rack-oauth2 1.21.2 → 2.0.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/spec.yml +32 -0
- data/README.rdoc +1 -20
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/authenticator.rb +1 -10
- data/lib/rack/oauth2/access_token/bearer.rb +1 -1
- data/lib/rack/oauth2/access_token/legacy.rb +1 -1
- data/lib/rack/oauth2/access_token.rb +2 -3
- data/lib/rack/oauth2/client.rb +1 -3
- data/lib/rack/oauth2/server/abstract/error.rb +1 -1
- data/lib/rack/oauth2/server/rails/response_ext.rb +3 -3
- data/lib/rack/oauth2/server/resource/error.rb +4 -4
- data/lib/rack/oauth2/server/resource.rb +0 -1
- data/lib/rack/oauth2/server/token/error.rb +1 -1
- data/lib/rack/oauth2/server/token.rb +3 -3
- data/lib/rack/oauth2.rb +8 -14
- data/rack-oauth2.gemspec +4 -3
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +2 -13
- data/spec/rack/oauth2/access_token/bearer_spec.rb +2 -2
- data/spec/rack/oauth2/access_token/legacy_spec.rb +2 -2
- data/spec/rack/oauth2/access_token_spec.rb +0 -17
- data/spec/rack/oauth2/client_spec.rb +1 -17
- data/spec/rack/oauth2/oauth2_spec.rb +0 -43
- data/spec/rack/oauth2/server/authorize/error_spec.rb +6 -6
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +2 -2
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +9 -9
- data/spec/rack/oauth2/server/resource/error_spec.rb +14 -14
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +2 -2
- data/spec/rack/oauth2/server/token/error_spec.rb +5 -5
- data/spec/rack/oauth2/server/token_spec.rb +2 -2
- metadata +26 -37
- data/.travis.yml +0 -8
- data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +0 -17
- data/lib/rack/oauth2/access_token/mac/signature.rb +0 -34
- data/lib/rack/oauth2/access_token/mac/verifier.rb +0 -44
- data/lib/rack/oauth2/access_token/mac.rb +0 -103
- data/lib/rack/oauth2/debugger/request_filter.rb +0 -30
- data/lib/rack/oauth2/debugger.rb +0 -3
- data/lib/rack/oauth2/server/resource/mac/error.rb +0 -24
- data/lib/rack/oauth2/server/resource/mac.rb +0 -36
- data/spec/mock_response/tokens/mac.json +0 -8
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +0 -28
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +0 -59
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +0 -25
- data/spec/rack/oauth2/access_token/mac_spec.rb +0 -141
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +0 -33
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +0 -52
- data/spec/rack/oauth2/server/resource/mac_spec.rb +0 -119
@@ -7,9 +7,9 @@ describe Rack::OAuth2::Server::Resource::BadRequest do
|
|
7
7
|
|
8
8
|
describe '#finish' do
|
9
9
|
it 'should respond in JSON' do
|
10
|
-
status,
|
10
|
+
status, headers, response = error.finish
|
11
11
|
status.should == 400
|
12
|
-
|
12
|
+
headers['Content-Type'].should == 'application/json'
|
13
13
|
response.should == ['{"error":"invalid_request"}']
|
14
14
|
end
|
15
15
|
end
|
@@ -40,10 +40,10 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
40
40
|
|
41
41
|
describe '#finish' do
|
42
42
|
it 'should respond in JSON' do
|
43
|
-
status,
|
43
|
+
status, headers, response = error_with_scheme.finish
|
44
44
|
status.should == 401
|
45
|
-
|
46
|
-
|
45
|
+
headers['Content-Type'].should == 'application/json'
|
46
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
|
47
47
|
response.should == ['{"error":"invalid_token"}']
|
48
48
|
end
|
49
49
|
|
@@ -51,8 +51,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
51
51
|
let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new(:something) }
|
52
52
|
|
53
53
|
it 'should have error_code in body but not in WWW-Authenticate header' do
|
54
|
-
status,
|
55
|
-
|
54
|
+
status, headers, response = error_with_scheme.finish
|
55
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
|
56
56
|
response.first.should include '"error":"something"'
|
57
57
|
end
|
58
58
|
end
|
@@ -61,8 +61,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
61
61
|
let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new }
|
62
62
|
|
63
63
|
it 'should have error_code in body but not in WWW-Authenticate header' do
|
64
|
-
status,
|
65
|
-
|
64
|
+
status, headers, response = error_with_scheme.finish
|
65
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
|
66
66
|
response.first.should == '{"error":"unauthorized"}'
|
67
67
|
end
|
68
68
|
end
|
@@ -72,8 +72,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
72
72
|
let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something, nil, realm: realm) }
|
73
73
|
|
74
74
|
it 'should use given realm' do
|
75
|
-
status,
|
76
|
-
|
75
|
+
status, headers, response = error_with_scheme.finish
|
76
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
|
77
77
|
response.first.should include '"error":"something"'
|
78
78
|
end
|
79
79
|
end
|
@@ -88,9 +88,9 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
|
|
88
88
|
|
89
89
|
describe '#finish' do
|
90
90
|
it 'should respond in JSON' do
|
91
|
-
status,
|
91
|
+
status, headers, response = error.finish
|
92
92
|
status.should == 403
|
93
|
-
|
93
|
+
headers['Content-Type'].should == 'application/json'
|
94
94
|
response.should == ['{"error":"insufficient_scope"}']
|
95
95
|
end
|
96
96
|
end
|
@@ -99,7 +99,7 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
|
|
99
99
|
let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', scope: [:scope1, :scope2]) }
|
100
100
|
|
101
101
|
it 'should have blank WWW-Authenticate header' do
|
102
|
-
status,
|
102
|
+
status, headers, response = error.finish
|
103
103
|
response.first.should include '"scope":"scope1 scope2"'
|
104
104
|
end
|
105
105
|
end
|
@@ -24,8 +24,8 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
|
|
24
24
|
its(:body) { should include '"token_type":"bearer"' }
|
25
25
|
|
26
26
|
it 'should prevent to be cached' do
|
27
|
-
response.
|
28
|
-
response.
|
27
|
+
response.headers['Cache-Control'].should == 'no-store'
|
28
|
+
response.headers['Pragma'].should == 'no-cache'
|
29
29
|
end
|
30
30
|
|
31
31
|
[:code].each do |required|
|
@@ -7,9 +7,9 @@ describe Rack::OAuth2::Server::Token::BadRequest do
|
|
7
7
|
|
8
8
|
describe '#finish' do
|
9
9
|
it 'should respond in JSON' do
|
10
|
-
status,
|
10
|
+
status, headers, response = error.finish
|
11
11
|
status.should == 400
|
12
|
-
|
12
|
+
headers['Content-Type'].should == 'application/json'
|
13
13
|
response.should == ['{"error":"invalid_request"}']
|
14
14
|
end
|
15
15
|
end
|
@@ -22,10 +22,10 @@ describe Rack::OAuth2::Server::Token::Unauthorized do
|
|
22
22
|
|
23
23
|
describe '#finish' do
|
24
24
|
it 'should respond in JSON' do
|
25
|
-
status,
|
25
|
+
status, headers, response = error.finish
|
26
26
|
status.should == 401
|
27
|
-
|
28
|
-
|
27
|
+
headers['Content-Type'].should == 'application/json'
|
28
|
+
headers['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
|
29
29
|
response.should == ['{"error":"invalid_request"}']
|
30
30
|
end
|
31
31
|
end
|
@@ -28,7 +28,7 @@ describe Rack::OAuth2::Server::Token do
|
|
28
28
|
)
|
29
29
|
end
|
30
30
|
it 'should fail with unsupported_grant_type' do
|
31
|
-
status,
|
31
|
+
status, headers, response = app.call(env)
|
32
32
|
status.should == 400
|
33
33
|
response.first.should include '"error":"invalid_request"'
|
34
34
|
end
|
@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Token do
|
|
43
43
|
)
|
44
44
|
end
|
45
45
|
it 'should ignore duplicates' do
|
46
|
-
status,
|
46
|
+
status, headers, response = app.call(env)
|
47
47
|
status.should == 200
|
48
48
|
end
|
49
49
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0.rc1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-10-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -25,7 +25,21 @@ dependencies:
|
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 2.1.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
28
|
+
name: faraday
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '2.0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '2.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: faraday-follow_redirects
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
45
|
- - ">="
|
@@ -164,8 +178,7 @@ dependencies:
|
|
164
178
|
- - ">="
|
165
179
|
- !ruby/object:Gem::Version
|
166
180
|
version: '0'
|
167
|
-
description: OAuth 2.0 Server & Client Library. Both Bearer
|
168
|
-
supported.
|
181
|
+
description: OAuth 2.0 Server & Client Library. Both Bearer token type are supported.
|
169
182
|
email: nov@matake.jp
|
170
183
|
executables: []
|
171
184
|
extensions: []
|
@@ -175,9 +188,9 @@ extra_rdoc_files:
|
|
175
188
|
files:
|
176
189
|
- ".document"
|
177
190
|
- ".github/FUNDING.yml"
|
191
|
+
- ".github/workflows/spec.yml"
|
178
192
|
- ".gitignore"
|
179
193
|
- ".rspec"
|
180
|
-
- ".travis.yml"
|
181
194
|
- Gemfile
|
182
195
|
- LICENSE
|
183
196
|
- README.rdoc
|
@@ -188,10 +201,6 @@ files:
|
|
188
201
|
- lib/rack/oauth2/access_token/authenticator.rb
|
189
202
|
- lib/rack/oauth2/access_token/bearer.rb
|
190
203
|
- lib/rack/oauth2/access_token/legacy.rb
|
191
|
-
- lib/rack/oauth2/access_token/mac.rb
|
192
|
-
- lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb
|
193
|
-
- lib/rack/oauth2/access_token/mac/signature.rb
|
194
|
-
- lib/rack/oauth2/access_token/mac/verifier.rb
|
195
204
|
- lib/rack/oauth2/access_token/mtls.rb
|
196
205
|
- lib/rack/oauth2/client.rb
|
197
206
|
- lib/rack/oauth2/client/error.rb
|
@@ -203,8 +212,6 @@ files:
|
|
203
212
|
- lib/rack/oauth2/client/grant/refresh_token.rb
|
204
213
|
- lib/rack/oauth2/client/grant/saml2_bearer.rb
|
205
214
|
- lib/rack/oauth2/client/grant/token_exchange.rb
|
206
|
-
- lib/rack/oauth2/debugger.rb
|
207
|
-
- lib/rack/oauth2/debugger/request_filter.rb
|
208
215
|
- lib/rack/oauth2/server.rb
|
209
216
|
- lib/rack/oauth2/server/abstract.rb
|
210
217
|
- lib/rack/oauth2/server/abstract/error.rb
|
@@ -227,8 +234,6 @@ files:
|
|
227
234
|
- lib/rack/oauth2/server/resource/bearer.rb
|
228
235
|
- lib/rack/oauth2/server/resource/bearer/error.rb
|
229
236
|
- lib/rack/oauth2/server/resource/error.rb
|
230
|
-
- lib/rack/oauth2/server/resource/mac.rb
|
231
|
-
- lib/rack/oauth2/server/resource/mac/error.rb
|
232
237
|
- lib/rack/oauth2/server/token.rb
|
233
238
|
- lib/rack/oauth2/server/token/authorization_code.rb
|
234
239
|
- lib/rack/oauth2/server/token/client_credentials.rb
|
@@ -252,15 +257,10 @@ files:
|
|
252
257
|
- spec/mock_response/tokens/legacy.json
|
253
258
|
- spec/mock_response/tokens/legacy.txt
|
254
259
|
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
255
|
-
- spec/mock_response/tokens/mac.json
|
256
260
|
- spec/mock_response/tokens/unknown.json
|
257
261
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
258
262
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
259
263
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
260
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
261
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
262
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
263
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
264
264
|
- spec/rack/oauth2/access_token_spec.rb
|
265
265
|
- spec/rack/oauth2/client/error_spec.rb
|
266
266
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
@@ -270,7 +270,6 @@ files:
|
|
270
270
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
271
271
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
272
272
|
- spec/rack/oauth2/client_spec.rb
|
273
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
274
273
|
- spec/rack/oauth2/oauth2_spec.rb
|
275
274
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
276
275
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
@@ -283,8 +282,6 @@ files:
|
|
283
282
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
284
283
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
285
284
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
286
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
287
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
288
285
|
- spec/rack/oauth2/server/resource_spec.rb
|
289
286
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
290
287
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
@@ -300,7 +297,7 @@ homepage: https://github.com/nov/rack-oauth2
|
|
300
297
|
licenses:
|
301
298
|
- MIT
|
302
299
|
metadata: {}
|
303
|
-
post_install_message:
|
300
|
+
post_install_message:
|
304
301
|
rdoc_options:
|
305
302
|
- "--charset=UTF-8"
|
306
303
|
require_paths:
|
@@ -312,14 +309,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
312
309
|
version: '0'
|
313
310
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
314
311
|
requirements:
|
315
|
-
- - "
|
312
|
+
- - ">"
|
316
313
|
- !ruby/object:Gem::Version
|
317
|
-
version:
|
314
|
+
version: 1.3.1
|
318
315
|
requirements: []
|
319
|
-
rubygems_version: 3.
|
320
|
-
signing_key:
|
316
|
+
rubygems_version: 3.3.7
|
317
|
+
signing_key:
|
321
318
|
specification_version: 4
|
322
|
-
summary: OAuth 2.0 Server & Client Library - Both Bearer
|
319
|
+
summary: OAuth 2.0 Server & Client Library - Both Bearer token type are supported
|
323
320
|
test_files:
|
324
321
|
- spec/helpers/time.rb
|
325
322
|
- spec/helpers/webmock_helper.rb
|
@@ -331,15 +328,10 @@ test_files:
|
|
331
328
|
- spec/mock_response/tokens/legacy.json
|
332
329
|
- spec/mock_response/tokens/legacy.txt
|
333
330
|
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
334
|
-
- spec/mock_response/tokens/mac.json
|
335
331
|
- spec/mock_response/tokens/unknown.json
|
336
332
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
337
333
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
338
334
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
339
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
340
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
341
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
342
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
343
335
|
- spec/rack/oauth2/access_token_spec.rb
|
344
336
|
- spec/rack/oauth2/client/error_spec.rb
|
345
337
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
@@ -349,7 +341,6 @@ test_files:
|
|
349
341
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
350
342
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
351
343
|
- spec/rack/oauth2/client_spec.rb
|
352
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
353
344
|
- spec/rack/oauth2/oauth2_spec.rb
|
354
345
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
355
346
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
@@ -362,8 +353,6 @@ test_files:
|
|
362
353
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
363
354
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
364
355
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
365
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
366
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
367
356
|
- spec/rack/oauth2/server/resource_spec.rb
|
368
357
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
369
358
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
data/.travis.yml
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class MAC
|
5
|
-
class Sha256HexVerifier < Verifier
|
6
|
-
attr_optional :raw_body
|
7
|
-
|
8
|
-
def calculate
|
9
|
-
return nil unless raw_body.present?
|
10
|
-
|
11
|
-
OpenSSL::Digest::SHA256.new.digest(raw_body).unpack('H*').first
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,34 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class MAC
|
5
|
-
class Signature < Verifier
|
6
|
-
attr_required :secret, :ts, :nonce, :method, :request_uri, :host, :port
|
7
|
-
attr_optional :ext, :query
|
8
|
-
|
9
|
-
def calculate
|
10
|
-
Rack::OAuth2::Util.base64_encode OpenSSL::HMAC.digest(
|
11
|
-
hash_generator,
|
12
|
-
secret,
|
13
|
-
normalized_request_string
|
14
|
-
)
|
15
|
-
end
|
16
|
-
|
17
|
-
def normalized_request_string
|
18
|
-
[
|
19
|
-
ts.to_i,
|
20
|
-
nonce,
|
21
|
-
method.to_s.upcase,
|
22
|
-
request_uri,
|
23
|
-
host,
|
24
|
-
port,
|
25
|
-
ext || '',
|
26
|
-
nil
|
27
|
-
].join("\n")
|
28
|
-
end
|
29
|
-
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
@@ -1,44 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class MAC
|
5
|
-
class Verifier
|
6
|
-
include AttrRequired, AttrOptional
|
7
|
-
attr_required :algorithm
|
8
|
-
|
9
|
-
class VerificationFailed < StandardError; end
|
10
|
-
|
11
|
-
def initialize(attributes = {})
|
12
|
-
(required_attributes + optional_attributes).each do |key|
|
13
|
-
self.send :"#{key}=", attributes[key]
|
14
|
-
end
|
15
|
-
attr_missing!
|
16
|
-
rescue AttrRequired::AttrMissing => e
|
17
|
-
raise VerificationFailed.new("#{self.class.name.demodulize} Invalid: #{e.message}")
|
18
|
-
end
|
19
|
-
|
20
|
-
def verify!(expected)
|
21
|
-
if expected == self.calculate
|
22
|
-
:verified
|
23
|
-
else
|
24
|
-
raise VerificationFailed.new("#{self.class.name.demodulize} Invalid")
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
private
|
29
|
-
|
30
|
-
def hash_generator
|
31
|
-
case algorithm.to_s
|
32
|
-
when 'hmac-sha-1'
|
33
|
-
OpenSSL::Digest::SHA1.new
|
34
|
-
when 'hmac-sha-256'
|
35
|
-
OpenSSL::Digest::SHA256.new
|
36
|
-
else
|
37
|
-
raise 'Unsupported Algorithm'
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
@@ -1,103 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class MAC < AccessToken
|
5
|
-
attr_required :mac_key, :mac_algorithm
|
6
|
-
attr_optional :ts, :ext_verifier, :ts_expires_in
|
7
|
-
attr_reader :nonce, :signature, :ext
|
8
|
-
|
9
|
-
def initialize(attributes = {})
|
10
|
-
super(attributes)
|
11
|
-
@issued_at = Time.now.utc
|
12
|
-
@ts_expires_in ||= 5.minutes
|
13
|
-
end
|
14
|
-
|
15
|
-
def token_response
|
16
|
-
super.merge(
|
17
|
-
mac_key: mac_key,
|
18
|
-
mac_algorithm: mac_algorithm
|
19
|
-
)
|
20
|
-
end
|
21
|
-
|
22
|
-
def verify!(request)
|
23
|
-
if self.ext_verifier.present?
|
24
|
-
body = request.body.read
|
25
|
-
request.body.rewind # for future use
|
26
|
-
|
27
|
-
self.ext_verifier.new(
|
28
|
-
raw_body: body,
|
29
|
-
algorithm: self.mac_algorithm
|
30
|
-
).verify!(request.ext)
|
31
|
-
end
|
32
|
-
|
33
|
-
now = Time.now.utc.to_i
|
34
|
-
now = @ts.to_i if @ts.present?
|
35
|
-
|
36
|
-
raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i
|
37
|
-
|
38
|
-
Signature.new(
|
39
|
-
secret: self.mac_key,
|
40
|
-
algorithm: self.mac_algorithm,
|
41
|
-
nonce: request.nonce,
|
42
|
-
method: request.request_method,
|
43
|
-
request_uri: request.fullpath,
|
44
|
-
host: request.host,
|
45
|
-
port: request.port,
|
46
|
-
ts: request.ts,
|
47
|
-
ext: request.ext
|
48
|
-
).verify!(request.signature)
|
49
|
-
rescue Verifier::VerificationFailed => e
|
50
|
-
request.invalid_token! e.message
|
51
|
-
end
|
52
|
-
|
53
|
-
def authenticate(request)
|
54
|
-
@nonce = generate_nonce
|
55
|
-
@ts_generated = @ts || Time.now.utc
|
56
|
-
|
57
|
-
if self.ext_verifier.present?
|
58
|
-
@ext = self.ext_verifier.new(
|
59
|
-
raw_body: request.body,
|
60
|
-
algorithm: self.mac_algorithm
|
61
|
-
).calculate
|
62
|
-
end
|
63
|
-
|
64
|
-
@signature = Signature.new(
|
65
|
-
secret: self.mac_key,
|
66
|
-
algorithm: self.mac_algorithm,
|
67
|
-
nonce: self.nonce,
|
68
|
-
method: request.header.request_method,
|
69
|
-
request_uri: request.header.create_query_uri,
|
70
|
-
host: request.header.request_uri.host,
|
71
|
-
port: request.header.request_uri.port,
|
72
|
-
ts: @ts_generated,
|
73
|
-
ext: @ext
|
74
|
-
).calculate
|
75
|
-
|
76
|
-
request.header['Authorization'] = authorization_header
|
77
|
-
end
|
78
|
-
|
79
|
-
private
|
80
|
-
|
81
|
-
def authorization_header
|
82
|
-
header = "MAC id=\"#{access_token}\""
|
83
|
-
header << ", nonce=\"#{nonce}\""
|
84
|
-
header << ", ts=\"#{@ts_generated.to_i}\""
|
85
|
-
header << ", mac=\"#{signature}\""
|
86
|
-
header << ", ext=\"#{ext}\"" if @ext.present?
|
87
|
-
header
|
88
|
-
end
|
89
|
-
|
90
|
-
def generate_nonce
|
91
|
-
[
|
92
|
-
(Time.now.utc - @issued_at).to_i,
|
93
|
-
SecureRandom.hex
|
94
|
-
].join(':')
|
95
|
-
end
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
require 'rack/oauth2/access_token/mac/verifier'
|
102
|
-
require 'rack/oauth2/access_token/mac/sha256_hex_verifier'
|
103
|
-
require 'rack/oauth2/access_token/mac/signature'
|
@@ -1,30 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
module Debugger
|
4
|
-
class RequestFilter
|
5
|
-
# Callback called in HTTPClient (before sending a request)
|
6
|
-
# request:: HTTP::Message
|
7
|
-
def filter_request(request)
|
8
|
-
started = "======= [Rack::OAuth2] HTTP REQUEST STARTED ======="
|
9
|
-
log started, request.dump
|
10
|
-
end
|
11
|
-
|
12
|
-
# Callback called in HTTPClient (after received a response)
|
13
|
-
# request:: HTTP::Message
|
14
|
-
# response:: HTTP::Message
|
15
|
-
def filter_response(request, response)
|
16
|
-
finished = "======= [Rack::OAuth2] HTTP REQUEST FINISHED ======="
|
17
|
-
log '-' * 50, response.dump, finished
|
18
|
-
end
|
19
|
-
|
20
|
-
private
|
21
|
-
|
22
|
-
def log(*outputs)
|
23
|
-
outputs.each do |output|
|
24
|
-
OAuth2.logger.info output
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
data/lib/rack/oauth2/debugger.rb
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
module Server
|
4
|
-
class Resource
|
5
|
-
class MAC
|
6
|
-
class Unauthorized < Resource::Unauthorized
|
7
|
-
def scheme
|
8
|
-
:MAC
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
module ErrorMethods
|
13
|
-
include Resource::ErrorMethods
|
14
|
-
def unauthorized!(error = nil, description = nil, options = {})
|
15
|
-
raise Unauthorized.new(error, description, options)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
Request.send :include, ErrorMethods
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
module Server
|
4
|
-
class Resource
|
5
|
-
class MAC < Resource
|
6
|
-
def _call(env)
|
7
|
-
self.request = Request.new(env)
|
8
|
-
super
|
9
|
-
end
|
10
|
-
|
11
|
-
private
|
12
|
-
|
13
|
-
class Request < Resource::Request
|
14
|
-
attr_reader :nonce, :ts, :ext, :signature
|
15
|
-
|
16
|
-
def setup!
|
17
|
-
auth_params = Rack::Auth::Digest::Params.parse(@auth_header.params).with_indifferent_access
|
18
|
-
@access_token = auth_params[:id]
|
19
|
-
@nonce = auth_params[:nonce]
|
20
|
-
@ts = auth_params[:ts]
|
21
|
-
@ext = auth_params[:ext]
|
22
|
-
@signature = auth_params[:mac]
|
23
|
-
self
|
24
|
-
end
|
25
|
-
|
26
|
-
def oauth2?
|
27
|
-
@auth_header.provided? && @auth_header.scheme.to_s == 'mac'
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
require 'rack/oauth2/server/resource/mac/error'
|
@@ -1,28 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier do
|
4
|
-
|
5
|
-
# From the example of webtopay wallet API spec
|
6
|
-
# ref) https://www.webtopay.com/wallet/#authentication
|
7
|
-
context 'when example from webtopay wallet API' do
|
8
|
-
subject do
|
9
|
-
Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier.new(
|
10
|
-
algorithm: 'hmac-sha-256',
|
11
|
-
raw_body: 'grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=http%3A%2F%2Flocalhost%2Fabc'
|
12
|
-
)
|
13
|
-
end
|
14
|
-
its(:calculate) { should == '21fb73c40b589622d0c78e9cd8900f89d9472aa724d0e5c3eca9ac1cd9d2a6d5' }
|
15
|
-
end
|
16
|
-
|
17
|
-
|
18
|
-
context 'when raw_body is empty' do
|
19
|
-
subject do
|
20
|
-
Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier.new(
|
21
|
-
algorithm: 'hmac-sha-256',
|
22
|
-
raw_body: ''
|
23
|
-
)
|
24
|
-
end
|
25
|
-
its(:calculate) { should be_nil }
|
26
|
-
end
|
27
|
-
|
28
|
-
end
|