rack-oauth2 1.21.3 → 2.0.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/spec.yml +2 -0
- data/README.rdoc +1 -20
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/authenticator.rb +1 -10
- data/lib/rack/oauth2/access_token/bearer.rb +1 -1
- data/lib/rack/oauth2/access_token/legacy.rb +1 -1
- data/lib/rack/oauth2/access_token.rb +2 -3
- data/lib/rack/oauth2/client.rb +1 -3
- data/lib/rack/oauth2/server/resource.rb +0 -1
- data/lib/rack/oauth2.rb +8 -14
- data/rack-oauth2.gemspec +4 -3
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +2 -13
- data/spec/rack/oauth2/access_token/bearer_spec.rb +2 -2
- data/spec/rack/oauth2/access_token/legacy_spec.rb +2 -2
- data/spec/rack/oauth2/access_token_spec.rb +0 -17
- data/spec/rack/oauth2/client_spec.rb +0 -16
- data/spec/rack/oauth2/oauth2_spec.rb +0 -43
- metadata +21 -33
- data/.travis.yml +0 -8
- data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +0 -17
- data/lib/rack/oauth2/access_token/mac/signature.rb +0 -34
- data/lib/rack/oauth2/access_token/mac/verifier.rb +0 -44
- data/lib/rack/oauth2/access_token/mac.rb +0 -103
- data/lib/rack/oauth2/debugger/request_filter.rb +0 -30
- data/lib/rack/oauth2/debugger.rb +0 -3
- data/lib/rack/oauth2/server/resource/mac/error.rb +0 -24
- data/lib/rack/oauth2/server/resource/mac.rb +0 -36
- data/spec/mock_response/tokens/mac.json +0 -8
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +0 -28
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +0 -59
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +0 -25
- data/spec/rack/oauth2/access_token/mac_spec.rb +0 -141
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +0 -33
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +0 -52
- data/spec/rack/oauth2/server/resource/mac_spec.rb +0 -119
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1cb4411750fe56e3e1d57b739554197d1ea4420833d01239498c3658e18347bf
|
|
4
|
+
data.tar.gz: e06e73134550dcb58ed74716faa6b8180ecf3da33f1237ebd3533c7e73cac533
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2166159ab59d7885c7e53833c20480eec38035e2d61e4aa23fe62afabacc6a5e4289ce527ad78ffbaac89f317b495957afb4f8be21e9cc38c937e6f0ad42f8e3
|
|
7
|
+
data.tar.gz: 0e381b83f45be184850dc8301be85db57800b317e822cc67f8c08e925df96780b828c330012aa0c22b14ee89c8f884fc9de1ac587a2faab4bd01295b4ea04c06
|
data/.github/workflows/spec.yml
CHANGED
data/README.rdoc
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
= rack-oauth2
|
|
2
2
|
|
|
3
3
|
OAuth 2.0 Server & Client Library.
|
|
4
|
-
Both Bearer
|
|
5
|
-
|
|
6
|
-
{<img src="https://secure.travis-ci.org/nov/rack-oauth2.png" />}[http://travis-ci.org/nov/rack-oauth2]
|
|
4
|
+
Both Bearer token type are supported.
|
|
7
5
|
|
|
8
6
|
The OAuth 2.0 Authorization Framework (RFC 6749)
|
|
9
7
|
http://www.rfc-editor.org/rfc/rfc6749.txt
|
|
@@ -11,9 +9,6 @@ http://www.rfc-editor.org/rfc/rfc6749.txt
|
|
|
11
9
|
The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)
|
|
12
10
|
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-06
|
|
13
11
|
|
|
14
|
-
HTTP Authentication: MAC Access Authentication (draft 01)
|
|
15
|
-
http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
|
|
16
|
-
|
|
17
12
|
== Installation
|
|
18
13
|
|
|
19
14
|
gem install rack-oauth2
|
|
@@ -31,31 +26,17 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
|
|
|
31
26
|
Source on GitHub
|
|
32
27
|
https://github.com/nov/rack-oauth2-sample
|
|
33
28
|
|
|
34
|
-
=== MAC
|
|
35
|
-
|
|
36
|
-
Source on GitHub
|
|
37
|
-
https://github.com/nov/rack-oauth2-sample-mac
|
|
38
|
-
|
|
39
29
|
== Sample Client
|
|
40
30
|
|
|
41
|
-
=== Common between Bearer and MAC
|
|
42
|
-
|
|
43
31
|
Authorization Request (request_type: 'code' and 'token')
|
|
44
32
|
https://gist.github.com/862393
|
|
45
33
|
|
|
46
34
|
Token Request (grant_type: 'client_credentials', 'password', 'authorization_code' and 'refresh_token')
|
|
47
35
|
https://gist.github.com/883541
|
|
48
36
|
|
|
49
|
-
=== Bearer
|
|
50
|
-
|
|
51
37
|
Resource Request (request both for resource owner resource and for client resource)
|
|
52
38
|
https://gist.github.com/883575
|
|
53
39
|
|
|
54
|
-
=== MAC
|
|
55
|
-
|
|
56
|
-
Resource Request (request both for resource owner resource and for client resource)
|
|
57
|
-
https://gist.github.com/933885
|
|
58
|
-
|
|
59
40
|
== Note on Patches/Pull Requests
|
|
60
41
|
|
|
61
42
|
* Fork the project.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
2.0.0.rc1
|
|
@@ -6,18 +6,9 @@ module Rack
|
|
|
6
6
|
@token = token
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
# request:: HTTP::Message
|
|
11
|
-
def filter_request(request)
|
|
9
|
+
def authenticate(request)
|
|
12
10
|
@token.authenticate(request)
|
|
13
11
|
end
|
|
14
|
-
|
|
15
|
-
# Callback called in HTTPClient (after received a response)
|
|
16
|
-
# response:: HTTP::Message
|
|
17
|
-
# request:: HTTP::Message
|
|
18
|
-
def filter_response(response, request)
|
|
19
|
-
# nothing to do
|
|
20
|
-
end
|
|
21
12
|
end
|
|
22
13
|
end
|
|
23
14
|
end
|
|
@@ -19,8 +19,8 @@ module Rack
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def httpclient
|
|
22
|
-
@httpclient ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |
|
|
23
|
-
|
|
22
|
+
@httpclient ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |faraday|
|
|
23
|
+
Authenticator.new(self).authenticate(faraday)
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
|
|
@@ -39,6 +39,5 @@ end
|
|
|
39
39
|
|
|
40
40
|
require 'rack/oauth2/access_token/authenticator'
|
|
41
41
|
require 'rack/oauth2/access_token/bearer'
|
|
42
|
-
require 'rack/oauth2/access_token/mac'
|
|
43
42
|
require 'rack/oauth2/access_token/legacy'
|
|
44
43
|
require 'rack/oauth2/access_token/mtls'
|
data/lib/rack/oauth2/client.rb
CHANGED
|
@@ -76,7 +76,7 @@ module Rack
|
|
|
76
76
|
handle_response do
|
|
77
77
|
http_client.post(
|
|
78
78
|
absolute_uri_for(token_endpoint),
|
|
79
|
-
Util.compact_hash(params),
|
|
79
|
+
Util.compact_hash(params).to_query,
|
|
80
80
|
headers
|
|
81
81
|
)
|
|
82
82
|
end
|
|
@@ -213,8 +213,6 @@ module Rack
|
|
|
213
213
|
case (@forced_token_type || token_hash[:token_type]).try(:downcase)
|
|
214
214
|
when 'bearer'
|
|
215
215
|
AccessToken::Bearer.new(token_hash)
|
|
216
|
-
when 'mac'
|
|
217
|
-
AccessToken::MAC.new(token_hash)
|
|
218
216
|
when nil
|
|
219
217
|
AccessToken::Legacy.new(token_hash)
|
|
220
218
|
else
|
data/lib/rack/oauth2.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'rack'
|
|
2
|
-
require '
|
|
2
|
+
require 'faraday'
|
|
3
|
+
require 'faraday/follow_redirects'
|
|
3
4
|
require 'logger'
|
|
4
5
|
require 'active_support'
|
|
5
6
|
require 'active_support/core_ext'
|
|
@@ -40,18 +41,12 @@ module Rack
|
|
|
40
41
|
self.debugging = false
|
|
41
42
|
|
|
42
43
|
def self.http_client(agent_name = "Rack::OAuth2 (#{VERSION})", &local_http_config)
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
_http_client_.ssl_config.cert_store.set_default_paths
|
|
50
|
-
|
|
51
|
-
http_config.try(:call, _http_client_)
|
|
52
|
-
local_http_config.try(:call, _http_client_) unless local_http_config.nil?
|
|
53
|
-
_http_client_.request_filter << Debugger::RequestFilter.new if debugging?
|
|
54
|
-
_http_client_
|
|
44
|
+
Faraday.new(headers: {user_agent: agent_name}) do |faraday|
|
|
45
|
+
faraday.response :logger, Rack::OAuth2.logger if debugging?
|
|
46
|
+
faraday.adapter Faraday.default_adapter
|
|
47
|
+
local_http_config&.call(faraday)
|
|
48
|
+
http_config&.call(faraday)
|
|
49
|
+
end
|
|
55
50
|
end
|
|
56
51
|
|
|
57
52
|
def self.http_config(&block)
|
|
@@ -70,4 +65,3 @@ require 'rack/oauth2/util'
|
|
|
70
65
|
require 'rack/oauth2/server'
|
|
71
66
|
require 'rack/oauth2/client'
|
|
72
67
|
require 'rack/oauth2/access_token'
|
|
73
|
-
require 'rack/oauth2/debugger'
|
data/rack-oauth2.gemspec
CHANGED
|
@@ -2,8 +2,8 @@ Gem::Specification.new do |s|
|
|
|
2
2
|
s.name = 'rack-oauth2'
|
|
3
3
|
s.version = File.read('VERSION')
|
|
4
4
|
s.authors = ['nov matake']
|
|
5
|
-
s.description = %q{OAuth 2.0 Server & Client Library. Both Bearer
|
|
6
|
-
s.summary = %q{OAuth 2.0 Server & Client Library - Both Bearer
|
|
5
|
+
s.description = %q{OAuth 2.0 Server & Client Library. Both Bearer token type are supported.}
|
|
6
|
+
s.summary = %q{OAuth 2.0 Server & Client Library - Both Bearer token type are supported}
|
|
7
7
|
s.email = 'nov@matake.jp'
|
|
8
8
|
s.extra_rdoc_files = ['LICENSE', 'README.rdoc']
|
|
9
9
|
s.rdoc_options = ['--charset=UTF-8']
|
|
@@ -14,7 +14,8 @@ Gem::Specification.new do |s|
|
|
|
14
14
|
s.files = `git ls-files`.split("\n")
|
|
15
15
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
|
16
16
|
s.add_runtime_dependency 'rack', '>= 2.1.0'
|
|
17
|
-
s.add_runtime_dependency '
|
|
17
|
+
s.add_runtime_dependency 'faraday', '~> 2.0'
|
|
18
|
+
s.add_runtime_dependency 'faraday-follow_redirects'
|
|
18
19
|
s.add_runtime_dependency 'activesupport'
|
|
19
20
|
s.add_runtime_dependency 'attr_required'
|
|
20
21
|
s.add_runtime_dependency 'json-jwt', '>= 1.11.0'
|
|
@@ -2,13 +2,13 @@ require 'spec_helper'
|
|
|
2
2
|
|
|
3
3
|
describe Rack::OAuth2::AccessToken::Authenticator do
|
|
4
4
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
5
|
-
let(:request) {
|
|
5
|
+
let(:request) { Faraday::Request.new(:get, URI.parse(resource_endpoint)) }
|
|
6
6
|
let(:authenticator) { Rack::OAuth2::AccessToken::Authenticator.new(token) }
|
|
7
7
|
|
|
8
8
|
shared_examples_for :authenticator do
|
|
9
9
|
it 'should let the token authenticate the request' do
|
|
10
10
|
expect(token).to receive(:authenticate).with(request)
|
|
11
|
-
authenticator.
|
|
11
|
+
authenticator.authenticate(request)
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
14
|
|
|
@@ -29,15 +29,4 @@ describe Rack::OAuth2::AccessToken::Authenticator do
|
|
|
29
29
|
end
|
|
30
30
|
it_behaves_like :authenticator
|
|
31
31
|
end
|
|
32
|
-
|
|
33
|
-
context 'when MAC token is given' do
|
|
34
|
-
let(:token) do
|
|
35
|
-
Rack::OAuth2::AccessToken::MAC.new(
|
|
36
|
-
access_token: 'access_token',
|
|
37
|
-
mac_key: 'secret',
|
|
38
|
-
mac_algorithm: 'hmac-sha-256'
|
|
39
|
-
)
|
|
40
|
-
end
|
|
41
|
-
it_behaves_like :authenticator
|
|
42
|
-
end
|
|
43
32
|
end
|
|
@@ -7,11 +7,11 @@ describe Rack::OAuth2::AccessToken::Bearer do
|
|
|
7
7
|
)
|
|
8
8
|
end
|
|
9
9
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
10
|
-
let(:request) {
|
|
10
|
+
let(:request) { Faraday::Request.new(:post, URI.parse(resource_endpoint), '', {hello: "world"}, {}) }
|
|
11
11
|
|
|
12
12
|
describe '.authenticate' do
|
|
13
13
|
it 'should set Authorization header' do
|
|
14
|
-
expect(request.
|
|
14
|
+
expect(request.headers).to receive(:[]=).with('Authorization', 'Bearer access_token')
|
|
15
15
|
token.authenticate(request)
|
|
16
16
|
end
|
|
17
17
|
end
|
|
@@ -7,7 +7,7 @@ describe Rack::OAuth2::AccessToken::Legacy do
|
|
|
7
7
|
)
|
|
8
8
|
end
|
|
9
9
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
10
|
-
let(:request) {
|
|
10
|
+
let(:request) { Faraday::Request.new(:post, URI.parse(resource_endpoint), '', {hello: "world"}, {}) }
|
|
11
11
|
|
|
12
12
|
describe '#to_s' do
|
|
13
13
|
subject { token }
|
|
@@ -16,7 +16,7 @@ describe Rack::OAuth2::AccessToken::Legacy do
|
|
|
16
16
|
|
|
17
17
|
describe '.authenticate' do
|
|
18
18
|
it 'should set Authorization header' do
|
|
19
|
-
expect(request.
|
|
19
|
+
expect(request.headers).to receive(:[]=).with('Authorization', 'OAuth access_token')
|
|
20
20
|
token.authenticate(request)
|
|
21
21
|
end
|
|
22
22
|
end
|
|
@@ -49,23 +49,6 @@ describe Rack::OAuth2::AccessToken do
|
|
|
49
49
|
|
|
50
50
|
let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
|
|
51
51
|
[:get, :delete, :post, :put].each do |method|
|
|
52
|
-
describe method do
|
|
53
|
-
it 'should delegate to HTTPClient with Authenticator filter' do
|
|
54
|
-
expect(token.httpclient).to receive(method).with(resource_endpoint)
|
|
55
|
-
token.httpclient.request_filter.last.should be_a Rack::OAuth2::AccessToken::Authenticator
|
|
56
|
-
token.send method, resource_endpoint
|
|
57
|
-
end
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
context 'in debug mode' do
|
|
61
|
-
it do
|
|
62
|
-
Rack::OAuth2.debug do
|
|
63
|
-
token.httpclient.request_filter[-2].should be_a Rack::OAuth2::AccessToken::Authenticator
|
|
64
|
-
token.httpclient.request_filter.last.should be_a Rack::OAuth2::Debugger::RequestFilter
|
|
65
|
-
end
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
|
|
69
52
|
context 'when extension params given' do
|
|
70
53
|
subject do
|
|
71
54
|
Rack::OAuth2::AccessToken::Bearer.new(
|
|
@@ -338,22 +338,6 @@ describe Rack::OAuth2::Client do
|
|
|
338
338
|
end
|
|
339
339
|
end
|
|
340
340
|
|
|
341
|
-
context 'when mac token is given' do
|
|
342
|
-
before do
|
|
343
|
-
client.authorization_code = 'code'
|
|
344
|
-
mock_response(
|
|
345
|
-
:post,
|
|
346
|
-
'https://server.example.com/oauth2/token',
|
|
347
|
-
'tokens/mac.json'
|
|
348
|
-
)
|
|
349
|
-
end
|
|
350
|
-
it { should be_instance_of Rack::OAuth2::AccessToken::MAC }
|
|
351
|
-
its(:token_type) { should == :mac }
|
|
352
|
-
its(:access_token) { should == 'access_token' }
|
|
353
|
-
its(:refresh_token) { should == 'refresh_token' }
|
|
354
|
-
its(:expires_in) { should == 3600 }
|
|
355
|
-
end
|
|
356
|
-
|
|
357
341
|
context 'when no-type token is given (JSON)' do
|
|
358
342
|
before do
|
|
359
343
|
client.authorization_code = 'code'
|
|
@@ -28,47 +28,4 @@ describe Rack::OAuth2 do
|
|
|
28
28
|
Rack::OAuth2.debugging?.should == true
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
|
-
|
|
32
|
-
describe '.http_config' do
|
|
33
|
-
context 'when request_filter added' do
|
|
34
|
-
context 'when "debug!" is called' do
|
|
35
|
-
after { Rack::OAuth2.reset_http_config! }
|
|
36
|
-
|
|
37
|
-
it 'should put Debugger::RequestFilter at last' do
|
|
38
|
-
Rack::OAuth2.debug!
|
|
39
|
-
Rack::OAuth2.http_config do |config|
|
|
40
|
-
config.request_filter << Proc.new {}
|
|
41
|
-
end
|
|
42
|
-
Rack::OAuth2.http_client.request_filter.last.should be_instance_of Rack::OAuth2::Debugger::RequestFilter
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
it 'should reset_http_config' do
|
|
46
|
-
Rack::OAuth2.debug!
|
|
47
|
-
Rack::OAuth2.http_config do |config|
|
|
48
|
-
config.request_filter << Proc.new {}
|
|
49
|
-
end
|
|
50
|
-
size = Rack::OAuth2.http_client.request_filter.size
|
|
51
|
-
Rack::OAuth2.reset_http_config!
|
|
52
|
-
Rack::OAuth2.http_client.request_filter.size.should == size - 1
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
end
|
|
56
|
-
end
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
describe ".http_client" do
|
|
60
|
-
context "when local_http_config is used" do
|
|
61
|
-
it "should correctly set request_filter" do
|
|
62
|
-
clnt1 = Rack::OAuth2.http_client
|
|
63
|
-
clnt2 = Rack::OAuth2.http_client("my client") do |config|
|
|
64
|
-
config.request_filter << Proc.new {}
|
|
65
|
-
end
|
|
66
|
-
clnt3 = Rack::OAuth2.http_client
|
|
67
|
-
|
|
68
|
-
clnt1.request_filter.size.should == clnt3.request_filter.size
|
|
69
|
-
clnt1.request_filter.size.should == clnt2.request_filter.size - 1
|
|
70
|
-
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
end
|
|
74
31
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0.rc1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -25,7 +25,21 @@ dependencies:
|
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 2.1.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name:
|
|
28
|
+
name: faraday
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '2.0'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '2.0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: faraday-follow_redirects
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
|
30
44
|
requirements:
|
|
31
45
|
- - ">="
|
|
@@ -164,8 +178,7 @@ dependencies:
|
|
|
164
178
|
- - ">="
|
|
165
179
|
- !ruby/object:Gem::Version
|
|
166
180
|
version: '0'
|
|
167
|
-
description: OAuth 2.0 Server & Client Library. Both Bearer
|
|
168
|
-
supported.
|
|
181
|
+
description: OAuth 2.0 Server & Client Library. Both Bearer token type are supported.
|
|
169
182
|
email: nov@matake.jp
|
|
170
183
|
executables: []
|
|
171
184
|
extensions: []
|
|
@@ -178,7 +191,6 @@ files:
|
|
|
178
191
|
- ".github/workflows/spec.yml"
|
|
179
192
|
- ".gitignore"
|
|
180
193
|
- ".rspec"
|
|
181
|
-
- ".travis.yml"
|
|
182
194
|
- Gemfile
|
|
183
195
|
- LICENSE
|
|
184
196
|
- README.rdoc
|
|
@@ -189,10 +201,6 @@ files:
|
|
|
189
201
|
- lib/rack/oauth2/access_token/authenticator.rb
|
|
190
202
|
- lib/rack/oauth2/access_token/bearer.rb
|
|
191
203
|
- lib/rack/oauth2/access_token/legacy.rb
|
|
192
|
-
- lib/rack/oauth2/access_token/mac.rb
|
|
193
|
-
- lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb
|
|
194
|
-
- lib/rack/oauth2/access_token/mac/signature.rb
|
|
195
|
-
- lib/rack/oauth2/access_token/mac/verifier.rb
|
|
196
204
|
- lib/rack/oauth2/access_token/mtls.rb
|
|
197
205
|
- lib/rack/oauth2/client.rb
|
|
198
206
|
- lib/rack/oauth2/client/error.rb
|
|
@@ -204,8 +212,6 @@ files:
|
|
|
204
212
|
- lib/rack/oauth2/client/grant/refresh_token.rb
|
|
205
213
|
- lib/rack/oauth2/client/grant/saml2_bearer.rb
|
|
206
214
|
- lib/rack/oauth2/client/grant/token_exchange.rb
|
|
207
|
-
- lib/rack/oauth2/debugger.rb
|
|
208
|
-
- lib/rack/oauth2/debugger/request_filter.rb
|
|
209
215
|
- lib/rack/oauth2/server.rb
|
|
210
216
|
- lib/rack/oauth2/server/abstract.rb
|
|
211
217
|
- lib/rack/oauth2/server/abstract/error.rb
|
|
@@ -228,8 +234,6 @@ files:
|
|
|
228
234
|
- lib/rack/oauth2/server/resource/bearer.rb
|
|
229
235
|
- lib/rack/oauth2/server/resource/bearer/error.rb
|
|
230
236
|
- lib/rack/oauth2/server/resource/error.rb
|
|
231
|
-
- lib/rack/oauth2/server/resource/mac.rb
|
|
232
|
-
- lib/rack/oauth2/server/resource/mac/error.rb
|
|
233
237
|
- lib/rack/oauth2/server/token.rb
|
|
234
238
|
- lib/rack/oauth2/server/token/authorization_code.rb
|
|
235
239
|
- lib/rack/oauth2/server/token/client_credentials.rb
|
|
@@ -253,15 +257,10 @@ files:
|
|
|
253
257
|
- spec/mock_response/tokens/legacy.json
|
|
254
258
|
- spec/mock_response/tokens/legacy.txt
|
|
255
259
|
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
|
256
|
-
- spec/mock_response/tokens/mac.json
|
|
257
260
|
- spec/mock_response/tokens/unknown.json
|
|
258
261
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
|
259
262
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
|
260
263
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
|
261
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
|
262
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
|
263
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
|
264
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
|
265
264
|
- spec/rack/oauth2/access_token_spec.rb
|
|
266
265
|
- spec/rack/oauth2/client/error_spec.rb
|
|
267
266
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
|
@@ -271,7 +270,6 @@ files:
|
|
|
271
270
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
|
272
271
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
|
273
272
|
- spec/rack/oauth2/client_spec.rb
|
|
274
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
|
275
273
|
- spec/rack/oauth2/oauth2_spec.rb
|
|
276
274
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
|
277
275
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
|
@@ -284,8 +282,6 @@ files:
|
|
|
284
282
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
|
285
283
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
|
286
284
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
|
287
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
|
288
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
|
289
285
|
- spec/rack/oauth2/server/resource_spec.rb
|
|
290
286
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
|
291
287
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
|
@@ -313,14 +309,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
313
309
|
version: '0'
|
|
314
310
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
315
311
|
requirements:
|
|
316
|
-
- - "
|
|
312
|
+
- - ">"
|
|
317
313
|
- !ruby/object:Gem::Version
|
|
318
|
-
version:
|
|
314
|
+
version: 1.3.1
|
|
319
315
|
requirements: []
|
|
320
316
|
rubygems_version: 3.3.7
|
|
321
317
|
signing_key:
|
|
322
318
|
specification_version: 4
|
|
323
|
-
summary: OAuth 2.0 Server & Client Library - Both Bearer
|
|
319
|
+
summary: OAuth 2.0 Server & Client Library - Both Bearer token type are supported
|
|
324
320
|
test_files:
|
|
325
321
|
- spec/helpers/time.rb
|
|
326
322
|
- spec/helpers/webmock_helper.rb
|
|
@@ -332,15 +328,10 @@ test_files:
|
|
|
332
328
|
- spec/mock_response/tokens/legacy.json
|
|
333
329
|
- spec/mock_response/tokens/legacy.txt
|
|
334
330
|
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
|
335
|
-
- spec/mock_response/tokens/mac.json
|
|
336
331
|
- spec/mock_response/tokens/unknown.json
|
|
337
332
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
|
338
333
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
|
339
334
|
- spec/rack/oauth2/access_token/legacy_spec.rb
|
|
340
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
|
341
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
|
342
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
|
343
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
|
344
335
|
- spec/rack/oauth2/access_token_spec.rb
|
|
345
336
|
- spec/rack/oauth2/client/error_spec.rb
|
|
346
337
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
|
@@ -350,7 +341,6 @@ test_files:
|
|
|
350
341
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
|
351
342
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
|
352
343
|
- spec/rack/oauth2/client_spec.rb
|
|
353
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
|
354
344
|
- spec/rack/oauth2/oauth2_spec.rb
|
|
355
345
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
|
356
346
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
|
@@ -363,8 +353,6 @@ test_files:
|
|
|
363
353
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
|
364
354
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
|
365
355
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
|
366
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
|
367
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
|
368
356
|
- spec/rack/oauth2/server/resource_spec.rb
|
|
369
357
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
|
370
358
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
data/.travis.yml
DELETED
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
module Rack
|
|
2
|
-
module OAuth2
|
|
3
|
-
class AccessToken
|
|
4
|
-
class MAC
|
|
5
|
-
class Sha256HexVerifier < Verifier
|
|
6
|
-
attr_optional :raw_body
|
|
7
|
-
|
|
8
|
-
def calculate
|
|
9
|
-
return nil unless raw_body.present?
|
|
10
|
-
|
|
11
|
-
OpenSSL::Digest::SHA256.new.digest(raw_body).unpack('H*').first
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
end
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
module Rack
|
|
2
|
-
module OAuth2
|
|
3
|
-
class AccessToken
|
|
4
|
-
class MAC
|
|
5
|
-
class Signature < Verifier
|
|
6
|
-
attr_required :secret, :ts, :nonce, :method, :request_uri, :host, :port
|
|
7
|
-
attr_optional :ext, :query
|
|
8
|
-
|
|
9
|
-
def calculate
|
|
10
|
-
Rack::OAuth2::Util.base64_encode OpenSSL::HMAC.digest(
|
|
11
|
-
hash_generator,
|
|
12
|
-
secret,
|
|
13
|
-
normalized_request_string
|
|
14
|
-
)
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def normalized_request_string
|
|
18
|
-
[
|
|
19
|
-
ts.to_i,
|
|
20
|
-
nonce,
|
|
21
|
-
method.to_s.upcase,
|
|
22
|
-
request_uri,
|
|
23
|
-
host,
|
|
24
|
-
port,
|
|
25
|
-
ext || '',
|
|
26
|
-
nil
|
|
27
|
-
].join("\n")
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
end
|
|
31
|
-
end
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|
|
@@ -1,44 +0,0 @@
|
|
|
1
|
-
module Rack
|
|
2
|
-
module OAuth2
|
|
3
|
-
class AccessToken
|
|
4
|
-
class MAC
|
|
5
|
-
class Verifier
|
|
6
|
-
include AttrRequired, AttrOptional
|
|
7
|
-
attr_required :algorithm
|
|
8
|
-
|
|
9
|
-
class VerificationFailed < StandardError; end
|
|
10
|
-
|
|
11
|
-
def initialize(attributes = {})
|
|
12
|
-
(required_attributes + optional_attributes).each do |key|
|
|
13
|
-
self.send :"#{key}=", attributes[key]
|
|
14
|
-
end
|
|
15
|
-
attr_missing!
|
|
16
|
-
rescue AttrRequired::AttrMissing => e
|
|
17
|
-
raise VerificationFailed.new("#{self.class.name.demodulize} Invalid: #{e.message}")
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def verify!(expected)
|
|
21
|
-
if expected == self.calculate
|
|
22
|
-
:verified
|
|
23
|
-
else
|
|
24
|
-
raise VerificationFailed.new("#{self.class.name.demodulize} Invalid")
|
|
25
|
-
end
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
private
|
|
29
|
-
|
|
30
|
-
def hash_generator
|
|
31
|
-
case algorithm.to_s
|
|
32
|
-
when 'hmac-sha-1'
|
|
33
|
-
OpenSSL::Digest::SHA1.new
|
|
34
|
-
when 'hmac-sha-256'
|
|
35
|
-
OpenSSL::Digest::SHA256.new
|
|
36
|
-
else
|
|
37
|
-
raise 'Unsupported Algorithm'
|
|
38
|
-
end
|
|
39
|
-
end
|
|
40
|
-
end
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
end
|