openid_connect 1.1.3 → 1.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +2 -3
- data/VERSION +1 -1
- data/lib/openid_connect.rb +10 -0
- data/lib/openid_connect/client.rb +3 -2
- data/lib/openid_connect/discovery/provider/config/response.rb +6 -2
- data/spec/mock_response/access_token/without_token_type.json +3 -0
- data/spec/openid_connect/client_spec.rb +10 -1
- data/spec/openid_connect/discovery/provider/config_spec.rb +28 -8
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 37cd15979ddc556edc06ece5242fc5a4cf351351
|
4
|
+
data.tar.gz: 3938aac7d54a50f82a4e030a107ec057f591cc79
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c1de1552a703405e1846c9e150fe640e9d90a12fd4a4bc14f52e09a2a8ce0c7e61f0a89809983b8b5693865cfcb7d3a0f66b45b0e9e87952432526a0b814b7dc
|
7
|
+
data.tar.gz: 8d03ab7fc9d2473fc0f680455b301e143f72ef0b548ad65034eaabf7e6d7e85a514dd16a3ea720b3a05af731d00eb28e67fdc00a268cc49675a255d224f0b6b3
|
data/.travis.yml
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.1.
|
1
|
+
1.1.4
|
data/lib/openid_connect.rb
CHANGED
@@ -76,6 +76,16 @@ module OpenIDConnect
|
|
76
76
|
end
|
77
77
|
@@http_config ||= block
|
78
78
|
end
|
79
|
+
|
80
|
+
def self.validate_discovery_issuer=(boolean)
|
81
|
+
@@validate_discovery_issuer = boolean
|
82
|
+
end
|
83
|
+
|
84
|
+
def self.validate_discovery_issuer
|
85
|
+
@@validate_discovery_issuer
|
86
|
+
end
|
87
|
+
|
88
|
+
self.validate_discovery_issuer = true
|
79
89
|
end
|
80
90
|
|
81
91
|
require 'openid_connect/exception'
|
@@ -27,7 +27,8 @@ module OpenIDConnect
|
|
27
27
|
|
28
28
|
def handle_success_response(response)
|
29
29
|
token_hash = JSON.parse(response.body).with_indifferent_access
|
30
|
-
|
30
|
+
token_type = (@forced_token_type || token_hash[:token_type]).try(:downcase)
|
31
|
+
case token_type
|
31
32
|
when 'bearer'
|
32
33
|
AccessToken.new token_hash.merge(client: self)
|
33
34
|
else
|
@@ -41,4 +42,4 @@ end
|
|
41
42
|
|
42
43
|
Dir[File.dirname(__FILE__) + '/client/*.rb'].each do |file|
|
43
44
|
require file
|
44
|
-
end
|
45
|
+
end
|
@@ -76,7 +76,7 @@ module OpenIDConnect
|
|
76
76
|
end
|
77
77
|
end
|
78
78
|
|
79
|
-
def validate!
|
79
|
+
def validate!
|
80
80
|
valid? or raise ValidationFailed.new(self)
|
81
81
|
end
|
82
82
|
|
@@ -95,7 +95,11 @@ module OpenIDConnect
|
|
95
95
|
|
96
96
|
def validate_issuer_matching
|
97
97
|
if expected_issuer.present? && issuer != expected_issuer
|
98
|
-
|
98
|
+
if OpenIDConnect.validate_discovery_issuer
|
99
|
+
errors.add :issuer, 'mismatch'
|
100
|
+
else
|
101
|
+
OpenIDConnect.logger.warn 'ignoring issuer mismach.'
|
102
|
+
end
|
99
103
|
end
|
100
104
|
end
|
101
105
|
end
|
@@ -178,6 +178,15 @@ describe OpenIDConnect::Client do
|
|
178
178
|
expect { access_token }.to raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
|
179
179
|
end
|
180
180
|
end
|
181
|
+
|
182
|
+
context 'when token_type is forced' do
|
183
|
+
before { client.force_token_type! :bearer }
|
184
|
+
it 'should use forced token_type' do
|
185
|
+
mock_json :post, client.token_endpoint, 'access_token/without_token_type', request_header: header_params, params: protocol_params do
|
186
|
+
access_token.should be_a OpenIDConnect::AccessToken
|
187
|
+
end
|
188
|
+
end
|
189
|
+
end
|
181
190
|
end
|
182
191
|
end
|
183
|
-
end
|
192
|
+
end
|
@@ -56,13 +56,33 @@ describe OpenIDConnect::Discovery::Provider::Config do
|
|
56
56
|
end
|
57
57
|
end
|
58
58
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
59
|
+
describe 'when response include invalid issuer' do
|
60
|
+
context 'with normal configuration' do
|
61
|
+
it do
|
62
|
+
expect do
|
63
|
+
mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
|
64
|
+
OpenIDConnect::Discovery::Provider::Config.discover! provider
|
65
|
+
end
|
66
|
+
end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
context 'when issuer validation is disabled.' do
|
71
|
+
before :each do
|
72
|
+
OpenIDConnect.validate_discovery_issuer = false
|
73
|
+
end
|
74
|
+
|
75
|
+
after :each do
|
76
|
+
OpenIDConnect.validate_discovery_issuer = true
|
77
|
+
end
|
78
|
+
|
79
|
+
it do
|
80
|
+
expect do
|
81
|
+
mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
|
82
|
+
OpenIDConnect::Discovery::Provider::Config.discover! provider
|
83
|
+
end
|
84
|
+
end.not_to raise_error
|
85
|
+
end
|
66
86
|
end
|
67
87
|
end
|
68
88
|
|
@@ -76,4 +96,4 @@ describe OpenIDConnect::Discovery::Provider::Config do
|
|
76
96
|
end
|
77
97
|
end
|
78
98
|
end
|
79
|
-
end
|
99
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-02-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|
@@ -272,6 +272,7 @@ files:
|
|
272
272
|
- spec/mock_response/access_token/bearer_with_id_token.json
|
273
273
|
- spec/mock_response/access_token/invalid_json.json
|
274
274
|
- spec/mock_response/access_token/mac.json
|
275
|
+
- spec/mock_response/access_token/without_token_type.json
|
275
276
|
- spec/mock_response/client/registered.json
|
276
277
|
- spec/mock_response/client/rotated.json
|
277
278
|
- spec/mock_response/client/updated.json
|
@@ -344,6 +345,7 @@ test_files:
|
|
344
345
|
- spec/mock_response/access_token/bearer_with_id_token.json
|
345
346
|
- spec/mock_response/access_token/invalid_json.json
|
346
347
|
- spec/mock_response/access_token/mac.json
|
348
|
+
- spec/mock_response/access_token/without_token_type.json
|
347
349
|
- spec/mock_response/client/registered.json
|
348
350
|
- spec/mock_response/client/rotated.json
|
349
351
|
- spec/mock_response/client/updated.json
|