rodauth-oauth 1.3.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ac42aa0fb7d65030b403957a408d6d5b1f999614c957ec8176d814030ddb9381
|
4
|
+
data.tar.gz: f67cf98dfdb162d1e015d3930b569756f2a25737a64e68ed36fcf31e2d672be2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e86da1d43f30dfb18e1ae530dc5b1cc9cf69903d32a39bade2dc5881075140d79ef5644159ff40b1406b58dfb12197c79d13f683f20b431330d02d452b3cf87e
|
7
|
+
data.tar.gz: ad35b6bc881f1e22f7cb7227115daee9556ebeada9e10b21e8ecfeb9dc0e7a51ddd606ef481f1125064e49d6ee39076bd8bc2043d58d0d103df6a27813a022db
|
@@ -0,0 +1,10 @@
|
|
1
|
+
### 1.3.1 (27/06/2023)
|
2
|
+
|
3
|
+
#### Bugfixes
|
4
|
+
|
5
|
+
* Set 401 error response when `client_id` parameter is invalid, or from an unexisting client application, instead of failing with a 500 (@igor-alexandrov).
|
6
|
+
* update rails authorize form to use roda request params instead, as plain params was breaking JAR and PAR-based authorize forms in rails applications.
|
7
|
+
|
8
|
+
#### Chore
|
9
|
+
|
10
|
+
* set `:padding` to `false` in `Base64.urlsafe_encode64` calls (@felipe.zavan)
|
@@ -37,10 +37,10 @@
|
|
37
37
|
</div>
|
38
38
|
<% end %>
|
39
39
|
<% end %>
|
40
|
-
<%= hidden_field_tag :client_id,
|
41
|
-
<% %
|
42
|
-
<% if
|
43
|
-
<%= hidden_field_tag oauth_param,
|
40
|
+
<%= hidden_field_tag :client_id, rodauth.raw_param("client_id") %>
|
41
|
+
<% %w[access_type response_type response_mode state redirect_uri].each do |oauth_param| %>
|
42
|
+
<% if rodauth.raw_param(oauth_param) %>
|
43
|
+
<%= hidden_field_tag oauth_param, rodauth.raw_param(oauth_param) %>
|
44
44
|
<% end %>
|
45
45
|
<% end %>
|
46
46
|
<% if rodauth.features.include?(:oauth_resource_indicators) && rodauth.resource_indicators %>
|
@@ -49,39 +49,39 @@
|
|
49
49
|
<% end %>
|
50
50
|
<% end %>
|
51
51
|
<% if rodauth.features.include?(:oauth_pkce) %>
|
52
|
-
<% if
|
53
|
-
<%= hidden_field_tag :code_challenge,
|
52
|
+
<% if rodauth.raw_param("code_challenge") %>
|
53
|
+
<%= hidden_field_tag :code_challenge, rodauth.raw_param("code_challenge") %>
|
54
54
|
<% end %>
|
55
|
-
<% if
|
56
|
-
<%= hidden_field_tag :code_challenge_method,
|
55
|
+
<% if rodauth.raw_param("code_challenge_method") %>
|
56
|
+
<%= hidden_field_tag :code_challenge_method, rodauth.raw_param("code_challenge_method") %>
|
57
57
|
<% end %>
|
58
58
|
<% end %>
|
59
59
|
<% if rodauth.features.include?(:oidc) %>
|
60
|
-
<% if
|
61
|
-
<%= hidden_field_tag :prompt,
|
60
|
+
<% if rodauth.raw_param("prompt") %>
|
61
|
+
<%= hidden_field_tag :prompt, rodauth.raw_param("prompt") %>
|
62
62
|
<% end %>
|
63
|
-
<% if
|
64
|
-
<%= hidden_field_tag :nonce,
|
63
|
+
<% if rodauth.raw_param("nonce") %>
|
64
|
+
<%= hidden_field_tag :nonce, rodauth.raw_param("nonce") %>
|
65
65
|
<% end %>
|
66
|
-
<% if
|
67
|
-
<%= hidden_field_tag :ui_locales,
|
66
|
+
<% if rodauth.raw_param("ui_locales") %>
|
67
|
+
<%= hidden_field_tag :ui_locales, rodauth.raw_param("ui_locales") %>
|
68
68
|
<% end %>
|
69
|
-
<% if
|
70
|
-
<%= hidden_field_tag :claims_locales,
|
69
|
+
<% if rodauth.raw_param("claims_locales") %>
|
70
|
+
<%= hidden_field_tag :claims_locales, rodauth.raw_param("claims_locales") %>
|
71
71
|
<% end %>
|
72
|
-
<% if
|
73
|
-
<%= hidden_field_tag :claims,
|
72
|
+
<% if rodauth.raw_param("claims") %>
|
73
|
+
<%= hidden_field_tag :claims, sanitize(rodauth.raw_param("claims")) %>
|
74
74
|
<% end %>
|
75
|
-
<% if
|
76
|
-
<%= hidden_field_tag :acr_values,
|
75
|
+
<% if rodauth.raw_param("acr_values") %>
|
76
|
+
<%= hidden_field_tag :acr_values, rodauth.raw_param("acr_values") %>
|
77
77
|
<% end %>
|
78
|
-
<% if
|
79
|
-
<%= hidden_field_tag :registration,
|
78
|
+
<% if rodauth.raw_param("registration") %>
|
79
|
+
<%= hidden_field_tag :registration, rodauth.raw_param("registration") %>
|
80
80
|
<% end %>
|
81
81
|
<% end %>
|
82
82
|
</div>
|
83
83
|
<p class="text-center">
|
84
84
|
<%= submit_tag rodauth.oauth_authorize_button, class: "btn btn-outline-primary" %>
|
85
|
-
<%= link_to rodauth.oauth_cancel_button, "#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{"&state=\#{CGI.escape(rodauth.state)}" if
|
85
|
+
<%= link_to rodauth.oauth_cancel_button, "#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{"&state=\#{CGI.escape(rodauth.state)}" if rodauth.raw_param("state") }", class: "btn btn-outline-danger" %>
|
86
86
|
</p>
|
87
87
|
<% end %>
|
@@ -367,7 +367,7 @@ module Rodauth
|
|
367
367
|
end
|
368
368
|
|
369
369
|
def require_oauth_application_from_client_secret_basic(token)
|
370
|
-
client_id, client_secret = Base64.decode64(token).split(
|
370
|
+
client_id, client_secret = Base64.decode64(token).split(":", 2)
|
371
371
|
authorization_required unless client_id
|
372
372
|
oauth_application = db[oauth_applications_table].where(oauth_applications_client_id_column => client_id).first
|
373
373
|
authorization_required unless supports_auth_method?(oauth_application,
|
@@ -389,6 +389,8 @@ module Rodauth
|
|
389
389
|
end
|
390
390
|
|
391
391
|
def supports_auth_method?(oauth_application, auth_method)
|
392
|
+
return false unless oauth_application
|
393
|
+
|
392
394
|
supported_auth_methods = if oauth_application[oauth_applications_token_endpoint_auth_method_column]
|
393
395
|
oauth_application[oauth_applications_token_endpoint_auth_method_column].split(/ +/)
|
394
396
|
else
|
@@ -76,8 +76,7 @@ module Rodauth
|
|
76
76
|
when "plain"
|
77
77
|
challenge == verifier
|
78
78
|
when "S256"
|
79
|
-
generated_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(verifier))
|
80
|
-
generated_challenge.delete_suffix!("=") while generated_challenge.end_with?("=")
|
79
|
+
generated_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(verifier), padding: false)
|
81
80
|
|
82
81
|
challenge == generated_challenge
|
83
82
|
else
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth-oauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tiago Cardoso
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-06-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rodauth
|
@@ -70,6 +70,7 @@ extra_rdoc_files:
|
|
70
70
|
- doc/release_notes/1_1_0.md
|
71
71
|
- doc/release_notes/1_2_0.md
|
72
72
|
- doc/release_notes/1_3_0.md
|
73
|
+
- doc/release_notes/1_3_1.md
|
73
74
|
files:
|
74
75
|
- CHANGELOG.md
|
75
76
|
- LICENSE.txt
|
@@ -111,6 +112,7 @@ files:
|
|
111
112
|
- doc/release_notes/1_1_0.md
|
112
113
|
- doc/release_notes/1_2_0.md
|
113
114
|
- doc/release_notes/1_3_0.md
|
115
|
+
- doc/release_notes/1_3_1.md
|
114
116
|
- lib/generators/rodauth/oauth/install_generator.rb
|
115
117
|
- lib/generators/rodauth/oauth/templates/app/models/oauth_application.rb
|
116
118
|
- lib/generators/rodauth/oauth/templates/app/models/oauth_grant.rb
|
@@ -204,7 +206,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
204
206
|
- !ruby/object:Gem::Version
|
205
207
|
version: '0'
|
206
208
|
requirements: []
|
207
|
-
rubygems_version: 3.
|
209
|
+
rubygems_version: 3.4.10
|
208
210
|
signing_key:
|
209
211
|
specification_version: 4
|
210
212
|
summary: Implementation of the OAuth 2.0 protocol on top of rodauth.
|