RubyGems - openid_connect - Versions diffs - 1.4.2 → 2.3.1 - Mend

openid_connect 1.4.2 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml +4 -4
data/.github/workflows/spec.yml +5 -6
data/CHANGELOG.md +23 -0
data/VERSION +1 -1
data/lib/openid_connect/access_token/mtls.rb +9 -0
data/lib/openid_connect/access_token.rb +12 -3
data/lib/openid_connect/client/registrar.rb +2 -2
data/lib/openid_connect/client.rb +1 -3
data/lib/openid_connect/discovery/provider/config/response.rb +1 -3
data/lib/openid_connect/request_object.rb +1 -1
data/lib/openid_connect.rb +12 -13
data/openid_connect.gemspec +8 -11
data/spec/helpers/webmock_helper.rb +7 -1
data/spec/mock_response/errors/unknown.json +3 -1
data/spec/openid_connect/client/registrar_spec.rb +1 -1
data/spec/openid_connect/client_spec.rb +0 -10
data/spec/openid_connect_spec.rb +2 -2
metadata +51 -25
data/lib/openid_connect/debugger/request_filter.rb +0 -28
data/lib/openid_connect/debugger.rb +0 -3
data/spec/openid_connect/debugger/request_filter_spec.rb +0 -33

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc2fbaf7f12786bfb4695776c65b78a58a7730730382b138a8b53b6149939989
-  data.tar.gz: 54d98cef9172883b53426b457ab41cb743d078ae9ed20eb8b374628802cebf1d
+  metadata.gz: 1846c96c032313eff89f8fcb9a753643c373ff00d6de12254b7f679d7802b4ab
+  data.tar.gz: 58c0780a7873c51f18fad3d847272fa49b59d88992a0833cf3f3396edc6d9303
 SHA512:
-  metadata.gz: f3bc8fec5821911fbf334a27c9bc2d49dd7871cd5379a9ff91b7a5d1f05b017cece154744b4eb6283b3eea64dbf2cd6cb2fc61fe66a1f75c4dbf21aa97180646
-  data.tar.gz: '09845c6ec9f7d8a198333d49eab6511f25fccd7d31a6ea7f59456700f44eab420ae4dbe2d96d28e541f7cd7b5f9bf0c5976ee19a85b7397904c3debd45db01e9'
+  metadata.gz: 4d605a9a6301af104cf1173b8626e5c1403a930b16cd49c738e2b7e08a8b8f23cfac4d53cfc649cb5484c73e22e1dc3c8b72941abda64942c405931cc17392e8
+  data.tar.gz: 70c4fcd75e6f7913475b5d8c070df75d37c242e3888010b5ec30eba95784258577b6de1575f52e494d44bf0c475a6d62b76e180c67c7e573f198ff910cf35d7c

data/.github/workflows/spec.yml CHANGED Viewed

@@ -3,7 +3,7 @@ name: Spec
 on:
   push:
     branches:
-      - master
+      - main
   pull_request:
 permissions:
@@ -13,12 +13,11 @@ jobs:
   spec:
     strategy:
       matrix:
-        os: ['ubuntu-20.04']
-        ruby-version: ['2.6', '2.7', '3.0', '3.1']
-        # ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
+        os: ['ubuntu-20.04', 'ubuntu-22.04']
+        ruby-version: ['3.1', '3.2', '3.3']
         include:
-        - os: 'ubuntu-22.04'
-          ruby-version: '3.1'
+        - os: 'ubuntu-20.04'
+          ruby-version: '3.0'
     runs-on: ${{ matrix.os }}
     steps:

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,23 @@
+## [Unreleased]
+## [2.2.0] - 2022-10-11
+### Changed
+- automatic json response decoding by @nov in https://github.com/nov/openid_connect/pull/77
+## [2.1.0] - 2022-10-10
+### Changed
+- mTLS access token by @nov in https://github.com/nov/openid_connect/pull/76
+## [2.0.0] - 2022-10-09
+### Added
+- start recording CHANGELOG
+### Changed
+- replace httpclient with faraday v2 by @nov in https://github.com/nov/openid_connect/pull/75

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.4.2
1	+ 2.3.1

data/lib/openid_connect/access_token/mtls.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module OpenIDConnect
+  class AccessToken::MTLS < AccessToken
+    def initialize(attributes = {})
+      super
+      http_client.ssl.client_key  = attributes[:private_key] || client.private_key
+      http_client.ssl.client_cert = attributes[:certificate] || client.certificate
+    end
+  end
+end

data/lib/openid_connect/access_token.rb CHANGED Viewed

@@ -15,15 +15,22 @@ module OpenIDConnect
       ResponseObject::UserInfo.new hash
     end
+    def to_mtls(attributes = {})
+      (required_attributes + optional_attributes).each do |key|
+        attributes[key] = self.send(key)
+      end
+      MTLS.new attributes
+    end
     private
     def resource_request
       res = yield
       case res.status
       when 200
-        JSON.parse(res.body).with_indifferent_access
+        res.body.with_indifferent_access
       when 400
-        raise BadRequest.new('API Access Faild', res)
+        raise BadRequest.new('API Access Failed', res)
       when 401
         raise Unauthorized.new('Access Token Invalid or Expired', res)
       when 403
@@ -33,4 +40,6 @@ module OpenIDConnect
       end
     end
   end
-end
+end
+require 'openid_connect/access_token/mtls'

data/lib/openid_connect/client/registrar.rb CHANGED Viewed

@@ -118,7 +118,7 @@ module OpenIDConnect
       def valid_uri?(uri, schemes = ['http', 'https'])
         # NOTE: specify nil for schemes to allow any schemes
-        URI::regexp(schemes).match(uri).present?
+        URI::DEFAULT_PARSER.make_regexp(schemes).match(uri).present?
       end
       def validate_contacts
@@ -170,7 +170,7 @@ module OpenIDConnect
       end
       def handle_success_response(response)
-        credentials = JSON.parse(response.body).with_indifferent_access
+        credentials = response.body.with_indifferent_access
         Client.new(
           identifier: credentials[:client_id],
           secret:     credentials[:client_secret],

data/lib/openid_connect/client.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module OpenIDConnect
     end
     def handle_success_response(response)
-      token_hash = JSON.parse(response.body).with_indifferent_access
+      token_hash = response.body.with_indifferent_access
       token_type = (@forced_token_type || token_hash[:token_type]).try(:downcase)
       case token_type
       when 'bearer'
@@ -34,8 +34,6 @@ module OpenIDConnect
       else
         raise Exception.new("Unexpected Token Type: #{token_type}")
       end
-    rescue JSON::ParserError
-      raise Exception.new("Unknown Token Type")
     end
   end
 end

data/lib/openid_connect/discovery/provider/config/response.rb CHANGED Viewed

@@ -81,9 +81,7 @@ module OpenIDConnect
           end
           def jwks
-            @jwks ||= JSON.parse(
-              OpenIDConnect.http_client.get_content(jwks_uri)
-            ).with_indifferent_access
+            @jwks ||= OpenIDConnect.http_client.get(jwks_uri).body.with_indifferent_access
             JSON::JWK::Set.new @jwks[:keys]
           end

data/lib/openid_connect/request_object.rb CHANGED Viewed

@@ -25,7 +25,7 @@ module OpenIDConnect
       end
       def fetch(request_uri, key = nil)
-        jwt_string = OpenIDConnect.http_client.get_content(request_uri)
+        jwt_string = OpenIDConnect.http_client.get(request_uri).body
         decode jwt_string, key
       end
     end

data/lib/openid_connect.rb CHANGED Viewed

@@ -1,11 +1,14 @@
 require 'json'
 require 'logger'
+require 'faraday'
+require 'faraday/follow_redirects'
 require 'swd'
 require 'webfinger'
 require 'active_model'
 require 'tzinfo'
 require 'validate_url'
-require 'validate_email'
+require 'email_validator/strict'
+require 'mail'
 require 'attr_required'
 require 'attr_optional'
 require 'json/jwt'
@@ -64,17 +67,14 @@ module OpenIDConnect
   self.debugging = false
   def self.http_client
-    _http_client_ = HTTPClient.new(
-      agent_name: "OpenIDConnect (#{VERSION})"
-    )
-    # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
-    _http_client_.ssl_config.clear_cert_store
-    _http_client_.ssl_config.cert_store.set_default_paths
-    _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
-    http_config.try(:call, _http_client_)
-    _http_client_
+    Faraday.new(headers: {user_agent: "OpenIDConnect (#{VERSION})"}) do |faraday|
+      faraday.request :url_encoded
+      faraday.request :json
+      faraday.response :json
+      faraday.adapter Faraday.default_adapter
+      http_config&.call(faraday)
+      faraday.response :logger, OpenIDConnect.logger, {bodies: true} if debugging?
+    end
   end
   def self.http_config(&block)
     @sub_protocols.each do |klass|
@@ -100,4 +100,3 @@ require 'openid_connect/access_token'
 require 'openid_connect/jwtnizable'
 require 'openid_connect/connect_object'
 require 'openid_connect/discovery'
-require 'openid_connect/debugger'

data/openid_connect.gemspec CHANGED Viewed

@@ -16,17 +16,14 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "attr_required", ">= 1.0.0"
   s.add_runtime_dependency "activemodel"
   s.add_runtime_dependency "validate_url"
-  s.add_runtime_dependency "validate_email"
-  s.add_runtime_dependency "json-jwt", ">= 1.15.0"
-  s.add_runtime_dependency "swd", "~> 1.3"
-  s.add_runtime_dependency "webfinger", "~> 1.2"
-  s.add_runtime_dependency "rack-oauth2", "~> 1.21"
-  if Gem.ruby_version >= Gem::Version.create(3.1)
-    # TODO:
-    #  remove "net-smtp" dependency after mail gem 2.8+ (which supports ruby 3.1+) released.
-    #  ref.) https://rubygems.org/gems/mailhttps://github.com/mikel/mail
-    s.add_runtime_dependency "net-smtp"
-  end
+  s.add_runtime_dependency "email_validator"
+  s.add_runtime_dependency "mail"
+  s.add_runtime_dependency 'faraday', '~> 2.0'
+  s.add_runtime_dependency 'faraday-follow_redirects'
+  s.add_runtime_dependency "json-jwt", ">= 1.16"
+  s.add_runtime_dependency "swd", "~> 2.0"
+  s.add_runtime_dependency "webfinger", "~> 2.0"
+  s.add_runtime_dependency "rack-oauth2", "~> 2.2"
   s.add_development_dependency "rake"
   s.add_development_dependency "rspec"
   s.add_development_dependency "rspec-its"

data/spec/helpers/webmock_helper.rb CHANGED Viewed

@@ -32,7 +32,13 @@ module WebMockHelper
   def response_for(response_file, options = {})
     response = {}
-    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{options[:format] || :json}"))
+    format = options[:format] || :json
+    if format == :json
+      response[:headers] = {
+        'Content-Type': 'application/json'
+      }
+    end
+    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{format}"))
     if options[:status]
       response[:status] = options[:status]
     end

data/spec/mock_response/errors/unknown.json CHANGED Viewed

@@ -1 +1,3 @@
-Fuckin Unknown Error
+{
+  "unknown": "unknown"
+}

data/spec/openid_connect/client/registrar_spec.rb CHANGED Viewed

@@ -253,7 +253,7 @@ describe OpenIDConnect::Client::Registrar do
     end
     context 'otherwise' do
-      it { should be_instance_of HTTPClient }
+      it { should be_instance_of Faraday::Connection }
     end
   end
 end

data/spec/openid_connect/client_spec.rb CHANGED Viewed

@@ -162,16 +162,6 @@ describe OpenIDConnect::Client do
       end
     end
-    context 'when invalid JSON is returned' do
-      it 'should raise OpenIDConnect::Exception' do
-        mock_json :post, client.token_endpoint, 'access_token/invalid_json', request_header: header_params, params: protocol_params do
-          expect do
-            access_token
-          end.to raise_error OpenIDConnect::Exception, 'Unknown Token Type'
-        end
-      end
-    end
     context 'otherwise' do
       it 'should raise Unexpected Token Type exception' do
         mock_json :post, client.token_endpoint, 'access_token/mac', request_header: header_params, params: protocol_params do

data/spec/openid_connect_spec.rb CHANGED Viewed

@@ -46,12 +46,12 @@ describe OpenIDConnect do
     context 'with http_config' do
       before do
         OpenIDConnect.http_config do |config|
-          config.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          config.ssl.verify = false
         end
       end
       it 'should configure OpenIDConnect, SWD and Rack::OAuth2\'s http_client' do
         [OpenIDConnect, SWD, WebFinger, Rack::OAuth2].each do |klass|
-          klass.http_client.ssl_config.verify_mode.should == OpenSSL::SSL::VERIFY_NONE
+          klass.http_client.ssl.verify.should be_falsy
         end
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openid_connect
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: 2.3.1
 platform: ruby
 authors:
 - nov matake
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-10-08 00:00:00.000000000 Z
+date: 2024-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: tzinfo
@@ -67,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: validate_email
+  name: email_validator
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,75 +81,103 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: json-jwt
+  name: mail
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: swd
+  name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: webfinger
+  name: faraday-follow_redirects
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: swd
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: rack-oauth2
+  name: webfinger
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: net-smtp
+  name: rack-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -245,6 +273,7 @@ files:
 - ".github/workflows/spec.yml"
 - ".gitignore"
 - ".rspec"
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.rdoc
@@ -253,11 +282,10 @@ files:
 - VERSION
 - lib/openid_connect.rb
 - lib/openid_connect/access_token.rb
+- lib/openid_connect/access_token/mtls.rb
 - lib/openid_connect/client.rb
 - lib/openid_connect/client/registrar.rb
 - lib/openid_connect/connect_object.rb
-- lib/openid_connect/debugger.rb
-- lib/openid_connect/debugger/request_filter.rb
 - lib/openid_connect/discovery.rb
 - lib/openid_connect/discovery/provider.rb
 - lib/openid_connect/discovery/provider/config.rb
@@ -312,7 +340,6 @@ files:
 - spec/openid_connect/client/registrar_spec.rb
 - spec/openid_connect/client_spec.rb
 - spec/openid_connect/connect_object_spec.rb
-- spec/openid_connect/debugger/request_filter_spec.rb
 - spec/openid_connect/discovery/provider/config/resource_spec.rb
 - spec/openid_connect/discovery/provider/config/response_spec.rb
 - spec/openid_connect/discovery/provider/config_spec.rb
@@ -350,7 +377,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: OpenID Connect Server & Client Library
@@ -386,7 +413,6 @@ test_files:
 - spec/openid_connect/client/registrar_spec.rb
 - spec/openid_connect/client_spec.rb
 - spec/openid_connect/connect_object_spec.rb
-- spec/openid_connect/debugger/request_filter_spec.rb
 - spec/openid_connect/discovery/provider/config/resource_spec.rb
 - spec/openid_connect/discovery/provider/config/response_spec.rb
 - spec/openid_connect/discovery/provider/config_spec.rb

data/lib/openid_connect/debugger/request_filter.rb DELETED Viewed

@@ -1,28 +0,0 @@
-module OpenIDConnect
-  module Debugger
-    class RequestFilter
-      # Callback called in HTTPClient (before sending a request)
-      # request:: HTTP::Message
-      def filter_request(request)
-        started = "======= [OpenIDConnect] HTTP REQUEST STARTED ======="
-        log started, request.dump
-      end
-      # Callback called in HTTPClient (after received a response)
-      # request::  HTTP::Message
-      # response:: HTTP::Message
-      def filter_response(request, response)
-        finished = "======= [OpenIDConnect] HTTP REQUEST FINISHED ======="
-        log '-' * 50, response.dump, finished
-      end
-      private
-      def log(*outputs)
-        outputs.each do |output|
-          OpenIDConnect.logger.info output
-        end
-      end
-    end
-  end
-end

data/lib/openid_connect/debugger.rb DELETED Viewed

@@ -1,3 +0,0 @@
-Dir[File.dirname(__FILE__) + '/debugger/*.rb'].each do |file|
-  require file
-end

data/spec/openid_connect/debugger/request_filter_spec.rb DELETED Viewed

@@ -1,33 +0,0 @@
-require 'spec_helper'
-describe OpenIDConnect::Debugger::RequestFilter do
-  let(:resource_endpoint) { 'https://example.com/resources' }
-  let(:request) { HTTP::Message.new_request(:get, URI.parse(resource_endpoint)) }
-  let(:response) { HTTP::Message.new_response({hello: 'world'}.to_json) }
-  let(:request_filter) { OpenIDConnect::Debugger::RequestFilter.new }
-  describe '#filter_request' do
-    it 'should log request' do
-      [
-        "======= [OpenIDConnect] HTTP REQUEST STARTED =======",
-        request.dump
-      ].each do |output|
-        expect(OpenIDConnect.logger).to receive(:info).with output
-      end
-      request_filter.filter_request(request)
-    end
-  end
-  describe '#filter_response' do
-    it 'should log response' do
-      [
-        "--------------------------------------------------",
-        response.dump,
-        "======= [OpenIDConnect] HTTP REQUEST FINISHED ======="
-      ].each do |output|
-        expect(OpenIDConnect.logger).to receive(:info).with output
-      end
-      request_filter.filter_response(request, response)
-    end
-  end
-end