_method :call, :call!
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def deny(_env)
|
26
|
+
OmniAuth.logger.send(:warn, "Attack prevented by #{self.class}")
|
27
|
+
raise AuthenticityError.new(options[:message])
|
28
|
+
end
|
29
|
+
|
30
|
+
alias default_reaction deny
|
31
|
+
end
|
32
|
+
end
|
data/lib/omniauth/builder.rb
CHANGED
@@ -31,7 +31,7 @@ module OmniAuth
|
|
31
31
|
middleware = klass
|
32
32
|
else
|
33
33
|
begin
|
34
|
-
middleware = OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(klass.to_s).to_s)
|
34
|
+
middleware = OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(klass.to_s).to_s, false)
|
35
35
|
rescue NameError
|
36
36
|
raise(LoadError.new("Could not find matching strategy for #{klass.inspect}. You may need to install an additional gem (such as omniauth-#{klass})."))
|
37
37
|
end
|
@@ -27,10 +27,19 @@ module OmniAuth
|
|
27
27
|
|
28
28
|
def redirect_to_failure
|
29
29
|
message_key = env['omniauth.error.type']
|
30
|
-
|
30
|
+
|
31
|
+
new_path = "#{env['SCRIPT_NAME']}#{strategy_path_prefix}/failure?message=#{Rack::Utils.escape(message_key)}#{origin_query_param}#{strategy_name_query_param}"
|
31
32
|
Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
|
32
33
|
end
|
33
34
|
|
35
|
+
def strategy_path_prefix
|
36
|
+
if env['omniauth.error.strategy']
|
37
|
+
env['omniauth.error.strategy'].path_prefix
|
38
|
+
else
|
39
|
+
OmniAuth.config.path_prefix
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
34
43
|
def strategy_name_query_param
|
35
44
|
return '' unless env['omniauth.error.strategy']
|
36
45
|
|
data/lib/omniauth/form.rb
CHANGED
@@ -9,7 +9,7 @@ module OmniAuth
|
|
9
9
|
options[:header_info] ||= ''
|
10
10
|
self.options = options
|
11
11
|
|
12
|
-
@html = ''
|
12
|
+
@html = +'' # unary + string allows it to be mutable if strings are frozen
|
13
13
|
@with_custom_button = false
|
14
14
|
@footer = nil
|
15
15
|
header(options[:title], options[:header_info])
|
data/lib/omniauth/strategy.rb
CHANGED
@@ -181,17 +181,47 @@ module OmniAuth
|
|
181
181
|
end
|
182
182
|
|
183
183
|
@env = env
|
184
|
+
|
185
|
+
warn_if_using_get_on_request_path
|
186
|
+
|
184
187
|
@env['omniauth.strategy'] = self if on_auth_path?
|
185
188
|
|
186
189
|
return mock_call!(env) if OmniAuth.config.test_mode
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
190
|
+
|
191
|
+
begin
|
192
|
+
return options_call if on_auth_path? && options_request?
|
193
|
+
return request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
|
194
|
+
return callback_call if on_callback_path?
|
195
|
+
return other_phase if respond_to?(:other_phase)
|
196
|
+
rescue StandardError => e
|
197
|
+
raise e if env.delete('omniauth.error.app')
|
198
|
+
|
199
|
+
return fail!(e.message, e)
|
200
|
+
end
|
191
201
|
|
192
202
|
@app.call(env)
|
193
203
|
end
|
194
204
|
|
205
|
+
def warn_if_using_get_on_request_path
|
206
|
+
return unless on_request_path?
|
207
|
+
return unless OmniAuth.config.allowed_request_methods.include?(:get)
|
208
|
+
return if OmniAuth.config.silence_get_warning
|
209
|
+
|
210
|
+
log :warn, <<-WARN
|
211
|
+
You are using GET as an allowed request method for OmniAuth. This may leave
|
212
|
+
you open to CSRF attacks. As of v2.0.0, OmniAuth by default allows only POST
|
213
|
+
to its own routes. You should review the following resources to guide your
|
214
|
+
mitigation:
|
215
|
+
https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
|
216
|
+
https://github.com/omniauth/omniauth/issues/960
|
217
|
+
https://nvd.nist.gov/vuln/detail/CVE-2015-9284
|
218
|
+
https://github.com/omniauth/omniauth/pull/809
|
219
|
+
|
220
|
+
You can ignore this warning by setting:
|
221
|
+
OmniAuth.config.silence_get_warning = true
|
222
|
+
WARN
|
223
|
+
end
|
224
|
+
|
195
225
|
# Responds to an OPTIONS request.
|
196
226
|
def options_call
|
197
227
|
OmniAuth.config.before_options_phase.call(env) if OmniAuth.config.before_options_phase
|
@@ -202,17 +232,19 @@ module OmniAuth
|
|
202
232
|
# Performs the steps necessary to run the request phase of a strategy.
|
203
233
|
def request_call # rubocop:disable CyclomaticComplexity, MethodLength, PerceivedComplexity
|
204
234
|
setup_phase
|
205
|
-
log :
|
235
|
+
log :debug, 'Request phase initiated.'
|
206
236
|
|
207
237
|
# store query params from the request url, extracted in the callback_phase
|
208
238
|
session['omniauth.params'] = request.GET
|
239
|
+
|
240
|
+
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
209
241
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
210
242
|
|
211
243
|
if options.form.respond_to?(:call)
|
212
|
-
log :
|
244
|
+
log :debug, 'Rendering form from supplied Rack endpoint.'
|
213
245
|
options.form.call(env)
|
214
246
|
elsif options.form
|
215
|
-
log :
|
247
|
+
log :debug, 'Rendering form from underlying application.'
|
216
248
|
call_app!
|
217
249
|
elsif !options.origin_param
|
218
250
|
request_phase
|
@@ -225,12 +257,14 @@ module OmniAuth
|
|
225
257
|
|
226
258
|
request_phase
|
227
259
|
end
|
260
|
+
rescue OmniAuth::AuthenticityError => e
|
261
|
+
fail!(:authenticity_error, e)
|
228
262
|
end
|
229
263
|
|
230
264
|
# Performs the steps necessary to run the callback phase of a strategy.
|
231
265
|
def callback_call
|
232
266
|
setup_phase
|
233
|
-
log :
|
267
|
+
log :debug, 'Callback phase initiated.'
|
234
268
|
@env['omniauth.origin'] = session.delete('omniauth.origin')
|
235
269
|
@env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
|
236
270
|
@env['omniauth.params'] = session.delete('omniauth.params') || {}
|
@@ -268,8 +302,14 @@ module OmniAuth
|
|
268
302
|
# in the event that OmniAuth has been configured to be
|
269
303
|
# in test mode.
|
270
304
|
def mock_call!(*)
|
271
|
-
|
272
|
-
|
305
|
+
begin
|
306
|
+
return mock_request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
|
307
|
+
return mock_callback_call if on_callback_path?
|
308
|
+
rescue StandardError => e
|
309
|
+
raise e if env.delete('omniauth.error.app')
|
310
|
+
|
311
|
+
return fail!(e.message, e)
|
312
|
+
end
|
273
313
|
|
274
314
|
call_app!
|
275
315
|
end
|
@@ -278,7 +318,10 @@ module OmniAuth
|
|
278
318
|
setup_phase
|
279
319
|
|
280
320
|
session['omniauth.params'] = request.GET
|
321
|
+
|
322
|
+
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
281
323
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
324
|
+
|
282
325
|
if options.origin_param
|
283
326
|
if request.params[options.origin_param]
|
284
327
|
session['omniauth.origin'] = request.params[options.origin_param]
|
@@ -312,10 +355,10 @@ module OmniAuth
|
|
312
355
|
# underlying application. This will default to `/auth/:provider/setup`.
|
313
356
|
def setup_phase
|
314
357
|
if options[:setup].respond_to?(:call)
|
315
|
-
log :
|
358
|
+
log :debug, 'Setup endpoint detected, running now.'
|
316
359
|
options[:setup].call(env)
|
317
360
|
elsif options[:setup]
|
318
|
-
log :
|
361
|
+
log :debug, 'Calling through to underlying application for setup.'
|
319
362
|
setup_env = env.merge('PATH_INFO' => setup_path, 'REQUEST_METHOD' => 'GET')
|
320
363
|
call_app!(setup_env)
|
321
364
|
end
|
@@ -345,11 +388,13 @@ module OmniAuth
|
|
345
388
|
end
|
346
389
|
|
347
390
|
def auth_hash
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
391
|
+
credentials_data = credentials
|
392
|
+
extra_data = extra
|
393
|
+
AuthHash.new(:provider => name, :uid => uid).tap do |auth|
|
394
|
+
auth.info = info unless skip_info?
|
395
|
+
auth.credentials = credentials_data if credentials_data
|
396
|
+
auth.extra = extra_data if extra_data
|
397
|
+
end
|
353
398
|
end
|
354
399
|
|
355
400
|
# Determines whether or not user info should be retrieved. This
|
@@ -389,7 +434,12 @@ module OmniAuth
|
|
389
434
|
end
|
390
435
|
|
391
436
|
def request_path
|
392
|
-
@request_path ||=
|
437
|
+
@request_path ||=
|
438
|
+
if options[:request_path].is_a?(String)
|
439
|
+
options[:request_path]
|
440
|
+
else
|
441
|
+
"#{script_name}#{path_prefix}/#{name}"
|
442
|
+
end
|
393
443
|
end
|
394
444
|
|
395
445
|
def callback_path
|
@@ -397,7 +447,7 @@ module OmniAuth
|
|
397
447
|
path = options[:callback_path] if options[:callback_path].is_a?(String)
|
398
448
|
path ||= current_path if options[:callback_path].respond_to?(:call) && options[:callback_path].call(env)
|
399
449
|
path ||= custom_path(:request_path)
|
400
|
-
path ||= "#{path_prefix}/#{name}/callback"
|
450
|
+
path ||= "#{script_name}#{path_prefix}/#{name}/callback"
|
401
451
|
path
|
402
452
|
end
|
403
453
|
end
|
@@ -409,7 +459,7 @@ module OmniAuth
|
|
409
459
|
CURRENT_PATH_REGEX = %r{/$}.freeze
|
410
460
|
EMPTY_STRING = ''.freeze
|
411
461
|
def current_path
|
412
|
-
@current_path ||= request.
|
462
|
+
@current_path ||= request.path.downcase.sub(CURRENT_PATH_REGEX, EMPTY_STRING)
|
413
463
|
end
|
414
464
|
|
415
465
|
def query_string
|
@@ -418,6 +468,9 @@ module OmniAuth
|
|
418
468
|
|
419
469
|
def call_app!(env = @env)
|
420
470
|
@app.call(env)
|
471
|
+
rescue StandardError => e
|
472
|
+
env['omniauth.error.app'] = true
|
473
|
+
raise e
|
421
474
|
end
|
422
475
|
|
423
476
|
def full_host
|
@@ -441,7 +494,7 @@ module OmniAuth
|
|
441
494
|
end
|
442
495
|
|
443
496
|
def callback_url
|
444
|
-
full_host +
|
497
|
+
full_host + callback_path + query_string
|
445
498
|
end
|
446
499
|
|
447
500
|
def script_name
|
@@ -491,16 +544,15 @@ module OmniAuth
|
|
491
544
|
OmniAuth.config.on_failure.call(env)
|
492
545
|
end
|
493
546
|
|
494
|
-
def dup
|
495
|
-
super.tap do
|
496
|
-
@options = @options.dup
|
497
|
-
end
|
498
|
-
end
|
499
|
-
|
500
547
|
class Options < OmniAuth::KeyStore; end
|
501
548
|
|
502
549
|
protected
|
503
550
|
|
551
|
+
def initialize_copy(*args)
|
552
|
+
super
|
553
|
+
@options = @options.dup
|
554
|
+
end
|
555
|
+
|
504
556
|
def merge_stack(stack)
|
505
557
|
stack.inject({}) do |a, e|
|
506
558
|
a.merge!(e)
|
data/lib/omniauth/version.rb
CHANGED
data/omniauth.gemspec
CHANGED
@@ -7,7 +7,8 @@ require 'omniauth/version'
|
|
7
7
|
Gem::Specification.new do |spec|
|
8
8
|
spec.add_dependency 'hashie', ['>= 3.4.6']
|
9
9
|
spec.add_dependency 'rack', ['>= 1.6.2', '< 3']
|
10
|
-
spec.add_development_dependency 'bundler', '~>
|
10
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
11
|
+
spec.add_dependency 'rack-protection'
|
11
12
|
spec.add_development_dependency 'rake', '~> 12.0'
|
12
13
|
spec.authors = ['Michael Bleigh', 'Erik Michaels-Ober', 'Tom Milewski']
|
13
14
|
spec.description = 'A generalized Rack framework for multiple-provider authentication.'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Bleigh
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2021-04-07 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: hashie
|
@@ -52,14 +52,28 @@ dependencies:
|
|
52
52
|
requirements:
|
53
53
|
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version: '
|
55
|
+
version: '2.0'
|
56
56
|
type: :development
|
57
57
|
prerelease: false
|
58
58
|
version_requirements: !ruby/object:Gem::Requirement
|
59
59
|
requirements:
|
60
60
|
- - "~>"
|
61
61
|
- !ruby/object:Gem::Version
|
62
|
-
version: '
|
62
|
+
version: '2.0'
|
63
|
+
- !ruby/object:Gem::Dependency
|
64
|
+
name: rack-protection
|
65
|
+
requirement: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - ">="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
type: :runtime
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
63
77
|
- !ruby/object:Gem::Dependency
|
64
78
|
name: rake
|
65
79
|
requirement: !ruby/object:Gem::Requirement
|
@@ -83,18 +97,21 @@ executables: []
|
|
83
97
|
extensions: []
|
84
98
|
extra_rdoc_files: []
|
85
99
|
files:
|
100
|
+
- ".github/FUNDING.yml"
|
86
101
|
- ".github/ISSUE_TEMPLATE.md"
|
102
|
+
- ".github/workflows/main.yml"
|
87
103
|
- ".gitignore"
|
88
104
|
- ".rspec"
|
89
105
|
- ".rubocop.yml"
|
90
|
-
- ".travis.yml"
|
91
106
|
- ".yardopts"
|
92
107
|
- Gemfile
|
93
108
|
- LICENSE.md
|
94
109
|
- README.md
|
95
110
|
- Rakefile
|
111
|
+
- SECURITY.md
|
96
112
|
- lib/omniauth.rb
|
97
113
|
- lib/omniauth/auth_hash.rb
|
114
|
+
- lib/omniauth/authenticity_token_protection.rb
|
98
115
|
- lib/omniauth/builder.rb
|
99
116
|
- lib/omniauth/failure_endpoint.rb
|
100
117
|
- lib/omniauth/form.css
|
@@ -127,8 +144,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
127
144
|
- !ruby/object:Gem::Version
|
128
145
|
version: 1.3.5
|
129
146
|
requirements: []
|
130
|
-
|
131
|
-
rubygems_version: 2.6.14.4
|
147
|
+
rubygems_version: 3.0.0
|
132
148
|
signing_key:
|
133
149
|
specification_version: 4
|
134
150
|
summary: A generalized Rack framework for multiple-provider authentication.
|
data/.travis.yml
DELETED
@@ -1,25 +0,0 @@
|
|
1
|
-
bundler_args: --without development
|
2
|
-
before_install:
|
3
|
-
- gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
|
4
|
-
- gem install bundler -v '1.17.3'
|
5
|
-
install:
|
6
|
-
- bundle _1.17.3_ install --jobs=3 --retry=3
|
7
|
-
cache: bundler
|
8
|
-
env:
|
9
|
-
global:
|
10
|
-
- JRUBY_OPTS="$JRUBY_OPTS --debug"
|
11
|
-
language: ruby
|
12
|
-
rvm:
|
13
|
-
- jruby-9000
|
14
|
-
- 2.2.9
|
15
|
-
- 2.3.5
|
16
|
-
- 2.4.4
|
17
|
-
- 2.5.3
|
18
|
-
- jruby-head
|
19
|
-
- ruby-head
|
20
|
-
matrix:
|
21
|
-
allow_failures:
|
22
|
-
- rvm: jruby-head
|
23
|
-
- rvm: ruby-head
|
24
|
-
fast_finish: true
|
25
|
-
sudo: false
|