rack-oauth2 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +3 -2
- data/VERSION +1 -1
- data/lib/rack/oauth2/client.rb +12 -10
- data/spec/rack/oauth2/server/extension/pkce_spec.rb +162 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8d200fef958c8cebe3584388068110e9faed12eb
|
|
4
|
+
data.tar.gz: 1cab3b4d8fc6de54a0488dbe0159791c31b5feb3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9f95eaa8709c9cccb94cff056dae182fe21e502a7a49ae05de49d348814c546e5708c4499dcbbee4a5208fe9c49f1270cf202363b1cc2811ceed1ba41a18322c
|
|
7
|
+
data.tar.gz: 7d3ffe4b2be092ae751c36e11f459bd691fc534045ad306d37637ee4e21757e4ff6579ae114acfc06624290fbe1fd5ab74cf8dbe216adc7161940b7a5b2a4c14
|
data/.travis.yml
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.5.0
|
data/lib/rack/oauth2/client.rb
CHANGED
|
@@ -76,16 +76,18 @@ module Rack
|
|
|
76
76
|
params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
|
|
77
77
|
params.merge! options
|
|
78
78
|
|
|
79
|
-
if secret
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
79
|
+
if secret
|
|
80
|
+
if client_auth_method == :basic
|
|
81
|
+
cred = ["#{identifier}:#{secret}"].pack('m').tr("\n", '')
|
|
82
|
+
headers.merge!(
|
|
83
|
+
'Authorization' => "Basic #{cred}"
|
|
84
|
+
)
|
|
85
|
+
else
|
|
86
|
+
params.merge!(
|
|
87
|
+
client_id: identifier,
|
|
88
|
+
client_secret: secret
|
|
89
|
+
)
|
|
90
|
+
end
|
|
89
91
|
end
|
|
90
92
|
handle_response do
|
|
91
93
|
Rack::OAuth2.http_client.post(
|
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
require 'spec_helper.rb'
|
|
2
|
+
|
|
3
|
+
describe Rack::OAuth2::Server::Authorize::Code do
|
|
4
|
+
let(:request) { Rack::MockRequest.new app }
|
|
5
|
+
let(:redirect_uri) { 'http://client.example.com/callback' }
|
|
6
|
+
let(:code_verifier) { SecureRandom.hex(16) }
|
|
7
|
+
let(:code_challenge) { Base64.urlsafe_encode64(OpenSSL::Digest::SHA256.digest(code_verifier)).delete('=') }
|
|
8
|
+
let(:code_challenge_method) { :S256 }
|
|
9
|
+
subject { @request }
|
|
10
|
+
|
|
11
|
+
describe 'authorization request' do
|
|
12
|
+
let :app do
|
|
13
|
+
Rack::OAuth2::Server::Authorize.new do |request, response|
|
|
14
|
+
@request = request
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
context 'when code_challenge is given' do
|
|
19
|
+
context 'when code_challenge_method is given' do
|
|
20
|
+
before do
|
|
21
|
+
request.get "/?response_type=code&client_id=client&redirect_uri=#{redirect_uri}&state=state&code_challenge=#{code_challenge}&code_challenge_method=#{code_challenge_method}"
|
|
22
|
+
end
|
|
23
|
+
its(:code_challenge) { should == code_challenge }
|
|
24
|
+
its(:code_challenge_method) { should == code_challenge_method.to_s }
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
context 'when code_challenge_method is omitted' do
|
|
28
|
+
before do
|
|
29
|
+
request.get "/?response_type=code&client_id=client&redirect_uri=#{redirect_uri}&state=state&code_challenge=#{code_challenge}"
|
|
30
|
+
end
|
|
31
|
+
its(:code_challenge) { should == code_challenge }
|
|
32
|
+
its(:code_challenge_method) { should == nil }
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
context 'otherwise' do
|
|
37
|
+
before do
|
|
38
|
+
request.get "/?response_type=code&client_id=client&redirect_uri=#{redirect_uri}&state=state"
|
|
39
|
+
end
|
|
40
|
+
its(:code_challenge) { should == nil }
|
|
41
|
+
its(:code_challenge_method) { should == nil }
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
describe 'token request' do
|
|
46
|
+
let(:app) do
|
|
47
|
+
Rack::OAuth2::Server::Token.new do |request, response|
|
|
48
|
+
@request = request
|
|
49
|
+
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
let(:default_params) do
|
|
53
|
+
{
|
|
54
|
+
grant_type: 'authorization_code',
|
|
55
|
+
client_id: 'client_id',
|
|
56
|
+
client_secret: 'client_secret',
|
|
57
|
+
code: 'authorization_code',
|
|
58
|
+
redirect_uri: 'http://client.example.com/callback'
|
|
59
|
+
}
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
context 'when code_verifier is given' do
|
|
63
|
+
before do
|
|
64
|
+
request.post '/', params: default_params.merge(
|
|
65
|
+
code_verifier: code_verifier
|
|
66
|
+
)
|
|
67
|
+
end
|
|
68
|
+
its(:code_verifier) { should == code_verifier }
|
|
69
|
+
|
|
70
|
+
describe '#verify_code_verifier!' do
|
|
71
|
+
context 'when code_verifier is given with code_challenge_method=plain' do
|
|
72
|
+
it do
|
|
73
|
+
expect do
|
|
74
|
+
subject.verify_code_verifier! code_verifier, :plain
|
|
75
|
+
end.not_to raise_error
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
context 'when collect code_challenge is given' do
|
|
80
|
+
it do
|
|
81
|
+
expect do
|
|
82
|
+
subject.verify_code_verifier! code_challenge
|
|
83
|
+
end.not_to raise_error
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
context 'when wrong code_challenge is blank' do
|
|
88
|
+
it do
|
|
89
|
+
expect do
|
|
90
|
+
subject.verify_code_verifier! 'wrong'
|
|
91
|
+
end.to raise_error Rack::OAuth2::Server::Token::BadRequest, /invalid_grant/
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
context 'when code_challenge is nil' do
|
|
96
|
+
it do
|
|
97
|
+
expect do
|
|
98
|
+
subject.verify_code_verifier! nil
|
|
99
|
+
end.to raise_error Rack::OAuth2::Server::Token::BadRequest, /invalid_grant/
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
context 'when unknown code_challenge_method is given' do
|
|
104
|
+
it do
|
|
105
|
+
expect do
|
|
106
|
+
subject.verify_code_verifier! code_challenge, :unknown
|
|
107
|
+
end.to raise_error Rack::OAuth2::Server::Token::BadRequest, /invalid_grant/
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
context 'otherwise' do
|
|
114
|
+
before do
|
|
115
|
+
request.post '/', params: default_params
|
|
116
|
+
end
|
|
117
|
+
its(:code_verifier) { should == nil }
|
|
118
|
+
|
|
119
|
+
describe '#verify_code_verifier!' do
|
|
120
|
+
context 'when code_verifier is given with code_challenge_method=plain' do
|
|
121
|
+
it do
|
|
122
|
+
expect do
|
|
123
|
+
subject.verify_code_verifier! code_verifier, :plain
|
|
124
|
+
end.to raise_error Rack::OAuth2::Server::Token::BadRequest, /invalid_grant/
|
|
125
|
+
end
|
|
126
|
+
end
|
|
127
|
+
|
|
128
|
+
context 'when collect code_challenge is given' do
|
|
129
|
+
it do
|
|
130
|
+
expect do
|
|
131
|
+
subject.verify_code_verifier! code_challenge
|
|
132
|
+
end.to raise_error Rack::OAuth2::Server::Token::BadRequest, /invalid_grant/
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
context 'when wrong code_challenge is blank' do
|
|
137
|
+
it do
|
|
138
|
+
expect do
|
|
139
|
+
subject.verify_code_verifier! 'wrong'
|
|
140
|
+
end.to raise_error Rack::OAuth2::Server::Token::BadRequest, /invalid_grant/
|
|
141
|
+
end
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
context 'when code_challenge is nil' do
|
|
145
|
+
it do
|
|
146
|
+
expect do
|
|
147
|
+
subject.verify_code_verifier! nil
|
|
148
|
+
end.not_to raise_error
|
|
149
|
+
end
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
context 'when unknown code_challenge_method is given' do
|
|
153
|
+
it do
|
|
154
|
+
expect do
|
|
155
|
+
subject.verify_code_verifier! code_challenge, :unknown
|
|
156
|
+
end.to raise_error Rack::OAuth2::Server::Token::BadRequest, /invalid_grant/
|
|
157
|
+
end
|
|
158
|
+
end
|
|
159
|
+
end
|
|
160
|
+
end
|
|
161
|
+
end
|
|
162
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-01-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -261,6 +261,7 @@ files:
|
|
|
261
261
|
- spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb
|
|
262
262
|
- spec/rack/oauth2/server/authorize/token_spec.rb
|
|
263
263
|
- spec/rack/oauth2/server/authorize_spec.rb
|
|
264
|
+
- spec/rack/oauth2/server/extension/pkce_spec.rb
|
|
264
265
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
|
265
266
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
|
266
267
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
|
@@ -339,6 +340,7 @@ test_files:
|
|
|
339
340
|
- spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb
|
|
340
341
|
- spec/rack/oauth2/server/authorize/token_spec.rb
|
|
341
342
|
- spec/rack/oauth2/server/authorize_spec.rb
|
|
343
|
+
- spec/rack/oauth2/server/extension/pkce_spec.rb
|
|
342
344
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
|
343
345
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
|
344
346
|
- spec/rack/oauth2/server/resource/error_spec.rb
|