rack-oauth2 1.21.3 → 2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7303cf85e66a7fb4a89d66d95b4ad35720ecb95459f9740208328314ea54b157
-  data.tar.gz: 061a4a30cbb25212979a37f26e18043cbf71dead3e36981b37f6152fc6899cfd
+  metadata.gz: f2c3515e2af90285deab9032fece3d0ef8c7445405cc1cce705160c19fb2052b
+  data.tar.gz: e95c0fca744d8d12d97e1be23ff48cb00250d92a536de03382021e73e809c737
 SHA512:
-  metadata.gz: 5fbabf81d770e80f02614d3b00b0fd9db8a63ed695a5b67b74266eee1f09ec6e7045db009ea7e6ee09af84680699809032ecc64d58caee48305573cd3532b5be
-  data.tar.gz: 5bc8cdbdddb9a997560eab574a955ab69d3ad8f9e594554a45d17e077991c2551382c917363c1c09db349abf262f5d9c15a7cfb13c24e56fe27d83cbde62f0f3
+  metadata.gz: 6c2a9ddb2f9b4b9d18c337d678bf88d660f3597d09ec9d63195062cd1c5fc0a3c5105135f51aa1f4efef4e64b9e66c2a6f36dc6b4037b5c09cefbace858ce67e
+  data.tar.gz: e0add9d0227669a3cfd6e11c208bc36f89c13ec8cda2ab2352bb9b0d29ee0ac59b266aee90732c4e756895fc8d66ebaefdd4defe5342392e67e08d9022514da9

data/.github/workflows/spec.yml

@@ -2,6 +2,8 @@ name: Spec
 
 on:
   push:
+    branches:
+      - main
   pull_request:
 
 permissions:
@@ -11,12 +13,11 @@ jobs:
   spec:
     strategy:
       matrix:
-        os: ['ubuntu-20.04']
-        ruby-version: ['2.6', '2.7', '3.0', '3.1']
-        # ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
+        os: ['ubuntu-20.04', 'ubuntu-22.04']
+        ruby-version: ['3.1', '3.2', '3.3']
         include:
-        - os: 'ubuntu-22.04'
-          ruby-version: '3.1'
+        - os: 'ubuntu-20.04'
+          ruby-version: '3.0'
     runs-on: ${{ matrix.os }}
 
     steps:

data/CHANGELOG.md

@@ -0,0 +1,31 @@
+## [Unreleased]
+
+## [2.2.0] - 2022-10-11
+
+### Changed
+
+- automatic json response decoding, and remove legacy token support by @nov in https://github.com/nov/rack-oauth2/pull/95
+
+## [2.1.0] - 2022-10-10
+
+### Added
+
+- accept local_http_config on Rack::OAuth2::Client#access_token! & revoke!  to support custom headers etc. by @nov in https://github.com/nov/rack-oauth2/pull/93
+
+## [2.0.1] - 2022-10-09
+
+### Fixed
+
+- changes for mTLS on faraday by @nov in https://github.com/nov/rack-oauth2/pull/92
+
+## [2.0.0] - 2022-10-09
+
+### Added
+
+- start recording CHANGELOG
+
+### Changed
+
+- Switch from httpclient to faraday v2 https://github.com/nov/rack-oauth2/pull/91
+- make url-encoded the default https://github.com/nov/rack-oauth2/commit/98faf139be4f5bf9ec6134d31f65a298259d8a8b
+- let faraday encode params https://github.com/nov/rack-oauth2/commit/f399b3afb8facb3635b8842baee8584bc4d3ce73

data/README.rdoc

@@ -1,9 +1,7 @@
 = rack-oauth2
 
 OAuth 2.0 Server & Client Library.
-Both Bearer and MAC token type are supported.
-
-{<img src="https://secure.travis-ci.org/nov/rack-oauth2.png" />}[http://travis-ci.org/nov/rack-oauth2]
+Both Bearer token type are supported.
 
 The OAuth 2.0 Authorization Framework (RFC 6749)
 http://www.rfc-editor.org/rfc/rfc6749.txt
@@ -11,9 +9,6 @@ http://www.rfc-editor.org/rfc/rfc6749.txt
 The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750)
 http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-06
 
-HTTP Authentication: MAC Access Authentication (draft 01)
-http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
-
 == Installation
 
   gem install rack-oauth2
@@ -31,31 +26,17 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
 Source on GitHub
 https://github.com/nov/rack-oauth2-sample
 
-=== MAC
-
-Source on GitHub
-https://github.com/nov/rack-oauth2-sample-mac
-
 == Sample Client
 
-=== Common between Bearer and MAC
-
 Authorization Request (request_type: 'code' and 'token')
 https://gist.github.com/862393
 
 Token Request (grant_type: 'client_credentials', 'password', 'authorization_code' and 'refresh_token')
 https://gist.github.com/883541
 
-=== Bearer
-
 Resource Request (request both for resource owner resource and for client resource)
 https://gist.github.com/883575
 
-=== MAC
-
-Resource Request (request both for resource owner resource and for client resource)
-https://gist.github.com/933885
-
 == Note on Patches/Pull Requests
 
 * Fork the project.

data/VERSION

@@ -1 +1 @@
-1.21.3
+2.2.1

data/lib/rack/oauth2/access_token/authenticator.rb

@@ -6,18 +6,9 @@ module Rack
           @token = token
         end
 
-        # Callback called in HTTPClient (before sending a request)
-        # request:: HTTP::Message
-        def filter_request(request)
+        def authenticate(request)
           @token.authenticate(request)
         end
-
-        # Callback called in HTTPClient (after received a response)
-        # response:: HTTP::Message
-        # request::  HTTP::Message
-        def filter_response(response, request)
-          # nothing to do
-        end
       end
     end
   end

data/lib/rack/oauth2/access_token/bearer.rb

@@ -3,7 +3,7 @@ module Rack
     class AccessToken
       class Bearer < AccessToken
         def authenticate(request)
-          request.header["Authorization"] = "Bearer #{access_token}"
+          request.headers["Authorization"] = "Bearer #{access_token}"
         end
 
         def to_mtls(attributes = {})

data/lib/rack/oauth2/access_token/mtls.rb

@@ -7,8 +7,8 @@ module Rack
         def initialize(attributes = {})
           super
           self.token_type = :bearer
-          httpclient.ssl_config.client_key = private_key
-          httpclient.ssl_config.client_cert = certificate
+          http_client.ssl.client_key = private_key
+          http_client.ssl.client_cert = certificate
         end
       end
     end

data/lib/rack/oauth2/access_token.rb

@@ -5,7 +5,7 @@ module Rack
       attr_required :access_token, :token_type
       attr_optional :refresh_token, :expires_in, :scope
       attr_accessor :raw_attributes
-      delegate :get, :patch, :post, :put, :delete, to: :httpclient
+      delegate :get, :patch, :post, :put, :delete, to: :http_client
 
       alias_method :to_s, :access_token
 
@@ -18,9 +18,9 @@ module Rack
         attr_missing!
       end
 
-      def httpclient
-        @httpclient ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |config|
-          config.request_filter << Authenticator.new(self)
+      def http_client
+        @http_client ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |faraday|
+          Authenticator.new(self).authenticate(faraday)
         end
       end
 
@@ -39,6 +39,4 @@ end
 
 require 'rack/oauth2/access_token/authenticator'
 require 'rack/oauth2/access_token/bearer'
-require 'rack/oauth2/access_token/mac'
-require 'rack/oauth2/access_token/legacy'
 require 'rack/oauth2/access_token/mtls'

data/lib/rack/oauth2/client.rb

@@ -78,7 +78,9 @@ module Rack
             absolute_uri_for(token_endpoint),
             Util.compact_hash(params),
             headers
-          )
+          ) do |req|
+            yield req if block_given?
+          end
         end
       end
 
@@ -111,7 +113,9 @@ module Rack
             absolute_uri_for(revocation_endpoint),
             Util.compact_hash(params),
             headers
-          )
+          ) do |req|
+            yield req if block_given?
+          end
         end
       end
 
@@ -134,7 +138,7 @@ module Rack
         #  Using Array#extract_options! for backward compatibility.
         #  Until v1.0.5, the first argument was 'client_auth_method' in scalar.
         options = args.extract_options!
-        client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic
+        client_auth_method = args.first || options.delete(:client_auth_method)&.to_sym || :basic
 
         case client_auth_method
         when :basic
@@ -176,8 +180,8 @@ module Rack
           params.merge!(
             client_id: identifier
           )
-          http_client.ssl_config.client_key = private_key
-          http_client.ssl_config.client_cert = certificate
+          http_client.ssl.client_key = private_key
+          http_client.ssl.client_cert = certificate
         else
           params.merge!(
             client_id: identifier,
@@ -209,26 +213,19 @@ module Rack
       end
 
       def handle_success_response(response)
-        token_hash = JSON.parse(response.body).with_indifferent_access
-        case (@forced_token_type || token_hash[:token_type]).try(:downcase)
+        token_hash = response.body.with_indifferent_access
+        case (@forced_token_type || token_hash[:token_type])&.downcase
         when 'bearer'
           AccessToken::Bearer.new(token_hash)
-        when 'mac'
-          AccessToken::MAC.new(token_hash)
-        when nil
-          AccessToken::Legacy.new(token_hash)
         else
           raise 'Unknown Token Type'
         end
-      rescue JSON::ParserError
-        # NOTE: Facebook support (They don't use JSON as token response)
-        AccessToken::Legacy.new Rack::Utils.parse_nested_query(response.body).with_indifferent_access
       end
 
       def handle_error_response(response)
-        error = JSON.parse(response.body).with_indifferent_access
+        error = response.body.with_indifferent_access
         raise Error.new(response.status, error)
-      rescue JSON::ParserError
+      rescue Faraday::ParsingError, NoMethodError
         raise Error.new(response.status, error: 'Unknown', error_description: response.body)
       end
     end

data/lib/rack/oauth2/server/extension/pkce.rb

@@ -27,7 +27,7 @@ module Rack
 
             def verify_code_verifier!(code_challenge, code_challenge_method = :S256)
               if code_verifier.present? || code_challenge.present?
-                case code_challenge_method.try(:to_sym)
+                case code_challenge_method&.to_sym
                 when :S256
                   code_challenge == Util.urlsafe_base64_encode(
                     OpenSSL::Digest::SHA256.digest(code_verifier.to_s)

data/lib/rack/oauth2/server/resource.rb

@@ -52,4 +52,3 @@ end
 
 require 'rack/oauth2/server/resource/error'
 require 'rack/oauth2/server/resource/bearer'
-require 'rack/oauth2/server/resource/mac'

data/lib/rack/oauth2.rb

@@ -1,5 +1,6 @@
 require 'rack'
-require 'httpclient'
+require 'faraday'
+require 'faraday/follow_redirects'
 require 'logger'
 require 'active_support'
 require 'active_support/core_ext'
@@ -40,18 +41,15 @@ module Rack
     self.debugging = false
 
     def self.http_client(agent_name = "Rack::OAuth2 (#{VERSION})", &local_http_config)
-      _http_client_ = HTTPClient.new(
-        agent_name: agent_name
-      )
-
-      # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
-      _http_client_.ssl_config.clear_cert_store
-      _http_client_.ssl_config.cert_store.set_default_paths
-
-      http_config.try(:call, _http_client_)
-      local_http_config.try(:call, _http_client_) unless local_http_config.nil?
-      _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
-      _http_client_
+      Faraday.new(headers: {user_agent: agent_name}) do |faraday|
+        faraday.request :url_encoded
+        faraday.request :json
+        faraday.response :json
+        faraday.adapter Faraday.default_adapter
+        local_http_config&.call(faraday)
+        http_config&.call(faraday)
+        faraday.response :logger, Rack::OAuth2.logger, bodies: true if debugging?
+      end
     end
 
     def self.http_config(&block)
@@ -61,7 +59,6 @@ module Rack
     def self.reset_http_config!
       @@http_config = nil
     end
-
   end
 end
 
@@ -70,4 +67,3 @@ require 'rack/oauth2/util'
 require 'rack/oauth2/server'
 require 'rack/oauth2/client'
 require 'rack/oauth2/access_token'
-require 'rack/oauth2/debugger'

data/rack-oauth2.gemspec

@@ -2,8 +2,8 @@ Gem::Specification.new do |s|
   s.name = 'rack-oauth2'
   s.version = File.read('VERSION')
   s.authors = ['nov matake']
-  s.description = %q{OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are supported.}
-  s.summary = %q{OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported}
+  s.description = %q{OAuth 2.0 Server & Client Library. Both Bearer token type are supported.}
+  s.summary = %q{OAuth 2.0 Server & Client Library - Both Bearer token type are supported}
   s.email = 'nov@matake.jp'
   s.extra_rdoc_files = ['LICENSE', 'README.rdoc']
   s.rdoc_options = ['--charset=UTF-8']
@@ -14,7 +14,8 @@ Gem::Specification.new do |s|
   s.files = `git ls-files`.split("\n")
   s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.add_runtime_dependency 'rack', '>= 2.1.0'
-  s.add_runtime_dependency 'httpclient'
+  s.add_runtime_dependency 'faraday', '~> 2.0'
+  s.add_runtime_dependency 'faraday-follow_redirects'
   s.add_runtime_dependency 'activesupport'
   s.add_runtime_dependency 'attr_required'
   s.add_runtime_dependency 'json-jwt', '>= 1.11.0'

data/spec/helpers/webmock_helper.rb

@@ -13,7 +13,7 @@ module WebMockHelper
 
   def request_for(method, options = {})
     request = {}
-    params = options.try(:[], :params) || {}
+    params = options&.[](:params) || {}
     case method
     when :post, :put, :delete
       request[:body] = params
@@ -28,7 +28,13 @@ module WebMockHelper
 
   def response_for(response_file, options = {})
     response = {}
-    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', response_file))
+    format = options[:format] || :json
+    if format == :json
+      response[:headers] = {
+        'Content-Type': 'application/json'
+      }
+    end
+    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{format}"))
     if options[:status]
       response[:status] = options[:status]
     end

data/spec/rack/oauth2/access_token/authenticator_spec.rb

@@ -2,25 +2,16 @@ require 'spec_helper'
 
 describe Rack::OAuth2::AccessToken::Authenticator do
   let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
-  let(:request) { HTTP::Message.new_request(:get, URI.parse(resource_endpoint)) }
+  let(:request) { Faraday::Request.new(:get, URI.parse(resource_endpoint)) }
   let(:authenticator) { Rack::OAuth2::AccessToken::Authenticator.new(token) }
 
   shared_examples_for :authenticator do
     it 'should let the token authenticate the request' do
       expect(token).to receive(:authenticate).with(request)
-      authenticator.filter_request(request)
+      authenticator.authenticate(request)
     end
   end
 
-  context 'when Legacy token is given' do
-    let(:token) do
-      Rack::OAuth2::AccessToken::Legacy.new(
-        access_token: 'access_token'
-      )
-    end
-    it_behaves_like :authenticator
-  end
-
   context 'when Bearer token is given' do
     let(:token) do
       Rack::OAuth2::AccessToken::Bearer.new(
@@ -29,15 +20,4 @@ describe Rack::OAuth2::AccessToken::Authenticator do
     end
     it_behaves_like :authenticator
   end
-
-  context 'when MAC token is given' do
-    let(:token) do
-      Rack::OAuth2::AccessToken::MAC.new(
-        access_token: 'access_token',
-        mac_key: 'secret',
-        mac_algorithm: 'hmac-sha-256'
-      )
-    end
-    it_behaves_like :authenticator
-  end
 end

data/spec/rack/oauth2/access_token/bearer_spec.rb

@@ -7,11 +7,11 @@ describe Rack::OAuth2::AccessToken::Bearer do
     )
   end
   let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
-  let(:request) { HTTPClient.new.send(:create_request, :post, URI.parse(resource_endpoint), {}, {hello: "world"}, {}) }
+  let(:request) { Faraday::Request.new(:post, URI.parse(resource_endpoint), '', {hello: "world"}, {}) }
 
   describe '.authenticate' do
     it 'should set Authorization header' do
-      expect(request.header).to receive(:[]=).with('Authorization', 'Bearer access_token')
+      expect(request.headers).to receive(:[]=).with('Authorization', 'Bearer access_token')
       token.authenticate(request)
     end
   end

data/spec/rack/oauth2/access_token_spec.rb

@@ -49,23 +49,6 @@ describe Rack::OAuth2::AccessToken do
 
   let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
   [:get, :delete, :post, :put].each do |method|
-    describe method do
-      it 'should delegate to HTTPClient with Authenticator filter' do
-        expect(token.httpclient).to receive(method).with(resource_endpoint)
-        token.httpclient.request_filter.last.should be_a Rack::OAuth2::AccessToken::Authenticator
-        token.send method, resource_endpoint
-      end
-    end
-
-    context 'in debug mode' do
-      it do
-        Rack::OAuth2.debug do
-          token.httpclient.request_filter[-2].should be_a Rack::OAuth2::AccessToken::Authenticator
-          token.httpclient.request_filter.last.should be_a Rack::OAuth2::Debugger::RequestFilter
-        end
-      end
-    end
-
     context 'when extension params given' do
       subject do
         Rack::OAuth2::AccessToken::Bearer.new(