signet 0.10.0 → 0.11.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cca16d5ecdcc2714f91dda26893593bc4864b3108fb705b02df3267e2deb5864
4
- data.tar.gz: 06bd27996b7e0bcc297934f89727be25d1027ae623d94a72635c7ce40edf9d10
3
+ metadata.gz: ee45b6d3e6075bfd1d1e5b2fae2830e0f981b2e70e7bb075422e51e20b12f4e8
4
+ data.tar.gz: 3f019f83eda28d4e0a2b80da812c181f605eae19ecc5b138f9ceee2cfd686fbc
5
5
  SHA512:
6
- metadata.gz: 86a51a0441913e042ed13cd8667168cd7a37e5787714a50b361b5b6e37536be723a22132e7782ee5c8605d01bff35d2acb821f8e14d809f8917815d7c7084542
7
- data.tar.gz: 13796569d062502f45820b91085a555858d1cce5bd53a4133e230023aca5bfbcbbee3223ea0dbe3393669c91635d0a2142a5d898d2a9800cc5a3e74413fc705e
6
+ metadata.gz: 4e9f7704e31e89ecb6b8b24c6f09d1d13615cdfc7ba2d165384ab854be0f33c175bc38db7fd138070fdafff73d33676b96d8e1403b10128e811c25311cd15bf8
7
+ data.tar.gz: 399c408f37ef1cd30d0e0d31dab9d80ebed8a917e659d252905f4d162511edf2f88d72e27cf8b0792794245ce8e06ae769c473aa94f4c559dcea9e222e221785
@@ -1,3 +1,6 @@
1
+ ## 0.11.0 (2018-10-08)
2
+ * Add constant time comparison for oauth signatures.
3
+
1
4
  ## 0.10.0 (2018-09-21)
2
5
  * Add UnexpectedStatusError class for http status errors that are not handled.
3
6
 
@@ -13,7 +13,6 @@
13
13
  # limitations under the License.
14
14
  #
15
15
  require 'faraday'
16
-
17
16
  require 'stringio'
18
17
  require 'addressable/uri'
19
18
  require 'signet'
@@ -57,6 +56,13 @@ module Signet
57
56
  instance_variable_set("@#{attr}", options[attr])
58
57
  end
59
58
  end
59
+
60
+ # Constant time string comparison.
61
+ def safe_equals?(a, b)
62
+ check = a.bytesize ^ b.bytesize
63
+ a.bytes.zip(b.bytes) { |x, y| check |= x ^ y.to_i }
64
+ check == 0
65
+ end
60
66
 
61
67
  ##
62
68
  # Determine if the supplied nonce/timestamp pair is valid by calling
@@ -285,7 +291,7 @@ module Signet
285
291
  client_credential_secret,
286
292
  nil
287
293
  )
288
- if(computed_signature == auth_hash['oauth_signature'])
294
+ if safe_equals?(computed_signature, auth_hash['oauth_signature'])
289
295
  if(auth_hash.fetch('oauth_callback', 'oob').empty?)
290
296
  'oob'
291
297
  else
@@ -363,7 +369,7 @@ module Signet
363
369
  temporary_credential.secret
364
370
  )
365
371
 
366
- if(computed_signature == auth_hash['oauth_signature'])
372
+ if safe_equals?(computed_signature, auth_hash['oauth_signature'])
367
373
  {:client_credential=>client_credential,
368
374
  :temporary_credential=>temporary_credential,
369
375
  :realm=>auth_hash['realm']
@@ -490,7 +496,7 @@ module Signet
490
496
  token_credential_secret
491
497
  )
492
498
 
493
- if(computed_signature == auth_hash['oauth_signature'])
499
+ if safe_equals?(computed_signature, auth_hash['oauth_signature'])
494
500
  {:client_credential=>client_credential,
495
501
  :token_credential=>token_credential,
496
502
  :realm=>auth_hash['realm']
@@ -142,7 +142,7 @@ module Signet #:nodoc:
142
142
  # @return [String] The authorization URI to redirect the user to.
143
143
  def self.generate_authorization_uri(authorization_uri, parameters={})
144
144
  for key, value in parameters
145
- parameters.delete(key) if value == nil
145
+ parameters.delete(key) if value.nil?
146
146
  end
147
147
  parsed_uri = Addressable::URI.parse(authorization_uri).dup
148
148
  query_values = parsed_uri.query_values || {}
@@ -89,7 +89,7 @@ module Signet
89
89
  # )
90
90
  #
91
91
  # @see Signet::OAuth2::Client#update!
92
- def initialize(options={})
92
+ def initialize options={}
93
93
  @authorization_uri = nil
94
94
  @token_credential_uri = nil
95
95
  @client_id = nil
@@ -104,6 +104,7 @@ module Signet
104
104
  @scope = nil
105
105
  @state = nil
106
106
  @username = nil
107
+ @access_type = nil
107
108
  self.update!(options)
108
109
  end
109
110
 
@@ -152,6 +153,8 @@ module Signet
152
153
  # to be refreshed.
153
154
  # - <code>:access_token</code> -
154
155
  # The current access token for this client.
156
+ # - <code>:access_type</code> -
157
+ # The current access type parameter for #authorization_uri.
155
158
  # - <code>:id_token</code> -
156
159
  # The current ID token for this client.
157
160
  # - <code>:extension_parameters</code> -
@@ -189,6 +192,7 @@ module Signet
189
192
  self.signing_key = options[:signing_key] if options.has_key?(:signing_key)
190
193
  self.extension_parameters = options[:extension_parameters] || {}
191
194
  self.additional_parameters = options[:additional_parameters] || {}
195
+ self.access_type = options.fetch(:access_type) { :offline }
192
196
  self.update_token!(options)
193
197
  return self
194
198
  end
@@ -259,8 +263,8 @@ module Signet
259
263
  unless options[:response_type]
260
264
  options[:response_type] = :code
261
265
  end
262
- unless options[:access_type]
263
- options[:access_type] = :offline
266
+ if !options[:access_type] && access_type
267
+ options[:access_type] = access_type
264
268
  end
265
269
  options[:client_id] ||= self.client_id
266
270
  options[:redirect_uri] ||= self.redirect_uri
@@ -330,6 +334,23 @@ module Signet
330
334
  end
331
335
  end
332
336
 
337
+ ##
338
+ # Returns the current access type parameter for #authorization_uri.
339
+ #
340
+ # @return [String, Symbol] The current access type.
341
+ def access_type
342
+ return @access_type
343
+ end
344
+
345
+ ##
346
+ # Sets the current access type parameter for #authorization_uri.
347
+ #
348
+ # @param [String, Symbol] new_access_type
349
+ # The current access type.
350
+ def access_type=(new_access_type)
351
+ @access_type = new_access_type
352
+ end
353
+
333
354
  ##
334
355
  # Returns the client identifier for this client.
335
356
  #
@@ -713,7 +734,7 @@ module Signet
713
734
  # omitted.
714
735
  #
715
736
  # @return [String] The decoded ID token.
716
- def decoded_id_token(public_key=nil, options = {}, &keyfinder)
737
+ def decoded_id_token public_key=nil, options = {}, &keyfinder
717
738
  options[:algorithm] ||= signing_algorithm
718
739
  verify = !!(public_key || keyfinder)
719
740
  payload, _header = JWT.decode(self.id_token, public_key, verify, options, &keyfinder)
@@ -746,12 +767,13 @@ module Signet
746
767
  #
747
768
  # @param [String, Integer, nil] new_expires_in
748
769
  # The access token lifetime.
749
- def expires_in=(new_expires_in)
750
- if new_expires_in != nil
770
+ def expires_in= new_expires_in
771
+ if !new_expires_in.nil?
751
772
  @issued_at = Time.now
752
773
  @expires_at = @issued_at + new_expires_in.to_i
753
774
  else
754
- @expires_at, @issued_at = nil, nil
775
+ @expires_at = nil
776
+ @issued_at = nil
755
777
  end
756
778
  end
757
779
 
@@ -760,7 +782,7 @@ module Signet
760
782
  #
761
783
  # @return [Time, nil] The access token issuance time.
762
784
  def issued_at
763
- return @issued_at
785
+ @issued_at
764
786
  end
765
787
 
766
788
  ##
@@ -961,7 +983,7 @@ module Signet
961
983
  end
962
984
 
963
985
  def fetch_access_token(options={})
964
- if self.token_credential_uri == nil
986
+ if self.token_credential_uri.nil?
965
987
  raise ArgumentError, 'Missing token endpoint URI.'
966
988
  end
967
989
 
@@ -17,7 +17,7 @@ unless defined? Signet::VERSION
17
17
  module Signet
18
18
  module VERSION
19
19
  MAJOR = 0
20
- MINOR = 10
20
+ MINOR = 11
21
21
  TINY = 0
22
22
  PRE = nil
23
23
 
@@ -58,15 +58,15 @@ unless defined? Signet::VERSION
58
58
  # @private
59
59
  #
60
60
  def self.warn_unsupported_ruby cur_version, recommended_version
61
- "WARNING: You are running Ruby #{cur_version}, which has reached" +
62
- " end-of-life and is no longer supported by Ruby Core.\n" +
63
- 'Signet works best on supported versions of' +
64
- ' Ruby. It is strongly recommended that you upgrade to Ruby' +
65
- " #{recommended_version} or later. \n" +
66
- 'See https://www.ruby-lang.org/en/downloads/branches/ for more' +
67
- " info on the Ruby maintenance schedule.\n" +
68
- 'To suppress this message, set the' +
69
- ' GOOGLE_CLOUD_SUPPRESS_RUBY_WARNINGS environment variable.'
61
+ "WARNING: You are running Ruby #{cur_version}, which has reached" \
62
+ " end-of-life and is no longer supported by Ruby Core.\n" \
63
+ 'Signet works best on supported versions of' \
64
+ ' Ruby. It is strongly recommended that you upgrade to Ruby' \
65
+ " #{recommended_version} or later. \n" \
66
+ 'See https://www.ruby-lang.org/en/downloads/branches/ for more' \
67
+ " info on the Ruby maintenance schedule.\n" \
68
+ 'To suppress this message, set the' \
69
+ ' GOOGLE_CLOUD_SUPPRESS_RUBY_WARNINGS environment variable.'
70
70
  end
71
71
 
72
72
  ##
@@ -74,14 +74,14 @@ unless defined? Signet::VERSION
74
74
  # @private
75
75
  #
76
76
  def self.warn_nonrecommended_ruby cur_version, recommended_version
77
- "WARNING: You are running Ruby #{cur_version}, which is nearing" +
78
- " end-of-life.\n" +
79
- 'Signet works best on supported versions of' +
80
- " Ruby. Consider upgrading to Ruby #{recommended_version} or later.\n" +
81
- 'See https://www.ruby-lang.org/en/downloads/branches/ for more' +
82
- " info on the Ruby maintenance schedule.\n" +
83
- 'To suppress this message, set the' +
84
- ' GOOGLE_CLOUD_SUPPRESS_RUBY_WARNINGS environment variable.'
77
+ "WARNING: You are running Ruby #{cur_version}, which is nearing" \
78
+ " end-of-life.\n" \
79
+ 'Signet works best on supported versions of' \
80
+ " Ruby. Consider upgrading to Ruby #{recommended_version} or later.\n" \
81
+ 'See https://www.ruby-lang.org/en/downloads/branches/ for more' \
82
+ " info on the Ruby maintenance schedule.\n" \
83
+ 'To suppress this message, set the' \
84
+ ' GOOGLE_CLOUD_SUPPRESS_RUBY_WARNINGS environment variable.'
85
85
  end
86
86
  end
87
87
  end
@@ -1110,6 +1110,16 @@ describe Signet::OAuth2::Client, 'configured with custom parameters' do
1110
1110
  expect(@client.authorization_uri(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).query_values).to eq ({"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "new_param"=>"new_val", "response_type"=>"code","redirect_uri"=>"https://example.client.com/callback", "type"=>"new_type"})
1111
1111
  end
1112
1112
 
1113
+ it 'should not have access_type parameter in authorization_uri when we set it to nil in client' do
1114
+ @client.update!(:access_type=>nil)
1115
+ expect(@client.authorization_uri().query_values).to eq ({"client_id"=>"s6BhdRkqt3", "response_type"=>"code", "redirect_uri"=>"https://example.client.com/callback"})
1116
+ end
1117
+
1118
+ it 'should use new access_type parameter as default for authorization_uri' do
1119
+ @client.update!(:access_type=>:online)
1120
+ expect(@client.authorization_uri().query_values).to eq ({"access_type"=>"online", "client_id"=>"s6BhdRkqt3", "response_type"=>"code", "redirect_uri"=>"https://example.client.com/callback"})
1121
+ end
1122
+
1113
1123
  it 'should merge new generate_access_token_request custom parameters' do
1114
1124
  @client.update!(:code=>'12345')
1115
1125
  params = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'})
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: signet
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.10.0
4
+ version: 0.11.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bob Aman
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2018-09-24 00:00:00.000000000 Z
12
+ date: 2018-10-10 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: addressable