rack-oauth2 2.0.1 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7574d464d319f64fc1cfd3913d6d773024b697bd55aadece79a0f085e237a5ba
-  data.tar.gz: 9efa49f33b0a29b2eeb54917c60092e5c9fb436e75b3f525cc117fcce1dce81a
+  metadata.gz: 45ba67ac4566f374465673cc5711e71c15006bbe966531a4c1de2473206879b2
+  data.tar.gz: 56f8718f283533c369b1743dfd86499e49e5d828a83ac060fa919fac57a935d2
 SHA512:
-  metadata.gz: c2b01fad3bbda97b24cd9520137c58aa4ad02e91535d02f5d5d5b1b4846d3ce067148a91f55f321a0cee789c6ec63516960b5550f96262cc2bd9e89a9cc33978
-  data.tar.gz: 53899a188b886011d5c3b96873d3bdab5070b74e09f6770996630335b3fe7cd0665a47dc3d623d4f8b571ef82365984e3329f59161407a5c7b2ca79bfdb3f2b8
+  metadata.gz: 63316467536c2c98cddea9b2b7907b3ff5fd6b53b892bd338709e1f7a6b014aa4dc20d71b12cd01ffac502c1ab0964218aac7ff6a0e81141ff8aa10e80557cdd
+  data.tar.gz: 97e685531853c4837a0e86636c865827033e25f646c4572d254e2584a811f937faa6dc7fe780742814bd9657066c9fc16394723ba87029605761d5acf2d490f7

data/CHANGELOG.md

@@ -1,5 +1,17 @@
 ## [Unreleased]
 
+## [2.1.0] - 2022-10-10
+
+### Added
+
+- accept local_http_config on Rack::OAuth2::Client#access_token! & revoke!  to support custom headers etc. by @nov in https://github.com/nov/rack-oauth2/pull/93
+
+## [2.0.1] - 2022-10-09
+
+### Fixed
+
+- changes for mTLS on faraday by @nov in https://github.com/nov/rack-oauth2/pull/92
+
 ## [2.0.0] - 2022-10-09
 
 ### Added

data/VERSION

@@ -1 +1 @@
-2.0.1
+2.2.0

data/lib/rack/oauth2/access_token/mtls.rb

@@ -7,8 +7,8 @@ module Rack
         def initialize(attributes = {})
           super
           self.token_type = :bearer
-          httpclient.ssl.client_key = private_key
-          httpclient.ssl.client_cert = certificate
+          http_client.ssl.client_key = private_key
+          http_client.ssl.client_cert = certificate
         end
       end
     end

data/lib/rack/oauth2/access_token.rb

@@ -5,7 +5,7 @@ module Rack
       attr_required :access_token, :token_type
       attr_optional :refresh_token, :expires_in, :scope
       attr_accessor :raw_attributes
-      delegate :get, :patch, :post, :put, :delete, to: :httpclient
+      delegate :get, :patch, :post, :put, :delete, to: :http_client
 
       alias_method :to_s, :access_token
 
@@ -18,8 +18,8 @@ module Rack
         attr_missing!
       end
 
-      def httpclient
-        @httpclient ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |faraday|
+      def http_client
+        @http_client ||= Rack::OAuth2.http_client("#{self.class} (#{VERSION})") do |faraday|
           Authenticator.new(self).authenticate(faraday)
         end
       end
@@ -39,5 +39,4 @@ end
 
 require 'rack/oauth2/access_token/authenticator'
 require 'rack/oauth2/access_token/bearer'
-require 'rack/oauth2/access_token/legacy'
 require 'rack/oauth2/access_token/mtls'

data/lib/rack/oauth2/client.rb

@@ -74,7 +74,13 @@ module Rack
         params.merge! @grant.as_json
         params.merge! options
         handle_response do
-          http_client.post(absolute_uri_for(token_endpoint), Util.compact_hash(params), headers)
+          http_client.post(
+            absolute_uri_for(token_endpoint),
+            Util.compact_hash(params),
+            headers
+          ) do |req|
+            yield req if block_given?
+          end
         end
       end
 
@@ -107,7 +113,9 @@ module Rack
             absolute_uri_for(revocation_endpoint),
             Util.compact_hash(params),
             headers
-          )
+          ) do |req|
+            yield req if block_given?
+          end
         end
       end
 
@@ -130,7 +138,7 @@ module Rack
         #  Using Array#extract_options! for backward compatibility.
         #  Until v1.0.5, the first argument was 'client_auth_method' in scalar.
         options = args.extract_options!
-        client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic
+        client_auth_method = args.first || options.delete(:client_auth_method)&.to_sym || :basic
 
         case client_auth_method
         when :basic
@@ -205,24 +213,19 @@ module Rack
       end
 
       def handle_success_response(response)
-        token_hash = JSON.parse(response.body).with_indifferent_access
-        case (@forced_token_type || token_hash[:token_type]).try(:downcase)
+        token_hash = response.body.with_indifferent_access
+        case (@forced_token_type || token_hash[:token_type])&.downcase
         when 'bearer'
           AccessToken::Bearer.new(token_hash)
-        when nil
-          AccessToken::Legacy.new(token_hash)
         else
           raise 'Unknown Token Type'
         end
-      rescue JSON::ParserError
-        # NOTE: Facebook support (They don't use JSON as token response)
-        AccessToken::Legacy.new Rack::Utils.parse_nested_query(response.body).with_indifferent_access
       end
 
       def handle_error_response(response)
-        error = JSON.parse(response.body).with_indifferent_access
+        error = response.body.with_indifferent_access
         raise Error.new(response.status, error)
-      rescue JSON::ParserError
+      rescue Faraday::ParsingError, NoMethodError
         raise Error.new(response.status, error: 'Unknown', error_description: response.body)
       end
     end

data/lib/rack/oauth2/server/extension/pkce.rb

@@ -27,7 +27,7 @@ module Rack
 
             def verify_code_verifier!(code_challenge, code_challenge_method = :S256)
               if code_verifier.present? || code_challenge.present?
-                case code_challenge_method.try(:to_sym)
+                case code_challenge_method&.to_sym
                 when :S256
                   code_challenge == Util.urlsafe_base64_encode(
                     OpenSSL::Digest::SHA256.digest(code_verifier.to_s)

data/lib/rack/oauth2.rb

@@ -44,6 +44,7 @@ module Rack
       Faraday.new(headers: {user_agent: agent_name}) do |faraday|
         faraday.request :url_encoded
         faraday.request :json
+        faraday.response :json
         faraday.response :logger, Rack::OAuth2.logger, {bodies: true} if debugging?
         faraday.adapter Faraday.default_adapter
         local_http_config&.call(faraday)

data/spec/helpers/webmock_helper.rb

@@ -13,7 +13,7 @@ module WebMockHelper
 
   def request_for(method, options = {})
     request = {}
-    params = options.try(:[], :params) || {}
+    params = options&.[](:params) || {}
     case method
     when :post, :put, :delete
       request[:body] = params
@@ -28,7 +28,13 @@ module WebMockHelper
 
   def response_for(response_file, options = {})
     response = {}
-    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', response_file))
+    format = options[:format] || :json
+    if format == :json
+      response[:headers] = {
+        'Content-Type': 'application/json'
+      }
+    end
+    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{format}"))
     if options[:status]
       response[:status] = options[:status]
     end

data/spec/rack/oauth2/access_token/authenticator_spec.rb

@@ -12,15 +12,6 @@ describe Rack::OAuth2::AccessToken::Authenticator do
     end
   end
 
-  context 'when Legacy token is given' do
-    let(:token) do
-      Rack::OAuth2::AccessToken::Legacy.new(
-        access_token: 'access_token'
-      )
-    end
-    it_behaves_like :authenticator
-  end
-
   context 'when Bearer token is given' do
     let(:token) do
       Rack::OAuth2::AccessToken::Bearer.new(

data/spec/rack/oauth2/client_spec.rb

@@ -93,7 +93,7 @@ describe Rack::OAuth2::Client do
           mock_response(
             :post,
             'https://server.example.com/oauth2/token',
-            'tokens/bearer.json',
+            'tokens/bearer',
             request_header: {
               'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ='
             }
@@ -109,7 +109,7 @@ describe Rack::OAuth2::Client do
               mock_response(
                 :post,
                 'https://server.example.com/oauth2/token',
-                'tokens/bearer.json',
+                'tokens/bearer',
                 request_header: {
                   'Authorization' => 'Basic aHR0cHMlM0ElMkYlMkZjbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
                 }
@@ -127,7 +127,7 @@ describe Rack::OAuth2::Client do
                mock_response(
                  :post,
                  'https://server.example.com/oauth2/token',
-                 'tokens/bearer.json',
+                 'tokens/bearer',
                  request_header: {
                    'Authorization' => 'Basic aHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
                  }
@@ -143,7 +143,7 @@ describe Rack::OAuth2::Client do
               mock_response(
                 :post,
                 'https://server.example.com/oauth2/token',
-                'tokens/bearer.json',
+                'tokens/bearer',
                 params: {
                   client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9\..+/, # NOTE: HS256
                   client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -171,7 +171,7 @@ describe Rack::OAuth2::Client do
                 mock_response(
                   :post,
                   'https://server.example.com/oauth2/token',
-                  'tokens/bearer.json',
+                  'tokens/bearer',
                   params: {
                     client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9\..+/, # NOTE: RS256
                     client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -198,7 +198,7 @@ describe Rack::OAuth2::Client do
                 mock_response(
                   :post,
                   'https://server.example.com/oauth2/token',
-                  'tokens/bearer.json',
+                  'tokens/bearer',
                   params: {
                     client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9\..+/, # NOTE: ES256
                     client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -225,7 +225,7 @@ describe Rack::OAuth2::Client do
               mock_response(
                 :post,
                 'https://server.example.com/oauth2/token',
-                'tokens/bearer.json',
+                'tokens/bearer',
                 params: {
                   client_assertion: 'any.jwt.assertion',
                   client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -244,7 +244,7 @@ describe Rack::OAuth2::Client do
             mock_response(
               :post,
               'https://server.example.com/oauth2/token',
-              'tokens/bearer.json',
+              'tokens/bearer',
               params: {
                 client_id: 'client_id',
                 client_secret: 'client_secret',
@@ -262,7 +262,7 @@ describe Rack::OAuth2::Client do
             mock_response(
               :post,
               'https://server.example.com/oauth2/token',
-              'tokens/bearer.json',
+              'tokens/bearer',
               params: {
                 client_id: 'client_id',
                 client_secret: 'client_secret',
@@ -282,7 +282,7 @@ describe Rack::OAuth2::Client do
             mock_response(
               :post,
               'https://server.example.com/oauth2/token',
-              'tokens/bearer.json',
+              'tokens/bearer',
               params: {
                 grant_type: 'client_credentials',
                 scope: 'a b'
@@ -298,7 +298,7 @@ describe Rack::OAuth2::Client do
           mock_response(
             :post,
             'https://server.example.com/oauth2/token',
-            'tokens/bearer.json',
+            'tokens/bearer',
             params: {
               grant_type: 'client_credentials',
               resource: 'something'
@@ -309,81 +309,49 @@ describe Rack::OAuth2::Client do
       end
     end
 
-    context 'when bearer token is given' do
-      before do
-        client.authorization_code = 'code'
+    context 'local_http_config handling' do
+      it do
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'tokens/bearer.json'
+          'tokens/bearer',
+          request_header: {
+            'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=',
+            'X-Foo' => 'bar'
+          }
         )
-      end
-      it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
-      its(:token_type) { should == :bearer }
-      its(:access_token) { should == 'access_token' }
-      its(:refresh_token) { should == 'refresh_token' }
-      its(:expires_in) { should == 3600 }
-
-      context 'when token type is "Bearer", not "bearer"' do
-        before do
-          client.authorization_code = 'code'
-          mock_response(
-            :post,
-            'https://server.example.com/oauth2/token',
-            'tokens/_Bearer.json'
-          )
+        client.access_token! do |request|
+          request.headers['X-Foo'] = 'bar'
         end
-        it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
-        its(:token_type) { should == :bearer }
       end
     end
 
-    context 'when no-type token is given (JSON)' do
+    context 'when bearer token is given' do
       before do
         client.authorization_code = 'code'
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'tokens/legacy.json'
+          'tokens/bearer'
         )
       end
-      it { should be_instance_of Rack::OAuth2::AccessToken::Legacy }
-      its(:token_type) { should == :legacy }
+      it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
+      its(:token_type) { should == :bearer }
       its(:access_token) { should == 'access_token' }
       its(:refresh_token) { should == 'refresh_token' }
       its(:expires_in) { should == 3600 }
 
-      context 'when token_type is forced' do
-        before do
-          client.force_token_type! :bearer
-        end
-        it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
-        its(:token_type) { should == :bearer }
-      end
-    end
-
-    context 'when no-type token is given (key-value)' do
-      before do
-        mock_response(
-          :post,
-          'https://server.example.com/oauth2/token',
-          'tokens/legacy.txt'
-        )
-      end
-      it { should be_instance_of Rack::OAuth2::AccessToken::Legacy }
-      its(:token_type) { should == :legacy }
-      its(:access_token) { should == 'access_token' }
-      its(:expires_in) { should == 3600 }
-
-      context 'when expires_in is not given' do
+      context 'when token type is "Bearer", not "bearer"' do
         before do
+          client.authorization_code = 'code'
           mock_response(
             :post,
             'https://server.example.com/oauth2/token',
-            'tokens/legacy_without_expires_in.txt'
+            'tokens/_Bearer'
           )
         end
-        its(:expires_in) { should be_nil }
+        it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
+        its(:token_type) { should == :bearer }
       end
     end
 
@@ -393,7 +361,7 @@ describe Rack::OAuth2::Client do
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'tokens/unknown.json'
+          'tokens/unknown'
         )
       end
       it do
@@ -406,7 +374,7 @@ describe Rack::OAuth2::Client do
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'errors/invalid_request.json',
+          'errors/invalid_request',
           status: 400
         )
       end
@@ -422,6 +390,7 @@ describe Rack::OAuth2::Client do
             :post,
             'https://server.example.com/oauth2/token',
             'blank',
+            format: 'txt',
             status: 400
           )
         end
@@ -433,12 +402,36 @@ describe Rack::OAuth2::Client do
   end
 
   describe '#revoke!' do
+    context 'local_http_config handling' do
+      it do
+        mock_response(
+          :post,
+          'https://server.example.com/oauth2/revoke',
+          'blank',
+          format: 'txt',
+          status: 200,
+          body: {
+            token: 'access_token',
+            token_type_hint: 'access_token'
+          },
+          request_header: {
+            'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=',
+            'X-Foo' => 'bar'
+          }
+        )
+        client.revoke!(access_token: 'access_token') do |request|
+          request.headers['X-Foo'] = 'bar'
+        end
+      end
+    end
+
     context 'when access_token given' do
       before do
         mock_response(
           :post,
           'https://server.example.com/oauth2/revoke',
           'blank',
+          format: 'txt',
           status: 200,
           body: {
             token: 'access_token',
@@ -457,6 +450,7 @@ describe Rack::OAuth2::Client do
           :post,
           'https://server.example.com/oauth2/revoke',
           'blank',
+          format: 'txt',
           status: 200,
           body: {
             token: 'refresh_token',
@@ -484,7 +478,7 @@ describe Rack::OAuth2::Client do
         mock_response(
           :post,
           'https://server.example.com/oauth2/revoke',
-          'errors/invalid_request.json',
+          'errors/invalid_request',
           status: 400
         )
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.2.0
 platform: ruby
 authors:
 - nov matake
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-10-08 00:00:00.000000000 Z
+date: 2022-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -201,7 +201,6 @@ files:
 - lib/rack/oauth2/access_token.rb
 - lib/rack/oauth2/access_token/authenticator.rb
 - lib/rack/oauth2/access_token/bearer.rb
-- lib/rack/oauth2/access_token/legacy.rb
 - lib/rack/oauth2/access_token/mtls.rb
 - lib/rack/oauth2/client.rb
 - lib/rack/oauth2/client/error.rb
@@ -250,18 +249,14 @@ files:
 - rack-oauth2.gemspec
 - spec/helpers/time.rb
 - spec/helpers/webmock_helper.rb
-- spec/mock_response/blank
+- spec/mock_response/blank.txt
 - spec/mock_response/errors/invalid_request.json
 - spec/mock_response/resources/fake.txt
 - spec/mock_response/tokens/_Bearer.json
 - spec/mock_response/tokens/bearer.json
-- spec/mock_response/tokens/legacy.json
-- spec/mock_response/tokens/legacy.txt
-- spec/mock_response/tokens/legacy_without_expires_in.txt
 - spec/mock_response/tokens/unknown.json
 - spec/rack/oauth2/access_token/authenticator_spec.rb
 - spec/rack/oauth2/access_token/bearer_spec.rb
-- spec/rack/oauth2/access_token/legacy_spec.rb
 - spec/rack/oauth2/access_token_spec.rb
 - spec/rack/oauth2/client/error_spec.rb
 - spec/rack/oauth2/client/grant/authorization_code_spec.rb
@@ -321,18 +316,14 @@ summary: OAuth 2.0 Server & Client Library - Both Bearer token type are supporte
 test_files:
 - spec/helpers/time.rb
 - spec/helpers/webmock_helper.rb
-- spec/mock_response/blank
+- spec/mock_response/blank.txt
 - spec/mock_response/errors/invalid_request.json
 - spec/mock_response/resources/fake.txt
 - spec/mock_response/tokens/_Bearer.json
 - spec/mock_response/tokens/bearer.json
-- spec/mock_response/tokens/legacy.json
-- spec/mock_response/tokens/legacy.txt
-- spec/mock_response/tokens/legacy_without_expires_in.txt
 - spec/mock_response/tokens/unknown.json
 - spec/rack/oauth2/access_token/authenticator_spec.rb
 - spec/rack/oauth2/access_token/bearer_spec.rb
-- spec/rack/oauth2/access_token/legacy_spec.rb
 - spec/rack/oauth2/access_token_spec.rb
 - spec/rack/oauth2/client/error_spec.rb
 - spec/rack/oauth2/client/grant/authorization_code_spec.rb

data/lib/rack/oauth2/access_token/legacy.rb

@@ -1,19 +0,0 @@
-module Rack
-  module OAuth2
-    class AccessToken
-      class Legacy < AccessToken
-        def initialize(attributes = {})
-          super
-          self.expires_in = (
-            self.expires_in ||
-            attributes[:expires]
-          ).try(:to_i)
-        end
-
-        def authenticate(request)
-          request.headers["Authorization"] = "OAuth #{access_token}"
-        end
-      end
-    end
-  end
-end

data/spec/mock_response/tokens/legacy.json

@@ -1,5 +0,0 @@
-{
-  "access_token":"access_token",
-  "refresh_token":"refresh_token",
-  "expires_in":3600
-}

data/spec/mock_response/tokens/legacy.txt

@@ -1 +0,0 @@
-access_token=access_token&expires=3600

data/spec/mock_response/tokens/legacy_without_expires_in.txt

@@ -1 +0,0 @@
-access_token=access_token

data/spec/rack/oauth2/access_token/legacy_spec.rb

@@ -1,23 +0,0 @@
-require 'spec_helper'
-
-describe Rack::OAuth2::AccessToken::Legacy do
-  let :token do
-    Rack::OAuth2::AccessToken::Legacy.new(
-      access_token: 'access_token'
-    )
-  end
-  let(:resource_endpoint) { 'https://server.example.com/resources/fake' }
-  let(:request) { Faraday::Request.new(:post, URI.parse(resource_endpoint), '', {hello: "world"}, {}) }
-
-  describe '#to_s' do
-    subject { token }
-    its(:to_s) { should == token.access_token }
-  end
-
-  describe '.authenticate' do
-    it 'should set Authorization header' do
-      expect(request.headers).to receive(:[]=).with('Authorization', 'OAuth access_token')
-      token.authenticate(request)
-    end
-  end
-end