openid_connect 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: db75e487f02e311c6b10d45f6d94fb167799d8a3
4
- data.tar.gz: 3d3b94d8ebde1a2148ada3f1a85bb9d82c511e8e
3
+ metadata.gz: 37cd15979ddc556edc06ece5242fc5a4cf351351
4
+ data.tar.gz: 3938aac7d54a50f82a4e030a107ec057f591cc79
5
5
  SHA512:
6
- metadata.gz: a4dfe4ed94fe1a22a3cddf045e462865c1deebf84a5fe9b2892ea0f0a26053c71a431e95c8ff6a79acb8e03a51e2be199cca219e02b28a306bafd2e8f8b67ad6
7
- data.tar.gz: 6875f5710d295b1d357ddae698b829459c323e792e969b7ea3c9126ed298c63f6b2f6a6a553397fcafc71cbc385415b44ec6f4b5a8753292d8d8cabd7cfc9b01
6
+ metadata.gz: c1de1552a703405e1846c9e150fe640e9d90a12fd4a4bc14f52e09a2a8ce0c7e61f0a89809983b8b5693865cfcb7d3a0f66b45b0e9e87952432526a0b814b7dc
7
+ data.tar.gz: 8d03ab7fc9d2473fc0f680455b301e143f72ef0b548ad65034eaabf7e6d7e85a514dd16a3ea720b3a05af731d00eb28e67fdc00a268cc49675a255d224f0b6b3
@@ -2,6 +2,5 @@ before_install:
2
2
  - gem install bundler
3
3
 
4
4
  rvm:
5
- - 2.2.2
6
- - 2.2.5
7
- - 2.3.1
5
+ - 2.3.5
6
+ - 2.4.2
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.1.3
1
+ 1.1.4
@@ -76,6 +76,16 @@ module OpenIDConnect
76
76
  end
77
77
  @@http_config ||= block
78
78
  end
79
+
80
+ def self.validate_discovery_issuer=(boolean)
81
+ @@validate_discovery_issuer = boolean
82
+ end
83
+
84
+ def self.validate_discovery_issuer
85
+ @@validate_discovery_issuer
86
+ end
87
+
88
+ self.validate_discovery_issuer = true
79
89
  end
80
90
 
81
91
  require 'openid_connect/exception'
@@ -27,7 +27,8 @@ module OpenIDConnect
27
27
 
28
28
  def handle_success_response(response)
29
29
  token_hash = JSON.parse(response.body).with_indifferent_access
30
- case token_type = token_hash[:token_type].try(:downcase)
30
+ token_type = (@forced_token_type || token_hash[:token_type]).try(:downcase)
31
+ case token_type
31
32
  when 'bearer'
32
33
  AccessToken.new token_hash.merge(client: self)
33
34
  else
@@ -41,4 +42,4 @@ end
41
42
 
42
43
  Dir[File.dirname(__FILE__) + '/client/*.rb'].each do |file|
43
44
  require file
44
- end
45
+ end
@@ -76,7 +76,7 @@ module OpenIDConnect
76
76
  end
77
77
  end
78
78
 
79
- def validate!(expected_issuer = nil)
79
+ def validate!
80
80
  valid? or raise ValidationFailed.new(self)
81
81
  end
82
82
 
@@ -95,7 +95,11 @@ module OpenIDConnect
95
95
 
96
96
  def validate_issuer_matching
97
97
  if expected_issuer.present? && issuer != expected_issuer
98
- errors.add :issuer, 'mismatch'
98
+ if OpenIDConnect.validate_discovery_issuer
99
+ errors.add :issuer, 'mismatch'
100
+ else
101
+ OpenIDConnect.logger.warn 'ignoring issuer mismach.'
102
+ end
99
103
  end
100
104
  end
101
105
  end
@@ -0,0 +1,3 @@
1
+ {
2
+ "access_token":"access_token"
3
+ }
@@ -178,6 +178,15 @@ describe OpenIDConnect::Client do
178
178
  expect { access_token }.to raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
179
179
  end
180
180
  end
181
+
182
+ context 'when token_type is forced' do
183
+ before { client.force_token_type! :bearer }
184
+ it 'should use forced token_type' do
185
+ mock_json :post, client.token_endpoint, 'access_token/without_token_type', request_header: header_params, params: protocol_params do
186
+ access_token.should be_a OpenIDConnect::AccessToken
187
+ end
188
+ end
189
+ end
181
190
  end
182
191
  end
183
- end
192
+ end
@@ -56,13 +56,33 @@ describe OpenIDConnect::Discovery::Provider::Config do
56
56
  end
57
57
  end
58
58
 
59
- context 'when response include invalid issuer' do
60
- it do
61
- expect do
62
- mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
63
- OpenIDConnect::Discovery::Provider::Config.discover! provider
64
- end
65
- end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
59
+ describe 'when response include invalid issuer' do
60
+ context 'with normal configuration' do
61
+ it do
62
+ expect do
63
+ mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
64
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
65
+ end
66
+ end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
67
+ end
68
+ end
69
+
70
+ context 'when issuer validation is disabled.' do
71
+ before :each do
72
+ OpenIDConnect.validate_discovery_issuer = false
73
+ end
74
+
75
+ after :each do
76
+ OpenIDConnect.validate_discovery_issuer = true
77
+ end
78
+
79
+ it do
80
+ expect do
81
+ mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
82
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
83
+ end
84
+ end.not_to raise_error
85
+ end
66
86
  end
67
87
  end
68
88
 
@@ -76,4 +96,4 @@ describe OpenIDConnect::Discovery::Provider::Config do
76
96
  end
77
97
  end
78
98
  end
79
- end
99
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.3
4
+ version: 1.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-24 00:00:00.000000000 Z
11
+ date: 2018-02-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json
@@ -272,6 +272,7 @@ files:
272
272
  - spec/mock_response/access_token/bearer_with_id_token.json
273
273
  - spec/mock_response/access_token/invalid_json.json
274
274
  - spec/mock_response/access_token/mac.json
275
+ - spec/mock_response/access_token/without_token_type.json
275
276
  - spec/mock_response/client/registered.json
276
277
  - spec/mock_response/client/rotated.json
277
278
  - spec/mock_response/client/updated.json
@@ -344,6 +345,7 @@ test_files:
344
345
  - spec/mock_response/access_token/bearer_with_id_token.json
345
346
  - spec/mock_response/access_token/invalid_json.json
346
347
  - spec/mock_response/access_token/mac.json
348
+ - spec/mock_response/access_token/without_token_type.json
347
349
  - spec/mock_response/client/registered.json
348
350
  - spec/mock_response/client/rotated.json
349
351
  - spec/mock_response/client/updated.json