omniauth 1.9.2 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +2 -0
- data/.github/workflows/main.yml +89 -0
- data/.gitignore +1 -0
- data/Gemfile +7 -5
- data/README.md +22 -12
- data/SECURITY.md +17 -0
- data/lib/omniauth/authenticity_token_protection.rb +32 -0
- data/lib/omniauth/builder.rb +1 -1
- data/lib/omniauth/failure_endpoint.rb +10 -1
- data/lib/omniauth/form.rb +1 -1
- data/lib/omniauth/strategy.rb +70 -27
- data/lib/omniauth/version.rb +1 -1
- data/lib/omniauth.rb +18 -6
- data/omniauth.gemspec +2 -1
- metadata +26 -9
- data/.travis.yml +0 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0fdf824504c682674830ea2d69b88977ca4be10f49f79130b3f75d324c7806d6
|
4
|
+
data.tar.gz: 2dc858d06ff250e7e4bef4d581bf64fb70d3a2baccbebcb53f81ff24e1023797
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 655b84ed20ad9b5c6a402e84c2333eab3e2a681d9aa4ba67f754448d02031a260fb7868b2dfa25016ed941a123aa4b991d0affbffa5170ee440d389c650b4316
|
7
|
+
data.tar.gz: 64a646106221782aff31af2bcab225b79314d8d90c0072a24488633e01d049721a1231959d424135f59d052add7bc47780e7f2affac44acd46e1eb9b0a1f5847
|
data/.github/FUNDING.yml
ADDED
@@ -0,0 +1,89 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ master ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ master ]
|
15
|
+
|
16
|
+
jobs:
|
17
|
+
test:
|
18
|
+
runs-on: ubuntu-18.04
|
19
|
+
strategy:
|
20
|
+
fail-fast: false
|
21
|
+
matrix:
|
22
|
+
os: [ubuntu, macos]
|
23
|
+
ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
|
24
|
+
steps:
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
- name: Set up Ruby
|
27
|
+
uses: ruby/setup-ruby@v1
|
28
|
+
with:
|
29
|
+
ruby-version: ${{ matrix.ruby }}
|
30
|
+
bundler-cache: true
|
31
|
+
- name: Install dependencies
|
32
|
+
run: bundle install
|
33
|
+
- name: Run tests
|
34
|
+
run: bundle exec rake
|
35
|
+
test-jruby:
|
36
|
+
runs-on: ubuntu-18.04
|
37
|
+
strategy:
|
38
|
+
fail-fast: false
|
39
|
+
matrix:
|
40
|
+
os: [ubuntu, macos]
|
41
|
+
jruby: [jruby, jruby-head]
|
42
|
+
steps:
|
43
|
+
- uses: actions/checkout@v2
|
44
|
+
- name: Set up Ruby
|
45
|
+
uses: ruby/setup-ruby@v1
|
46
|
+
with:
|
47
|
+
ruby-version: ${{ matrix.jruby }}
|
48
|
+
bundler-cache: true
|
49
|
+
- name: Install dependencies
|
50
|
+
env:
|
51
|
+
JRUBY_OPTS: --debug
|
52
|
+
run: bundle install
|
53
|
+
- name: Run tests
|
54
|
+
env:
|
55
|
+
JRUBY_OPTS: --debug
|
56
|
+
run: bundle exec rake
|
57
|
+
frozen-string-compat:
|
58
|
+
runs-on: ubuntu-18.04
|
59
|
+
steps:
|
60
|
+
- uses: actions/checkout@v2
|
61
|
+
- name: Set up Ruby
|
62
|
+
uses: ruby/setup-ruby@v1
|
63
|
+
with:
|
64
|
+
ruby-version: 2.6
|
65
|
+
bundler-cache: true
|
66
|
+
- name: Install dependencies
|
67
|
+
run: bundle install
|
68
|
+
- name: Run tests
|
69
|
+
env:
|
70
|
+
RUBYOPT: "--enable-frozen-string-literal"
|
71
|
+
run: bundle exec rake
|
72
|
+
coveralls:
|
73
|
+
runs-on: ubuntu-18.04
|
74
|
+
steps:
|
75
|
+
- uses: actions/checkout@v2
|
76
|
+
- name: Set up Ruby
|
77
|
+
uses: ruby/setup-ruby@v1
|
78
|
+
with:
|
79
|
+
ruby-version: 2.6
|
80
|
+
bundler-cache: true
|
81
|
+
- name: Install dependencies
|
82
|
+
run: bundle install
|
83
|
+
- name: Run tests
|
84
|
+
run: bundle exec rake
|
85
|
+
- name: Coveralls GitHub Action
|
86
|
+
uses: coverallsapp/github-action@v1.1.2
|
87
|
+
with:
|
88
|
+
github-token: ${{ secrets.github_token }}
|
89
|
+
path-to-lcov: './coverage/lcov/omniauth.lcov'
|
data/.gitignore
CHANGED
data/Gemfile
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gem 'jruby-openssl', '~> 0.
|
3
|
+
gem 'jruby-openssl', '~> 0.10.5', :platforms => :jruby
|
4
4
|
gem 'rake', '>= 12.0'
|
5
5
|
gem 'yard', '>= 0.9.11'
|
6
6
|
|
@@ -12,16 +12,18 @@ group :development do
|
|
12
12
|
end
|
13
13
|
|
14
14
|
group :test do
|
15
|
-
gem '
|
15
|
+
gem 'coveralls_reborn', '~> 0.19.0', require: false
|
16
16
|
gem 'hashie', '>= 3.4.6', '~> 4.0.0', :platforms => [:jruby_18]
|
17
|
-
gem 'json', '~> 2.0
|
17
|
+
gem 'json', '~> 2.3.0', :platforms => %i[jruby_18 jruby_19 ruby_19]
|
18
18
|
gem 'mime-types', '~> 3.1', :platforms => [:jruby_18]
|
19
19
|
gem 'rack', '>= 2.0.6', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20 ruby_21]
|
20
20
|
gem 'rack-test'
|
21
21
|
gem 'rest-client', '~> 2.0.0', :platforms => [:jruby_18]
|
22
|
-
gem 'rspec', '~> 3.5
|
22
|
+
gem 'rspec', '~> 3.5'
|
23
|
+
gem 'rack-freeze'
|
23
24
|
gem 'rubocop', '>= 0.58.2', '< 0.69.0', :platforms => %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
|
24
|
-
gem '
|
25
|
+
gem 'simplecov-lcov'
|
26
|
+
gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
|
25
27
|
end
|
26
28
|
|
27
29
|
gemspec
|
data/README.md
CHANGED
@@ -2,15 +2,16 @@
|
|
2
2
|
|
3
3
|
[![Gem Version](http://img.shields.io/gem/v/omniauth.svg)][gem]
|
4
4
|
[![Build Status](http://img.shields.io/travis/omniauth/omniauth.svg)][travis]
|
5
|
-
[![Code Climate](
|
5
|
+
[![Code Climate](https://api.codeclimate.com/v1/badges/ffd33970723587806744/maintainability)][codeclimate]
|
6
6
|
[![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth.svg)][coveralls]
|
7
|
-
[![Security](https://hakiri.io/github/omniauth/omniauth/master.svg)](https://hakiri.io/github/omniauth/omniauth/master)
|
8
7
|
|
9
8
|
[gem]: https://rubygems.org/gems/omniauth
|
10
9
|
[travis]: http://travis-ci.org/omniauth/omniauth
|
11
10
|
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
|
12
11
|
[coveralls]: https://coveralls.io/r/omniauth/omniauth
|
13
12
|
|
13
|
+
This is the documentation for OmniAuth v2.0.2.
|
14
|
+
|
14
15
|
## An Introduction
|
15
16
|
OmniAuth is a library that standardizes multi-provider authentication for
|
16
17
|
web applications. It was created to be powerful, flexible, and do as
|
@@ -32,8 +33,8 @@ development and easily swap in other strategies later.
|
|
32
33
|
## Getting Started
|
33
34
|
Each OmniAuth strategy is a Rack Middleware. That means that you can use
|
34
35
|
it the same way that you use any other Rack middleware. For example, to
|
35
|
-
use the built-in Developer strategy in a Sinatra application
|
36
|
-
this:
|
36
|
+
use the built-in Developer strategy in a Sinatra application you might
|
37
|
+
do this:
|
37
38
|
|
38
39
|
```ruby
|
39
40
|
require 'sinatra'
|
@@ -45,7 +46,7 @@ class MyApplication < Sinatra::Base
|
|
45
46
|
end
|
46
47
|
```
|
47
48
|
|
48
|
-
Because OmniAuth is built for *multi-provider* authentication,
|
49
|
+
Because OmniAuth is built for *multi-provider* authentication, you may
|
49
50
|
want to leave room to run multiple strategies. For this, the built-in
|
50
51
|
`OmniAuth::Builder` class gives you an easy way to specify multiple
|
51
52
|
strategies. Note that there is **no difference** between the following
|
@@ -82,18 +83,21 @@ environment of a request to `/auth/:provider/callback`. This hash
|
|
82
83
|
contains as much information about the user as OmniAuth was able to
|
83
84
|
glean from the utilized strategy. You should set up an endpoint in your
|
84
85
|
application that matches to the callback URL and then performs whatever
|
85
|
-
steps are necessary for your application. For example, in a Rails app
|
86
|
-
would add a line in
|
86
|
+
steps are necessary for your application. For example, in a Rails app
|
87
|
+
you would add a line in your `routes.rb` file like this:
|
87
88
|
|
88
89
|
```ruby
|
89
|
-
|
90
|
+
post '/auth/:provider/callback', to: 'sessions#create'
|
90
91
|
```
|
91
92
|
|
92
|
-
And
|
93
|
+
And you might then have a `SessionsController` with code that looks
|
93
94
|
something like this:
|
94
95
|
|
95
96
|
```ruby
|
96
97
|
class SessionsController < ApplicationController
|
98
|
+
# If you're using a strategy that POSTs during callback, you'll need to skip the authenticity token check for the callback action only.
|
99
|
+
skip_before_action :verify_authenticity_token, only: :create
|
100
|
+
|
97
101
|
def create
|
98
102
|
@user = User.find_or_create_from_auth_hash(auth_hash)
|
99
103
|
self.current_user = @user
|
@@ -108,7 +112,7 @@ class SessionsController < ApplicationController
|
|
108
112
|
end
|
109
113
|
```
|
110
114
|
|
111
|
-
The `omniauth.auth` key in the environment hash
|
115
|
+
The `omniauth.auth` key in the environment hash provides an
|
112
116
|
Authentication Hash which will contain information about the just
|
113
117
|
authenticated user including a unique id, the strategy they just used
|
114
118
|
for authentication, and personal details such as name and email address
|
@@ -163,7 +167,7 @@ a `session_store.rb` initializer, add `use ActionDispatch::Session::CookieStore`
|
|
163
167
|
and have sessions functioning as normal.
|
164
168
|
|
165
169
|
To be clear: sessions may work, but your session options will be ignored
|
166
|
-
(i.e the session key will default to `_session_id`). Instead of the
|
170
|
+
(i.e. the session key will default to `_session_id`). Instead of the
|
167
171
|
initializer, you'll have to set the relevant options somewhere
|
168
172
|
before your middleware is built (like `application.rb`) and pass them to your
|
169
173
|
preferred middleware, like this:
|
@@ -193,8 +197,14 @@ actively maintained in-depth documentation for OmniAuth. It should be
|
|
193
197
|
your first stop if you are wondering about a more in-depth look at
|
194
198
|
OmniAuth, how it works, and how to use it.
|
195
199
|
|
200
|
+
## OmniAuth for Enterprise
|
201
|
+
|
202
|
+
Available as part of the Tidelift Subscription.
|
203
|
+
|
204
|
+
The maintainers of OmniAuth and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
|
205
|
+
|
196
206
|
## Supported Ruby Versions
|
197
|
-
OmniAuth is tested under 2.
|
207
|
+
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
|
198
208
|
|
199
209
|
## Versioning
|
200
210
|
This library aims to adhere to [Semantic Versioning 2.0.0][semver]. Violations
|
data/SECURITY.md
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
Use this section to tell people about which versions of your project are
|
6
|
+
currently being supported with security updates.
|
7
|
+
|
8
|
+
| Version | Supported |
|
9
|
+
| ------- | ------------------ |
|
10
|
+
| 2.0.x | :white_check_mark: |
|
11
|
+
| <= 1.9.1 | :x: |
|
12
|
+
|
13
|
+
## Security contact information
|
14
|
+
|
15
|
+
To report a security vulnerability, please use the
|
16
|
+
[Tidelift security contact](https://tidelift.com/security).
|
17
|
+
Tidelift will coordinate the fix and disclosure.
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'rack-protection'
|
2
|
+
|
3
|
+
module OmniAuth
|
4
|
+
class AuthenticityError < StandardError; end
|
5
|
+
class AuthenticityTokenProtection < Rack::Protection::AuthenticityToken
|
6
|
+
def initialize(options = {})
|
7
|
+
@options = default_options.merge(options)
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.call(env)
|
11
|
+
new.call!(env)
|
12
|
+
end
|
13
|
+
|
14
|
+
def call!(env)
|
15
|
+
return if accepts?(env)
|
16
|
+
|
17
|
+
instrument env
|
18
|
+
react env
|
19
|
+
end
|
20
|
+
|
21
|
+
alias_method :call, :call!
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def deny(_env)
|
26
|
+
OmniAuth.logger.send(:warn, "Attack prevented by #{self.class}")
|
27
|
+
raise AuthenticityError.new(options[:message])
|
28
|
+
end
|
29
|
+
|
30
|
+
alias default_reaction deny
|
31
|
+
end
|
32
|
+
end
|
data/lib/omniauth/builder.rb
CHANGED
@@ -31,7 +31,7 @@ module OmniAuth
|
|
31
31
|
middleware = klass
|
32
32
|
else
|
33
33
|
begin
|
34
|
-
middleware = OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(klass.to_s).to_s)
|
34
|
+
middleware = OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(klass.to_s).to_s, false)
|
35
35
|
rescue NameError
|
36
36
|
raise(LoadError.new("Could not find matching strategy for #{klass.inspect}. You may need to install an additional gem (such as omniauth-#{klass})."))
|
37
37
|
end
|
@@ -27,10 +27,19 @@ module OmniAuth
|
|
27
27
|
|
28
28
|
def redirect_to_failure
|
29
29
|
message_key = env['omniauth.error.type']
|
30
|
-
|
30
|
+
|
31
|
+
new_path = "#{env['SCRIPT_NAME']}#{strategy_path_prefix}/failure?message=#{Rack::Utils.escape(message_key)}#{origin_query_param}#{strategy_name_query_param}"
|
31
32
|
Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
|
32
33
|
end
|
33
34
|
|
35
|
+
def strategy_path_prefix
|
36
|
+
if env['omniauth.error.strategy']
|
37
|
+
env['omniauth.error.strategy'].path_prefix
|
38
|
+
else
|
39
|
+
OmniAuth.config.path_prefix
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
34
43
|
def strategy_name_query_param
|
35
44
|
return '' unless env['omniauth.error.strategy']
|
36
45
|
|
data/lib/omniauth/form.rb
CHANGED
@@ -9,7 +9,7 @@ module OmniAuth
|
|
9
9
|
options[:header_info] ||= ''
|
10
10
|
self.options = options
|
11
11
|
|
12
|
-
@html = ''
|
12
|
+
@html = +'' # unary + string allows it to be mutable if strings are frozen
|
13
13
|
@with_custom_button = false
|
14
14
|
@footer = nil
|
15
15
|
header(options[:title], options[:header_info])
|
data/lib/omniauth/strategy.rb
CHANGED
@@ -180,18 +180,44 @@ module OmniAuth
|
|
180
180
|
raise(error)
|
181
181
|
end
|
182
182
|
|
183
|
+
warn_if_using_get
|
184
|
+
|
183
185
|
@env = env
|
184
186
|
@env['omniauth.strategy'] = self if on_auth_path?
|
185
187
|
|
186
188
|
return mock_call!(env) if OmniAuth.config.test_mode
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
189
|
+
|
190
|
+
begin
|
191
|
+
return options_call if on_auth_path? && options_request?
|
192
|
+
return request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
|
193
|
+
return callback_call if on_callback_path?
|
194
|
+
return other_phase if respond_to?(:other_phase)
|
195
|
+
rescue StandardError => e
|
196
|
+
return fail!(e.message, e)
|
197
|
+
end
|
191
198
|
|
192
199
|
@app.call(env)
|
193
200
|
end
|
194
201
|
|
202
|
+
def warn_if_using_get
|
203
|
+
return unless OmniAuth.config.allowed_request_methods.include?(:get)
|
204
|
+
return if OmniAuth.config.silence_get_warning
|
205
|
+
|
206
|
+
log :warn, <<-WARN
|
207
|
+
You are using GET as an allowed request method for OmniAuth. This may leave
|
208
|
+
you open to CSRF attacks. As of v2.0.0, OmniAuth by default allows only POST
|
209
|
+
to its own routes. You should review the following resources to guide your
|
210
|
+
mitigation:
|
211
|
+
https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
|
212
|
+
https://github.com/omniauth/omniauth/issues/960
|
213
|
+
https://nvd.nist.gov/vuln/detail/CVE-2015-9284
|
214
|
+
https://github.com/omniauth/omniauth/pull/809
|
215
|
+
|
216
|
+
You can ignore this warning by setting:
|
217
|
+
OmniAuth.config.silence_get_warning = true
|
218
|
+
WARN
|
219
|
+
end
|
220
|
+
|
195
221
|
# Responds to an OPTIONS request.
|
196
222
|
def options_call
|
197
223
|
OmniAuth.config.before_options_phase.call(env) if OmniAuth.config.before_options_phase
|
@@ -202,17 +228,19 @@ module OmniAuth
|
|
202
228
|
# Performs the steps necessary to run the request phase of a strategy.
|
203
229
|
def request_call # rubocop:disable CyclomaticComplexity, MethodLength, PerceivedComplexity
|
204
230
|
setup_phase
|
205
|
-
log :
|
231
|
+
log :debug, 'Request phase initiated.'
|
206
232
|
|
207
233
|
# store query params from the request url, extracted in the callback_phase
|
208
234
|
session['omniauth.params'] = request.GET
|
235
|
+
|
236
|
+
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
209
237
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
210
238
|
|
211
239
|
if options.form.respond_to?(:call)
|
212
|
-
log :
|
240
|
+
log :debug, 'Rendering form from supplied Rack endpoint.'
|
213
241
|
options.form.call(env)
|
214
242
|
elsif options.form
|
215
|
-
log :
|
243
|
+
log :debug, 'Rendering form from underlying application.'
|
216
244
|
call_app!
|
217
245
|
elsif !options.origin_param
|
218
246
|
request_phase
|
@@ -225,12 +253,14 @@ module OmniAuth
|
|
225
253
|
|
226
254
|
request_phase
|
227
255
|
end
|
256
|
+
rescue OmniAuth::AuthenticityError => e
|
257
|
+
fail!(:authenticity_error, e)
|
228
258
|
end
|
229
259
|
|
230
260
|
# Performs the steps necessary to run the callback phase of a strategy.
|
231
261
|
def callback_call
|
232
262
|
setup_phase
|
233
|
-
log :
|
263
|
+
log :debug, 'Callback phase initiated.'
|
234
264
|
@env['omniauth.origin'] = session.delete('omniauth.origin')
|
235
265
|
@env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
|
236
266
|
@env['omniauth.params'] = session.delete('omniauth.params') || {}
|
@@ -268,8 +298,12 @@ module OmniAuth
|
|
268
298
|
# in the event that OmniAuth has been configured to be
|
269
299
|
# in test mode.
|
270
300
|
def mock_call!(*)
|
271
|
-
|
272
|
-
|
301
|
+
begin
|
302
|
+
return mock_request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
|
303
|
+
return mock_callback_call if on_callback_path?
|
304
|
+
rescue StandardError => e
|
305
|
+
return fail!(e.message, e)
|
306
|
+
end
|
273
307
|
|
274
308
|
call_app!
|
275
309
|
end
|
@@ -278,7 +312,10 @@ module OmniAuth
|
|
278
312
|
setup_phase
|
279
313
|
|
280
314
|
session['omniauth.params'] = request.GET
|
315
|
+
|
316
|
+
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
281
317
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
318
|
+
|
282
319
|
if options.origin_param
|
283
320
|
if request.params[options.origin_param]
|
284
321
|
session['omniauth.origin'] = request.params[options.origin_param]
|
@@ -312,10 +349,10 @@ module OmniAuth
|
|
312
349
|
# underlying application. This will default to `/auth/:provider/setup`.
|
313
350
|
def setup_phase
|
314
351
|
if options[:setup].respond_to?(:call)
|
315
|
-
log :
|
352
|
+
log :debug, 'Setup endpoint detected, running now.'
|
316
353
|
options[:setup].call(env)
|
317
354
|
elsif options[:setup]
|
318
|
-
log :
|
355
|
+
log :debug, 'Calling through to underlying application for setup.'
|
319
356
|
setup_env = env.merge('PATH_INFO' => setup_path, 'REQUEST_METHOD' => 'GET')
|
320
357
|
call_app!(setup_env)
|
321
358
|
end
|
@@ -345,11 +382,13 @@ module OmniAuth
|
|
345
382
|
end
|
346
383
|
|
347
384
|
def auth_hash
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
385
|
+
credentials_data = credentials
|
386
|
+
extra_data = extra
|
387
|
+
AuthHash.new(:provider => name, :uid => uid).tap do |auth|
|
388
|
+
auth.info = info unless skip_info?
|
389
|
+
auth.credentials = credentials_data if credentials_data
|
390
|
+
auth.extra = extra_data if extra_data
|
391
|
+
end
|
353
392
|
end
|
354
393
|
|
355
394
|
# Determines whether or not user info should be retrieved. This
|
@@ -389,7 +428,12 @@ module OmniAuth
|
|
389
428
|
end
|
390
429
|
|
391
430
|
def request_path
|
392
|
-
@request_path ||=
|
431
|
+
@request_path ||=
|
432
|
+
if options[:request_path].is_a?(String)
|
433
|
+
options[:request_path]
|
434
|
+
else
|
435
|
+
"#{script_name}#{path_prefix}/#{name}"
|
436
|
+
end
|
393
437
|
end
|
394
438
|
|
395
439
|
def callback_path
|
@@ -397,7 +441,7 @@ module OmniAuth
|
|
397
441
|
path = options[:callback_path] if options[:callback_path].is_a?(String)
|
398
442
|
path ||= current_path if options[:callback_path].respond_to?(:call) && options[:callback_path].call(env)
|
399
443
|
path ||= custom_path(:request_path)
|
400
|
-
path ||= "#{path_prefix}/#{name}/callback"
|
444
|
+
path ||= "#{script_name}#{path_prefix}/#{name}/callback"
|
401
445
|
path
|
402
446
|
end
|
403
447
|
end
|
@@ -409,7 +453,7 @@ module OmniAuth
|
|
409
453
|
CURRENT_PATH_REGEX = %r{/$}.freeze
|
410
454
|
EMPTY_STRING = ''.freeze
|
411
455
|
def current_path
|
412
|
-
@current_path ||= request.
|
456
|
+
@current_path ||= request.path.downcase.sub(CURRENT_PATH_REGEX, EMPTY_STRING)
|
413
457
|
end
|
414
458
|
|
415
459
|
def query_string
|
@@ -441,7 +485,7 @@ module OmniAuth
|
|
441
485
|
end
|
442
486
|
|
443
487
|
def callback_url
|
444
|
-
full_host +
|
488
|
+
full_host + callback_path + query_string
|
445
489
|
end
|
446
490
|
|
447
491
|
def script_name
|
@@ -491,16 +535,15 @@ module OmniAuth
|
|
491
535
|
OmniAuth.config.on_failure.call(env)
|
492
536
|
end
|
493
537
|
|
494
|
-
def dup
|
495
|
-
super.tap do
|
496
|
-
@options = @options.dup
|
497
|
-
end
|
498
|
-
end
|
499
|
-
|
500
538
|
class Options < OmniAuth::KeyStore; end
|
501
539
|
|
502
540
|
protected
|
503
541
|
|
542
|
+
def initialize_copy(*args)
|
543
|
+
super
|
544
|
+
@options = @options.dup
|
545
|
+
end
|
546
|
+
|
504
547
|
def merge_stack(stack)
|
505
548
|
stack.inject({}) do |a, e|
|
506
549
|
a.merge!(e)
|
data/lib/omniauth/version.rb
CHANGED
data/lib/omniauth.rb
CHANGED
@@ -15,6 +15,7 @@ module OmniAuth
|
|
15
15
|
autoload :Form, 'omniauth/form'
|
16
16
|
autoload :AuthHash, 'omniauth/auth_hash'
|
17
17
|
autoload :FailureEndpoint, 'omniauth/failure_endpoint'
|
18
|
+
autoload :AuthenticityTokenProtection, 'omniauth/authenticity_token_protection'
|
18
19
|
|
19
20
|
def self.strategies
|
20
21
|
@strategies ||= []
|
@@ -29,20 +30,22 @@ module OmniAuth
|
|
29
30
|
logger
|
30
31
|
end
|
31
32
|
|
32
|
-
def self.defaults
|
33
|
+
def self.defaults # rubocop:disable MethodLength
|
33
34
|
@defaults ||= {
|
34
35
|
:camelizations => {},
|
35
36
|
:path_prefix => '/auth',
|
36
37
|
:on_failure => OmniAuth::FailureEndpoint,
|
37
38
|
:failure_raise_out_environments => ['development'],
|
39
|
+
:request_validation_phase => OmniAuth::AuthenticityTokenProtection,
|
38
40
|
:before_request_phase => nil,
|
39
41
|
:before_callback_phase => nil,
|
40
42
|
:before_options_phase => nil,
|
41
43
|
:form_css => Form::DEFAULT_CSS,
|
42
44
|
:test_mode => false,
|
43
45
|
:logger => default_logger,
|
44
|
-
:allowed_request_methods => %i[
|
45
|
-
:mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})}
|
46
|
+
:allowed_request_methods => %i[post],
|
47
|
+
:mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})},
|
48
|
+
:silence_get_warning => false
|
46
49
|
}
|
47
50
|
end
|
48
51
|
|
@@ -74,6 +77,14 @@ module OmniAuth
|
|
74
77
|
end
|
75
78
|
end
|
76
79
|
|
80
|
+
def request_validation_phase(&block)
|
81
|
+
if block_given?
|
82
|
+
@request_validation_phase = block
|
83
|
+
else
|
84
|
+
@request_validation_phase
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
77
88
|
def before_request_phase(&block)
|
78
89
|
if block_given?
|
79
90
|
@before_request_phase = block
|
@@ -111,8 +122,9 @@ module OmniAuth
|
|
111
122
|
camelizations[name.to_s] = camelized.to_s
|
112
123
|
end
|
113
124
|
|
114
|
-
attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase
|
115
|
-
attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css,
|
125
|
+
attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase, :request_validation_phase
|
126
|
+
attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css,
|
127
|
+
:test_mode, :mock_auth, :full_host, :camelizations, :logger, :silence_get_warning
|
116
128
|
end
|
117
129
|
|
118
130
|
def self.config
|
@@ -159,7 +171,7 @@ module OmniAuth
|
|
159
171
|
if first_letter_in_uppercase
|
160
172
|
word.to_s.gsub(%r{/(.?)}) { '::' + Regexp.last_match[1].upcase }.gsub(/(^|_)(.)/) { Regexp.last_match[2].upcase }
|
161
173
|
else
|
162
|
-
word.
|
174
|
+
camelize(word).tap { |w| w[0] = w[0].downcase }
|
163
175
|
end
|
164
176
|
end
|
165
177
|
end
|
data/omniauth.gemspec
CHANGED
@@ -7,7 +7,8 @@ require 'omniauth/version'
|
|
7
7
|
Gem::Specification.new do |spec|
|
8
8
|
spec.add_dependency 'hashie', ['>= 3.4.6']
|
9
9
|
spec.add_dependency 'rack', ['>= 1.6.2', '< 3']
|
10
|
-
spec.add_development_dependency 'bundler', '~>
|
10
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
11
|
+
spec.add_dependency 'rack-protection'
|
11
12
|
spec.add_development_dependency 'rake', '~> 12.0'
|
12
13
|
spec.authors = ['Michael Bleigh', 'Erik Michaels-Ober', 'Tom Milewski']
|
13
14
|
spec.description = 'A generalized Rack framework for multiple-provider authentication.'
|
metadata
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Bleigh
|
8
8
|
- Erik Michaels-Ober
|
9
9
|
- Tom Milewski
|
10
|
-
autorequire:
|
10
|
+
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2021-02-02 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: hashie
|
@@ -52,14 +52,28 @@ dependencies:
|
|
52
52
|
requirements:
|
53
53
|
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version: '
|
55
|
+
version: '2.0'
|
56
56
|
type: :development
|
57
57
|
prerelease: false
|
58
58
|
version_requirements: !ruby/object:Gem::Requirement
|
59
59
|
requirements:
|
60
60
|
- - "~>"
|
61
61
|
- !ruby/object:Gem::Version
|
62
|
-
version: '
|
62
|
+
version: '2.0'
|
63
|
+
- !ruby/object:Gem::Dependency
|
64
|
+
name: rack-protection
|
65
|
+
requirement: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - ">="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
type: :runtime
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
63
77
|
- !ruby/object:Gem::Dependency
|
64
78
|
name: rake
|
65
79
|
requirement: !ruby/object:Gem::Requirement
|
@@ -83,18 +97,21 @@ executables: []
|
|
83
97
|
extensions: []
|
84
98
|
extra_rdoc_files: []
|
85
99
|
files:
|
100
|
+
- ".github/FUNDING.yml"
|
86
101
|
- ".github/ISSUE_TEMPLATE.md"
|
102
|
+
- ".github/workflows/main.yml"
|
87
103
|
- ".gitignore"
|
88
104
|
- ".rspec"
|
89
105
|
- ".rubocop.yml"
|
90
|
-
- ".travis.yml"
|
91
106
|
- ".yardopts"
|
92
107
|
- Gemfile
|
93
108
|
- LICENSE.md
|
94
109
|
- README.md
|
95
110
|
- Rakefile
|
111
|
+
- SECURITY.md
|
96
112
|
- lib/omniauth.rb
|
97
113
|
- lib/omniauth/auth_hash.rb
|
114
|
+
- lib/omniauth/authenticity_token_protection.rb
|
98
115
|
- lib/omniauth/builder.rb
|
99
116
|
- lib/omniauth/failure_endpoint.rb
|
100
117
|
- lib/omniauth/form.css
|
@@ -112,7 +129,7 @@ homepage: https://github.com/omniauth/omniauth
|
|
112
129
|
licenses:
|
113
130
|
- MIT
|
114
131
|
metadata: {}
|
115
|
-
post_install_message:
|
132
|
+
post_install_message:
|
116
133
|
rdoc_options: []
|
117
134
|
require_paths:
|
118
135
|
- lib
|
@@ -127,8 +144,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
127
144
|
- !ruby/object:Gem::Version
|
128
145
|
version: 1.3.5
|
129
146
|
requirements: []
|
130
|
-
rubygems_version: 3.
|
131
|
-
signing_key:
|
147
|
+
rubygems_version: 3.0.0
|
148
|
+
signing_key:
|
132
149
|
specification_version: 4
|
133
150
|
summary: A generalized Rack framework for multiple-provider authentication.
|
134
151
|
test_files: []
|
data/.travis.yml
DELETED
@@ -1,25 +0,0 @@
|
|
1
|
-
bundler_args: --without development
|
2
|
-
before_install:
|
3
|
-
- gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
|
4
|
-
- gem install bundler -v '1.17.3'
|
5
|
-
install:
|
6
|
-
- bundle _1.17.3_ install --jobs=3 --retry=3
|
7
|
-
cache: bundler
|
8
|
-
env:
|
9
|
-
global:
|
10
|
-
- JRUBY_OPTS="$JRUBY_OPTS --debug"
|
11
|
-
language: ruby
|
12
|
-
rvm:
|
13
|
-
- jruby-9000
|
14
|
-
- 2.2.9
|
15
|
-
- 2.3.5
|
16
|
-
- 2.4.4
|
17
|
-
- 2.5.3
|
18
|
-
- jruby-head
|
19
|
-
- ruby-head
|
20
|
-
matrix:
|
21
|
-
allow_failures:
|
22
|
-
- rvm: jruby-head
|
23
|
-
- rvm: ruby-head
|
24
|
-
fast_finish: true
|
25
|
-
sudo: false
|