rack-oauth2 1.21.2 → 2.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/spec.yml +32 -0
- data/README.rdoc +1 -20
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/authenticator.rb +1 -10
- data/lib/rack/oauth2/access_token/bearer.rb +1 -1
- data/lib/rack/oauth2/access_token/legacy.rb +1 -1
- data/lib/rack/oauth2/access_token.rb +2 -3
- data/lib/rack/oauth2/client.rb +1 -3
- data/lib/rack/oauth2/server/abstract/error.rb +1 -1
- data/lib/rack/oauth2/server/rails/response_ext.rb +3 -3
- data/lib/rack/oauth2/server/resource/error.rb +4 -4
- data/lib/rack/oauth2/server/resource.rb +0 -1
- data/lib/rack/oauth2/server/token/error.rb +1 -1
- data/lib/rack/oauth2/server/token.rb +3 -3
- data/lib/rack/oauth2.rb +8 -14
- data/rack-oauth2.gemspec +4 -3
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +2 -13
- data/spec/rack/oauth2/access_token/bearer_spec.rb +2 -2
- data/spec/rack/oauth2/access_token/legacy_spec.rb +2 -2
- data/spec/rack/oauth2/access_token_spec.rb +0 -17
- data/spec/rack/oauth2/client_spec.rb +1 -17
- data/spec/rack/oauth2/oauth2_spec.rb +0 -43
- data/spec/rack/oauth2/server/authorize/error_spec.rb +6 -6
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +2 -2
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +9 -9
- data/spec/rack/oauth2/server/resource/error_spec.rb +14 -14
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +2 -2
- data/spec/rack/oauth2/server/token/error_spec.rb +5 -5
- data/spec/rack/oauth2/server/token_spec.rb +2 -2
- metadata +26 -37
- data/.travis.yml +0 -8
- data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +0 -17
- data/lib/rack/oauth2/access_token/mac/signature.rb +0 -34
- data/lib/rack/oauth2/access_token/mac/verifier.rb +0 -44
- data/lib/rack/oauth2/access_token/mac.rb +0 -103
- data/lib/rack/oauth2/debugger/request_filter.rb +0 -30
- data/lib/rack/oauth2/debugger.rb +0 -3
- data/lib/rack/oauth2/server/resource/mac/error.rb +0 -24
- data/lib/rack/oauth2/server/resource/mac.rb +0 -36
- data/spec/mock_response/tokens/mac.json +0 -8
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +0 -28
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +0 -59
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +0 -25
- data/spec/rack/oauth2/access_token/mac_spec.rb +0 -141
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +0 -33
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +0 -52
- data/spec/rack/oauth2/server/resource/mac_spec.rb +0 -119
@@ -7,9 +7,9 @@ describe Rack::OAuth2::Server::Resource::BadRequest do
|
|
7
7
|
|
8
8
|
describe '#finish' do
|
9
9
|
it 'should respond in JSON' do
|
10
|
-
status,
|
10
|
+
status, headers, response = error.finish
|
11
11
|
status.should == 400
|
12
|
-
|
12
|
+
headers['Content-Type'].should == 'application/json'
|
13
13
|
response.should == ['{"error":"invalid_request"}']
|
14
14
|
end
|
15
15
|
end
|
@@ -40,10 +40,10 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
40
40
|
|
41
41
|
describe '#finish' do
|
42
42
|
it 'should respond in JSON' do
|
43
|
-
status,
|
43
|
+
status, headers, response = error_with_scheme.finish
|
44
44
|
status.should == 401
|
45
|
-
|
46
|
-
|
45
|
+
headers['Content-Type'].should == 'application/json'
|
46
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
|
47
47
|
response.should == ['{"error":"invalid_token"}']
|
48
48
|
end
|
49
49
|
|
@@ -51,8 +51,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
51
51
|
let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new(:something) }
|
52
52
|
|
53
53
|
it 'should have error_code in body but not in WWW-Authenticate header' do
|
54
|
-
status,
|
55
|
-
|
54
|
+
status, headers, response = error_with_scheme.finish
|
55
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
|
56
56
|
response.first.should include '"error":"something"'
|
57
57
|
end
|
58
58
|
end
|
@@ -61,8 +61,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
61
61
|
let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new }
|
62
62
|
|
63
63
|
it 'should have error_code in body but not in WWW-Authenticate header' do
|
64
|
-
status,
|
65
|
-
|
64
|
+
status, headers, response = error_with_scheme.finish
|
65
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
|
66
66
|
response.first.should == '{"error":"unauthorized"}'
|
67
67
|
end
|
68
68
|
end
|
@@ -72,8 +72,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
72
72
|
let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something, nil, realm: realm) }
|
73
73
|
|
74
74
|
it 'should use given realm' do
|
75
|
-
status,
|
76
|
-
|
75
|
+
status, headers, response = error_with_scheme.finish
|
76
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
|
77
77
|
response.first.should include '"error":"something"'
|
78
78
|
end
|
79
79
|
end
|
@@ -88,9 +88,9 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
|
|
88
88
|
|
89
89
|
describe '#finish' do
|
90
90
|
it 'should respond in JSON' do
|
91
|
-
status,
|
91
|
+
status, headers, response = error.finish
|
92
92
|
status.should == 403
|
93
|
-
|
93
|
+
headers['Content-Type'].should == 'application/json'
|
94
94
|
response.should == ['{"error":"insufficient_scope"}']
|
95
95
|
end
|
96
96
|
end
|
@@ -99,7 +99,7 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
|
|
99
99
|
let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', scope: [:scope1, :scope2]) }
|
100
100
|
|
101
101
|
it 'should have blank WWW-Authenticate header' do
|
102
|
-
status,
|
102
|
+
status, headers, response = error.finish
|
103
103
|
response.first.should include '"scope":"scope1 scope2"'
|
104
104
|
end
|
105
105
|
end
|
@@ -24,8 +24,8 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
|
|
24
24
|
its(:body) { should include '"token_type":"bearer"' }
|
25
25
|
|
26
26
|
it 'should prevent to be cached' do
|
27
|
-
response.
|
28
|
-
response.
|
27
|
+
response.headers['Cache-Control'].should == 'no-store'
|
28
|
+
response.headers['Pragma'].should == 'no-cache'
|
29
29
|
end
|
30
30
|
|
31
31
|
[:code].each do |required|
|
@@ -7,9 +7,9 @@ describe Rack::OAuth2::Server::Token::BadRequest do
|
|
7
7
|
|
8
8
|
describe '#finish' do
|
9
9
|
it 'should respond in JSON' do
|
10
|
-
status,
|
10
|
+
status, headers, response = error.finish
|
11
11
|
status.should == 400
|
12
|
-
|
12
|
+
headers['Content-Type'].should == 'application/json'
|
13
13
|
response.should == ['{"error":"invalid_request"}']
|
14
14
|
end
|
15
15
|
end
|
@@ -22,10 +22,10 @@ describe Rack::OAuth2::Server::Token::Unauthorized do
|
|
22
22
|
|
23
23
|
describe '#finish' do
|
24
24
|
it 'should respond in JSON' do
|
25
|
-
status,
|
25
|
+
status, headers, response = error.finish
|
26
26
|
status.should == 401
|
27
|
-
|
28
|
-
|
27
|
+
headers['Content-Type'].should == 'application/json'
|
28
|
+
headers['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
|
29
29
|
response.should == ['{"error":"invalid_request"}']
|
30
30
|
end
|
31
31
|
end
|
@@ -28,7 +28,7 @@ describe Rack::OAuth2::Server::Token do
|
|
28
28
|
)
|
29
29
|
end
|
30
30
|
it 'should fail with unsupported_grant_type' do
|
31
|
-
status,
|
31
|
+
status, headers, response = app.call(env)
|
32
32
|
status.should == 400
|
33
33
|
response.first.should include '"error":"invalid_request"'
|
34
34
|
end
|
@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Token do
|
|
43
43
|
)
|
44
44
|
end
|
45
45
|
it 'should ignore duplicates' do
|
46
|
-
status,
|
46
|
+
status, headers, response = app.call(env)
|
47
47
|
status.should == 200
|
48
48
|
end
|
49
49
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0.rc1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-10-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -25,7 +25,21 @@ dependencies:
|
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 2.1.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
28
|
+
name: faraday
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '2.0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '2.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: faraday-follow_redirects
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
45
|
- - ">="
|
@@ -164,8 +178,7 @@ dependencies:
|
|
164
178
|
- - ">="
|
165
179
|
- !ruby/object:Gem::Version
|
166
180
|
version: '0'
|
167
|
-
description: OAuth 2.0 Server & Client Library. Both Bearer
|
168
|
-
supported.
|
181
|
+
description: OAuth 2.0 Server & Client Library. Both Bearer token type are supported.
|
169
182
|
email: nov@matake.jp
|
170
183
|
executables: []
|
171
184
|
extensions: []
|
@@ -175,9 +188,9 @@ extra_rdoc_files:
|
|
175
188
|
files:
|
176
189
|
- ".document"
|
177
190
|
- ".github/FUNDING.yml"
|
191
|
+
- ".github/workflows/spec.yml"
|
178
192
|
- ".gitignore"
|
179
193
|
- ".rspec"
|
180
|
-
- ".travis.yml"
|
181
194
|
- Gemfile
|
182
195
|
- LICENSE
|
183
196
|
- README.rdoc
|
@@ -188,10 +201,6 @@ files:
|
|
188
201
|
- lib/rack/oauth2/access_token/authenticator.rb
|
189
202
|
- lib/rack/oauth2/access_token/bearer.rb
|
190
203
|
- lib/rack/oauth2/access_token/legacy.rb
|
191
|
-
- lib/rack/oauth2/access_token/mac.rb
|
192
|
-
- lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb
|
193
|
-
- lib/rack/oauth2/access_token/mac/signature.rb
|
194
|
-
- lib/rack/oauth2/access_token/mac/verifier.rb
|
195
204
|
- lib/rack/oauth2/access_token/mtls.rb
|
196
205
|
- lib/rack/oauth2/client.rb
|
197
206
|
- lib/rack/oauth2/client/error.rb
|
@@ -203,8 +212,6 @@ files:
|
|
203
212
|
- lib/rack/oauth2/client/grant/refresh_token.rb
|
204
213
|
- lib/rack/oauth2/client/grant/saml2_bearer.rb
|
205
214
|
- lib/rack/oauth2/client/grant/token_exchange.rb
|
206
|
-
- lib/rack/oauth2/debugger.rb
|
207
|
-
- lib/rack/oauth2/debugger/request_filter.rb
|
208
215
|
- lib/rack/oauth2/server.rb
|
209
216
|
- lib/rack/oauth2/server/abstract.rb
|
210
217
|
- lib/rack/oauth2/server/abstract/error.rb
|
@@ -227,8 +234,6 @@ files:
|
|
227
234
|
- lib/rack/oauth2/server/resource/bearer.rb
|
228
235
|
- lib/rack/oauth2/server/resource/bearer/error.rb
|
229
236
|
- lib/rack/oauth2/server/resource/error.rb
|
230
|
-
- lib/rack/oauth2/server/resource/mac.rb
|
231
|
-
- lib/rack/oauth2/server/resource/mac/error.rb
|
232
237
|
- lib/rack/oauth2/server/token.rb
|
233
238
|
- lib/rack/oauth2/server/token/authorization_code.rb
|
234
239
|
- lib/rack/oauth2/server/token/client_credentials.rb
|
@@ -252,15 +257,10 @@ files:
|
|
252
257
|
- spec/mock_response/tokens/legacy.json
|
253
258
|
- spec/mock_response/tokens/legacy.txt
|
254
259
|
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
255
|
-
- spec/mock_response/tokens/mac.json
|
256
260
|
- spec/mock_response/tokens/unknown.json
|
257
261
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
258
262
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
259
263
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
260
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
261
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
262
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
263
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
264
264
|
- spec/rack/oauth2/access_token_spec.rb
|
265
265
|
- spec/rack/oauth2/client/error_spec.rb
|
266
266
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
@@ -270,7 +270,6 @@ files:
|
|
270
270
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
271
271
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
272
272
|
- spec/rack/oauth2/client_spec.rb
|
273
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
274
273
|
- spec/rack/oauth2/oauth2_spec.rb
|
275
274
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
276
275
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
@@ -283,8 +282,6 @@ files:
|
|
283
282
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
284
283
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
285
284
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
286
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
287
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
288
285
|
- spec/rack/oauth2/server/resource_spec.rb
|
289
286
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
290
287
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
@@ -300,7 +297,7 @@ homepage: https://github.com/nov/rack-oauth2
|
|
300
297
|
licenses:
|
301
298
|
- MIT
|
302
299
|
metadata: {}
|
303
|
-
post_install_message:
|
300
|
+
post_install_message:
|
304
301
|
rdoc_options:
|
305
302
|
- "--charset=UTF-8"
|
306
303
|
require_paths:
|
@@ -312,14 +309,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
312
309
|
version: '0'
|
313
310
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
314
311
|
requirements:
|
315
|
-
- - "
|
312
|
+
- - ">"
|
316
313
|
- !ruby/object:Gem::Version
|
317
|
-
version:
|
314
|
+
version: 1.3.1
|
318
315
|
requirements: []
|
319
|
-
rubygems_version: 3.
|
320
|
-
signing_key:
|
316
|
+
rubygems_version: 3.3.7
|
317
|
+
signing_key:
|
321
318
|
specification_version: 4
|
322
|
-
summary: OAuth 2.0 Server & Client Library - Both Bearer
|
319
|
+
summary: OAuth 2.0 Server & Client Library - Both Bearer token type are supported
|
323
320
|
test_files:
|
324
321
|
- spec/helpers/time.rb
|
325
322
|
- spec/helpers/webmock_helper.rb
|
@@ -331,15 +328,10 @@ test_files:
|
|
331
328
|
- spec/mock_response/tokens/legacy.json
|
332
329
|
- spec/mock_response/tokens/legacy.txt
|
333
330
|
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
334
|
-
- spec/mock_response/tokens/mac.json
|
335
331
|
- spec/mock_response/tokens/unknown.json
|
336
332
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
337
333
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
338
334
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
339
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
340
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
341
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
342
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
343
335
|
- spec/rack/oauth2/access_token_spec.rb
|
344
336
|
- spec/rack/oauth2/client/error_spec.rb
|
345
337
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
@@ -349,7 +341,6 @@ test_files:
|
|
349
341
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
350
342
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
351
343
|
- spec/rack/oauth2/client_spec.rb
|
352
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
353
344
|
- spec/rack/oauth2/oauth2_spec.rb
|
354
345
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
355
346
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
@@ -362,8 +353,6 @@ test_files:
|
|
362
353
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
363
354
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
364
355
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
365
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
366
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
367
356
|
- spec/rack/oauth2/server/resource_spec.rb
|
368
357
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
369
358
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
data/.travis.yml
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class MAC
|
5
|
-
class Sha256HexVerifier < Verifier
|
6
|
-
attr_optional :raw_body
|
7
|
-
|
8
|
-
def calculate
|
9
|
-
return nil unless raw_body.present?
|
10
|
-
|
11
|
-
OpenSSL::Digest::SHA256.new.digest(raw_body).unpack('H*').first
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,34 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class MAC
|
5
|
-
class Signature < Verifier
|
6
|
-
attr_required :secret, :ts, :nonce, :method, :request_uri, :host, :port
|
7
|
-
attr_optional :ext, :query
|
8
|
-
|
9
|
-
def calculate
|
10
|
-
Rack::OAuth2::Util.base64_encode OpenSSL::HMAC.digest(
|
11
|
-
hash_generator,
|
12
|
-
secret,
|
13
|
-
normalized_request_string
|
14
|
-
)
|
15
|
-
end
|
16
|
-
|
17
|
-
def normalized_request_string
|
18
|
-
[
|
19
|
-
ts.to_i,
|
20
|
-
nonce,
|
21
|
-
method.to_s.upcase,
|
22
|
-
request_uri,
|
23
|
-
host,
|
24
|
-
port,
|
25
|
-
ext || '',
|
26
|
-
nil
|
27
|
-
].join("\n")
|
28
|
-
end
|
29
|
-
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
@@ -1,44 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class MAC
|
5
|
-
class Verifier
|
6
|
-
include AttrRequired, AttrOptional
|
7
|
-
attr_required :algorithm
|
8
|
-
|
9
|
-
class VerificationFailed < StandardError; end
|
10
|
-
|
11
|
-
def initialize(attributes = {})
|
12
|
-
(required_attributes + optional_attributes).each do |key|
|
13
|
-
self.send :"#{key}=", attributes[key]
|
14
|
-
end
|
15
|
-
attr_missing!
|
16
|
-
rescue AttrRequired::AttrMissing => e
|
17
|
-
raise VerificationFailed.new("#{self.class.name.demodulize} Invalid: #{e.message}")
|
18
|
-
end
|
19
|
-
|
20
|
-
def verify!(expected)
|
21
|
-
if expected == self.calculate
|
22
|
-
:verified
|
23
|
-
else
|
24
|
-
raise VerificationFailed.new("#{self.class.name.demodulize} Invalid")
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
private
|
29
|
-
|
30
|
-
def hash_generator
|
31
|
-
case algorithm.to_s
|
32
|
-
when 'hmac-sha-1'
|
33
|
-
OpenSSL::Digest::SHA1.new
|
34
|
-
when 'hmac-sha-256'
|
35
|
-
OpenSSL::Digest::SHA256.new
|
36
|
-
else
|
37
|
-
raise 'Unsupported Algorithm'
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
@@ -1,103 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class MAC < AccessToken
|
5
|
-
attr_required :mac_key, :mac_algorithm
|
6
|
-
attr_optional :ts, :ext_verifier, :ts_expires_in
|
7
|
-
attr_reader :nonce, :signature, :ext
|
8
|
-
|
9
|
-
def initialize(attributes = {})
|
10
|
-
super(attributes)
|
11
|
-
@issued_at = Time.now.utc
|
12
|
-
@ts_expires_in ||= 5.minutes
|
13
|
-
end
|
14
|
-
|
15
|
-
def token_response
|
16
|
-
super.merge(
|
17
|
-
mac_key: mac_key,
|
18
|
-
mac_algorithm: mac_algorithm
|
19
|
-
)
|
20
|
-
end
|
21
|
-
|
22
|
-
def verify!(request)
|
23
|
-
if self.ext_verifier.present?
|
24
|
-
body = request.body.read
|
25
|
-
request.body.rewind # for future use
|
26
|
-
|
27
|
-
self.ext_verifier.new(
|
28
|
-
raw_body: body,
|
29
|
-
algorithm: self.mac_algorithm
|
30
|
-
).verify!(request.ext)
|
31
|
-
end
|
32
|
-
|
33
|
-
now = Time.now.utc.to_i
|
34
|
-
now = @ts.to_i if @ts.present?
|
35
|
-
|
36
|
-
raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i
|
37
|
-
|
38
|
-
Signature.new(
|
39
|
-
secret: self.mac_key,
|
40
|
-
algorithm: self.mac_algorithm,
|
41
|
-
nonce: request.nonce,
|
42
|
-
method: request.request_method,
|
43
|
-
request_uri: request.fullpath,
|
44
|
-
host: request.host,
|
45
|
-
port: request.port,
|
46
|
-
ts: request.ts,
|
47
|
-
ext: request.ext
|
48
|
-
).verify!(request.signature)
|
49
|
-
rescue Verifier::VerificationFailed => e
|
50
|
-
request.invalid_token! e.message
|
51
|
-
end
|
52
|
-
|
53
|
-
def authenticate(request)
|
54
|
-
@nonce = generate_nonce
|
55
|
-
@ts_generated = @ts || Time.now.utc
|
56
|
-
|
57
|
-
if self.ext_verifier.present?
|
58
|
-
@ext = self.ext_verifier.new(
|
59
|
-
raw_body: request.body,
|
60
|
-
algorithm: self.mac_algorithm
|
61
|
-
).calculate
|
62
|
-
end
|
63
|
-
|
64
|
-
@signature = Signature.new(
|
65
|
-
secret: self.mac_key,
|
66
|
-
algorithm: self.mac_algorithm,
|
67
|
-
nonce: self.nonce,
|
68
|
-
method: request.header.request_method,
|
69
|
-
request_uri: request.header.create_query_uri,
|
70
|
-
host: request.header.request_uri.host,
|
71
|
-
port: request.header.request_uri.port,
|
72
|
-
ts: @ts_generated,
|
73
|
-
ext: @ext
|
74
|
-
).calculate
|
75
|
-
|
76
|
-
request.header['Authorization'] = authorization_header
|
77
|
-
end
|
78
|
-
|
79
|
-
private
|
80
|
-
|
81
|
-
def authorization_header
|
82
|
-
header = "MAC id=\"#{access_token}\""
|
83
|
-
header << ", nonce=\"#{nonce}\""
|
84
|
-
header << ", ts=\"#{@ts_generated.to_i}\""
|
85
|
-
header << ", mac=\"#{signature}\""
|
86
|
-
header << ", ext=\"#{ext}\"" if @ext.present?
|
87
|
-
header
|
88
|
-
end
|
89
|
-
|
90
|
-
def generate_nonce
|
91
|
-
[
|
92
|
-
(Time.now.utc - @issued_at).to_i,
|
93
|
-
SecureRandom.hex
|
94
|
-
].join(':')
|
95
|
-
end
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
require 'rack/oauth2/access_token/mac/verifier'
|
102
|
-
require 'rack/oauth2/access_token/mac/sha256_hex_verifier'
|
103
|
-
require 'rack/oauth2/access_token/mac/signature'
|
@@ -1,30 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
module Debugger
|
4
|
-
class RequestFilter
|
5
|
-
# Callback called in HTTPClient (before sending a request)
|
6
|
-
# request:: HTTP::Message
|
7
|
-
def filter_request(request)
|
8
|
-
started = "======= [Rack::OAuth2] HTTP REQUEST STARTED ======="
|
9
|
-
log started, request.dump
|
10
|
-
end
|
11
|
-
|
12
|
-
# Callback called in HTTPClient (after received a response)
|
13
|
-
# request:: HTTP::Message
|
14
|
-
# response:: HTTP::Message
|
15
|
-
def filter_response(request, response)
|
16
|
-
finished = "======= [Rack::OAuth2] HTTP REQUEST FINISHED ======="
|
17
|
-
log '-' * 50, response.dump, finished
|
18
|
-
end
|
19
|
-
|
20
|
-
private
|
21
|
-
|
22
|
-
def log(*outputs)
|
23
|
-
outputs.each do |output|
|
24
|
-
OAuth2.logger.info output
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
data/lib/rack/oauth2/debugger.rb
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
module Server
|
4
|
-
class Resource
|
5
|
-
class MAC
|
6
|
-
class Unauthorized < Resource::Unauthorized
|
7
|
-
def scheme
|
8
|
-
:MAC
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
module ErrorMethods
|
13
|
-
include Resource::ErrorMethods
|
14
|
-
def unauthorized!(error = nil, description = nil, options = {})
|
15
|
-
raise Unauthorized.new(error, description, options)
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
Request.send :include, ErrorMethods
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
module Server
|
4
|
-
class Resource
|
5
|
-
class MAC < Resource
|
6
|
-
def _call(env)
|
7
|
-
self.request = Request.new(env)
|
8
|
-
super
|
9
|
-
end
|
10
|
-
|
11
|
-
private
|
12
|
-
|
13
|
-
class Request < Resource::Request
|
14
|
-
attr_reader :nonce, :ts, :ext, :signature
|
15
|
-
|
16
|
-
def setup!
|
17
|
-
auth_params = Rack::Auth::Digest::Params.parse(@auth_header.params).with_indifferent_access
|
18
|
-
@access_token = auth_params[:id]
|
19
|
-
@nonce = auth_params[:nonce]
|
20
|
-
@ts = auth_params[:ts]
|
21
|
-
@ext = auth_params[:ext]
|
22
|
-
@signature = auth_params[:mac]
|
23
|
-
self
|
24
|
-
end
|
25
|
-
|
26
|
-
def oauth2?
|
27
|
-
@auth_header.provided? && @auth_header.scheme.to_s == 'mac'
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
require 'rack/oauth2/server/resource/mac/error'
|
@@ -1,28 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier do
|
4
|
-
|
5
|
-
# From the example of webtopay wallet API spec
|
6
|
-
# ref) https://www.webtopay.com/wallet/#authentication
|
7
|
-
context 'when example from webtopay wallet API' do
|
8
|
-
subject do
|
9
|
-
Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier.new(
|
10
|
-
algorithm: 'hmac-sha-256',
|
11
|
-
raw_body: 'grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=http%3A%2F%2Flocalhost%2Fabc'
|
12
|
-
)
|
13
|
-
end
|
14
|
-
its(:calculate) { should == '21fb73c40b589622d0c78e9cd8900f89d9472aa724d0e5c3eca9ac1cd9d2a6d5' }
|
15
|
-
end
|
16
|
-
|
17
|
-
|
18
|
-
context 'when raw_body is empty' do
|
19
|
-
subject do
|
20
|
-
Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier.new(
|
21
|
-
algorithm: 'hmac-sha-256',
|
22
|
-
raw_body: ''
|
23
|
-
)
|
24
|
-
end
|
25
|
-
its(:calculate) { should be_nil }
|
26
|
-
end
|
27
|
-
|
28
|
-
end
|