openid_connect 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
openid_connect (0.1.
|
|
4
|
+
openid_connect (0.1.2)
|
|
5
5
|
activemodel (>= 3)
|
|
6
6
|
attr_required (>= 0.0.5)
|
|
7
7
|
json (>= 1.4.3)
|
|
@@ -38,7 +38,6 @@ GEM
|
|
|
38
38
|
jruby-openssl (0.7.6.1)
|
|
39
39
|
bouncy-castle-java (>= 1.5.0146.1)
|
|
40
40
|
json (1.6.5)
|
|
41
|
-
json (1.6.5-java)
|
|
42
41
|
json-jwt (0.0.7)
|
|
43
42
|
activesupport (>= 2.3)
|
|
44
43
|
i18n
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.3
|
|
@@ -18,9 +18,12 @@ module OpenIDConnect
|
|
|
18
18
|
@exp = @exp.to_i
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
def verify!(
|
|
22
|
-
exp.to_i >= Time.now.to_i &&
|
|
23
|
-
|
|
21
|
+
def verify!(expected = {})
|
|
22
|
+
exp.to_i >= Time.now.to_i &&
|
|
23
|
+
iss == expected[:issuer] &&
|
|
24
|
+
aud == expected[:client_id] &&
|
|
25
|
+
nonce == expected[:nonce] or
|
|
26
|
+
raise InvalidToken.new('Invalid ID Token')
|
|
24
27
|
end
|
|
25
28
|
|
|
26
29
|
def to_jwt(key, algorithm = :RS256)
|
|
@@ -33,7 +36,7 @@ module OpenIDConnect
|
|
|
33
36
|
|
|
34
37
|
class << self
|
|
35
38
|
def decode(jwt_string, key_or_client)
|
|
36
|
-
|
|
39
|
+
case key_or_client
|
|
37
40
|
when Client
|
|
38
41
|
OpenIDConnect::AccessToken.new(
|
|
39
42
|
:client => key_or_client,
|
data/lib/openid_connect.rb
CHANGED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
class Rack::OAuth2::Server::Authorize
|
|
2
|
+
module RequestWithConnectParams
|
|
3
|
+
# NOTE: nonce is REQUIRED, but define optional attributes not to break rack-oauth2 for now
|
|
4
|
+
CONNECT_EXT_PARAMS = [:nonce, :display, :prompt, :request, :request_uri]
|
|
5
|
+
|
|
6
|
+
def self.included(klass)
|
|
7
|
+
klass.send :attr_optional, *CONNECT_EXT_PARAMS
|
|
8
|
+
klass.class_eval do
|
|
9
|
+
def initialize_with_connect_params(env)
|
|
10
|
+
initialize_without_connect_params env
|
|
11
|
+
CONNECT_EXT_PARAMS.each do |attribute|
|
|
12
|
+
self.send :"#{attribute}=", params[attribute.to_s]
|
|
13
|
+
end
|
|
14
|
+
invalid_request!('Nonce Required') if openid_connect_request? && nonce.blank?
|
|
15
|
+
end
|
|
16
|
+
alias_method_chain :initialize, :connect_params
|
|
17
|
+
|
|
18
|
+
def openid_connect_request?
|
|
19
|
+
scope.include?('openid')
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
Request.send :include, RequestWithConnectParams
|
|
25
|
+
end
|
|
@@ -22,20 +22,95 @@ describe OpenIDConnect::ResponseObject::IdToken do
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
describe '#verify!' do
|
|
25
|
-
context 'when
|
|
26
|
-
it
|
|
25
|
+
context 'when both issuer, client_id and nonce are valid' do
|
|
26
|
+
it do
|
|
27
|
+
id_token.verify!(
|
|
28
|
+
:issuer => attributes[:iss],
|
|
29
|
+
:client_id => attributes[:aud],
|
|
30
|
+
:nonce => attributes[:nonce]
|
|
31
|
+
).should be_true
|
|
32
|
+
end
|
|
27
33
|
|
|
28
34
|
context 'when expired' do
|
|
29
35
|
let(:ext) { 10.minutes.ago }
|
|
30
36
|
it do
|
|
31
|
-
expect
|
|
37
|
+
expect do
|
|
38
|
+
id_token.verify!(
|
|
39
|
+
:issuer => attributes[:iss],
|
|
40
|
+
:client_id => attributes[:aud],
|
|
41
|
+
:nonce => attributes[:nonce]
|
|
42
|
+
)
|
|
43
|
+
end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
|
32
44
|
end
|
|
33
45
|
end
|
|
34
46
|
end
|
|
35
47
|
|
|
36
|
-
context '
|
|
48
|
+
context 'when issuer is invalid' do
|
|
49
|
+
it do
|
|
50
|
+
expect do
|
|
51
|
+
id_token.verify!(
|
|
52
|
+
:issuer => 'invalid_issuer',
|
|
53
|
+
:client_id => attributes[:aud],
|
|
54
|
+
:nonce => attributes[:nonce]
|
|
55
|
+
)
|
|
56
|
+
end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
context 'when issuer is missing' do
|
|
61
|
+
it do
|
|
62
|
+
expect do
|
|
63
|
+
id_token.verify!(
|
|
64
|
+
:client_id => attributes[:aud],
|
|
65
|
+
:nonce => attributes[:nonce]
|
|
66
|
+
)
|
|
67
|
+
end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
context 'when client_id is invalid' do
|
|
72
|
+
it do
|
|
73
|
+
expect do
|
|
74
|
+
id_token.verify!(
|
|
75
|
+
:issuer => attributes[:iss],
|
|
76
|
+
:client_id => 'invalid_client',
|
|
77
|
+
:nonce => attributes[:nonce]
|
|
78
|
+
)
|
|
79
|
+
end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
context 'when client_id is missing' do
|
|
84
|
+
it do
|
|
85
|
+
expect do
|
|
86
|
+
id_token.verify!(
|
|
87
|
+
:issuer => attributes[:iss],
|
|
88
|
+
:nonce => attributes[:nonce]
|
|
89
|
+
)
|
|
90
|
+
end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
context 'when nonce is invalid' do
|
|
95
|
+
it do
|
|
96
|
+
expect do
|
|
97
|
+
id_token.verify!(
|
|
98
|
+
:issuer => attributes[:iss],
|
|
99
|
+
:client_id => attributes[:aud],
|
|
100
|
+
:nonce => 'invalid_nonce'
|
|
101
|
+
)
|
|
102
|
+
end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
context 'when nonce is missing' do
|
|
37
107
|
it do
|
|
38
|
-
expect
|
|
108
|
+
expect do
|
|
109
|
+
id_token.verify!(
|
|
110
|
+
:issuer => attributes[:iss],
|
|
111
|
+
:client_id => attributes[:aud]
|
|
112
|
+
)
|
|
113
|
+
end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
|
39
114
|
end
|
|
40
115
|
end
|
|
41
116
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,11 +9,11 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-02-
|
|
12
|
+
date: 2012-02-17 00:00:00.000000000Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: json
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70146497161760 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 1.4.3
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70146497161760
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: tzinfo
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70146497161120 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: '0'
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70146497161120
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: attr_required
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70146497159480 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ! '>='
|
|
@@ -43,10 +43,10 @@ dependencies:
|
|
|
43
43
|
version: 0.0.5
|
|
44
44
|
type: :runtime
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70146497159480
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: activemodel
|
|
49
|
-
requirement: &
|
|
49
|
+
requirement: &70146497158360 !ruby/object:Gem::Requirement
|
|
50
50
|
none: false
|
|
51
51
|
requirements:
|
|
52
52
|
- - ! '>='
|
|
@@ -54,10 +54,10 @@ dependencies:
|
|
|
54
54
|
version: '3'
|
|
55
55
|
type: :runtime
|
|
56
56
|
prerelease: false
|
|
57
|
-
version_requirements: *
|
|
57
|
+
version_requirements: *70146497158360
|
|
58
58
|
- !ruby/object:Gem::Dependency
|
|
59
59
|
name: validate_url
|
|
60
|
-
requirement: &
|
|
60
|
+
requirement: &70146497148360 !ruby/object:Gem::Requirement
|
|
61
61
|
none: false
|
|
62
62
|
requirements:
|
|
63
63
|
- - ! '>='
|
|
@@ -65,10 +65,10 @@ dependencies:
|
|
|
65
65
|
version: '0'
|
|
66
66
|
type: :runtime
|
|
67
67
|
prerelease: false
|
|
68
|
-
version_requirements: *
|
|
68
|
+
version_requirements: *70146497148360
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: validate_email
|
|
71
|
-
requirement: &
|
|
71
|
+
requirement: &70146497147620 !ruby/object:Gem::Requirement
|
|
72
72
|
none: false
|
|
73
73
|
requirements:
|
|
74
74
|
- - ! '>='
|
|
@@ -76,10 +76,10 @@ dependencies:
|
|
|
76
76
|
version: '0'
|
|
77
77
|
type: :runtime
|
|
78
78
|
prerelease: false
|
|
79
|
-
version_requirements: *
|
|
79
|
+
version_requirements: *70146497147620
|
|
80
80
|
- !ruby/object:Gem::Dependency
|
|
81
81
|
name: json-jwt
|
|
82
|
-
requirement: &
|
|
82
|
+
requirement: &70146497146960 !ruby/object:Gem::Requirement
|
|
83
83
|
none: false
|
|
84
84
|
requirements:
|
|
85
85
|
- - ! '>='
|
|
@@ -87,10 +87,10 @@ dependencies:
|
|
|
87
87
|
version: 0.0.3
|
|
88
88
|
type: :runtime
|
|
89
89
|
prerelease: false
|
|
90
|
-
version_requirements: *
|
|
90
|
+
version_requirements: *70146497146960
|
|
91
91
|
- !ruby/object:Gem::Dependency
|
|
92
92
|
name: swd
|
|
93
|
-
requirement: &
|
|
93
|
+
requirement: &70146497146440 !ruby/object:Gem::Requirement
|
|
94
94
|
none: false
|
|
95
95
|
requirements:
|
|
96
96
|
- - ! '>='
|
|
@@ -98,10 +98,10 @@ dependencies:
|
|
|
98
98
|
version: 0.1.2
|
|
99
99
|
type: :runtime
|
|
100
100
|
prerelease: false
|
|
101
|
-
version_requirements: *
|
|
101
|
+
version_requirements: *70146497146440
|
|
102
102
|
- !ruby/object:Gem::Dependency
|
|
103
103
|
name: rack-oauth2
|
|
104
|
-
requirement: &
|
|
104
|
+
requirement: &70146497145960 !ruby/object:Gem::Requirement
|
|
105
105
|
none: false
|
|
106
106
|
requirements:
|
|
107
107
|
- - ! '>='
|
|
@@ -109,10 +109,10 @@ dependencies:
|
|
|
109
109
|
version: 0.14.2
|
|
110
110
|
type: :runtime
|
|
111
111
|
prerelease: false
|
|
112
|
-
version_requirements: *
|
|
112
|
+
version_requirements: *70146497145960
|
|
113
113
|
- !ruby/object:Gem::Dependency
|
|
114
114
|
name: rake
|
|
115
|
-
requirement: &
|
|
115
|
+
requirement: &70146497145480 !ruby/object:Gem::Requirement
|
|
116
116
|
none: false
|
|
117
117
|
requirements:
|
|
118
118
|
- - ! '>='
|
|
@@ -120,10 +120,10 @@ dependencies:
|
|
|
120
120
|
version: '0.8'
|
|
121
121
|
type: :development
|
|
122
122
|
prerelease: false
|
|
123
|
-
version_requirements: *
|
|
123
|
+
version_requirements: *70146497145480
|
|
124
124
|
- !ruby/object:Gem::Dependency
|
|
125
125
|
name: cover_me
|
|
126
|
-
requirement: &
|
|
126
|
+
requirement: &70146497144840 !ruby/object:Gem::Requirement
|
|
127
127
|
none: false
|
|
128
128
|
requirements:
|
|
129
129
|
- - ! '>='
|
|
@@ -131,10 +131,10 @@ dependencies:
|
|
|
131
131
|
version: 1.2.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
|
-
version_requirements: *
|
|
134
|
+
version_requirements: *70146497144840
|
|
135
135
|
- !ruby/object:Gem::Dependency
|
|
136
136
|
name: rspec
|
|
137
|
-
requirement: &
|
|
137
|
+
requirement: &70146497144140 !ruby/object:Gem::Requirement
|
|
138
138
|
none: false
|
|
139
139
|
requirements:
|
|
140
140
|
- - ! '>='
|
|
@@ -142,10 +142,10 @@ dependencies:
|
|
|
142
142
|
version: '2'
|
|
143
143
|
type: :development
|
|
144
144
|
prerelease: false
|
|
145
|
-
version_requirements: *
|
|
145
|
+
version_requirements: *70146497144140
|
|
146
146
|
- !ruby/object:Gem::Dependency
|
|
147
147
|
name: webmock
|
|
148
|
-
requirement: &
|
|
148
|
+
requirement: &70146497143120 !ruby/object:Gem::Requirement
|
|
149
149
|
none: false
|
|
150
150
|
requirements:
|
|
151
151
|
- - ! '>='
|
|
@@ -153,7 +153,7 @@ dependencies:
|
|
|
153
153
|
version: 1.6.2
|
|
154
154
|
type: :development
|
|
155
155
|
prerelease: false
|
|
156
|
-
version_requirements: *
|
|
156
|
+
version_requirements: *70146497143120
|
|
157
157
|
description: OpenID Connect Server & Client Library
|
|
158
158
|
email:
|
|
159
159
|
- nov@matake.jp
|
|
@@ -194,6 +194,7 @@ files:
|
|
|
194
194
|
- lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb
|
|
195
195
|
- lib/rack/oauth2/server/authorize/extension/id_token.rb
|
|
196
196
|
- lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb
|
|
197
|
+
- lib/rack/oauth2/server/authorize/request_with_connect_params.rb
|
|
197
198
|
- lib/rack/oauth2/server/id_token_response.rb
|
|
198
199
|
- openid_connect.gemspec
|
|
199
200
|
- spec/helpers/webmock_helper.rb
|