rack-oauth2 1.12.0 → 1.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c09e887a3c902ebbbfd1b2a1698d8a4d68d28e18e75616c629dd75e981e2a9d2
-  data.tar.gz: c0142a2c05df047f0d8f1e9ac11f428983d27a8945d5ae5be213be41b5615e20
+  metadata.gz: '088da2d085846ab34b5eff33247abacd16b94041fd9cf2f4cf89a70e955318b9'
+  data.tar.gz: e7799db50a8441912d39ff193e2531ff0f5400ac4a2d6b8e3bce6121193ff9a7
 SHA512:
-  metadata.gz: ab1002bdd363b2edab71e8eeebd9872bca8ea2be6ad2a99875543974a2b85340ddcb42fc4ddf22f779b18429dc48a9d36fd91e9059391b76b537c04293ac2056
-  data.tar.gz: bdffd308340040287a3a8777cdaaaa9de58873d4d27e080dc719b4715ca53fd413bc726f19382b63cd086ad3dd47ac139a665f0acfcd25d2bb2a5e266d8dafce
+  metadata.gz: b8418d25dcd7acbaecc740e44fa67dc36dd63399be872151b3df0118359298ff73c855c566af0353409da0cba0e96c3c779dabfc92f0140e47321e987c84370e
+  data.tar.gz: 4969ef8fdf1b4dd67ad8f8aa18591d0a0a353718f817a662a27af4e34a13dc7d4cc2e09a2bd345fb2736b502bcc38a9dcebc7681efb60d6123f16cfe3440dcaa

data/.travis.yml

@@ -2,6 +2,6 @@ before_install:
   - gem install bundler
 
 rvm:
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0
+  - 2.5.8
+  - 2.6.6
+  - 2.7.1

data/README.rdoc

@@ -28,17 +28,11 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
 
 === Bearer
 
-Running on Heroku
-https://rack-oauth2-sample.heroku.com
-
 Source on GitHub
 https://github.com/nov/rack-oauth2-sample
 
 === MAC
 
-Running on Heroku
-https://rack-oauth2-sample-mac.heroku.com
-
 Source on GitHub
 https://github.com/nov/rack-oauth2-sample-mac
 

data/VERSION

@@ -1 +1 @@
-1.12.0
+1.14.0

data/lib/rack/oauth2/client.rb

@@ -73,17 +73,20 @@ module Rack
         http_client = Rack::OAuth2.http_client
 
         # NOTE:
-        #  Using Array#estract_options! for backward compatibility.
+        #  Using Array#extract_options! for backward compatibility.
         #  Until v1.0.5, the first argument was 'client_auth_method' in scalar.
         options = args.extract_options!
-        client_auth_method = args.first || options.delete(:client_auth_method) || :basic
+        client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic
 
         params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
         params.merge! options
 
         case client_auth_method
         when :basic
-          cred = ["#{identifier}:#{secret}"].pack('m').tr("\n", '')
+          cred = Base64.strict_encode64 [
+            Util.www_form_urlencode(identifier),
+            Util.www_form_urlencode(secret)
+          ].join(':')
           headers.merge!(
             'Authorization' => "Basic #{cred}"
           )

data/lib/rack/oauth2/server/rails/response_ext.rb

@@ -5,7 +5,7 @@ module Rack
         module ResponseExt
           def redirect?
             ensure_finish do
-              @response.redirect?
+              super
             end
           end
 
@@ -17,7 +17,7 @@ module Rack
 
           def json
             ensure_finish do
-              @response.body
+              @body
             end
           end
 
@@ -39,7 +39,7 @@ module Rack
           end
 
           def ensure_finish
-            @status, @header, @response = finish unless finished?
+            @status, @header, @body = finish unless finished?
             yield
           end
         end

data/lib/rack/oauth2/urn.rb

@@ -3,14 +3,14 @@ module Rack
     module URN
       module TokenType
         JWT           = 'urn:ietf:params:oauth:token-type:jwt'           # RFC7519
-        ACCESS_TOKEN  = 'urn:ietf:params:oauth:token-type:access-token'  # draft-ietf-oauth-token-exchange
-        REFRESH_TOKEN = 'urn:ietf:params:oauth:token-type:refresh-token' # draft-ietf-oauth-token-exchange
+        ACCESS_TOKEN  = 'urn:ietf:params:oauth:token-type:access_token'  # RFC8693
+        REFRESH_TOKEN = 'urn:ietf:params:oauth:token-type:refresh_token' # RFC8693
       end
 
       module GrantType
         JWT_BEARER     = 'urn:ietf:params:oauth:grant-type:jwt-bearer'     # RFC7523
         SAML2_BEARER   = 'urn:ietf:params:oauth:grant-type:saml2-bearer'   # RFC7522
-        TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange' # draft-ietf-oauth-token-exchange
+        TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange' # RFC8693
       end
 
       module ClientAssertionType

data/lib/rack/oauth2/util.rb

@@ -8,6 +8,10 @@ module Rack
           URI.encode(text, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
         end
 
+        def www_form_urlencode(text)
+          URI.encode_www_form_component(text)
+        end
+
         def base64_encode(text)
           Base64.encode64(text).delete("\n")
         end

data/rack-oauth2.gemspec

@@ -13,7 +13,7 @@ Gem::Specification.new do |s|
   s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.files = `git ls-files`.split("\n")
   s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.add_runtime_dependency 'rack', '< 2.1'
+  s.add_runtime_dependency 'rack', '>= 2.1.0'
   s.add_runtime_dependency 'httpclient'
   s.add_runtime_dependency 'activesupport'
   s.add_runtime_dependency 'attr_required'

data/spec/rack/oauth2/client_spec.rb

@@ -1,10 +1,12 @@
 require 'spec_helper.rb'
 
 describe Rack::OAuth2::Client do
+  let(:client_id) { 'client_id' }
+  let(:client_secret) { 'client_secret' }
   let :client do
     Rack::OAuth2::Client.new(
-      identifier: 'client_id',
-      secret: 'client_secret',
+      identifier: client_id,
+      secret: client_secret,
       host: 'server.example.com',
       redirect_uri: 'https://client.example.com/callback'
     )
@@ -97,6 +99,24 @@ describe Rack::OAuth2::Client do
           client.access_token!
         end
 
+        context 'when Basic auth method is used' do
+          context 'when client_id is a url' do
+            let(:client_id) { 'https://client.example.com'}
+
+            it 'should be encoded in "application/x-www-form-urlencoded"' do
+              mock_response(
+                :post,
+                'https://server.example.com/oauth2/token',
+                'tokens/bearer.json',
+                request_header: {
+                  'Authorization' => 'Basic aHR0cHMlM0ElMkYlMkZjbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
+                }
+              )
+              client.access_token!
+            end
+          end
+        end
+
         context 'when jwt_bearer auth method specified' do
           context 'when client_secret is given' do
             it 'should be JWT bearer client assertion w/ auto-generated HS256-signed JWT assertion' do

data/spec/rack/oauth2/server/resource/error_spec.rb

@@ -10,7 +10,7 @@ describe Rack::OAuth2::Server::Resource::BadRequest do
       status, header, response = error.finish
       status.should == 400
       header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"invalid_request"}']
+      response.should == ['{"error":"invalid_request"}']
     end
   end
 end
@@ -44,7 +44,7 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         status.should == 401
         header['Content-Type'].should == 'application/json'
         header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
-        response.body.should == ['{"error":"invalid_token"}']
+        response.should == ['{"error":"invalid_token"}']
       end
 
       context 'when error_code is not invalid_token' do
@@ -53,7 +53,7 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         it 'should have error_code in body but not in WWW-Authenticate header' do
           status, header, response = error_with_scheme.finish
           header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
-          response.body.first.should include '"error":"something"'
+          response.first.should include '"error":"something"'
         end
       end
 
@@ -63,7 +63,7 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         it 'should have error_code in body but not in WWW-Authenticate header' do
           status, header, response = error_with_scheme.finish
           header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
-          response.body.first.should == '{"error":"unauthorized"}'
+          response.first.should == '{"error":"unauthorized"}'
         end
       end
 
@@ -74,7 +74,7 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         it 'should use given realm' do
           status, header, response = error_with_scheme.finish
           header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
-          response.body.first.should include '"error":"something"'
+          response.first.should include '"error":"something"'
         end
       end
     end
@@ -91,7 +91,7 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
       status, header, response = error.finish
       status.should == 403
       header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"insufficient_scope"}']
+      response.should == ['{"error":"insufficient_scope"}']
     end
   end
 
@@ -100,7 +100,7 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
 
     it 'should have blank WWW-Authenticate header' do
       status, header, response = error.finish
-      response.body.first.should include '"scope":"scope1 scope2"'
+      response.first.should include '"scope":"scope1 scope2"'
     end
   end
 end

data/spec/rack/oauth2/server/token/error_spec.rb

@@ -10,7 +10,7 @@ describe Rack::OAuth2::Server::Token::BadRequest do
       status, header, response = error.finish
       status.should == 400
       header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"invalid_request"}']
+      response.should == ['{"error":"invalid_request"}']
     end
   end
 end
@@ -26,7 +26,7 @@ describe Rack::OAuth2::Server::Token::Unauthorized do
       status.should == 401
       header['Content-Type'].should == 'application/json'
       header['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
-      response.body.should == ['{"error":"invalid_request"}']
+      response.should == ['{"error":"invalid_request"}']
     end
   end
 end
@@ -74,4 +74,4 @@ describe Rack::OAuth2::Server::Token::ErrorMethods do
       end
     end
   end
-end
+end

data/spec/rack/oauth2/server/token_spec.rb

@@ -30,7 +30,7 @@ describe Rack::OAuth2::Server::Token do
       it 'should fail with unsupported_grant_type' do
         status, header, response = app.call(env)
         status.should == 400
-        response.body.first.should include '"error":"invalid_request"'
+        response.first.should include '"error":"invalid_request"'
       end
     end
 

data/spec/rack/oauth2/util_spec.rb

@@ -14,6 +14,11 @@ describe Rack::OAuth2::Util do
     it { should == '%3D%2B%20.-%2F' }
   end
 
+  describe '.www_form_urlencode' do
+    subject { util.www_form_urlencode '=+ .-/' }
+    it { should == '%3D%2B+.-%2F' }
+  end
+
   describe '.base64_encode' do
     subject { util.base64_encode '=+ .-/' }
     it { should == 'PSsgLi0v' }

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: rack-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.12.0
+  version: 1.14.0
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-25 00:00:00.000000000 Z
+date: 2020-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: 2.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: httpclient
   requirement: !ruby/object:Gem::Requirement