rack-oauth2 1.21.2 → 2.0.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/spec.yml +32 -0
  3. data/README.rdoc +1 -20
  4. data/VERSION +1 -1
  5. data/lib/rack/oauth2/access_token/authenticator.rb +1 -10
  6. data/lib/rack/oauth2/access_token/bearer.rb +1 -1
  7. data/lib/rack/oauth2/access_token/legacy.rb +1 -1
  8. data/lib/rack/oauth2/access_token.rb +2 -3
  9. data/lib/rack/oauth2/client.rb +1 -3
  10. data/lib/rack/oauth2/server/abstract/error.rb +1 -1
  11. data/lib/rack/oauth2/server/rails/response_ext.rb +3 -3
  12. data/lib/rack/oauth2/server/resource/error.rb +4 -4
  13. data/lib/rack/oauth2/server/resource.rb +0 -1
  14. data/lib/rack/oauth2/server/token/error.rb +1 -1
  15. data/lib/rack/oauth2/server/token.rb +3 -3
  16. data/lib/rack/oauth2.rb +8 -14
  17. data/rack-oauth2.gemspec +4 -3
  18. data/spec/rack/oauth2/access_token/authenticator_spec.rb +2 -13
  19. data/spec/rack/oauth2/access_token/bearer_spec.rb +2 -2
  20. data/spec/rack/oauth2/access_token/legacy_spec.rb +2 -2
  21. data/spec/rack/oauth2/access_token_spec.rb +0 -17
  22. data/spec/rack/oauth2/client_spec.rb +1 -17
  23. data/spec/rack/oauth2/oauth2_spec.rb +0 -43
  24. data/spec/rack/oauth2/server/authorize/error_spec.rb +6 -6
  25. data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +2 -2
  26. data/spec/rack/oauth2/server/resource/bearer_spec.rb +9 -9
  27. data/spec/rack/oauth2/server/resource/error_spec.rb +14 -14
  28. data/spec/rack/oauth2/server/token/authorization_code_spec.rb +2 -2
  29. data/spec/rack/oauth2/server/token/error_spec.rb +5 -5
  30. data/spec/rack/oauth2/server/token_spec.rb +2 -2
  31. metadata +26 -37
  32. data/.travis.yml +0 -8
  33. data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +0 -17
  34. data/lib/rack/oauth2/access_token/mac/signature.rb +0 -34
  35. data/lib/rack/oauth2/access_token/mac/verifier.rb +0 -44
  36. data/lib/rack/oauth2/access_token/mac.rb +0 -103
  37. data/lib/rack/oauth2/debugger/request_filter.rb +0 -30
  38. data/lib/rack/oauth2/debugger.rb +0 -3
  39. data/lib/rack/oauth2/server/resource/mac/error.rb +0 -24
  40. data/lib/rack/oauth2/server/resource/mac.rb +0 -36
  41. data/spec/mock_response/tokens/mac.json +0 -8
  42. data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +0 -28
  43. data/spec/rack/oauth2/access_token/mac/signature_spec.rb +0 -59
  44. data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +0 -25
  45. data/spec/rack/oauth2/access_token/mac_spec.rb +0 -141
  46. data/spec/rack/oauth2/debugger/request_filter_spec.rb +0 -33
  47. data/spec/rack/oauth2/server/resource/mac/error_spec.rb +0 -52
  48. data/spec/rack/oauth2/server/resource/mac_spec.rb +0 -119
@@ -7,9 +7,9 @@ describe Rack::OAuth2::Server::Resource::BadRequest do
7
7
 
8
8
  describe '#finish' do
9
9
  it 'should respond in JSON' do
10
- status, header, response = error.finish
10
+ status, headers, response = error.finish
11
11
  status.should == 400
12
- header['Content-Type'].should == 'application/json'
12
+ headers['Content-Type'].should == 'application/json'
13
13
  response.should == ['{"error":"invalid_request"}']
14
14
  end
15
15
  end
@@ -40,10 +40,10 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
40
40
 
41
41
  describe '#finish' do
42
42
  it 'should respond in JSON' do
43
- status, header, response = error_with_scheme.finish
43
+ status, headers, response = error_with_scheme.finish
44
44
  status.should == 401
45
- header['Content-Type'].should == 'application/json'
46
- header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
45
+ headers['Content-Type'].should == 'application/json'
46
+ headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
47
47
  response.should == ['{"error":"invalid_token"}']
48
48
  end
49
49
 
@@ -51,8 +51,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
51
51
  let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new(:something) }
52
52
 
53
53
  it 'should have error_code in body but not in WWW-Authenticate header' do
54
- status, header, response = error_with_scheme.finish
55
- header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
54
+ status, headers, response = error_with_scheme.finish
55
+ headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
56
56
  response.first.should include '"error":"something"'
57
57
  end
58
58
  end
@@ -61,8 +61,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
61
61
  let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new }
62
62
 
63
63
  it 'should have error_code in body but not in WWW-Authenticate header' do
64
- status, header, response = error_with_scheme.finish
65
- header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
64
+ status, headers, response = error_with_scheme.finish
65
+ headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
66
66
  response.first.should == '{"error":"unauthorized"}'
67
67
  end
68
68
  end
@@ -72,8 +72,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
72
72
  let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something, nil, realm: realm) }
73
73
 
74
74
  it 'should use given realm' do
75
- status, header, response = error_with_scheme.finish
76
- header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
75
+ status, headers, response = error_with_scheme.finish
76
+ headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
77
77
  response.first.should include '"error":"something"'
78
78
  end
79
79
  end
@@ -88,9 +88,9 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
88
88
 
89
89
  describe '#finish' do
90
90
  it 'should respond in JSON' do
91
- status, header, response = error.finish
91
+ status, headers, response = error.finish
92
92
  status.should == 403
93
- header['Content-Type'].should == 'application/json'
93
+ headers['Content-Type'].should == 'application/json'
94
94
  response.should == ['{"error":"insufficient_scope"}']
95
95
  end
96
96
  end
@@ -99,7 +99,7 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
99
99
  let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', scope: [:scope1, :scope2]) }
100
100
 
101
101
  it 'should have blank WWW-Authenticate header' do
102
- status, header, response = error.finish
102
+ status, headers, response = error.finish
103
103
  response.first.should include '"scope":"scope1 scope2"'
104
104
  end
105
105
  end
@@ -24,8 +24,8 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
24
24
  its(:body) { should include '"token_type":"bearer"' }
25
25
 
26
26
  it 'should prevent to be cached' do
27
- response.header['Cache-Control'].should == 'no-store'
28
- response.header['Pragma'].should == 'no-cache'
27
+ response.headers['Cache-Control'].should == 'no-store'
28
+ response.headers['Pragma'].should == 'no-cache'
29
29
  end
30
30
 
31
31
  [:code].each do |required|
@@ -7,9 +7,9 @@ describe Rack::OAuth2::Server::Token::BadRequest do
7
7
 
8
8
  describe '#finish' do
9
9
  it 'should respond in JSON' do
10
- status, header, response = error.finish
10
+ status, headers, response = error.finish
11
11
  status.should == 400
12
- header['Content-Type'].should == 'application/json'
12
+ headers['Content-Type'].should == 'application/json'
13
13
  response.should == ['{"error":"invalid_request"}']
14
14
  end
15
15
  end
@@ -22,10 +22,10 @@ describe Rack::OAuth2::Server::Token::Unauthorized do
22
22
 
23
23
  describe '#finish' do
24
24
  it 'should respond in JSON' do
25
- status, header, response = error.finish
25
+ status, headers, response = error.finish
26
26
  status.should == 401
27
- header['Content-Type'].should == 'application/json'
28
- header['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
27
+ headers['Content-Type'].should == 'application/json'
28
+ headers['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
29
29
  response.should == ['{"error":"invalid_request"}']
30
30
  end
31
31
  end
@@ -28,7 +28,7 @@ describe Rack::OAuth2::Server::Token do
28
28
  )
29
29
  end
30
30
  it 'should fail with unsupported_grant_type' do
31
- status, header, response = app.call(env)
31
+ status, headers, response = app.call(env)
32
32
  status.should == 400
33
33
  response.first.should include '"error":"invalid_request"'
34
34
  end
@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Token do
43
43
  )
44
44
  end
45
45
  it 'should ignore duplicates' do
46
- status, header, response = app.call(env)
46
+ status, headers, response = app.call(env)
47
47
  status.should == 200
48
48
  end
49
49
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.21.2
4
+ version: 2.0.0.rc1
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-12 00:00:00.000000000 Z
11
+ date: 2022-10-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -25,7 +25,21 @@ dependencies:
25
25
  - !ruby/object:Gem::Version
26
26
  version: 2.1.0
27
27
  - !ruby/object:Gem::Dependency
28
- name: httpclient
28
+ name: faraday
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '2.0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '2.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: faraday-follow_redirects
29
43
  requirement: !ruby/object:Gem::Requirement
30
44
  requirements:
31
45
  - - ">="
@@ -164,8 +178,7 @@ dependencies:
164
178
  - - ">="
165
179
  - !ruby/object:Gem::Version
166
180
  version: '0'
167
- description: OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are
168
- supported.
181
+ description: OAuth 2.0 Server & Client Library. Both Bearer token type are supported.
169
182
  email: nov@matake.jp
170
183
  executables: []
171
184
  extensions: []
@@ -175,9 +188,9 @@ extra_rdoc_files:
175
188
  files:
176
189
  - ".document"
177
190
  - ".github/FUNDING.yml"
191
+ - ".github/workflows/spec.yml"
178
192
  - ".gitignore"
179
193
  - ".rspec"
180
- - ".travis.yml"
181
194
  - Gemfile
182
195
  - LICENSE
183
196
  - README.rdoc
@@ -188,10 +201,6 @@ files:
188
201
  - lib/rack/oauth2/access_token/authenticator.rb
189
202
  - lib/rack/oauth2/access_token/bearer.rb
190
203
  - lib/rack/oauth2/access_token/legacy.rb
191
- - lib/rack/oauth2/access_token/mac.rb
192
- - lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb
193
- - lib/rack/oauth2/access_token/mac/signature.rb
194
- - lib/rack/oauth2/access_token/mac/verifier.rb
195
204
  - lib/rack/oauth2/access_token/mtls.rb
196
205
  - lib/rack/oauth2/client.rb
197
206
  - lib/rack/oauth2/client/error.rb
@@ -203,8 +212,6 @@ files:
203
212
  - lib/rack/oauth2/client/grant/refresh_token.rb
204
213
  - lib/rack/oauth2/client/grant/saml2_bearer.rb
205
214
  - lib/rack/oauth2/client/grant/token_exchange.rb
206
- - lib/rack/oauth2/debugger.rb
207
- - lib/rack/oauth2/debugger/request_filter.rb
208
215
  - lib/rack/oauth2/server.rb
209
216
  - lib/rack/oauth2/server/abstract.rb
210
217
  - lib/rack/oauth2/server/abstract/error.rb
@@ -227,8 +234,6 @@ files:
227
234
  - lib/rack/oauth2/server/resource/bearer.rb
228
235
  - lib/rack/oauth2/server/resource/bearer/error.rb
229
236
  - lib/rack/oauth2/server/resource/error.rb
230
- - lib/rack/oauth2/server/resource/mac.rb
231
- - lib/rack/oauth2/server/resource/mac/error.rb
232
237
  - lib/rack/oauth2/server/token.rb
233
238
  - lib/rack/oauth2/server/token/authorization_code.rb
234
239
  - lib/rack/oauth2/server/token/client_credentials.rb
@@ -252,15 +257,10 @@ files:
252
257
  - spec/mock_response/tokens/legacy.json
253
258
  - spec/mock_response/tokens/legacy.txt
254
259
  - spec/mock_response/tokens/legacy_without_expires_in.txt
255
- - spec/mock_response/tokens/mac.json
256
260
  - spec/mock_response/tokens/unknown.json
257
261
  - spec/rack/oauth2/access_token/authenticator_spec.rb
258
262
  - spec/rack/oauth2/access_token/bearer_spec.rb
259
263
  - spec/rack/oauth2/access_token/legacy_spec.rb
260
- - spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
261
- - spec/rack/oauth2/access_token/mac/signature_spec.rb
262
- - spec/rack/oauth2/access_token/mac/verifier_spec.rb
263
- - spec/rack/oauth2/access_token/mac_spec.rb
264
264
  - spec/rack/oauth2/access_token_spec.rb
265
265
  - spec/rack/oauth2/client/error_spec.rb
266
266
  - spec/rack/oauth2/client/grant/authorization_code_spec.rb
@@ -270,7 +270,6 @@ files:
270
270
  - spec/rack/oauth2/client/grant/refresh_token_spec.rb
271
271
  - spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
272
272
  - spec/rack/oauth2/client_spec.rb
273
- - spec/rack/oauth2/debugger/request_filter_spec.rb
274
273
  - spec/rack/oauth2/oauth2_spec.rb
275
274
  - spec/rack/oauth2/server/abstract/error_spec.rb
276
275
  - spec/rack/oauth2/server/authorize/code_spec.rb
@@ -283,8 +282,6 @@ files:
283
282
  - spec/rack/oauth2/server/resource/bearer/error_spec.rb
284
283
  - spec/rack/oauth2/server/resource/bearer_spec.rb
285
284
  - spec/rack/oauth2/server/resource/error_spec.rb
286
- - spec/rack/oauth2/server/resource/mac/error_spec.rb
287
- - spec/rack/oauth2/server/resource/mac_spec.rb
288
285
  - spec/rack/oauth2/server/resource_spec.rb
289
286
  - spec/rack/oauth2/server/token/authorization_code_spec.rb
290
287
  - spec/rack/oauth2/server/token/client_credentials_spec.rb
@@ -300,7 +297,7 @@ homepage: https://github.com/nov/rack-oauth2
300
297
  licenses:
301
298
  - MIT
302
299
  metadata: {}
303
- post_install_message:
300
+ post_install_message:
304
301
  rdoc_options:
305
302
  - "--charset=UTF-8"
306
303
  require_paths:
@@ -312,14 +309,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
312
309
  version: '0'
313
310
  required_rubygems_version: !ruby/object:Gem::Requirement
314
311
  requirements:
315
- - - ">="
312
+ - - ">"
316
313
  - !ruby/object:Gem::Version
317
- version: '0'
314
+ version: 1.3.1
318
315
  requirements: []
319
- rubygems_version: 3.1.6
320
- signing_key:
316
+ rubygems_version: 3.3.7
317
+ signing_key:
321
318
  specification_version: 4
322
- summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported
319
+ summary: OAuth 2.0 Server & Client Library - Both Bearer token type are supported
323
320
  test_files:
324
321
  - spec/helpers/time.rb
325
322
  - spec/helpers/webmock_helper.rb
@@ -331,15 +328,10 @@ test_files:
331
328
  - spec/mock_response/tokens/legacy.json
332
329
  - spec/mock_response/tokens/legacy.txt
333
330
  - spec/mock_response/tokens/legacy_without_expires_in.txt
334
- - spec/mock_response/tokens/mac.json
335
331
  - spec/mock_response/tokens/unknown.json
336
332
  - spec/rack/oauth2/access_token/authenticator_spec.rb
337
333
  - spec/rack/oauth2/access_token/bearer_spec.rb
338
334
  - spec/rack/oauth2/access_token/legacy_spec.rb
339
- - spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
340
- - spec/rack/oauth2/access_token/mac/signature_spec.rb
341
- - spec/rack/oauth2/access_token/mac/verifier_spec.rb
342
- - spec/rack/oauth2/access_token/mac_spec.rb
343
335
  - spec/rack/oauth2/access_token_spec.rb
344
336
  - spec/rack/oauth2/client/error_spec.rb
345
337
  - spec/rack/oauth2/client/grant/authorization_code_spec.rb
@@ -349,7 +341,6 @@ test_files:
349
341
  - spec/rack/oauth2/client/grant/refresh_token_spec.rb
350
342
  - spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
351
343
  - spec/rack/oauth2/client_spec.rb
352
- - spec/rack/oauth2/debugger/request_filter_spec.rb
353
344
  - spec/rack/oauth2/oauth2_spec.rb
354
345
  - spec/rack/oauth2/server/abstract/error_spec.rb
355
346
  - spec/rack/oauth2/server/authorize/code_spec.rb
@@ -362,8 +353,6 @@ test_files:
362
353
  - spec/rack/oauth2/server/resource/bearer/error_spec.rb
363
354
  - spec/rack/oauth2/server/resource/bearer_spec.rb
364
355
  - spec/rack/oauth2/server/resource/error_spec.rb
365
- - spec/rack/oauth2/server/resource/mac/error_spec.rb
366
- - spec/rack/oauth2/server/resource/mac_spec.rb
367
356
  - spec/rack/oauth2/server/resource_spec.rb
368
357
  - spec/rack/oauth2/server/token/authorization_code_spec.rb
369
358
  - spec/rack/oauth2/server/token/client_credentials_spec.rb
data/.travis.yml DELETED
@@ -1,8 +0,0 @@
1
- before_install:
2
- - gem install bundler
3
-
4
- rvm:
5
- - 2.5.8
6
- - 2.6.6
7
- - 2.7.2
8
- - 3.0.2
@@ -1,17 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- class AccessToken
4
- class MAC
5
- class Sha256HexVerifier < Verifier
6
- attr_optional :raw_body
7
-
8
- def calculate
9
- return nil unless raw_body.present?
10
-
11
- OpenSSL::Digest::SHA256.new.digest(raw_body).unpack('H*').first
12
- end
13
- end
14
- end
15
- end
16
- end
17
- end
@@ -1,34 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- class AccessToken
4
- class MAC
5
- class Signature < Verifier
6
- attr_required :secret, :ts, :nonce, :method, :request_uri, :host, :port
7
- attr_optional :ext, :query
8
-
9
- def calculate
10
- Rack::OAuth2::Util.base64_encode OpenSSL::HMAC.digest(
11
- hash_generator,
12
- secret,
13
- normalized_request_string
14
- )
15
- end
16
-
17
- def normalized_request_string
18
- [
19
- ts.to_i,
20
- nonce,
21
- method.to_s.upcase,
22
- request_uri,
23
- host,
24
- port,
25
- ext || '',
26
- nil
27
- ].join("\n")
28
- end
29
-
30
- end
31
- end
32
- end
33
- end
34
- end
@@ -1,44 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- class AccessToken
4
- class MAC
5
- class Verifier
6
- include AttrRequired, AttrOptional
7
- attr_required :algorithm
8
-
9
- class VerificationFailed < StandardError; end
10
-
11
- def initialize(attributes = {})
12
- (required_attributes + optional_attributes).each do |key|
13
- self.send :"#{key}=", attributes[key]
14
- end
15
- attr_missing!
16
- rescue AttrRequired::AttrMissing => e
17
- raise VerificationFailed.new("#{self.class.name.demodulize} Invalid: #{e.message}")
18
- end
19
-
20
- def verify!(expected)
21
- if expected == self.calculate
22
- :verified
23
- else
24
- raise VerificationFailed.new("#{self.class.name.demodulize} Invalid")
25
- end
26
- end
27
-
28
- private
29
-
30
- def hash_generator
31
- case algorithm.to_s
32
- when 'hmac-sha-1'
33
- OpenSSL::Digest::SHA1.new
34
- when 'hmac-sha-256'
35
- OpenSSL::Digest::SHA256.new
36
- else
37
- raise 'Unsupported Algorithm'
38
- end
39
- end
40
- end
41
- end
42
- end
43
- end
44
- end
@@ -1,103 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- class AccessToken
4
- class MAC < AccessToken
5
- attr_required :mac_key, :mac_algorithm
6
- attr_optional :ts, :ext_verifier, :ts_expires_in
7
- attr_reader :nonce, :signature, :ext
8
-
9
- def initialize(attributes = {})
10
- super(attributes)
11
- @issued_at = Time.now.utc
12
- @ts_expires_in ||= 5.minutes
13
- end
14
-
15
- def token_response
16
- super.merge(
17
- mac_key: mac_key,
18
- mac_algorithm: mac_algorithm
19
- )
20
- end
21
-
22
- def verify!(request)
23
- if self.ext_verifier.present?
24
- body = request.body.read
25
- request.body.rewind # for future use
26
-
27
- self.ext_verifier.new(
28
- raw_body: body,
29
- algorithm: self.mac_algorithm
30
- ).verify!(request.ext)
31
- end
32
-
33
- now = Time.now.utc.to_i
34
- now = @ts.to_i if @ts.present?
35
-
36
- raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i
37
-
38
- Signature.new(
39
- secret: self.mac_key,
40
- algorithm: self.mac_algorithm,
41
- nonce: request.nonce,
42
- method: request.request_method,
43
- request_uri: request.fullpath,
44
- host: request.host,
45
- port: request.port,
46
- ts: request.ts,
47
- ext: request.ext
48
- ).verify!(request.signature)
49
- rescue Verifier::VerificationFailed => e
50
- request.invalid_token! e.message
51
- end
52
-
53
- def authenticate(request)
54
- @nonce = generate_nonce
55
- @ts_generated = @ts || Time.now.utc
56
-
57
- if self.ext_verifier.present?
58
- @ext = self.ext_verifier.new(
59
- raw_body: request.body,
60
- algorithm: self.mac_algorithm
61
- ).calculate
62
- end
63
-
64
- @signature = Signature.new(
65
- secret: self.mac_key,
66
- algorithm: self.mac_algorithm,
67
- nonce: self.nonce,
68
- method: request.header.request_method,
69
- request_uri: request.header.create_query_uri,
70
- host: request.header.request_uri.host,
71
- port: request.header.request_uri.port,
72
- ts: @ts_generated,
73
- ext: @ext
74
- ).calculate
75
-
76
- request.header['Authorization'] = authorization_header
77
- end
78
-
79
- private
80
-
81
- def authorization_header
82
- header = "MAC id=\"#{access_token}\""
83
- header << ", nonce=\"#{nonce}\""
84
- header << ", ts=\"#{@ts_generated.to_i}\""
85
- header << ", mac=\"#{signature}\""
86
- header << ", ext=\"#{ext}\"" if @ext.present?
87
- header
88
- end
89
-
90
- def generate_nonce
91
- [
92
- (Time.now.utc - @issued_at).to_i,
93
- SecureRandom.hex
94
- ].join(':')
95
- end
96
- end
97
- end
98
- end
99
- end
100
-
101
- require 'rack/oauth2/access_token/mac/verifier'
102
- require 'rack/oauth2/access_token/mac/sha256_hex_verifier'
103
- require 'rack/oauth2/access_token/mac/signature'
@@ -1,30 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- module Debugger
4
- class RequestFilter
5
- # Callback called in HTTPClient (before sending a request)
6
- # request:: HTTP::Message
7
- def filter_request(request)
8
- started = "======= [Rack::OAuth2] HTTP REQUEST STARTED ======="
9
- log started, request.dump
10
- end
11
-
12
- # Callback called in HTTPClient (after received a response)
13
- # request:: HTTP::Message
14
- # response:: HTTP::Message
15
- def filter_response(request, response)
16
- finished = "======= [Rack::OAuth2] HTTP REQUEST FINISHED ======="
17
- log '-' * 50, response.dump, finished
18
- end
19
-
20
- private
21
-
22
- def log(*outputs)
23
- outputs.each do |output|
24
- OAuth2.logger.info output
25
- end
26
- end
27
- end
28
- end
29
- end
30
- end
@@ -1,3 +0,0 @@
1
- Dir[File.dirname(__FILE__) + '/debugger/*.rb'].each do |file|
2
- require file
3
- end
@@ -1,24 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- module Server
4
- class Resource
5
- class MAC
6
- class Unauthorized < Resource::Unauthorized
7
- def scheme
8
- :MAC
9
- end
10
- end
11
-
12
- module ErrorMethods
13
- include Resource::ErrorMethods
14
- def unauthorized!(error = nil, description = nil, options = {})
15
- raise Unauthorized.new(error, description, options)
16
- end
17
- end
18
-
19
- Request.send :include, ErrorMethods
20
- end
21
- end
22
- end
23
- end
24
- end
@@ -1,36 +0,0 @@
1
- module Rack
2
- module OAuth2
3
- module Server
4
- class Resource
5
- class MAC < Resource
6
- def _call(env)
7
- self.request = Request.new(env)
8
- super
9
- end
10
-
11
- private
12
-
13
- class Request < Resource::Request
14
- attr_reader :nonce, :ts, :ext, :signature
15
-
16
- def setup!
17
- auth_params = Rack::Auth::Digest::Params.parse(@auth_header.params).with_indifferent_access
18
- @access_token = auth_params[:id]
19
- @nonce = auth_params[:nonce]
20
- @ts = auth_params[:ts]
21
- @ext = auth_params[:ext]
22
- @signature = auth_params[:mac]
23
- self
24
- end
25
-
26
- def oauth2?
27
- @auth_header.provided? && @auth_header.scheme.to_s == 'mac'
28
- end
29
- end
30
- end
31
- end
32
- end
33
- end
34
- end
35
-
36
- require 'rack/oauth2/server/resource/mac/error'
@@ -1,8 +0,0 @@
1
- {
2
- "token_type":"mac",
3
- "mac_algorithm":"hmac-sha-256",
4
- "expires_in":3600,
5
- "mac_key":"secret",
6
- "refresh_token":"refresh_token",
7
- "access_token":"access_token"
8
- }
@@ -1,28 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier do
4
-
5
- # From the example of webtopay wallet API spec
6
- # ref) https://www.webtopay.com/wallet/#authentication
7
- context 'when example from webtopay wallet API' do
8
- subject do
9
- Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier.new(
10
- algorithm: 'hmac-sha-256',
11
- raw_body: 'grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=http%3A%2F%2Flocalhost%2Fabc'
12
- )
13
- end
14
- its(:calculate) { should == '21fb73c40b589622d0c78e9cd8900f89d9472aa724d0e5c3eca9ac1cd9d2a6d5' }
15
- end
16
-
17
-
18
- context 'when raw_body is empty' do
19
- subject do
20
- Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier.new(
21
- algorithm: 'hmac-sha-256',
22
- raw_body: ''
23
- )
24
- end
25
- its(:calculate) { should be_nil }
26
- end
27
-
28
- end