RubyGems - signet - Versions diffs - 0.14.0 → 0.14.1 - Mend

signet 0.14.0 → 0.14.1

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc147432dec3ce0cfc7dcb2f935b0b7063e65d7831415f58b00a133834b60eac
-  data.tar.gz: d3b11b9064d2bb95a4d905a8199a2372ea96a9214ba050cdc7a496108cc90094
+  metadata.gz: c94f4ee9a5ea982bba69826873be998a4cbf833af8c70920fd2384558efe33e5
+  data.tar.gz: 211e019a051159858a4e18cbe64efe9989a13df08b2d449e67ac4057f91f4332
 SHA512:
-  metadata.gz: 13dd09c6860ee3607e0930ca51485f16b51137c62684288a834eb0b008dbcea7b5ee665320061561838f1d680920f15254cc8acc9d83ef80c6c8dcad72277950
-  data.tar.gz: 3052287168b60094c7d87e9f51b7ad89bf57f72e78f188a0f0be60a4914a62a36d2dd3e18ff6d89524665695ac3126c85af330884fe83c9ccf022ad61df2be7b
+  metadata.gz: d8e5ac7a7977d89976275a4988e62139622436dea9f539a934b99e94f32832e57c8c522a91647449f9b5ea199fa561ad62680803f7d1dbe5b40946087b95dae4
+  data.tar.gz: 2b6476b3b89d09d66c0274fa9bd1b5da6aebb68932e7e15325cf34ccca14b5d5f5a16f76a22330bbcb9f6b66882e016eeccb54977e7a87cc4ce6f32568361808

data/CHANGELOG.md CHANGED

@@ -1,54 +1,63 @@
-### 0.14.0 / 2020-03-31
+# Release History
+## [0.14.1](https://www.github.com/googleapis/signet/compare/v0.14.0...v0.14.1) (2021-01-27)
+### Bug Fixes
+* Fix OAuth1 signature with duplicate query param names ([9f5b81a](https://www.github.com/googleapis/signet/commit/9f5b81a60625a6e6f0e5bca24c67b90e73d7479b))
+## 0.14.0 / 2020-03-31
 * Support for fetching ID tokens from google oauth2 endpoint.
-### 0.13.2 / 2020-03-25
+## 0.13.2 / 2020-03-25
 Rerelease of 0.13.1.
-### 0.13.1 / 2020-03-24
+## 0.13.1 / 2020-03-24
 * Update github url
-### 0.13.0 / 2020-02-24
+## 0.13.0 / 2020-02-24
 * Support Faraday 1.x
-### 0.12.0 / 2019-10-08
+## 0.12.0 / 2019-10-08
 * This version now requires Ruby 2.4.
 * Support array values of the "aud" field.
 * Normalize the version constant to match related gems.
-### 0.11.0 / 2018-10-08
+## 0.11.0 / 2018-10-08
 * Add constant time comparison for oauth signatures.
-### 0.10.0 / 2018-09-21
+## 0.10.0 / 2018-09-21
 * Add UnexpectedStatusError class for http status errors that are not handled.
-### 0.9.2 / 2018-09-12
+## 0.9.2 / 2018-09-12
 * Update issued_at correctly when it is set simultaneously with expires_in.
-### 0.9.1 / 2018-08-29
+## 0.9.1 / 2018-08-29
 * Warn on EOL ruby versions.
 * Fix DateTime normalization.
-### 0.9.0 / 2018-08-20
+## 0.9.0 / 2018-08-20
 * Add RemoteServerError class for 5xx level errors.
 * Allow to_json to be called with arguments
 * Expires_in now sets and reflects current expires_at value
 * Expires_within(0) now returns false when expires_at is nil.
-### 0.8.1 / 2017-10-13
+## 0.8.1 / 2017-10-13
 * Restore support for Ruby 1.9.3
-### 0.8.0 / 2017-10-12
+## 0.8.0 / 2017-10-12
 * Ensure the "expires_at" attribute is recalculated on refresh (chutzimir)
 * Fix warnings on Ruby 2.4 (koic)
@@ -56,20 +65,20 @@ Rerelease of 0.13.1.
 * Provide signature verification algorithm for compatibility with ruby-jwt 2.0 (jurriaan)
 * Signet::OAuth2::Client#decoded_id_token can take a keyfinder block (mvastola)
-### 0.7.3 / 2016-06-20
+## 0.7.3 / 2016-06-20
 * Fix timestamp parsing on 32-bit systems
 * Fix expiration check when issue/expiry times are nil
-### 0.7.2 / 2015-12-21
+## 0.7.2 / 2015-12-21
 * Don't assume Faraday form encoding middleware is present
-### 0.7.1 / 2015-12-17
+## 0.7.1 / 2015-12-17
 * Fix an issue with date parsing
-### 0.7 / 2015-12-06
+## 0.7 / 2015-12-06
 * No longer overwrite SSL environment variables.
 * Tighten up date & URL (de)serialization for OAuth2 client
@@ -78,7 +87,7 @@ Rerelease of 0.13.1.
 * Add expires_within(sec) method to oauth2 client to facilitate proactive
   refreshes
-### 0.6.1 / 2015-06-08
+## 0.6.1 / 2015-06-08
 * Fix language warnings for unused & shadowed variables ((@blowmage)[])
 * Update SSL cert path for OSX ((@gambaroff)[])
@@ -86,14 +95,14 @@ Rerelease of 0.13.1.
 * Fix incorrect parameter name in OAuth2 client docs ((@samuelreh)[])
 * Fix symbolization of URL parameter keys ((@swifthand)[])
-### 0.6.0 / 2014-12-05
+## 0.6.0 / 2014-12-05
 * Drop support for ruby versions < 1.9.3
 * Update gem dependencies and lock down versions tighter
 * Allow form encoded responses when exchanging OAuth 2 authorization codes
 * Normalize options keys for indifferent access
-### 0.5.1 / 2014-06-08
+## 0.5.1 / 2014-06-08
 * Allow Hash objects to be used to initialize authorization URI
 * Added PLAINTEXT and RSA-SHA1 signature methods to OAuth 1 support
@@ -101,53 +110,53 @@ Rerelease of 0.13.1.
 * The `approval_prompt` option no longer defaults to `:force`
 * The `approval_prompt` and `prompt` are now mutually exclusive.
-### 0.5.0 / 2013-05-31
+## 0.5.0 / 2013-05-31
 * Switched to faraday 0.9.0
 * Added `expires_at` option
-### 0.4.5
+## 0.4.5
 * Minor documentation fixes
 * Allow postmessage as a valid redirect_uri in OAuth 2
-### 0.4.4
+## 0.4.4
 * Add support for assertion profile
-### 0.4.3
+## 0.4.3
 * Added method to clear credentials
-### 0.4.2
+## 0.4.2
 * Backwards compatibility for MultiJson
-### 0.4.1
+## 0.4.1
 * Updated Launchy dependency
-### 0.4.0
+## 0.4.0
 * Added OAuth 1 server implementation
 * Updated Faraday dependency
-### 0.3.4
+## 0.3.4
 * Attempts to auto-detect CA cert location
-### 0.3.3
+## 0.3.3
 * Request objects no longer recreated during processing
 * Faraday middleware now supported
 * Streamed requests now supported
 * Fixed assertion profiles; client ID/secret omission no longer an error
-### 0.3.2
+## 0.3.2
 * Added audience security check for ID tokens
-### 0.3.1
+## 0.3.1
 * Fixed a warning while determining grant type
 * Removed requirement that a connection be supplied when authorizing requests
@@ -155,52 +164,52 @@ Rerelease of 0.13.1.
 * Fixed some documentation stuff around markdown formatting
 * Added support for Google Code wiki format output when generating docs
-### 0.3.0
+## 0.3.0
 * Replaced httpadapter gem dependency with faraday
 * Replaced json gem dependency with multi_json
 * Updated to OAuth 2.0 draft 22
 * Complete test coverage
-### 0.2.4
+## 0.2.4
 * Updated to incorporate changes to the Google OAuth endpoints
-### 0.2.3
+## 0.2.3
 * Added support for JWT-formatted ID tokens.
 * Added :issued_at option to #update_token! method.
-### 0.2.2
+## 0.2.2
 * Lowered requirements for json gem
-### 0.2.1
+## 0.2.1
 * Updated to keep in sync with the new httpadapter changes
-### 0.2.0
+## 0.2.0
 * Added support for OAuth 2.0 draft 10
-### 0.1.4
+## 0.1.4
 * Added support for a two-legged authorization flow
-### 0.1.3
+## 0.1.3
 * Fixed issue with headers passed in as a Hash
 * Fixed incompatibilities with Ruby 1.8.6
-### 0.1.2
+## 0.1.2
 * Fixed bug with overzealous normalization
-### 0.1.1
+## 0.1.1
 * Fixed bug with missing StringIO require
 * Fixed issue with dependency on unreleased features of addressable
-### 0.1.0
+## 0.1.0
 * Initial release

data/lib/signet/oauth_1.rb CHANGED

@@ -178,7 +178,7 @@ module Signet #:nodoc:
         query:     parsed_uri.query,
         fragment:  parsed_uri.fragment
       )
-      uri_parameters = uri.query_values.to_a
+      uri_parameters = uri.query_values(Array) || []
       uri = uri.omit(:query, :fragment).to_s
       merged_parameters =
         uri_parameters.concat(parameters.map { |k, v| [k, v] })

data/lib/signet/version.rb CHANGED

@@ -13,5 +13,5 @@
 #    limitations under the License.
 module Signet
-  VERSION = "0.14.0".freeze
+  VERSION = "0.14.1".freeze
 end

data/spec/signet/oauth_1_spec.rb CHANGED

@@ -282,6 +282,32 @@ describe Signet::OAuth1 do
     )
   end
+  it "should correctly generate a base signature with duplicated query params" do
+    method = "GET"
+    uri = "http://photos.example.net/photos?foo=bar&foo=baz&foo=qux"
+    parameters = {
+      "oauth_consumer_key"     => "dpf43f3p2l4k3l03",
+      "oauth_token"            => "nnch734d00sl2jdk",
+      "oauth_signature_method" => "HMAC-SHA1",
+      "oauth_timestamp"        => "1191242096",
+      "oauth_nonce"            => "kllo9940pd9333jh",
+      "oauth_version"          => "1.0",
+      "file"                   => "vacation.jpg",
+      "size"                   => "original"
+    }
+    expect(Signet::OAuth1.generate_base_string(method, uri, parameters)).to eq(
+      "GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26" \
+      "foo%3Dbar%26" \
+      "foo%3Dbaz%26" \
+      "foo%3Dqux%26" \
+      "oauth_consumer_key%3Ddpf43f3p2l4k3l03%26" \
+      "oauth_nonce%3Dkllo9940pd9333jh%26" \
+      "oauth_signature_method%3DHMAC-SHA1%26" \
+      "oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26" \
+      "oauth_version%3D1.0%26size%3Doriginal"
+                                                                            )
+  end
   it "should correctly generate an authorization header" do
     parameters = [
       %w[oauth_consumer_key 0685bd9184jfhq22],

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: signet
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.14.1
 platform: ruby
 authors:
 - Bob Aman
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-04-02 00:00:00.000000000 Z
+date: 2021-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -248,7 +248,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.2.6
 signing_key:
 specification_version: 4
 summary: Signet is an OAuth 1.0 / OAuth 2.0 implementation.