omniauth_openid_connect 0.4.0 → 0.6.0

data/test/strategy_test_case.rb

@@ -1,32 +1,76 @@
+# frozen_string_literal: true
+
 class StrategyTestCase < MiniTest::Test
   class DummyApp
     def call(env); end
   end
 
-  attr_accessor :identifier, :secret
+  attr_accessor :identifier, :secret, :issuer, :nonce
 
   def setup
     @identifier = '1234'
     @secret = '1234asdgat3'
+    @issuer = 'https://server.example.com'
+    @nonce = SecureRandom.hex(16)
   end
 
   def client
     strategy.client
   end
 
+  def payload
+    {
+      "iss": issuer,
+      "aud": identifier,
+      "sub": '248289761001',
+      "nonce": nonce,
+      "exp": Time.now.to_i + 1000,
+      "iat": Time.now.to_i,
+    }
+  end
+
+  def private_key
+    @private_key ||= OpenSSL::PKey::RSA.generate(512)
+  end
+
+  def jwt
+    @jwt ||= JSON::JWT.new(payload).sign(private_key, :RS256)
+  end
+
+  def hmac_secret
+    @hmac_secret ||= SecureRandom.hex(16)
+  end
+
+  def jwt_with_hs256
+    @jwt_with_hs256 ||= JSON::JWT.new(payload).sign(hmac_secret, :HS256)
+  end
+
+  def jwt_with_hs512
+    @jwt_with_hs512 ||= JSON::JWT.new(payload).sign(hmac_secret, :HS512)
+  end
+
+  def jwks
+    @jwks ||= begin
+      key = JSON::JWK.new(private_key)
+      keyset = JSON::JWK::Set.new(key)
+      { keys: keyset }
+    end
+  end
+
   def user_info
     @user_info ||= OpenIDConnect::ResponseObject::UserInfo.new(
       sub: SecureRandom.hex(16),
       name: Faker::Name.name,
       email: Faker::Internet.email,
+      email_verified: Faker::Boolean.boolean,
       nickname: Faker::Name.first_name,
       preferred_username: Faker::Internet.user_name,
       given_name: Faker::Name.first_name,
       family_name: Faker::Name.last_name,
       gender: 'female',
-      picture: Faker::Internet.url + '.png',
+      picture: "#{Faker::Internet.url}.png",
       phone_number: Faker::PhoneNumber.phone_number,
-      website: Faker::Internet.url,
+      website: Faker::Internet.url
     )
   end
 

data/test/test_helper.rb

@@ -1,16 +1,26 @@
-lib = File.expand_path('../../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+# frozen_string_literal: true
 
 require 'simplecov'
-require 'coveralls'
 require 'minitest/autorun'
 require 'mocha/minitest'
 require 'faker'
 require 'active_support'
+
+SimpleCov.start do
+  if ENV['CI']
+    require 'simplecov-lcov'
+
+    SimpleCov::Formatter::LcovFormatter.config do |c|
+      c.report_with_single_file = true
+      c.single_report_path = 'coverage/lcov.info'
+    end
+
+    formatter SimpleCov::Formatter::LcovFormatter
+  end
+end
+
+lib = File.expand_path('../lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'omniauth_openid_connect'
 require_relative 'strategy_test_case'
-
-SimpleCov.command_name 'test'
-SimpleCov.start
-Coveralls.wear!
 OmniAuth.config.test_mode = true

metadata

@@ -1,30 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: omniauth_openid_connect
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors:
 - John Bohn
 - Ilya Shcherbinin
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-06 00:00:00.000000000 Z
+date: 2023-01-22 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: addressable
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.5'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
@@ -59,20 +45,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
-- !ruby/object:Gem::Dependency
-  name: coveralls
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.8'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: faker
   requirement: !ruby/object:Gem::Requirement
@@ -191,14 +163,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '0.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.21'
+- !ruby/object:Gem::Dependency
+  name: simplecov-lcov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '0.8'
 description: OpenID Connect Strategy for OmniAuth.
 email:
 - jjbohn@gmail.com
@@ -207,10 +193,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/config/rubocop_linter_action.yml"
 - ".github/stale.yml"
 - ".github/workflows/main.yml"
-- ".github/workflows/rubocop.yml"
 - ".gitignore"
 - ".rubocop.yml"
 - CHANGELOG.md
@@ -225,8 +209,6 @@ files:
 - lib/omniauth/strategies/openid_connect.rb
 - lib/omniauth_openid_connect.rb
 - omniauth_openid_connect.gemspec
-- test/fixtures/id_token.txt
-- test/fixtures/jwks.json
 - test/fixtures/test.crt
 - test/lib/omniauth/strategies/openid_connect_test.rb
 - test/strategy_test_case.rb
@@ -237,10 +219,10 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
   changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
-  documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.4.0#readme
-  source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.4.0
+  documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.0#readme
+  source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.0
   rubygems_mfa_required: 'true'
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -255,13 +237,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.5
-signing_key: 
+rubygems_version: 3.4.3
+signing_key:
 specification_version: 4
 summary: OpenID Connect Strategy for OmniAuth
 test_files:
-- test/fixtures/id_token.txt
-- test/fixtures/jwks.json
 - test/fixtures/test.crt
 - test/lib/omniauth/strategies/openid_connect_test.rb
 - test/strategy_test_case.rb

data/.github/config/rubocop_linter_action.yml

@@ -1,59 +0,0 @@
-# Description: The name of the check that will be created.
-# Valid Options: A reasonably sized string.
-# Default: 'Rubocop Action'
-check_name: 'Rubocop Results'
-
-# Description: Versions required to run your RuboCop checks.
-# Valid options: RuboCop and any RuboCop extension, by default the latest gem version will be used. You can explicitly state that
-# (not required) or use a version number, like '1.5.1'.
-# Default:
-#   versions:
-#     - rubocop: 'latest'
-versions:
-  - rubocop
-  - rubocop-minitest
-  - rubocop-performance: '1.5.1'
-
-# Description: Rubocop configuration file path relative to the workspace.
-# Valid options: A valid file path inside of the workspace.
-# Default: nil
-# Note: This does not need to be filled out for Rubocop to still find your config.
-# Resource: https://rubocop.readthedocs.io/en/stable/configuration/
-rubocop_config_path: '.rubocop.yml'
-
-# Run all cops enabled by configuration except this list.
-# Valid options: list of valid cop(s) and/or departments.
-# Default: nil
-# Resource: https://rubocop.readthedocs.io/en/stable/cops/
-# rubocop_excluded_cops:
-#   - 'Style/FrozenStringLiteralComment'
-
-# Minimum severity for exit with error code
-# Valid options: 'refactor', 'convention', 'warning', 'error', or 'fatal'.
-# Default: 'warning'
-# Resource: https://rubocop.readthedocs.io/en/stable/configuration/#severity
-# rubocop_fail_level: 'warning'
-
-# Whether or not to use --force-exclusion when building the rubocop command. Use this if you are only linting modified
-# files and typically excluded files have been changed. For example, if you exclude db/schema.rb in your rubocop.yml
-# but a change gets made, then with the check_scope config set to 'modified' rubocop will lint db/schema.rb. If you set
-# this to true, rubocop will ignore it.
-# Valid options: true || false
-# Default: false
-
-# Instead of installing gems from rubygems, we can run `bundle install` on your project,
-# you would need to do this if you are using something like 'rubocop-github' or if you don't
-# want to list out dependencies with the `versions` key.
-# Valid options: true || false
-# Default: false
-# bundle: false
-
-# The scope of code that Rubocop should lint. Use this if you only want to lint changed files. If this is not set
-# or not equal to 'modified', Rubocop is run against the entire codebase. Note that this will not work on the master branch.
-# Valid options: 'modified'
-# Default: nil
-
-# The base branch against which changes will be compared, if check_scope config is set to 'modified'.
-# This setting is not used if check_scope != 'modified'.
-# Valid options: 'origin/another_branch'
-# Default: 'origin/master'

data/.github/workflows/rubocop.yml

@@ -1,22 +0,0 @@
-name: Rubocop check
-
-on:
-  pull_request:
-    branches:
-      - "*"
-  push:
-    branches:
-      - master
-jobs:
-  build:
-    name: RuboCop Action
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout Action
-      uses: actions/checkout@v1
-    - name: Rubocop Linter Action
-      uses: andrewmcodes/rubocop-linter-action@v3.2.0
-      with:
-        action_config_path: '.github/config/rubocop_linter_action.yml'
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

data/test/fixtures/id_token.txt

@@ -1 +0,0 @@
-eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzcyI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZfV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5NzAKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6qJp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJNqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7TpdQyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoSK5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg

data/test/fixtures/jwks.json

@@ -1,8 +0,0 @@
-{"keys": [{
-    "kty": "RSA",
-    "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
-    "e": "AQAB",
-    "alg": "RS256",
-    "kid": "1e9gdk7"
-  }]
-}