omniauth_openid_connect 0.4.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +34 -2
- data/.rubocop.yml +1 -4
- data/CHANGELOG.md +13 -1
- data/Gemfile +6 -0
- data/README.md +31 -29
- data/Rakefile +2 -0
- data/lib/omniauth/openid_connect/version.rb +1 -1
- data/lib/omniauth/strategies/openid_connect.rb +132 -21
- data/omniauth_openid_connect.gemspec +2 -3
- data/test/lib/omniauth/strategies/openid_connect_test.rb +330 -66
- data/test/strategy_test_case.rb +47 -3
- data/test/test_helper.rb +17 -7
- metadata +24 -44
- data/.github/config/rubocop_linter_action.yml +0 -59
- data/.github/workflows/rubocop.yml +0 -22
- data/test/fixtures/id_token.txt +0 -1
- data/test/fixtures/jwks.json +0 -8
data/test/strategy_test_case.rb
CHANGED
@@ -1,32 +1,76 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class StrategyTestCase < MiniTest::Test
|
2
4
|
class DummyApp
|
3
5
|
def call(env); end
|
4
6
|
end
|
5
7
|
|
6
|
-
attr_accessor :identifier, :secret
|
8
|
+
attr_accessor :identifier, :secret, :issuer, :nonce
|
7
9
|
|
8
10
|
def setup
|
9
11
|
@identifier = '1234'
|
10
12
|
@secret = '1234asdgat3'
|
13
|
+
@issuer = 'https://server.example.com'
|
14
|
+
@nonce = SecureRandom.hex(16)
|
11
15
|
end
|
12
16
|
|
13
17
|
def client
|
14
18
|
strategy.client
|
15
19
|
end
|
16
20
|
|
21
|
+
def payload
|
22
|
+
{
|
23
|
+
"iss": issuer,
|
24
|
+
"aud": identifier,
|
25
|
+
"sub": '248289761001',
|
26
|
+
"nonce": nonce,
|
27
|
+
"exp": Time.now.to_i + 1000,
|
28
|
+
"iat": Time.now.to_i,
|
29
|
+
}
|
30
|
+
end
|
31
|
+
|
32
|
+
def private_key
|
33
|
+
@private_key ||= OpenSSL::PKey::RSA.generate(512)
|
34
|
+
end
|
35
|
+
|
36
|
+
def jwt
|
37
|
+
@jwt ||= JSON::JWT.new(payload).sign(private_key, :RS256)
|
38
|
+
end
|
39
|
+
|
40
|
+
def hmac_secret
|
41
|
+
@hmac_secret ||= SecureRandom.hex(16)
|
42
|
+
end
|
43
|
+
|
44
|
+
def jwt_with_hs256
|
45
|
+
@jwt_with_hs256 ||= JSON::JWT.new(payload).sign(hmac_secret, :HS256)
|
46
|
+
end
|
47
|
+
|
48
|
+
def jwt_with_hs512
|
49
|
+
@jwt_with_hs512 ||= JSON::JWT.new(payload).sign(hmac_secret, :HS512)
|
50
|
+
end
|
51
|
+
|
52
|
+
def jwks
|
53
|
+
@jwks ||= begin
|
54
|
+
key = JSON::JWK.new(private_key)
|
55
|
+
keyset = JSON::JWK::Set.new(key)
|
56
|
+
{ keys: keyset }
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
17
60
|
def user_info
|
18
61
|
@user_info ||= OpenIDConnect::ResponseObject::UserInfo.new(
|
19
62
|
sub: SecureRandom.hex(16),
|
20
63
|
name: Faker::Name.name,
|
21
64
|
email: Faker::Internet.email,
|
65
|
+
email_verified: Faker::Boolean.boolean,
|
22
66
|
nickname: Faker::Name.first_name,
|
23
67
|
preferred_username: Faker::Internet.user_name,
|
24
68
|
given_name: Faker::Name.first_name,
|
25
69
|
family_name: Faker::Name.last_name,
|
26
70
|
gender: 'female',
|
27
|
-
picture: Faker::Internet.url
|
71
|
+
picture: "#{Faker::Internet.url}.png",
|
28
72
|
phone_number: Faker::PhoneNumber.phone_number,
|
29
|
-
website: Faker::Internet.url
|
73
|
+
website: Faker::Internet.url
|
30
74
|
)
|
31
75
|
end
|
32
76
|
|
data/test/test_helper.rb
CHANGED
@@ -1,16 +1,26 @@
|
|
1
|
-
|
2
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
1
|
+
# frozen_string_literal: true
|
3
2
|
|
4
3
|
require 'simplecov'
|
5
|
-
require 'coveralls'
|
6
4
|
require 'minitest/autorun'
|
7
5
|
require 'mocha/minitest'
|
8
6
|
require 'faker'
|
9
7
|
require 'active_support'
|
8
|
+
|
9
|
+
SimpleCov.start do
|
10
|
+
if ENV['CI']
|
11
|
+
require 'simplecov-lcov'
|
12
|
+
|
13
|
+
SimpleCov::Formatter::LcovFormatter.config do |c|
|
14
|
+
c.report_with_single_file = true
|
15
|
+
c.single_report_path = 'coverage/lcov.info'
|
16
|
+
end
|
17
|
+
|
18
|
+
formatter SimpleCov::Formatter::LcovFormatter
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
lib = File.expand_path('../lib', __dir__)
|
23
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
10
24
|
require 'omniauth_openid_connect'
|
11
25
|
require_relative 'strategy_test_case'
|
12
|
-
|
13
|
-
SimpleCov.command_name 'test'
|
14
|
-
SimpleCov.start
|
15
|
-
Coveralls.wear!
|
16
26
|
OmniAuth.config.test_mode = true
|
metadata
CHANGED
@@ -1,30 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth_openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Bohn
|
8
8
|
- Ilya Shcherbinin
|
9
|
-
autorequire:
|
9
|
+
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2023-01-22 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
|
-
- !ruby/object:Gem::Dependency
|
15
|
-
name: addressable
|
16
|
-
requirement: !ruby/object:Gem::Requirement
|
17
|
-
requirements:
|
18
|
-
- - "~>"
|
19
|
-
- !ruby/object:Gem::Version
|
20
|
-
version: '2.5'
|
21
|
-
type: :runtime
|
22
|
-
prerelease: false
|
23
|
-
version_requirements: !ruby/object:Gem::Requirement
|
24
|
-
requirements:
|
25
|
-
- - "~>"
|
26
|
-
- !ruby/object:Gem::Version
|
27
|
-
version: '2.5'
|
28
14
|
- !ruby/object:Gem::Dependency
|
29
15
|
name: omniauth
|
30
16
|
requirement: !ruby/object:Gem::Requirement
|
@@ -59,20 +45,6 @@ dependencies:
|
|
59
45
|
- - "~>"
|
60
46
|
- !ruby/object:Gem::Version
|
61
47
|
version: '1.1'
|
62
|
-
- !ruby/object:Gem::Dependency
|
63
|
-
name: coveralls
|
64
|
-
requirement: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '0.8'
|
69
|
-
type: :development
|
70
|
-
prerelease: false
|
71
|
-
version_requirements: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - "~>"
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '0.8'
|
76
48
|
- !ruby/object:Gem::Dependency
|
77
49
|
name: faker
|
78
50
|
requirement: !ruby/object:Gem::Requirement
|
@@ -191,14 +163,28 @@ dependencies:
|
|
191
163
|
requirements:
|
192
164
|
- - "~>"
|
193
165
|
- !ruby/object:Gem::Version
|
194
|
-
version: '0.
|
166
|
+
version: '0.21'
|
167
|
+
type: :development
|
168
|
+
prerelease: false
|
169
|
+
version_requirements: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - "~>"
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '0.21'
|
174
|
+
- !ruby/object:Gem::Dependency
|
175
|
+
name: simplecov-lcov
|
176
|
+
requirement: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - "~>"
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0.8'
|
195
181
|
type: :development
|
196
182
|
prerelease: false
|
197
183
|
version_requirements: !ruby/object:Gem::Requirement
|
198
184
|
requirements:
|
199
185
|
- - "~>"
|
200
186
|
- !ruby/object:Gem::Version
|
201
|
-
version: '0.
|
187
|
+
version: '0.8'
|
202
188
|
description: OpenID Connect Strategy for OmniAuth.
|
203
189
|
email:
|
204
190
|
- jjbohn@gmail.com
|
@@ -207,10 +193,8 @@ executables: []
|
|
207
193
|
extensions: []
|
208
194
|
extra_rdoc_files: []
|
209
195
|
files:
|
210
|
-
- ".github/config/rubocop_linter_action.yml"
|
211
196
|
- ".github/stale.yml"
|
212
197
|
- ".github/workflows/main.yml"
|
213
|
-
- ".github/workflows/rubocop.yml"
|
214
198
|
- ".gitignore"
|
215
199
|
- ".rubocop.yml"
|
216
200
|
- CHANGELOG.md
|
@@ -225,8 +209,6 @@ files:
|
|
225
209
|
- lib/omniauth/strategies/openid_connect.rb
|
226
210
|
- lib/omniauth_openid_connect.rb
|
227
211
|
- omniauth_openid_connect.gemspec
|
228
|
-
- test/fixtures/id_token.txt
|
229
|
-
- test/fixtures/jwks.json
|
230
212
|
- test/fixtures/test.crt
|
231
213
|
- test/lib/omniauth/strategies/openid_connect_test.rb
|
232
214
|
- test/strategy_test_case.rb
|
@@ -237,10 +219,10 @@ licenses:
|
|
237
219
|
metadata:
|
238
220
|
bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
|
239
221
|
changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
|
240
|
-
documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.
|
241
|
-
source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.
|
222
|
+
documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.0#readme
|
223
|
+
source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.0
|
242
224
|
rubygems_mfa_required: 'true'
|
243
|
-
post_install_message:
|
225
|
+
post_install_message:
|
244
226
|
rdoc_options: []
|
245
227
|
require_paths:
|
246
228
|
- lib
|
@@ -255,13 +237,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
255
237
|
- !ruby/object:Gem::Version
|
256
238
|
version: '0'
|
257
239
|
requirements: []
|
258
|
-
rubygems_version: 3.3
|
259
|
-
signing_key:
|
240
|
+
rubygems_version: 3.4.3
|
241
|
+
signing_key:
|
260
242
|
specification_version: 4
|
261
243
|
summary: OpenID Connect Strategy for OmniAuth
|
262
244
|
test_files:
|
263
|
-
- test/fixtures/id_token.txt
|
264
|
-
- test/fixtures/jwks.json
|
265
245
|
- test/fixtures/test.crt
|
266
246
|
- test/lib/omniauth/strategies/openid_connect_test.rb
|
267
247
|
- test/strategy_test_case.rb
|
@@ -1,59 +0,0 @@
|
|
1
|
-
# Description: The name of the check that will be created.
|
2
|
-
# Valid Options: A reasonably sized string.
|
3
|
-
# Default: 'Rubocop Action'
|
4
|
-
check_name: 'Rubocop Results'
|
5
|
-
|
6
|
-
# Description: Versions required to run your RuboCop checks.
|
7
|
-
# Valid options: RuboCop and any RuboCop extension, by default the latest gem version will be used. You can explicitly state that
|
8
|
-
# (not required) or use a version number, like '1.5.1'.
|
9
|
-
# Default:
|
10
|
-
# versions:
|
11
|
-
# - rubocop: 'latest'
|
12
|
-
versions:
|
13
|
-
- rubocop
|
14
|
-
- rubocop-minitest
|
15
|
-
- rubocop-performance: '1.5.1'
|
16
|
-
|
17
|
-
# Description: Rubocop configuration file path relative to the workspace.
|
18
|
-
# Valid options: A valid file path inside of the workspace.
|
19
|
-
# Default: nil
|
20
|
-
# Note: This does not need to be filled out for Rubocop to still find your config.
|
21
|
-
# Resource: https://rubocop.readthedocs.io/en/stable/configuration/
|
22
|
-
rubocop_config_path: '.rubocop.yml'
|
23
|
-
|
24
|
-
# Run all cops enabled by configuration except this list.
|
25
|
-
# Valid options: list of valid cop(s) and/or departments.
|
26
|
-
# Default: nil
|
27
|
-
# Resource: https://rubocop.readthedocs.io/en/stable/cops/
|
28
|
-
# rubocop_excluded_cops:
|
29
|
-
# - 'Style/FrozenStringLiteralComment'
|
30
|
-
|
31
|
-
# Minimum severity for exit with error code
|
32
|
-
# Valid options: 'refactor', 'convention', 'warning', 'error', or 'fatal'.
|
33
|
-
# Default: 'warning'
|
34
|
-
# Resource: https://rubocop.readthedocs.io/en/stable/configuration/#severity
|
35
|
-
# rubocop_fail_level: 'warning'
|
36
|
-
|
37
|
-
# Whether or not to use --force-exclusion when building the rubocop command. Use this if you are only linting modified
|
38
|
-
# files and typically excluded files have been changed. For example, if you exclude db/schema.rb in your rubocop.yml
|
39
|
-
# but a change gets made, then with the check_scope config set to 'modified' rubocop will lint db/schema.rb. If you set
|
40
|
-
# this to true, rubocop will ignore it.
|
41
|
-
# Valid options: true || false
|
42
|
-
# Default: false
|
43
|
-
|
44
|
-
# Instead of installing gems from rubygems, we can run `bundle install` on your project,
|
45
|
-
# you would need to do this if you are using something like 'rubocop-github' or if you don't
|
46
|
-
# want to list out dependencies with the `versions` key.
|
47
|
-
# Valid options: true || false
|
48
|
-
# Default: false
|
49
|
-
# bundle: false
|
50
|
-
|
51
|
-
# The scope of code that Rubocop should lint. Use this if you only want to lint changed files. If this is not set
|
52
|
-
# or not equal to 'modified', Rubocop is run against the entire codebase. Note that this will not work on the master branch.
|
53
|
-
# Valid options: 'modified'
|
54
|
-
# Default: nil
|
55
|
-
|
56
|
-
# The base branch against which changes will be compared, if check_scope config is set to 'modified'.
|
57
|
-
# This setting is not used if check_scope != 'modified'.
|
58
|
-
# Valid options: 'origin/another_branch'
|
59
|
-
# Default: 'origin/master'
|
@@ -1,22 +0,0 @@
|
|
1
|
-
name: Rubocop check
|
2
|
-
|
3
|
-
on:
|
4
|
-
pull_request:
|
5
|
-
branches:
|
6
|
-
- "*"
|
7
|
-
push:
|
8
|
-
branches:
|
9
|
-
- master
|
10
|
-
jobs:
|
11
|
-
build:
|
12
|
-
name: RuboCop Action
|
13
|
-
runs-on: ubuntu-latest
|
14
|
-
steps:
|
15
|
-
- name: Checkout Action
|
16
|
-
uses: actions/checkout@v1
|
17
|
-
- name: Rubocop Linter Action
|
18
|
-
uses: andrewmcodes/rubocop-linter-action@v3.2.0
|
19
|
-
with:
|
20
|
-
action_config_path: '.github/config/rubocop_linter_action.yml'
|
21
|
-
env:
|
22
|
-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
data/test/fixtures/id_token.txt
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzcyI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZfV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5NzAKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6qJp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJNqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7TpdQyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoSK5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg
|
data/test/fixtures/jwks.json
DELETED
@@ -1,8 +0,0 @@
|
|
1
|
-
{"keys": [{
|
2
|
-
"kty": "RSA",
|
3
|
-
"n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
|
4
|
-
"e": "AQAB",
|
5
|
-
"alg": "RS256",
|
6
|
-
"kid": "1e9gdk7"
|
7
|
-
}]
|
8
|
-
}
|