rack-oauth2 1.21.2 → 2.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bedb933d3946aef05d7ca583bd18b46941aebdf7fc0f8640be2f5909f9be4e9c
-  data.tar.gz: 8740a613173e5edd0c98d79d1079b933d3eaee89b56369ae109d10841d7b94d8
+  metadata.gz: 1cb4411750fe56e3e1d57b739554197d1ea4420833d01239498c3658e18347bf
+  data.tar.gz: e06e73134550dcb58ed74716faa6b8180ecf3da33f1237ebd3533c7e73cac533
 SHA512:
-  metadata.gz: 465ffccc2e5e41e396949947904f359a6d67d5637e6b0056a8bbca10f3b6755b14682fcad8092dddba7eabca72b66e1f66691b20a3351c79a7b1269abb478c07
-  data.tar.gz: c0b6d79ad4c019fa58034d446acaf7ee2d6ec5b9cf77e5b8548f924cbbc544e34d6c09d6a2433e9ed5dbca7915b27280602ce8a62dda12722a9b28a3c6c07bb8
+  metadata.gz: 2166159ab59d7885c7e53833c20480eec38035e2d61e4aa23fe62afabacc6a5e4289ce527ad78ffbaac89f317b495957afb4f8be21e9cc38c937e6f0ad42f8e3
+  data.tar.gz: 0e381b83f45be184850dc8301be85db57800b317e822cc67f8c08e925df96780b828c330012aa0c22b14ee89c8f884fc9de1ac587a2faab4bd01295b4ea04c06

data/.github/workflows/spec.yml

@@ -0,0 +1,32 @@
+name: Spec
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  spec:
+    strategy:
+      matrix:
+        os: ['ubuntu-20.04']
+        ruby-version: ['2.6', '2.7', '3.0', '3.1']
+        # ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
+        include:
+        - os: 'ubuntu-22.04'
+          ruby-version: '3.1'
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: Run Specs
+      run: bundle exec rake spec

data/README.rdoc

@@ -1,9 +1,7 @@
 = rack-oauth2
 
 OAuth 2.0 Server & Client Library.
-Both Bearer and MAC token type are supported.
-
-{<img src="https://secure.travis-ci.org/nov/rack-oauth2.png" />}[http://travis-ci.org/nov/rack-oauth2]
+Both Bearer token type are supported.
 
 The OAuth 2.0 Authorization Framework (RFC 6749)
 http://www.rfc-editor.org/rfc/rfc6749.txt
@@ -11,9 +9,6 @@ http://www.rfc-editor.org/rfc/rfc6749.txt
 The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)
 http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-06
 
-HTTP Authentication: MAC Access Authentication (draft 01)
-http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
-
 == Installation
 
   gem install rack-oauth2
@@ -31,31 +26,17 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
 Source on GitHub
 https://github.com/nov/rack-oauth2-sample
 
-=== MAC
-
-Source on GitHub
-https://github.com/nov/rack-oauth2-sample-mac
-
 == Sample Client
 
-=== Common between Bearer and MAC
-
 Authorization Request (request_type: 'code' and 'token')
 https://gist.github.com/862393
 
 Token Request (grant_type: 'client_credentials', 'password', 'authorization_code' and 'refresh_token')
 https://gist.github.com/883541
 
-=== Bearer
-
 Resource Request (request both for resource owner resource and for client resource)
 https://gist.github.com/883575
 
-=== MAC
-
-Resource Request (request both for resource owner resource and for client resource)
-https://gist.github.com/933885
-
 == Note on Patches/Pull Requests
 
 * Fork the project.

data/VERSION

@@ -1 +1 @@
-1.21.2
+2.0.0.rc1

data/lib/rack/oauth2/access_token/authenticator.rb

@@ -6,18 +6,9 @@ module Rack
           @token = token
         end
 
-        # Callback called in HTTPClient (before sending a request)
-        # request:: HTTP::Message
-        def filter_request(request)
+        def authenticate(request)
           @token.authenticate(request)
         end
-
-        # Callback called in HTTPClient (after received a response)
-        # response:: HTTP::Message
-        # request::  HTTP::Message
-        def filter_response(response, request)
-          # nothing to do
-        end
       end
     end
   end

data/lib/rack/oauth2/access_token/bearer.rb

@@ -3,7 +3,7 @@ module Rack
     class AccessToken
       class Bearer < AccessToken
         def authenticate(request)
-          request.header["Authorization"] = "Bearer #{access_token}"
+          request.headers["Authorization"] = "Bearer #{access_token}"
         end
 
         def to_mtls(attributes = {})

data/lib/rack/oauth2/access_token/legacy.rb

@@ -11,7 +11,7 @@ module Rack
         end
 
         def authenticate(request)
-          request.header["Authorization"] = "OAuth #{access_token}"
+          request.headers["Authorization"] = "OAuth #{access_token}"
         end
       end
     end

data/lib/rack/oauth2/access_token.rb

@@ -19,8 +19,8 @@ module Rack
       end
 
       def httpclient
-        @httpclient ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |config|
-          config.request_filter << Authenticator.new(self)
+        @httpclient ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |faraday|
+          Authenticator.new(self).authenticate(faraday)
         end
       end
 
@@ -39,6 +39,5 @@ end
 
 require 'rack/oauth2/access_token/authenticator'
 require 'rack/oauth2/access_token/bearer'
-require 'rack/oauth2/access_token/mac'
 require 'rack/oauth2/access_token/legacy'
 require 'rack/oauth2/access_token/mtls'

data/lib/rack/oauth2/client.rb

@@ -76,7 +76,7 @@ module Rack
         handle_response do
           http_client.post(
             absolute_uri_for(token_endpoint),
-            Util.compact_hash(params),
+            Util.compact_hash(params).to_query,
             headers
           )
         end
@@ -213,8 +213,6 @@ module Rack
         case (@forced_token_type || token_hash[:token_type]).try(:downcase)
         when 'bearer'
           AccessToken::Bearer.new(token_hash)
-        when 'mac'
-          AccessToken::MAC.new(token_hash)
         when nil
           AccessToken::Legacy.new(token_hash)
         else

data/lib/rack/oauth2/server/abstract/error.rb

@@ -27,7 +27,7 @@ module Rack
             response.status = status
             yield response if block_given?
             unless response.redirect?
-              response.header['Content-Type'] = 'application/json'
+              response.headers['Content-Type'] = 'application/json'
               response.write Util.compact_hash(protocol_params).to_json
             end
             response.finish

data/lib/rack/oauth2/server/rails/response_ext.rb

@@ -21,9 +21,9 @@ module Rack
             end
           end
 
-          def header
+          def headers
             ensure_finish do
-              @header
+              @headers
             end
           end
 
@@ -39,7 +39,7 @@ module Rack
           end
 
           def ensure_finish
-            @status, @header, @body = finish unless finished?
+            @status, @headers, @body = finish unless finished?
             yield
           end
         end

data/lib/rack/oauth2/server/resource/error.rb

@@ -13,11 +13,11 @@ module Rack
           def finish
             super do |response|
               self.realm ||= DEFAULT_REALM
-              header = response.header['WWW-Authenticate'] = "#{scheme} realm=\"#{realm}\""
+              headers = response.headers['WWW-Authenticate'] = "#{scheme} realm=\"#{realm}\""
               if ErrorMethods::DEFAULT_DESCRIPTION.keys.include?(error)
-                header << ", error=\"#{error}\""
-                header << ", error_description=\"#{description}\"" if description.present?
-                header << ", error_uri=\"#{uri}\""                 if uri.present?
+                headers << ", error=\"#{error}\""
+                headers << ", error_description=\"#{description}\"" if description.present?
+                headers << ", error_uri=\"#{uri}\""                 if uri.present?
               end
             end
           end

data/lib/rack/oauth2/server/resource.rb

@@ -52,4 +52,3 @@ end
 
 require 'rack/oauth2/server/resource/error'
 require 'rack/oauth2/server/resource/bearer'
-require 'rack/oauth2/server/resource/mac'

data/lib/rack/oauth2/server/token/error.rb

@@ -9,7 +9,7 @@ module Rack
           def finish
             super do |response|
               unless @skip_www_authenticate
-                response.header['WWW-Authenticate'] = 'Basic realm="OAuth2 Token Endpoint"'
+                response.headers['WWW-Authenticate'] = 'Basic realm="OAuth2 Token Endpoint"'
               end
             end
           end

data/lib/rack/oauth2/server/token.rb

@@ -80,9 +80,9 @@ module Rack
           def finish
             attr_missing!
             write Util.compact_hash(protocol_params).to_json
-            header['Content-Type'] = 'application/json'
-            header['Cache-Control'] = 'no-store'
-            header['Pragma'] = 'no-cache'
+            headers['Content-Type'] = 'application/json'
+            headers['Cache-Control'] = 'no-store'
+            headers['Pragma'] = 'no-cache'
             super
           end
         end

data/lib/rack/oauth2.rb

@@ -1,5 +1,6 @@
 require 'rack'
-require 'httpclient'
+require 'faraday'
+require 'faraday/follow_redirects'
 require 'logger'
 require 'active_support'
 require 'active_support/core_ext'
@@ -40,18 +41,12 @@ module Rack
     self.debugging = false
 
     def self.http_client(agent_name = "Rack::OAuth2 (#{VERSION})", &local_http_config)
-      _http_client_ = HTTPClient.new(
-        agent_name: agent_name
-      )
-
-      # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
-      _http_client_.ssl_config.clear_cert_store
-      _http_client_.ssl_config.cert_store.set_default_paths
-
-      http_config.try(:call, _http_client_)
-      local_http_config.try(:call, _http_client_) unless local_http_config.nil?
-      _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
-      _http_client_
+      Faraday.new(headers: {user_agent: agent_name}) do |faraday|
+        faraday.response :logger, Rack::OAuth2.logger if debugging?
+        faraday.adapter Faraday.default_adapter
+        local_http_config&.call(faraday)
+        http_config&.call(faraday)
+      end
     end
 
     def self.http_config(&block)
@@ -70,4 +65,3 @@ require 'rack/oauth2/util'
 require 'rack/oauth2/server'
 require 'rack/oauth2/client'
 require 'rack/oauth2/access_token'
-require 'rack/oauth2/debugger'

data/rack-oauth2.gemspec

@@ -2,8 +2,8 @@ Gem::Specification.new do |s|
   s.name = 'rack-oauth2'
   s.version = File.read('VERSION')
   s.authors = ['nov matake']
-  s.description = %q{OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are supported.}
-  s.summary = %q{OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported}
+  s.description = %q{OAuth 2.0 Server & Client Library. Both Bearer token type are supported.}
+  s.summary = %q{OAuth 2.0 Server & Client Library - Both Bearer token type are supported}
   s.email = 'nov@matake.jp'
   s.extra_rdoc_files = ['LICENSE', 'README.rdoc']
   s.rdoc_options = ['--charset=UTF-8']
@@ -14,7 +14,8 @@ Gem::Specification.new do |s|
   s.files = `git ls-files`.split("\n")
   s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.add_runtime_dependency 'rack', '>= 2.1.0'
-  s.add_runtime_dependency 'httpclient'
+  s.add_runtime_dependency 'faraday', '~> 2.0'
+  s.add_runtime_dependency 'faraday-follow_redirects'
   s.add_runtime_dependency 'activesupport'
   s.add_runtime_dependency 'attr_required'
   s.add_runtime_dependency 'json-jwt', '>= 1.11.0'

data/spec/rack/oauth2/access_token/authenticator_spec.rb

@@ -2,13 +2,13 @@ require 'spec_helper'
 
 describe Rack::OAuth2::AccessToken::Authenticator do
   let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
-  let(:request) { HTTP::Message.new_request(:get, URI.parse(resource_endpoint)) }
+  let(:request) { Faraday::Request.new(:get, URI.parse(resource_endpoint)) }
   let(:authenticator) { Rack::OAuth2::AccessToken::Authenticator.new(token) }
 
   shared_examples_for :authenticator do
     it 'should let the token authenticate the request' do
       expect(token).to receive(:authenticate).with(request)
-      authenticator.filter_request(request)
+      authenticator.authenticate(request)
     end
   end
 
@@ -29,15 +29,4 @@ describe Rack::OAuth2::AccessToken::Authenticator do
     end
     it_behaves_like :authenticator
   end
-
-  context 'when MAC token is given' do
-    let(:token) do
-      Rack::OAuth2::AccessToken::MAC.new(
-        access_token: 'access_token',
-        mac_key: 'secret',
-        mac_algorithm: 'hmac-sha-256'
-      )
-    end
-    it_behaves_like :authenticator
-  end
 end

data/spec/rack/oauth2/access_token/bearer_spec.rb

@@ -7,11 +7,11 @@ describe Rack::OAuth2::AccessToken::Bearer do
     )
   end
   let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
-  let(:request) { HTTPClient.new.send(:create_request, :post, URI.parse(resource_endpoint), {}, {hello: "world"}, {}) }
+  let(:request) { Faraday::Request.new(:post, URI.parse(resource_endpoint), '', {hello: "world"}, {}) }
 
   describe '.authenticate' do
     it 'should set Authorization header' do
-      expect(request.header).to receive(:[]=).with('Authorization', 'Bearer access_token')
+      expect(request.headers).to receive(:[]=).with('Authorization', 'Bearer access_token')
       token.authenticate(request)
     end
   end

data/spec/rack/oauth2/access_token/legacy_spec.rb

@@ -7,7 +7,7 @@ describe Rack::OAuth2::AccessToken::Legacy do
     )
   end
   let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
-  let(:request) { HTTPClient.new.send(:create_request, :post, URI.parse(resource_endpoint), {}, {hello: "world"}, {}) }
+  let(:request) { Faraday::Request.new(:post, URI.parse(resource_endpoint), '', {hello: "world"}, {}) }
 
   describe '#to_s' do
     subject { token }
@@ -16,7 +16,7 @@ describe Rack::OAuth2::AccessToken::Legacy do
 
   describe '.authenticate' do
     it 'should set Authorization header' do
-      expect(request.header).to receive(:[]=).with('Authorization', 'OAuth access_token')
+      expect(request.headers).to receive(:[]=).with('Authorization', 'OAuth access_token')
       token.authenticate(request)
     end
   end

data/spec/rack/oauth2/access_token_spec.rb

@@ -49,23 +49,6 @@ describe Rack::OAuth2::AccessToken do
 
   let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
   [:get, :delete, :post, :put].each do |method|
-    describe method do
-      it 'should delegate to HTTPClient with Authenticator filter' do
-        expect(token.httpclient).to receive(method).with(resource_endpoint)
-        token.httpclient.request_filter.last.should be_a Rack::OAuth2::AccessToken::Authenticator
-        token.send method, resource_endpoint
-      end
-    end
-
-    context 'in debug mode' do
-      it do
-        Rack::OAuth2.debug do
-          token.httpclient.request_filter[-2].should be_a Rack::OAuth2::AccessToken::Authenticator
-          token.httpclient.request_filter.last.should be_a Rack::OAuth2::Debugger::RequestFilter
-        end
-      end
-    end
-
     context 'when extension params given' do
       subject do
         Rack::OAuth2::AccessToken::Bearer.new(

data/spec/rack/oauth2/client_spec.rb

@@ -188,7 +188,7 @@ describe Rack::OAuth2::Client do
               let :client do
                 Rack::OAuth2::Client.new(
                   identifier: 'client_id',
-                  private_key: OpenSSL::PKey::EC.new('prime256v1').generate_key,
+                  private_key: OpenSSL::PKey::EC.generate('prime256v1'),
                   host: 'server.example.com',
                   redirect_uri: 'https://client.example.com/callback'
                 )
@@ -338,22 +338,6 @@ describe Rack::OAuth2::Client do
       end
     end
 
-    context 'when mac token is given' do
-      before do
-        client.authorization_code = 'code'
-        mock_response(
-          :post,
-          'https://server.example.com/oauth2/token',
-          'tokens/mac.json'
-        )
-      end
-      it { should be_instance_of Rack::OAuth2::AccessToken::MAC }
-      its(:token_type) { should == :mac }
-      its(:access_token) { should == 'access_token' }
-      its(:refresh_token) { should == 'refresh_token' }
-      its(:expires_in) { should == 3600 }
-    end
-
     context 'when no-type token is given (JSON)' do
       before do
         client.authorization_code = 'code'

data/spec/rack/oauth2/oauth2_spec.rb

@@ -28,47 +28,4 @@ describe Rack::OAuth2 do
       Rack::OAuth2.debugging?.should == true
     end
   end
-
-  describe '.http_config' do
-    context 'when request_filter added' do
-      context 'when "debug!" is called' do
-        after { Rack::OAuth2.reset_http_config! }
-
-        it 'should put Debugger::RequestFilter at last' do
-          Rack::OAuth2.debug!
-          Rack::OAuth2.http_config do |config|
-            config.request_filter << Proc.new {}
-          end
-          Rack::OAuth2.http_client.request_filter.last.should be_instance_of Rack::OAuth2::Debugger::RequestFilter
-        end
-
-        it 'should reset_http_config' do
-          Rack::OAuth2.debug!
-          Rack::OAuth2.http_config do |config|
-            config.request_filter << Proc.new {}
-          end
-          size = Rack::OAuth2.http_client.request_filter.size
-          Rack::OAuth2.reset_http_config!
-          Rack::OAuth2.http_client.request_filter.size.should == size - 1
-        end
-
-      end
-    end
-  end
-
-  describe ".http_client" do
-    context "when local_http_config is used" do
-      it "should correctly set request_filter" do
-        clnt1 = Rack::OAuth2.http_client
-        clnt2 = Rack::OAuth2.http_client("my client") do |config|
-          config.request_filter << Proc.new {}
-        end
-        clnt3 = Rack::OAuth2.http_client
-
-        clnt1.request_filter.size.should == clnt3.request_filter.size
-        clnt1.request_filter.size.should == clnt2.request_filter.size - 1
-
-      end
-    end
-  end
 end

data/spec/rack/oauth2/server/authorize/error_spec.rb

@@ -23,27 +23,27 @@ describe Rack::OAuth2::Server::Authorize::BadRequest do
       context 'when protocol_params_location = :query' do
         before { error.protocol_params_location = :query }
         it 'should redirect with error in query' do
-          state, header, response = error.finish
+          state, headers, response = error.finish
           state.should == 302
-          header["Location"].should == "#{redirect_uri}?error=invalid_request"
+          headers["Location"].should == "#{redirect_uri}?error=invalid_request"
         end
       end
 
       context 'when protocol_params_location = :fragment' do
         before { error.protocol_params_location = :fragment }
         it 'should redirect with error in fragment' do
-          state, header, response = error.finish
+          state, headers, response = error.finish
           state.should == 302
-          header["Location"].should == "#{redirect_uri}#error=invalid_request"
+          headers["Location"].should == "#{redirect_uri}#error=invalid_request"
         end
       end
 
       context 'otherwise' do
         before { error.protocol_params_location = :other }
         it 'should redirect without error' do
-          state, header, response = error.finish
+          state, headers, response = error.finish
           state.should == 302
-          header["Location"].should == redirect_uri
+          headers["Location"].should == redirect_uri
         end
       end
     end

data/spec/rack/oauth2/server/resource/bearer/error_spec.rb

@@ -12,8 +12,8 @@ describe Rack::OAuth2::Server::Resource::Bearer::Unauthorized do
 
   describe '#finish' do
     it 'should use Bearer scheme' do
-      status, header, response = error.finish
-      header['WWW-Authenticate'].should include 'Bearer'
+      status, headers, response = error.finish
+      headers['WWW-Authenticate'].should include 'Bearer'
     end
   end
 end

data/spec/rack/oauth2/server/resource/bearer_spec.rb

@@ -22,29 +22,29 @@ describe Rack::OAuth2::Server::Resource::Bearer do
 
   shared_examples_for :authenticated_bearer_request do
     it 'should be authenticated' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 200
       access_token.should == bearer_token
     end
   end
   shared_examples_for :unauthorized_bearer_request do
     it 'should be unauthorized' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 401
-      header['WWW-Authenticate'].should include 'Bearer'
+      headers['WWW-Authenticate'].should include 'Bearer'
       access_token.should be_nil
     end
   end
   shared_examples_for :bad_bearer_request do
     it 'should be bad_request' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 400
       access_token.should be_nil
     end
   end
   shared_examples_for :skipped_authentication_request do
     it 'should skip OAuth 2.0 authentication' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 200
       access_token.should be_nil
     end
@@ -94,15 +94,15 @@ describe Rack::OAuth2::Server::Resource::Bearer do
           end
         end
         it 'should use specified realm' do
-          status, header, response = request
-          header['WWW-Authenticate'].should include "Bearer realm=\"#{realm}\""
+          status, headers, response = request
+          headers['WWW-Authenticate'].should include "Bearer realm=\"#{realm}\""
         end
       end
 
       context 'otherwize' do
         it 'should use default realm' do
-          status, header, response = request
-          header['WWW-Authenticate'].should include "Bearer realm=\"#{Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM}\""
+          status, headers, response = request
+          headers['WWW-Authenticate'].should include "Bearer realm=\"#{Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM}\""
         end
       end
     end