omniauth_openid_connect 0.3.1 → 0.3.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a57713d348ab1dcc7869b8d10ed8b616958019a0c7003a0b5e43e00e85650b0a
4
- data.tar.gz: e6ff5320c65348937e7fa2cf140aff27f89957415ded839debcd645e01031353
3
+ metadata.gz: 0024abec2d29c79f701d7de6af9e5addf2be2e3da443413d8e1eb90ab5a1edb0
4
+ data.tar.gz: 4d564cf7d4f5fcf4da6a961cdf39c7d8a1e943addb3e39a82953a2aaa2757db6
5
5
  SHA512:
6
- metadata.gz: 5664e73c24e1521b4b29461eb3ee558dfb143d75322c83f2c3d3f3ee48cd24c8e99f1a348915de574abb1b907103de948cf0c16ebfebd11fa13a2e8206f13d78
7
- data.tar.gz: 272a32b0b75f54ca1d861fe361c380d6ee2d9170b9862322f7e9b6edd12e7e2a9cfc37db95b2b549896f9ebc1d6e90272ec0a24cefc4ed195ccc90edff5476d5
6
+ metadata.gz: 5411ae4999e350a9127890ad4041c099bbefdc765a40f98db108018f9d09f4f402f93f28466c1b079412b875da00ba609906ed04da55addf2a7b486819b65887
7
+ data.tar.gz: 0a4b11ac66f14441d106c9d41a02f2464632592c7e746086675b8b3504570fcaf63cc9af55306dd447fa57cc502abb8fc6185beee6f09822693124221b8010aa
@@ -1,3 +1,9 @@
1
+ # v0.3.2 (03.08.2019)
2
+
3
+ - Use response_mode in `authorize_uri` if the option is defined [#30](https://github.com/m0n9oose/omniauth_openid_connect/pull/30)
4
+ - Move verification of `id_token` to before accessing tokens [#28](https://github.com/m0n9oose/omniauth_openid_connect/pull/28)
5
+ - Update omniauth dependency [#26](https://github.com/m0n9oose/omniauth_openid_connect/pull/26)
6
+
1
7
  # v0.3.1 (08.06.2019)
2
8
 
3
9
  - Set default OmniAuth name to openid_connect [#23](https://github.com/m0n9oose/omniauth_openid_connect/pull/23)
data/README.md CHANGED
@@ -68,6 +68,7 @@ Configuration details:
68
68
  configured by providing the omniauth `uid_field` option to a different label (i.e. `preferred_username`)
69
69
  that appears in the `user_info` details.
70
70
  * The `issuer` property should exactly match the provider's issuer link.
71
+ * The `response_mode` option is optional and specifies how the result of the authorization request is formatted.
71
72
 
72
73
  For the full low down on OpenID Connect, please check out
73
74
  [the spec](http://openid.net/specs/openid-connect-core-1_0.html).
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module OpenIDConnect
5
- VERSION = '0.3.1'
5
+ VERSION = '0.3.2'
6
6
  end
7
7
  end
@@ -37,7 +37,7 @@ module OmniAuth
37
37
  option :scope, [:openid]
38
38
  option :response_type, 'code'
39
39
  option :state
40
- option :response_mode
40
+ option :response_mode # [:query, :fragment, :form_post, :web_message]
41
41
  option :display, nil # [:page, :popup, :touch, :wap]
42
42
  option :prompt, nil # [:none, :login, :consent, :select_account]
43
43
  option :hd, nil
@@ -112,6 +112,12 @@ module OmniAuth
112
112
  return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(params['error'])) unless params['code']
113
113
 
114
114
  options.issuer = issuer if options.issuer.nil? || options.issuer.empty?
115
+
116
+ decode_id_token(params['id_token'])
117
+ .verify! issuer: options.issuer,
118
+ client_id: client_options.identifier,
119
+ nonce: stored_nonce
120
+
115
121
  discover!
116
122
  client.redirect_uri = redirect_uri
117
123
  client.authorization_code = authorization_code
@@ -150,6 +156,7 @@ module OmniAuth
150
156
  client.redirect_uri = redirect_uri
151
157
  opts = {
152
158
  response_type: options.response_type,
159
+ response_mode: options.response_mode,
153
160
  scope: options.scope,
154
161
  state: new_state,
155
162
  login_hint: params['login_hint'],
@@ -197,13 +204,6 @@ module OmniAuth
197
204
  scope: (options.scope if options.send_scope_to_token_endpoint),
198
205
  client_auth_method: options.client_auth_method
199
206
  )
200
- id_token = decode_id_token(@access_token.id_token)
201
- id_token.verify!(
202
- issuer: options.issuer,
203
- client_id: client_options.identifier,
204
- nonce: stored_nonce
205
- )
206
- @access_token
207
207
  end
208
208
 
209
209
  def decode_id_token(id_token)
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
20
20
  spec.require_paths = ['lib']
21
21
 
22
22
  spec.add_dependency 'addressable', '~> 2.5'
23
- spec.add_dependency 'omniauth', '~> 1.3'
23
+ spec.add_dependency 'omniauth', '~> 1.9'
24
24
  spec.add_dependency 'openid_connect', '~> 1.1'
25
25
  spec.add_development_dependency 'coveralls', '~> 0.8'
26
26
  spec.add_development_dependency 'faker', '~> 1.6'
@@ -112,6 +112,17 @@ module OmniAuth
112
112
  assert_nil strategy.options.client_options.end_session_endpoint
113
113
  end
114
114
 
115
+ def test_request_phase_with_response_mode
116
+ expected_redirect = /^https:\/\/example\.com\/authorize\?client_id=1234&nonce=\w{32}&response_mode=form_post&response_type=id_token&scope=openid&state=\w{32}$/
117
+ strategy.options.issuer = 'example.com'
118
+ strategy.options.response_mode = 'form_post'
119
+ strategy.options.response_type = 'id_token'
120
+ strategy.options.client_options.host = 'example.com'
121
+
122
+ strategy.expects(:redirect).with(regexp_matches(expected_redirect))
123
+ strategy.request_phase
124
+ end
125
+
115
126
  def test_uid
116
127
  assert_equal user_info.sub, strategy.uid
117
128
 
@@ -136,6 +147,7 @@ module OmniAuth
136
147
  id_token = stub('OpenIDConnect::ResponseObject::IdToken')
137
148
  id_token.stubs(:verify!).with(issuer: strategy.options.issuer, client_id: @identifier, nonce: nonce).returns(true)
138
149
  ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
150
+ id_token.expects(:verify!)
139
151
 
140
152
  strategy.unstub(:user_info)
141
153
  access_token = stub('OpenIDConnect::AccessToken')
@@ -241,6 +253,11 @@ module OmniAuth
241
253
  strategy.stubs(:access_token).raises(::Timeout::Error.new('error'))
242
254
  strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
243
255
  strategy.expects(:fail!)
256
+
257
+ id_token = stub('OpenIDConnect::ResponseObject::IdToken')
258
+ id_token.stubs(:verify!).with(issuer: 'example.com', client_id: @identifier, nonce: nonce).returns(true)
259
+ ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
260
+
244
261
  strategy.callback_phase
245
262
  end
246
263
 
@@ -256,6 +273,11 @@ module OmniAuth
256
273
  strategy.stubs(:access_token).raises(::Errno::ETIMEDOUT.new('error'))
257
274
  strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
258
275
  strategy.expects(:fail!)
276
+
277
+ id_token = stub('OpenIDConnect::ResponseObject::IdToken')
278
+ id_token.stubs(:verify!).with(issuer: 'example.com', client_id: @identifier, nonce: nonce).returns(true)
279
+ ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
280
+
259
281
  strategy.callback_phase
260
282
  end
261
283
 
@@ -271,6 +293,11 @@ module OmniAuth
271
293
  strategy.stubs(:access_token).raises(::SocketError.new('error'))
272
294
  strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
273
295
  strategy.expects(:fail!)
296
+
297
+ id_token = stub('OpenIDConnect::ResponseObject::IdToken')
298
+ id_token.stubs(:verify!).with(issuer: 'example.com', client_id: @identifier, nonce: nonce).returns(true)
299
+ ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
300
+
274
301
  strategy.callback_phase
275
302
  end
276
303
 
@@ -286,6 +313,11 @@ module OmniAuth
286
313
  strategy.stubs(:access_token).raises(::Rack::OAuth2::Client::Error.new('error', error: 'Unknown'))
287
314
  strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
288
315
  strategy.expects(:fail!)
316
+
317
+ id_token = stub('OpenIDConnect::ResponseObject::IdToken')
318
+ id_token.stubs(:verify!).with(issuer: 'example.com', client_id: @identifier, nonce: nonce).returns(true)
319
+ ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
320
+
289
321
  strategy.callback_phase
290
322
  end
291
323
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth_openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Bohn
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-06-08 00:00:00.000000000 Z
12
+ date: 2019-08-03 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: addressable
@@ -31,14 +31,14 @@ dependencies:
31
31
  requirements:
32
32
  - - "~>"
33
33
  - !ruby/object:Gem::Version
34
- version: '1.3'
34
+ version: '1.9'
35
35
  type: :runtime
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
39
  - - "~>"
40
40
  - !ruby/object:Gem::Version
41
- version: '1.3'
41
+ version: '1.9'
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: openid_connect
44
44
  requirement: !ruby/object:Gem::Requirement