rack-oauth2 1.21.2 → 2.0.0.rc1

data/spec/rack/oauth2/server/resource/error_spec.rb

@@ -7,9 +7,9 @@ describe Rack::OAuth2::Server::Resource::BadRequest do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 400
-      header['Content-Type'].should == 'application/json'
+      headers['Content-Type'].should == 'application/json'
       response.should == ['{"error":"invalid_request"}']
     end
   end
@@ -40,10 +40,10 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
 
     describe '#finish' do
       it 'should respond in JSON' do
-        status, header, response = error_with_scheme.finish
+        status, headers, response = error_with_scheme.finish
         status.should == 401
-        header['Content-Type'].should == 'application/json'
-        header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
+        headers['Content-Type'].should == 'application/json'
+        headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
         response.should == ['{"error":"invalid_token"}']
       end
 
@@ -51,8 +51,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new(:something) }
 
         it 'should have error_code in body but not in WWW-Authenticate header' do
-          status, header, response = error_with_scheme.finish
-          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          status, headers, response = error_with_scheme.finish
+          headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
           response.first.should include '"error":"something"'
         end
       end
@@ -61,8 +61,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new }
 
         it 'should have error_code in body but not in WWW-Authenticate header' do
-          status, header, response = error_with_scheme.finish
-          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          status, headers, response = error_with_scheme.finish
+          headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
           response.first.should == '{"error":"unauthorized"}'
         end
       end
@@ -72,8 +72,8 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something, nil, realm: realm) }
 
         it 'should use given realm' do
-          status, header, response = error_with_scheme.finish
-          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          status, headers, response = error_with_scheme.finish
+          headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
           response.first.should include '"error":"something"'
         end
       end
@@ -88,9 +88,9 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 403
-      header['Content-Type'].should == 'application/json'
+      headers['Content-Type'].should == 'application/json'
       response.should == ['{"error":"insufficient_scope"}']
     end
   end
@@ -99,7 +99,7 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
     let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', scope: [:scope1, :scope2]) }
 
     it 'should have blank WWW-Authenticate header' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       response.first.should include '"scope":"scope1 scope2"'
     end
   end

data/spec/rack/oauth2/server/token/authorization_code_spec.rb

@@ -24,8 +24,8 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
   its(:body)         { should include '"token_type":"bearer"' }
 
   it 'should prevent to be cached' do
-    response.header['Cache-Control'].should == 'no-store'
-    response.header['Pragma'].should == 'no-cache'
+    response.headers['Cache-Control'].should == 'no-store'
+    response.headers['Pragma'].should == 'no-cache'
   end
 
   [:code].each do |required|

data/spec/rack/oauth2/server/token/error_spec.rb

@@ -7,9 +7,9 @@ describe Rack::OAuth2::Server::Token::BadRequest do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 400
-      header['Content-Type'].should == 'application/json'
+      headers['Content-Type'].should == 'application/json'
       response.should == ['{"error":"invalid_request"}']
     end
   end
@@ -22,10 +22,10 @@ describe Rack::OAuth2::Server::Token::Unauthorized do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 401
-      header['Content-Type'].should == 'application/json'
-      header['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
+      headers['Content-Type'].should == 'application/json'
+      headers['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
       response.should == ['{"error":"invalid_request"}']
     end
   end

data/spec/rack/oauth2/server/token_spec.rb

@@ -28,7 +28,7 @@ describe Rack::OAuth2::Server::Token do
         )
       end
       it 'should fail with unsupported_grant_type' do
-        status, header, response = app.call(env)
+        status, headers, response = app.call(env)
         status.should == 400
         response.first.should include '"error":"invalid_request"'
       end
@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Token do
         )
       end
       it 'should ignore duplicates' do
-        status, header, response = app.call(env)
+        status, headers, response = app.call(env)
         status.should == 200
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.21.2
+  version: 2.0.0.rc1
 platform: ruby
 authors:
 - nov matake
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-12 00:00:00.000000000 Z
+date: 2022-10-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -25,7 +25,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.1.0
 - !ruby/object:Gem::Dependency
-  name: httpclient
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: faraday-follow_redirects
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -164,8 +178,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are
-  supported.
+description: OAuth 2.0 Server & Client Library. Both Bearer token type are supported.
 email: nov@matake.jp
 executables: []
 extensions: []
@@ -175,9 +188,9 @@ extra_rdoc_files:
 files:
 - ".document"
 - ".github/FUNDING.yml"
+- ".github/workflows/spec.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.rdoc
@@ -188,10 +201,6 @@ files:
 - lib/rack/oauth2/access_token/authenticator.rb
 - lib/rack/oauth2/access_token/bearer.rb
 - lib/rack/oauth2/access_token/legacy.rb
-- lib/rack/oauth2/access_token/mac.rb
-- lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb
-- lib/rack/oauth2/access_token/mac/signature.rb
-- lib/rack/oauth2/access_token/mac/verifier.rb
 - lib/rack/oauth2/access_token/mtls.rb
 - lib/rack/oauth2/client.rb
 - lib/rack/oauth2/client/error.rb
@@ -203,8 +212,6 @@ files:
 - lib/rack/oauth2/client/grant/refresh_token.rb
 - lib/rack/oauth2/client/grant/saml2_bearer.rb
 - lib/rack/oauth2/client/grant/token_exchange.rb
-- lib/rack/oauth2/debugger.rb
-- lib/rack/oauth2/debugger/request_filter.rb
 - lib/rack/oauth2/server.rb
 - lib/rack/oauth2/server/abstract.rb
 - lib/rack/oauth2/server/abstract/error.rb
@@ -227,8 +234,6 @@ files:
 - lib/rack/oauth2/server/resource/bearer.rb
 - lib/rack/oauth2/server/resource/bearer/error.rb
 - lib/rack/oauth2/server/resource/error.rb
-- lib/rack/oauth2/server/resource/mac.rb
-- lib/rack/oauth2/server/resource/mac/error.rb
 - lib/rack/oauth2/server/token.rb
 - lib/rack/oauth2/server/token/authorization_code.rb
 - lib/rack/oauth2/server/token/client_credentials.rb
@@ -252,15 +257,10 @@ files:
 - spec/mock_response/tokens/legacy.json
 - spec/mock_response/tokens/legacy.txt
 - spec/mock_response/tokens/legacy_without_expires_in.txt
-- spec/mock_response/tokens/mac.json
 - spec/mock_response/tokens/unknown.json
 - spec/rack/oauth2/access_token/authenticator_spec.rb
 - spec/rack/oauth2/access_token/bearer_spec.rb
 - spec/rack/oauth2/access_token/legacy_spec.rb
-- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
-- spec/rack/oauth2/access_token/mac/signature_spec.rb
-- spec/rack/oauth2/access_token/mac/verifier_spec.rb
-- spec/rack/oauth2/access_token/mac_spec.rb
 - spec/rack/oauth2/access_token_spec.rb
 - spec/rack/oauth2/client/error_spec.rb
 - spec/rack/oauth2/client/grant/authorization_code_spec.rb
@@ -270,7 +270,6 @@ files:
 - spec/rack/oauth2/client/grant/refresh_token_spec.rb
 - spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
 - spec/rack/oauth2/client_spec.rb
-- spec/rack/oauth2/debugger/request_filter_spec.rb
 - spec/rack/oauth2/oauth2_spec.rb
 - spec/rack/oauth2/server/abstract/error_spec.rb
 - spec/rack/oauth2/server/authorize/code_spec.rb
@@ -283,8 +282,6 @@ files:
 - spec/rack/oauth2/server/resource/bearer/error_spec.rb
 - spec/rack/oauth2/server/resource/bearer_spec.rb
 - spec/rack/oauth2/server/resource/error_spec.rb
-- spec/rack/oauth2/server/resource/mac/error_spec.rb
-- spec/rack/oauth2/server/resource/mac_spec.rb
 - spec/rack/oauth2/server/resource_spec.rb
 - spec/rack/oauth2/server/token/authorization_code_spec.rb
 - spec/rack/oauth2/server/token/client_credentials_spec.rb
@@ -300,7 +297,7 @@ homepage: https://github.com/nov/rack-oauth2
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--charset=UTF-8"
 require_paths:
@@ -312,14 +309,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.1.6
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
-summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported
+summary: OAuth 2.0 Server & Client Library - Both Bearer token type are supported
 test_files:
 - spec/helpers/time.rb
 - spec/helpers/webmock_helper.rb
@@ -331,15 +328,10 @@ test_files:
 - spec/mock_response/tokens/legacy.json
 - spec/mock_response/tokens/legacy.txt
 - spec/mock_response/tokens/legacy_without_expires_in.txt
-- spec/mock_response/tokens/mac.json
 - spec/mock_response/tokens/unknown.json
 - spec/rack/oauth2/access_token/authenticator_spec.rb
 - spec/rack/oauth2/access_token/bearer_spec.rb
 - spec/rack/oauth2/access_token/legacy_spec.rb
-- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
-- spec/rack/oauth2/access_token/mac/signature_spec.rb
-- spec/rack/oauth2/access_token/mac/verifier_spec.rb
-- spec/rack/oauth2/access_token/mac_spec.rb
 - spec/rack/oauth2/access_token_spec.rb
 - spec/rack/oauth2/client/error_spec.rb
 - spec/rack/oauth2/client/grant/authorization_code_spec.rb
@@ -349,7 +341,6 @@ test_files:
 - spec/rack/oauth2/client/grant/refresh_token_spec.rb
 - spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
 - spec/rack/oauth2/client_spec.rb
-- spec/rack/oauth2/debugger/request_filter_spec.rb
 - spec/rack/oauth2/oauth2_spec.rb
 - spec/rack/oauth2/server/abstract/error_spec.rb
 - spec/rack/oauth2/server/authorize/code_spec.rb
@@ -362,8 +353,6 @@ test_files:
 - spec/rack/oauth2/server/resource/bearer/error_spec.rb
 - spec/rack/oauth2/server/resource/bearer_spec.rb
 - spec/rack/oauth2/server/resource/error_spec.rb
-- spec/rack/oauth2/server/resource/mac/error_spec.rb
-- spec/rack/oauth2/server/resource/mac_spec.rb
 - spec/rack/oauth2/server/resource_spec.rb
 - spec/rack/oauth2/server/token/authorization_code_spec.rb
 - spec/rack/oauth2/server/token/client_credentials_spec.rb

data/.travis.yml

@@ -1,8 +0,0 @@
-before_install:
-  - gem install bundler
-
-rvm:
-  - 2.5.8
-  - 2.6.6
-  - 2.7.2
-  - 3.0.2

data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb

@@ -1,17 +0,0 @@
-module Rack
-  module OAuth2
-    class AccessToken
-      class MAC
-        class Sha256HexVerifier < Verifier
-          attr_optional :raw_body
-
-          def calculate
-            return nil unless raw_body.present?
-            
-            OpenSSL::Digest::SHA256.new.digest(raw_body).unpack('H*').first
-          end
-        end
-      end
-    end
-  end
-end

data/lib/rack/oauth2/access_token/mac/signature.rb

@@ -1,34 +0,0 @@
-module Rack
-  module OAuth2
-    class AccessToken
-      class MAC
-        class Signature < Verifier
-          attr_required :secret, :ts, :nonce, :method, :request_uri, :host, :port
-          attr_optional :ext, :query
-
-          def calculate
-            Rack::OAuth2::Util.base64_encode OpenSSL::HMAC.digest(
-              hash_generator,
-              secret,
-              normalized_request_string
-            )
-          end
-
-          def normalized_request_string
-            [
-              ts.to_i,
-              nonce,
-              method.to_s.upcase,
-              request_uri,
-              host,
-              port,
-              ext || '',
-              nil
-            ].join("\n")
-          end
-
-        end
-      end
-    end
-  end
-end

data/lib/rack/oauth2/access_token/mac/verifier.rb

@@ -1,44 +0,0 @@
-module Rack
-  module OAuth2
-    class AccessToken
-      class MAC
-        class Verifier
-          include AttrRequired, AttrOptional
-          attr_required :algorithm
-
-          class VerificationFailed < StandardError; end
-
-          def initialize(attributes = {})
-            (required_attributes + optional_attributes).each do |key|
-              self.send :"#{key}=", attributes[key]
-            end
-            attr_missing!
-          rescue AttrRequired::AttrMissing => e
-            raise VerificationFailed.new("#{self.class.name.demodulize} Invalid: #{e.message}")
-          end
-
-          def verify!(expected)
-            if expected == self.calculate
-              :verified
-            else
-              raise VerificationFailed.new("#{self.class.name.demodulize} Invalid")
-            end
-          end
-
-          private
-
-          def hash_generator
-            case algorithm.to_s
-            when 'hmac-sha-1'
-              OpenSSL::Digest::SHA1.new
-            when 'hmac-sha-256'
-              OpenSSL::Digest::SHA256.new
-            else
-              raise 'Unsupported Algorithm'
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/rack/oauth2/access_token/mac.rb

@@ -1,103 +0,0 @@
-module Rack
-  module OAuth2
-    class AccessToken
-      class MAC < AccessToken
-        attr_required :mac_key, :mac_algorithm
-        attr_optional :ts, :ext_verifier, :ts_expires_in
-        attr_reader :nonce, :signature, :ext
-
-        def initialize(attributes = {})
-          super(attributes)
-          @issued_at = Time.now.utc
-          @ts_expires_in ||= 5.minutes
-        end
-
-        def token_response
-          super.merge(
-            mac_key: mac_key,
-            mac_algorithm: mac_algorithm
-          )
-        end
-
-        def verify!(request)
-          if self.ext_verifier.present?
-            body = request.body.read
-            request.body.rewind # for future use
-
-            self.ext_verifier.new(
-              raw_body: body,
-              algorithm: self.mac_algorithm
-            ).verify!(request.ext)
-          end
-
-          now = Time.now.utc.to_i
-          now = @ts.to_i if @ts.present?
-
-          raise Rack::OAuth2::AccessToken::MAC::Verifier::VerificationFailed.new("Request ts expired") if now - request.ts.to_i > @ts_expires_in.to_i
-
-          Signature.new(
-            secret:      self.mac_key,
-            algorithm:   self.mac_algorithm,
-            nonce:       request.nonce,
-            method:      request.request_method,
-            request_uri: request.fullpath,
-            host:        request.host,
-            port:        request.port,
-            ts:          request.ts,
-            ext:         request.ext
-          ).verify!(request.signature)
-        rescue Verifier::VerificationFailed => e
-          request.invalid_token! e.message
-        end
-
-        def authenticate(request)
-          @nonce = generate_nonce
-          @ts_generated = @ts || Time.now.utc
-
-          if self.ext_verifier.present?
-            @ext = self.ext_verifier.new(
-              raw_body: request.body,
-              algorithm: self.mac_algorithm
-            ).calculate
-          end
-
-          @signature = Signature.new(
-            secret:      self.mac_key,
-            algorithm:   self.mac_algorithm,
-            nonce:       self.nonce,
-            method:      request.header.request_method,
-            request_uri: request.header.create_query_uri,
-            host:        request.header.request_uri.host,
-            port:        request.header.request_uri.port,
-            ts:          @ts_generated,
-            ext:         @ext
-          ).calculate
-
-          request.header['Authorization'] = authorization_header
-        end
-
-        private
-
-        def authorization_header
-          header = "MAC id=\"#{access_token}\""
-          header << ", nonce=\"#{nonce}\""
-          header << ", ts=\"#{@ts_generated.to_i}\""
-          header << ", mac=\"#{signature}\""
-          header << ", ext=\"#{ext}\"" if @ext.present?
-          header
-        end
-
-        def generate_nonce
-          [
-            (Time.now.utc - @issued_at).to_i,
-            SecureRandom.hex
-          ].join(':')
-        end
-      end
-    end
-  end
-end
-
-require 'rack/oauth2/access_token/mac/verifier'
-require 'rack/oauth2/access_token/mac/sha256_hex_verifier'
-require 'rack/oauth2/access_token/mac/signature'

data/lib/rack/oauth2/debugger/request_filter.rb

@@ -1,30 +0,0 @@
-module Rack
-  module OAuth2
-    module Debugger
-      class RequestFilter
-        # Callback called in HTTPClient (before sending a request)
-        # request:: HTTP::Message
-        def filter_request(request)
-          started = "======= [Rack::OAuth2] HTTP REQUEST STARTED ======="
-          log started, request.dump
-        end
-
-        # Callback called in HTTPClient (after received a response)
-        # request::  HTTP::Message
-        # response:: HTTP::Message
-        def filter_response(request, response)
-          finished = "======= [Rack::OAuth2] HTTP REQUEST FINISHED ======="
-          log '-' * 50, response.dump, finished
-        end
-
-        private
-
-        def log(*outputs)
-          outputs.each do |output|
-            OAuth2.logger.info output
-          end
-        end
-      end
-    end
-  end
-end

data/lib/rack/oauth2/debugger.rb

@@ -1,3 +0,0 @@
-Dir[File.dirname(__FILE__) + '/debugger/*.rb'].each do |file|
-  require file
-end

data/lib/rack/oauth2/server/resource/mac/error.rb

@@ -1,24 +0,0 @@
-module Rack
-  module OAuth2
-    module Server
-      class Resource
-        class MAC
-          class Unauthorized < Resource::Unauthorized
-            def scheme
-              :MAC
-            end
-          end
-
-          module ErrorMethods
-            include Resource::ErrorMethods
-            def unauthorized!(error = nil, description = nil, options = {})
-              raise Unauthorized.new(error, description, options)
-            end
-          end
-
-          Request.send :include, ErrorMethods
-        end
-      end
-    end
-  end
-end

data/lib/rack/oauth2/server/resource/mac.rb

@@ -1,36 +0,0 @@
-module Rack
-  module OAuth2
-    module Server
-      class Resource
-        class MAC < Resource
-          def _call(env)
-            self.request = Request.new(env)
-            super
-          end
-
-          private
-
-          class Request < Resource::Request
-            attr_reader :nonce, :ts, :ext, :signature
-
-            def setup!
-              auth_params = Rack::Auth::Digest::Params.parse(@auth_header.params).with_indifferent_access
-              @access_token = auth_params[:id]
-              @nonce = auth_params[:nonce]
-              @ts = auth_params[:ts]
-              @ext = auth_params[:ext]
-              @signature = auth_params[:mac]
-              self
-            end
-
-            def oauth2?
-              @auth_header.provided? && @auth_header.scheme.to_s == 'mac'
-            end
-          end
-        end
-      end
-    end
-  end
-end
-
-require 'rack/oauth2/server/resource/mac/error'

data/spec/mock_response/tokens/mac.json

@@ -1,8 +0,0 @@
-{
-  "token_type":"mac",
-  "mac_algorithm":"hmac-sha-256",
-  "expires_in":3600,
-  "mac_key":"secret",
-  "refresh_token":"refresh_token",
-  "access_token":"access_token"
-}

data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb

@@ -1,28 +0,0 @@
-require 'spec_helper'
-
-describe Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier do
-
-  # From the example of webtopay wallet API spec
-  # ref) https://www.webtopay.com/wallet/#authentication
-  context 'when example from webtopay wallet API' do
-    subject do
-      Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier.new(
-        algorithm: 'hmac-sha-256',
-        raw_body: 'grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=http%3A%2F%2Flocalhost%2Fabc'
-      )
-    end
-    its(:calculate) { should == '21fb73c40b589622d0c78e9cd8900f89d9472aa724d0e5c3eca9ac1cd9d2a6d5' }
-  end
-
-
-  context 'when raw_body is empty' do
-    subject do
-      Rack::OAuth2::AccessToken::MAC::Sha256HexVerifier.new(
-        algorithm: 'hmac-sha-256',
-        raw_body: ''
-      )
-    end
-    its(:calculate) { should be_nil }
-  end
-
-end