rack-oauth2 1.18.0 → 1.21.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e69450cef535f14c809f9f193acf6e477fea7ef78613def7c154decb7affc87b
-  data.tar.gz: 964dc3c51ae1e5b526b28c6e203466f0ad7cf35da3c0b9787b210081d4a19b6c
+  metadata.gz: ea660f2b5d5093f50fc789662f642f06ab591bf544250fea42d78a9849215384
+  data.tar.gz: 1e5ae55d569b7206ce78315439f249b8a4fbf9d0f6c64381de52d9d71f1441e7
 SHA512:
-  metadata.gz: 4f32e64b3729f04fa914e28056ef650ceff9eb12db1888d6c955061aa5f1df86be245336609f0956b7e54d08822da883acfb6b47a2816f5aee61b252f258536d
-  data.tar.gz: 711dfbc5208521af851f7d01a5b52086989576afedcdd474dd393c5b2c2073767e74e6adddca45a7bd7e9f500cc57cda71c0ef3608555efdf67bd853ae7e9e69
+  metadata.gz: dab28eaa8890caaecab687bf022e3ecef01388c06ba10af2afb78e61db87f16c8a5b84935fbac2c0b83be08a092ebf981c8efca19c3f5c322c5bb17926127b20
+  data.tar.gz: 231a74d20f2a5635255686c58451b1045fabbb072c6fb971d8a39149444d68a6e48a06fdf87146632fbcd815b988c6bff1a5802f8499b3f8e580756a95fecaf2

data/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: nov

data/.travis.yml

@@ -5,4 +5,4 @@ rvm:
   - 2.5.8
   - 2.6.6
   - 2.7.2
-  - 3.0.0
+  - 3.0.2

data/VERSION

@@ -1 +1 @@
-1.18.0
+1.21.0

data/lib/rack/oauth2/client.rb

@@ -3,7 +3,7 @@ module Rack
     class Client
       include AttrRequired, AttrOptional
       attr_required :identifier
-      attr_optional :secret, :private_key, :certificate, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint
+      attr_optional :secret, :private_key, :certificate, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint, :revocation_endpoint
 
       def initialize(attributes = {})
         (required_attributes + optional_attributes).each do |key|
@@ -69,7 +69,65 @@ module Rack
       end
 
       def access_token!(*args)
-        headers, params = {}, @grant.as_json
+        headers, params, http_client, options = authenticated_context_from(*args)
+        params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
+        params.merge! @grant.as_json
+        params.merge! options
+        handle_response do
+          http_client.post(
+            absolute_uri_for(token_endpoint),
+            Util.compact_hash(params),
+            headers
+          )
+        end
+      end
+
+      def revoke!(*args)
+        headers, params, http_client, options = authenticated_context_from(*args)
+
+        params.merge! case
+        when access_token = options.delete(:access_token)
+          {
+            token: access_token,
+            token_type_hint: :access_token
+          }
+        when refresh_token = options.delete(:refresh_token)
+          {
+            token: refresh_token,
+            token_type_hint: :refresh_token
+          }
+        when @grant.is_a?(Grant::RefreshToken)
+          {
+            token: @grant.refresh_token,
+            token_type_hint: :refresh_token
+          }
+        when options[:token].blank?
+          raise AttrRequired::AttrMissing, 'One of "token", "access_token" and "refresh_token" is required'
+        end
+        params.merge! options
+
+        handle_revocation_response do
+          http_client.post(
+            absolute_uri_for(revocation_endpoint),
+            Util.compact_hash(params),
+            headers
+          )
+        end
+      end
+
+      private
+
+      def absolute_uri_for(endpoint)
+        _endpoint_ = Util.parse_uri endpoint
+        _endpoint_.scheme ||= self.scheme || 'https'
+        _endpoint_.host ||= self.host
+        _endpoint_.port ||= self.port
+        raise 'No Host Info' unless _endpoint_.host
+        _endpoint_.to_s
+      end
+
+      def authenticated_context_from(*args)
+        headers, params = {}, {}
         http_client = Rack::OAuth2.http_client
 
         # NOTE:
@@ -78,9 +136,6 @@ module Rack
         options = args.extract_options!
         client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic
 
-        params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
-        params.merge! options
-
         case client_auth_method
         when :basic
           cred = Base64.strict_encode64 [
@@ -100,9 +155,11 @@ module Rack
             client_assertion_type: URN::ClientAssertionType::JWT_BEARER
           )
           # NOTE: optionally auto-generate client_assertion.
-          if params[:client_assertion].blank?
+          params[:client_assertion] = if options[:client_assertion].present?
+            options.delete(:client_assertion)
+          else
             require 'json/jwt'
-            params[:client_assertion] = JSON::JWT.new(
+            JSON::JWT.new(
               iss: identifier,
               sub: identifier,
               aud: absolute_uri_for(token_endpoint),
@@ -127,24 +184,8 @@ module Rack
             client_secret: secret
           )
         end
-        handle_response do
-          http_client.post(
-            absolute_uri_for(token_endpoint),
-            Util.compact_hash(params),
-            headers
-          )
-        end
-      end
-
-      private
 
-      def absolute_uri_for(endpoint)
-        _endpoint_ = Util.parse_uri endpoint
-        _endpoint_.scheme ||= self.scheme || 'https'
-        _endpoint_.host ||= self.host
-        _endpoint_.port ||= self.port
-        raise 'No Host Info' unless _endpoint_.host
-        _endpoint_.to_s
+        [headers, params, http_client, options]
       end
 
       def handle_response
@@ -157,6 +198,16 @@ module Rack
         end
       end
 
+      def handle_revocation_response
+        response = yield
+        case response.status
+        when 200..201
+          :success
+        else
+          handle_error_response handle_error_response
+        end
+      end
+
       def handle_success_response(response)
         token_hash = JSON.parse(response.body).with_indifferent_access
         case (@forced_token_type || token_hash[:token_type]).try(:downcase)

data/lib/rack/oauth2.rb

@@ -43,6 +43,11 @@ module Rack
       _http_client_ = HTTPClient.new(
         agent_name: agent_name
       )
+
+      # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
+      _http_client_.ssl_config.clear_cert_store
+      _http_client_.ssl_config.cert_store.set_default_paths
+
       http_config.try(:call, _http_client_)
       local_http_config.try(:call, _http_client_) unless local_http_config.nil?
       _http_client_.request_filter << Debugger::RequestFilter.new if debugging?

data/rack-oauth2.gemspec

@@ -7,7 +7,7 @@ Gem::Specification.new do |s|
   s.email = 'nov@matake.jp'
   s.extra_rdoc_files = ['LICENSE', 'README.rdoc']
   s.rdoc_options = ['--charset=UTF-8']
-  s.homepage = 'http://github.com/nov/rack-oauth2'
+  s.homepage = 'https://github.com/nov/rack-oauth2'
   s.license = 'MIT'
   s.require_paths = ['lib']
   s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
@@ -23,4 +23,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec'
   s.add_development_dependency 'rspec-its'
   s.add_development_dependency 'webmock'
+  s.add_development_dependency 'rexml'
 end

data/spec/rack/oauth2/client_spec.rb

@@ -8,7 +8,8 @@ describe Rack::OAuth2::Client do
       identifier: client_id,
       secret: client_secret,
       host: 'server.example.com',
-      redirect_uri: 'https://client.example.com/callback'
+      redirect_uri: 'https://client.example.com/callback',
+      revocation_endpoint: '/oauth2/revoke'
     )
   end
   subject { client }
@@ -17,6 +18,7 @@ describe Rack::OAuth2::Client do
   its(:secret)     { should == 'client_secret' }
   its(:authorization_endpoint) { should == '/oauth2/authorize' }
   its(:token_endpoint)         { should == '/oauth2/token' }
+  its(:revocation_endpoint)    { should == '/oauth2/revoke' }
 
   context 'when identifier is missing' do
     it do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.18.0
+  version: 1.21.0
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-06 00:00:00.000000000 Z
+date: 2022-07-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -150,6 +150,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are
   supported.
 email: nov@matake.jp
@@ -160,6 +174,7 @@ extra_rdoc_files:
 - README.rdoc
 files:
 - ".document"
+- ".github/FUNDING.yml"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
@@ -281,7 +296,7 @@ files:
 - spec/rack/oauth2/server/token_spec.rb
 - spec/rack/oauth2/util_spec.rb
 - spec/spec_helper.rb
-homepage: http://github.com/nov/rack-oauth2
+homepage: https://github.com/nov/rack-oauth2
 licenses:
 - MIT
 metadata: {}
@@ -301,7 +316,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported