openid_connect 0.9.2 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0c8f7a65bb459955b2c3b48c95136b767d2299db
4
- data.tar.gz: b425f0dd8c76e63749920ab0079a3ba60218721b
3
+ metadata.gz: 96670a029138c10be710eeb8b123c9e3b173c3ee
4
+ data.tar.gz: 02bf038dac7a8acaef22d285d0fbfc433443bd62
5
5
  SHA512:
6
- metadata.gz: 8fe38d6c1f68b1c0d1b15762ea42c9c3dffb17334490766d088e31c3c1ff1b98915bbe56d4884f146b3d2ec1565f622155e7d47bea199a5b3f484640b031a42c
7
- data.tar.gz: c07ffac0ba172baa94dbf46efb4bfcb921ec29fc541ce0385aca6494e34601de05ad789943f1144fd6ed2f07ac23fe691a346b798e93d3f1f24181f412c9c683
6
+ metadata.gz: 1f59f7cc3af3259e70dd8f40e8790c854a2ca7b487e0cdb09850e161460d07a9b7031b983da851563aa5f136c188b4ce698664597572911c36a5588b0d767557
7
+ data.tar.gz: 9bb50877162d933fcbaa8c82e2a2f344e3e81a3a30059f116716c5fb94db3586b946dac3ff350216ff84ef7077001af677fb533c97eea3d340f9aae0b767d384
data/.travis.yml CHANGED
@@ -1,3 +1,8 @@
1
+ before_install:
2
+ - gem install bundler
3
+
1
4
  rvm:
2
- - 1.9.3
3
- - 2.0.0
5
+ - 2.0
6
+ - 2.1
7
+ - 2.2
8
+ - 2.3.0
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.9.2
1
+ 0.10.0
@@ -4,8 +4,10 @@ module OpenIDConnect
4
4
  class Config
5
5
  def self.discover!(identifier, cache_options = {})
6
6
  uri = URI.parse(identifier)
7
- Resource.new(uri).discover!(cache_options)
8
- rescue SWD::Exception => e
7
+ Resource.new(uri).discover!(cache_options).tap do |response|
8
+ response.validate! identifier
9
+ end
10
+ rescue SWD::Exception, ValidationFailed => e
9
11
  raise DiscoveryFailed.new(e.message)
10
12
  end
11
13
  end
@@ -23,7 +23,7 @@ module OpenIDConnect
23
23
  private
24
24
 
25
25
  def to_response_object(hash)
26
- Response.new hash
26
+ Response.new(hash)
27
27
  end
28
28
 
29
29
  def cache_key
@@ -10,10 +10,10 @@ module OpenIDConnect
10
10
  uri_attributes = {
11
11
  required: [
12
12
  :issuer,
13
+ :authorization_endpoint,
13
14
  :jwks_uri
14
15
  ],
15
16
  optional: [
16
- :authorization_endpoint,
17
17
  :token_endpoint,
18
18
  :userinfo_endpoint,
19
19
  :registration_endpoint,
@@ -72,8 +72,10 @@ module OpenIDConnect
72
72
  end
73
73
  end
74
74
 
75
- def validate!
76
- valid? or raise ValidationFailed.new(self)
75
+ def validate!(expected_issuer = nil)
76
+ valid? && (
77
+ expected_issuer.blank? || issuer == expected_issuer
78
+ ) or raise ValidationFailed.new(self)
77
79
  end
78
80
 
79
81
  def jwks
@@ -13,11 +13,9 @@ module OpenIDConnect
13
13
  @userinfo = UserInfo.new(attributes) if attributes.present?
14
14
  end
15
15
 
16
- def as_json_with_mixed_keys(options = {})
17
- hash = as_json_without_mixed_keys options
18
- hash.with_indifferent_access
16
+ def as_json(options = {})
17
+ super.with_indifferent_access
19
18
  end
20
- alias_method_chain :as_json, :mixed_keys
21
19
 
22
20
  class << self
23
21
  def decode(jwt_string, key = nil)
@@ -3,12 +3,10 @@ module OpenIDConnect
3
3
  module Claimable
4
4
  def self.included(klass)
5
5
  klass.send :attr_optional, :claims
6
- klass.send :alias_method_chain, :initialize, :claims
7
- klass.send :alias_method_chain, :as_json, :keep_blank
8
6
  end
9
7
 
10
- def initialize_with_claims(attributes = {})
11
- initialize_without_claims attributes
8
+ def initialize(attributes = {})
9
+ super
12
10
  if claims.present?
13
11
  _claims_ = {}
14
12
  claims.each do |key, value|
@@ -29,9 +27,9 @@ module OpenIDConnect
29
27
  end
30
28
  end
31
29
 
32
- def as_json_with_keep_blank(options = {})
30
+ def as_json(options = {})
33
31
  keys = claims.try(:keys)
34
- hash = as_json_without_keep_blank options
32
+ hash = super
35
33
  Array(keys).each do |key|
36
34
  hash[:claims][key] ||= nil
37
35
  end
@@ -27,7 +27,7 @@ module OpenIDConnect
27
27
  end
28
28
 
29
29
  include JWTnizable
30
- def to_jwt_with_at_hash_and_c_hash(key, algorithm = :RS256, &block)
30
+ def to_jwt(key, algorithm = :RS256, &block)
31
31
  hash_length = algorithm.to_s[2, 3].to_i
32
32
  if access_token
33
33
  token = case access_token
@@ -41,9 +41,8 @@ module OpenIDConnect
41
41
  if code
42
42
  self.c_hash = left_half_hash_of code, hash_length
43
43
  end
44
- to_jwt_without_at_hash_and_c_hash key, algorithm, &block
44
+ super
45
45
  end
46
- alias_method_chain :to_jwt, :at_hash_and_c_hash
47
46
 
48
47
  private
49
48
 
@@ -2,22 +2,20 @@ class Rack::OAuth2::Server::Authorize
2
2
  module RequestWithConnectParams
3
3
  CONNECT_EXT_PARAMS = [:nonce, :display, :prompt, :request, :request_uri, :id_token]
4
4
 
5
- def self.included(klass)
5
+ def self.prepended(klass)
6
6
  klass.send :attr_optional, *CONNECT_EXT_PARAMS
7
- klass.class_eval do
8
- def initialize_with_connect_params(env)
9
- initialize_without_connect_params env
10
- CONNECT_EXT_PARAMS.each do |attribute|
11
- self.send :"#{attribute}=", params[attribute.to_s]
12
- end
13
- end
14
- alias_method_chain :initialize, :connect_params
7
+ end
15
8
 
16
- def openid_connect_request?
17
- scope.include?('openid')
18
- end
9
+ def initialize(env)
10
+ super
11
+ CONNECT_EXT_PARAMS.each do |attribute|
12
+ self.send :"#{attribute}=", params[attribute.to_s]
19
13
  end
20
14
  end
15
+
16
+ def openid_connect_request?
17
+ scope.include?('openid')
18
+ end
21
19
  end
22
- Request.send :include, RequestWithConnectParams
20
+ Request.send :prepend, RequestWithConnectParams
23
21
  end
@@ -1,22 +1,20 @@
1
1
  module Rack::OAuth2::Server
2
2
  module IdTokenResponse
3
- def self.included(klass)
3
+ def self.prepended(klass)
4
4
  klass.send :attr_optional, :id_token
5
- klass.class_eval do
6
- def protocol_params_location
7
- :fragment
8
- end
5
+ end
6
+
7
+ def protocol_params_location
8
+ :fragment
9
+ end
9
10
 
10
- def protocol_params_with_id_token
11
- protocol_params_without_id_token.merge(
12
- id_token: id_token
13
- )
14
- end
15
- alias_method_chain :protocol_params, :id_token
16
- end
11
+ def protocol_params
12
+ super.merge(
13
+ id_token: id_token
14
+ )
17
15
  end
18
16
  end
19
- Token::Response.send :include, IdTokenResponse
17
+ Token::Response.send :prepend, IdTokenResponse
20
18
  end
21
19
 
22
20
  require 'rack/oauth2/server/authorize/extension/code_and_id_token'
@@ -0,0 +1,13 @@
1
+ {
2
+ "issuer": "https://connect-op.heroku.com:8080",
3
+ "authorization_endpoint": "https://connect-op.heroku.com:8080/authorizations/new",
4
+ "token_endpoint": "https://connect-op.heroku.com:8080/access_tokens",
5
+ "userinfo_endpoint": "https://connect-op.heroku.com:8080/userinfo",
6
+ "registration_endpoint": "https://connect-op.heroku.com:8080/connect/client",
7
+ "scopes_supported": ["openid", "profile", "email", "address"],
8
+ "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
9
+ "subject_types_supported": ["public", "pairwise"],
10
+ "claims_supported": ["sub", "iss", "name", "email"],
11
+ "jwks_uri": "https://connect-op.heroku.com/jwks.json",
12
+ "id_token_signing_alg_values_supported": ["RS256"]
13
+ }
@@ -0,0 +1,13 @@
1
+ {
2
+ "issuer": "https://attacker.example.com",
3
+ "authorization_endpoint": "https://connect-op.heroku.com/authorizations/new",
4
+ "token_endpoint": "https://connect-op.heroku.com/access_tokens",
5
+ "userinfo_endpoint": "https://connect-op.heroku.com/userinfo",
6
+ "registration_endpoint": "https://connect-op.heroku.com/connect/client",
7
+ "scopes_supported": ["openid", "profile", "email", "address"],
8
+ "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
9
+ "subject_types_supported": ["public", "pairwise"],
10
+ "claims_supported": ["sub", "iss", "name", "email"],
11
+ "jwks_uri": "https://connect-op.heroku.com/jwks.json",
12
+ "id_token_signing_alg_values_supported": ["RS256"]
13
+ }
@@ -0,0 +1,13 @@
1
+ {
2
+ "issuer": "https://connect.openid4.us/abop",
3
+ "authorization_endpoint": "https://connect.openid4.us/abop/authorizations/new",
4
+ "token_endpoint": "https://connect.openid4.us/abop/access_tokens",
5
+ "userinfo_endpoint": "https://connect.openid4.us/abop/userinfo",
6
+ "registration_endpoint": "https://connect.openid4.us/abop/connect/client",
7
+ "scopes_supported": ["openid", "profile", "email", "address"],
8
+ "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
9
+ "subject_types_supported": ["public", "pairwise"],
10
+ "claims_supported": ["sub", "iss", "name", "email"],
11
+ "jwks_uri": "https://connect-op.heroku.com/jwks.json",
12
+ "id_token_signing_alg_values_supported": ["RS256"]
13
+ }
@@ -0,0 +1,12 @@
1
+ {
2
+ "authorization_endpoint": "https://connect-op.heroku.com/authorizations/new",
3
+ "token_endpoint": "https://connect-op.heroku.com/access_tokens",
4
+ "userinfo_endpoint": "https://connect-op.heroku.com/userinfo",
5
+ "registration_endpoint": "https://connect-op.heroku.com/connect/client",
6
+ "scopes_supported": ["openid", "profile", "email", "address"],
7
+ "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
8
+ "subject_types_supported": ["public", "pairwise"],
9
+ "claims_supported": ["sub", "iss", "name", "email"],
10
+ "jwks_uri": "https://connect-op.heroku.com/jwks.json",
11
+ "id_token_signing_alg_values_supported": ["RS256"]
12
+ }
@@ -10,6 +10,7 @@ describe OpenIDConnect::Discovery::Provider::Config::Response do
10
10
  let :minimum_attributes do
11
11
  {
12
12
  issuer: 'https://server.example.com',
13
+ authorization_endpoint: 'https://server.example.com/authorize',
13
14
  jwks_uri: jwks_uri,
14
15
  response_types_supported: [
15
16
  :code, :id_token, 'token id_token'
@@ -24,6 +24,28 @@ describe OpenIDConnect::Discovery::Provider::Config do
24
24
  end
25
25
  end
26
26
 
27
+ context 'when OP identifier includes custom port' do
28
+ let(:provider) { 'https://connect-op.heroku.com:8080' }
29
+ let(:endpoint) { 'https://connect-op.heroku.com:8080/.well-known/openid-configuration' }
30
+
31
+ it 'should construct well-known URI with given port' do
32
+ mock_json :get, endpoint, 'discovery/config_with_custom_port' do
33
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
34
+ end
35
+ end
36
+ end
37
+
38
+ context 'when OP identifier includes path' do
39
+ let(:provider) { 'https://connect.openid4.us/abop' }
40
+ let(:endpoint) { 'https://connect.openid4.us/abop/.well-known/openid-configuration' }
41
+
42
+ it 'should construct well-known URI with given port' do
43
+ mock_json :get, endpoint, 'discovery/config_with_path' do
44
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
45
+ end
46
+ end
47
+ end
48
+
27
49
  context 'when SWD::Exception raised' do
28
50
  it do
29
51
  expect do
@@ -33,26 +55,24 @@ describe OpenIDConnect::Discovery::Provider::Config do
33
55
  end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
34
56
  end
35
57
  end
36
- end
37
58
 
38
- context 'when OP identifier includes custom port' do
39
- let(:provider) { 'https://connect-op.heroku.com:8080' }
40
- let(:endpoint) { 'https://connect-op.heroku.com:8080/.well-known/openid-configuration' }
41
-
42
- it 'should construct well-known URI with given port' do
43
- mock_json :get, endpoint, 'discovery/config' do
44
- OpenIDConnect::Discovery::Provider::Config.discover! provider
59
+ context 'when response include invalid issuer' do
60
+ it do
61
+ expect do
62
+ mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
63
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
64
+ end
65
+ end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
45
66
  end
46
67
  end
47
- end
48
-
49
- context 'when OP identifier includes path' do
50
- let(:provider) { 'https://connect.openid4.us/abop' }
51
- let(:endpoint) { 'https://connect.openid4.us/abop/.well-known/openid-configuration' }
52
68
 
53
- it 'should construct well-known URI with given port' do
54
- mock_json :get, endpoint, 'discovery/config' do
55
- OpenIDConnect::Discovery::Provider::Config.discover! provider
69
+ context 'when response include no issuer' do
70
+ it do
71
+ expect do
72
+ mock_json :get, endpoint, 'discovery/config_without_issuer' do
73
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
74
+ end
75
+ end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
56
76
  end
57
77
  end
58
78
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.2
4
+ version: 0.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-09-14 00:00:00.000000000 Z
11
+ date: 2016-01-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json
@@ -276,6 +276,10 @@ files:
276
276
  - spec/mock_response/client/rotated.json
277
277
  - spec/mock_response/client/updated.json
278
278
  - spec/mock_response/discovery/config.json
279
+ - spec/mock_response/discovery/config_with_custom_port.json
280
+ - spec/mock_response/discovery/config_with_invalid_issuer.json
281
+ - spec/mock_response/discovery/config_with_path.json
282
+ - spec/mock_response/discovery/config_without_issuer.json
279
283
  - spec/mock_response/discovery/swd.json
280
284
  - spec/mock_response/discovery/webfinger.json
281
285
  - spec/mock_response/errors/insufficient_scope.json
@@ -328,7 +332,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
328
332
  version: '0'
329
333
  requirements: []
330
334
  rubyforge_project:
331
- rubygems_version: 2.4.5
335
+ rubygems_version: 2.5.1
332
336
  signing_key:
333
337
  specification_version: 4
334
338
  summary: OpenID Connect Server & Client Library
@@ -343,6 +347,10 @@ test_files:
343
347
  - spec/mock_response/client/rotated.json
344
348
  - spec/mock_response/client/updated.json
345
349
  - spec/mock_response/discovery/config.json
350
+ - spec/mock_response/discovery/config_with_custom_port.json
351
+ - spec/mock_response/discovery/config_with_invalid_issuer.json
352
+ - spec/mock_response/discovery/config_with_path.json
353
+ - spec/mock_response/discovery/config_without_issuer.json
346
354
  - spec/mock_response/discovery/swd.json
347
355
  - spec/mock_response/discovery/webfinger.json
348
356
  - spec/mock_response/errors/insufficient_scope.json