openid_connect 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +2 -3
- data/VERSION +1 -1
- data/lib/openid_connect.rb +10 -0
- data/lib/openid_connect/client.rb +3 -2
- data/lib/openid_connect/discovery/provider/config/response.rb +6 -2
- data/spec/mock_response/access_token/without_token_type.json +3 -0
- data/spec/openid_connect/client_spec.rb +10 -1
- data/spec/openid_connect/discovery/provider/config_spec.rb +28 -8
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 37cd15979ddc556edc06ece5242fc5a4cf351351
|
4
|
+
data.tar.gz: 3938aac7d54a50f82a4e030a107ec057f591cc79
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c1de1552a703405e1846c9e150fe640e9d90a12fd4a4bc14f52e09a2a8ce0c7e61f0a89809983b8b5693865cfcb7d3a0f66b45b0e9e87952432526a0b814b7dc
|
7
|
+
data.tar.gz: 8d03ab7fc9d2473fc0f680455b301e143f72ef0b548ad65034eaabf7e6d7e85a514dd16a3ea720b3a05af731d00eb28e67fdc00a268cc49675a255d224f0b6b3
|
data/.travis.yml
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.1.
|
1
|
+
1.1.4
|
data/lib/openid_connect.rb
CHANGED
@@ -76,6 +76,16 @@ module OpenIDConnect
|
|
76
76
|
end
|
77
77
|
@@http_config ||= block
|
78
78
|
end
|
79
|
+
|
80
|
+
def self.validate_discovery_issuer=(boolean)
|
81
|
+
@@validate_discovery_issuer = boolean
|
82
|
+
end
|
83
|
+
|
84
|
+
def self.validate_discovery_issuer
|
85
|
+
@@validate_discovery_issuer
|
86
|
+
end
|
87
|
+
|
88
|
+
self.validate_discovery_issuer = true
|
79
89
|
end
|
80
90
|
|
81
91
|
require 'openid_connect/exception'
|
@@ -27,7 +27,8 @@ module OpenIDConnect
|
|
27
27
|
|
28
28
|
def handle_success_response(response)
|
29
29
|
token_hash = JSON.parse(response.body).with_indifferent_access
|
30
|
-
|
30
|
+
token_type = (@forced_token_type || token_hash[:token_type]).try(:downcase)
|
31
|
+
case token_type
|
31
32
|
when 'bearer'
|
32
33
|
AccessToken.new token_hash.merge(client: self)
|
33
34
|
else
|
@@ -41,4 +42,4 @@ end
|
|
41
42
|
|
42
43
|
Dir[File.dirname(__FILE__) + '/client/*.rb'].each do |file|
|
43
44
|
require file
|
44
|
-
end
|
45
|
+
end
|
@@ -76,7 +76,7 @@ module OpenIDConnect
|
|
76
76
|
end
|
77
77
|
end
|
78
78
|
|
79
|
-
def validate!
|
79
|
+
def validate!
|
80
80
|
valid? or raise ValidationFailed.new(self)
|
81
81
|
end
|
82
82
|
|
@@ -95,7 +95,11 @@ module OpenIDConnect
|
|
95
95
|
|
96
96
|
def validate_issuer_matching
|
97
97
|
if expected_issuer.present? && issuer != expected_issuer
|
98
|
-
|
98
|
+
if OpenIDConnect.validate_discovery_issuer
|
99
|
+
errors.add :issuer, 'mismatch'
|
100
|
+
else
|
101
|
+
OpenIDConnect.logger.warn 'ignoring issuer mismach.'
|
102
|
+
end
|
99
103
|
end
|
100
104
|
end
|
101
105
|
end
|
@@ -178,6 +178,15 @@ describe OpenIDConnect::Client do
|
|
178
178
|
expect { access_token }.to raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
|
179
179
|
end
|
180
180
|
end
|
181
|
+
|
182
|
+
context 'when token_type is forced' do
|
183
|
+
before { client.force_token_type! :bearer }
|
184
|
+
it 'should use forced token_type' do
|
185
|
+
mock_json :post, client.token_endpoint, 'access_token/without_token_type', request_header: header_params, params: protocol_params do
|
186
|
+
access_token.should be_a OpenIDConnect::AccessToken
|
187
|
+
end
|
188
|
+
end
|
189
|
+
end
|
181
190
|
end
|
182
191
|
end
|
183
|
-
end
|
192
|
+
end
|
@@ -56,13 +56,33 @@ describe OpenIDConnect::Discovery::Provider::Config do
|
|
56
56
|
end
|
57
57
|
end
|
58
58
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
59
|
+
describe 'when response include invalid issuer' do
|
60
|
+
context 'with normal configuration' do
|
61
|
+
it do
|
62
|
+
expect do
|
63
|
+
mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
|
64
|
+
OpenIDConnect::Discovery::Provider::Config.discover! provider
|
65
|
+
end
|
66
|
+
end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
context 'when issuer validation is disabled.' do
|
71
|
+
before :each do
|
72
|
+
OpenIDConnect.validate_discovery_issuer = false
|
73
|
+
end
|
74
|
+
|
75
|
+
after :each do
|
76
|
+
OpenIDConnect.validate_discovery_issuer = true
|
77
|
+
end
|
78
|
+
|
79
|
+
it do
|
80
|
+
expect do
|
81
|
+
mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
|
82
|
+
OpenIDConnect::Discovery::Provider::Config.discover! provider
|
83
|
+
end
|
84
|
+
end.not_to raise_error
|
85
|
+
end
|
66
86
|
end
|
67
87
|
end
|
68
88
|
|
@@ -76,4 +96,4 @@ describe OpenIDConnect::Discovery::Provider::Config do
|
|
76
96
|
end
|
77
97
|
end
|
78
98
|
end
|
79
|
-
end
|
99
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-02-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|
@@ -272,6 +272,7 @@ files:
|
|
272
272
|
- spec/mock_response/access_token/bearer_with_id_token.json
|
273
273
|
- spec/mock_response/access_token/invalid_json.json
|
274
274
|
- spec/mock_response/access_token/mac.json
|
275
|
+
- spec/mock_response/access_token/without_token_type.json
|
275
276
|
- spec/mock_response/client/registered.json
|
276
277
|
- spec/mock_response/client/rotated.json
|
277
278
|
- spec/mock_response/client/updated.json
|
@@ -344,6 +345,7 @@ test_files:
|
|
344
345
|
- spec/mock_response/access_token/bearer_with_id_token.json
|
345
346
|
- spec/mock_response/access_token/invalid_json.json
|
346
347
|
- spec/mock_response/access_token/mac.json
|
348
|
+
- spec/mock_response/access_token/without_token_type.json
|
347
349
|
- spec/mock_response/client/registered.json
|
348
350
|
- spec/mock_response/client/rotated.json
|
349
351
|
- spec/mock_response/client/updated.json
|