openid-token-proxy 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/README.md +2 -0
  4. data/app/controllers/openid_token_proxy/callback_controller.rb +1 -18
  5. data/lib/openid_token_proxy.rb +1 -0
  6. data/lib/openid_token_proxy/concerns/callback_controller.rb +26 -0
  7. data/lib/openid_token_proxy/token/authentication.rb +0 -2
  8. data/lib/openid_token_proxy/token/refresh.rb +0 -2
  9. data/lib/openid_token_proxy/version.rb +1 -1
  10. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 367c9b989127b83d27046b97d8d0eed4bb62bc26
4
- data.tar.gz: 0f5b072253012066745622211b7176ba24a797d7
3
+ metadata.gz: a6d5534b9ef67edc50b5003b4d7a70cf1fb4382e
4
+ data.tar.gz: 67c985af3debaa56cd7cfa17e34fe15433b5ff0e
5
5
  SHA512:
6
- metadata.gz: 61558da5b310ec2fb8322b1d8011d5b6df5081e6943f95c70e8c73685fdda3047d67252a57bf9efc220403f78e4d4a75910fab19589feb57fcba2f1187501ccb
7
- data.tar.gz: 4fca1eff9249fa10be128a1874da69aa82f08feb4bddbda93df17e6af75c192e761eb2f735befe3cbe1410e9b44f1c9609c2e5982b6b0c44205ea9b8f496f5ee
6
+ metadata.gz: 6bab4ffceb974e02ab030cadee28b0724fedf4efa2fe82bae676a629401e500dbc6334dad2ca8a70557f8f39a1fef799ec9cb2a51a5f9bdcf693c05e843def7b
7
+ data.tar.gz: 55e5f7efe285331a331d47deebeed8d11843ca4b10d54bb2f631697fb3433b069dd5f05bd450d519414382900705c30ed3218747c8543370dd9e7603ae0d1137
data/CHANGELOG.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # Changelog
2
2
 
3
+ ### v0.1.2 - May 18, 2015
4
+
5
+ - Allow overriding `CallbackController`.
6
+
7
+
3
8
  ### v0.1.1 - May 12, 2015
4
9
 
5
10
  - Token expiry time is exposed through `X-Token-Expiry-Time` header.
data/README.md CHANGED
@@ -125,6 +125,8 @@ OpenIDTokenProxy.configure do |config|
125
125
  end
126
126
  ```
127
127
 
128
+ **Warning**: Redirecting to any path with query parameters (e.g. `example.com/?token=xxx`) could theoretically leak tokens to third parties through the `Referer`-header for external assets.
129
+
128
130
 
129
131
  ### Token authentication
130
132
 
data/app/controllers/openid_token_proxy/callback_controller.rb CHANGED
@@ -1,22 +1,5 @@
1
1
  module OpenIDTokenProxy
2
2
  class CallbackController < ApplicationController
3
- def handle
4
- unless code = params[:code]
5
- render text: "Required parameter 'code' missing.", status: :bad_request
6
- return
7
- end
8
-
9
- begin
10
- token = OpenIDTokenProxy.client.retrieve_token!(auth_code: code)
11
- rescue OpenIDTokenProxy::Client::AuthCodeError => error
12
- render text: "Could not exchange authorization code: #{error.message}.",
13
- status: :bad_request
14
- return
15
- end
16
-
17
- config = OpenIDTokenProxy.config
18
- uri = instance_exec token, &config.token_acquirement_hook
19
- redirect_to uri || main_app.root_url unless performed?
20
- end
3
+ include OpenIDTokenProxy::Concerns::CallbackController
21
4
  end
22
5
  end
data/lib/openid_token_proxy.rb CHANGED
@@ -5,6 +5,7 @@ require 'openid_connect'
5
5
  require 'openid_token_proxy/error'
6
6
 
7
7
  require 'openid_token_proxy/client'
8
+ require 'openid_token_proxy/concerns/callback_controller'
8
9
  require 'openid_token_proxy/config'
9
10
  require 'openid_token_proxy/engine'
10
11
  require 'openid_token_proxy/token'
data/lib/openid_token_proxy/concerns/callback_controller.rb ADDED
@@ -0,0 +1,26 @@
1
+ module OpenIDTokenProxy
2
+ module Concerns
3
+ module CallbackController
4
+ extend ActiveSupport::Concern
5
+
6
+ def handle
7
+ unless code = params[:code]
8
+ render text: "Required parameter 'code' missing.", status: :bad_request
9
+ return
10
+ end
11
+
12
+ begin
13
+ token = OpenIDTokenProxy.client.retrieve_token!(auth_code: code)
14
+ rescue OpenIDTokenProxy::Client::AuthCodeError => error
15
+ render text: "Could not exchange authorization code: #{error.message}.",
16
+ status: :bad_request
17
+ return
18
+ end
19
+
20
+ config = OpenIDTokenProxy.config
21
+ uri = instance_exec token, &config.token_acquirement_hook
22
+ redirect_to uri || main_app.root_url unless performed?
23
+ end
24
+ end
25
+ end
26
+ end
data/lib/openid_token_proxy/token/authentication.rb CHANGED
@@ -1,5 +1,3 @@
1
- require 'active_support/concern'
2
-
3
1
  module OpenIDTokenProxy
4
2
  class Token
5
3
  module Authentication
data/lib/openid_token_proxy/token/refresh.rb CHANGED
@@ -1,5 +1,3 @@
1
- require 'active_support/concern'
2
-
3
1
  module OpenIDTokenProxy
4
2
  class Token
5
3
  module Refresh
data/lib/openid_token_proxy/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OpenIDTokenProxy
2
- VERSION = '0.1.1'
2
+ VERSION = '0.1.2'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid-token-proxy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tim Kurvers
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-05-12 00:00:00.000000000 Z
11
+ date: 2015-05-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: openid_connect
@@ -205,6 +205,7 @@ files:
205
205
  - lib/openid-token-proxy.rb
206
206
  - lib/openid_token_proxy.rb
207
207
  - lib/openid_token_proxy/client.rb
208
+ - lib/openid_token_proxy/concerns/callback_controller.rb
208
209
  - lib/openid_token_proxy/config.rb
209
210
  - lib/openid_token_proxy/engine.rb
210
211
  - lib/openid_token_proxy/error.rb