Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-rack-oauth2 for
openSUSE:Factory checked in at 2022-02-02 22:41:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-oauth2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack-oauth2.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-oauth2"
Wed Feb 2 22:41:27 2022 rev:13 rq:950632 version:1.19.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack-oauth2/rubygem-rack-oauth2.changes
2021-07-02 13:28:45.196161820 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-rack-oauth2.new.1898/rubygem-rack-oauth2.changes
2022-02-02 22:42:28.179102415 +0100
@@ -1,0 +2,6 @@
+Tue Jan 25 07:21:31 UTC 2022 - Stephan Kulow <[email protected]>
+
+updated to version 1.19.0
+ no changelog found
+
+-------------------------------------------------------------------
Old:
----
rack-oauth2-1.17.0.gem
New:
----
rack-oauth2-1.19.0.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack-oauth2.spec ++++++
--- /var/tmp/diff_new_pack.aZdJ2N/_old 2022-02-02 22:42:28.679099027 +0100
+++ /var/tmp/diff_new_pack.aZdJ2N/_new 2022-02-02 22:42:28.687098972 +0100
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-rack-oauth2
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-rack-oauth2
-Version: 1.17.0
+Version: 1.19.0
Release: 0
%define mod_name rack-oauth2
%define mod_full_name %{mod_name}-%{version}
++++++ rack-oauth2-1.17.0.gem -> rack-oauth2-1.19.0.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/VERSION new/VERSION
--- old/VERSION 2021-05-26 02:26:52.000000000 +0200
+++ new/VERSION 2021-10-01 04:26:30.000000000 +0200
@@ -1 +1 @@
-1.17.0
\ No newline at end of file
+1.19.0
\ No newline at end of file
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/oauth2/server/abstract/error.rb
new/lib/rack/oauth2/server/abstract/error.rb
--- old/lib/rack/oauth2/server/abstract/error.rb 2021-05-26
02:26:53.000000000 +0200
+++ new/lib/rack/oauth2/server/abstract/error.rb 2021-10-01
04:26:30.000000000 +0200
@@ -42,6 +42,7 @@
class Unauthorized < Error
def initialize(error = :unauthorized, description = nil, options =
{})
+ @skip_www_authenticate = options[:skip_www_authenticate]
super 401, error, description, options
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/oauth2/server/token/error.rb
new/lib/rack/oauth2/server/token/error.rb
--- old/lib/rack/oauth2/server/token/error.rb 2021-05-26 02:26:53.000000000
+0200
+++ new/lib/rack/oauth2/server/token/error.rb 2021-10-01 04:26:30.000000000
+0200
@@ -8,7 +8,9 @@
class Unauthorized < Abstract::Unauthorized
def finish
super do |response|
- response.header['WWW-Authenticate'] = 'Basic realm="OAuth2 Token
Endpoint"'
+ unless @skip_www_authenticate
+ response.header['WWW-Authenticate'] = 'Basic realm="OAuth2
Token Endpoint"'
+ end
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/oauth2/server/token.rb
new/lib/rack/oauth2/server/token.rb
--- old/lib/rack/oauth2/server/token.rb 2021-05-26 02:26:53.000000000 +0200
+++ new/lib/rack/oauth2/server/token.rb 2021-10-01 04:26:30.000000000 +0200
@@ -44,7 +44,7 @@
class Request < Abstract::Request
attr_required :grant_type
- attr_optional :client_secret
+ attr_optional :client_secret, :client_assertion,
:client_assertion_type
def initialize(env)
auth = Rack::Auth::Basic::Request.new(env)
@@ -56,6 +56,15 @@
else
super
@client_secret = params['client_secret']
+ @client_assertion = params['client_assertion']
+ @client_assertion_type = params['client_assertion_type']
+ if client_assertion.present? && client_assertion_type ==
URN::ClientAssertionType::JWT_BEARER
+ require 'json/jwt'
+ @client_id = JSON::JWT.decode(
+ client_assertion,
+ :skip_verification
+ )[:sub] rescue nil
+ end
end
@grant_type = params['grant_type'].to_s
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/oauth2.rb new/lib/rack/oauth2.rb
--- old/lib/rack/oauth2.rb 2021-05-26 02:26:52.000000000 +0200
+++ new/lib/rack/oauth2.rb 2021-10-01 04:26:30.000000000 +0200
@@ -43,6 +43,11 @@
_http_client_ = HTTPClient.new(
agent_name: agent_name
)
+
+ # NOTE: httpclient gem seems stopped maintaining root certtificate set,
use OS default.
+ _http_client_.ssl_config.clear_cert_store
+ _http_client_.ssl_config.cert_store.set_default_paths
+
http_config.try(:call, _http_client_)
local_http_config.try(:call, _http_client_) unless local_http_config.nil?
_http_client_.request_filter << Debugger::RequestFilter.new if debugging?
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2021-05-26 02:26:52.000000000 +0200
+++ new/metadata 2021-10-01 04:26:30.000000000 +0200
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: rack-oauth2
version: !ruby/object:Gem::Version
- version: 1.17.0
+ version: 1.19.0
platform: ruby
authors:
- nov matake
autorequire:
bindir: bin
cert_chain: []
-date: 2021-05-26 00:00:00.000000000 Z
+date: 2021-10-01 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: rack
@@ -301,7 +301,7 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
signing_key:
specification_version: 4
summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type
are supported
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/rack/oauth2/server/token_spec.rb
new/spec/rack/oauth2/server/token_spec.rb
--- old/spec/rack/oauth2/server/token_spec.rb 2021-05-26 02:26:53.000000000
+0200
+++ new/spec/rack/oauth2/server/token_spec.rb 2021-10-01 04:26:30.000000000
+0200
@@ -71,6 +71,60 @@
end
end
+ context 'when client_id is given via JWT client assertion' do
+ before do
+ require 'json/jwt'
+ params[:client_assertion] = JSON::JWT.new(
+ sub: params[:client_id]
+ # NOTE: actual client_assertion should have more claims.
+ ).sign('client_secret').to_s
+ params[:client_assertion_type] =
Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER
+ params.delete(:client_id)
+ end
+
+ context 'when client_assertion is invalid JWT' do
+ before do
+ params[:client_assertion] = 'invalid-jwt'
+ end
+ its(:status) { should == 400 }
+ its(:content_type) { should == 'application/json' }
+ its(:body) { should include '"error":"invalid_request"' }
+ end
+
+ context 'when client_assertion_type is missing' do
+ before do
+ params.delete(:client_assertion_type)
+ end
+ its(:status) { should == 400 }
+ its(:content_type) { should == 'application/json' }
+ its(:body) { should include '"error":"invalid_request"' }
+ end
+
+ context 'when client_assertion_type is unknown' do
+ before do
+ params[:client_assertion_type] = 'unknown'
+ end
+ its(:status) { should == 400 }
+ its(:content_type) { should == 'application/json' }
+ its(:body) { should include '"error":"invalid_request"' }
+ end
+
+ context 'when client_assertion issuer is different from client_id' do
+ before do
+ params[:client_id] = 'another_client_id'
+ end
+ its(:status) { should == 400 }
+ its(:content_type) { should == 'application/json' }
+ its(:body) { should include '"error":"invalid_request"' }
+ end
+
+ context 'otherwise' do
+ its(:status) { should == 200 }
+ its(:content_type) { should == 'application/json' }
+ its(:body) { should include '"access_token":"access_token"' }
+ end
+ end
+
Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION.each do
|error, default_message|
status = if error == :invalid_client
401
@@ -87,7 +141,22 @@
its(:content_type) { should == 'application/json' }
its(:body) { should include "\"error\":\"#{error}\"" }
its(:body) { should include
"\"error_description\":\"#{default_message}\"" }
+ if error == :invalid_client
+ its(:headers) { should include 'WWW-Authenticate' }
+ end
+ end
+ end
+
+ context 'when skip_www_authenticate option is specified on invalid_client' do
+ let(:app) do
+ Rack::OAuth2::Server::Token.new do |request, response|
+ request.invalid_client!(
+
Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION[:invalid_client],
+ skip_www_authenticate: true
+ )
+ end
end
+ its(:headers) { should_not include 'WWW-Authenticate' }
end
context 'when responding' do
