openid_connect 1.4.2 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +17 -0
  3. data/VERSION +1 -1
  4. data/lib/openid_connect/access_token/mtls.rb +9 -0
  5. data/lib/openid_connect/access_token.rb +11 -2
  6. data/lib/openid_connect/client/registrar.rb +1 -1
  7. data/lib/openid_connect/client.rb +1 -3
  8. data/lib/openid_connect/discovery/provider/config/response.rb +1 -3
  9. data/lib/openid_connect/request_object.rb +1 -1
  10. data/lib/openid_connect.rb +10 -12
  11. data/openid_connect.gemspec +7 -5
  12. data/spec/helpers/webmock_helper.rb +7 -1
  13. data/spec/mock_response/errors/unknown.json +3 -1
  14. data/spec/openid_connect/client/registrar_spec.rb +1 -1
  15. data/spec/openid_connect/client_spec.rb +0 -10
  16. data/spec/openid_connect_spec.rb +2 -2
  17. metadata +40 -14
  18. data/lib/openid_connect/debugger/request_filter.rb +0 -28
  19. data/lib/openid_connect/debugger.rb +0 -3
  20. data/spec/openid_connect/debugger/request_filter_spec.rb +0 -33
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fc2fbaf7f12786bfb4695776c65b78a58a7730730382b138a8b53b6149939989
4
- data.tar.gz: 54d98cef9172883b53426b457ab41cb743d078ae9ed20eb8b374628802cebf1d
3
+ metadata.gz: 2b5a083aca9fb04e50e7ff4fb18d26d221daac9bf22ec1cfcc136007160a03db
4
+ data.tar.gz: 1eb0f4f04691552f0b276d284bb91f47d393c0afdc8e7473c57446c4e89c6cc1
5
5
  SHA512:
6
- metadata.gz: f3bc8fec5821911fbf334a27c9bc2d49dd7871cd5379a9ff91b7a5d1f05b017cece154744b4eb6283b3eea64dbf2cd6cb2fc61fe66a1f75c4dbf21aa97180646
7
- data.tar.gz: '09845c6ec9f7d8a198333d49eab6511f25fccd7d31a6ea7f59456700f44eab420ae4dbe2d96d28e541f7cd7b5f9bf0c5976ee19a85b7397904c3debd45db01e9'
6
+ metadata.gz: 3469b7247c8337d0f3bc5adddc3ebc117676814fba726ba95d59fb50279ae7f8a91e3856962ab794e44bc3d8a0ccbb9adf07966bc4ff50139c74e08c783e5e1f
7
+ data.tar.gz: 5670dcd68a4b196ebb167c2eb313360d407ae30a77914da20f376f4cddef1b009642fc5aeee5eddbd971b03e7baee939076a7ed343a9e63906e309b261bda8be
data/CHANGELOG.md ADDED
@@ -0,0 +1,17 @@
1
+ ## [Unreleased]
2
+
3
+ ## [2.1.0] - 2022-10-10
4
+
5
+ ### Changed
6
+
7
+ - mTLS access token by @nov in https://github.com/nov/openid_connect/pull/76
8
+
9
+ ## [2.0.0] - 2022-10-09
10
+
11
+ ### Added
12
+
13
+ - start recording CHANGELOG
14
+
15
+ ### Changed
16
+
17
+ - replace httpclient with faraday v2 by @nov in https://github.com/nov/openid_connect/pull/75
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.4.2
1
+ 2.2.0
data/lib/openid_connect/access_token/mtls.rb ADDED
@@ -0,0 +1,9 @@
1
+ module OpenIDConnect
2
+ class AccessToken::MTLS < AccessToken
3
+ def initialize(attributes = {})
4
+ super
5
+ http_client.ssl.client_key = attributes[:private_key] || client.private_key
6
+ http_client.ssl.client_cert = attributes[:certificate] || client.certificate
7
+ end
8
+ end
9
+ end
data/lib/openid_connect/access_token.rb CHANGED
@@ -15,13 +15,20 @@ module OpenIDConnect
15
15
  ResponseObject::UserInfo.new hash
16
16
  end
17
17
 
18
+ def to_mtls(attributes = {})
19
+ (required_attributes + optional_attributes).each do |key|
20
+ attributes[key] = self.send(key)
21
+ end
22
+ MTLS.new attributes
23
+ end
24
+
18
25
  private
19
26
 
20
27
  def resource_request
21
28
  res = yield
22
29
  case res.status
23
30
  when 200
24
- JSON.parse(res.body).with_indifferent_access
31
+ res.body.with_indifferent_access
25
32
  when 400
26
33
  raise BadRequest.new('API Access Faild', res)
27
34
  when 401
@@ -33,4 +40,6 @@ module OpenIDConnect
33
40
  end
34
41
  end
35
42
  end
36
- end
43
+ end
44
+
45
+ require 'openid_connect/access_token/mtls'
data/lib/openid_connect/client/registrar.rb CHANGED
@@ -170,7 +170,7 @@ module OpenIDConnect
170
170
  end
171
171
 
172
172
  def handle_success_response(response)
173
- credentials = JSON.parse(response.body).with_indifferent_access
173
+ credentials = response.body.with_indifferent_access
174
174
  Client.new(
175
175
  identifier: credentials[:client_id],
176
176
  secret: credentials[:client_secret],
data/lib/openid_connect/client.rb CHANGED
@@ -26,7 +26,7 @@ module OpenIDConnect
26
26
  end
27
27
 
28
28
  def handle_success_response(response)
29
- token_hash = JSON.parse(response.body).with_indifferent_access
29
+ token_hash = response.body.with_indifferent_access
30
30
  token_type = (@forced_token_type || token_hash[:token_type]).try(:downcase)
31
31
  case token_type
32
32
  when 'bearer'
@@ -34,8 +34,6 @@ module OpenIDConnect
34
34
  else
35
35
  raise Exception.new("Unexpected Token Type: #{token_type}")
36
36
  end
37
- rescue JSON::ParserError
38
- raise Exception.new("Unknown Token Type")
39
37
  end
40
38
  end
41
39
  end
data/lib/openid_connect/discovery/provider/config/response.rb CHANGED
@@ -81,9 +81,7 @@ module OpenIDConnect
81
81
  end
82
82
 
83
83
  def jwks
84
- @jwks ||= JSON.parse(
85
- OpenIDConnect.http_client.get_content(jwks_uri)
86
- ).with_indifferent_access
84
+ @jwks ||= OpenIDConnect.http_client.get(jwks_uri).body.with_indifferent_access
87
85
  JSON::JWK::Set.new @jwks[:keys]
88
86
  end
89
87
 
data/lib/openid_connect/request_object.rb CHANGED
@@ -25,7 +25,7 @@ module OpenIDConnect
25
25
  end
26
26
 
27
27
  def fetch(request_uri, key = nil)
28
- jwt_string = OpenIDConnect.http_client.get_content(request_uri)
28
+ jwt_string = OpenIDConnect.http_client.get(request_uri).body
29
29
  decode jwt_string, key
30
30
  end
31
31
  end
data/lib/openid_connect.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  require 'json'
2
2
  require 'logger'
3
+ require 'faraday'
4
+ require 'faraday/follow_redirects'
3
5
  require 'swd'
4
6
  require 'webfinger'
5
7
  require 'active_model'
@@ -64,17 +66,14 @@ module OpenIDConnect
64
66
  self.debugging = false
65
67
 
66
68
  def self.http_client
67
- _http_client_ = HTTPClient.new(
68
- agent_name: "OpenIDConnect (#{VERSION})"
69
- )
70
-
71
- # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
72
- _http_client_.ssl_config.clear_cert_store
73
- _http_client_.ssl_config.cert_store.set_default_paths
74
-
75
- _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
76
- http_config.try(:call, _http_client_)
77
- _http_client_
69
+ Faraday.new(headers: {user_agent: "OpenIDConnect (#{VERSION})"}) do |faraday|
70
+ faraday.request :url_encoded
71
+ faraday.request :json
72
+ faraday.response :json
73
+ faraday.response :logger, OpenIDConnect.logger, {bodies: true} if debugging?
74
+ faraday.adapter Faraday.default_adapter
75
+ http_config&.call(faraday)
76
+ end
78
77
  end
79
78
  def self.http_config(&block)
80
79
  @sub_protocols.each do |klass|
@@ -100,4 +99,3 @@ require 'openid_connect/access_token'
100
99
  require 'openid_connect/jwtnizable'
101
100
  require 'openid_connect/connect_object'
102
101
  require 'openid_connect/discovery'
103
- require 'openid_connect/debugger'
data/openid_connect.gemspec CHANGED
@@ -17,14 +17,16 @@ Gem::Specification.new do |s|
17
17
  s.add_runtime_dependency "activemodel"
18
18
  s.add_runtime_dependency "validate_url"
19
19
  s.add_runtime_dependency "validate_email"
20
- s.add_runtime_dependency "json-jwt", ">= 1.15.0"
21
- s.add_runtime_dependency "swd", "~> 1.3"
22
- s.add_runtime_dependency "webfinger", "~> 1.2"
23
- s.add_runtime_dependency "rack-oauth2", "~> 1.21"
20
+ s.add_runtime_dependency 'faraday', '~> 2.0'
21
+ s.add_runtime_dependency 'faraday-follow_redirects'
22
+ s.add_runtime_dependency "json-jwt", ">= 1.16"
23
+ s.add_runtime_dependency "swd", "~> 2.0"
24
+ s.add_runtime_dependency "webfinger", "~> 2.0"
25
+ s.add_runtime_dependency "rack-oauth2", "~> 2.2"
24
26
  if Gem.ruby_version >= Gem::Version.create(3.1)
25
27
  # TODO:
26
28
  # remove "net-smtp" dependency after mail gem 2.8+ (which supports ruby 3.1+) released.
27
- # ref.) https://rubygems.org/gems/mailhttps://github.com/mikel/mail
29
+ # ref.) https://rubygems.org/gems/mail
28
30
  s.add_runtime_dependency "net-smtp"
29
31
  end
30
32
  s.add_development_dependency "rake"
data/spec/helpers/webmock_helper.rb CHANGED
@@ -32,7 +32,13 @@ module WebMockHelper
32
32
 
33
33
  def response_for(response_file, options = {})
34
34
  response = {}
35
- response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{options[:format] || :json}"))
35
+ format = options[:format] || :json
36
+ if format == :json
37
+ response[:headers] = {
38
+ 'Content-Type': 'application/json'
39
+ }
40
+ end
41
+ response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{format}"))
36
42
  if options[:status]
37
43
  response[:status] = options[:status]
38
44
  end
data/spec/mock_response/errors/unknown.json CHANGED
@@ -1 +1,3 @@
1
- Fuckin Unknown Error
1
+ {
2
+ "unknown": "unknown"
3
+ }
data/spec/openid_connect/client/registrar_spec.rb CHANGED
@@ -253,7 +253,7 @@ describe OpenIDConnect::Client::Registrar do
253
253
  end
254
254
 
255
255
  context 'otherwise' do
256
- it { should be_instance_of HTTPClient }
256
+ it { should be_instance_of Faraday::Connection }
257
257
  end
258
258
  end
259
259
  end
data/spec/openid_connect/client_spec.rb CHANGED
@@ -162,16 +162,6 @@ describe OpenIDConnect::Client do
162
162
  end
163
163
  end
164
164
 
165
- context 'when invalid JSON is returned' do
166
- it 'should raise OpenIDConnect::Exception' do
167
- mock_json :post, client.token_endpoint, 'access_token/invalid_json', request_header: header_params, params: protocol_params do
168
- expect do
169
- access_token
170
- end.to raise_error OpenIDConnect::Exception, 'Unknown Token Type'
171
- end
172
- end
173
- end
174
-
175
165
  context 'otherwise' do
176
166
  it 'should raise Unexpected Token Type exception' do
177
167
  mock_json :post, client.token_endpoint, 'access_token/mac', request_header: header_params, params: protocol_params do
data/spec/openid_connect_spec.rb CHANGED
@@ -46,12 +46,12 @@ describe OpenIDConnect do
46
46
  context 'with http_config' do
47
47
  before do
48
48
  OpenIDConnect.http_config do |config|
49
- config.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
49
+ config.ssl.verify = false
50
50
  end
51
51
  end
52
52
  it 'should configure OpenIDConnect, SWD and Rack::OAuth2\'s http_client' do
53
53
  [OpenIDConnect, SWD, WebFinger, Rack::OAuth2].each do |klass|
54
- klass.http_client.ssl_config.verify_mode.should == OpenSSL::SSL::VERIFY_NONE
54
+ klass.http_client.ssl.verify.should be_falsy
55
55
  end
56
56
  end
57
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.2
4
+ version: 2.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-10-08 00:00:00.000000000 Z
11
+ date: 2022-10-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tzinfo
@@ -80,62 +80,90 @@ dependencies:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: faraday
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '2.0'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '2.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: faraday-follow_redirects
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :runtime
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
83
111
  - !ruby/object:Gem::Dependency
84
112
  name: json-jwt
85
113
  requirement: !ruby/object:Gem::Requirement
86
114
  requirements:
87
115
  - - ">="
88
116
  - !ruby/object:Gem::Version
89
- version: 1.15.0
117
+ version: '1.16'
90
118
  type: :runtime
91
119
  prerelease: false
92
120
  version_requirements: !ruby/object:Gem::Requirement
93
121
  requirements:
94
122
  - - ">="
95
123
  - !ruby/object:Gem::Version
96
- version: 1.15.0
124
+ version: '1.16'
97
125
  - !ruby/object:Gem::Dependency
98
126
  name: swd
99
127
  requirement: !ruby/object:Gem::Requirement
100
128
  requirements:
101
129
  - - "~>"
102
130
  - !ruby/object:Gem::Version
103
- version: '1.3'
131
+ version: '2.0'
104
132
  type: :runtime
105
133
  prerelease: false
106
134
  version_requirements: !ruby/object:Gem::Requirement
107
135
  requirements:
108
136
  - - "~>"
109
137
  - !ruby/object:Gem::Version
110
- version: '1.3'
138
+ version: '2.0'
111
139
  - !ruby/object:Gem::Dependency
112
140
  name: webfinger
113
141
  requirement: !ruby/object:Gem::Requirement
114
142
  requirements:
115
143
  - - "~>"
116
144
  - !ruby/object:Gem::Version
117
- version: '1.2'
145
+ version: '2.0'
118
146
  type: :runtime
119
147
  prerelease: false
120
148
  version_requirements: !ruby/object:Gem::Requirement
121
149
  requirements:
122
150
  - - "~>"
123
151
  - !ruby/object:Gem::Version
124
- version: '1.2'
152
+ version: '2.0'
125
153
  - !ruby/object:Gem::Dependency
126
154
  name: rack-oauth2
127
155
  requirement: !ruby/object:Gem::Requirement
128
156
  requirements:
129
157
  - - "~>"
130
158
  - !ruby/object:Gem::Version
131
- version: '1.21'
159
+ version: '2.2'
132
160
  type: :runtime
133
161
  prerelease: false
134
162
  version_requirements: !ruby/object:Gem::Requirement
135
163
  requirements:
136
164
  - - "~>"
137
165
  - !ruby/object:Gem::Version
138
- version: '1.21'
166
+ version: '2.2'
139
167
  - !ruby/object:Gem::Dependency
140
168
  name: net-smtp
141
169
  requirement: !ruby/object:Gem::Requirement
@@ -245,6 +273,7 @@ files:
245
273
  - ".github/workflows/spec.yml"
246
274
  - ".gitignore"
247
275
  - ".rspec"
276
+ - CHANGELOG.md
248
277
  - Gemfile
249
278
  - LICENSE
250
279
  - README.rdoc
@@ -253,11 +282,10 @@ files:
253
282
  - VERSION
254
283
  - lib/openid_connect.rb
255
284
  - lib/openid_connect/access_token.rb
285
+ - lib/openid_connect/access_token/mtls.rb
256
286
  - lib/openid_connect/client.rb
257
287
  - lib/openid_connect/client/registrar.rb
258
288
  - lib/openid_connect/connect_object.rb
259
- - lib/openid_connect/debugger.rb
260
- - lib/openid_connect/debugger/request_filter.rb
261
289
  - lib/openid_connect/discovery.rb
262
290
  - lib/openid_connect/discovery/provider.rb
263
291
  - lib/openid_connect/discovery/provider/config.rb
@@ -312,7 +340,6 @@ files:
312
340
  - spec/openid_connect/client/registrar_spec.rb
313
341
  - spec/openid_connect/client_spec.rb
314
342
  - spec/openid_connect/connect_object_spec.rb
315
- - spec/openid_connect/debugger/request_filter_spec.rb
316
343
  - spec/openid_connect/discovery/provider/config/resource_spec.rb
317
344
  - spec/openid_connect/discovery/provider/config/response_spec.rb
318
345
  - spec/openid_connect/discovery/provider/config_spec.rb
@@ -386,7 +413,6 @@ test_files:
386
413
  - spec/openid_connect/client/registrar_spec.rb
387
414
  - spec/openid_connect/client_spec.rb
388
415
  - spec/openid_connect/connect_object_spec.rb
389
- - spec/openid_connect/debugger/request_filter_spec.rb
390
416
  - spec/openid_connect/discovery/provider/config/resource_spec.rb
391
417
  - spec/openid_connect/discovery/provider/config/response_spec.rb
392
418
  - spec/openid_connect/discovery/provider/config_spec.rb
data/lib/openid_connect/debugger/request_filter.rb DELETED
@@ -1,28 +0,0 @@
1
- module OpenIDConnect
2
- module Debugger
3
- class RequestFilter
4
- # Callback called in HTTPClient (before sending a request)
5
- # request:: HTTP::Message
6
- def filter_request(request)
7
- started = "======= [OpenIDConnect] HTTP REQUEST STARTED ======="
8
- log started, request.dump
9
- end
10
-
11
- # Callback called in HTTPClient (after received a response)
12
- # request:: HTTP::Message
13
- # response:: HTTP::Message
14
- def filter_response(request, response)
15
- finished = "======= [OpenIDConnect] HTTP REQUEST FINISHED ======="
16
- log '-' * 50, response.dump, finished
17
- end
18
-
19
- private
20
-
21
- def log(*outputs)
22
- outputs.each do |output|
23
- OpenIDConnect.logger.info output
24
- end
25
- end
26
- end
27
- end
28
- end
data/lib/openid_connect/debugger.rb DELETED
@@ -1,3 +0,0 @@
1
- Dir[File.dirname(__FILE__) + '/debugger/*.rb'].each do |file|
2
- require file
3
- end
data/spec/openid_connect/debugger/request_filter_spec.rb DELETED
@@ -1,33 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe OpenIDConnect::Debugger::RequestFilter do
4
- let(:resource_endpoint) { 'https://example.com/resources' }
5
- let(:request) { HTTP::Message.new_request(:get, URI.parse(resource_endpoint)) }
6
- let(:response) { HTTP::Message.new_response({hello: 'world'}.to_json) }
7
- let(:request_filter) { OpenIDConnect::Debugger::RequestFilter.new }
8
-
9
- describe '#filter_request' do
10
- it 'should log request' do
11
- [
12
- "======= [OpenIDConnect] HTTP REQUEST STARTED =======",
13
- request.dump
14
- ].each do |output|
15
- expect(OpenIDConnect.logger).to receive(:info).with output
16
- end
17
- request_filter.filter_request(request)
18
- end
19
- end
20
-
21
- describe '#filter_response' do
22
- it 'should log response' do
23
- [
24
- "--------------------------------------------------",
25
- response.dump,
26
- "======= [OpenIDConnect] HTTP REQUEST FINISHED ======="
27
- ].each do |output|
28
- expect(OpenIDConnect.logger).to receive(:info).with output
29
- end
30
- request_filter.filter_response(request, response)
31
- end
32
- end
33
- end