RubyGems - signet - Versions diffs - 0.14.0 → 0.14.1 - Mend

signet 0.14.0 → 0.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc147432dec3ce0cfc7dcb2f935b0b7063e65d7831415f58b00a133834b60eac
-  data.tar.gz: d3b11b9064d2bb95a4d905a8199a2372ea96a9214ba050cdc7a496108cc90094
+  metadata.gz: c94f4ee9a5ea982bba69826873be998a4cbf833af8c70920fd2384558efe33e5
+  data.tar.gz: 211e019a051159858a4e18cbe64efe9989a13df08b2d449e67ac4057f91f4332
 SHA512:
-  metadata.gz: 13dd09c6860ee3607e0930ca51485f16b51137c62684288a834eb0b008dbcea7b5ee665320061561838f1d680920f15254cc8acc9d83ef80c6c8dcad72277950
-  data.tar.gz: 3052287168b60094c7d87e9f51b7ad89bf57f72e78f188a0f0be60a4914a62a36d2dd3e18ff6d89524665695ac3126c85af330884fe83c9ccf022ad61df2be7b
+  metadata.gz: d8e5ac7a7977d89976275a4988e62139622436dea9f539a934b99e94f32832e57c8c522a91647449f9b5ea199fa561ad62680803f7d1dbe5b40946087b95dae4
+  data.tar.gz: 2b6476b3b89d09d66c0274fa9bd1b5da6aebb68932e7e15325cf34ccca14b5d5f5a16f76a22330bbcb9f6b66882e016eeccb54977e7a87cc4ce6f32568361808

data/CHANGELOG.md CHANGED

@@ -1,54 +1,63 @@
-### 0.14.0 / 2020-03-31
+# Release History
+## [0.14.1](https://www.github.com/googleapis/signet/compare/v0.14.0...v0.14.1) (2021-01-27)
+### Bug Fixes
+* Fix OAuth1 signature with duplicate query param names ([9f5b81a](https://www.github.com/googleapis/signet/commit/9f5b81a60625a6e6f0e5bca24c67b90e73d7479b))
+## 0.14.0 / 2020-03-31
 * Support for fetching ID tokens from google oauth2 endpoint.
-### 0.13.2 / 2020-03-25
+## 0.13.2 / 2020-03-25
 Rerelease of 0.13.1.
-### 0.13.1 / 2020-03-24
+## 0.13.1 / 2020-03-24
 * Update github url
-### 0.13.0 / 2020-02-24
+## 0.13.0 / 2020-02-24
 * Support Faraday 1.x
-### 0.12.0 / 2019-10-08
+## 0.12.0 / 2019-10-08
 * This version now requires Ruby 2.4.
 * Support array values of the "aud" field.
 * Normalize the version constant to match related gems.
-### 0.11.0 / 2018-10-08
+## 0.11.0 / 2018-10-08
 * Add constant time comparison for oauth signatures.
-### 0.10.0 / 2018-09-21
+## 0.10.0 / 2018-09-21
 * Add UnexpectedStatusError class for http status errors that are not handled.
-### 0.9.2 / 2018-09-12
+## 0.9.2 / 2018-09-12
 * Update issued_at correctly when it is set simultaneously with expires_in.
-### 0.9.1 / 2018-08-29
+## 0.9.1 / 2018-08-29
 * Warn on EOL ruby versions.
 * Fix DateTime normalization.
-### 0.9.0 / 2018-08-20
+## 0.9.0 / 2018-08-20
 * Add RemoteServerError class for 5xx level errors.
 * Allow to_json to be called with arguments
 * Expires_in now sets and reflects current expires_at value
 * Expires_within(0) now returns false when expires_at is nil.
-### 0.8.1 / 2017-10-13
+## 0.8.1 / 2017-10-13
 * Restore support for Ruby 1.9.3
-### 0.8.0 / 2017-10-12
+## 0.8.0 / 2017-10-12
 * Ensure the "expires_at" attribute is recalculated on refresh (chutzimir)
 * Fix warnings on Ruby 2.4 (koic)
@@ -56,20 +65,20 @@ Rerelease of 0.13.1.
 * Provide signature verification algorithm for compatibility with ruby-jwt 2.0 (jurriaan)
 * Signet::OAuth2::Client#decoded_id_token can take a keyfinder block (mvastola)
-### 0.7.3 / 2016-06-20
+## 0.7.3 / 2016-06-20
 * Fix timestamp parsing on 32-bit systems
 * Fix expiration check when issue/expiry times are nil
-### 0.7.2 / 2015-12-21
+## 0.7.2 / 2015-12-21
 * Don't assume Faraday form encoding middleware is present
-### 0.7.1 / 2015-12-17
+## 0.7.1 / 2015-12-17
 * Fix an issue with date parsing
-### 0.7 / 2015-12-06
+## 0.7 / 2015-12-06
 * No longer overwrite SSL environment variables.
 * Tighten up date & URL (de)serialization for OAuth2 client
@@ -78,7 +87,7 @@ Rerelease of 0.13.1.
 * Add expires_within(sec) method to oauth2 client to facilitate proactive
   refreshes
-### 0.6.1 / 2015-06-08
+## 0.6.1 / 2015-06-08
 * Fix language warnings for unused & shadowed variables ((@blowmage)[])
 * Update SSL cert path for OSX ((@gambaroff)[])
@@ -86,14 +95,14 @@ Rerelease of 0.13.1.
 * Fix incorrect parameter name in OAuth2 client docs ((@samuelreh)[])
 * Fix symbolization of URL parameter keys ((@swifthand)[])
-### 0.6.0 / 2014-12-05
+## 0.6.0 / 2014-12-05
 * Drop support for ruby versions < 1.9.3
 * Update gem dependencies and lock down versions tighter
 * Allow form encoded responses when exchanging OAuth 2 authorization codes
 * Normalize options keys for indifferent access
-### 0.5.1 / 2014-06-08
+## 0.5.1 / 2014-06-08
 * Allow Hash objects to be used to initialize authorization URI
 * Added PLAINTEXT and RSA-SHA1 signature methods to OAuth 1 support
@@ -101,53 +110,53 @@ Rerelease of 0.13.1.
 * The `approval_prompt` option no longer defaults to `:force`
 * The `approval_prompt` and `prompt` are now mutually exclusive.
-### 0.5.0 / 2013-05-31
+## 0.5.0 / 2013-05-31
 * Switched to faraday 0.9.0
 * Added `expires_at` option
-### 0.4.5
+## 0.4.5
 * Minor documentation fixes
 * Allow postmessage as a valid redirect_uri in OAuth 2
-### 0.4.4
+## 0.4.4
 * Add support for assertion profile
-### 0.4.3
+## 0.4.3
 * Added method to clear credentials
-### 0.4.2
+## 0.4.2
 * Backwards compatibility for MultiJson
-### 0.4.1
+## 0.4.1
 * Updated Launchy dependency
-### 0.4.0
+## 0.4.0
 * Added OAuth 1 server implementation
 * Updated Faraday dependency
-### 0.3.4
+## 0.3.4
 * Attempts to auto-detect CA cert location
-### 0.3.3
+## 0.3.3
 * Request objects no longer recreated during processing
 * Faraday middleware now supported
 * Streamed requests now supported
 * Fixed assertion profiles; client ID/secret omission no longer an error
-### 0.3.2
+## 0.3.2
 * Added audience security check for ID tokens
-### 0.3.1
+## 0.3.1
 * Fixed a warning while determining grant type
 * Removed requirement that a connection be supplied when authorizing requests
@@ -155,52 +164,52 @@ Rerelease of 0.13.1.
 * Fixed some documentation stuff around markdown formatting
 * Added support for Google Code wiki format output when generating docs
-### 0.3.0
+## 0.3.0
 * Replaced httpadapter gem dependency with faraday
 * Replaced json gem dependency with multi_json
 * Updated to OAuth 2.0 draft 22
 * Complete test coverage
-### 0.2.4
+## 0.2.4
 * Updated to incorporate changes to the Google OAuth endpoints
-### 0.2.3
+## 0.2.3
 * Added support for JWT-formatted ID tokens.
 * Added :issued_at option to #update_token! method.
-### 0.2.2
+## 0.2.2
 * Lowered requirements for json gem
-### 0.2.1
+## 0.2.1
 * Updated to keep in sync with the new httpadapter changes
-### 0.2.0
+## 0.2.0
 * Added support for OAuth 2.0 draft 10
-### 0.1.4
+## 0.1.4
 * Added support for a two-legged authorization flow
-### 0.1.3
+## 0.1.3
 * Fixed issue with headers passed in as a Hash
 * Fixed incompatibilities with Ruby 1.8.6
-### 0.1.2
+## 0.1.2
 * Fixed bug with overzealous normalization
-### 0.1.1
+## 0.1.1
 * Fixed bug with missing StringIO require
 * Fixed issue with dependency on unreleased features of addressable
-### 0.1.0
+## 0.1.0
 * Initial release

data/lib/signet/oauth_1.rb CHANGED

@@ -178,7 +178,7 @@ module Signet #:nodoc:
         query:     parsed_uri.query,
         fragment:  parsed_uri.fragment
       )
-      uri_parameters = uri.query_values.to_a
+      uri_parameters = uri.query_values(Array) || []
       uri = uri.omit(:query, :fragment).to_s
       merged_parameters =
         uri_parameters.concat(parameters.map { |k, v| [k, v] })

data/lib/signet/version.rb CHANGED

@@ -13,5 +13,5 @@
 #    limitations under the License.
 module Signet
-  VERSION = "0.14.0".freeze
+  VERSION = "0.14.1".freeze
 end

data/spec/signet/oauth_1_spec.rb CHANGED

@@ -282,6 +282,32 @@ describe Signet::OAuth1 do
     )
   end
+  it "should correctly generate a base signature with duplicated query params" do
+    method = "GET"
+    uri = "http://photos.example.net/photos?foo=bar&foo=baz&foo=qux"
+    parameters = {
+      "oauth_consumer_key"     => "dpf43f3p2l4k3l03",
+      "oauth_token"            => "nnch734d00sl2jdk",
+      "oauth_signature_method" => "HMAC-SHA1",
+      "oauth_timestamp"        => "1191242096",
+      "oauth_nonce"            => "kllo9940pd9333jh",
+      "oauth_version"          => "1.0",
+      "file"                   => "vacation.jpg",
+      "size"                   => "original"
+    }
+    expect(Signet::OAuth1.generate_base_string(method, uri, parameters)).to eq(
+      "GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26" \
+      "foo%3Dbar%26" \
+      "foo%3Dbaz%26" \
+      "foo%3Dqux%26" \
+      "oauth_consumer_key%3Ddpf43f3p2l4k3l03%26" \
+      "oauth_nonce%3Dkllo9940pd9333jh%26" \
+      "oauth_signature_method%3DHMAC-SHA1%26" \
+      "oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26" \
+      "oauth_version%3D1.0%26size%3Doriginal"
+                                                                            )
+  end
   it "should correctly generate an authorization header" do
     parameters = [
       %w[oauth_consumer_key 0685bd9184jfhq22],

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: signet
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.14.1
 platform: ruby
 authors:
 - Bob Aman
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-04-02 00:00:00.000000000 Z
+date: 2021-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -248,7 +248,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.2.6
 signing_key:
 specification_version: 4
 summary: Signet is an OAuth 1.0 / OAuth 2.0 implementation.