omniauth_openid_connect 0.3.5 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9c030571ea9bcbd861ebe4d8455282c0b1b34c17af77294660b1c0123ed976ab
-  data.tar.gz: 2f4b2a8cd026797260f36e358ac7678a6827486889f23aab325d08e0d390b649
+  metadata.gz: 7b5060fd9a0536e2740b340c56459f76b628912dea1ad54da415c2453921e6e3
+  data.tar.gz: ada9bd68c69837538cd485ce0595525b2109feb0f79611a3ceb06fa1bf7eed96
 SHA512:
-  metadata.gz: afdf6363a18b019939a88abc612be51b20780fdeae2f1f300ef5e9df5a1002a97812b17360939e1ba9bb0b3bf4e54471e3da0ec6de858ac2afa40df15fdfb23d
-  data.tar.gz: e449bd59e5e75cfcce12ae27e5072fb8e3fe821e969a510856bbad0ed2553252345826ed16e97ecdbe1405a8c4be275195f759e71aed99fd699bf9509bffa0f3
+  metadata.gz: 24c424fb608e45beba966b6914accdfad6e5af277c9428c94d3aec4ab3f4c010bfa66117a42d6ad1f57de9ea6d6d3ff99eaa5a33bdcbc753d1b7db568f3e870b
+  data.tar.gz: f2ebfcd68b35425cc656ecaa58151b962d0bc96a4023f1bfcf312e363e2e0878c298bc90d7fc70104220b71cdbc77346b3f64c4653222b8df1110a12bb249dd0

data/.github/workflows/main.yml

@@ -0,0 +1,31 @@
+name: Main
+on:
+  push:
+    branches:
+      - main
+      - master
+
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  base:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["2.5", "2.6", "2.7", "3.0"]
+    name: Ruby ${{ matrix.ruby }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Run tests
+        run: bundle exec rake

data/.rubocop.yml

@@ -1,3 +1,6 @@
+Gemspec/RequiredRubyVersion:
+  Enabled: false
+
 LineLength:
   Description: 'Limit lines to 130 characters.'
   Max: 130
@@ -36,7 +39,10 @@ Documentation:
   Enabled: false
 
 Metrics/AbcSize:
-  Max: 50
+  Max: 60
+
+Metrics/ClassLength:
+  Max: 300
 
 Metrics/CyclomaticComplexity:
   Max: 50

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+# v0.4.0 (02.05.2021)
+
+- Support dynamic parameters to the authorize URI [#90](https://github.com/omniauth/omniauth_openid_connect/pull/90)
+- Upgrade Faker and replace Travis with Github Actions [#102](https://github.com/omniauth/omniauth_openid_connect/pull/102)
+- Make `omniauth_openid_connect` gem compatible with `omniauth v2.0` [#95](https://github.com/omniauth/omniauth_openid_connect/pull/95)
+- Fall back to the discovered jwks when no key specified [#97](https://github.com/omniauth/omniauth_openid_connect/pull/97)
+- Allow updating to omniauth v2 [#88](https://github.com/omniauth/omniauth_openid_connect/pull/88)
+
 # v0.3.5 (07.06.2020)
 
 - bugfix: Info from decoded id_token is not exposed into `request.env['omniauth.auth']` [#61](https://github.com/m0n9oose/omniauth_openid_connect/pull/61)

data/Guardfile

@@ -5,7 +5,7 @@
 
 guard 'minitest' do
   # with Minitest::Unit
-  watch(%r{^test/(.*)\/(.*)_test\.rb})
+  watch(%r{^test/(.*)/(.*)_test\.rb})
   watch(%r{^lib/(.*)\.rb}) { |m| "test/lib/#{m[1]}_test.rb" }
   watch(%r{^test/test_helper\.rb}) { 'test' }
 end

data/README.md

@@ -1,10 +1,19 @@
+# Maintainers Wanted
+
+This project is looking for maintainers.
+
+Due to lack of using this gem in my projects I have no time to keep it alive.
+Feel free to open an issue if you interested.
+
+_This project is built and maintained 100% voluntarily._
+
 # OmniAuth::OpenIDConnect
 
 Originally was [omniauth-openid-connect](https://github.com/jjbohn/omniauth-openid-connect)
 
 I've forked this repository and launch as separate gem because maintaining of original was dropped.
 
-[![Build Status](https://travis-ci.org/m0n9oose/omniauth_openid_connect.png?branch=master)](https://travis-ci.org/m0n9oose/omniauth_openid_connect)
+[![Build Status](https://github.com/omniauth/omniauth_openid_connect/actions/workflows/main.yml/badge.svg)](https://github.com/omniauth/omniauth_openid_connect/actions/workflows/main.yml)
 
 ## Installation
 
@@ -19,7 +28,7 @@ And then execute:
 Or install it yourself as:
 
     $ gem install omniauth_openid_connect
-    
+
 ## Supported Ruby Versions
 
 OmniAuth::OpenIDConnect is tested under 2.4, 2.5, 2.6, 2.7
@@ -61,6 +70,8 @@ config.omniauth :openid_connect, {
 | send_scope_to_token_endpoint | Should the scope parameter be sent to the authorization token endpoint?                                                                                       | no       | true                       | one of: true, false                                 |
 | post_logout_redirect_uri     | The logout redirect uri to use per the [session management draft](https://openid.net/specs/openid-connect-session-1_0.html)                                   | no       | empty                      | https://myapp.com/logout/callback                   |
 | uid_field                    | The field of the user info response to be used as a unique id                                                                                                 | no       | 'sub'                      | "sub", "preferred_username"                         |
+| extra_authorize_params       | A hash of extra fixed parameters that will be merged to the authorization request                                                                             | no       | Hash                       | {"tenant" => "common"}                              |
+| allow_authorize_params       | A list of allowed dynamic parameters that will be merged to the authorization request                                                                         | no       | Array                      | [:screen_name]                                      |
 | client_options               | A hash of client options detailed in its own section                                                                                                          | yes      |                            |                                                     |
 
 ### Client Config Options

data/lib/omniauth/openid_connect/errors.rb

@@ -3,7 +3,9 @@
 module OmniAuth
   module OpenIDConnect
     class Error < RuntimeError; end
+
     class MissingCodeError < Error; end
+
     class MissingIdTokenError < Error; end
   end
 end

data/lib/omniauth/openid_connect/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module OpenIDConnect
-    VERSION = '0.3.5'
+    VERSION = '0.4.0'
   end
 end

data/lib/omniauth/strategies/openid_connect.rb

@@ -55,6 +55,7 @@ module OmniAuth
       option :client_auth_method
       option :post_logout_redirect_uri
       option :extra_authorize_params, {}
+      option :allow_authorize_params, []
       option :uid_field, 'sub'
 
       def uid
@@ -173,13 +174,17 @@ module OmniAuth
 
         opts.merge!(options.extra_authorize_params) unless options.extra_authorize_params.empty?
 
+        options.allow_authorize_params.each do |key|
+          opts[key] = request.params[key.to_s] unless opts.key?(key)
+        end
+
         client.authorization_uri(opts.reject { |_k, v| v.nil? })
       end
 
       def public_key
         return config.jwks if options.discovery
 
-        key_or_secret
+        key_or_secret || config.jwks
       end
 
       private
@@ -256,6 +261,12 @@ module OmniAuth
         session.delete('omniauth.nonce')
       end
 
+      def script_name
+        return '' if @env.nil?
+
+        super
+      end
+
       def session
         return {} if @env.nil?
 
@@ -349,6 +360,7 @@ module OmniAuth
         attr_accessor :error, :error_reason, :error_uri
 
         def initialize(data)
+          super
           self.error = data[:error]
           self.error_reason = data[:reason]
           self.error_uri = data[:uri]

data/omniauth_openid_connect.gemspec

@@ -19,17 +19,25 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
+  spec.metadata = {
+    'bug_tracker_uri' => 'https://github.com/m0n9oose/omniauth_openid_connect/issues',
+    'changelog_uri' => 'https://github.com/m0n9oose/omniauth_openid_connect/releases',
+    'documentation_uri' => "https://github.com/m0n9oose/omniauth_openid_connect/tree/v#{spec.version}#readme",
+    'source_code_uri' => "https://github.com/m0n9oose/omniauth_openid_connect/tree/v#{spec.version}",
+    'rubygems_mfa_required' => 'true',
+  }
+
   spec.add_dependency 'addressable', '~> 2.5'
-  spec.add_dependency 'omniauth', '~> 1.9'
+  spec.add_dependency 'omniauth', '>= 1.9', '< 3'
   spec.add_dependency 'openid_connect', '~> 1.1'
   spec.add_development_dependency 'coveralls', '~> 0.8'
-  spec.add_development_dependency 'faker', '~> 1.6'
+  spec.add_development_dependency 'faker', '~> 2.0'
   spec.add_development_dependency 'guard', '~> 2.14'
   spec.add_development_dependency 'guard-bundler', '~> 2.2'
   spec.add_development_dependency 'guard-minitest', '~> 2.4'
   spec.add_development_dependency 'minitest', '~> 5.1'
   spec.add_development_dependency 'mocha', '~> 1.7'
   spec.add_development_dependency 'rake', '~> 12.0'
-  spec.add_development_dependency 'rubocop', '~> 0.63'
+  spec.add_development_dependency 'rubocop', '~> 1.12'
   spec.add_development_dependency 'simplecov', '~> 0.12'
 end

data/test/lib/omniauth/strategies/openid_connect_test.rb

@@ -36,6 +36,7 @@ module OmniAuth
         ::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
 
         request.stubs(:path_info).returns('/auth/openid_connect/logout')
+        request.stubs(:path).returns('/auth/openid_connect/logout')
 
         strategy.expects(:redirect).with(regexp_matches(expected_redirect))
         strategy.other_phase
@@ -60,6 +61,7 @@ module OmniAuth
         ::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
 
         request.stubs(:path_info).returns('/auth/openid_connect/logout')
+        request.stubs(:path).returns('/auth/openid_connect/logout')
 
         strategy.expects(:redirect).with(expected_redirect)
         strategy.other_phase
@@ -69,7 +71,7 @@ module OmniAuth
         strategy.options.issuer = 'example.com'
         strategy.options.client_options.host = 'example.com'
 
-        request.stubs(:path_info).returns('/auth/openid_connect/logout')
+        request.stubs(:path).returns('/auth/openid_connect/logout')
 
         strategy.expects(:call_app!)
         strategy.other_phase
@@ -150,6 +152,19 @@ module OmniAuth
         assert(strategy.authorize_uri =~ /resource=xyz/, 'URI must contain custom params')
       end
 
+      def test_request_phase_with_allowed_params
+        strategy.options.issuer = 'example.com'
+        strategy.options.allow_authorize_params = [:name, :logo, :resource]
+        strategy.options.extra_authorize_params = {resource: 'xyz'}
+        strategy.options.client_options.host = 'example.com'
+        request.stubs(:params).returns('name' => 'example', 'logo' => 'example_logo', 'resource' => 'abc', 'not_allowed' => 'filter_me')
+
+        assert(strategy.authorize_uri =~ /resource=xyz/, 'URI must contain fixed param resource')
+        assert(strategy.authorize_uri =~ /name=example/, 'URI must contain dynamic param name')
+        assert(strategy.authorize_uri =~ /logo=example_logo/, 'URI must contain dynamic param logo')
+        refute(strategy.authorize_uri =~ /not_allowed=filter_me/, 'URI must filter not allowed param')
+      end
+
       def test_uid
         assert_equal user_info.sub, strategy.uid
 
@@ -165,7 +180,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('code' => code, 'state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.options.issuer = 'example.com'
         strategy.options.client_signing_alg = :RS256
@@ -197,7 +212,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('id_token' => code, 'state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.options.issuer = 'example.com'
         strategy.options.client_signing_alg = :RS256
@@ -229,7 +244,7 @@ module OmniAuth
         jwks = JSON::JWK::Set.new(JSON.parse(File.read('test/fixtures/jwks.json'))['keys'])
 
         request.stubs(:params).returns('code' => code, 'state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.options.client_options.host = 'example.com'
         strategy.options.discovery = true
@@ -270,7 +285,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('error' => 'invalid_request')
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
         strategy.expects(:fail!)
@@ -282,7 +297,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('code' => code, 'state' => 'foobar')
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
         strategy.expects(:fail!)
@@ -293,7 +308,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
 
@@ -305,7 +320,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
         strategy.options.response_type = 'id_token'
 
         strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
@@ -318,7 +333,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
         strategy.options.response_type = :id_token
 
         strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
@@ -332,7 +347,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('code' => code, 'state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.options.issuer = 'example.com'
 
@@ -352,7 +367,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('code' => code, 'state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.options.issuer = 'example.com'
 
@@ -372,7 +387,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('code' => code, 'state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.options.issuer = 'example.com'
 
@@ -392,7 +407,7 @@ module OmniAuth
         state = SecureRandom.hex(16)
         nonce = SecureRandom.hex(16)
         request.stubs(:params).returns('code' => code, 'state' => state)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.options.issuer = 'example.com'
 
@@ -493,7 +508,7 @@ module OmniAuth
         # the following should fail because the wrong state is passed to the callback
         code = SecureRandom.hex(16)
         request.stubs(:params).returns('code' => code, 'state' => 43)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.call!('rack.session' => session)
         strategy.expects(:fail!)
@@ -502,7 +517,7 @@ module OmniAuth
 
       def test_dynamic_state
         # Stub request parameters
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
         strategy.call!('rack.session' => { }, QUERY_STRING: { state: 'abc', client_id: '123' } )
 
         strategy.options.state = lambda { |env|
@@ -535,7 +550,7 @@ module OmniAuth
         }.to_json
         success = Struct.new(:status, :body).new(200, json_response)
 
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
         strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
 
         id_token = stub('OpenIDConnect::ResponseObject::IdToken')
@@ -600,7 +615,7 @@ module OmniAuth
         )
 
         request.stubs(:params).returns('state' => state, 'nounce' => nonce, 'id_token' => id_token)
-        request.stubs(:path_info).returns('')
+        request.stubs(:path).returns('')
 
         strategy.stubs(:decode_id_token).returns(id_token)
         strategy.stubs(:stored_state).returns(state)

data/test/strategy_test_case.rb

@@ -37,6 +37,7 @@ class StrategyTestCase < MiniTest::Test
       request.stubs(:env).returns({})
       request.stubs(:scheme).returns({})
       request.stubs(:ssl?).returns(false)
+      request.stubs(:path).returns('')
     end
   end
 
@@ -46,6 +47,7 @@ class StrategyTestCase < MiniTest::Test
       strategy.options.client_options.secret = @secret
       strategy.stubs(:request).returns(request)
       strategy.stubs(:user_info).returns(user_info)
+      strategy.stubs(:script_name).returns('')
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth_openid_connect
 version: !ruby/object:Gem::Version
-  version: 0.3.5
+  version: 0.4.0
 platform: ruby
 authors:
 - John Bohn
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-07 00:00:00.000000000 Z
+date: 2022-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -29,16 +29,22 @@ dependencies:
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.9'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.9'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: openid_connect
   requirement: !ruby/object:Gem::Requirement
@@ -73,14 +79,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: guard
   requirement: !ruby/object:Gem::Requirement
@@ -171,14 +177,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.63'
+        version: '1.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.63'
+        version: '1.12'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -203,10 +209,10 @@ extra_rdoc_files: []
 files:
 - ".github/config/rubocop_linter_action.yml"
 - ".github/stale.yml"
+- ".github/workflows/main.yml"
 - ".github/workflows/rubocop.yml"
 - ".gitignore"
 - ".rubocop.yml"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - Guardfile
@@ -228,7 +234,12 @@ files:
 homepage: https://github.com/m0n9oose/omniauth_openid_connect
 licenses:
 - MIT
-metadata: {}
+metadata:
+  bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
+  changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
+  documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.4.0#readme
+  source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.4.0
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -244,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: OpenID Connect Strategy for OmniAuth

data/.travis.yml

@@ -1,8 +0,0 @@
-language: ruby
-rvm:
-  - 2.4
-  - 2.5
-  - 2.6
-  - 2.7
-  - jruby-head
-  - ruby-head