rack-oauth2 1.21.3 → 2.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/spec.yml +2 -0
- data/README.rdoc +1 -20
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/authenticator.rb +1 -10
- data/lib/rack/oauth2/access_token/bearer.rb +1 -1
- data/lib/rack/oauth2/access_token/legacy.rb +1 -1
- data/lib/rack/oauth2/access_token.rb +2 -3
- data/lib/rack/oauth2/client.rb +1 -3
- data/lib/rack/oauth2/server/resource.rb +0 -1
- data/lib/rack/oauth2.rb +8 -14
- data/rack-oauth2.gemspec +4 -3
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +2 -13
- data/spec/rack/oauth2/access_token/bearer_spec.rb +2 -2
- data/spec/rack/oauth2/access_token/legacy_spec.rb +2 -2
- data/spec/rack/oauth2/access_token_spec.rb +0 -17
- data/spec/rack/oauth2/client_spec.rb +0 -16
- data/spec/rack/oauth2/oauth2_spec.rb +0 -43
- metadata +21 -33
- data/.travis.yml +0 -8
- data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +0 -17
- data/lib/rack/oauth2/access_token/mac/signature.rb +0 -34
- data/lib/rack/oauth2/access_token/mac/verifier.rb +0 -44
- data/lib/rack/oauth2/access_token/mac.rb +0 -103
- data/lib/rack/oauth2/debugger/request_filter.rb +0 -30
- data/lib/rack/oauth2/debugger.rb +0 -3
- data/lib/rack/oauth2/server/resource/mac/error.rb +0 -24
- data/lib/rack/oauth2/server/resource/mac.rb +0 -36
- data/spec/mock_response/tokens/mac.json +0 -8
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +0 -28
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +0 -59
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +0 -25
- data/spec/rack/oauth2/access_token/mac_spec.rb +0 -141
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +0 -33
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +0 -52
- data/spec/rack/oauth2/server/resource/mac_spec.rb +0 -119
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1cb4411750fe56e3e1d57b739554197d1ea4420833d01239498c3658e18347bf
|
|
4
|
+
data.tar.gz: e06e73134550dcb58ed74716faa6b8180ecf3da33f1237ebd3533c7e73cac533
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2166159ab59d7885c7e53833c20480eec38035e2d61e4aa23fe62afabacc6a5e4289ce527ad78ffbaac89f317b495957afb4f8be21e9cc38c937e6f0ad42f8e3
|
|
7
|
+
data.tar.gz: 0e381b83f45be184850dc8301be85db57800b317e822cc67f8c08e925df96780b828c330012aa0c22b14ee89c8f884fc9de1ac587a2faab4bd01295b4ea04c06
|
data/.github/workflows/spec.yml
CHANGED
data/README.rdoc
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
= rack-oauth2
|
|
2
2
|
|
|
3
3
|
OAuth 2.0 Server & Client Library.
|
|
4
|
-
Both Bearer
|
|
5
|
-
|
|
6
|
-
{<img src="https://secure.travis-ci.org/nov/rack-oauth2.png" />}[http://travis-ci.org/nov/rack-oauth2]
|
|
4
|
+
Both Bearer token type are supported.
|
|
7
5
|
|
|
8
6
|
The OAuth 2.0 Authorization Framework (RFC 6749)
|
|
9
7
|
http://www.rfc-editor.org/rfc/rfc6749.txt
|
|
@@ -11,9 +9,6 @@ http://www.rfc-editor.org/rfc/rfc6749.txt
|
|
|
11
9
|
The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)
|
|
12
10
|
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-06
|
|
13
11
|
|
|
14
|
-
HTTP Authentication: MAC Access Authentication (draft 01)
|
|
15
|
-
http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
|
|
16
|
-
|
|
17
12
|
== Installation
|
|
18
13
|
|
|
19
14
|
gem install rack-oauth2
|
|
@@ -31,31 +26,17 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
|
|
|
31
26
|
Source on GitHub
|
|
32
27
|
https://github.com/nov/rack-oauth2-sample
|
|
33
28
|
|
|
34
|
-
=== MAC
|
|
35
|
-
|
|
36
|
-
Source on GitHub
|
|
37
|
-
https://github.com/nov/rack-oauth2-sample-mac
|
|
38
|
-
|
|
39
29
|
== Sample Client
|
|
40
30
|
|
|
41
|
-
=== Common between Bearer and MAC
|
|
42
|
-
|
|
43
31
|
Authorization Request (request_type: 'code' and 'token')
|
|
44
32
|
https://gist.github.com/862393
|
|
45
33
|
|
|
46
34
|
Token Request (grant_type: 'client_credentials', 'password', 'authorization_code' and 'refresh_token')
|
|
47
35
|
https://gist.github.com/883541
|
|
48
36
|
|
|
49
|
-
=== Bearer
|
|
50
|
-
|
|
51
37
|
Resource Request (request both for resource owner resource and for client resource)
|
|
52
38
|
https://gist.github.com/883575
|
|
53
39
|
|
|
54
|
-
=== MAC
|
|
55
|
-
|
|
56
|
-
Resource Request (request both for resource owner resource and for client resource)
|
|
57
|
-
https://gist.github.com/933885
|
|
58
|
-
|
|
59
40
|
== Note on Patches/Pull Requests
|
|
60
41
|
|
|
61
42
|
* Fork the project.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
2.0.0.rc1
|
|
@@ -6,18 +6,9 @@ module Rack
|
|
|
6
6
|
@token = token
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
# request:: HTTP::Message
|
|
11
|
-
def filter_request(request)
|
|
9
|
+
def authenticate(request)
|
|
12
10
|
@token.authenticate(request)
|
|
13
11
|
end
|
|
14
|
-
|
|
15
|
-
# Callback called in HTTPClient (after received a response)
|
|
16
|
-
# response:: HTTP::Message
|
|
17
|
-
# request:: HTTP::Message
|
|
18
|
-
def filter_response(response, request)
|
|
19
|
-
# nothing to do
|
|
20
|
-
end
|
|
21
12
|
end
|
|
22
13
|
end
|
|
23
14
|
end
|
|
@@ -19,8 +19,8 @@ module Rack
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def httpclient
|
|
22
|
-
@httpclient ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |
|
|
23
|
-
|
|
22
|
+
@httpclient ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |faraday|
|
|
23
|
+
Authenticator.new(self).authenticate(faraday)
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
|
|
@@ -39,6 +39,5 @@ end
|
|
|
39
39
|
|
|
40
40
|
require 'rack/oauth2/access_token/authenticator'
|
|
41
41
|
require 'rack/oauth2/access_token/bearer'
|
|
42
|
-
require 'rack/oauth2/access_token/mac'
|
|
43
42
|
require 'rack/oauth2/access_token/legacy'
|
|
44
43
|
require 'rack/oauth2/access_token/mtls'
|
data/lib/rack/oauth2/client.rb
CHANGED
|
@@ -76,7 +76,7 @@ module Rack
|
|
|
76
76
|
handle_response do
|
|
77
77
|
http_client.post(
|
|
78
78
|
absolute_uri_for(token_endpoint),
|
|
79
|
-
Util.compact_hash(params),
|
|
79
|
+
Util.compact_hash(params).to_query,
|
|
80
80
|
headers
|
|
81
81
|
)
|
|
82
82
|
end
|
|
@@ -213,8 +213,6 @@ module Rack
|
|
|
213
213
|
case (@forced_token_type || token_hash[:token_type]).try(:downcase)
|
|
214
214
|
when 'bearer'
|
|
215
215
|
AccessToken::Bearer.new(token_hash)
|
|
216
|
-
when 'mac'
|
|
217
|
-
AccessToken::MAC.new(token_hash)
|
|
218
216
|
when nil
|
|
219
217
|
AccessToken::Legacy.new(token_hash)
|
|
220
218
|
else
|
data/lib/rack/oauth2.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'rack'
|
|
2
|
-
require '
|
|
2
|
+
require 'faraday'
|
|
3
|
+
require 'faraday/follow_redirects'
|
|
3
4
|
require 'logger'
|
|
4
5
|
require 'active_support'
|
|
5
6
|
require 'active_support/core_ext'
|
|
@@ -40,18 +41,12 @@ module Rack
|
|
|
40
41
|
self.debugging = false
|
|
41
42
|
|
|
42
43
|
def self.http_client(agent_name = "Rack::OAuth2 (#{VERSION})", &local_http_config)
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
_http_client_.ssl_config.cert_store.set_default_paths
|
|
50
|
-
|
|
51
|
-
http_config.try(:call, _http_client_)
|
|
52
|
-
local_http_config.try(:call, _http_client_) unless local_http_config.nil?
|
|
53
|
-
_http_client_.request_filter << Debugger::RequestFilter.new if debugging?
|
|
54
|
-
_http_client_
|
|
44
|
+
Faraday.new(headers: {user_agent: agent_name}) do |faraday|
|
|
45
|
+
faraday.response :logger, Rack::OAuth2.logger if debugging?
|
|
46
|
+
faraday.adapter Faraday.default_adapter
|
|
47
|
+
local_http_config&.call(faraday)
|
|
48
|
+
http_config&.call(faraday)
|
|
49
|
+
end
|
|
55
50
|
end
|
|
56
51
|
|
|
57
52
|
def self.http_config(&block)
|
|
@@ -70,4 +65,3 @@ require 'rack/oauth2/util'
|
|
|
70
65
|
require 'rack/oauth2/server'
|
|
71
66
|
require 'rack/oauth2/client'
|
|
72
67
|
require 'rack/oauth2/access_token'
|
|
73
|
-
require 'rack/oauth2/debugger'
|
data/rack-oauth2.gemspec
CHANGED
|
@@ -2,8 +2,8 @@ Gem::Specification.new do |s|
|
|
|
2
2
|
s.name = 'rack-oauth2'
|
|
3
3
|
s.version = File.read('VERSION')
|
|
4
4
|
s.authors = ['nov matake']
|
|
5
|
-
s.description = %q{OAuth 2.0 Server & Client Library. Both Bearer
|
|
6
|
-
s.summary = %q{OAuth 2.0 Server & Client Library - Both Bearer
|
|
5
|
+
s.description = %q{OAuth 2.0 Server & Client Library. Both Bearer token type are supported.}
|
|
6
|
+
s.summary = %q{OAuth 2.0 Server & Client Library - Both Bearer token type are supported}
|
|
7
7
|
s.email = 'nov@matake.jp'
|
|
8
8
|
s.extra_rdoc_files = ['LICENSE', 'README.rdoc']
|
|
9
9
|
s.rdoc_options = ['--charset=UTF-8']
|
|
@@ -14,7 +14,8 @@ Gem::Specification.new do |s|
|
|
|
14
14
|
s.files = `git ls-files`.split("\n")
|
|
15
15
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
|
16
16
|
s.add_runtime_dependency 'rack', '>= 2.1.0'
|
|
17
|
-
s.add_runtime_dependency '
|
|
17
|
+
s.add_runtime_dependency 'faraday', '~> 2.0'
|
|
18
|
+
s.add_runtime_dependency 'faraday-follow_redirects'
|
|
18
19
|
s.add_runtime_dependency 'activesupport'
|
|
19
20
|
s.add_runtime_dependency 'attr_required'
|
|
20
21
|
s.add_runtime_dependency 'json-jwt', '>= 1.11.0'
|
|
@@ -2,13 +2,13 @@ require 'spec_helper'
|
|
|
2
2
|
|
|
3
3
|
describe Rack::OAuth2::AccessToken::Authenticator do
|
|
4
4
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
5
|
-
let(:request) {
|
|
5
|
+
let(:request) { Faraday::Request.new(:get, URI.parse(resource_endpoint)) }
|
|
6
6
|
let(:authenticator) { Rack::OAuth2::AccessToken::Authenticator.new(token) }
|
|
7
7
|
|
|
8
8
|
shared_examples_for :authenticator do
|
|
9
9
|
it 'should let the token authenticate the request' do
|
|
10
10
|
expect(token).to receive(:authenticate).with(request)
|
|
11
|
-
authenticator.
|
|
11
|
+
authenticator.authenticate(request)
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
14
|
|
|
@@ -29,15 +29,4 @@ describe Rack::OAuth2::AccessToken::Authenticator do
|
|
|
29
29
|
end
|
|
30
30
|
it_behaves_like :authenticator
|
|
31
31
|
end
|
|
32
|
-
|
|
33
|
-
context 'when MAC token is given' do
|
|
34
|
-
let(:token) do
|
|
35
|
-
Rack::OAuth2::AccessToken::MAC.new(
|
|
36
|
-
access_token: 'access_token',
|
|
37
|
-
mac_key: 'secret',
|
|
38
|
-
mac_algorithm: 'hmac-sha-256'
|
|
39
|
-
)
|
|
40
|
-
end
|
|
41
|
-
it_behaves_like :authenticator
|
|
42
|
-
end
|
|
43
32
|
end
|
|
@@ -7,11 +7,11 @@ describe Rack::OAuth2::AccessToken::Bearer do
|
|
|
7
7
|
)
|
|
8
8
|
end
|
|
9
9
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
10
|
-
let(:request) {
|
|
10
|
+
let(:request) { Faraday::Request.new(:post, URI.parse(resource_endpoint), '', {hello: "world"}, {}) }
|
|
11
11
|
|
|
12
12
|
describe '.authenticate' do
|
|
13
13
|
it 'should set Authorization header' do
|
|
14
|
-
expect(request.
|
|
14
|
+
expect(request.headers).to receive(:[]=).with('Authorization', 'Bearer access_token')
|
|
15
15
|
token.authenticate(request)
|
|
16
16
|
end
|
|
17
17
|
end
|
|
@@ -7,7 +7,7 @@ describe Rack::OAuth2::AccessToken::Legacy do
|
|
|
7
7
|
)
|
|
8
8
|
end
|
|
9
9
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
10
|
-
let(:request) {
|
|
10
|
+
let(:request) { Faraday::Request.new(:post, URI.parse(resource_endpoint), '', {hello: "world"}, {}) }
|
|
11
11
|
|
|
12
12
|
describe '#to_s' do
|
|
13
13
|
subject { token }
|
|
@@ -16,7 +16,7 @@ describe Rack::OAuth2::AccessToken::Legacy do
|
|
|
16
16
|
|
|
17
17
|
describe '.authenticate' do
|
|
18
18
|
it 'should set Authorization header' do
|
|
19
|
-
expect(request.
|
|
19
|
+
expect(request.headers).to receive(:[]=).with('Authorization', 'OAuth access_token')
|
|
20
20
|
token.authenticate(request)
|
|
21
21
|
end
|
|
22
22
|
end
|
|
@@ -49,23 +49,6 @@ describe Rack::OAuth2::AccessToken do
|
|
|
49
49
|
|
|
50
50
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
51
51
|
[:get, :delete, :post, :put].each do |method|
|
|
52
|
-
describe method do
|
|
53
|
-
it 'should delegate to HTTPClient with Authenticator filter' do
|
|
54
|
-
expect(token.httpclient).to receive(method).with(resource_endpoint)
|
|
55
|
-
token.httpclient.request_filter.last.should be_a Rack::OAuth2::AccessToken::Authenticator
|
|
56
|
-
token.send method, resource_endpoint
|
|
57
|
-
end
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
context 'in debug mode' do
|
|
61
|
-
it do
|
|
62
|
-
Rack::OAuth2.debug do
|
|
63
|
-
token.httpclient.request_filter[-2].should be_a Rack::OAuth2::AccessToken::Authenticator
|
|
64
|
-
token.httpclient.request_filter.last.should be_a Rack::OAuth2::Debugger::RequestFilter
|
|
65
|
-
end
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
|
|
69
52
|
context 'when extension params given' do
|
|
70
53
|
subject do
|
|
71
54
|
Rack::OAuth2::AccessToken::Bearer.new(
|
|
@@ -338,22 +338,6 @@ describe Rack::OAuth2::Client do
|
|
|
338
338
|
end
|
|
339
339
|
end
|
|
340
340
|
|
|
341
|
-
context 'when mac token is given' do
|
|
342
|
-
before do
|
|
343
|
-
client.authorization_code = 'code'
|
|
344
|
-
mock_response(
|
|
345
|
-
:post,
|
|
346
|
-
'https://server.example.com/oauth2/token',
|
|
347
|
-
'tokens/mac.json'
|
|
348
|
-
)
|
|
349
|
-
end
|
|
350
|
-
it { should be_instance_of Rack::OAuth2::AccessToken::MAC }
|
|
351
|
-
its(:token_type) { should == :mac }
|
|
352
|
-
its(:access_token) { should == 'access_token' }
|
|
353
|
-
its(:refresh_token) { should == 'refresh_token' }
|
|
354
|
-
its(:expires_in) { should == 3600 }
|
|
355
|
-
end
|
|
356
|
-
|
|
357
341
|
context 'when no-type token is given (JSON)' do
|
|
358
342
|
before do
|
|
359
343
|
client.authorization_code = 'code'
|
|
@@ -28,47 +28,4 @@ describe Rack::OAuth2 do
|
|
|
28
28
|
Rack::OAuth2.debugging?.should == true
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
|
-
|
|
32
|
-
describe '.http_config' do
|
|
33
|
-
context 'when request_filter added' do
|
|
34
|
-
context 'when "debug!" is called' do
|
|
35
|
-
after { Rack::OAuth2.reset_http_config! }
|
|
36
|
-
|
|
37
|
-
it 'should put Debugger::RequestFilter at last' do
|
|
38
|
-
Rack::OAuth2.debug!
|
|
39
|
-
Rack::OAuth2.http_config do |config|
|
|
40
|
-
config.request_filter << Proc.new {}
|
|
41
|
-
end
|
|
42
|
-
Rack::OAuth2.http_client.request_filter.last.should be_instance_of Rack::OAuth2::Debugger::RequestFilter
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
it 'should reset_http_config' do
|
|
46
|
-
Rack::OAuth2.debug!
|
|
47
|
-
Rack::OAuth2.http_config do |config|
|
|
48
|
-
config.request_filter << Proc.new {}
|
|
49
|
-
end
|
|
50
|
-
size = Rack::OAuth2.http_client.request_filter.size
|
|
51
|
-
Rack::OAuth2.reset_http_config!
|
|
52
|
-
Rack::OAuth2.http_client.request_filter.size.should == size - 1
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
end
|
|
56
|
-
end
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
describe ".http_client" do
|
|
60
|
-
context "when local_http_config is used" do
|
|
61
|
-
it "should correctly set request_filter" do
|
|
62
|
-
clnt1 = Rack::OAuth2.http_client
|
|
63
|
-
clnt2 = Rack::OAuth2.http_client("my client") do |config|
|
|
64
|
-
config.request_filter << Proc.new {}
|
|
65
|
-
end
|
|
66
|
-
clnt3 = Rack::OAuth2.http_client
|
|
67
|
-
|
|
68
|
-
clnt1.request_filter.size.should == clnt3.request_filter.size
|
|
69
|
-
clnt1.request_filter.size.should == clnt2.request_filter.size - 1
|
|
70
|
-
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
end
|
|
74
31
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0.rc1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -25,7 +25,21 @@ dependencies:
|
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 2.1.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name:
|
|
28
|
+
name: faraday
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '2.0'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '2.0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: faraday-follow_redirects
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
|
30
44
|
requirements:
|
|
31
45
|
- - ">="
|
|
@@ -164,8 +178,7 @@ dependencies:
|
|
|
164
178
|
- - ">="
|
|
165
179
|
- !ruby/object:Gem::Version
|
|
166
180
|
version: '0'
|
|
167
|
-
description: OAuth 2.0 Server & Client Library. Both Bearer
|
|
168
|
-
supported.
|
|
181
|
+
description: OAuth 2.0 Server & Client Library. Both Bearer token type are supported.
|
|
169
182
|
email: nov@matake.jp
|
|
170
183
|
executables: []
|
|
171
184
|
extensions: []
|
|
@@ -178,7 +191,6 @@ files:
|
|
|
178
191
|
- ".github/workflows/spec.yml"
|
|
179
192
|
- ".gitignore"
|
|
180
193
|
- ".rspec"
|
|
181
|
-
- ".travis.yml"
|
|
182
194
|
- Gemfile
|
|
183
195
|
- LICENSE
|
|
184
196
|
- README.rdoc
|
|
@@ -189,10 +201,6 @@ files:
|
|
|
189
201
|
- lib/rack/oauth2/access_token/authenticator.rb
|
|
190
202
|
- lib/rack/oauth2/access_token/bearer.rb
|
|
191
203
|
- lib/rack/oauth2/access_token/legacy.rb
|
|
192
|
-
- lib/rack/oauth2/access_token/mac.rb
|
|
193
|
-
- lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb
|
|
194
|
-
- lib/rack/oauth2/access_token/mac/signature.rb
|
|
195
|
-
- lib/rack/oauth2/access_token/mac/verifier.rb
|
|
196
204
|
- lib/rack/oauth2/access_token/mtls.rb
|
|
197
205
|
- lib/rack/oauth2/client.rb
|
|
198
206
|
- lib/rack/oauth2/client/error.rb
|
|
@@ -204,8 +212,6 @@ files:
|
|
|
204
212
|
- lib/rack/oauth2/client/grant/refresh_token.rb
|
|
205
213
|
- lib/rack/oauth2/client/grant/saml2_bearer.rb
|
|
206
214
|
- lib/rack/oauth2/client/grant/token_exchange.rb
|
|
207
|
-
- lib/rack/oauth2/debugger.rb
|
|
208
|
-
- lib/rack/oauth2/debugger/request_filter.rb
|
|
209
215
|
- lib/rack/oauth2/server.rb
|
|
210
216
|
- lib/rack/oauth2/server/abstract.rb
|
|
211
217
|
- lib/rack/oauth2/server/abstract/error.rb
|
|
@@ -228,8 +234,6 @@ files:
|
|
|
228
234
|
- lib/rack/oauth2/server/resource/bearer.rb
|
|
229
235
|
- lib/rack/oauth2/server/resource/bearer/error.rb
|
|
230
236
|
- lib/rack/oauth2/server/resource/error.rb
|
|
231
|
-
- lib/rack/oauth2/server/resource/mac.rb
|
|
232
|
-
- lib/rack/oauth2/server/resource/mac/error.rb
|
|
233
237
|
- lib/rack/oauth2/server/token.rb
|
|
234
238
|
- lib/rack/oauth2/server/token/authorization_code.rb
|
|
235
239
|
- lib/rack/oauth2/server/token/client_credentials.rb
|
|
@@ -253,15 +257,10 @@ files:
|
|
|
253
257
|
- spec/mock_response/tokens/legacy.json
|
|
254
258
|
- spec/mock_response/tokens/legacy.txt
|
|
255
259
|
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
|
256
|
-
- spec/mock_response/tokens/mac.json
|
|
257
260
|
- spec/mock_response/tokens/unknown.json
|
|
258
261
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
|
259
262
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
|
260
263
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
|
261
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
|
262
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
|
263
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
|
264
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
|
265
264
|
- spec/rack/oauth2/access_token_spec.rb
|
|
266
265
|
- spec/rack/oauth2/client/error_spec.rb
|
|
267
266
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
|
@@ -271,7 +270,6 @@ files:
|
|
|
271
270
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
|
272
271
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
|
273
272
|
- spec/rack/oauth2/client_spec.rb
|
|
274
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
|
275
273
|
- spec/rack/oauth2/oauth2_spec.rb
|
|
276
274
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
|
277
275
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
|
@@ -284,8 +282,6 @@ files:
|
|
|
284
282
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
|
285
283
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
|
286
284
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
|
287
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
|
288
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
|
289
285
|
- spec/rack/oauth2/server/resource_spec.rb
|
|
290
286
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
|
291
287
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
|
@@ -313,14 +309,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
313
309
|
version: '0'
|
|
314
310
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
315
311
|
requirements:
|
|
316
|
-
- - "
|
|
312
|
+
- - ">"
|
|
317
313
|
- !ruby/object:Gem::Version
|
|
318
|
-
version:
|
|
314
|
+
version: 1.3.1
|
|
319
315
|
requirements: []
|
|
320
316
|
rubygems_version: 3.3.7
|
|
321
317
|
signing_key:
|
|
322
318
|
specification_version: 4
|
|
323
|
-
summary: OAuth 2.0 Server & Client Library - Both Bearer
|
|
319
|
+
summary: OAuth 2.0 Server & Client Library - Both Bearer token type are supported
|
|
324
320
|
test_files:
|
|
325
321
|
- spec/helpers/time.rb
|
|
326
322
|
- spec/helpers/webmock_helper.rb
|
|
@@ -332,15 +328,10 @@ test_files:
|
|
|
332
328
|
- spec/mock_response/tokens/legacy.json
|
|
333
329
|
- spec/mock_response/tokens/legacy.txt
|
|
334
330
|
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
|
335
|
-
- spec/mock_response/tokens/mac.json
|
|
336
331
|
- spec/mock_response/tokens/unknown.json
|
|
337
332
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
|
338
333
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
|
339
334
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
|
340
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
|
341
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
|
342
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
|
343
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
|
344
335
|
- spec/rack/oauth2/access_token_spec.rb
|
|
345
336
|
- spec/rack/oauth2/client/error_spec.rb
|
|
346
337
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
|
@@ -350,7 +341,6 @@ test_files:
|
|
|
350
341
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
|
351
342
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
|
352
343
|
- spec/rack/oauth2/client_spec.rb
|
|
353
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
|
354
344
|
- spec/rack/oauth2/oauth2_spec.rb
|
|
355
345
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
|
356
346
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
|
@@ -363,8 +353,6 @@ test_files:
|
|
|
363
353
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
|
364
354
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
|
365
355
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
|
366
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
|
367
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
|
368
356
|
- spec/rack/oauth2/server/resource_spec.rb
|
|
369
357
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
|
370
358
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
data/.travis.yml
DELETED
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
module Rack
|
|
2
|
-
module OAuth2
|
|
3
|
-
class AccessToken
|
|
4
|
-
class MAC
|
|
5
|
-
class Sha256HexVerifier < Verifier
|
|
6
|
-
attr_optional :raw_body
|
|
7
|
-
|
|
8
|
-
def calculate
|
|
9
|
-
return nil unless raw_body.present?
|
|
10
|
-
|
|
11
|
-
OpenSSL::Digest::SHA256.new.digest(raw_body).unpack('H*').first
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
end
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
module Rack
|
|
2
|
-
module OAuth2
|
|
3
|
-
class AccessToken
|
|
4
|
-
class MAC
|
|
5
|
-
class Signature < Verifier
|
|
6
|
-
attr_required :secret, :ts, :nonce, :method, :request_uri, :host, :port
|
|
7
|
-
attr_optional :ext, :query
|
|
8
|
-
|
|
9
|
-
def calculate
|
|
10
|
-
Rack::OAuth2::Util.base64_encode OpenSSL::HMAC.digest(
|
|
11
|
-
hash_generator,
|
|
12
|
-
secret,
|
|
13
|
-
normalized_request_string
|
|
14
|
-
)
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def normalized_request_string
|
|
18
|
-
[
|
|
19
|
-
ts.to_i,
|
|
20
|
-
nonce,
|
|
21
|
-
method.to_s.upcase,
|
|
22
|
-
request_uri,
|
|
23
|
-
host,
|
|
24
|
-
port,
|
|
25
|
-
ext || '',
|
|
26
|
-
nil
|
|
27
|
-
].join("\n")
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
end
|
|
31
|
-
end
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|
|
@@ -1,44 +0,0 @@
|
|
|
1
|
-
module Rack
|
|
2
|
-
module OAuth2
|
|
3
|
-
class AccessToken
|
|
4
|
-
class MAC
|
|
5
|
-
class Verifier
|
|
6
|
-
include AttrRequired, AttrOptional
|
|
7
|
-
attr_required :algorithm
|
|
8
|
-
|
|
9
|
-
class VerificationFailed < StandardError; end
|
|
10
|
-
|
|
11
|
-
def initialize(attributes = {})
|
|
12
|
-
(required_attributes + optional_attributes).each do |key|
|
|
13
|
-
self.send :"#{key}=", attributes[key]
|
|
14
|
-
end
|
|
15
|
-
attr_missing!
|
|
16
|
-
rescue AttrRequired::AttrMissing => e
|
|
17
|
-
raise VerificationFailed.new("#{self.class.name.demodulize} Invalid: #{e.message}")
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def verify!(expected)
|
|
21
|
-
if expected == self.calculate
|
|
22
|
-
:verified
|
|
23
|
-
else
|
|
24
|
-
raise VerificationFailed.new("#{self.class.name.demodulize} Invalid")
|
|
25
|
-
end
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
private
|
|
29
|
-
|
|
30
|
-
def hash_generator
|
|
31
|
-
case algorithm.to_s
|
|
32
|
-
when 'hmac-sha-1'
|
|
33
|
-
OpenSSL::Digest::SHA1.new
|
|
34
|
-
when 'hmac-sha-256'
|
|
35
|
-
OpenSSL::Digest::SHA256.new
|
|
36
|
-
else
|
|
37
|
-
raise 'Unsupported Algorithm'
|
|
38
|
-
end
|
|
39
|
-
end
|
|
40
|
-
end
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
end
|