Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-omniauth for
openSUSE:Factory checked in at 2022-04-30 22:52:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-omniauth (Old)
and /work/SRC/openSUSE:Factory/.rubygem-omniauth.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-omniauth"
Sat Apr 30 22:52:36 2022 rev:7 rq:974059 version:2.1.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-omniauth/rubygem-omniauth.changes
2021-07-02 13:28:42.592182024 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-omniauth.new.1538/rubygem-omniauth.changes
2022-04-30 22:52:47.964245486 +0200
@@ -1,0 +2,6 @@
+Thu Apr 28 05:38:51 UTC 2022 - Stephan Kulow <[email protected]>
+
+updated to version 2.1.0
+ no changelog found
+
+-------------------------------------------------------------------
Old:
----
omniauth-2.0.4.gem
New:
----
omniauth-2.1.0.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-omniauth.spec ++++++
--- /var/tmp/diff_new_pack.Jnx6J3/_old 2022-04-30 22:52:49.248247223 +0200
+++ /var/tmp/diff_new_pack.Jnx6J3/_new 2022-04-30 22:52:49.252247228 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-omniauth
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-omniauth
-Version: 2.0.4
+Version: 2.1.0
Release: 0
%define mod_name omniauth
%define mod_full_name %{mod_name}-%{version}
++++++ omniauth-2.0.4.gem -> omniauth-2.1.0.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.github/workflows/main.yml
new/.github/workflows/main.yml
--- old/.github/workflows/main.yml 2021-04-07 22:18:29.000000000 +0200
+++ new/.github/workflows/main.yml 2022-04-13 20:45:53.000000000 +0200
@@ -20,7 +20,7 @@
fail-fast: false
matrix:
os: [ubuntu, macos]
- ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
+ ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug, truffleruby,
truffleruby-head]
steps:
- uses: actions/checkout@v2
- name: Set up Ruby
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 2021-04-07 22:18:29.000000000 +0200
+++ new/.gitignore 2022-04-13 20:45:53.000000000 +0200
@@ -11,3 +11,4 @@
measurement/*
pkg/*
.DS_Store
+.tool-versions
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Gemfile new/Gemfile
--- old/Gemfile 2021-04-07 22:18:29.000000000 +0200
+++ new/Gemfile 2022-04-13 20:45:53.000000000 +0200
@@ -1,6 +1,6 @@
source 'https://rubygems.org'
-gem 'jruby-openssl', '~> 0.10.5', :platforms => :jruby
+gem 'jruby-openssl', '~> 0.10.5', platforms: :jruby
gem 'rake', '>= 12.0'
gem 'yard', '>= 0.9.11'
@@ -13,17 +13,16 @@
group :test do
gem 'coveralls_reborn', '~> 0.19.0', require: false
- gem 'hashie', '>= 3.4.6', '~> 4.0.0', :platforms => [:jruby_18]
- gem 'json', '~> 2.3.0', :platforms => %i[jruby_18 jruby_19 ruby_19]
- gem 'mime-types', '~> 3.1', :platforms => [:jruby_18]
- gem 'rack', '>= 2.0.6', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20
ruby_21]
+ gem 'hashie', '>= 3.4.6', '~> 4.0.0', platforms: [:jruby_18]
+ gem 'json', '~> 2.3.0', platforms: %i[jruby_18 jruby_19 ruby_19]
+ gem 'mime-types', '~> 3.1', platforms: [:jruby_18]
gem 'rack-test'
- gem 'rest-client', '~> 2.0.0', :platforms => [:jruby_18]
+ gem 'rest-client', '~> 2.0.0', platforms: [:jruby_18]
gem 'rspec', '~> 3.5'
gem 'rack-freeze'
- gem 'rubocop', '>= 0.58.2', '< 0.69.0', :platforms => %i[ruby_20 ruby_21
ruby_22 ruby_23 ruby_24]
+ gem 'rubocop', '>= 0.58.2', '< 0.69.0', platforms: %i[ruby_20 ruby_21
ruby_22 ruby_23 ruby_24]
gem 'simplecov-lcov'
- gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
+ gem 'tins', '~> 1.13', platforms: %i[jruby_18 jruby_19 ruby_19]
end
gemspec
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2021-04-07 22:18:29.000000000 +0200
+++ new/README.md 2022-04-13 20:45:53.000000000 +0200
@@ -10,7 +10,7 @@
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
[coveralls]: https://coveralls.io/r/omniauth/omniauth
-This is the documentation for the version
[v2.0.4](https://github.com/omniauth/omniauth/tree/v2.0.4) of OmniAuth.
+This is the documentation for our latest release
[v2.1.0](https://github.com/omniauth/omniauth/releases/tag/v2.1.0).
## An Introduction
OmniAuth is a library that standardizes multi-provider authentication for
@@ -83,34 +83,7 @@
contains as much information about the user as OmniAuth was able to
glean from the utilized strategy. You should set up an endpoint in your
application that matches to the callback URL and then performs whatever
-steps are necessary for your application. For example, in a Rails app
-you would add a line in your `routes.rb` file like this:
-
-```ruby
-post '/auth/:provider/callback', to: 'sessions#create'
-```
-
-And you might then have a `SessionsController` with code that looks
-something like this:
-
-```ruby
-class SessionsController < ApplicationController
- # If you're using a strategy that POSTs during callback, you'll need to skip
the authenticity token check for the callback action only.
- skip_before_action :verify_authenticity_token, only: :create
-
- def create
- @user = User.find_or_create_from_auth_hash(auth_hash)
- self.current_user = @user
- redirect_to '/'
- end
-
- protected
-
- def auth_hash
- request.env['omniauth.auth']
- end
-end
-```
+steps are necessary for your application.
The `omniauth.auth` key in the environment hash provides an
Authentication Hash which will contain information about the just
@@ -124,35 +97,67 @@
you how you want to implement the particulars of your application's
authentication flow.
-**Please note:** there is currently a CSRF vulnerability which affects
OmniAuth (designated
[CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284)) that requires
mitigation at the application level. More details on how to do this can be
found on the
[Wiki](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284).
-## Configuring The `origin` Param
-The `origin` url parameter is typically used to inform where a user came from
and where, should you choose to use it, they'd want to return to.
+## Rails (without Devise)
+To get started, add the following gems
+
+**Gemfile**:
+```ruby
+gem 'omniauth'
+gem "omniauth-rails_csrf_protection"
+```
-There are three possible options:
+Then insert OmniAuth as a middleware
-Default Flow:
+**config/initializers/omniauth.rb**:
```ruby
-# /auth/twitter/?origin=[URL]
-# No change
-# If blank, `omniauth.origin` is set to HTTP_REFERER
+Rails.application.config.middleware.use OmniAuth::Builder do
+ provider :developer if Rails.env.development?
+end
```
-Renaming Origin Param:
+Additional providers can be added here in the future. Next we wire it
+all up using routes, a controller and a login view.
+
+**config/routes.rb**:
+
```ruby
-# /auth/twitter/?return_to=[URL]
-# If blank, `omniauth.origin` is set to HTTP_REFERER
-provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
+ get 'auth/:provider/callback', to: 'sessions#create'
+ get '/login', to: 'sessions#new'
```
-Disabling Origin Param:
+**app/controllers/sessions_controller.rb**:
```ruby
-# /auth/twitter
-# Origin handled externally, if need be. `omniauth.origin` is not set
-provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
+class SessionsController < ApplicationController
+ def new
+ render :new
+ end
+
+ def create
+ user_info = request.env['omniauth.auth']
+ raise user_info # Your own session management should be placed here.
+ end
+end
```
-## Integrating OmniAuth Into Your Rails API
+**app/views/sessions/new.html.erb**:
+```erb
+<%= form_tag('/auth/developer', method: 'post', data: {turbo: false}) do %>
+ <button type='submit'>Login with Developer</button>
+<% end %>
+```
+
+Now if you visit `/login` and click the Login button, you should see the
+OmniAuth developer login screen. After submitting it, you are returned to your
+application at `Sessions#create`. The raise should now display all the Omniauth
+details you have available to integrate it into your own user management.
+
+If you want out of the box usermanagement, you should consider using Omniauth
+through Devise. Please visit the [Devise Github
page](https://github.com/heartcombo/devise#omniauth)
+for more information.
+
+
+## Rails API
The following middleware are (by default) included for session management in
Rails applications. When using OmniAuth with a Rails API, you'll need to add
one of these required middleware back in:
@@ -191,6 +196,33 @@
OmniAuth.config.logger = Rails.logger
```
+## Origin Param
+The `origin` url parameter is typically used to inform where a user came from
+and where, should you choose to use it, they'd want to return to.
+Omniauth supports the following settings which can be configured on a provider
level:
+
+**Default**:
+```ruby
+provider :twitter, ENV['KEY'], ENV['SECRET']
+POST /auth/twitter/?origin=[URL]
+# If the `origin` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
+```
+
+**Using a differently named origin parameter**:
+```ruby
+provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
+POST /auth/twitter/?return_to=[URL]
+# If the `return_to` parameter is blank, `omniauth.origin` is set to
HTTP_REFERER
+```
+
+**Disabled**:
+```ruby
+provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
+POST /auth/twitter
+# This means the origin should be handled by your own application.
+# Note that `omniauth.origin` will always be blank.
+```
+
## Resources
The [OmniAuth Wiki](https://github.com/omniauth/omniauth/wiki) has
actively maintained in-depth documentation for OmniAuth. It should be
@@ -201,7 +233,11 @@
Available as part of the Tidelift Subscription.
-The maintainers of OmniAuth and thousands of other packages are working with
Tidelift to deliver commercial support and maintenance for the open source
packages you use to build your applications. Save time, reduce risk, and
improve code health, while paying the maintainers of the exact packages you
use. [Learn
more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
+The maintainers of OmniAuth and thousands of other packages are working with
+Tidelift to deliver commercial support and maintenance for the open source
+packages you use to build your applications. Save time, reduce risk, and
+improve code health, while paying the maintainers of the exact packages you
use.
+[Learn
more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
## Supported Ruby Versions
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/omniauth/builder.rb new/lib/omniauth/builder.rb
--- old/lib/omniauth/builder.rb 2021-04-07 22:18:29.000000000 +0200
+++ new/lib/omniauth/builder.rb 2022-04-13 20:45:53.000000000 +0200
@@ -26,7 +26,7 @@
@options = options
end
- def provider(klass, *args, &block)
+ def provider(klass, *args, **opts, &block)
if klass.is_a?(Class)
middleware = klass
else
@@ -37,8 +37,7 @@
end
end
- args.last.is_a?(Hash) ? args.push(options.merge(args.pop)) :
args.push(options)
- use middleware, *args, &block
+ use middleware, *args, **options.merge(opts), &block
end
def call(env)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/omniauth/version.rb new/lib/omniauth/version.rb
--- old/lib/omniauth/version.rb 2021-04-07 22:18:29.000000000 +0200
+++ new/lib/omniauth/version.rb 2022-04-13 20:45:53.000000000 +0200
@@ -1,3 +1,3 @@
module OmniAuth
- VERSION = '2.0.4'.freeze
+ VERSION = '2.1.0'.freeze
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2021-04-07 22:18:29.000000000 +0200
+++ new/metadata 2022-04-13 20:45:53.000000000 +0200
@@ -1,16 +1,16 @@
--- !ruby/object:Gem::Specification
name: omniauth
version: !ruby/object:Gem::Version
- version: 2.0.4
+ version: 2.1.0
platform: ruby
authors:
- Michael Bleigh
- Erik Michaels-Ober
- Tom Milewski
-autorequire:
+autorequire:
bindir: bin
cert_chain: []
-date: 2021-04-07 00:00:00.000000000 Z
+date: 2022-04-13 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: hashie
@@ -32,20 +32,14 @@
requirements:
- - ">="
- !ruby/object:Gem::Version
- version: 1.6.2
- - - "<"
- - !ruby/object:Gem::Version
- version: '3'
+ version: 2.2.3
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
- version: 1.6.2
- - - "<"
- - !ruby/object:Gem::Version
- version: '3'
+ version: 2.2.3
- !ruby/object:Gem::Dependency
name: bundler
requirement: !ruby/object:Gem::Requirement
@@ -129,7 +123,7 @@
licenses:
- MIT
metadata: {}
-post_install_message:
+post_install_message:
rdoc_options: []
require_paths:
- lib
@@ -144,8 +138,8 @@
- !ruby/object:Gem::Version
version: 1.3.5
requirements: []
-rubygems_version: 3.0.0
-signing_key:
+rubygems_version: 3.2.32
+signing_key:
specification_version: 4
summary: A generalized Rack framework for multiple-provider authentication.
test_files: []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/omniauth.gemspec new/omniauth.gemspec
--- old/omniauth.gemspec 2021-04-07 22:18:29.000000000 +0200
+++ new/omniauth.gemspec 2022-04-13 20:45:53.000000000 +0200
@@ -6,7 +6,7 @@
Gem::Specification.new do |spec|
spec.add_dependency 'hashie', ['>= 3.4.6']
- spec.add_dependency 'rack', ['>= 1.6.2', '< 3']
+ spec.add_dependency 'rack', '>= 2.2.3'
spec.add_development_dependency 'bundler', '~> 2.0'
spec.add_dependency 'rack-protection'
spec.add_development_dependency 'rake', '~> 12.0'
