rodauth-oauth 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b09ecfc1d3a8ee0f5b890620baa14ca6d847362bf38dd158e02bd2c8ebfc204e
4
- data.tar.gz: 89f0e82d7721f7ee175b1c53b7b3e0cc534e6983fe37dfc02e433df77b58225d
3
+ metadata.gz: c7c9cc026f547d781b05599d177237498390c8347791aaf5960e7447d2640b0b
4
+ data.tar.gz: 290ec103b22d394fbae7f153430605fa032b8baf6b6083e31ad8af8cd3d422b8
5
5
  SHA512:
6
- metadata.gz: d00a178f561ddecacff0587e1120b68bb22cd10b76b106b00f41167ba9c8bd8b2b8958fd629588924e502be8c947a81d3722102038cd329c006f4b4daf6efada
7
- data.tar.gz: 328542ba8ce7ef8e8f605056a9a8cbf6599136232d93f7246b13fe037ebc07225e2051b3ee454eb90ec4ae480e2b493d662d1cbbcd0ae5cc7e57a0ff29b10696
6
+ metadata.gz: 64c22bd200ff9dcb5e8406ace5f4eb34625bcee5a381e52b6b7e960b614ec3941c0460997542d843ed4eaa843a85a7f2592a027c741d5380a7572edb974ca3a9
7
+ data.tar.gz: 0a6c93bc131d2fcb45e400173ced20096caa191e3ef73f4e67ab0fc12d5ead9b9f9e6867d163612299141b96b7691429cb5e5b263036887134396f244c3dd4f7
@@ -2,6 +2,16 @@
2
2
 
3
3
  ## master
4
4
 
5
+ ### 0.4.1
6
+
7
+ ### Improvements
8
+
9
+ When in "Resource Server" mode, calling `rodauth.authorization_token` will now return an hash of the JSON payload that the Authorization Server responds, and which was already previously used to authorize access to protected resources.
10
+
11
+ ### Bugfixes
12
+
13
+ * An error ocurred if the client passed an empty authorization header (`Authorization: ` or `Authorization: Bearer `), causing an unexpected error; It now responds with the proper `401 Unauthorized` status code.
14
+
5
15
  ### 0.4.0
6
16
 
7
17
  ### Features
@@ -489,13 +489,13 @@ module Rodauth
489
489
  def fetch_access_token
490
490
  value = request.env["HTTP_AUTHORIZATION"]
491
491
 
492
- return unless value
492
+ return unless value && !value.empty?
493
493
 
494
494
  scheme, token = value.split(" ", 2)
495
495
 
496
496
  return unless scheme.downcase == oauth_token_type
497
497
 
498
- return if token.empty?
498
+ return if token.nil? || token.empty?
499
499
 
500
500
  token
501
501
  end
@@ -508,31 +508,34 @@ module Rodauth
508
508
 
509
509
  return unless bearer_token
510
510
 
511
- # check if token has not expired
512
- # check if token has been revoked
513
- @authorization_token = oauth_token_by_token(bearer_token)
511
+ @authorization_token = if is_authorization_server?
512
+ # check if token has not expired
513
+ # check if token has been revoked
514
+ oauth_token_by_token(bearer_token)
515
+ else
516
+ # where in resource server, NOT the authorization server.
517
+ payload = introspection_request("access_token", bearer_token)
518
+
519
+ return unless payload["active"]
520
+
521
+ payload
522
+ end
514
523
  end
515
524
 
516
525
  def require_oauth_authorization(*scopes)
517
- token_scopes = if is_authorization_server?
518
- authorization_required unless authorization_token
526
+ authorization_required unless authorization_token
519
527
 
520
- scopes << oauth_application_default_scope if scopes.empty?
528
+ scopes << oauth_application_default_scope if scopes.empty?
521
529
 
530
+ token_scopes = if is_authorization_server?
522
531
  authorization_token[oauth_tokens_scopes_column].split(oauth_scope_separator)
523
532
  else
524
- bearer_token = fetch_access_token
525
-
526
- authorization_required unless bearer_token
527
-
528
- scopes << oauth_application_default_scope if scopes.empty?
529
-
530
- # where in resource server, NOT the authorization server.
531
- payload = introspection_request("access_token", bearer_token)
532
-
533
- authorization_required unless payload["active"]
534
-
535
- payload["scope"].split(oauth_scope_separator)
533
+ aux_scopes = authorization_token["scope"]
534
+ if aux_scopes
535
+ aux_scopes.split(oauth_scope_separator)
536
+ else
537
+ []
538
+ end
536
539
  end
537
540
 
538
541
  authorization_required unless scopes.any? { |scope| token_scopes.include?(scope) }
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Rodauth
4
4
  module OAuth
5
- VERSION = "0.4.0"
5
+ VERSION = "0.4.1"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth-oauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tiago Cardoso
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-13 00:00:00.000000000 Z
11
+ date: 2020-11-24 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Implementation of the OAuth 2.0 protocol on top of rodauth.
14
14
  email: