omniauth 2.1.0 → 2.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df50309ac3b4098a460e7a52f233798a3246cffdfeb2c6f6f60d373b8af8af2c
-  data.tar.gz: bf5c53ceadb04c431b88aa17dfe6a11b46475b38bc9d4fa74865e1eb21d27772
+  metadata.gz: 72f75a04a8d177ece789f87bafb01954e87e25006087e1c4b469d9a7245d3f65
+  data.tar.gz: 04f1b32853317188896eecf634ce2d2592e0de9441f5ccc2bb24a55a84c0af01
 SHA512:
-  metadata.gz: dfd0bb2add456a51a393e672cba45d310f6ab7d2b5aa37c058a7242b8b0dc9b644877596c0a47c9e1c462d1e593516d1474379f103cae0988cced76c37260d4a
-  data.tar.gz: 6a0c4302b25339ca10e304ef1fb968e5dd36cb5e6d686499c1b9d5185f9165fef864f54603f385076bf81160980ca532285a00ebdf23de82f3a1bacf95655856
+  metadata.gz: 5e99d765970df98de46c2872a3bf65ccd8012fba74910fa9b608909725a64e167dbd34b53b4b5d673f07955e107893965a3fd7012ef4b2219bdb3ed5dfd5a9ae
+  data.tar.gz: 59455629cd76bfa5220a625b6ba4d470be36df8d11a973967f06219015516ca77fdf4c9afa79ba3033a159f5d95d971379f1882afc0973873fabcf779672ac17

data/.github/dependabot.yml

@@ -0,0 +1,18 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: bundler
+    directory: '/'
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 99
+
+  - package-ecosystem: github-actions
+    directory: '/'
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 99

data/.github/workflows/jruby.yml

@@ -0,0 +1,28 @@
+name: JRuby
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu, macos]
+        jruby: [jruby, jruby-head]
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.jruby }}
+        bundler-cache: true
+      env:
+        JRUBY_OPTS: --debug
+    - name: Run tests
+      env:
+        JRUBY_OPTS: --debug
+      run: bundle exec rake

data/.github/workflows/main.yml

@@ -15,75 +15,50 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-18.04
+    runs-on: ${{ matrix.os }}-latest
     strategy:
       fail-fast: false
       matrix:
         os: [ubuntu, macos]
-        ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug, truffleruby, truffleruby-head]
+        ruby: [2.5, 2.6, 2.7, '3.0', 3.1, 3.2, 3.3, head, debug]
+        exclude:
+        - os: macos
+          ruby: 2.5
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
         bundler-cache: true
-    - name: Install dependencies
-      run: bundle install
     - name: Run tests
       run: bundle exec rake
-  test-jruby:
-    runs-on: ubuntu-18.04
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu, macos]
-        jruby: [jruby] # TODO: Add back jruby-head once we figure out why there's a bundler mismatch
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.jruby }}
-        bundler-cache: true
-    - name: Install dependencies
-      env:
-        JRUBY_OPTS: --debug
-      run: bundle install
-    - name: Run tests
-      env:
-        JRUBY_OPTS: --debug
-      run: bundle exec rake
   frozen-string-compat:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: 2.6
         bundler-cache: true
-    - name: Install dependencies
-      run: bundle install
     - name: Run tests
       env:
         RUBYOPT: "--enable-frozen-string-literal"
       run: bundle exec rake
   coveralls:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: 2.6
         bundler-cache: true
-    - name: Install dependencies
-      run: bundle install
     - name: Run tests
       run: bundle exec rake
     - name: Coveralls GitHub Action
-      uses: coverallsapp/github-action@v1.1.2
+      uses: coverallsapp/github-action@v2
       with:
         github-token: ${{ secrets.github_token }}
         path-to-lcov: './coverage/lcov/omniauth.lcov'

data/.github/workflows/truffle_ruby.yml

@@ -0,0 +1,24 @@
+name: TruffleRuby
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu, macos]
+        ruby: [truffleruby, truffleruby-head]
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Run tests
+      run: bundle exec rake

data/Gemfile

@@ -13,16 +13,11 @@ end
 
 group :test do
   gem 'coveralls_reborn', '~> 0.19.0', require: false
-  gem 'hashie', '>= 3.4.6', '~> 4.0.0', platforms: [:jruby_18]
-  gem 'json', '~> 2.3.0', platforms: %i[jruby_18 jruby_19 ruby_19]
-  gem 'mime-types', '~> 3.1', platforms: [:jruby_18]
   gem 'rack-test'
-  gem 'rest-client', '~> 2.0.0', platforms: [:jruby_18]
   gem 'rspec', '~> 3.5'
   gem 'rack-freeze'
-  gem 'rubocop', '>= 0.58.2', '< 0.69.0', platforms: %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
+  gem 'rubocop', '>= 0.58.2', '< 0.69.0', platforms: %i[ruby_22 ruby_23 ruby_24]
   gem 'simplecov-lcov'
-  gem 'tins', '~> 1.13', platforms: %i[jruby_18 jruby_19 ruby_19]
 end
 
 gemspec

data/README.md

@@ -1,16 +1,21 @@
 # OmniAuth: Standardized Multi-Provider Authentication
 
 [![Gem Version](http://img.shields.io/gem/v/omniauth.svg)][gem]
-[![Build Status](http://img.shields.io/travis/omniauth/omniauth.svg)][travis]
+[![Ruby](https://github.com/omniauth/omniauth/actions/workflows/main.yml/badge.svg)][githubactions]
+[![TruffleRuby](https://github.com/omniauth/omniauth/actions/workflows/truffle_ruby.yml/badge.svg)][githubactionstruffle]
+[![JRuby](https://github.com/omniauth/omniauth/actions/workflows/jruby.yml/badge.svg)][githubactionsjruby]
 [![Code Climate](https://api.codeclimate.com/v1/badges/ffd33970723587806744/maintainability)][codeclimate]
 [![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth.svg)][coveralls]
 
 [gem]: https://rubygems.org/gems/omniauth
-[travis]: http://travis-ci.org/omniauth/omniauth
+[githubactions]: https://github.com/omniauth/omniauth/actions/workflows/main.yml
+[githubactionstruffle]: https://github.com/omniauth/omniauth/actions/workflows/truffle_ruby.yml
+[githubactionsjruby]: https://github.com/omniauth/omniauth/actions/workflows/jruby.yml
 [codeclimate]: https://codeclimate.com/github/omniauth/omniauth
 [coveralls]: https://coveralls.io/r/omniauth/omniauth
 
-This is the documentation for our latest release [v2.1.0](https://github.com/omniauth/omniauth/releases/tag/v2.1.0). 
+This is the documentation for the in-development branch of OmniAuth.
+You can find the documentation for the latest stable release [here](https://github.com/omniauth/omniauth/tree/v2.1.3)
 
 ## An Introduction
 OmniAuth is a library that standardizes multi-provider authentication for
@@ -97,6 +102,13 @@ environment information on the callback request. It is entirely up to
 you how you want to implement the particulars of your application's
 authentication flow.
 
+## rack_csrf
+
+`omniauth` is not OOTB-compatible with [rack_csrf](https://github.com/baldowl/rack_csrf). In order to do so, the following code needs to be added to the application bootstrapping code:
+
+```ruby
+OmniAuth::AuthenticityTokenProtection.default_options(key: "csrf.token", authenticity_param: "_csrf")
+```
 
 ## Rails (without Devise)
 To get started, add the following gems
@@ -240,7 +252,7 @@ improve code health, while paying the maintainers of the exact packages you use.
 [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
 
 ## Supported Ruby Versions
-OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
+OmniAuth is tested under 2.5, 2.6, 2.7, 3.0, 3.1, 3.2, truffleruby, and JRuby.
 
 ## Versioning
 This library aims to adhere to [Semantic Versioning 2.0.0][semver]. Violations

data/SECURITY.md

@@ -7,6 +7,7 @@ currently being supported with security updates.
 
 | Version  | Supported          |
 | -------  | ------------------ |
+| 2.1.x    | :white_check_mark: |
 | 2.0.x    | :white_check_mark: |
 | <= 1.9.1 | :x:                |
 

data/lib/omniauth/form.rb

@@ -7,6 +7,7 @@ module OmniAuth
     def initialize(options = {})
       options[:title] ||= 'Authentication Info Required'
       options[:header_info] ||= ''
+      options[:method] ||= 'post'
       self.options = options
 
       @html = +'' # unary + string allows it to be mutable if strings are frozen
@@ -75,7 +76,7 @@ module OmniAuth
       </head>
       <body>
       <h1>#{title}</h1>
-      <form method='post' #{"action='#{options[:url]}' " if options[:url]}noValidate='noValidate'>
+      <form method='#{options[:method]}' #{"action='#{options[:url]}' " if options[:url]}noValidate='noValidate'>
       HTML
       self
     end

data/lib/omniauth/strategies/developer.rb

@@ -35,7 +35,7 @@ module OmniAuth
       option :uid_field, :email
 
       def request_phase
-        form = OmniAuth::Form.new(:title => 'User Info', :url => callback_path)
+        form = OmniAuth::Form.new(:title => 'User Info', :url => callback_path, :method => 'get')
         options.fields.each do |field|
           form.text_field field.to_s.capitalize.tr('_', ' '), field.to_s
         end

data/lib/omniauth/strategy.rb

@@ -335,7 +335,9 @@ module OmniAuth
 
     def mock_callback_call
       setup_phase
-      @env['omniauth.origin'] = session.delete('omniauth.origin')
+
+      origin = session.delete('omniauth.origin')
+      @env['omniauth.origin'] ||= origin
       @env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
       @env['omniauth.params'] = session.delete('omniauth.params') || {}
 
@@ -481,7 +483,7 @@ module OmniAuth
         OmniAuth.config.full_host.call(env)
       else
         # in Rack 1.3.x, request.url explodes if scheme is nil
-        if request.scheme && request.url.match(URI::ABS_URI)
+        if request.scheme && URI.parse(request.url).absolute?
           uri = URI.parse(request.url.gsub(/\?.*$/, ''))
           uri.path = ''
           # sometimes the url is actually showing http inside rails because the
@@ -498,6 +500,7 @@ module OmniAuth
     end
 
     def script_name
+      return '' if @env.nil?
       @env['SCRIPT_NAME'] || ''
     end
 

data/lib/omniauth/version.rb

@@ -1,3 +1,3 @@
 module OmniAuth
-  VERSION = '2.1.0'.freeze
+  VERSION = '2.1.3'.freeze
 end

data/lib/omniauth.rb

@@ -1,3 +1,7 @@
+# TODO: Fixed in https://github.com/rack/rack/pull/1610 for Rack 3
+if defined?(RUBY_ENGINE) && RUBY_ENGINE == "jruby"
+  require 'delegate'
+end
 require 'rack'
 require 'singleton'
 require 'logger'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.3
 platform: ruby
 authors:
 - Michael Bleigh
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-13 00:00:00.000000000 Z
+date: 2025-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hashie
@@ -93,7 +93,10 @@ extra_rdoc_files: []
 files:
 - ".github/FUNDING.yml"
 - ".github/ISSUE_TEMPLATE.md"
+- ".github/dependabot.yml"
+- ".github/workflows/jruby.yml"
 - ".github/workflows/main.yml"
+- ".github/workflows/truffle_ruby.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -138,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.5.11
 signing_key:
 specification_version: 4
 summary: A generalized Rack framework for multiple-provider authentication.