Hello community,
here is the log from the commit of package rubygem-rack-oauth2 for
openSUSE:Factory checked in at 2020-10-05 19:32:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-oauth2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack-oauth2.new.4249 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-oauth2"
Mon Oct 5 19:32:51 2020 rev:11 rq:838068 version:1.16.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack-oauth2/rubygem-rack-oauth2.changes
2020-05-11 13:39:28.784881872 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-rack-oauth2.new.4249/rubygem-rack-oauth2.changes
2020-10-05 19:33:01.321175536 +0200
@@ -1,0 +2,6 @@
+Fri Sep 25 14:42:16 UTC 2020 - Stephan Kulow <[email protected]>
+
+updated to version 1.16.0
+ no changelog found
+
+-------------------------------------------------------------------
Old:
----
rack-oauth2-1.12.0.gem
New:
----
rack-oauth2-1.16.0.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack-oauth2.spec ++++++
--- /var/tmp/diff_new_pack.gpbZ7n/_old 2020-10-05 19:33:02.309179703 +0200
+++ /var/tmp/diff_new_pack.gpbZ7n/_new 2020-10-05 19:33:02.313179720 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-rack-oauth2
-Version: 1.12.0
+Version: 1.16.0
Release: 0
%define mod_name rack-oauth2
%define mod_full_name %{mod_name}-%{version}
++++++ rack-oauth2-1.12.0.gem -> rack-oauth2-1.16.0.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.travis.yml new/.travis.yml
--- old/.travis.yml 2020-03-25 09:56:53.000000000 +0100
+++ new/.travis.yml 2020-07-17 04:08:36.000000000 +0200
@@ -2,6 +2,6 @@
- gem install bundler
rvm:
- - 2.3.6
- - 2.4.3
- - 2.5.0
+ - 2.5.8
+ - 2.6.6
+ - 2.7.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.rdoc new/README.rdoc
--- old/README.rdoc 2020-03-25 09:56:53.000000000 +0100
+++ new/README.rdoc 2020-07-17 04:08:36.000000000 +0200
@@ -28,17 +28,11 @@
=== Bearer
-Running on Heroku
-https://rack-oauth2-sample.heroku.com
-
Source on GitHub
https://github.com/nov/rack-oauth2-sample
=== MAC
-Running on Heroku
-https://rack-oauth2-sample-mac.heroku.com
-
Source on GitHub
https://github.com/nov/rack-oauth2-sample-mac
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/VERSION new/VERSION
--- old/VERSION 2020-03-25 09:56:53.000000000 +0100
+++ new/VERSION 2020-07-17 04:08:36.000000000 +0200
@@ -1 +1 @@
-1.12.0
+1.16.0
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/oauth2/client.rb
new/lib/rack/oauth2/client.rb
--- old/lib/rack/oauth2/client.rb 2020-03-25 09:56:53.000000000 +0100
+++ new/lib/rack/oauth2/client.rb 2020-07-17 04:08:36.000000000 +0200
@@ -16,12 +16,12 @@
end
def authorization_uri(params = {})
+ params[:redirect_uri] ||= self.redirect_uri
params[:response_type] ||= :code
params[:response_type] = Array(params[:response_type]).join(' ')
params[:scope] = Array(params[:scope]).join(' ')
Util.redirect_uri absolute_uri_for(authorization_endpoint), :query,
params.merge(
- client_id: self.identifier,
- redirect_uri: self.redirect_uri
+ client_id: self.identifier
)
end
@@ -73,17 +73,20 @@
http_client = Rack::OAuth2.http_client
# NOTE:
- # Using Array#estract_options! for backward compatibility.
+ # Using Array#extract_options! for backward compatibility.
# Until v1.0.5, the first argument was 'client_auth_method' in scalar.
options = args.extract_options!
- client_auth_method = args.first || options.delete(:client_auth_method)
|| :basic
+ client_auth_method = args.first ||
options.delete(:client_auth_method).try(:to_sym) || :basic
params[:scope] = Array(options.delete(:scope)).join(' ') if
options[:scope].present?
params.merge! options
case client_auth_method
when :basic
- cred = ["#{identifier}:#{secret}"].pack('m').tr("\n", '')
+ cred = Base64.strict_encode64 [
+ Util.www_form_url_encode(identifier),
+ Util.www_form_url_encode(secret)
+ ].join(':')
headers.merge!(
'Authorization' => "Basic #{cred}"
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/oauth2/server/rails/response_ext.rb
new/lib/rack/oauth2/server/rails/response_ext.rb
--- old/lib/rack/oauth2/server/rails/response_ext.rb 2020-03-25
09:56:53.000000000 +0100
+++ new/lib/rack/oauth2/server/rails/response_ext.rb 2020-07-17
04:08:36.000000000 +0200
@@ -5,7 +5,7 @@
module ResponseExt
def redirect?
ensure_finish do
- @response.redirect?
+ super
end
end
@@ -17,7 +17,7 @@
def json
ensure_finish do
- @response.body
+ @body
end
end
@@ -39,7 +39,7 @@
end
def ensure_finish
- @status, @header, @response = finish unless finished?
+ @status, @header, @body = finish unless finished?
yield
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/oauth2/server/token.rb
new/lib/rack/oauth2/server/token.rb
--- old/lib/rack/oauth2/server/token.rb 2020-03-25 09:56:53.000000000 +0100
+++ new/lib/rack/oauth2/server/token.rb 2020-07-17 04:08:36.000000000 +0200
@@ -49,7 +49,9 @@
def initialize(env)
auth = Rack::Auth::Basic::Request.new(env)
if auth.provided? && auth.basic?
- @client_id, @client_secret = auth.credentials
+ @client_id, @client_secret = auth.credentials.map do |cred|
+ Util.www_form_url_decode cred
+ end
super
else
super
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/oauth2/urn.rb new/lib/rack/oauth2/urn.rb
--- old/lib/rack/oauth2/urn.rb 2020-03-25 09:56:53.000000000 +0100
+++ new/lib/rack/oauth2/urn.rb 2020-07-17 04:08:36.000000000 +0200
@@ -3,14 +3,14 @@
module URN
module TokenType
JWT = 'urn:ietf:params:oauth:token-type:jwt' #
RFC7519
- ACCESS_TOKEN = 'urn:ietf:params:oauth:token-type:access-token' #
draft-ietf-oauth-token-exchange
- REFRESH_TOKEN = 'urn:ietf:params:oauth:token-type:refresh-token' #
draft-ietf-oauth-token-exchange
+ ACCESS_TOKEN = 'urn:ietf:params:oauth:token-type:access_token' #
RFC8693
+ REFRESH_TOKEN = 'urn:ietf:params:oauth:token-type:refresh_token' #
RFC8693
end
module GrantType
JWT_BEARER = 'urn:ietf:params:oauth:grant-type:jwt-bearer' #
RFC7523
SAML2_BEARER = 'urn:ietf:params:oauth:grant-type:saml2-bearer' #
RFC7522
- TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange' #
draft-ietf-oauth-token-exchange
+ TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange' #
RFC8693
end
module ClientAssertionType
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/oauth2/util.rb new/lib/rack/oauth2/util.rb
--- old/lib/rack/oauth2/util.rb 2020-03-25 09:56:53.000000000 +0100
+++ new/lib/rack/oauth2/util.rb 2020-07-17 04:08:36.000000000 +0200
@@ -8,6 +8,14 @@
URI.encode(text, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
end
+ def www_form_url_encode(text)
+ URI.encode_www_form_component(text)
+ end
+
+ def www_form_url_decode(text)
+ URI.decode_www_form_component(text)
+ end
+
def base64_encode(text)
Base64.encode64(text).delete("\n")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2020-03-25 09:56:53.000000000 +0100
+++ new/metadata 2020-07-17 04:08:36.000000000 +0200
@@ -1,29 +1,29 @@
--- !ruby/object:Gem::Specification
name: rack-oauth2
version: !ruby/object:Gem::Version
- version: 1.12.0
+ version: 1.16.0
platform: ruby
authors:
- nov matake
autorequire:
bindir: bin
cert_chain: []
-date: 2020-03-25 00:00:00.000000000 Z
+date: 2020-07-17 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: rack
requirement: !ruby/object:Gem::Requirement
requirements:
- - - "<"
+ - - ">="
- !ruby/object:Gem::Version
- version: '2.1'
+ version: 2.1.0
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - - "<"
+ - - ">="
- !ruby/object:Gem::Version
- version: '2.1'
+ version: 2.1.0
- !ruby/object:Gem::Dependency
name: httpclient
requirement: !ruby/object:Gem::Requirement
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rack-oauth2.gemspec new/rack-oauth2.gemspec
--- old/rack-oauth2.gemspec 2020-03-25 09:56:53.000000000 +0100
+++ new/rack-oauth2.gemspec 2020-07-17 04:08:36.000000000 +0200
@@ -13,7 +13,7 @@
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f|
File.basename(f) }
s.files = `git ls-files`.split("\n")
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
- s.add_runtime_dependency 'rack', '< 2.1'
+ s.add_runtime_dependency 'rack', '>= 2.1.0'
s.add_runtime_dependency 'httpclient'
s.add_runtime_dependency 'activesupport'
s.add_runtime_dependency 'attr_required'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/rack/oauth2/client_spec.rb
new/spec/rack/oauth2/client_spec.rb
--- old/spec/rack/oauth2/client_spec.rb 2020-03-25 09:56:53.000000000 +0100
+++ new/spec/rack/oauth2/client_spec.rb 2020-07-17 04:08:36.000000000 +0200
@@ -1,10 +1,12 @@
require 'spec_helper.rb'
describe Rack::OAuth2::Client do
+ let(:client_id) { 'client_id' }
+ let(:client_secret) { 'client_secret' }
let :client do
Rack::OAuth2::Client.new(
- identifier: 'client_id',
- secret: 'client_secret',
+ identifier: client_id,
+ secret: client_secret,
host: 'server.example.com',
redirect_uri: 'https://client.example.com/callback'
)
@@ -97,6 +99,24 @@
client.access_token!
end
+ context 'when Basic auth method is used' do
+ context 'when client_id is a url' do
+ let(:client_id) { 'https://client.example.com'}
+
+ it 'should be encoded in "application/x-www-form-urlencoded"' do
+ mock_response(
+ :post,
+ 'https://server.example.com/oauth2/token',
+ 'tokens/bearer.json',
+ request_header: {
+ 'Authorization' => 'Basic
aHR0cHMlM0ElMkYlMkZjbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
+ }
+ )
+ client.access_token!
+ end
+ end
+ end
+
context 'when jwt_bearer auth method specified' do
context 'when client_secret is given' do
it 'should be JWT bearer client assertion w/ auto-generated
HS256-signed JWT assertion' do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/rack/oauth2/server/resource/error_spec.rb
new/spec/rack/oauth2/server/resource/error_spec.rb
--- old/spec/rack/oauth2/server/resource/error_spec.rb 2020-03-25
09:56:53.000000000 +0100
+++ new/spec/rack/oauth2/server/resource/error_spec.rb 2020-07-17
04:08:36.000000000 +0200
@@ -10,7 +10,7 @@
status, header, response = error.finish
status.should == 400
header['Content-Type'].should == 'application/json'
- response.body.should == ['{"error":"invalid_request"}']
+ response.should == ['{"error":"invalid_request"}']
end
end
end
@@ -44,7 +44,7 @@
status.should == 401
header['Content-Type'].should == 'application/json'
header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\",
error=\"invalid_token\""
- response.body.should == ['{"error":"invalid_token"}']
+ response.should == ['{"error":"invalid_token"}']
end
context 'when error_code is not invalid_token' do
@@ -53,7 +53,7 @@
it 'should have error_code in body but not in WWW-Authenticate header'
do
status, header, response = error_with_scheme.finish
header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
- response.body.first.should include '"error":"something"'
+ response.first.should include '"error":"something"'
end
end
@@ -63,7 +63,7 @@
it 'should have error_code in body but not in WWW-Authenticate header'
do
status, header, response = error_with_scheme.finish
header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
- response.body.first.should == '{"error":"unauthorized"}'
+ response.first.should == '{"error":"unauthorized"}'
end
end
@@ -74,7 +74,7 @@
it 'should use given realm' do
status, header, response = error_with_scheme.finish
header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
- response.body.first.should include '"error":"something"'
+ response.first.should include '"error":"something"'
end
end
end
@@ -91,7 +91,7 @@
status, header, response = error.finish
status.should == 403
header['Content-Type'].should == 'application/json'
- response.body.should == ['{"error":"insufficient_scope"}']
+ response.should == ['{"error":"insufficient_scope"}']
end
end
@@ -100,7 +100,7 @@
it 'should have blank WWW-Authenticate header' do
status, header, response = error.finish
- response.body.first.should include '"scope":"scope1 scope2"'
+ response.first.should include '"scope":"scope1 scope2"'
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/spec/rack/oauth2/server/token/client_credentials_spec.rb
new/spec/rack/oauth2/server/token/client_credentials_spec.rb
--- old/spec/rack/oauth2/server/token/client_credentials_spec.rb
2020-03-25 09:56:53.000000000 +0100
+++ new/spec/rack/oauth2/server/token/client_credentials_spec.rb
2020-07-17 04:08:36.000000000 +0200
@@ -4,14 +4,19 @@
let(:request) { Rack::MockRequest.new app }
let(:app) do
Rack::OAuth2::Server::Token.new do |request, response|
+ unless request.client_id == client_id && request.client_secret ==
client_secret
+ request.invalid_client!
+ end
response.access_token =
Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
end
end
+ let(:client_id) { 'client_id '}
+ let(:client_secret) { 'client_secret' }
let(:params) do
{
grant_type: 'client_credentials',
- client_id: 'client_id',
- client_secret: 'client_secret'
+ client_id: client_id,
+ client_secret: client_secret
}
end
subject { request.post('/', params: params) }
@@ -20,4 +25,29 @@
its(:content_type) { should == 'application/json' }
its(:body) { should include '"access_token":"access_token"' }
its(:body) { should include '"token_type":"bearer"' }
+
+ context 'basic auth' do
+ let(:params) do
+ { grant_type: 'client_credentials' }
+ end
+ let(:encoded_creds) do
+ Base64.strict_encode64([
+ Rack::OAuth2::Util.www_form_url_encode(client_id),
+ Rack::OAuth2::Util.www_form_url_encode(client_secret)
+ ].join(':'))
+ end
+ subject do
+ request.post('/',
+ {params: params, 'HTTP_AUTHORIZATION' => "Basic #{encoded_creds}"})
+ end
+
+ its(:status) { should == 200 }
+
+ context 'compliance with RFC6749 sec 2.3.1' do
+ let(:client_id) { 'client: yes/please!' }
+ let(:client_secret) { 'terrible:secret:of:space' }
+
+ its(:status) { should == 200 }
+ end
+ end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/rack/oauth2/server/token/error_spec.rb
new/spec/rack/oauth2/server/token/error_spec.rb
--- old/spec/rack/oauth2/server/token/error_spec.rb 2020-03-25
09:56:53.000000000 +0100
+++ new/spec/rack/oauth2/server/token/error_spec.rb 2020-07-17
04:08:36.000000000 +0200
@@ -10,7 +10,7 @@
status, header, response = error.finish
status.should == 400
header['Content-Type'].should == 'application/json'
- response.body.should == ['{"error":"invalid_request"}']
+ response.should == ['{"error":"invalid_request"}']
end
end
end
@@ -26,7 +26,7 @@
status.should == 401
header['Content-Type'].should == 'application/json'
header['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token
Endpoint"'
- response.body.should == ['{"error":"invalid_request"}']
+ response.should == ['{"error":"invalid_request"}']
end
end
end
@@ -74,4 +74,4 @@
end
end
end
-end
\ No newline at end of file
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/rack/oauth2/server/token_spec.rb
new/spec/rack/oauth2/server/token_spec.rb
--- old/spec/rack/oauth2/server/token_spec.rb 2020-03-25 09:56:53.000000000
+0100
+++ new/spec/rack/oauth2/server/token_spec.rb 2020-07-17 04:08:36.000000000
+0200
@@ -30,7 +30,7 @@
it 'should fail with unsupported_grant_type' do
status, header, response = app.call(env)
status.should == 400
- response.body.first.should include '"error":"invalid_request"'
+ response.first.should include '"error":"invalid_request"'
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/rack/oauth2/util_spec.rb
new/spec/rack/oauth2/util_spec.rb
--- old/spec/rack/oauth2/util_spec.rb 2020-03-25 09:56:53.000000000 +0100
+++ new/spec/rack/oauth2/util_spec.rb 2020-07-17 04:08:36.000000000 +0200
@@ -14,6 +14,16 @@
it { should == '%3D%2B%20.-%2F' }
end
+ describe '.www_form_url_encode' do
+ subject { util.www_form_url_encode '=+ .-/' }
+ it { should == '%3D%2B+.-%2F' }
+ end
+
+ describe '.www_form_urldecode' do
+ subject { util.www_form_url_decode '%3D%2B+.-%2F' }
+ it { should == '=+ .-/' }
+ end
+
describe '.base64_encode' do
subject { util.base64_encode '=+ .-/' }
it { should == 'PSsgLi0v' }
