omniauth_openid_connect 0.4.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +34 -2
- data/.rubocop.yml +1 -4
- data/CHANGELOG.md +13 -1
- data/Gemfile +6 -0
- data/README.md +31 -29
- data/Rakefile +2 -0
- data/lib/omniauth/openid_connect/version.rb +1 -1
- data/lib/omniauth/strategies/openid_connect.rb +132 -21
- data/omniauth_openid_connect.gemspec +2 -3
- data/test/lib/omniauth/strategies/openid_connect_test.rb +330 -66
- data/test/strategy_test_case.rb +47 -3
- data/test/test_helper.rb +17 -7
- metadata +24 -44
- data/.github/config/rubocop_linter_action.yml +0 -59
- data/.github/workflows/rubocop.yml +0 -22
- data/test/fixtures/id_token.txt +0 -1
- data/test/fixtures/jwks.json +0 -8
data/test/strategy_test_case.rb
CHANGED
@@ -1,32 +1,76 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class StrategyTestCase < MiniTest::Test
|
2
4
|
class DummyApp
|
3
5
|
def call(env); end
|
4
6
|
end
|
5
7
|
|
6
|
-
attr_accessor :identifier, :secret
|
8
|
+
attr_accessor :identifier, :secret, :issuer, :nonce
|
7
9
|
|
8
10
|
def setup
|
9
11
|
@identifier = '1234'
|
10
12
|
@secret = '1234asdgat3'
|
13
|
+
@issuer = 'https://server.example.com'
|
14
|
+
@nonce = SecureRandom.hex(16)
|
11
15
|
end
|
12
16
|
|
13
17
|
def client
|
14
18
|
strategy.client
|
15
19
|
end
|
16
20
|
|
21
|
+
def payload
|
22
|
+
{
|
23
|
+
"iss": issuer,
|
24
|
+
"aud": identifier,
|
25
|
+
"sub": '248289761001',
|
26
|
+
"nonce": nonce,
|
27
|
+
"exp": Time.now.to_i + 1000,
|
28
|
+
"iat": Time.now.to_i,
|
29
|
+
}
|
30
|
+
end
|
31
|
+
|
32
|
+
def private_key
|
33
|
+
@private_key ||= OpenSSL::PKey::RSA.generate(512)
|
34
|
+
end
|
35
|
+
|
36
|
+
def jwt
|
37
|
+
@jwt ||= JSON::JWT.new(payload).sign(private_key, :RS256)
|
38
|
+
end
|
39
|
+
|
40
|
+
def hmac_secret
|
41
|
+
@hmac_secret ||= SecureRandom.hex(16)
|
42
|
+
end
|
43
|
+
|
44
|
+
def jwt_with_hs256
|
45
|
+
@jwt_with_hs256 ||= JSON::JWT.new(payload).sign(hmac_secret, :HS256)
|
46
|
+
end
|
47
|
+
|
48
|
+
def jwt_with_hs512
|
49
|
+
@jwt_with_hs512 ||= JSON::JWT.new(payload).sign(hmac_secret, :HS512)
|
50
|
+
end
|
51
|
+
|
52
|
+
def jwks
|
53
|
+
@jwks ||= begin
|
54
|
+
key = JSON::JWK.new(private_key)
|
55
|
+
keyset = JSON::JWK::Set.new(key)
|
56
|
+
{ keys: keyset }
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
17
60
|
def user_info
|
18
61
|
@user_info ||= OpenIDConnect::ResponseObject::UserInfo.new(
|
19
62
|
sub: SecureRandom.hex(16),
|
20
63
|
name: Faker::Name.name,
|
21
64
|
email: Faker::Internet.email,
|
65
|
+
email_verified: Faker::Boolean.boolean,
|
22
66
|
nickname: Faker::Name.first_name,
|
23
67
|
preferred_username: Faker::Internet.user_name,
|
24
68
|
given_name: Faker::Name.first_name,
|
25
69
|
family_name: Faker::Name.last_name,
|
26
70
|
gender: 'female',
|
27
|
-
picture: Faker::Internet.url
|
71
|
+
picture: "#{Faker::Internet.url}.png",
|
28
72
|
phone_number: Faker::PhoneNumber.phone_number,
|
29
|
-
website: Faker::Internet.url
|
73
|
+
website: Faker::Internet.url
|
30
74
|
)
|
31
75
|
end
|
32
76
|
|
data/test/test_helper.rb
CHANGED
@@ -1,16 +1,26 @@
|
|
1
|
-
|
2
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
1
|
+
# frozen_string_literal: true
|
3
2
|
|
4
3
|
require 'simplecov'
|
5
|
-
require 'coveralls'
|
6
4
|
require 'minitest/autorun'
|
7
5
|
require 'mocha/minitest'
|
8
6
|
require 'faker'
|
9
7
|
require 'active_support'
|
8
|
+
|
9
|
+
SimpleCov.start do
|
10
|
+
if ENV['CI']
|
11
|
+
require 'simplecov-lcov'
|
12
|
+
|
13
|
+
SimpleCov::Formatter::LcovFormatter.config do |c|
|
14
|
+
c.report_with_single_file = true
|
15
|
+
c.single_report_path = 'coverage/lcov.info'
|
16
|
+
end
|
17
|
+
|
18
|
+
formatter SimpleCov::Formatter::LcovFormatter
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
lib = File.expand_path('../lib', __dir__)
|
23
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
10
24
|
require 'omniauth_openid_connect'
|
11
25
|
require_relative 'strategy_test_case'
|
12
|
-
|
13
|
-
SimpleCov.command_name 'test'
|
14
|
-
SimpleCov.start
|
15
|
-
Coveralls.wear!
|
16
26
|
OmniAuth.config.test_mode = true
|
metadata
CHANGED
@@ -1,30 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth_openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Bohn
|
8
8
|
- Ilya Shcherbinin
|
9
|
-
autorequire:
|
9
|
+
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2023-01-22 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
|
-
- !ruby/object:Gem::Dependency
|
15
|
-
name: addressable
|
16
|
-
requirement: !ruby/object:Gem::Requirement
|
17
|
-
requirements:
|
18
|
-
- - "~>"
|
19
|
-
- !ruby/object:Gem::Version
|
20
|
-
version: '2.5'
|
21
|
-
type: :runtime
|
22
|
-
prerelease: false
|
23
|
-
version_requirements: !ruby/object:Gem::Requirement
|
24
|
-
requirements:
|
25
|
-
- - "~>"
|
26
|
-
- !ruby/object:Gem::Version
|
27
|
-
version: '2.5'
|
28
14
|
- !ruby/object:Gem::Dependency
|
29
15
|
name: omniauth
|
30
16
|
requirement: !ruby/object:Gem::Requirement
|
@@ -59,20 +45,6 @@ dependencies:
|
|
59
45
|
- - "~>"
|
60
46
|
- !ruby/object:Gem::Version
|
61
47
|
version: '1.1'
|
62
|
-
- !ruby/object:Gem::Dependency
|
63
|
-
name: coveralls
|
64
|
-
requirement: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '0.8'
|
69
|
-
type: :development
|
70
|
-
prerelease: false
|
71
|
-
version_requirements: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - "~>"
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '0.8'
|
76
48
|
- !ruby/object:Gem::Dependency
|
77
49
|
name: faker
|
78
50
|
requirement: !ruby/object:Gem::Requirement
|
@@ -191,14 +163,28 @@ dependencies:
|
|
191
163
|
requirements:
|
192
164
|
- - "~>"
|
193
165
|
- !ruby/object:Gem::Version
|
194
|
-
version: '0.
|
166
|
+
version: '0.21'
|
167
|
+
type: :development
|
168
|
+
prerelease: false
|
169
|
+
version_requirements: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - "~>"
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '0.21'
|
174
|
+
- !ruby/object:Gem::Dependency
|
175
|
+
name: simplecov-lcov
|
176
|
+
requirement: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - "~>"
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0.8'
|
195
181
|
type: :development
|
196
182
|
prerelease: false
|
197
183
|
version_requirements: !ruby/object:Gem::Requirement
|
198
184
|
requirements:
|
199
185
|
- - "~>"
|
200
186
|
- !ruby/object:Gem::Version
|
201
|
-
version: '0.
|
187
|
+
version: '0.8'
|
202
188
|
description: OpenID Connect Strategy for OmniAuth.
|
203
189
|
email:
|
204
190
|
- jjbohn@gmail.com
|
@@ -207,10 +193,8 @@ executables: []
|
|
207
193
|
extensions: []
|
208
194
|
extra_rdoc_files: []
|
209
195
|
files:
|
210
|
-
- ".github/config/rubocop_linter_action.yml"
|
211
196
|
- ".github/stale.yml"
|
212
197
|
- ".github/workflows/main.yml"
|
213
|
-
- ".github/workflows/rubocop.yml"
|
214
198
|
- ".gitignore"
|
215
199
|
- ".rubocop.yml"
|
216
200
|
- CHANGELOG.md
|
@@ -225,8 +209,6 @@ files:
|
|
225
209
|
- lib/omniauth/strategies/openid_connect.rb
|
226
210
|
- lib/omniauth_openid_connect.rb
|
227
211
|
- omniauth_openid_connect.gemspec
|
228
|
-
- test/fixtures/id_token.txt
|
229
|
-
- test/fixtures/jwks.json
|
230
212
|
- test/fixtures/test.crt
|
231
213
|
- test/lib/omniauth/strategies/openid_connect_test.rb
|
232
214
|
- test/strategy_test_case.rb
|
@@ -237,10 +219,10 @@ licenses:
|
|
237
219
|
metadata:
|
238
220
|
bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
|
239
221
|
changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
|
240
|
-
documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.
|
241
|
-
source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.
|
222
|
+
documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.0#readme
|
223
|
+
source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.0
|
242
224
|
rubygems_mfa_required: 'true'
|
243
|
-
post_install_message:
|
225
|
+
post_install_message:
|
244
226
|
rdoc_options: []
|
245
227
|
require_paths:
|
246
228
|
- lib
|
@@ -255,13 +237,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
255
237
|
- !ruby/object:Gem::Version
|
256
238
|
version: '0'
|
257
239
|
requirements: []
|
258
|
-
rubygems_version: 3.3
|
259
|
-
signing_key:
|
240
|
+
rubygems_version: 3.4.3
|
241
|
+
signing_key:
|
260
242
|
specification_version: 4
|
261
243
|
summary: OpenID Connect Strategy for OmniAuth
|
262
244
|
test_files:
|
263
|
-
- test/fixtures/id_token.txt
|
264
|
-
- test/fixtures/jwks.json
|
265
245
|
- test/fixtures/test.crt
|
266
246
|
- test/lib/omniauth/strategies/openid_connect_test.rb
|
267
247
|
- test/strategy_test_case.rb
|
@@ -1,59 +0,0 @@
|
|
1
|
-
# Description: The name of the check that will be created.
|
2
|
-
# Valid Options: A reasonably sized string.
|
3
|
-
# Default: 'Rubocop Action'
|
4
|
-
check_name: 'Rubocop Results'
|
5
|
-
|
6
|
-
# Description: Versions required to run your RuboCop checks.
|
7
|
-
# Valid options: RuboCop and any RuboCop extension, by default the latest gem version will be used. You can explicitly state that
|
8
|
-
# (not required) or use a version number, like '1.5.1'.
|
9
|
-
# Default:
|
10
|
-
# versions:
|
11
|
-
# - rubocop: 'latest'
|
12
|
-
versions:
|
13
|
-
- rubocop
|
14
|
-
- rubocop-minitest
|
15
|
-
- rubocop-performance: '1.5.1'
|
16
|
-
|
17
|
-
# Description: Rubocop configuration file path relative to the workspace.
|
18
|
-
# Valid options: A valid file path inside of the workspace.
|
19
|
-
# Default: nil
|
20
|
-
# Note: This does not need to be filled out for Rubocop to still find your config.
|
21
|
-
# Resource: https://rubocop.readthedocs.io/en/stable/configuration/
|
22
|
-
rubocop_config_path: '.rubocop.yml'
|
23
|
-
|
24
|
-
# Run all cops enabled by configuration except this list.
|
25
|
-
# Valid options: list of valid cop(s) and/or departments.
|
26
|
-
# Default: nil
|
27
|
-
# Resource: https://rubocop.readthedocs.io/en/stable/cops/
|
28
|
-
# rubocop_excluded_cops:
|
29
|
-
# - 'Style/FrozenStringLiteralComment'
|
30
|
-
|
31
|
-
# Minimum severity for exit with error code
|
32
|
-
# Valid options: 'refactor', 'convention', 'warning', 'error', or 'fatal'.
|
33
|
-
# Default: 'warning'
|
34
|
-
# Resource: https://rubocop.readthedocs.io/en/stable/configuration/#severity
|
35
|
-
# rubocop_fail_level: 'warning'
|
36
|
-
|
37
|
-
# Whether or not to use --force-exclusion when building the rubocop command. Use this if you are only linting modified
|
38
|
-
# files and typically excluded files have been changed. For example, if you exclude db/schema.rb in your rubocop.yml
|
39
|
-
# but a change gets made, then with the check_scope config set to 'modified' rubocop will lint db/schema.rb. If you set
|
40
|
-
# this to true, rubocop will ignore it.
|
41
|
-
# Valid options: true || false
|
42
|
-
# Default: false
|
43
|
-
|
44
|
-
# Instead of installing gems from rubygems, we can run `bundle install` on your project,
|
45
|
-
# you would need to do this if you are using something like 'rubocop-github' or if you don't
|
46
|
-
# want to list out dependencies with the `versions` key.
|
47
|
-
# Valid options: true || false
|
48
|
-
# Default: false
|
49
|
-
# bundle: false
|
50
|
-
|
51
|
-
# The scope of code that Rubocop should lint. Use this if you only want to lint changed files. If this is not set
|
52
|
-
# or not equal to 'modified', Rubocop is run against the entire codebase. Note that this will not work on the master branch.
|
53
|
-
# Valid options: 'modified'
|
54
|
-
# Default: nil
|
55
|
-
|
56
|
-
# The base branch against which changes will be compared, if check_scope config is set to 'modified'.
|
57
|
-
# This setting is not used if check_scope != 'modified'.
|
58
|
-
# Valid options: 'origin/another_branch'
|
59
|
-
# Default: 'origin/master'
|
@@ -1,22 +0,0 @@
|
|
1
|
-
name: Rubocop check
|
2
|
-
|
3
|
-
on:
|
4
|
-
pull_request:
|
5
|
-
branches:
|
6
|
-
- "*"
|
7
|
-
push:
|
8
|
-
branches:
|
9
|
-
- master
|
10
|
-
jobs:
|
11
|
-
build:
|
12
|
-
name: RuboCop Action
|
13
|
-
runs-on: ubuntu-latest
|
14
|
-
steps:
|
15
|
-
- name: Checkout Action
|
16
|
-
uses: actions/checkout@v1
|
17
|
-
- name: Rubocop Linter Action
|
18
|
-
uses: andrewmcodes/rubocop-linter-action@v3.2.0
|
19
|
-
with:
|
20
|
-
action_config_path: '.github/config/rubocop_linter_action.yml'
|
21
|
-
env:
|
22
|
-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
data/test/fixtures/id_token.txt
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzcyI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZfV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5NzAKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6qJp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJNqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7TpdQyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoSK5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg
|
data/test/fixtures/jwks.json
DELETED
@@ -1,8 +0,0 @@
|
|
1
|
-
{"keys": [{
|
2
|
-
"kty": "RSA",
|
3
|
-
"n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
|
4
|
-
"e": "AQAB",
|
5
|
-
"alg": "RS256",
|
6
|
-
"kid": "1e9gdk7"
|
7
|
-
}]
|
8
|
-
}
|