rack-oauth2 1.20.0 → 1.21.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bdcd25b6561ff3da4a222efbf541e17ef6aa4a75d08f97cd978ce9d28e8b5dfa
-  data.tar.gz: 48aabb016042ebbe28e302f608e16a4d6f9526cc29977540a5feb255acfd931b
+  metadata.gz: bedb933d3946aef05d7ca583bd18b46941aebdf7fc0f8640be2f5909f9be4e9c
+  data.tar.gz: 8740a613173e5edd0c98d79d1079b933d3eaee89b56369ae109d10841d7b94d8
 SHA512:
-  metadata.gz: 7ba0fcc8364bd006eab83c4fcfa62325d6146407e27d79cd8e6e35dddf83e1b2d0ffb0efeeaf14d7e53d109cec26f0b8a4f66e5bb44eec4d93d9118d02fed686
-  data.tar.gz: 3fe2d26a2368b3f9e8c2cf3efb13452c13ac0fbf4ab9f6f1a5ac9b9a8154845c7fe684cd9f4f52522d9e6f772c48f0d21f5c0c1a30f737591dd98129fca1782f
+  metadata.gz: 465ffccc2e5e41e396949947904f359a6d67d5637e6b0056a8bbca10f3b6755b14682fcad8092dddba7eabca72b66e1f66691b20a3351c79a7b1269abb478c07
+  data.tar.gz: c0b6d79ad4c019fa58034d446acaf7ee2d6ec5b9cf77e5b8548f924cbbc544e34d6c09d6a2433e9ed5dbca7915b27280602ce8a62dda12722a9b28a3c6c07bb8

data/VERSION

@@ -1 +1 @@
-1.20.0
+1.21.2

data/lib/rack/oauth2/client.rb

@@ -69,7 +69,65 @@ module Rack
       end
 
       def access_token!(*args)
-        headers, params = {}, @grant.as_json
+        headers, params, http_client, options = authenticated_context_from(*args)
+        params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
+        params.merge! @grant.as_json
+        params.merge! options
+        handle_response do
+          http_client.post(
+            absolute_uri_for(token_endpoint),
+            Util.compact_hash(params),
+            headers
+          )
+        end
+      end
+
+      def revoke!(*args)
+        headers, params, http_client, options = authenticated_context_from(*args)
+
+        params.merge! case
+        when access_token = options.delete(:access_token)
+          {
+            token: access_token,
+            token_type_hint: :access_token
+          }
+        when refresh_token = options.delete(:refresh_token)
+          {
+            token: refresh_token,
+            token_type_hint: :refresh_token
+          }
+        when @grant.is_a?(Grant::RefreshToken)
+          {
+            token: @grant.refresh_token,
+            token_type_hint: :refresh_token
+          }
+        when options[:token].blank?
+          raise ArgumentError, 'One of "token", "access_token" and "refresh_token" is required'
+        end
+        params.merge! options
+
+        handle_revocation_response do
+          http_client.post(
+            absolute_uri_for(revocation_endpoint),
+            Util.compact_hash(params),
+            headers
+          )
+        end
+      end
+
+      private
+
+      def absolute_uri_for(endpoint)
+        _endpoint_ = Util.parse_uri endpoint
+        _endpoint_.scheme ||= self.scheme || 'https'
+        _endpoint_.host ||= self.host
+        _endpoint_.port ||= self.port
+        raise 'No Host Info' unless _endpoint_.host
+        _endpoint_.to_s
+      end
+
+      def authenticated_context_from(*args)
+        headers, params = {}, {}
         http_client = Rack::OAuth2.http_client
 
         # NOTE:
@@ -78,9 +136,6 @@ module Rack
         options = args.extract_options!
         client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic
 
-        params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
-        params.merge! options
-
         case client_auth_method
         when :basic
           cred = Base64.strict_encode64 [
@@ -100,9 +155,11 @@ module Rack
             client_assertion_type: URN::ClientAssertionType::JWT_BEARER
           )
           # NOTE: optionally auto-generate client_assertion.
-          if params[:client_assertion].blank?
+          params[:client_assertion] = if options[:client_assertion].present?
+            options.delete(:client_assertion)
+          else
             require 'json/jwt'
-            params[:client_assertion] = JSON::JWT.new(
+            JSON::JWT.new(
               iss: identifier,
               sub: identifier,
               aud: absolute_uri_for(token_endpoint),
@@ -127,24 +184,8 @@ module Rack
             client_secret: secret
           )
         end
-        handle_response do
-          http_client.post(
-            absolute_uri_for(token_endpoint),
-            Util.compact_hash(params),
-            headers
-          )
-        end
-      end
-
-      private
 
-      def absolute_uri_for(endpoint)
-        _endpoint_ = Util.parse_uri endpoint
-        _endpoint_.scheme ||= self.scheme || 'https'
-        _endpoint_.host ||= self.host
-        _endpoint_.port ||= self.port
-        raise 'No Host Info' unless _endpoint_.host
-        _endpoint_.to_s
+        [headers, params, http_client, options]
       end
 
       def handle_response
@@ -157,6 +198,16 @@ module Rack
         end
       end
 
+      def handle_revocation_response
+        response = yield
+        case response.status
+        when 200..201
+          :success
+        else
+          handle_error_response response
+        end
+      end
+
       def handle_success_response(response)
         token_hash = JSON.parse(response.body).with_indifferent_access
         case (@forced_token_type || token_hash[:token_type]).try(:downcase)

data/spec/rack/oauth2/client_spec.rb

@@ -448,12 +448,86 @@ describe Rack::OAuth2::Client do
     end
   end
 
+  describe '#revoke!' do
+    context 'when access_token given' do
+      before do
+        mock_response(
+          :post,
+          'https://server.example.com/oauth2/revoke',
+          'blank',
+          status: 200,
+          body: {
+            token: 'access_token',
+            token_type_hint: 'access_token'
+          }
+        )
+      end
+      it do
+        client.revoke!(access_token: 'access_token').should == :success
+      end
+    end
+
+    context 'when refresh_token given' do
+      before do
+        mock_response(
+          :post,
+          'https://server.example.com/oauth2/revoke',
+          'blank',
+          status: 200,
+          body: {
+            token: 'refresh_token',
+            token_type_hint: 'refresh_token'
+          }
+        )
+      end
+
+      context 'as argument' do
+        it do
+          client.revoke!(refresh_token: 'refresh_token').should == :success
+        end
+      end
+
+      context 'as grant' do
+        it do
+          client.refresh_token = 'refresh_token'
+          client.revoke!
+        end
+      end
+    end
+
+    context 'when error response given' do
+      before do
+        mock_response(
+          :post,
+          'https://server.example.com/oauth2/revoke',
+          'errors/invalid_request.json',
+          status: 400
+        )
+      end
+
+      it do
+        expect do
+          client.revoke! access_token: 'access_token'
+        end.to raise_error Rack::OAuth2::Client::Error
+      end
+    end
+
+    context 'when no token given' do
+      it do
+        expect do
+          client.revoke!
+        end.to raise_error ArgumentError
+      end
+    end
+  end
+
   context 'when no host info' do
     let :client do
       Rack::OAuth2::Client.new(
         identifier: 'client_id',
         secret: 'client_secret',
-        redirect_uri: 'https://client.example.com/callback'
+        redirect_uri: 'https://client.example.com/callback',
+        revocation_endpoint: '/oauth2/revoke'
       )
     end
 
@@ -468,5 +542,11 @@ describe Rack::OAuth2::Client do
         expect { client.access_token! }.to raise_error 'No Host Info'
       end
     end
+
+    describe '#revoke!' do
+      it do
+        expect { client.revoke! access_token: 'access_token' }.to raise_error 'No Host Info'
+      end
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.20.0
+  version: 1.21.2
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-11 00:00:00.000000000 Z
+date: 2022-07-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack