signet 0.14.0 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc147432dec3ce0cfc7dcb2f935b0b7063e65d7831415f58b00a133834b60eac
-  data.tar.gz: d3b11b9064d2bb95a4d905a8199a2372ea96a9214ba050cdc7a496108cc90094
+  metadata.gz: 9d6cce64f05742592f4945a2a394ab1fc239107e9c5d8145f38a4189689e46ea
+  data.tar.gz: a20b6a81fac21113e804c8cbac63db3464da5357aa7428bc17509212217e50a3
 SHA512:
-  metadata.gz: 13dd09c6860ee3607e0930ca51485f16b51137c62684288a834eb0b008dbcea7b5ee665320061561838f1d680920f15254cc8acc9d83ef80c6c8dcad72277950
-  data.tar.gz: 3052287168b60094c7d87e9f51b7ad89bf57f72e78f188a0f0be60a4914a62a36d2dd3e18ff6d89524665695ac3126c85af330884fe83c9ccf022ad61df2be7b
+  metadata.gz: b1f2c4ab3031aa346f118bc152f129559436f92ae8b3d0008f3a2efa51fb82e0e45fec0f999c6984772be58661c90f6fbe1a1c973cf6ccdec8329696da4e1101
+  data.tar.gz: fc909052f1a89ec0f79d9b9a36ca7196cef5be879595e8c1e7699050ced959b3062881e1418fc9b8258985819f3c2bb64e7e9f60008f25e5ddccb6375934c2f5

data/CHANGELOG.md

@@ -1,54 +1,67 @@
-### 0.14.0 / 2020-03-31
+# Release History
+
+## [0.15.0](https://www.github.com/googleapis/signet/compare/v0.14.1...v0.15.0) (2021-03-04)
+
+
+### Features
+
+* Drop support for Ruby 2.4 and add support for Ruby 3.0 ([bd6fe87](https://www.github.com/googleapis/signet/commit/bd6fe87948f8fc7702720dae651e82f4fd348b5d))
+
+## 0.14.1 / 2021-01-27
+
+* Fix OAuth1 signature with duplicate query param names
+
+## 0.14.0 / 2020-03-31
 
 * Support for fetching ID tokens from google oauth2 endpoint.
 
-### 0.13.2 / 2020-03-25
+## 0.13.2 / 2020-03-25
 
 Rerelease of 0.13.1.
 
-### 0.13.1 / 2020-03-24
+## 0.13.1 / 2020-03-24
 
 * Update github url
 
-### 0.13.0 / 2020-02-24
+## 0.13.0 / 2020-02-24
 
 * Support Faraday 1.x
 
-### 0.12.0 / 2019-10-08
+## 0.12.0 / 2019-10-08
 
 * This version now requires Ruby 2.4.
 * Support array values of the "aud" field.
 * Normalize the version constant to match related gems.
 
-### 0.11.0 / 2018-10-08
+## 0.11.0 / 2018-10-08
 
 * Add constant time comparison for oauth signatures.
 
-### 0.10.0 / 2018-09-21
+## 0.10.0 / 2018-09-21
 
 * Add UnexpectedStatusError class for http status errors that are not handled.
 
-### 0.9.2 / 2018-09-12
+## 0.9.2 / 2018-09-12
 
 * Update issued_at correctly when it is set simultaneously with expires_in.
 
-### 0.9.1 / 2018-08-29
+## 0.9.1 / 2018-08-29
 
 * Warn on EOL ruby versions.
 * Fix DateTime normalization.
 
-### 0.9.0 / 2018-08-20
+## 0.9.0 / 2018-08-20
 
 * Add RemoteServerError class for 5xx level errors.
 * Allow to_json to be called with arguments
 * Expires_in now sets and reflects current expires_at value
 * Expires_within(0) now returns false when expires_at is nil.
 
-### 0.8.1 / 2017-10-13
+## 0.8.1 / 2017-10-13
 
 * Restore support for Ruby 1.9.3
 
-### 0.8.0 / 2017-10-12
+## 0.8.0 / 2017-10-12
 
 * Ensure the "expires_at" attribute is recalculated on refresh (chutzimir)
 * Fix warnings on Ruby 2.4 (koic)
@@ -56,20 +69,20 @@ Rerelease of 0.13.1.
 * Provide signature verification algorithm for compatibility with ruby-jwt 2.0 (jurriaan)
 * Signet::OAuth2::Client#decoded_id_token can take a keyfinder block (mvastola)
 
-### 0.7.3 / 2016-06-20
+## 0.7.3 / 2016-06-20
 
 * Fix timestamp parsing on 32-bit systems
 * Fix expiration check when issue/expiry times are nil
 
-### 0.7.2 / 2015-12-21
+## 0.7.2 / 2015-12-21
 
 * Don't assume Faraday form encoding middleware is present
 
-### 0.7.1 / 2015-12-17
+## 0.7.1 / 2015-12-17
 
 * Fix an issue with date parsing
 
-### 0.7 / 2015-12-06
+## 0.7 / 2015-12-06
 
 * No longer overwrite SSL environment variables.
 * Tighten up date & URL (de)serialization for OAuth2 client
@@ -78,7 +91,7 @@ Rerelease of 0.13.1.
 * Add expires_within(sec) method to oauth2 client to facilitate proactive
   refreshes
 
-### 0.6.1 / 2015-06-08
+## 0.6.1 / 2015-06-08
 
 * Fix language warnings for unused & shadowed variables ((@blowmage)[])
 * Update SSL cert path for OSX ((@gambaroff)[])
@@ -86,14 +99,14 @@ Rerelease of 0.13.1.
 * Fix incorrect parameter name in OAuth2 client docs ((@samuelreh)[])
 * Fix symbolization of URL parameter keys ((@swifthand)[])
 
-### 0.6.0 / 2014-12-05
+## 0.6.0 / 2014-12-05
 
 * Drop support for ruby versions < 1.9.3
 * Update gem dependencies and lock down versions tighter
 * Allow form encoded responses when exchanging OAuth 2 authorization codes
 * Normalize options keys for indifferent access
 
-### 0.5.1 / 2014-06-08
+## 0.5.1 / 2014-06-08
 
 * Allow Hash objects to be used to initialize authorization URI
 * Added PLAINTEXT and RSA-SHA1 signature methods to OAuth 1 support
@@ -101,53 +114,53 @@ Rerelease of 0.13.1.
 * The `approval_prompt` option no longer defaults to `:force`
 * The `approval_prompt` and `prompt` are now mutually exclusive.
 
-### 0.5.0 / 2013-05-31
+## 0.5.0 / 2013-05-31
 
 * Switched to faraday 0.9.0
 * Added `expires_at` option
 
-### 0.4.5
+## 0.4.5
 
 * Minor documentation fixes
 * Allow postmessage as a valid redirect_uri in OAuth 2
 
-### 0.4.4
+## 0.4.4
 
 * Add support for assertion profile
 
-### 0.4.3
+## 0.4.3
 
 * Added method to clear credentials
 
-### 0.4.2
+## 0.4.2
 
 * Backwards compatibility for MultiJson
 
-### 0.4.1
+## 0.4.1
 
 * Updated Launchy dependency
 
-### 0.4.0
+## 0.4.0
 
 * Added OAuth 1 server implementation
 * Updated Faraday dependency
 
-### 0.3.4
+## 0.3.4
 
 * Attempts to auto-detect CA cert location
 
-### 0.3.3
+## 0.3.3
 
 * Request objects no longer recreated during processing
 * Faraday middleware now supported
 * Streamed requests now supported
 * Fixed assertion profiles; client ID/secret omission no longer an error
 
-### 0.3.2
+## 0.3.2
 
 * Added audience security check for ID tokens
 
-### 0.3.1
+## 0.3.1
 
 * Fixed a warning while determining grant type
 * Removed requirement that a connection be supplied when authorizing requests
@@ -155,52 +168,52 @@ Rerelease of 0.13.1.
 * Fixed some documentation stuff around markdown formatting
 * Added support for Google Code wiki format output when generating docs
 
-### 0.3.0
+## 0.3.0
 
 * Replaced httpadapter gem dependency with faraday
 * Replaced json gem dependency with multi_json
 * Updated to OAuth 2.0 draft 22
 * Complete test coverage
 
-### 0.2.4
+## 0.2.4
 
 * Updated to incorporate changes to the Google OAuth endpoints
 
-### 0.2.3
+## 0.2.3
 
 * Added support for JWT-formatted ID tokens.
 * Added :issued_at option to #update_token! method.
 
-### 0.2.2
+## 0.2.2
 
 * Lowered requirements for json gem
 
-### 0.2.1
+## 0.2.1
 
 * Updated to keep in sync with the new httpadapter changes
 
-### 0.2.0
+## 0.2.0
 
 * Added support for OAuth 2.0 draft 10
 
-### 0.1.4
+## 0.1.4
 
 * Added support for a two-legged authorization flow
 
-### 0.1.3
+## 0.1.3
 
 * Fixed issue with headers passed in as a Hash
 * Fixed incompatibilities with Ruby 1.8.6
 
-### 0.1.2
+## 0.1.2
 
 * Fixed bug with overzealous normalization
 
-### 0.1.1
+## 0.1.1
 
 * Fixed bug with missing StringIO require
 * Fixed issue with dependency on unreleased features of addressable
 
-### 0.1.0
+## 0.1.0
 
 * Initial release

data/README.md

@@ -31,8 +31,8 @@ require 'signet/oauth_2/client'
 client = Signet::OAuth2::Client.new(
   :authorization_uri => 'https://accounts.google.com/o/oauth2/auth',
   :token_credential_uri =>  'https://oauth2.googleapis.com/token',
-  :client_id => '44410190108-74nkm6jc5e3vvjqis803frkvmu88cu3a.apps.googleusercontent.com',
-  :client_secret => 'X1NUhvO-rQr9sm8uUSMY8i7v',
+  :client_id => "#{YOUR_CLIENT_ID}.apps.googleusercontent.com",
+  :client_secret => YOUR_CLIENT_SECRET,
   :scope => 'email profile',
   :redirect_uri => 'https://example.client.com/oauth'
 )
@@ -59,8 +59,11 @@ Be sure `https://rubygems.org` is in your gem sources.
 
 ## Supported Ruby Versions
 
-This library requires Ruby 2.4 or later.
-In general, this library supports Ruby versions that are considered current and
-supported by Ruby Core (that is, Ruby versions that are either in normal
-maintenance or in security maintenance).
-See https://www.ruby-lang.org/en/downloads/branches/ for further details.
+This library is supported on Ruby 2.5+.
+
+Google provides official support for Ruby versions that are actively supported
+by Ruby Core—that is, Ruby versions that are either in normal maintenance or in
+security maintenance, and not end of life. Currently, this means Ruby 2.5 and
+later. Older versions of Ruby _may_ still work, but are unsupported and not
+recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details
+about the Ruby support schedule.

data/lib/signet.rb

@@ -15,8 +15,6 @@
 require "signet/version"
 
 module Signet #:nodoc:
-  # rubocop:disable Metrics/AbcSize
-  # rubocop:disable Metrics/MethodLength
   def self.parse_auth_param_list auth_param_string
     # Production rules from:
     # http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-12
@@ -54,11 +52,12 @@ module Signet #:nodoc:
     # Now parse the auth-param pair strings & turn them into key-value pairs.
     (auth_param_pairs.each_with_object [] do |pair, accu|
       name, value = pair.split "=", 2
-      if value =~ /^".*"$/
+      case value
+      when /^".*"$/
         value = value.gsub(/^"(.*)"$/, '\1').gsub(/\\(.)/, '\1')
-      elsif value =~ /^'.*'$/
+      when /^'.*'$/
         value = value.gsub(/^'(.*)'$/, '\1').gsub(/\\(.)/, '\1')
-      elsif value =~ %r{[\(\)<>@,;:\\\"/\[\]?={}]}
+      when %r{[()<>@,;:\\"/\[\]?={}]}
         # Certain special characters are not allowed
         raise ParseError,
               "Unexpected characters in auth param " \
@@ -68,6 +67,4 @@ module Signet #:nodoc:
       accu << [name, value]
     end)
   end
-  # rubocop:enable Metrics/AbcSize
-  # rubocop:enable Metrics/MethodLength
 end

data/lib/signet/oauth_1.rb

@@ -49,9 +49,8 @@ module Signet #:nodoc:
     #
     # @return [String] A random nonce.
     def self.generate_nonce
-      SecureRandom.random_bytes(16).unpack("H*").join ""
+      SecureRandom.random_bytes(16).unpack("H*").join
     end
-    # rubocop:disable Metrics/MethodLength
 
     ##
     # Processes an options <code>Hash</code> to find a credential key value.
@@ -65,7 +64,7 @@ module Signet #:nodoc:
     # @return [String] The credential key value.
     def self.extract_credential_key_option credential_type, options
       # Normalize key to String to allow indifferent access.
-      options = options.each_with_object({}) { |(k, v), accu| accu[k.to_s] = v; }
+      options = options.to_h.transform_keys(&:to_s)
       credential_key = "#{credential_type}_credential_key"
       credential = "#{credential_type}_credential"
       if options[credential_key]
@@ -107,7 +106,7 @@ module Signet #:nodoc:
     # @return [String] The credential secret value.
     def self.extract_credential_secret_option credential_type, options
       # Normalize key to String to allow indifferent access.
-      options = options.each_with_object({}) { |(k, v), accu| accu[k.to_s] = v; }
+      options = options.to_h.transform_keys(&:to_s)
       credential_secret = "#{credential_type}_credential_secret"
       credential = "#{credential_type}_credential"
       if options[credential_secret]
@@ -136,7 +135,6 @@ module Signet #:nodoc:
       end
       credential_secret
     end
-    # rubocop:enable Metrics/MethodLength
 
     ##
     # Normalizes a set of OAuth parameters according to the algorithm given
@@ -178,7 +176,7 @@ module Signet #:nodoc:
         query:     parsed_uri.query,
         fragment:  parsed_uri.fragment
       )
-      uri_parameters = uri.query_values.to_a
+      uri_parameters = uri.query_values(Array) || []
       uri = uri.omit(:query, :fragment).to_s
       merged_parameters =
         uri_parameters.concat(parameters.map { |k, v| [k, v] })
@@ -214,7 +212,7 @@ module Signet #:nodoc:
         realm = realm.gsub '"', '\"'
         parameter_list.unshift "realm=\"#{realm}\""
       end
-      "OAuth " + parameter_list.join(", ")
+      "OAuth #{parameter_list.join ', '}"
     end
 
     ##
@@ -228,7 +226,7 @@ module Signet #:nodoc:
       when /^OAuth$/i
         # Other token types may be supported eventually
         pairs = Signet.parse_auth_param_list(field_value[/^OAuth\s+(.*)$/i, 1])
-        return (pairs.each_with_object [] do |(k, v), accu|
+        (pairs.each_with_object [] do |(k, v), accu|
           if k != "realm"
             k = unencode k
             v = unencode v
@@ -274,24 +272,18 @@ module Signet #:nodoc:
       # be a temporary credential secret when obtaining a token credential
       # for the first time
       base_string = generate_base_string method, uri, parameters
-      parameters = parameters.each_with_object({}) { |(k, v), h| h[k.to_s] = v; }
+      parameters = parameters.to_h.transform_keys(&:to_s)
       signature_method = parameters["oauth_signature_method"]
       case signature_method
       when "HMAC-SHA1"
         require "signet/oauth_1/signature_methods/hmac_sha1"
-        return Signet::OAuth1::HMACSHA1.generate_signature(
-          base_string, client_credential_secret, token_credential_secret
-        )
+        Signet::OAuth1::HMACSHA1.generate_signature base_string, client_credential_secret, token_credential_secret
       when "RSA-SHA1"
         require "signet/oauth_1/signature_methods/rsa_sha1"
-        return Signet::OAuth1::RSASHA1.generate_signature(
-          base_string, client_credential_secret, token_credential_secret
-        )
+        Signet::OAuth1::RSASHA1.generate_signature base_string, client_credential_secret, token_credential_secret
       when "PLAINTEXT"
         require "signet/oauth_1/signature_methods/plaintext"
-        return Signet::OAuth1::PLAINTEXT.generate_signature(
-          base_string, client_credential_secret, token_credential_secret
-        )
+        Signet::OAuth1::PLAINTEXT.generate_signature base_string, client_credential_secret, token_credential_secret
       else
         raise NotImplementedError,
               "Unsupported signature method: #{signature_method}"
@@ -396,7 +388,7 @@ module Signet #:nodoc:
       raise ArgumentError, "Missing :client_credential_key parameter." if client_credential_key.nil?
       raise ArgumentError, "Missing :temporary_credential_key parameter." if temporary_credential_key.nil?
       raise ArgumentError, "Missing :verifier parameter." if options[:verifier].nil?
-      parameters = [
+      [
         ["oauth_consumer_key", client_credential_key],
         ["oauth_token", temporary_credential_key],
         ["oauth_signature_method", options[:signature_method]],
@@ -405,8 +397,6 @@ module Signet #:nodoc:
         ["oauth_verifier", options[:verifier]],
         ["oauth_version", "1.0"]
       ]
-      # No additional parameters allowed here
-      parameters
     end
 
     ##

data/lib/signet/oauth_1/client.rb

@@ -89,7 +89,7 @@ module Signet
       # @see Signet::OAuth1::Client#initialize
       def update! options = {}
         # Normalize key to String to allow indifferent access.
-        options = options.each_with_object({}) { |(k, v), accu| accu[k.to_s] = v; }
+        options = options.to_h.transform_keys(&:to_s)
         self.temporary_credential_uri = options["temporary_credential_uri"]
         self.authorization_uri = options["authorization_uri"]
         self.token_credential_uri = options["token_credential_uri"]
@@ -128,12 +128,12 @@ module Signet
       #   new_temporary_credential_uri
       #   The temporary credentials URI.
       def temporary_credential_uri= new_temporary_credential_uri
-        if !new_temporary_credential_uri.nil?
+        if new_temporary_credential_uri.nil?
+          @temporary_credential_uri = nil
+        else
           new_temporary_credential_uri =
             Addressable::URI.parse new_temporary_credential_uri
           @temporary_credential_uri = new_temporary_credential_uri
-        else
-          @temporary_credential_uri = nil
         end
       end
       alias request_token_uri= temporary_credential_uri=
@@ -163,14 +163,14 @@ module Signet
       # @param [Addressable::URI, String, #to_str] new_authorization_uri
       #   The authorization URI.
       def authorization_uri= new_authorization_uri
-        if !new_authorization_uri.nil?
+        if new_authorization_uri.nil?
+          @authorization_uri = nil
+        else
           new_authorization_uri = Addressable::URI.send(
             new_authorization_uri.is_a?(Hash) ? :new : :parse,
             new_authorization_uri
           )
           @authorization_uri = new_authorization_uri
-        else
-          @authorization_uri = nil
         end
       end
 
@@ -189,14 +189,14 @@ module Signet
       # @param [Addressable::URI, Hash, String, #to_str] new_token_credential_uri
       #   The token credential URI.
       def token_credential_uri= new_token_credential_uri
-        if !new_token_credential_uri.nil?
+        if new_token_credential_uri.nil?
+          @token_credential_uri = nil
+        else
           new_token_credential_uri = Addressable::URI.send(
             new_token_credential_uri.is_a?(Hash) ? :new : :parse,
             new_token_credential_uri
           )
           @token_credential_uri = new_token_credential_uri
-        else
-          @token_credential_uri = nil
         end
       end
       alias access_token_uri= token_credential_uri=
@@ -217,8 +217,7 @@ module Signet
         elsif !client_credential_key && !client_credential_secret
           nil
         else
-          raise ArgumentError,
-                "The client credential key and secret must be set."
+          raise ArgumentError, "The client credential key and secret must be set."
         end
       end
       alias consumer_token client_credential
@@ -229,7 +228,10 @@ module Signet
       # @param [Signet::OAuth1::Credential] new_client_credential
       #   The client credentials.
       def client_credential= new_client_credential
-        if !new_client_credential.nil?
+        if new_client_credential.nil?
+          @client_credential_key = nil
+          @client_credential_secret = nil
+        else
           unless new_client_credential.is_a? ::Signet::OAuth1::Credential
             raise TypeError,
                   "Expected Signet::OAuth1::Credential, " \
@@ -237,9 +239,6 @@ module Signet
           end
           @client_credential_key = new_client_credential.key
           @client_credential_secret = new_client_credential.secret
-        else
-          @client_credential_key = nil
-          @client_credential_secret = nil
         end
       end
       alias consumer_token= client_credential=
@@ -259,15 +258,15 @@ module Signet
       # @param [String, #to_str] new_client_credential_key
       #   The client credential key.
       def client_credential_key= new_client_credential_key
-        if !new_client_credential_key.nil?
+        if new_client_credential_key.nil?
+          @client_credential_key = nil
+        else
           unless new_client_credential_key.respond_to? :to_str
             raise TypeError,
                   "Can't convert #{new_client_credential_key.class} into String."
           end
           new_client_credential_key = new_client_credential_key.to_str
           @client_credential_key = new_client_credential_key
-        else
-          @client_credential_key = nil
         end
       end
       alias consumer_key= client_credential_key=
@@ -287,7 +286,9 @@ module Signet
       # @param [String, #to_str] new_client_credential_secret
       #   The client credential secret.
       def client_credential_secret= new_client_credential_secret
-        if !new_client_credential_secret.nil?
+        if new_client_credential_secret.nil?
+          @client_credential_secret = nil
+        else
           unless new_client_credential_secret.respond_to? :to_str
             raise TypeError,
                   "Can't convert #{new_client_credential_secret.class} " \
@@ -295,8 +296,6 @@ module Signet
           end
           new_client_credential_secret = new_client_credential_secret.to_str
           @client_credential_secret = new_client_credential_secret
-        else
-          @client_credential_secret = nil
         end
       end
       alias consumer_secret= client_credential_secret=
@@ -311,12 +310,10 @@ module Signet
             temporary_credential_key,
             temporary_credential_secret
           )
-        elsif !temporary_credential_key &&
-              !temporary_credential_secret
+        elsif !temporary_credential_key && !temporary_credential_secret
           nil
         else
-          raise ArgumentError,
-                "The temporary credential key and secret must be set."
+          raise ArgumentError, "The temporary credential key and secret must be set."
         end
       end
       alias request_token temporary_credential
@@ -327,7 +324,10 @@ module Signet
       # @param [Signet::OAuth1::Credential] new_temporary_credential
       #   The temporary credentials.
       def temporary_credential= new_temporary_credential
-        if !new_temporary_credential.nil?
+        if new_temporary_credential.nil?
+          @temporary_credential_key = nil
+          @temporary_credential_secret = nil
+        else
           unless new_temporary_credential.is_a? ::Signet::OAuth1::Credential
             raise TypeError,
                   "Expected Signet::OAuth1::Credential, " \
@@ -335,9 +335,6 @@ module Signet
           end
           @temporary_credential_key = new_temporary_credential.key
           @temporary_credential_secret = new_temporary_credential.secret
-        else
-          @temporary_credential_key = nil
-          @temporary_credential_secret = nil
         end
       end
       alias request_token= temporary_credential=
@@ -357,7 +354,9 @@ module Signet
       # @param [String, #to_str] new_temporary_credential_key
       #   The temporary credential key.
       def temporary_credential_key= new_temporary_credential_key
-        if !new_temporary_credential_key.nil?
+        if new_temporary_credential_key.nil?
+          @temporary_credential_key = nil
+        else
           unless new_temporary_credential_key.respond_to? :to_str
             raise TypeError,
                   "Can't convert #{new_temporary_credential_key.class} " \
@@ -365,8 +364,6 @@ module Signet
           end
           new_temporary_credential_key = new_temporary_credential_key.to_str
           @temporary_credential_key = new_temporary_credential_key
-        else
-          @temporary_credential_key = nil
         end
       end
       alias request_token_key= temporary_credential_key=
@@ -386,7 +383,9 @@ module Signet
       # @param [String, #to_str] new_temporary_credential_secret
       #   The temporary credential secret.
       def temporary_credential_secret= new_temporary_credential_secret
-        if !new_temporary_credential_secret.nil?
+        if new_temporary_credential_secret.nil?
+          @temporary_credential_secret = nil
+        else
           unless new_temporary_credential_secret.respond_to? :to_str
             raise TypeError,
                   "Can't convert #{new_temporary_credential_secret.class} " \
@@ -395,8 +394,6 @@ module Signet
           new_temporary_credential_secret =
             new_temporary_credential_secret.to_str
           @temporary_credential_secret = new_temporary_credential_secret
-        else
-          @temporary_credential_secret = nil
         end
       end
       alias request_token_secret= temporary_credential_secret=
@@ -411,12 +408,10 @@ module Signet
             token_credential_key,
             token_credential_secret
           )
-        elsif !token_credential_key &&
-              !token_credential_secret
+        elsif !token_credential_key && !token_credential_secret
           nil
         else
-          raise ArgumentError,
-                "The token credential key and secret must be set."
+          raise ArgumentError, "The token credential key and secret must be set."
         end
       end
       alias access_token token_credential
@@ -427,7 +422,10 @@ module Signet
       # @param [Signet::OAuth1::Credential] new_token_credential
       #   The token credentials.
       def token_credential= new_token_credential
-        if !new_token_credential.nil?
+        if new_token_credential.nil?
+          @token_credential_key = nil
+          @token_credential_secret = nil
+        else
           unless new_token_credential.is_a? ::Signet::OAuth1::Credential
             raise TypeError,
                   "Expected Signet::OAuth1::Credential, " \
@@ -435,9 +433,6 @@ module Signet
           end
           @token_credential_key = new_token_credential.key
           @token_credential_secret = new_token_credential.secret
-        else
-          @token_credential_key = nil
-          @token_credential_secret = nil
         end
       end
       alias access_token= token_credential=
@@ -457,7 +452,9 @@ module Signet
       # @param [String, #to_str] new_token_credential_key
       #   The token credential key.
       def token_credential_key= new_token_credential_key
-        if !new_token_credential_key.nil?
+        if new_token_credential_key.nil?
+          @token_credential_key = nil
+        else
           unless new_token_credential_key.respond_to? :to_str
             raise TypeError,
                   "Can't convert #{new_token_credential_key.class} " \
@@ -465,8 +462,6 @@ module Signet
           end
           new_token_credential_key = new_token_credential_key.to_str
           @token_credential_key = new_token_credential_key
-        else
-          @token_credential_key = nil
         end
       end
       alias access_token_key= token_credential_key=
@@ -486,7 +481,9 @@ module Signet
       # @param [String, #to_str] new_token_credential_secret
       #   The token credential secret.
       def token_credential_secret= new_token_credential_secret
-        if !new_token_credential_secret.nil?
+        if new_token_credential_secret.nil?
+          @token_credential_secret = nil
+        else
           unless new_token_credential_secret.respond_to? :to_str
             raise TypeError,
                   "Can't convert #{new_token_credential_secret.class} " \
@@ -495,8 +492,6 @@ module Signet
           new_token_credential_secret =
             new_token_credential_secret.to_str
           @token_credential_secret = new_token_credential_secret
-        else
-          @token_credential_secret = nil
         end
       end
       alias access_token_secret= token_credential_secret=
@@ -515,15 +510,15 @@ module Signet
       # @param [String, #to_str] new_callback
       #   The OAuth callback.
       def callback= new_callback
-        if !new_callback.nil?
+        if new_callback.nil?
+          @callback = nil
+        else
           unless new_callback.respond_to? :to_str
             raise TypeError,
                   "Can't convert #{new_callback.class} into String."
           end
           new_callback = new_callback.to_str
           @callback = new_callback
-        else
-          @callback = nil
         end
       end
 
@@ -556,7 +551,7 @@ module Signet
       # @note A serialized client contains sensitive information. Persist or transmit with care.
       #
       # @return [String] A serialized JSON representation of the client.
-      def to_json
+      def to_json *_args
         MultiJson.dump(
           "temporary_credential_uri"    => temporary_credential_uri,
           "authorization_uri"           => authorization_uri,
@@ -571,8 +566,6 @@ module Signet
           "token_credential_secret"     => token_credential_secret
         )
       end
-      # rubocop:disable Metrics/AbcSize
-      # rubocop:disable Metrics/MethodLength
 
       ##
       # Generates a request for temporary credentials.
@@ -635,8 +628,6 @@ module Signet
           req.headers = Faraday::Utils::Headers.new headers
         end
       end
-      # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/MethodLength
       alias generate_request_token_request generate_temporary_credential_request
 
       ##
@@ -709,8 +700,6 @@ module Signet
         self.temporary_credential = credential
       end
       alias fetch_request_token! fetch_temporary_credential!
-      # rubocop:disable Metrics/AbcSize
-      # rubocop:disable Metrics/MethodLength
 
       ##
       # Generates a request for token credentials.
@@ -776,7 +765,6 @@ module Signet
           req.headers = Faraday::Utils::Headers.new headers
         end
       end
-      # rubocop:enable Metrics/MethodLength
       alias generate_access_token_request generate_token_credential_request
 
       ##
@@ -818,7 +806,6 @@ module Signet
           message, request: request, response: response
         )
       end
-      # rubocop:enable Metrics/AbcSize
       alias fetch_access_token fetch_token_credential
 
       ##
@@ -846,10 +833,6 @@ module Signet
         self.token_credential = credential
       end
       alias fetch_access_token! fetch_token_credential!
-      # rubocop:disable Metrics/AbcSize
-      # rubocop:disable Metrics/CyclomaticComplexity
-      # rubocop:disable Metrics/MethodLength
-      # rubocop:disable Metrics/PerceivedComplexity
 
       ##
       # Generates an authenticated request for protected resources.
@@ -950,7 +933,7 @@ module Signet
           request.body = env[:body]
 
           post_parameters = Addressable::URI.form_unencode env[:body]
-          parameters = parameters.concat post_parameters
+          parameters.concat post_parameters
         end
 
         # No need to attach URI query parameters, the .sign_parameters
@@ -970,10 +953,6 @@ module Signet
         request["Cache-Control"] = "no-store"
         request
       end
-      # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/CyclomaticComplexity
-      # rubocop:enable Metrics/MethodLength
-      # rubocop:enable Metrics/PerceivedComplexity
 
       ##
       # Transmits a request for a protected resource.

data/lib/signet/oauth_1/credential.rb

@@ -15,11 +15,6 @@
 module Signet #:nodoc:
   module OAuth1
     class Credential
-      # rubocop:disable Metrics/AbcSize
-      # rubocop:disable Metrics/CyclomaticComplexity
-      # rubocop:disable Metrics/MethodLength
-      # rubocop:disable Metrics/PerceivedComplexity
-
       ##
       # Creates a token object from a key and secret.
       #
@@ -95,12 +90,9 @@ module Signet #:nodoc:
         raise TypeError, "Expected String, got #{@secret.class}." unless @secret.respond_to? :to_str
         @secret = @secret.to_str
       end
-      # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/CyclomaticComplexity
-      # rubocop:enable Metrics/MethodLength
-      # rubocop:enable Metrics/PerceivedComplexity
 
-      attr_accessor :key, :secret
+      attr_accessor :key
+      attr_accessor :secret
 
       def to_hash
         {

data/lib/signet/oauth_1/server.rb

@@ -55,15 +55,13 @@ module Signet
           instance_variable_set "@#{attr}", options[attr]
         end
       end
-      # rubocop:disable Naming/UncommunicativeMethodParamName
 
       # Constant time string comparison.
-      def safe_equals? a, b
-        check = a.bytesize ^ b.bytesize
-        a.bytes.zip(b.bytes) { |x, y| check |= x ^ y.to_i }
+      def safe_equals? left, right
+        check = left.bytesize ^ right.bytesize
+        left.bytes.zip(right.bytes) { |x, y| check |= x ^ y.to_i }
         check.zero?
       end
-      # rubocop:enable Naming/UncommunicativeMethodParamName
 
       ##
       # Determine if the supplied nonce/timestamp pair is valid by calling
@@ -141,8 +139,6 @@ module Signet
         verified = @verifier.call verifier if @verifier.respond_to? :call
         verified ? true : false
       end
-      # rubocop:disable Metrics/MethodLength
-      # rubocop:disable Metrics/PerceivedComplexity
 
       ##
       # Validate and normalize the components from an HTTP request.
@@ -188,8 +184,6 @@ module Signet
         request_components[:body] = body
         request_components
       end
-      # rubocop:enable Metrics/MethodLength
-      # rubocop:enable Metrics/PerceivedComplexity
 
       ##
       # Validate and normalize the HTTP Authorization header.
@@ -199,11 +193,7 @@ module Signet
       def verify_auth_header_components headers
         auth_header = headers.find { |x| x[0] == "Authorization" }
         raise MalformedAuthorizationError, "Authorization header is missing" if auth_header.nil? || auth_header[1] == ""
-        auth_hash = ::Signet::OAuth1.parse_authorization_header(
-          auth_header[1]
-        ).each_with_object({}) { |(key, val), acc| acc[key.downcase] = val; }
-
-        auth_hash
+        ::Signet::OAuth1.parse_authorization_header(auth_header[1]).to_h.transform_keys(&:downcase)
       end
 
       ##
@@ -232,14 +222,9 @@ module Signet
 
         auth_header = request_components[:headers].find { |x| x[0] == "Authorization" }
         raise MalformedAuthorizationError, "Authorization header is missing" if auth_header.nil? || auth_header[1] == ""
-        auth_hash = ::Signet::OAuth1.parse_authorization_header(
-          auth_header[1]
-        ).each_with_object({}) { |(key, val), acc| acc[key.downcase] = val; }
+        auth_hash = ::Signet::OAuth1.parse_authorization_header(auth_header[1]).to_h.transform_keys(&:downcase)
         auth_hash["realm"]
       end
-      # rubocop:disable Metrics/AbcSize
-      # rubocop:disable Metrics/MethodLength
-      # rubocop:disable Metrics/PerceivedComplexity
 
       ##
       # Authenticates a temporary credential request. If no oauth_callback is
@@ -308,7 +293,6 @@ module Signet
           false
         end
       end
-      # rubocop:enable Metrics/PerceivedComplexity
 
       ##
       # Authenticates a token credential request.
@@ -379,8 +363,6 @@ module Signet
           temporary_credential: temporary_credential,
           realm:                auth_hash["realm"] }
       end
-      # rubocop:disable Metrics/CyclomaticComplexity
-      # rubocop:disable Metrics/PerceivedComplexity
 
       ##
       # Authenticates a request for a protected resource.
@@ -496,10 +478,6 @@ module Signet
           token_credential:  token_credential,
           realm:             auth_hash["realm"] }
       end
-      # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/CyclomaticComplexity
-      # rubocop:enable Metrics/MethodLength
-      # rubocop:enable Metrics/PerceivedComplexity
     end
   end
 end

data/lib/signet/oauth_1/signature_methods/rsa_sha1.rb

@@ -11,7 +11,7 @@ module Signet #:nodoc:
 
 
         private_key = OpenSSL::PKey::RSA.new client_credential_secret
-        signature = private_key.sign OpenSSL::Digest::SHA1.new, base_string
+        signature = private_key.sign OpenSSL::Digest.new("SHA1"), base_string
         # using strict_encode64 because the encode64 method adds newline characters after ever 60 chars
         Base64.strict_encode64(signature).strip
       end

data/lib/signet/oauth_2.rb

@@ -28,10 +28,10 @@ module Signet #:nodoc:
       case auth_scheme
       when /^Basic$/i
         # HTTP Basic is allowed in OAuth 2
-        return parse_basic_credentials(field_value[/^Basic\s+(.*)$/i, 1])
+        parse_basic_credentials(field_value[/^Basic\s+(.*)$/i, 1])
       when /^OAuth$/i
         # Other token types may be supported eventually
-        return parse_bearer_credentials(field_value[/^OAuth\s+(.*)$/i, 1])
+        parse_bearer_credentials(field_value[/^OAuth\s+(.*)$/i, 1])
       else
         raise ParseError,
               "Parsing non-OAuth Authorization headers is out of scope."
@@ -43,7 +43,7 @@ module Signet #:nodoc:
       case auth_scheme
       when /^OAuth$/i
         # Other token types may be supported eventually
-        return parse_oauth_challenge(field_value[/^OAuth\s+(.*)$/i, 1])
+        parse_oauth_challenge(field_value[/^OAuth\s+(.*)$/i, 1])
       else
         raise ParseError,
               "Parsing non-OAuth WWW-Authenticate headers is out of scope."
@@ -76,9 +76,9 @@ module Signet #:nodoc:
       raise TypeError, "Expected String, got #{body.class}." unless body.is_a? String
       case content_type
       when %r{^application/json.*}
-        return MultiJson.load body
+        MultiJson.load body
       when %r{^application/x-www-form-urlencoded.*}
-        return Hash[Addressable::URI.form_unencode(body)]
+        Hash[Addressable::URI.form_unencode(body)]
       else
         raise ArgumentError, "Invalid content type '#{content_type}'"
       end
@@ -100,9 +100,8 @@ module Signet #:nodoc:
         raise ArgumentError,
               "A client identifier may not contain a ':' character."
       end
-      "Basic " + Base64.encode64(
-        client_id + ":" + client_password
-      ).delete("\n")
+      token = Base64.encode64("#{client_id}:#{client_password}").delete("\n")
+      "Basic #{token}"
     end
 
     ##
@@ -121,11 +120,8 @@ module Signet #:nodoc:
       # TODO: escaping?
       header = "Bearer #{access_token}"
       if auth_params && !auth_params.empty?
-        header += (", " +
-          (auth_params.each_with_object [] do |(key, value), accu|
-            accu << "#{key}=\"#{value}\""
-          end).join(", ")
-                  )
+        additional_headers = auth_params.map { |key, value| "#{key}=\"#{value}\"" }
+        header = ([header] + additional_headers).join ", "
       end
       header
     end

data/lib/signet/oauth_2/client.rb

@@ -110,9 +110,6 @@ module Signet
         @access_type          = nil
         update! options
       end
-      # rubocop:disable Metrics/AbcSize
-      # rubocop:disable Metrics/CyclomaticComplexity
-      # rubocop:disable Metrics/PerceivedComplexity
 
       ##
       # Updates an OAuth 2.0 client.
@@ -202,13 +199,10 @@ module Signet
         self.signing_key = options[:signing_key] if options.key? :signing_key
         self.extension_parameters = options[:extension_parameters] || {}
         self.additional_parameters = options[:additional_parameters] || {}
-        self.access_type = options.fetch(:access_type) { :offline }
+        self.access_type = options.fetch :access_type, :offline
         update_token! options
         self
       end
-      # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/CyclomaticComplexity
-      # rubocop:enable Metrics/PerceivedComplexity
 
       ##
       # Updates an OAuth 2.0 client.
@@ -261,10 +255,6 @@ module Signet
 
         self
       end
-      # rubocop:disable Metrics/AbcSize
-      # rubocop:disable Metrics/CyclomaticComplexity
-      # rubocop:disable Metrics/MethodLength
-      # rubocop:disable Metrics/PerceivedComplexity
 
       ##
       # Returns the authorization URI that the user should be redirected to.
@@ -290,9 +280,7 @@ module Signet
         options[:state] = state unless options[:state]
         options.merge!(additional_parameters.merge(options[:additional_parameters] || {}))
         options.delete :additional_parameters
-        options = Hash[options.map do |key, option|
-          [key.to_s, option]
-        end]
+        options = options.transform_keys(&:to_s)
         uri = Addressable::URI.parse(
           ::Signet::OAuth2.generate_authorization_uri(
             @authorization_uri, options
@@ -304,10 +292,6 @@ module Signet
         end
         uri
       end
-      # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/CyclomaticComplexity
-      # rubocop:enable Metrics/MethodLength
-      # rubocop:enable Metrics/PerceivedComplexity
 
       ##
       # Sets the authorization URI for this client.
@@ -423,7 +407,7 @@ module Signet
           end
           @scope = new_scope
         when String
-          @scope = new_scope.split " "
+          @scope = new_scope.split
         when nil
           @scope = nil
         else
@@ -793,12 +777,12 @@ module Signet
       # @param [String, Integer, nil] new_expires_in
       #   The access token lifetime.
       def expires_in= new_expires_in
-        if !new_expires_in.nil?
-          @issued_at = Time.now
-          @expires_at = @issued_at + new_expires_in.to_i
-        else
+        if new_expires_in.nil?
           @expires_at = nil
           @issued_at = nil
+        else
+          @issued_at = Time.now
+          @expires_at = @issued_at + new_expires_in.to_i
         end
       end
 
@@ -922,8 +906,6 @@ module Signet
         assertion["sub"] = sub unless sub.nil?
         JWT.encode assertion, signing_key, signing_algorithm
       end
-      # rubocop:disable Style/MethodDefParentheses
-      # rubocop:disable Metrics/AbcSize
 
       ##
       # Serialize the client object to JSON.
@@ -931,7 +913,7 @@ module Signet
       # @note A serialized client contains sensitive information. Persist or transmit with care.
       #
       # @return [String] A serialized JSON representation of the client.
-      def to_json(*)
+      def to_json *_args
         MultiJson.dump(
           "authorization_uri"    => authorization_uri ? authorization_uri.to_s : nil,
           "token_credential_uri" => token_credential_uri ? token_credential_uri.to_s : nil,
@@ -956,10 +938,6 @@ module Signet
           "extension_parameters" => extension_parameters
         )
       end
-      # rubocop:enable Style/MethodDefParentheses
-      # rubocop:disable Metrics/CyclomaticComplexity
-      # rubocop:disable Metrics/MethodLength
-      # rubocop:disable Metrics/PerceivedComplexity
 
       ##
       # Generates a request for token credentials.
@@ -1005,8 +983,6 @@ module Signet
         additional.each { |k, v| parameters[k.to_s] = v }
         parameters
       end
-      # rubocop:enable Metrics/CyclomaticComplexity
-      # rubocop:enable Metrics/PerceivedComplexity
 
       def fetch_access_token options = {}
         raise ArgumentError, "Missing token endpoint URI." if token_credential_uri.nil?
@@ -1035,20 +1011,16 @@ module Signet
 
         message = "  Server message:\n#{response.body.to_s.strip}" unless body.to_s.strip.empty?
         if [400, 401, 403].include? status
-          message = "Authorization failed." + message
-          raise ::Signet::AuthorizationError.new(
-            message, response: response
-          )
+          message = "Authorization failed.#{message}"
+          raise ::Signet::AuthorizationError.new message, response: response
         elsif status.to_s[0] == "5"
-          message = "Remote server error." + message
+          message = "Remote server error.#{message}"
           raise ::Signet::RemoteServerError, message
         else
-          message = "Unexpected status code: #{response.status}." + message
+          message = "Unexpected status code: #{response.status}.#{message}"
           raise ::Signet::UnexpectedStatusError, message
         end
       end
-      # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/MethodLength
 
       def fetch_access_token! options = {}
         token_hash = fetch_access_token options
@@ -1068,9 +1040,6 @@ module Signet
       def refresh! options = {}
         fetch_access_token! options
       end
-      # rubocop:disable Metrics/AbcSize
-      # rubocop:disable Metrics/MethodLength
-      # rubocop:disable Metrics/PerceivedComplexity
 
       ##
       # Generates an authenticated request for protected resources.
@@ -1137,9 +1106,6 @@ module Signet
         request["Cache-Control"] = "no-store"
         request
       end
-      # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/MethodLength
-      # rubocop:enable Metrics/PerceivedComplexity
 
       ##
       # Transmits a request for a protected resource.

data/lib/signet/version.rb

@@ -13,5 +13,5 @@
 #    limitations under the License.
 
 module Signet
-  VERSION = "0.14.0".freeze
+  VERSION = "0.15.0".freeze
 end

data/signet.gemspec

@@ -21,14 +21,15 @@ Gem::Specification.new do |gem|
   gem.homepage = "https://github.com/googleapis/signet"
   gem.rdoc_options = ["--main", "README.md"]
   gem.summary = "Signet is an OAuth 1.0 / OAuth 2.0 implementation."
-  gem.required_ruby_version = ">= 2.4.0"
+
+  gem.required_ruby_version = ">= 2.5"
 
   gem.add_runtime_dependency "addressable", "~> 2.3"
   gem.add_runtime_dependency "faraday", ">= 0.17.3", "< 2.0"
   gem.add_runtime_dependency "jwt", ">= 1.5", "< 3.0"
   gem.add_runtime_dependency "multi_json", "~> 1.10"
 
-  gem.add_development_dependency "google-style", "~> 0.3"
+  gem.add_development_dependency "google-style", "~> 1.25.1"
   gem.add_development_dependency "kramdown", "~> 1.5"
   gem.add_development_dependency "launchy", "~> 2.4"
   gem.add_development_dependency "rake", "~> 12.0"

data/spec/signet/oauth_1_spec.rb

@@ -282,6 +282,32 @@ describe Signet::OAuth1 do
     )
   end
 
+  it "should correctly generate a base signature with duplicated query params" do
+    method = "GET"
+    uri = "http://photos.example.net/photos?foo=bar&foo=baz&foo=qux"
+    parameters = {
+      "oauth_consumer_key"     => "dpf43f3p2l4k3l03",
+      "oauth_token"            => "nnch734d00sl2jdk",
+      "oauth_signature_method" => "HMAC-SHA1",
+      "oauth_timestamp"        => "1191242096",
+      "oauth_nonce"            => "kllo9940pd9333jh",
+      "oauth_version"          => "1.0",
+      "file"                   => "vacation.jpg",
+      "size"                   => "original"
+    }
+    expect(Signet::OAuth1.generate_base_string(method, uri, parameters)).to eq(
+      "GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26" \
+      "foo%3Dbar%26" \
+      "foo%3Dbaz%26" \
+      "foo%3Dqux%26" \
+      "oauth_consumer_key%3Ddpf43f3p2l4k3l03%26" \
+      "oauth_nonce%3Dkllo9940pd9333jh%26" \
+      "oauth_signature_method%3DHMAC-SHA1%26" \
+      "oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26" \
+      "oauth_version%3D1.0%26size%3Doriginal"
+                                                                            )
+  end
+
   it "should correctly generate an authorization header" do
     parameters = [
       %w[oauth_consumer_key 0685bd9184jfhq22],

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: signet
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.15.0
 platform: ruby
 authors:
 - Bob Aman
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-02 00:00:00.000000000 Z
+date: 2021-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -85,14 +85,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: 1.25.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: 1.25.1
 - !ruby/object:Gem::Dependency
   name: kramdown
   requirement: !ruby/object:Gem::Requirement
@@ -241,14 +241,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.2.11
 signing_key: 
 specification_version: 4
 summary: Signet is an OAuth 1.0 / OAuth 2.0 implementation.