rack-oauth2 2.0.1 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/legacy.rb +1 -1
- data/lib/rack/oauth2/access_token/mtls.rb +2 -2
- data/lib/rack/oauth2/access_token.rb +3 -3
- data/lib/rack/oauth2/client.rb +13 -9
- data/lib/rack/oauth2/server/extension/pkce.rb +1 -1
- data/spec/helpers/webmock_helper.rb +1 -1
- data/spec/rack/oauth2/client_spec.rb +39 -0
- metadata +2 -2
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: cc2833ffc404397f87ef3649c867783f4492cefab8eaceccadf7c18b740cf018
         | 
| 4 | 
            +
              data.tar.gz: 8bbf82e5725bbf685681cfa99ada0d6dd0652bbbf741077e240163611f2077f5
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: d11c97df887b9c0e784d6dc322d61d9e7c9dd20f2e89ae118b2863449bf8bc5658642eb52808facec041a3b6ad64e805e8ee3ac84032567bdf5e13335c8b6337
         | 
| 7 | 
            +
              data.tar.gz: fdca45ec17029200d4d743e52614ef4b4ae5b15d5e3248805b69890644e7f2867f387bac50ebd27803bdbead21942efaf6e53de127a7093257c140156ae64327
         | 
    
        data/CHANGELOG.md
    CHANGED
    
    
    
        data/VERSION
    CHANGED
    
    | @@ -1 +1 @@ | |
| 1 | 
            -
            2.0 | 
| 1 | 
            +
            2.1.0
         | 
| @@ -7,8 +7,8 @@ module Rack | |
| 7 7 | 
             
                    def initialize(attributes = {})
         | 
| 8 8 | 
             
                      super
         | 
| 9 9 | 
             
                      self.token_type = :bearer
         | 
| 10 | 
            -
                       | 
| 11 | 
            -
                       | 
| 10 | 
            +
                      http_client.ssl.client_key = private_key
         | 
| 11 | 
            +
                      http_client.ssl.client_cert = certificate
         | 
| 12 12 | 
             
                    end
         | 
| 13 13 | 
             
                  end
         | 
| 14 14 | 
             
                end
         | 
| @@ -5,7 +5,7 @@ module Rack | |
| 5 5 | 
             
                  attr_required :access_token, :token_type
         | 
| 6 6 | 
             
                  attr_optional :refresh_token, :expires_in, :scope
         | 
| 7 7 | 
             
                  attr_accessor :raw_attributes
         | 
| 8 | 
            -
                  delegate :get, :patch, :post, :put, :delete, to: : | 
| 8 | 
            +
                  delegate :get, :patch, :post, :put, :delete, to: :http_client
         | 
| 9 9 |  | 
| 10 10 | 
             
                  alias_method :to_s, :access_token
         | 
| 11 11 |  | 
| @@ -18,8 +18,8 @@ module Rack | |
| 18 18 | 
             
                    attr_missing!
         | 
| 19 19 | 
             
                  end
         | 
| 20 20 |  | 
| 21 | 
            -
                  def  | 
| 22 | 
            -
                    @ | 
| 21 | 
            +
                  def http_client
         | 
| 22 | 
            +
                    @http_client ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |faraday|
         | 
| 23 23 | 
             
                      Authenticator.new(self).authenticate(faraday)
         | 
| 24 24 | 
             
                    end
         | 
| 25 25 | 
             
                  end
         | 
    
        data/lib/rack/oauth2/client.rb
    CHANGED
    
    | @@ -68,18 +68,22 @@ module Rack | |
| 68 68 | 
             
                    @forced_token_type = token_type.to_s
         | 
| 69 69 | 
             
                  end
         | 
| 70 70 |  | 
| 71 | 
            -
                  def access_token!(*args)
         | 
| 72 | 
            -
                    headers, params, http_client, options = authenticated_context_from(*args)
         | 
| 71 | 
            +
                  def access_token!(*args, &local_http_config)
         | 
| 72 | 
            +
                    headers, params, http_client, options = authenticated_context_from(*args, &local_http_config)
         | 
| 73 73 | 
             
                    params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
         | 
| 74 74 | 
             
                    params.merge! @grant.as_json
         | 
| 75 75 | 
             
                    params.merge! options
         | 
| 76 76 | 
             
                    handle_response do
         | 
| 77 | 
            -
                      http_client.post( | 
| 77 | 
            +
                      http_client.post(
         | 
| 78 | 
            +
                        absolute_uri_for(token_endpoint),
         | 
| 79 | 
            +
                        Util.compact_hash(params),
         | 
| 80 | 
            +
                        headers
         | 
| 81 | 
            +
                      )
         | 
| 78 82 | 
             
                    end
         | 
| 79 83 | 
             
                  end
         | 
| 80 84 |  | 
| 81 | 
            -
                  def revoke!(*args)
         | 
| 82 | 
            -
                    headers, params, http_client, options = authenticated_context_from(*args)
         | 
| 85 | 
            +
                  def revoke!(*args, &local_http_config)
         | 
| 86 | 
            +
                    headers, params, http_client, options = authenticated_context_from(*args, &local_http_config)
         | 
| 83 87 |  | 
| 84 88 | 
             
                    params.merge! case
         | 
| 85 89 | 
             
                    when access_token = options.delete(:access_token)
         | 
| @@ -122,15 +126,15 @@ module Rack | |
| 122 126 | 
             
                    _endpoint_.to_s
         | 
| 123 127 | 
             
                  end
         | 
| 124 128 |  | 
| 125 | 
            -
                  def authenticated_context_from(*args)
         | 
| 129 | 
            +
                  def authenticated_context_from(*args, &local_http_config)
         | 
| 126 130 | 
             
                    headers, params = {}, {}
         | 
| 127 | 
            -
                    http_client = Rack::OAuth2.http_client
         | 
| 131 | 
            +
                    http_client = Rack::OAuth2.http_client(&local_http_config)
         | 
| 128 132 |  | 
| 129 133 | 
             
                    # NOTE:
         | 
| 130 134 | 
             
                    #  Using Array#extract_options! for backward compatibility.
         | 
| 131 135 | 
             
                    #  Until v1.0.5, the first argument was 'client_auth_method' in scalar.
         | 
| 132 136 | 
             
                    options = args.extract_options!
         | 
| 133 | 
            -
                    client_auth_method = args.first || options.delete(:client_auth_method) | 
| 137 | 
            +
                    client_auth_method = args.first || options.delete(:client_auth_method)&.to_sym || :basic
         | 
| 134 138 |  | 
| 135 139 | 
             
                    case client_auth_method
         | 
| 136 140 | 
             
                    when :basic
         | 
| @@ -206,7 +210,7 @@ module Rack | |
| 206 210 |  | 
| 207 211 | 
             
                  def handle_success_response(response)
         | 
| 208 212 | 
             
                    token_hash = JSON.parse(response.body).with_indifferent_access
         | 
| 209 | 
            -
                    case (@forced_token_type || token_hash[:token_type]) | 
| 213 | 
            +
                    case (@forced_token_type || token_hash[:token_type])&.downcase
         | 
| 210 214 | 
             
                    when 'bearer'
         | 
| 211 215 | 
             
                      AccessToken::Bearer.new(token_hash)
         | 
| 212 216 | 
             
                    when nil
         | 
| @@ -27,7 +27,7 @@ module Rack | |
| 27 27 |  | 
| 28 28 | 
             
                        def verify_code_verifier!(code_challenge, code_challenge_method = :S256)
         | 
| 29 29 | 
             
                          if code_verifier.present? || code_challenge.present?
         | 
| 30 | 
            -
                            case code_challenge_method | 
| 30 | 
            +
                            case code_challenge_method&.to_sym
         | 
| 31 31 | 
             
                            when :S256
         | 
| 32 32 | 
             
                              code_challenge == Util.urlsafe_base64_encode(
         | 
| 33 33 | 
             
                                OpenSSL::Digest::SHA256.digest(code_verifier.to_s)
         | 
| @@ -309,6 +309,23 @@ describe Rack::OAuth2::Client do | |
| 309 309 | 
             
                  end
         | 
| 310 310 | 
             
                end
         | 
| 311 311 |  | 
| 312 | 
            +
                context 'local_http_config handling' do
         | 
| 313 | 
            +
                  it do
         | 
| 314 | 
            +
                    mock_response(
         | 
| 315 | 
            +
                      :post,
         | 
| 316 | 
            +
                      'https://server.example.com/oauth2/token',
         | 
| 317 | 
            +
                      'tokens/bearer.json',
         | 
| 318 | 
            +
                      request_header: {
         | 
| 319 | 
            +
                        'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=',
         | 
| 320 | 
            +
                        'X-Foo' => 'bar'
         | 
| 321 | 
            +
                      }
         | 
| 322 | 
            +
                    )
         | 
| 323 | 
            +
                    client.access_token! do |request|
         | 
| 324 | 
            +
                      request.headers.merge! 'X-Foo' => 'bar'
         | 
| 325 | 
            +
                    end
         | 
| 326 | 
            +
                  end
         | 
| 327 | 
            +
                end
         | 
| 328 | 
            +
             | 
| 312 329 | 
             
                context 'when bearer token is given' do
         | 
| 313 330 | 
             
                  before do
         | 
| 314 331 | 
             
                    client.authorization_code = 'code'
         | 
| @@ -433,6 +450,28 @@ describe Rack::OAuth2::Client do | |
| 433 450 | 
             
              end
         | 
| 434 451 |  | 
| 435 452 | 
             
              describe '#revoke!' do
         | 
| 453 | 
            +
                context 'local_http_config handling' do
         | 
| 454 | 
            +
                  it do
         | 
| 455 | 
            +
                    mock_response(
         | 
| 456 | 
            +
                      :post,
         | 
| 457 | 
            +
                      'https://server.example.com/oauth2/revoke',
         | 
| 458 | 
            +
                      'blank',
         | 
| 459 | 
            +
                      status: 200,
         | 
| 460 | 
            +
                      body: {
         | 
| 461 | 
            +
                        token: 'access_token',
         | 
| 462 | 
            +
                        token_type_hint: 'access_token'
         | 
| 463 | 
            +
                      },
         | 
| 464 | 
            +
                      request_header: {
         | 
| 465 | 
            +
                        'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=',
         | 
| 466 | 
            +
                        'X-Foo' => 'bar'
         | 
| 467 | 
            +
                      }
         | 
| 468 | 
            +
                    )
         | 
| 469 | 
            +
                    client.revoke!(access_token: 'access_token') do |request|
         | 
| 470 | 
            +
                      request.headers.merge! 'X-Foo' => 'bar'
         | 
| 471 | 
            +
                    end
         | 
| 472 | 
            +
                  end
         | 
| 473 | 
            +
                end
         | 
| 474 | 
            +
             | 
| 436 475 | 
             
                context 'when access_token given' do
         | 
| 437 476 | 
             
                  before do
         | 
| 438 477 | 
             
                    mock_response(
         | 
    
        metadata
    CHANGED
    
    | @@ -1,14 +1,14 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: rack-oauth2
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 2.0 | 
| 4 | 
            +
              version: 2.1.0
         | 
| 5 5 | 
             
            platform: ruby
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - nov matake
         | 
| 8 8 | 
             
            autorequire:
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date: 2022-10- | 
| 11 | 
            +
            date: 2022-10-09 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 14 14 | 
             
              name: rack
         |