omniauth 2.0.0 → 2.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +2 -0
- data/.github/workflows/main.yml +3 -3
- data/README.md +9 -2
- data/SECURITY.md +17 -0
- data/lib/omniauth/authenticity_token_protection.rb +2 -0
- data/lib/omniauth/strategy.rb +15 -4
- data/lib/omniauth/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bda926095916de4b9694aaea0102e28ba4589485ac7299e14818d16c80114e2d
|
|
4
|
+
data.tar.gz: 933f85d44aa3ce65274350f6b460c0c1f48bfe0e7c6231091e0fe05cc07b741c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b67754b61bea388ad20c8a2e305fdcdb0310cc6cd910eec4b3fbb6d2e5b86c24d99970e79f2b9913f4cc575ec25572408c87a4236728214edb10a7d0fe926fc0
|
|
7
|
+
data.tar.gz: a089f325f9b80fdba2f0f0561e0d050b36d47f49e763e33e381d427d8592009fa4da80db50e47f2d172bf96fb6d8d46455b68ec0e3fae632b752a1decbf0941f
|
data/.github/FUNDING.yml
ADDED
data/.github/workflows/main.yml
CHANGED
|
@@ -9,9 +9,9 @@ name: Ruby
|
|
|
9
9
|
|
|
10
10
|
on:
|
|
11
11
|
push:
|
|
12
|
-
branches: [ master
|
|
12
|
+
branches: [ master ]
|
|
13
13
|
pull_request:
|
|
14
|
-
branches: [ master
|
|
14
|
+
branches: [ master ]
|
|
15
15
|
|
|
16
16
|
jobs:
|
|
17
17
|
test:
|
|
@@ -38,7 +38,7 @@ jobs:
|
|
|
38
38
|
fail-fast: false
|
|
39
39
|
matrix:
|
|
40
40
|
os: [ubuntu, macos]
|
|
41
|
-
jruby: [jruby
|
|
41
|
+
jruby: [jruby] # TODO: Add back jruby-head once we figure out why there's a bundler mismatch
|
|
42
42
|
steps:
|
|
43
43
|
- uses: actions/checkout@v2
|
|
44
44
|
- name: Set up Ruby
|
data/README.md
CHANGED
|
@@ -10,7 +10,8 @@
|
|
|
10
10
|
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
|
|
11
11
|
[coveralls]: https://coveralls.io/r/omniauth/omniauth
|
|
12
12
|
|
|
13
|
-
This is the documentation for
|
|
13
|
+
This is the documentation for the version [v2.0.4](https://github.com/omniauth/omniauth/tree/v2.0.4) of OmniAuth.
|
|
14
|
+
|
|
14
15
|
## An Introduction
|
|
15
16
|
OmniAuth is a library that standardizes multi-provider authentication for
|
|
16
17
|
web applications. It was created to be powerful, flexible, and do as
|
|
@@ -196,8 +197,14 @@ actively maintained in-depth documentation for OmniAuth. It should be
|
|
|
196
197
|
your first stop if you are wondering about a more in-depth look at
|
|
197
198
|
OmniAuth, how it works, and how to use it.
|
|
198
199
|
|
|
200
|
+
## OmniAuth for Enterprise
|
|
201
|
+
|
|
202
|
+
Available as part of the Tidelift Subscription.
|
|
203
|
+
|
|
204
|
+
The maintainers of OmniAuth and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
|
|
205
|
+
|
|
199
206
|
## Supported Ruby Versions
|
|
200
|
-
OmniAuth is tested under 2.
|
|
207
|
+
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
|
|
201
208
|
|
|
202
209
|
## Versioning
|
|
203
210
|
This library aims to adhere to [Semantic Versioning 2.0.0][semver]. Violations
|
data/SECURITY.md
ADDED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Supported Versions
|
|
4
|
+
|
|
5
|
+
Use this section to tell people about which versions of your project are
|
|
6
|
+
currently being supported with security updates.
|
|
7
|
+
|
|
8
|
+
| Version | Supported |
|
|
9
|
+
| ------- | ------------------ |
|
|
10
|
+
| 2.0.x | :white_check_mark: |
|
|
11
|
+
| <= 1.9.1 | :x: |
|
|
12
|
+
|
|
13
|
+
## Security contact information
|
|
14
|
+
|
|
15
|
+
To report a security vulnerability, please use the
|
|
16
|
+
[Tidelift security contact](https://tidelift.com/security).
|
|
17
|
+
Tidelift will coordinate the fix and disclosure.
|
data/lib/omniauth/strategy.rb
CHANGED
|
@@ -180,9 +180,10 @@ module OmniAuth
|
|
|
180
180
|
raise(error)
|
|
181
181
|
end
|
|
182
182
|
|
|
183
|
-
warn_if_using_get
|
|
184
|
-
|
|
185
183
|
@env = env
|
|
184
|
+
|
|
185
|
+
warn_if_using_get_on_request_path
|
|
186
|
+
|
|
186
187
|
@env['omniauth.strategy'] = self if on_auth_path?
|
|
187
188
|
|
|
188
189
|
return mock_call!(env) if OmniAuth.config.test_mode
|
|
@@ -193,13 +194,16 @@ module OmniAuth
|
|
|
193
194
|
return callback_call if on_callback_path?
|
|
194
195
|
return other_phase if respond_to?(:other_phase)
|
|
195
196
|
rescue StandardError => e
|
|
197
|
+
raise e if env.delete('omniauth.error.app')
|
|
198
|
+
|
|
196
199
|
return fail!(e.message, e)
|
|
197
200
|
end
|
|
198
201
|
|
|
199
202
|
@app.call(env)
|
|
200
203
|
end
|
|
201
204
|
|
|
202
|
-
def
|
|
205
|
+
def warn_if_using_get_on_request_path
|
|
206
|
+
return unless on_request_path?
|
|
203
207
|
return unless OmniAuth.config.allowed_request_methods.include?(:get)
|
|
204
208
|
return if OmniAuth.config.silence_get_warning
|
|
205
209
|
|
|
@@ -299,10 +303,11 @@ module OmniAuth
|
|
|
299
303
|
# in test mode.
|
|
300
304
|
def mock_call!(*)
|
|
301
305
|
begin
|
|
302
|
-
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
|
303
306
|
return mock_request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
|
|
304
307
|
return mock_callback_call if on_callback_path?
|
|
305
308
|
rescue StandardError => e
|
|
309
|
+
raise e if env.delete('omniauth.error.app')
|
|
310
|
+
|
|
306
311
|
return fail!(e.message, e)
|
|
307
312
|
end
|
|
308
313
|
|
|
@@ -313,7 +318,10 @@ module OmniAuth
|
|
|
313
318
|
setup_phase
|
|
314
319
|
|
|
315
320
|
session['omniauth.params'] = request.GET
|
|
321
|
+
|
|
322
|
+
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
|
316
323
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
|
324
|
+
|
|
317
325
|
if options.origin_param
|
|
318
326
|
if request.params[options.origin_param]
|
|
319
327
|
session['omniauth.origin'] = request.params[options.origin_param]
|
|
@@ -460,6 +468,9 @@ module OmniAuth
|
|
|
460
468
|
|
|
461
469
|
def call_app!(env = @env)
|
|
462
470
|
@app.call(env)
|
|
471
|
+
rescue StandardError => e
|
|
472
|
+
env['omniauth.error.app'] = true
|
|
473
|
+
raise e
|
|
463
474
|
end
|
|
464
475
|
|
|
465
476
|
def full_host
|
data/lib/omniauth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Bleigh
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2021-
|
|
13
|
+
date: 2021-04-07 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: hashie
|
|
@@ -97,6 +97,7 @@ executables: []
|
|
|
97
97
|
extensions: []
|
|
98
98
|
extra_rdoc_files: []
|
|
99
99
|
files:
|
|
100
|
+
- ".github/FUNDING.yml"
|
|
100
101
|
- ".github/ISSUE_TEMPLATE.md"
|
|
101
102
|
- ".github/workflows/main.yml"
|
|
102
103
|
- ".gitignore"
|
|
@@ -107,6 +108,7 @@ files:
|
|
|
107
108
|
- LICENSE.md
|
|
108
109
|
- README.md
|
|
109
110
|
- Rakefile
|
|
111
|
+
- SECURITY.md
|
|
110
112
|
- lib/omniauth.rb
|
|
111
113
|
- lib/omniauth/auth_hash.rb
|
|
112
114
|
- lib/omniauth/authenticity_token_protection.rb
|