rodauth-oauth 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/lib/rodauth/features/oauth.rb +23 -20
- data/lib/rodauth/oauth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c7c9cc026f547d781b05599d177237498390c8347791aaf5960e7447d2640b0b
|
4
|
+
data.tar.gz: 290ec103b22d394fbae7f153430605fa032b8baf6b6083e31ad8af8cd3d422b8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 64c22bd200ff9dcb5e8406ace5f4eb34625bcee5a381e52b6b7e960b614ec3941c0460997542d843ed4eaa843a85a7f2592a027c741d5380a7572edb974ca3a9
|
7
|
+
data.tar.gz: 0a6c93bc131d2fcb45e400173ced20096caa191e3ef73f4e67ab0fc12d5ead9b9f9e6867d163612299141b96b7691429cb5e5b263036887134396f244c3dd4f7
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,16 @@
|
|
2
2
|
|
3
3
|
## master
|
4
4
|
|
5
|
+
### 0.4.1
|
6
|
+
|
7
|
+
### Improvements
|
8
|
+
|
9
|
+
When in "Resource Server" mode, calling `rodauth.authorization_token` will now return an hash of the JSON payload that the Authorization Server responds, and which was already previously used to authorize access to protected resources.
|
10
|
+
|
11
|
+
### Bugfixes
|
12
|
+
|
13
|
+
* An error ocurred if the client passed an empty authorization header (`Authorization: ` or `Authorization: Bearer `), causing an unexpected error; It now responds with the proper `401 Unauthorized` status code.
|
14
|
+
|
5
15
|
### 0.4.0
|
6
16
|
|
7
17
|
### Features
|
@@ -489,13 +489,13 @@ module Rodauth
|
|
489
489
|
def fetch_access_token
|
490
490
|
value = request.env["HTTP_AUTHORIZATION"]
|
491
491
|
|
492
|
-
return unless value
|
492
|
+
return unless value && !value.empty?
|
493
493
|
|
494
494
|
scheme, token = value.split(" ", 2)
|
495
495
|
|
496
496
|
return unless scheme.downcase == oauth_token_type
|
497
497
|
|
498
|
-
return if token.empty?
|
498
|
+
return if token.nil? || token.empty?
|
499
499
|
|
500
500
|
token
|
501
501
|
end
|
@@ -508,31 +508,34 @@ module Rodauth
|
|
508
508
|
|
509
509
|
return unless bearer_token
|
510
510
|
|
511
|
-
|
512
|
-
|
513
|
-
|
511
|
+
@authorization_token = if is_authorization_server?
|
512
|
+
# check if token has not expired
|
513
|
+
# check if token has been revoked
|
514
|
+
oauth_token_by_token(bearer_token)
|
515
|
+
else
|
516
|
+
# where in resource server, NOT the authorization server.
|
517
|
+
payload = introspection_request("access_token", bearer_token)
|
518
|
+
|
519
|
+
return unless payload["active"]
|
520
|
+
|
521
|
+
payload
|
522
|
+
end
|
514
523
|
end
|
515
524
|
|
516
525
|
def require_oauth_authorization(*scopes)
|
517
|
-
|
518
|
-
authorization_required unless authorization_token
|
526
|
+
authorization_required unless authorization_token
|
519
527
|
|
520
|
-
|
528
|
+
scopes << oauth_application_default_scope if scopes.empty?
|
521
529
|
|
530
|
+
token_scopes = if is_authorization_server?
|
522
531
|
authorization_token[oauth_tokens_scopes_column].split(oauth_scope_separator)
|
523
532
|
else
|
524
|
-
|
525
|
-
|
526
|
-
|
527
|
-
|
528
|
-
|
529
|
-
|
530
|
-
# where in resource server, NOT the authorization server.
|
531
|
-
payload = introspection_request("access_token", bearer_token)
|
532
|
-
|
533
|
-
authorization_required unless payload["active"]
|
534
|
-
|
535
|
-
payload["scope"].split(oauth_scope_separator)
|
533
|
+
aux_scopes = authorization_token["scope"]
|
534
|
+
if aux_scopes
|
535
|
+
aux_scopes.split(oauth_scope_separator)
|
536
|
+
else
|
537
|
+
[]
|
538
|
+
end
|
536
539
|
end
|
537
540
|
|
538
541
|
authorization_required unless scopes.any? { |scope| token_scopes.include?(scope) }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth-oauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tiago Cardoso
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-24 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Implementation of the OAuth 2.0 protocol on top of rodauth.
|
14
14
|
email:
|