Hello community,

here is the log from the commit of package rubygem-openid_connect for 
openSUSE:Factory checked in at 2018-03-06 10:47:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-openid_connect (Old)
 and      /work/SRC/openSUSE:Factory/.rubygem-openid_connect.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rubygem-openid_connect"

Tue Mar  6 10:47:03 2018 rev:2 rq:581877 version:1.1.5

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/rubygem-openid_connect/rubygem-openid_connect.changes
    2018-01-10 23:30:56.795909244 +0100
+++ 
/work/SRC/openSUSE:Factory/.rubygem-openid_connect.new/rubygem-openid_connect.changes
       2018-03-06 10:47:03.568779357 +0100
@@ -1,0 +2,12 @@
+Wed Feb 28 05:31:23 UTC 2018 - factory-a...@kulow.org
+
+- updated to version 1.1.5
+  no changelog found
+
+-------------------------------------------------------------------
+Wed Feb 14 05:30:50 UTC 2018 - factory-a...@kulow.org
+
+- updated to version 1.1.4
+  no changelog found
+
+-------------------------------------------------------------------

Old:
----
  openid_connect-1.1.3.gem

New:
----
  openid_connect-1.1.5.gem

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rubygem-openid_connect.spec ++++++
--- /var/tmp/diff_new_pack.hRuuHe/_old  2018-03-06 10:47:04.344751326 +0100
+++ /var/tmp/diff_new_pack.hRuuHe/_new  2018-03-06 10:47:04.348751182 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package rubygem-openid_connect
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,14 +24,14 @@
 #
 
 Name:           rubygem-openid_connect
-Version:        1.1.3
+Version:        1.1.5
 Release:        0
 %define mod_name openid_connect
 %define mod_full_name %{mod_name}-%{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  ruby-macros >= 5
-BuildRequires:  %{ruby}
 BuildRequires:  %{rubygem gem2rpm}
+BuildRequires:  %{ruby}
+BuildRequires:  ruby-macros >= 5
 Url:            https://github.com/nov/openid_connect
 Source:         https://rubygems.org/gems/%{mod_full_name}.gem
 Source1:        gem2rpm.yml

++++++ openid_connect-1.1.3.gem -> openid_connect-1.1.5.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/.travis.yml new/.travis.yml
--- old/.travis.yml     2017-07-24 06:25:09.000000000 +0200
+++ new/.travis.yml     2018-02-27 08:09:12.000000000 +0100
@@ -2,6 +2,6 @@
   - gem install bundler
 
 rvm:
-  - 2.2.2
-  - 2.2.5
-  - 2.3.1
\ No newline at end of file
+  - 2.3.6
+  - 2.4.3
+  - 2.5.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/VERSION new/VERSION
--- old/VERSION 2017-07-24 06:25:09.000000000 +0200
+++ new/VERSION 2018-02-27 08:09:12.000000000 +0100
@@ -1 +1 @@
-1.1.3
+1.1.5
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/openid_connect/client.rb 
new/lib/openid_connect/client.rb
--- old/lib/openid_connect/client.rb    2017-07-24 06:25:09.000000000 +0200
+++ new/lib/openid_connect/client.rb    2018-02-27 08:09:12.000000000 +0100
@@ -27,7 +27,8 @@
 
     def handle_success_response(response)
       token_hash = JSON.parse(response.body).with_indifferent_access
-      case token_type = token_hash[:token_type].try(:downcase)
+      token_type = (@forced_token_type || 
token_hash[:token_type]).try(:downcase)
+      case token_type
       when 'bearer'
         AccessToken.new token_hash.merge(client: self)
       else
@@ -41,4 +42,4 @@
 
 Dir[File.dirname(__FILE__) + '/client/*.rb'].each do |file|
   require file
-end
\ No newline at end of file
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/lib/openid_connect/discovery/provider/config/response.rb 
new/lib/openid_connect/discovery/provider/config/response.rb
--- old/lib/openid_connect/discovery/provider/config/response.rb        
2017-07-24 06:25:09.000000000 +0200
+++ new/lib/openid_connect/discovery/provider/config/response.rb        
2018-02-27 08:09:12.000000000 +0100
@@ -76,7 +76,7 @@
             end
           end
 
-          def validate!(expected_issuer = nil)
+          def validate!
             valid? or raise ValidationFailed.new(self)
           end
 
@@ -95,7 +95,11 @@
 
           def validate_issuer_matching
             if expected_issuer.present? && issuer != expected_issuer
-              errors.add :issuer, 'mismatch'
+              if OpenIDConnect.validate_discovery_issuer
+                errors.add :issuer, 'mismatch'
+              else
+                OpenIDConnect.logger.warn 'ignoring issuer mismach.'
+              end
             end
           end
         end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/openid_connect/response_object/id_token.rb 
new/lib/openid_connect/response_object/id_token.rb
--- old/lib/openid_connect/response_object/id_token.rb  2017-07-24 
06:25:09.000000000 +0200
+++ new/lib/openid_connect/response_object/id_token.rb  2018-02-27 
08:09:12.000000000 +0100
@@ -10,7 +10,7 @@
       class InvalidAudience < InvalidToken; end
 
       attr_required :iss, :sub, :aud, :exp, :iat
-      attr_optional :acr, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash
+      attr_optional :acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, 
:sub_jwk, :at_hash, :c_hash, :events
       attr_accessor :access_token, :code
       alias_method :subject, :sub
       alias_method :subject=, :sub=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/openid_connect.rb new/lib/openid_connect.rb
--- old/lib/openid_connect.rb   2017-07-24 06:25:09.000000000 +0200
+++ new/lib/openid_connect.rb   2018-02-27 08:09:12.000000000 +0100
@@ -76,6 +76,16 @@
     end
     @@http_config ||= block
   end
+
+  def self.validate_discovery_issuer=(boolean)
+    @@validate_discovery_issuer = boolean
+  end
+
+  def self.validate_discovery_issuer
+    @@validate_discovery_issuer
+  end
+
+  self.validate_discovery_issuer = true
 end
 
 require 'openid_connect/exception'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata        2017-07-24 06:25:09.000000000 +0200
+++ new/metadata        2018-02-27 08:09:12.000000000 +0100
@@ -1,30 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: openid_connect
 version: !ruby/object:Gem::Version
-  version: 1.1.3
+  version: 1.1.5
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-24 00:00:00.000000000 Z
+date: 2018-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: json
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.4.3
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.4.3
-- !ruby/object:Gem::Dependency
   name: tzinfo
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -272,6 +258,7 @@
 - spec/mock_response/access_token/bearer_with_id_token.json
 - spec/mock_response/access_token/invalid_json.json
 - spec/mock_response/access_token/mac.json
+- spec/mock_response/access_token/without_token_type.json
 - spec/mock_response/client/registered.json
 - spec/mock_response/client/rotated.json
 - spec/mock_response/client/updated.json
@@ -333,7 +320,7 @@
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: OpenID Connect Server & Client Library
@@ -344,6 +331,7 @@
 - spec/mock_response/access_token/bearer_with_id_token.json
 - spec/mock_response/access_token/invalid_json.json
 - spec/mock_response/access_token/mac.json
+- spec/mock_response/access_token/without_token_type.json
 - spec/mock_response/client/registered.json
 - spec/mock_response/client/rotated.json
 - spec/mock_response/client/updated.json
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/openid_connect.gemspec new/openid_connect.gemspec
--- old/openid_connect.gemspec  2017-07-24 06:25:09.000000000 +0200
+++ new/openid_connect.gemspec  2018-02-27 08:09:12.000000000 +0100
@@ -12,7 +12,6 @@
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| 
File.basename(f) }
   s.require_paths = ["lib"]
-  s.add_runtime_dependency "json", ">= 1.4.3"
   s.add_runtime_dependency "tzinfo"
   s.add_runtime_dependency "attr_required", ">= 1.0.0"
   s.add_runtime_dependency "activemodel"
@@ -27,4 +26,4 @@
   s.add_development_dependency "rspec-its"
   s.add_development_dependency "webmock"
   s.add_development_dependency "simplecov"
-end
\ No newline at end of file
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/spec/mock_response/access_token/without_token_type.json 
new/spec/mock_response/access_token/without_token_type.json
--- old/spec/mock_response/access_token/without_token_type.json 1970-01-01 
01:00:00.000000000 +0100
+++ new/spec/mock_response/access_token/without_token_type.json 2018-02-27 
08:09:12.000000000 +0100
@@ -0,0 +1,3 @@
+{
+  "access_token":"access_token"
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/spec/openid_connect/client_spec.rb 
new/spec/openid_connect/client_spec.rb
--- old/spec/openid_connect/client_spec.rb      2017-07-24 06:25:09.000000000 
+0200
+++ new/spec/openid_connect/client_spec.rb      2018-02-27 08:09:12.000000000 
+0100
@@ -178,6 +178,15 @@
           expect { access_token }.to raise_error OpenIDConnect::Exception, 
'Unexpected Token Type: mac'
         end
       end
+
+      context 'when token_type is forced' do
+        before { client.force_token_type! :bearer }
+        it 'should use forced token_type' do
+          mock_json :post, client.token_endpoint, 
'access_token/without_token_type', request_header: header_params, params: 
protocol_params do
+            access_token.should be_a OpenIDConnect::AccessToken
+          end
+        end
+      end
     end
   end
-end
\ No newline at end of file
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/spec/openid_connect/discovery/provider/config_spec.rb 
new/spec/openid_connect/discovery/provider/config_spec.rb
--- old/spec/openid_connect/discovery/provider/config_spec.rb   2017-07-24 
06:25:09.000000000 +0200
+++ new/spec/openid_connect/discovery/provider/config_spec.rb   2018-02-27 
08:09:12.000000000 +0100
@@ -56,13 +56,33 @@
       end
     end
 
-    context 'when response include invalid issuer' do
-      it do
-        expect do
-          mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
-            OpenIDConnect::Discovery::Provider::Config.discover! provider
-          end
-        end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
+    describe 'when response include invalid issuer' do
+      context 'with normal configuration' do
+        it do
+          expect do
+            mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
+              OpenIDConnect::Discovery::Provider::Config.discover! provider
+            end
+          end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
+        end
+      end
+
+      context 'when issuer validation is disabled.' do
+        before :each do
+          OpenIDConnect.validate_discovery_issuer = false
+        end
+
+        after :each do
+          OpenIDConnect.validate_discovery_issuer = true
+        end
+
+        it do
+          expect do
+            mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
+              OpenIDConnect::Discovery::Provider::Config.discover! provider
+            end
+          end.not_to raise_error
+        end
       end
     end
 
@@ -76,4 +96,4 @@
       end
     end
   end
-end
\ No newline at end of file
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/spec/openid_connect/response_object/id_token_spec.rb 
new/spec/openid_connect/response_object/id_token_spec.rb
--- old/spec/openid_connect/response_object/id_token_spec.rb    2017-07-24 
06:25:09.000000000 +0200
+++ new/spec/openid_connect/response_object/id_token_spec.rb    2018-02-27 
08:09:12.000000000 +0100
@@ -19,7 +19,7 @@
   describe 'attributes' do
     subject { klass }
     its(:required_attributes) { should == [:iss, :sub, :aud, :exp, :iat] }
-    its(:optional_attributes) { should == [:acr, :auth_time, :nonce, :sub_jwk, 
:at_hash, :c_hash] }
+    its(:optional_attributes) { should == [:acr, :amr, :azp, :jti, :sid, 
:auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :events] }
 
     describe 'auth_time' do
       subject { id_token.auth_time }
@@ -315,4 +315,4 @@
     its(:sub_jwk) { should == sub_jwk}
     its(:subject) { should == sub_jwk.thumbprint }
   end
-end
\ No newline at end of file
+end


Reply via email to