rodauth-oauth 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/doc/release_notes/1_1_0.md +9 -0
- data/lib/rodauth/features/oauth_authorize_base.rb +24 -1
- data/lib/rodauth/oauth/version.rb +1 -1
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 12c86242a8a2001fba629cb6bd8e25886b8805fce5d0965ebc70377824e25e91
|
|
4
|
+
data.tar.gz: 2fdc78f81b737c9c0d0086f258a86807f8855d3f0bc9be89bffb6d6a90946ed3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: be15b77c46a135d213cd6e6e6bc7000b961e036febdb8f75bb922f09554d68ab757d5094fe96816c83c5966a3094daa32ecbbee798b2a8bb72417df9506ac3b3
|
|
7
|
+
data.tar.gz: a5fec610e9193d449ef49fbfde36688398c9e4e576da5ea579165c306ecc51bc910d0d758c923a9bece59ef4e7651347f9ebb7951504f3354b101fe5f845173a
|
data/README.md
CHANGED
|
@@ -46,6 +46,7 @@ This gem implements the following RFCs and features of OAuth:
|
|
|
46
46
|
|
|
47
47
|
* `oauth_dynamic_client_registration` - [Dynamic Client Registration Protocol](https://datatracker.ietf.org/doc/html/rfc7591);
|
|
48
48
|
* OAuth application and token management dashboards;
|
|
49
|
+
* The recommendations for [Native Apps](https://www.rfc-editor.org/rfc/rfc8252);
|
|
49
50
|
|
|
50
51
|
It also implements the [OpenID Connect layer](https://openid.net/connect/) (via the `openid` feature) on top of the OAuth features it provides, including:
|
|
51
52
|
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
## 1.0.0 (10/01/2023)
|
|
2
|
+
|
|
3
|
+
## Features
|
|
4
|
+
|
|
5
|
+
### Loopback Interface Redirection URI support
|
|
6
|
+
|
|
7
|
+
https://www.rfc-editor.org/rfc/rfc8252#section-7.3
|
|
8
|
+
|
|
9
|
+
Redirect URIs based on loopback addresses ("127.0.0.1", "::1") are now supported when used in an authorization request with an ephemeral port (@avdigrimm).
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "ipaddr"
|
|
3
4
|
require "rodauth/oauth"
|
|
4
5
|
|
|
5
6
|
module Rodauth
|
|
@@ -71,7 +72,8 @@ module Rodauth
|
|
|
71
72
|
redirect_uris = oauth_application[oauth_applications_redirect_uri_column].split(" ")
|
|
72
73
|
|
|
73
74
|
if (redirect_uri = param_or_nil("redirect_uri"))
|
|
74
|
-
|
|
75
|
+
normalized_redirect_uri = normalize_redirect_uri_for_comparison(redirect_uri)
|
|
76
|
+
redirect_authorize_error("redirect_uri") unless redirect_uris.include?(normalized_redirect_uri)
|
|
75
77
|
elsif redirect_uris.size > 1
|
|
76
78
|
redirect_authorize_error("redirect_uri")
|
|
77
79
|
end
|
|
@@ -211,5 +213,26 @@ module Rodauth
|
|
|
211
213
|
end
|
|
212
214
|
create_params[oauth_grants_code_column]
|
|
213
215
|
end
|
|
216
|
+
|
|
217
|
+
def normalize_redirect_uri_for_comparison(redirect_uri)
|
|
218
|
+
uri = URI(redirect_uri)
|
|
219
|
+
|
|
220
|
+
return redirect_uri unless uri.scheme == "http" && uri.port
|
|
221
|
+
|
|
222
|
+
hostname = uri.hostname
|
|
223
|
+
|
|
224
|
+
# https://www.rfc-editor.org/rfc/rfc8252#section-7.3
|
|
225
|
+
# ignore (potentially ephemeral) port number for native clients per RFC8252
|
|
226
|
+
begin
|
|
227
|
+
ip = IPAddr.new(hostname)
|
|
228
|
+
uri.port = nil if ip.loopback?
|
|
229
|
+
rescue IPAddr::InvalidAddressError
|
|
230
|
+
# https://www.rfc-editor.org/rfc/rfc8252#section-8.3
|
|
231
|
+
# Although the use of localhost is NOT RECOMMENDED, it is still allowed.
|
|
232
|
+
uri.port = nil if hostname == "localhost"
|
|
233
|
+
end
|
|
234
|
+
|
|
235
|
+
uri.to_s
|
|
236
|
+
end
|
|
214
237
|
end
|
|
215
238
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth-oauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tiago Cardoso
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-01-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rodauth
|
|
@@ -67,6 +67,7 @@ extra_rdoc_files:
|
|
|
67
67
|
- doc/release_notes/0_9_2.md
|
|
68
68
|
- doc/release_notes/0_9_3.md
|
|
69
69
|
- doc/release_notes/1_0_0.md
|
|
70
|
+
- doc/release_notes/1_1_0.md
|
|
70
71
|
files:
|
|
71
72
|
- CHANGELOG.md
|
|
72
73
|
- LICENSE.txt
|
|
@@ -105,6 +106,7 @@ files:
|
|
|
105
106
|
- doc/release_notes/0_9_2.md
|
|
106
107
|
- doc/release_notes/0_9_3.md
|
|
107
108
|
- doc/release_notes/1_0_0.md
|
|
109
|
+
- doc/release_notes/1_1_0.md
|
|
108
110
|
- lib/generators/rodauth/oauth/install_generator.rb
|
|
109
111
|
- lib/generators/rodauth/oauth/templates/app/models/oauth_application.rb
|
|
110
112
|
- lib/generators/rodauth/oauth/templates/app/models/oauth_grant.rb
|
|
@@ -194,7 +196,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
194
196
|
- !ruby/object:Gem::Version
|
|
195
197
|
version: '0'
|
|
196
198
|
requirements: []
|
|
197
|
-
rubygems_version: 3.
|
|
199
|
+
rubygems_version: 3.3.7
|
|
198
200
|
signing_key:
|
|
199
201
|
specification_version: 4
|
|
200
202
|
summary: Implementation of the OAuth 2.0 protocol on top of rodauth.
|