Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-omniauth-oauth2 for
openSUSE:Factory checked in at 2022-02-07 23:37:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-omniauth-oauth2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-omniauth-oauth2.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-omniauth-oauth2"
Mon Feb 7 23:37:45 2022 rev:5 rq:949090 version:1.7.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-omniauth-oauth2/rubygem-omniauth-oauth2.changes
2021-01-21 21:56:34.401840813 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-omniauth-oauth2.new.1898/rubygem-omniauth-oauth2.changes
2022-02-07 23:38:47.830154288 +0100
@@ -1,0 +2,6 @@
+Tue Jan 25 07:16:22 UTC 2022 - Stephan Kulow <[email protected]>
+
+updated to version 1.7.2
+ no changelog found
+
+-------------------------------------------------------------------
Old:
----
omniauth-oauth2-1.7.1.gem
New:
----
omniauth-oauth2-1.7.2.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-omniauth-oauth2.spec ++++++
--- /var/tmp/diff_new_pack.Cb1cUU/_old 2022-02-07 23:38:48.286151168 +0100
+++ /var/tmp/diff_new_pack.Cb1cUU/_new 2022-02-07 23:38:48.290151140 +0100
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-omniauth-oauth2
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-omniauth-oauth2
-Version: 1.7.1
+Version: 1.7.2
Release: 0
%define mod_name omniauth-oauth2
%define mod_full_name %{mod_name}-%{version}
++++++ omniauth-oauth2-1.7.1.gem -> omniauth-oauth2-1.7.2.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.github/FUNDING.yml new/.github/FUNDING.yml
--- old/.github/FUNDING.yml 1970-01-01 01:00:00.000000000 +0100
+++ new/.github/FUNDING.yml 2021-11-02 19:54:08.000000000 +0100
@@ -0,0 +1,2 @@
+github: bobbymcwho
+tidelift: rubygems/omniauth-oauth2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.github/workflows/main.yml
new/.github/workflows/main.yml
--- old/.github/workflows/main.yml 2021-01-11 21:07:34.000000000 +0100
+++ new/.github/workflows/main.yml 2021-11-02 19:54:08.000000000 +0100
@@ -47,3 +47,21 @@
env:
JRUBY_OPTS: --debug
run: bundle exec rake
+ coveralls:
+ runs-on: ubuntu-18.04
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up Ruby
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: 2.6
+ bundler-cache: true
+ - name: Install dependencies
+ run: bundle install
+ - name: Run tests
+ run: bundle exec rake
+ - name: Coveralls GitHub Action
+ uses: coverallsapp/[email protected]
+ with:
+ github-token: ${{ secrets.github_token }}
+ path-to-lcov: './coverage/lcov/omniauth-oauth2.lcov'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.travis.yml new/.travis.yml
--- old/.travis.yml 2021-01-11 21:07:34.000000000 +0100
+++ new/.travis.yml 1970-01-01 01:00:00.000000000 +0100
@@ -1,22 +0,0 @@
-bundler_args: --without development
-before_install:
- - gem update --system
- - gem update bundler
-cache: bundler
-env:
- global:
- - JRUBY_OPTS="$JRUBY_OPTS --debug"
-language: ruby
-rvm:
- - jruby-9000
- - 2.4.4
- - 2.5.3
- - jruby-head
- - ruby-head
- - truffleruby-head
-matrix:
- allow_failures:
- - rvm: jruby-head
- - rvm: ruby-head
- fast_finish: true
-sudo: false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Gemfile new/Gemfile
--- old/Gemfile 2021-01-11 21:07:34.000000000 +0100
+++ new/Gemfile 2021-11-02 19:54:08.000000000 +0100
@@ -1,17 +1,18 @@
source "https://rubygems.org";
-gem "rake", "~> 12.0"
+gem "rake", "~> 13.0"
group :test do
gem "addressable", "~> 2.3.8", :platforms => %i[jruby ruby_18]
- gem "coveralls"
+ gem 'coveralls_reborn', '~> 0.19.0', require: false
gem "json", :platforms => %i[jruby ruby_18 ruby_19]
gem "mime-types", "~> 1.25", :platforms => %i[jruby ruby_18]
gem "rack-test"
gem "rest-client", "~> 1.8.0", :platforms => %i[jruby ruby_18]
gem "rspec", "~> 3.2"
gem "rubocop", ">= 0.51", :platforms => %i[ruby_19 ruby_20 ruby_21 ruby_22
ruby_23 ruby_24]
- gem "simplecov", ">= 0.9"
+ gem 'simplecov-lcov'
+ gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
gem "webmock", "~> 3.0"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2021-01-11 21:07:34.000000000 +0100
+++ new/README.md 2021-11-02 19:54:08.000000000 +0100
@@ -1,13 +1,11 @@
# OmniAuth OAuth2
[][gem]
-[][travis]
[][codeclimate]
[][coveralls]
[](https://hakiri.io/github/omniauth/omniauth-oauth2/master)
[gem]: https://rubygems.org/gems/omniauth-oauth2
-[travis]: http://travis-ci.org/omniauth/omniauth-oauth2
[codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2
[coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2
@@ -32,7 +30,7 @@
# This is where you pass the options you would pass when
# initializing your consumer from the OAuth gem.
option :client_options, {:site => "https://api.somesite.com"}
-
+
# You may specify that your strategy should use PKCE by setting
# the pkce option to true: https://tools.ietf.org/html/rfc7636
option :pkce, true
@@ -66,3 +64,12 @@
```
That's pretty much it!
+
+## OmniAuth-OAuth2 for Enterprise
+
+Available as part of the Tidelift Subscription.
+
+The maintainers of OmniAuth-OAuth2 and thousands of other packages are working
with Tidelift to deliver commercial support and maintenance for the open source
packages you use to build your applications. Save time, reduce risk, and
improve code health, while paying the maintainers of the exact packages you
use. [Learn
more.](https://tidelift.com/subscription/pkg/rubygems-omniauth-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise)
+
+## Supported Ruby Versions
+OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SECURITY.md new/SECURITY.md
--- old/SECURITY.md 1970-01-01 01:00:00.000000000 +0100
+++ new/SECURITY.md 2021-11-02 19:54:08.000000000 +0100
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported |
+| ------- | ------------------ |
+| 1.7.x | :white_check_mark: |
+| <= 1.6.x | :x: |
+
+## Security contact information
+
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/omniauth/strategies/oauth2.rb
new/lib/omniauth/strategies/oauth2.rb
--- old/lib/omniauth/strategies/oauth2.rb 2021-01-11 21:07:34.000000000
+0100
+++ new/lib/omniauth/strategies/oauth2.rb 2021-11-02 19:54:08.000000000
+0100
@@ -83,10 +83,10 @@
def callback_phase # rubocop:disable Metrics/AbcSize,
Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
error = request.params["error_reason"] || request.params["error"]
- if error
- fail!(error, CallbackError.new(request.params["error"],
request.params["error_description"] || request.params["error_reason"],
request.params["error_uri"]))
- elsif !options.provider_ignores_state &&
(request.params["state"].to_s.empty? || request.params["state"] !=
session.delete("omniauth.state"))
+ if !options.provider_ignores_state &&
(request.params["state"].to_s.empty? || request.params["state"] !=
session.delete("omniauth.state"))
fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF
detected"))
+ elsif error
+ fail!(error, CallbackError.new(request.params["error"],
request.params["error_description"] || request.params["error_reason"],
request.params["error_uri"]))
else
self.access_token = build_access_token
self.access_token = access_token.refresh! if access_token.expired?
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/omniauth-oauth2/version.rb
new/lib/omniauth-oauth2/version.rb
--- old/lib/omniauth-oauth2/version.rb 2021-01-11 21:07:34.000000000 +0100
+++ new/lib/omniauth-oauth2/version.rb 2021-11-02 19:54:08.000000000 +0100
@@ -1,5 +1,5 @@
module OmniAuth
module OAuth2
- VERSION = "1.7.1".freeze
+ VERSION = "1.7.2".freeze
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2021-01-11 21:07:34.000000000 +0100
+++ new/metadata 2021-11-02 19:54:08.000000000 +0100
@@ -1,16 +1,16 @@
--- !ruby/object:Gem::Specification
name: omniauth-oauth2
version: !ruby/object:Gem::Version
- version: 1.7.1
+ version: 1.7.2
platform: ruby
authors:
- Michael Bleigh
- Erik Michaels-Ober
- Tom Milewski
-autorequire:
+autorequire:
bindir: bin
cert_chain: []
-date: 2021-01-11 00:00:00.000000000 Z
+date: 2021-11-02 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: oauth2
@@ -69,15 +69,16 @@
extensions: []
extra_rdoc_files: []
files:
+- ".github/FUNDING.yml"
- ".github/workflows/main.yml"
- ".gitignore"
- ".rspec"
- ".rubocop.yml"
-- ".travis.yml"
- Gemfile
- LICENSE.md
- README.md
- Rakefile
+- SECURITY.md
- lib/omniauth-oauth2.rb
- lib/omniauth-oauth2/version.rb
- lib/omniauth/strategies/oauth2.rb
@@ -88,7 +89,7 @@
licenses:
- MIT
metadata: {}
-post_install_message:
+post_install_message:
rdoc_options: []
require_paths:
- lib
@@ -103,8 +104,8 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.2.30
+signing_key:
specification_version: 4
summary: An abstract OAuth2 strategy for OmniAuth.
test_files:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/helper.rb new/spec/helper.rb
--- old/spec/helper.rb 2021-01-11 21:07:34.000000000 +0100
+++ new/spec/helper.rb 2021-11-02 19:54:08.000000000 +0100
@@ -3,9 +3,16 @@
if RUBY_VERSION >= "1.9"
require "simplecov"
+ require "simplecov-lcov"
require "coveralls"
- SimpleCov.formatters = [SimpleCov::Formatter::HTMLFormatter,
Coveralls::SimpleCov::Formatter]
+ SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true
+
+ SimpleCov.formatters = [
+ SimpleCov::Formatter::HTMLFormatter,
+ SimpleCov::Formatter::LcovFormatter,
+ Coveralls::SimpleCov::Formatter
+ ]
SimpleCov.start do
minimum_coverage(78.48)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/omniauth/strategies/oauth2_spec.rb
new/spec/omniauth/strategies/oauth2_spec.rb
--- old/spec/omniauth/strategies/oauth2_spec.rb 2021-01-11 21:07:34.000000000
+0100
+++ new/spec/omniauth/strategies/oauth2_spec.rb 2021-11-02 19:54:08.000000000
+0100
@@ -97,14 +97,47 @@
end
describe "#callback_phase" do
- subject { fresh_strategy }
- it "calls fail with the client error received" do
- instance = subject.new("abc", "def")
+ subject(:instance) { fresh_strategy.new("abc", "def") }
+
+ let(:params) { {"error_reason" => "user_denied", "error" =>
"access_denied", "state" => state} }
+ let(:state) { "secret" }
+
+ before do
allow(instance).to receive(:request) do
- double("Request", :params => {"error_reason" => "user_denied", "error"
=> "access_denied"})
+ double("Request", :params => params)
end
+ allow(instance).to receive(:session) do
+ double("Session", :delete => state)
+ end
+ end
+
+ it "calls fail with the error received" do
+ expect(instance).to receive(:fail!).with("user_denied", anything)
+
+ instance.callback_phase
+ end
+
+ it "calls fail with the error received if state is missing and CSRF
verification is disabled" do
+ params["state"] = nil
+ instance.options.provider_ignores_state = true
+
expect(instance).to receive(:fail!).with("user_denied", anything)
+
+ instance.callback_phase
+ end
+
+ it "calls fail with a CSRF error if the state is missing" do
+ params["state"] = nil
+
+ expect(instance).to receive(:fail!).with(:csrf_detected, anything)
+ instance.callback_phase
+ end
+
+ it "calls fail with a CSRF error if the state is invalid" do
+ params["state"] = "invalid"
+
+ expect(instance).to receive(:fail!).with(:csrf_detected, anything)
instance.callback_phase
end
end
