openid_connect 1.4.2 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc2fbaf7f12786bfb4695776c65b78a58a7730730382b138a8b53b6149939989
-  data.tar.gz: 54d98cef9172883b53426b457ab41cb743d078ae9ed20eb8b374628802cebf1d
+  metadata.gz: 2b5a083aca9fb04e50e7ff4fb18d26d221daac9bf22ec1cfcc136007160a03db
+  data.tar.gz: 1eb0f4f04691552f0b276d284bb91f47d393c0afdc8e7473c57446c4e89c6cc1
 SHA512:
-  metadata.gz: f3bc8fec5821911fbf334a27c9bc2d49dd7871cd5379a9ff91b7a5d1f05b017cece154744b4eb6283b3eea64dbf2cd6cb2fc61fe66a1f75c4dbf21aa97180646
-  data.tar.gz: '09845c6ec9f7d8a198333d49eab6511f25fccd7d31a6ea7f59456700f44eab420ae4dbe2d96d28e541f7cd7b5f9bf0c5976ee19a85b7397904c3debd45db01e9'
+  metadata.gz: 3469b7247c8337d0f3bc5adddc3ebc117676814fba726ba95d59fb50279ae7f8a91e3856962ab794e44bc3d8a0ccbb9adf07966bc4ff50139c74e08c783e5e1f
+  data.tar.gz: 5670dcd68a4b196ebb167c2eb313360d407ae30a77914da20f376f4cddef1b009642fc5aeee5eddbd971b03e7baee939076a7ed343a9e63906e309b261bda8be

data/CHANGELOG.md

@@ -0,0 +1,17 @@
+## [Unreleased]
+
+## [2.1.0] - 2022-10-10
+
+### Changed
+
+- mTLS access token by @nov in https://github.com/nov/openid_connect/pull/76
+
+## [2.0.0] - 2022-10-09
+
+### Added
+
+- start recording CHANGELOG
+
+### Changed
+
+- replace httpclient with faraday v2 by @nov in https://github.com/nov/openid_connect/pull/75

data/VERSION

@@ -1 +1 @@
-1.4.2
+2.2.0

data/lib/openid_connect/access_token/mtls.rb

@@ -0,0 +1,9 @@
+module OpenIDConnect
+  class AccessToken::MTLS < AccessToken
+    def initialize(attributes = {})
+      super
+      http_client.ssl.client_key  = attributes[:private_key] || client.private_key
+      http_client.ssl.client_cert = attributes[:certificate] || client.certificate
+    end
+  end
+end

data/lib/openid_connect/access_token.rb

@@ -15,13 +15,20 @@ module OpenIDConnect
       ResponseObject::UserInfo.new hash
     end
 
+    def to_mtls(attributes = {})
+      (required_attributes + optional_attributes).each do |key|
+        attributes[key] = self.send(key)
+      end
+      MTLS.new attributes
+    end
+
     private
 
     def resource_request
       res = yield
       case res.status
       when 200
-        JSON.parse(res.body).with_indifferent_access
+        res.body.with_indifferent_access
       when 400
         raise BadRequest.new('API Access Faild', res)
       when 401
@@ -33,4 +40,6 @@ module OpenIDConnect
       end
     end
   end
-end
+end
+
+require 'openid_connect/access_token/mtls'

data/lib/openid_connect/client/registrar.rb

@@ -170,7 +170,7 @@ module OpenIDConnect
       end
 
       def handle_success_response(response)
-        credentials = JSON.parse(response.body).with_indifferent_access
+        credentials = response.body.with_indifferent_access
         Client.new(
           identifier: credentials[:client_id],
           secret:     credentials[:client_secret],

data/lib/openid_connect/client.rb

@@ -26,7 +26,7 @@ module OpenIDConnect
     end
 
     def handle_success_response(response)
-      token_hash = JSON.parse(response.body).with_indifferent_access
+      token_hash = response.body.with_indifferent_access
       token_type = (@forced_token_type || token_hash[:token_type]).try(:downcase)
       case token_type
       when 'bearer'
@@ -34,8 +34,6 @@ module OpenIDConnect
       else
         raise Exception.new("Unexpected Token Type: #{token_type}")
       end
-    rescue JSON::ParserError
-      raise Exception.new("Unknown Token Type")
     end
   end
 end

data/lib/openid_connect/discovery/provider/config/response.rb

@@ -81,9 +81,7 @@ module OpenIDConnect
           end
 
           def jwks
-            @jwks ||= JSON.parse(
-              OpenIDConnect.http_client.get_content(jwks_uri)
-            ).with_indifferent_access
+            @jwks ||= OpenIDConnect.http_client.get(jwks_uri).body.with_indifferent_access
             JSON::JWK::Set.new @jwks[:keys]
           end
 

data/lib/openid_connect/request_object.rb

@@ -25,7 +25,7 @@ module OpenIDConnect
       end
 
       def fetch(request_uri, key = nil)
-        jwt_string = OpenIDConnect.http_client.get_content(request_uri)
+        jwt_string = OpenIDConnect.http_client.get(request_uri).body
         decode jwt_string, key
       end
     end

data/lib/openid_connect.rb

@@ -1,5 +1,7 @@
 require 'json'
 require 'logger'
+require 'faraday'
+require 'faraday/follow_redirects'
 require 'swd'
 require 'webfinger'
 require 'active_model'
@@ -64,17 +66,14 @@ module OpenIDConnect
   self.debugging = false
 
   def self.http_client
-    _http_client_ = HTTPClient.new(
-      agent_name: "OpenIDConnect (#{VERSION})"
-    )
-
-    # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
-    _http_client_.ssl_config.clear_cert_store
-    _http_client_.ssl_config.cert_store.set_default_paths
-
-    _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
-    http_config.try(:call, _http_client_)
-    _http_client_
+    Faraday.new(headers: {user_agent: "OpenIDConnect (#{VERSION})"}) do |faraday|
+      faraday.request :url_encoded
+      faraday.request :json
+      faraday.response :json
+      faraday.response :logger, OpenIDConnect.logger, {bodies: true} if debugging?
+      faraday.adapter Faraday.default_adapter
+      http_config&.call(faraday)
+    end
   end
   def self.http_config(&block)
     @sub_protocols.each do |klass|
@@ -100,4 +99,3 @@ require 'openid_connect/access_token'
 require 'openid_connect/jwtnizable'
 require 'openid_connect/connect_object'
 require 'openid_connect/discovery'
-require 'openid_connect/debugger'

data/openid_connect.gemspec

@@ -17,14 +17,16 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "activemodel"
   s.add_runtime_dependency "validate_url"
   s.add_runtime_dependency "validate_email"
-  s.add_runtime_dependency "json-jwt", ">= 1.15.0"
-  s.add_runtime_dependency "swd", "~> 1.3"
-  s.add_runtime_dependency "webfinger", "~> 1.2"
-  s.add_runtime_dependency "rack-oauth2", "~> 1.21"
+  s.add_runtime_dependency 'faraday', '~> 2.0'
+  s.add_runtime_dependency 'faraday-follow_redirects'
+  s.add_runtime_dependency "json-jwt", ">= 1.16"
+  s.add_runtime_dependency "swd", "~> 2.0"
+  s.add_runtime_dependency "webfinger", "~> 2.0"
+  s.add_runtime_dependency "rack-oauth2", "~> 2.2"
   if Gem.ruby_version >= Gem::Version.create(3.1)
     # TODO:
     #  remove "net-smtp" dependency after mail gem 2.8+ (which supports ruby 3.1+) released.
-    #  ref.) https://rubygems.org/gems/mailhttps://github.com/mikel/mail
+    #  ref.) https://rubygems.org/gems/mail
     s.add_runtime_dependency "net-smtp"
   end
   s.add_development_dependency "rake"

data/spec/helpers/webmock_helper.rb

@@ -32,7 +32,13 @@ module WebMockHelper
 
   def response_for(response_file, options = {})
     response = {}
-    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{options[:format] || :json}"))
+    format = options[:format] || :json
+    if format == :json
+      response[:headers] = {
+        'Content-Type': 'application/json'
+      }
+    end
+    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{format}"))
     if options[:status]
       response[:status] = options[:status]
     end

data/spec/mock_response/errors/unknown.json

@@ -1 +1,3 @@
-Fuckin Unknown Error
+{
+  "unknown": "unknown"
+}

data/spec/openid_connect/client/registrar_spec.rb

@@ -253,7 +253,7 @@ describe OpenIDConnect::Client::Registrar do
     end
 
     context 'otherwise' do
-      it { should be_instance_of HTTPClient }
+      it { should be_instance_of Faraday::Connection }
     end
   end
 end

data/spec/openid_connect/client_spec.rb

@@ -162,16 +162,6 @@ describe OpenIDConnect::Client do
       end
     end
 
-    context 'when invalid JSON is returned' do
-      it 'should raise OpenIDConnect::Exception' do
-        mock_json :post, client.token_endpoint, 'access_token/invalid_json', request_header: header_params, params: protocol_params do
-          expect do
-            access_token
-          end.to raise_error OpenIDConnect::Exception, 'Unknown Token Type'
-        end
-      end
-    end
-
     context 'otherwise' do
       it 'should raise Unexpected Token Type exception' do
         mock_json :post, client.token_endpoint, 'access_token/mac', request_header: header_params, params: protocol_params do

data/spec/openid_connect_spec.rb

@@ -46,12 +46,12 @@ describe OpenIDConnect do
     context 'with http_config' do
       before do
         OpenIDConnect.http_config do |config|
-          config.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          config.ssl.verify = false
         end
       end
       it 'should configure OpenIDConnect, SWD and Rack::OAuth2\'s http_client' do
         [OpenIDConnect, SWD, WebFinger, Rack::OAuth2].each do |klass|
-          klass.http_client.ssl_config.verify_mode.should == OpenSSL::SSL::VERIFY_NONE
+          klass.http_client.ssl.verify.should be_falsy
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openid_connect
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: 2.2.0
 platform: ruby
 authors:
 - nov matake
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-10-08 00:00:00.000000000 Z
+date: 2022-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: tzinfo
@@ -80,62 +80,90 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: faraday-follow_redirects
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: json-jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: '1.16'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: '1.16'
 - !ruby/object:Gem::Dependency
   name: swd
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: webfinger
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rack-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '2.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: net-smtp
   requirement: !ruby/object:Gem::Requirement
@@ -245,6 +273,7 @@ files:
 - ".github/workflows/spec.yml"
 - ".gitignore"
 - ".rspec"
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.rdoc
@@ -253,11 +282,10 @@ files:
 - VERSION
 - lib/openid_connect.rb
 - lib/openid_connect/access_token.rb
+- lib/openid_connect/access_token/mtls.rb
 - lib/openid_connect/client.rb
 - lib/openid_connect/client/registrar.rb
 - lib/openid_connect/connect_object.rb
-- lib/openid_connect/debugger.rb
-- lib/openid_connect/debugger/request_filter.rb
 - lib/openid_connect/discovery.rb
 - lib/openid_connect/discovery/provider.rb
 - lib/openid_connect/discovery/provider/config.rb
@@ -312,7 +340,6 @@ files:
 - spec/openid_connect/client/registrar_spec.rb
 - spec/openid_connect/client_spec.rb
 - spec/openid_connect/connect_object_spec.rb
-- spec/openid_connect/debugger/request_filter_spec.rb
 - spec/openid_connect/discovery/provider/config/resource_spec.rb
 - spec/openid_connect/discovery/provider/config/response_spec.rb
 - spec/openid_connect/discovery/provider/config_spec.rb
@@ -386,7 +413,6 @@ test_files:
 - spec/openid_connect/client/registrar_spec.rb
 - spec/openid_connect/client_spec.rb
 - spec/openid_connect/connect_object_spec.rb
-- spec/openid_connect/debugger/request_filter_spec.rb
 - spec/openid_connect/discovery/provider/config/resource_spec.rb
 - spec/openid_connect/discovery/provider/config/response_spec.rb
 - spec/openid_connect/discovery/provider/config_spec.rb

data/lib/openid_connect/debugger/request_filter.rb

@@ -1,28 +0,0 @@
-module OpenIDConnect
-  module Debugger
-    class RequestFilter
-      # Callback called in HTTPClient (before sending a request)
-      # request:: HTTP::Message
-      def filter_request(request)
-        started = "======= [OpenIDConnect] HTTP REQUEST STARTED ======="
-        log started, request.dump
-      end
-
-      # Callback called in HTTPClient (after received a response)
-      # request::  HTTP::Message
-      # response:: HTTP::Message
-      def filter_response(request, response)
-        finished = "======= [OpenIDConnect] HTTP REQUEST FINISHED ======="
-        log '-' * 50, response.dump, finished
-      end
-
-      private
-
-      def log(*outputs)
-        outputs.each do |output|
-          OpenIDConnect.logger.info output
-        end
-      end
-    end
-  end
-end

data/lib/openid_connect/debugger.rb

@@ -1,3 +0,0 @@
-Dir[File.dirname(__FILE__) + '/debugger/*.rb'].each do |file|
-  require file
-end

data/spec/openid_connect/debugger/request_filter_spec.rb

@@ -1,33 +0,0 @@
-require 'spec_helper'
-
-describe OpenIDConnect::Debugger::RequestFilter do
-  let(:resource_endpoint) { 'https://example.com/resources' }
-  let(:request) { HTTP::Message.new_request(:get, URI.parse(resource_endpoint)) }
-  let(:response) { HTTP::Message.new_response({hello: 'world'}.to_json) }
-  let(:request_filter) { OpenIDConnect::Debugger::RequestFilter.new }
-
-  describe '#filter_request' do
-    it 'should log request' do
-      [
-        "======= [OpenIDConnect] HTTP REQUEST STARTED =======",
-        request.dump
-      ].each do |output|
-        expect(OpenIDConnect.logger).to receive(:info).with output
-      end
-      request_filter.filter_request(request)
-    end
-  end
-
-  describe '#filter_response' do
-    it 'should log response' do
-      [
-        "--------------------------------------------------",
-        response.dump,
-        "======= [OpenIDConnect] HTTP REQUEST FINISHED ======="
-      ].each do |output|
-        expect(OpenIDConnect.logger).to receive(:info).with output
-      end
-      request_filter.filter_response(request, response)
-    end
-  end
-end