From 11b8909634e78d7b90763fd62b6084dde131cfd5 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 1 Oct 2019 03:12:41 -0600 Subject: [PATCH 01/43] Default to latest Ruby --- .gitignore | 2 +- .ruby-version | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 36762cf9..6480a03a 100644 --- a/.gitignore +++ b/.gitignore @@ -16,4 +16,4 @@ rdoc/* /gemfiles/*.gemfile.lock # CI bundle -/gemfiles/vendor/ \ No newline at end of file +/gemfiles/vendor/ diff --git a/.ruby-version b/.ruby-version index 68b3a4cd..ec1cf33c 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -1.9.3-p551 +2.6.3 From 369d6514f73ba9a752156d6a66b01c233dee1472 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 1 Oct 2019 03:37:55 -0600 Subject: [PATCH 02/43] Cleanup CI --- .travis.yml | 6 ++++-- gemfiles/truffleruby.gemfile | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 gemfiles/truffleruby.gemfile diff --git a/.travis.yml b/.travis.yml index 79b25172..9538619d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,8 +30,7 @@ matrix: - rvm: jruby-head - rvm: ruby-head - rvm: truffleruby - - rvm: jruby-9.0 # targets MRI v2.0 - gemfile: gemfiles/jruby_9.0.gemfile + - rvm: jruby-9.0 fast_finish: true include: # - rvm: jruby-1.7 # targets MRI v1.9 @@ -40,6 +39,8 @@ matrix: gemfile: gemfiles/ruby_1.9.gemfile - rvm: 2.0 gemfile: gemfiles/ruby_2.0.gemfile + - rvm: jruby-9.0 # targets MRI v2.0 + gemfile: gemfiles/jruby_9.0.gemfile - rvm: 2.1 gemfile: gemfiles/ruby_2.1.gemfile # DEPRECATION WARNING @@ -64,5 +65,6 @@ matrix: - rvm: ruby-head gemfile: gemfiles/ruby_head.gemfile - rvm: truffleruby + gemfile: gemfiles/truffleruby.gemfile sudo: false diff --git a/gemfiles/truffleruby.gemfile b/gemfiles/truffleruby.gemfile new file mode 100644 index 00000000..a02c547f --- /dev/null +++ b/gemfiles/truffleruby.gemfile @@ -0,0 +1,3 @@ +source 'https://rubygems.org' + +gemspec :path => '../' From 06f5a0810ad5c6f6686a88cce0af755f29e9b0eb Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 1 Oct 2019 03:40:00 -0600 Subject: [PATCH 03/43] Prepare for 1.4.2 release --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fa957410..58796f91 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file. - no changes yet +## [1.4.2] - 2019-10-01 + +- [#478](https://github.com/oauth-xx/oauth2/pull/478) - support latest version of faraday & fix build (@pboling) + ## [1.4.1] - 2018-10-13 - [#417](https://github.com/oauth-xx/oauth2/pull/417) - update jwt dependency (@thewoolleyman) From 003a458331d8ed128d2449c5bfaaf558f40337c5 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 1 Oct 2019 03:44:44 -0600 Subject: [PATCH 04/43] document new Ruby support --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 58796f91..a1753d3d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file. ## [1.4.2] - 2019-10-01 - [#478](https://github.com/oauth-xx/oauth2/pull/478) - support latest version of faraday & fix build (@pboling) + - officially support Ruby 2.6 and truffleruby ## [1.4.1] - 2018-10-13 From 2a8e10a463290eb6dc9ab0f9fc22c49769f0dcac Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 1 Oct 2019 03:52:19 -0600 Subject: [PATCH 05/43] Update support matrix --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 77054ded..06140a83 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ requests for tokens for any Authentication grant type. This library aims to support and is [tested against][travis] the following Ruby implementations: -### Rubies with support ending at Oauth2 2.x +### Rubies with support ending at Oauth2 1.x * Ruby 1.9.3 * Ruby 2.0.0 @@ -145,13 +145,16 @@ implementations: * Ruby 2.3 - Support through version 3.x series * Ruby 2.4 * Ruby 2.5 +* Ruby 2.6 * [JRuby 9.1][jruby-9.1] (targets MRI v2.3) * [JRuby 9.2][jruby-9.2] (targets MRI v2.5) +* [truffleruby][truffleruby] (targets MRI 2.5) [jruby-1.7]: https://www.jruby.org/2017/05/11/jruby-1-7-27.html [jruby-9.0]: https://www.jruby.org/2016/01/26/jruby-9-0-5-0.html [jruby-9.1]: https://www.jruby.org/2017/05/16/jruby-9-1-9-0.html [jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html +[truffleruby]: https://github.com/oracle/truffleruby If something doesn't work on one of these interpreters, it's a bug. From a71cd2e003763014370bfee7e1d1a44a54ca4390 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 1 Oct 2019 03:56:19 -0600 Subject: [PATCH 06/43] Fix support matrix to include continued support for Ruby 2.2 --- README.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 06140a83..fe8f83c8 100644 --- a/README.md +++ b/README.md @@ -132,23 +132,24 @@ implementations: ### Rubies with support ending at Oauth2 1.x * Ruby 1.9.3 + - [JRuby 1.7][jruby-1.7] (targets MRI v1.9) + * Ruby 2.0.0 + - [JRuby 9.0][jruby-9.0] (targets MRI v2.0) * Ruby 2.1 -* Ruby 2.2 -* [JRuby 1.7][jruby-1.7] (targets MRI v1.9) -* [JRuby 9.0][jruby-9.0] (targets MRI v2.0) --- ### Rubies with continued support past Oauth2 2.x -* Ruby 2.3 - Support through version 3.x series -* Ruby 2.4 -* Ruby 2.5 -* Ruby 2.6 -* [JRuby 9.1][jruby-9.1] (targets MRI v2.3) -* [JRuby 9.2][jruby-9.2] (targets MRI v2.5) -* [truffleruby][truffleruby] (targets MRI 2.5) +* Ruby 2.2 - Support ends with version 2.x series +* Ruby 2.3 - Support ends with version 3.x series + - [JRuby 9.1][jruby-9.1] (targets MRI v2.3) +* Ruby 2.4 - Support ends with version 4.x series +* Ruby 2.5 - Support ends with version 5.x series + - [JRuby 9.2][jruby-9.2] (targets MRI v2.5) + - [truffleruby][truffleruby] (targets MRI 2.5) +* Ruby 2.6 - Support ends with version 6.x series [jruby-1.7]: https://www.jruby.org/2017/05/11/jruby-1-7-27.html [jruby-9.0]: https://www.jruby.org/2016/01/26/jruby-9-0-5-0.html From 889bced24bd398d1a3962c349c0ae0b1ca314185 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 1 Oct 2019 04:03:05 -0600 Subject: [PATCH 07/43] Bump version --- lib/oauth2/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 6b63a98c..1cdc1cd6 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -20,7 +20,7 @@ def minor # # @return [Integer] def patch - 1 + 2 end # The pre-release version, if any From 0fbb930e6faeb71d0d11f8700c311a36b2ec791f Mon Sep 17 00:00:00 2001 From: Peter Boling <45861765+galtzo@users.noreply.github.com> Date: Tue, 1 Oct 2019 10:32:59 -0600 Subject: [PATCH 08/43] Link for 1.4.1...1.4.2 changeset --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a1753d3d..b718811c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -141,4 +141,5 @@ All notable changes to this project will be documented in this file. [1.3.1]: https://github.com/oauth-xx/oauth2/compare/v1.3.0...v1.3.1 [1.4.0]: https://github.com/oauth-xx/oauth2/compare/v1.3.1...v1.4.0 [1.4.1]: https://github.com/oauth-xx/oauth2/compare/v1.4.0...v1.4.1 +[1.4.2]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...v1.4.2 [unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...HEAD From 0bb94ba09945b137ca72048cd1cdf5ff10a157fa Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 1 Oct 2019 10:46:12 -0600 Subject: [PATCH 09/43] Update intridea links to oauth-xx --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fe8f83c8..870227a9 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [![Total Downloads](https://img.shields.io/gem/dt/oauth2.svg)][gem] [![Downloads Today](https://img.shields.io/gem/rt/oauth2.svg)][gem] [![Build Status](https://travis-ci.org/oauth-xx/oauth2.svg?branch=1-4-stable)][travis] -[![Coverage Status](http://img.shields.io/coveralls/intridea/oauth2.svg)][coveralls] +[![Coverage Status](http://img.shields.io/coveralls/oauth-xx/oauth2.svg)][coveralls] [![Maintainability](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability)][codeclimate-maintainability] [![Depfu](https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg)][depfu] [![Open Source Helpers](https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg)][code-triage] From 197e1e76af15e251f0be6e879b878c4fa116f413 Mon Sep 17 00:00:00 2001 From: Stephen Reid Date: Mon, 27 Jan 2020 14:55:33 +0000 Subject: [PATCH 10/43] add support for private_key_jwt and tls_client_auth fix incorrect assertion in authenticator_spec updates expected debugging output to include INFO instead of DEBUG reduces specificity of test on debug output to allow for the difference between ruby versions corrects text for authenticator_spec Updates comments in authenticator to reflect apply_client_id not being used for private_key_jwt --- lib/oauth2/authenticator.rb | 10 ++++++++++ spec/oauth2/authenticator_spec.rb | 18 ++++++++++++++++++ spec/oauth2/client_spec.rb | 6 +++--- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/lib/oauth2/authenticator.rb b/lib/oauth2/authenticator.rb index ce627920..6194b837 100644 --- a/lib/oauth2/authenticator.rb +++ b/lib/oauth2/authenticator.rb @@ -25,6 +25,10 @@ def apply(params) apply_basic_auth(params) when :request_body apply_params_auth(params) + when :tls_client_auth + apply_client_id(params) + when :private_key_jwt + params else raise NotImplementedError end @@ -42,6 +46,12 @@ def apply_params_auth(params) {'client_id' => id, 'client_secret' => secret}.merge(params) end + # When using schemes that don't require the client_secret to be passed i.e TLS Client Auth, + # we don't want to send the secret + def apply_client_id(params) + { 'client_id' => id }.merge(params) + end + # Adds an `Authorization` header with Basic Auth credentials if and only if # it is not already set in the params. def apply_basic_auth(params) diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index 49838da3..e4d60482 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -38,6 +38,24 @@ :headers => {'A' => 'b'} ) end + + context 'using tls client authentication' do + let(:mode) { :tls_client_auth } + + it 'does not add client_secret' do + output = subject.apply({}) + expect(output).to eq('client_id' => 'foo') + end + end + + context 'using private key jwt authentication' do + let(:mode) { :private_key_jwt } + + it 'does not add client_secret or client_id' do + output = subject.apply({}) + expect(output).to eq({}) + end + end end context 'with Basic authentication' do diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 464a5b5a..62cb4ec2 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -251,9 +251,9 @@ subject.request(:get, '/success') end logs = [ - 'INFO -- request: GET https://api.example.com/success', - 'INFO -- response: Status 200', - 'DEBUG -- response: Content-Type: "text/awesome"' + '-- request: GET https://api.example.com/success', + '-- response: Status 200', + '-- response: Content-Type: "text/awesome"' ] expect(output).to include(*logs) end From 376b7ff9d22a1dc9a19996009e1ef84bda41d470 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 28 Jan 2020 15:23:59 -0800 Subject: [PATCH 11/43] Switch to latest Ruby for local dev --- .ruby-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ruby-version b/.ruby-version index ec1cf33c..24ba9a38 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.6.3 +2.7.0 From e091c5d63aa6c38fc72abf1f60bc4bc3888ed079 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 28 Jan 2020 22:11:53 -0800 Subject: [PATCH 12/43] Add Ruby 2.7.0 to build --- .travis.yml | 2 ++ gemfiles/ruby_2.7.gemfile | 9 +++++++++ 2 files changed, 11 insertions(+) create mode 100644 gemfiles/ruby_2.7.gemfile diff --git a/.travis.yml b/.travis.yml index 9538619d..ba251e56 100644 --- a/.travis.yml +++ b/.travis.yml @@ -60,6 +60,8 @@ matrix: gemfile: gemfiles/ruby_2.5.gemfile - rvm: 2.6 gemfile: gemfiles/ruby_2.6.gemfile + - rvm: 2.7 + gemfile: gemfiles/ruby_2.7.gemfile - rvm: jruby-head gemfile: gemfiles/jruby_head.gemfile - rvm: ruby-head diff --git a/gemfiles/ruby_2.7.gemfile b/gemfiles/ruby_2.7.gemfile new file mode 100644 index 00000000..822e2f2c --- /dev/null +++ b/gemfiles/ruby_2.7.gemfile @@ -0,0 +1,9 @@ +source 'https://rubygems.org' + +group :development do + gem 'pry' + gem 'byebug' + gem 'pry-byebug' +end + +gemspec :path => '../' From e74cb519c59eeac09efb3f469af544d3b39350f9 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 28 Jan 2020 23:00:07 -0800 Subject: [PATCH 13/43] Add CodeClimate test reporter --- .travis.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.travis.yml b/.travis.yml index ba251e56..6c42320f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,10 +19,23 @@ before_install: gem install --no-document bundler "bundler:>=2.0" fi +before_script: + - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter + - chmod +x ./cc-test-reporter + - ./cc-test-reporter before-build + +after_script: + - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT + bundler_args: --no-deployment --jobs 3 --retry 3 cache: bundler +env: + global: + - JRUBY_OPTS="$JRUBY_OPTS -Xcli.debug=true --debug" + - CC_TEST_REPORTER_ID=29caf9cf27d27ae609c088feb9d4ba34460f7a39251f2e8615c9a16f3075530e + language: ruby matrix: From 230a6079b9c0c135c8fd005fda61c267b324dd3d Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 28 Jan 2020 23:05:44 -0800 Subject: [PATCH 14/43] Allow jruby-9.2 to fail because it fails to download constantly --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 6c42320f..53dd0e49 100644 --- a/.travis.yml +++ b/.travis.yml @@ -44,6 +44,7 @@ matrix: - rvm: ruby-head - rvm: truffleruby - rvm: jruby-9.0 + - rvm: jruby-9.2 # jruby-9.2 often fails to download, thus failing the build. fast_finish: true include: # - rvm: jruby-1.7 # targets MRI v1.9 From 1d9a3d8d84d45e419b8ba65557c94ee8c2ba00e0 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Tue, 28 Jan 2020 23:11:45 -0800 Subject: [PATCH 15/43] New code coverage badge --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 870227a9..dfa70295 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [![Total Downloads](https://img.shields.io/gem/dt/oauth2.svg)][gem] [![Downloads Today](https://img.shields.io/gem/rt/oauth2.svg)][gem] [![Build Status](https://travis-ci.org/oauth-xx/oauth2.svg?branch=1-4-stable)][travis] -[![Coverage Status](http://img.shields.io/coveralls/oauth-xx/oauth2.svg)][coveralls] +[![Test Coverage](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage)][codeclimate-coverage] [![Maintainability](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability)][codeclimate-maintainability] [![Depfu](https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg)][depfu] [![Open Source Helpers](https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg)][code-triage] @@ -16,6 +16,7 @@ [travis]: http://travis-ci.org/oauth-xx/oauth2 [coveralls]: https://coveralls.io/r/oauth-xx/oauth2 [codeclimate-maintainability]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability +[codeclimate-coverage]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage [depfu]: https://depfu.com/github/oauth-xx/oauth2 [source-license]: https://opensource.org/licenses/MIT [inch-ci]: http://inch-ci.org/github/oauth-xx/oauth2 From fa95a44884aaf00cba0dbfaff7450437e73591de Mon Sep 17 00:00:00 2001 From: asm__ <660363+asm256@users.noreply.github.com> Date: Thu, 15 Nov 2018 17:00:36 +0900 Subject: [PATCH 16/43] spec #432 --- spec/oauth2/access_token_spec.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index ad53b2ac..50dd660e 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -12,6 +12,7 @@ VERBS.each do |verb| stub.send(verb, '/token/header') { |env| [200, {}, env[:request_headers]['Authorization']] } stub.send(verb, "/token/query?access_token=#{token}") { |env| [200, {}, Addressable::URI.parse(env[:url]).query_values['access_token']] } + stub.send(verb, '/token/query_string') { |env| [200, {}, CGI.unescape(Addressable::URI.parse(env[:url]).query)] } stub.send(verb, '/token/body') { |env| [200, {}, env[:body]] } end stub.post('/oauth/token') { |env| [200, {'Content-Type' => 'application/json'}, refresh_body] } @@ -101,6 +102,11 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize it "sends the token in the Authorization header for a #{verb.to_s.upcase} request" do expect(subject.post('/token/query').body).to eq(token) end + + it "sends a #{verb.to_s.upcase} request and options[:param_name] include [number]." do + subject.options[:param_name] = 'auth[1]' + expect(subject.__send__(verb, '/token/query_string').body).to include("auth[1]=#{token}") + end end end @@ -115,6 +121,14 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end end end + + context "params include [number]" do + VERBS.each do |verb| + it "sends #{verb.to_s.upcase} correct query" do + expect(subject.__send__(verb, '/token/query_string', :params => {'foo[bar][1]' => 'val'}).body).to include('foo[bar][1]=val') + end + end + end end describe '#expires?' do From d8c7005574d4cb36c3b0970f61aca0f4340e205b Mon Sep 17 00:00:00 2001 From: asm__ <660363+asm256@users.noreply.github.com> Date: Thu, 15 Nov 2018 17:27:07 +0900 Subject: [PATCH 17/43] fix OAuth2::Client#request If field name with brackets and numbers in params options, request will send an incorrect query. --- lib/oauth2/client.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 356f93e7..b3780223 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -94,9 +94,10 @@ def token_url(params = nil) def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, MethodLength, Metrics/AbcSize connection.response :logger, ::Logger.new($stdout) if ENV['OAUTH_DEBUG'] == 'true' - url = connection.build_url(url, opts[:params]).to_s + url = connection.build_url(url).to_s response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req| + req.params.update(opts[:params]) if opts[:params] yield(req) if block_given? end response = Response.new(response, :parse => opts[:parse]) @@ -130,7 +131,7 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method # @param [Hash] params a Hash of params for the token endpoint # @param [Hash] access token options, to pass to the AccessToken object # @param [Class] class of access token for easier subclassing OAuth2::AccessToken - # @return [AccessToken] the initalized AccessToken + # @return [AccessToken] the initialized AccessToken def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength params = Authenticator.new(id, secret, options[:auth_scheme]).apply(params) opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)} From cf8d08202779a0d8af8d72132891c44abb7886f7 Mon Sep 17 00:00:00 2001 From: asm__ <660363+asm256@users.noreply.github.com> Date: Thu, 15 Nov 2018 17:54:02 +0900 Subject: [PATCH 18/43] shaping code --- spec/oauth2/access_token_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 50dd660e..b2743aed 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -122,7 +122,7 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end end - context "params include [number]" do + context 'params include [number]' do VERBS.each do |verb| it "sends #{verb.to_s.upcase} correct query" do expect(subject.__send__(verb, '/token/query_string', :params => {'foo[bar][1]' => 'val'}).body).to include('foo[bar][1]=val') From fc7c36c86c29eabc5c01c7601b08a2b51a2dfd78 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 29 Jan 2020 00:18:42 -0800 Subject: [PATCH 19/43] jruby 9.1 often fails to download --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 53dd0e49..6c65fe29 100644 --- a/.travis.yml +++ b/.travis.yml @@ -44,6 +44,7 @@ matrix: - rvm: ruby-head - rvm: truffleruby - rvm: jruby-9.0 + - rvm: jruby-9.1 # jruby-9.1 often fails to download, thus failing the build. - rvm: jruby-9.2 # jruby-9.2 often fails to download, thus failing the build. fast_finish: true include: From 6a177a33f265d547e6cc1fc7b62e18d725322a9f Mon Sep 17 00:00:00 2001 From: Orien Madgwick <_@orien.io> Date: Sat, 5 Oct 2019 10:34:30 +1000 Subject: [PATCH 20/43] Add project metadata to the gemspec As per https://guides.rubygems.org/specification-reference/#metadata, add metadata to the gemspec file. This'll allow people to more easily access the source code, raise issues and read the changelog. These `bug_tracker_uri`, `changelog_uri`, `documentation_uri`, `wiki_uri` and `source_code_uri` links will appear on the rubygems page at https://rubygems.org/gems/oauth2 and be available via the rubygems API after the next release. --- oauth2.gemspec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/oauth2.gemspec b/oauth2.gemspec index be52c417..1e8b8aa1 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -22,6 +22,14 @@ Gem::Specification.new do |spec| spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' spec.version = OAuth2::Version + spec.metadata = { + 'bug_tracker_uri' => 'https://github.com/oauth-xx/oauth2/issues', + 'changelog_uri' => "https://github.com/oauth-xx/oauth2/blob/v#{spec.version}/CHANGELOG.md", + 'documentation_uri' => "https://www.rubydoc.info/gems/oauth2/#{spec.version}", + 'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}", + 'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki' + } + spec.require_paths = %w[lib] spec.bindir = 'exe' spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } From aac36d692df3a9dc9aab1895c26c48a2e846bc77 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 29 Jan 2020 00:40:54 -0800 Subject: [PATCH 21/43] Prepare for 1.4.3 release --- CHANGELOG.md | 7 +++++++ README.md | 1 + 2 files changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b718811c..8228331a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. - no changes yet +## [1.4.3] - 2020-01-29 + +- [#483](https://github.com/oauth-xx/oauth2/pull/483) - add project metadata to gemspec (@orien) +- [#495](https://github.com/oauth-xx/oauth2/pull/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) + - Adds support for private_key_jwt and tls_client_auth + ## [1.4.2] - 2019-10-01 - [#478](https://github.com/oauth-xx/oauth2/pull/478) - support latest version of faraday & fix build (@pboling) @@ -142,4 +148,5 @@ All notable changes to this project will be documented in this file. [1.4.0]: https://github.com/oauth-xx/oauth2/compare/v1.3.1...v1.4.0 [1.4.1]: https://github.com/oauth-xx/oauth2/compare/v1.4.0...v1.4.1 [1.4.2]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...v1.4.2 +[1.4.3]: https://github.com/oauth-xx/oauth2/compare/v1.4.2...v1.4.3 [unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...HEAD diff --git a/README.md b/README.md index dfa70295..bbc568e0 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,7 @@ implementations: - [JRuby 9.2][jruby-9.2] (targets MRI v2.5) - [truffleruby][truffleruby] (targets MRI 2.5) * Ruby 2.6 - Support ends with version 6.x series +* Ruby 2.7 - Support ends with version 7.x series [jruby-1.7]: https://www.jruby.org/2017/05/11/jruby-1-7-27.html [jruby-9.0]: https://www.jruby.org/2016/01/26/jruby-9-0-5-0.html From cb4619c57c07c0f78c3e2136511e51f1ea24a2c8 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 29 Jan 2020 00:43:29 -0800 Subject: [PATCH 22/43] Prepare for 1.4.3 release --- README.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bbc568e0..53e9d1ee 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,20 @@ # OAuth2 +If you need the readme for a released version of the gem please find it below: + +| Version | Release Date | Readme | +|----------|--------------|----------------------------------------------------------| +| 1.4.3 | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md | +| 1.4.2 | Oct 1, 2019 | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md | +| 1.4.1 | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md | +| 1.4.0 | Jun 9, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md | +| 1.3.1 | Mar 3, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.3.1/README.md | +| 1.3.0 | Dec 27, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.3.0/README.md | +| 1.2.0 | Jun 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.2.0/README.md | +| 1.1.0 | Jan 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.1.0/README.md | +| 1.0.0 | May 23, 2014 | https://github.com/oauth-xx/oauth2/blob/v1.0.0/README.md | +| < 1.0.0 | Find here | https://github.com/oauth-xx/oauth2/tags | + [![Gem Version](http://img.shields.io/gem/v/oauth2.svg)][gem] [![Total Downloads](https://img.shields.io/gem/dt/oauth2.svg)][gem] [![Downloads Today](https://img.shields.io/gem/rt/oauth2.svg)][gem] @@ -21,6 +36,7 @@ [source-license]: https://opensource.org/licenses/MIT [inch-ci]: http://inch-ci.org/github/oauth-xx/oauth2 [code-triage]: https://www.codetriage.com/oauth-xx/oauth2 +[fossa1]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield A Ruby wrapper for the [OAuth 2.0 specification][oauth2-spec]. @@ -50,7 +66,7 @@ Or install it yourself as: [code]: https://github.com/oauth-xx/oauth2 [issues]: https://github.com/oauth-xx/oauth2/issues -[wiki]: https://github.com/oauth-xx/oauth2/wiki +[wiki]: https://wiki.github.com/oauth-xx/oauth2 ## Usage Examples @@ -67,6 +83,7 @@ response.class.name # => OAuth2::Response ``` ## OAuth2::Response + The AccessToken methods #get, #post, #put and #delete and the generic #request will return an instance of the #OAuth2::Response class. @@ -79,12 +96,14 @@ The original response body, headers, and status can be accessed via their respective methods. ## OAuth2::AccessToken + If you have an existing Access Token for a user, you can initialize an instance using various class methods including the standard new, from_hash (if you have a hash of the values), or from_kvform (if you have an application/x-www-form-urlencoded encoded string of the values). ## OAuth2::Error + On 400+ status code responses, an OAuth2::Error will be raised. If it is a standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and error_description parameters. The #response property of OAuth2::Error will @@ -96,6 +115,7 @@ instance will be returned as usual and on 400+ status code responses, the Response instance will contain the OAuth2::Error instance. ## Authorization Grants + Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion authentication grant types have helper strategy classes that simplify client use. They are available via the #auth_code, #implicit, #password, #client_credentials, and #assertion methods respectively. From 6e4c179285ee9ba2516a6724b59289d7deefb0aa Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 29 Jan 2020 00:58:38 -0800 Subject: [PATCH 23/43] Correct unreleased version number --- lib/oauth2/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 1cdc1cd6..9b02e785 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -20,7 +20,7 @@ def minor # # @return [Integer] def patch - 2 + 3 end # The pre-release version, if any From 32b7084efe1fcfe5b49a892dbcaff28036797adc Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 5 Feb 2020 19:10:35 -0800 Subject: [PATCH 24/43] Document fix included in 1.4.3 release - [#433](https://github.com/oauth-xx/oauth2/pull/433) - allow field names with square brackets and numbers in params (@asm256) --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8228331a..b02ed346 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ All notable changes to this project will be documented in this file. - [#483](https://github.com/oauth-xx/oauth2/pull/483) - add project metadata to gemspec (@orien) - [#495](https://github.com/oauth-xx/oauth2/pull/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) - Adds support for private_key_jwt and tls_client_auth +- [#433](https://github.com/oauth-xx/oauth2/pull/433) - allow field names with square brackets and numbers in params (@asm256) ## [1.4.2] - 2019-10-01 From 8a2bd99c05cec80276614b5f10d7798d0f880da7 Mon Sep 17 00:00:00 2001 From: Lomey Date: Tue, 11 Sep 2018 22:11:08 +0300 Subject: [PATCH 25/43] Fixed epires_at for formatted time --- lib/oauth2/access_token.rb | 9 ++++++++- spec/oauth2/access_token_spec.rb | 4 +++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 1b178390..2156753d 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -46,7 +46,7 @@ def initialize(client, token, opts = {}) # rubocop:disable Metrics/AbcSize end @expires_in ||= opts.delete('expires') @expires_in &&= @expires_in.to_i - @expires_at &&= @expires_at.to_i + @expires_at &&= convert_expires_at(@expires_at) @expires_at ||= Time.now.to_i + @expires_in if @expires_in @options = {:mode => opts.delete(:mode) || :header, :header_format => opts.delete(:header_format) || 'Bearer %s', @@ -169,5 +169,12 @@ def configure_authentication!(opts) # rubocop:disable MethodLength, Metrics/AbcS raise("invalid :mode option of #{options[:mode]}") end end + + def convert_expires_at(expires_at) + expires_at_i = expires_at.to_i + return expires_at_i if expires_at_i > Time.now.utc.to_i + return Time.parse(expires_at).to_i if expires_at.is_a?(String) + expires_at_i + end end end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index b2743aed..cb3f45f3 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -73,10 +73,12 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize end it 'initializes with a string expires_at' do - hash = {:access_token => token, :expires_at => '1361396829', 'foo' => 'bar'} + future = Time.now.utc + 100_000 + hash = {:access_token => token, :expires_at => future.iso8601, 'foo' => 'bar'} target = described_class.from_hash(client, hash) assert_initialized_token(target) expect(target.expires_at).to be_a(Integer) + expect(target.expires_at).to eql(future.to_i) end end From de05368a3ac825496a6b8126412c84db8d760429 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 12 Feb 2020 16:03:55 -0800 Subject: [PATCH 26/43] CHANGELOG for 1.4.4 release --- CHANGELOG.md | 4 ++++ README.md | 1 + 2 files changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b02ed346..e8303128 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file. - no changes yet +## [1.4.4] - 2020-02-12 + +- [#408](https://github.com/oauth-xx/oauth2/pull/408) - Fixed expires_at for formatted time (@Lomey) + ## [1.4.3] - 2020-01-29 - [#483](https://github.com/oauth-xx/oauth2/pull/483) - add project metadata to gemspec (@orien) diff --git a/README.md b/README.md index 53e9d1ee..55ea4d88 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ If you need the readme for a released version of the gem please find it below: | Version | Release Date | Readme | |----------|--------------|----------------------------------------------------------| +| 1.4.4 | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md | | 1.4.3 | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md | | 1.4.2 | Oct 1, 2019 | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md | | 1.4.1 | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md | From cb8eca28ec8b831833199cb4e60014cfc0bc4ac0 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Wed, 12 Feb 2020 16:04:09 -0800 Subject: [PATCH 27/43] Update version to 1.4.4 --- lib/oauth2/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 9b02e785..684cdcfc 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -20,7 +20,7 @@ def minor # # @return [Integer] def patch - 3 + 4 end # The pre-release version, if any From edb9fb9837a14143fddc5498da2c69e571754ef1 Mon Sep 17 00:00:00 2001 From: An Vo Date: Wed, 1 Jul 2020 02:38:25 +0700 Subject: [PATCH 28/43] Fix missing custom headers in get_token (#512) * Add test and work around for #498 - lost custom headers * Remove activesupport. Patch string headers in get_token * Introduce special param keys * Replace .transform_keys by .map for older version of ruby --- lib/oauth2/client.rb | 12 +++++++- spec/oauth2/client_spec.rb | 62 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 1 deletion(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index b3780223..b715e2d0 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -4,6 +4,8 @@ module OAuth2 # The OAuth2::Client class class Client # rubocop:disable Metrics/ClassLength + RESERVED_PARAM_KEYS = ['headers', 'parse'].freeze + attr_reader :id, :secret, :site attr_accessor :options attr_writer :connection @@ -132,7 +134,15 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method # @param [Hash] access token options, to pass to the AccessToken object # @param [Class] class of access token for easier subclassing OAuth2::AccessToken # @return [AccessToken] the initialized AccessToken - def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength + def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity + params = params.map do |key, value| + if RESERVED_PARAM_KEYS.include?(key) + [key.to_sym, value] + else + [key, value] + end + end.to_h + params = Authenticator.new(id, secret, options[:auth_scheme]).apply(params) opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)} headers = params.delete(:headers) || {} diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 62cb4ec2..f045e044 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -157,6 +157,68 @@ client.auth_code.get_token('code') end end + + describe 'custom headers' do + context 'string key headers' do + it 'adds the custom headers to request' do + client = described_class.new('abc', 'def', :site => 'https://api.example.com', :auth_scheme => :request_body) do |builder| + builder.adapter :test do |stub| + stub.post('/oauth/token') do |env| + expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) + [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + end + end + end + header_params = {'headers' => { 'CustomHeader' => 'CustomHeader' }} + client.auth_code.get_token('code', header_params) + end + end + + context 'symbol key headers' do + it 'adds the custom headers to request' do + client = described_class.new('abc', 'def', :site => 'https://api.example.com', :auth_scheme => :request_body) do |builder| + builder.adapter :test do |stub| + stub.post('/oauth/token') do |env| + expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) + [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + end + end + end + header_params = {headers: { 'CustomHeader' => 'CustomHeader' }} + client.auth_code.get_token('code', header_params) + end + end + + context 'string key custom headers with basic auth' do + it 'adds the custom headers to request' do + client = described_class.new('abc', 'def', :site => 'https://api.example.com') do |builder| + builder.adapter :test do |stub| + stub.post('/oauth/token') do |env| + expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) + [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + end + end + end + header_params = {'headers' => { 'CustomHeader' => 'CustomHeader' }} + client.auth_code.get_token('code', header_params) + end + end + + context 'symbol key custom headers with basic auth' do + it 'adds the custom headers to request' do + client = described_class.new('abc', 'def', :site => 'https://api.example.com') do |builder| + builder.adapter :test do |stub| + stub.post('/oauth/token') do |env| + expect(env.request_headers).to include({'CustomHeader' => 'CustomHeader'}) + [200, {'Content-Type' => 'application/json'}, '{"access_token":"token"}'] + end + end + end + header_params = {headers: { 'CustomHeader' => 'CustomHeader' }} + client.auth_code.get_token('code', header_params) + end + end + end end describe '#request' do From b06688a76e3f3d7e54e3442a6c0e3c79d0b5cba1 Mon Sep 17 00:00:00 2001 From: anvox Date: Wed, 1 Jul 2020 13:56:47 +0700 Subject: [PATCH 29/43] Use Hash[] for compatible back with ruby <= 2.0 --- lib/oauth2/client.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index b715e2d0..7c38e35a 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -141,7 +141,8 @@ def get_token(params, access_token_opts = {}, access_token_class = AccessToken) else [key, value] end - end.to_h + end + params = Hash[params] params = Authenticator.new(id, secret, options[:auth_scheme]).apply(params) opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)} From d6e0598b2108e2c3a65bde173ab291baf8d34310 Mon Sep 17 00:00:00 2001 From: Jon Palmer <328224+jonspalmer@users.noreply.github.com> Date: Thu, 16 Jul 2020 14:47:58 -0400 Subject: [PATCH 30/43] Add extract_access_token option to OAuth2::Client (#518) --- lib/oauth2/access_token.rb | 1 + lib/oauth2/client.rb | 59 ++++++++++++++----- spec/oauth2/client_spec.rb | 116 +++++++++++++++++++++++++++++++++++++ 3 files changed, 161 insertions(+), 15 deletions(-) diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 2156753d..656eccba 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -3,6 +3,7 @@ class AccessToken attr_reader :client, :token, :expires_in, :expires_at, :params attr_accessor :options, :refresh_token + # Should these methods be deprecated? class << self # Initializes an AccessToken from a Hash # diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 7c38e35a..eb354a45 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -4,7 +4,7 @@ module OAuth2 # The OAuth2::Client class class Client # rubocop:disable Metrics/ClassLength - RESERVED_PARAM_KEYS = ['headers', 'parse'].freeze + RESERVED_PARAM_KEYS = %w[headers parse].freeze attr_reader :id, :secret, :site attr_accessor :options @@ -25,8 +25,8 @@ class Client # rubocop:disable Metrics/ClassLength # @option opts [Symbol] :auth_scheme (:basic_auth) HTTP method to use to authorize request (:basic_auth or :request_body) # @option opts [Hash] :connection_opts ({}) Hash of connection options to pass to initialize Faraday with # @option opts [FixNum] :max_redirects (5) maximum number of redirects to follow - # @option opts [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error - # on responses with 400+ status codes + # @option opts [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error on responses with 400+ status codes + # @option opts [Proc] :extract_access_token proc that extracts the access token from the response # @yield [builder] The Faraday connection builder def initialize(client_id, client_secret, options = {}, &block) opts = options.dup @@ -34,14 +34,18 @@ def initialize(client_id, client_secret, options = {}, &block) @secret = client_secret @site = opts.delete(:site) ssl = opts.delete(:ssl) - @options = {:authorize_url => '/oauth/authorize', - :token_url => '/oauth/token', - :token_method => :post, - :auth_scheme => :request_body, - :connection_opts => {}, - :connection_build => block, - :max_redirects => 5, - :raise_errors => true}.merge(opts) + + @options = { + :authorize_url => '/oauth/authorize', + :token_url => '/oauth/token', + :token_method => :post, + :auth_scheme => :request_body, + :connection_opts => {}, + :connection_build => block, + :max_redirects => 5, + :raise_errors => true, + :extract_access_token => DEFAULT_EXTRACT_ACCESS_TOKEN + }.merge(opts) @options[:connection_opts][:ssl] = ssl if ssl end @@ -93,7 +97,7 @@ def token_url(params = nil) # code response for this request. Will default to client option # @option opts [Symbol] :parse @see Response::initialize # @yield [req] The Faraday request - def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, MethodLength, Metrics/AbcSize + def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity connection.response :logger, ::Logger.new($stdout) if ENV['OAUTH_DEBUG'] == 'true' url = connection.build_url(url).to_s @@ -134,7 +138,7 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method # @param [Hash] access token options, to pass to the AccessToken object # @param [Class] class of access token for easier subclassing OAuth2::AccessToken # @return [AccessToken] the initialized AccessToken - def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity + def get_token(params, access_token_opts = {}, extract_access_token = options[:extract_access_token]) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity params = params.map do |key, value| if RESERVED_PARAM_KEYS.include?(key) [key.to_sym, value] @@ -156,11 +160,14 @@ def get_token(params, access_token_opts = {}, access_token_class = AccessToken) end opts[:headers].merge!(headers) response = request(options[:token_method], token_url, opts) - if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token']) + + access_token = build_access_token(response, access_token_opts, extract_access_token) rescue nil + + if options[:raise_errors] && !access_token error = Error.new(response) raise(error) end - access_token_class.from_hash(self, response.parsed.merge(access_token_opts)) + access_token end # The Authorization Code strategy @@ -219,4 +226,26 @@ def redirection_params end end end + + DEFAULT_EXTRACT_ACCESS_TOKEN = proc do |client, hash| + token = hash.delete('access_token') || hash.delete(:access_token) + token && AccessToken.new(client, token, hash) + end + +private + + def build_access_token(response, access_token_opts, extract_access_token) + parsed_response = response.parsed.dup + return unless parsed_response.is_a?(Hash) + + hash = parsed_response.merge(access_token_opts) + + # Provide backwards compatibility for old AcessToken.form_hash pattern + # Should be deprecated in 2.x + if extract_access_token.is_a?(Class) && extract_access_token.respond_to?(:from_hash) + extract_access_token.from_hash(self, hash) + else + extract_access_token.call(self, hash) + end + end end diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index f045e044..2d3705d6 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -354,6 +354,122 @@ client.get_token({}) end + describe 'extract_access_token option' do + let(:client) do + client = stubbed_client(:extract_access_token => extract_access_token) do |stub| + stub.post('/oauth/token') do + [200, {'Content-Type' => 'application/json'}, MultiJson.encode('data' => {'access_token' => 'the-token'})] + end + end + end + + context "with proc extract_access_token" do + let(:extract_access_token) do + proc do |client, hash| + token = hash['data']['access_token'] + AccessToken.new(client, token, hash) + end + end + + it 'returns a configured AccessToken' do + token = client.get_token({}) + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq('the-token') + end + end + + context "with depracted Class.from_hash option" do + let(:extract_access_token) do + CustomAccessToken = Class.new(AccessToken) + CustomAccessToken.define_singleton_method(:from_hash) do |client, hash| + token = hash['data']['access_token'] + AccessToken.new(client, token, hash) + end + CustomAccessToken + end + + it 'returns a configured AccessToken' do + token = client.get_token({}) + expect(token).to be_a OAuth2::AccessToken + expect(token.token).to eq('the-token') + end + end + end + + describe ':raise_errors flag' do + let(:options) { {} } + let(:token_response) { nil } + + let(:client) do + stubbed_client(options.merge(:raise_errors => raise_errors)) do |stub| + stub.post('/oauth/token') do + # stub 200 response so that we're testing the get_token handling of :raise_errors flag not request + [200, {'Content-Type' => 'application/json'}, token_response] + end + end + end + + context 'when set to false' do + let(:raise_errors) { false } + + context 'when the request body is nil' do + it 'returns a nil :access_token' do + expect(client.get_token({})).to eq(nil) + end + end + + context 'when the request body is missing the access_token' do + let(:token_response) { MultiJson.encode('unexpected_access_token' => 'the-token') } + + it 'returns a nil :access_token' do + expect(client.get_token({})).to eq(nil) + end + end + + context 'when extract_access_token raises an exception' do + let(:options) do + { + :extract_access_token => proc { |client, hash| raise ArgumentError }, + } + end + + it 'returns a nil :access_token' do + expect(client.get_token({})).to eq(nil) + end + end + end + + context 'when set to true' do + let(:raise_errors) { true } + + context 'when the request body is nil' do + it 'raises an error' do + expect { client.get_token({}) }.to raise_error OAuth2::Error + end + end + + context 'when the request body is missing the access_token' do + let(:token_response) { MultiJson.encode('unexpected_access_token' => 'the-token') } + + it 'raises an error' do + expect { client.get_token({}) }.to raise_error OAuth2::Error + end + end + + context 'when extract_access_token raises an exception' do + let(:options) do + { + :extract_access_token => proc { |client, hash| raise ArgumentError }, + } + end + + it 'raises an error' do + expect { client.get_token({}) }.to raise_error OAuth2::Error + end + end + end + end + def stubbed_client(params = {}, &stubs) params = {:site => 'https://api.example.com'}.merge(params) OAuth2::Client.new('abc', 'def', params) do |builder| From 94b1329545d842d796a15fb67001817973031340 Mon Sep 17 00:00:00 2001 From: Matt Boldt Date: Wed, 17 Mar 2021 19:00:53 -0500 Subject: [PATCH 31/43] Bump version to 1.4.5 to release #518 (#534) * Remove deleted bin scripts from README * Bump version to 1.4.5 --- README.md | 4 ++-- lib/oauth2/version.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 55ea4d88..5a81ae3d 100644 --- a/README.md +++ b/README.md @@ -166,7 +166,7 @@ implementations: * Ruby 2.2 - Support ends with version 2.x series * Ruby 2.3 - Support ends with version 3.x series - - [JRuby 9.1][jruby-9.1] (targets MRI v2.3) + - [JRuby 9.1][jruby-9.1] (targets MRI v2.3) * Ruby 2.4 - Support ends with version 4.x series * Ruby 2.5 - Support ends with version 5.x series - [JRuby 9.2][jruby-9.2] (targets MRI v2.5) @@ -230,7 +230,7 @@ spec.add_dependency 'oauth2', '~> 1.4' ## Development -After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. +After checking out the repo, run `bundle install` to install dependencies. Then, run `rake spec` to run the tests. To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 684cdcfc..cc1365f4 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -20,7 +20,7 @@ def minor # # @return [Integer] def patch - 4 + 5 end # The pre-release version, if any From 24fcfcfc9572adeb05aaa0dd95c9e967efe044f7 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Fri, 19 Mar 2021 03:37:33 +0700 Subject: [PATCH 32/43] Switch to Github Actions for Ruby 2.4|5|6|7 & 3 (#535) * Switch to Github Actions for Ruby 2.4|5|6|7 & 3.0 * Compatibility with latest Ruby OpenSSL * Reduce Travis footprint --- .github/dependabot.yml | 8 ++ .github/workflows/style.yml | 37 ++++++++ .github/workflows/test.yml | 58 ++++++++++++ .rubocop.yml | 50 +++++++++-- .rubocop_todo.yml | 118 ++++++++++++++++++++++--- .travis.yml | 16 +--- CHANGELOG.md | 4 +- Gemfile | 49 +++++++--- README.md | 2 +- Rakefile | 2 +- gemfiles/jruby_1.7.gemfile | 2 +- gemfiles/jruby_9.0.gemfile | 2 +- gemfiles/ruby_1.9.gemfile | 2 +- gemfiles/ruby_2.1.gemfile | 6 -- gemfiles/ruby_2.2.gemfile | 3 - gemfiles/ruby_2.3.gemfile | 3 - gemfiles/ruby_2.4.gemfile | 3 - gemfiles/ruby_2.5.gemfile | 3 - gemfiles/ruby_2.6.gemfile | 9 -- gemfiles/ruby_2.7.gemfile | 9 -- gemfiles/ruby_head.gemfile | 2 +- lib/oauth2/access_token.rb | 8 +- lib/oauth2/authenticator.rb | 2 +- lib/oauth2/client.rb | 34 ++++--- lib/oauth2/mac_token.rb | 12 ++- lib/oauth2/response.rb | 8 +- lib/oauth2/strategy/assertion.rb | 6 +- lib/oauth2/strategy/password.rb | 4 +- maintenance-branch | 1 + oauth2.gemspec | 12 +-- spec/helper.rb | 8 +- spec/oauth2/access_token_spec.rb | 4 +- spec/oauth2/client_spec.rb | 28 +++--- spec/oauth2/response_spec.rb | 4 +- spec/oauth2/strategy/assertion_spec.rb | 4 +- 35 files changed, 376 insertions(+), 147 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/style.yml create mode 100644 .github/workflows/test.yml delete mode 100644 gemfiles/ruby_2.1.gemfile delete mode 100644 gemfiles/ruby_2.2.gemfile delete mode 100644 gemfiles/ruby_2.3.gemfile delete mode 100644 gemfiles/ruby_2.4.gemfile delete mode 100644 gemfiles/ruby_2.5.gemfile delete mode 100644 gemfiles/ruby_2.6.gemfile delete mode 100644 gemfiles/ruby_2.7.gemfile create mode 100644 maintenance-branch diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..a0267668 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: bundler + directory: "/" + schedule: + interval: daily + time: "04:28" + open-pull-requests-limit: 10 \ No newline at end of file diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml new file mode 100644 index 00000000..fd211ace --- /dev/null +++ b/.github/workflows/style.yml @@ -0,0 +1,37 @@ +name: Code Style Checks + +on: + push: + branches: + - 'main' + - 'master' + - '*-maintenance' + - '*-dev' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + +jobs: + rubocop: + name: Rubocop + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + strategy: + fail-fast: false + matrix: + ruby: + - 2.7 + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true + - name: Install dependencies + run: bundle install --jobs 3 --retry 3 + - name: Run Rubocop + run: bundle exec rubocop -DESP \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..9d0352ab --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,58 @@ +name: Unit Tests + +on: + push: + branches: + - 'main' + - 'master' + - '*-maintenance' + - '*-dev' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + +jobs: + test: + name: Specs - Ruby ${{ matrix.ruby }} ${{ matrix.name_extra || '' }} + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + strategy: + fail-fast: false + matrix: + ruby: + - 3.0.0 + - 2.7 + - 2.6 + - 2.5 + - 2.4 + - 2.3 + - 2.2 + - 2.1 + runs-on: ubuntu-20.04 + continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }} + steps: + - uses: amancevice/setup-code-climate@v0 + name: CodeClimate Install + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' + with: + cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }} + - uses: actions/checkout@v2 + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + bundler: ${{ matrix.bundler || 2 }} + bundler-cache: true + ruby-version: ${{ matrix.ruby }} + - name: Install dependencies + run: bundle install --jobs 3 --retry 3 --binstubs --standalone + - name: CodeClimate Pre-build Notification + run: cc-test-reporter before-build + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' + continue-on-error: ${{ matrix.allow_failures != 'false' }} + - name: Run tests + run: bundle exec rake test + - name: CodeClimate Post-build Notification + run: cc-test-reporter after-build + if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always() + continue-on-error: ${{ matrix.allow_failures != 'false' }} diff --git a/.rubocop.yml b/.rubocop.yml index c6a41973..3c1afd65 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,30 +1,42 @@ -require: rubocop-rspec inherit_from: - .rubocop_todo.yml - .rubocop_rspec.yml + +require: + - 'rubocop-md' + - 'rubocop-packaging' + - 'rubocop-performance' + - 'rubocop-rake' + - 'rubocop-rspec' + AllCops: + NewCops: enable DisplayCopNames: true # Display the name of the failing cops - TargetRubyVersion: 2.1 Exclude: - 'gemfiles/vendor/**/*' - 'vendor/**/*' - '**/.irbrc' -Gemspec/RequiredRubyVersion: - Enabled: false - Metrics/BlockLength: + IgnoredMethods: + - context + - describe + - it + - shared_context + - shared_examples + - shared_examples_for + - namespace + - draw + +Gemspec/RequiredRubyVersion: Enabled: false Metrics/BlockNesting: Max: 2 -Metrics/LineLength: +Layout/LineLength: Enabled: false -Metrics/MethodLength: - Max: 15 - Metrics/ParameterLists: Max: 4 @@ -78,3 +90,23 @@ Style/TrailingCommaInArrayLiteral: Style/TrailingCommaInHashLiteral: EnforcedStyleForMultiline: comma + +Style/HashSyntax: + EnforcedStyle: hash_rockets + +Style/Lambda: + Enabled: false + +Style/SymbolArray: + Enabled: false + +Style/EachWithObject: + Enabled: false + +# Once we drop Rubies that lack support for __dir__ we can turn this on. +Style/ExpandPathArguments: + Enabled: false + +# On Ruby 1.9 array.to_h isn't available, needs to be Hash[array] +Style/HashConversion: + Enabled: false \ No newline at end of file diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index e7701734..f430c2d1 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,15 +1,113 @@ -Style/HashSyntax: - EnforcedStyle: hash_rockets +# This configuration was generated by +# `rubocop --auto-gen-config` +# on 2021-03-18 18:59:52 UTC using RuboCop version 1.11.0. +# The point is for the user to remove these configuration records +# one by one as the offenses are removed from the code base. +# Note that changes in the inspected code, or installation of new +# versions of RuboCop, may require this file to be generated again. -Style/Lambda: - Enabled: false +# Offense count: 1 +# Configuration parameters: AllowedMethods. +# AllowedMethods: enums +Lint/ConstantDefinitionInBlock: + Exclude: + - 'spec/oauth2/client_spec.rb' -Style/SymbolArray: - Enabled: false +# Offense count: 1 +Lint/UselessAssignment: + Exclude: + - '**/*.md' + - '**/*.markdown' + - 'spec/oauth2/client_spec.rb' -Style/EachWithObject: - Enabled: false +# Offense count: 1 +# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. +# IgnoredMethods: refine +Metrics/BlockLength: + Max: 27 + +# Offense count: 4 +# Configuration parameters: IgnoredMethods. +Metrics/CyclomaticComplexity: + Max: 11 + +# Offense count: 1 +# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods. +Metrics/MethodLength: + Max: 18 + +# Offense count: 3 +# Configuration parameters: IgnoredMethods. +Metrics/PerceivedComplexity: + Max: 11 + +# Offense count: 14 +# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers. +# SupportedStyles: snake_case, normalcase, non_integer +# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339 +Naming/VariableNumber: + Exclude: + - 'Gemfile' + +# Offense count: 1 +Packaging/GemspecGit: + Exclude: + - 'oauth2.gemspec' -# Once we drop Rubies that lack support for __dir__ we can turn this on. -Style/ExpandPathArguments: +# Offense count: 2 +# Configuration parameters: MinSize. +Performance/CollectionLiteralInLoop: + Exclude: + - 'spec/oauth2/strategy/auth_code_spec.rb' + - 'spec/oauth2/strategy/client_credentials_spec.rb' + +# Offense count: 7 +# Configuration parameters: Prefixes. +# Prefixes: when, with, without +RSpec/ContextWording: + Exclude: + - 'spec/oauth2/access_token_spec.rb' + - 'spec/oauth2/authenticator_spec.rb' + - 'spec/oauth2/client_spec.rb' + +# Offense count: 1 +RSpec/LeakyConstantDeclaration: + Exclude: + - 'spec/oauth2/client_spec.rb' + +# Offense count: 8 +# Configuration parameters: AllowSubject. +RSpec/MultipleMemoizedHelpers: + Max: 6 + +# Offense count: 1 +Rake/Desc: + Exclude: + - 'Rakefile' + +# Offense count: 40 +# Cop supports --auto-correct. +# Configuration parameters: EnforcedStyle. +# SupportedStyles: always, always_true, never +Style/FrozenStringLiteralComment: Enabled: false + +# Offense count: 1 +Style/MixinUsage: + Exclude: + - 'spec/helper.rb' + +# Offense count: 1 +# Cop supports --auto-correct. +# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods. +# AllowedMethods: present?, blank?, presence, try, try! +Style/SafeNavigation: + Exclude: + - 'lib/oauth2/error.rb' + +# Offense count: 3 +# Cop supports --auto-correct. +Style/StringConcatenation: + Exclude: + - 'lib/oauth2/authenticator.rb' + - 'spec/oauth2/authenticator_spec.rb' diff --git a/.travis.yml b/.travis.yml index 6c65fe29..26059437 100644 --- a/.travis.yml +++ b/.travis.yml @@ -56,27 +56,15 @@ matrix: gemfile: gemfiles/ruby_2.0.gemfile - rvm: jruby-9.0 # targets MRI v2.0 gemfile: gemfiles/jruby_9.0.gemfile - - rvm: 2.1 - gemfile: gemfiles/ruby_2.1.gemfile # DEPRECATION WARNING + # NOTE: Specs for Ruby 2.1 are now running with Github Actions # oauth2 1.x series releases are the last to support Ruby versions above # oauth2 2.x series releases will support Ruby versions below, and not above + # NOTE: Specs for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7 & 3.0 are now running with Github Actions - rvm: jruby-9.1 # targets MRI v2.3 gemfile: gemfiles/jruby_9.1.gemfile - - rvm: 2.2 - gemfile: gemfiles/ruby_2.2.gemfile - - rvm: 2.3 - gemfile: gemfiles/ruby_2.3.gemfile - - rvm: 2.4 - gemfile: gemfiles/ruby_2.4.gemfile - rvm: jruby-9.2 # targets MRI v2.5 gemfile: gemfiles/jruby_9.2.gemfile - - rvm: 2.5 - gemfile: gemfiles/ruby_2.5.gemfile - - rvm: 2.6 - gemfile: gemfiles/ruby_2.6.gemfile - - rvm: 2.7 - gemfile: gemfiles/ruby_2.7.gemfile - rvm: jruby-head gemfile: gemfiles/jruby_head.gemfile - rvm: ruby-head diff --git a/CHANGELOG.md b/CHANGELOG.md index e8303128..e1e04a6a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,9 @@ # Change Log All notable changes to this project will be documented in this file. -## [unreleased] +## unreleased -- no changes yet +- [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) ## [1.4.4] - 2020-02-12 diff --git a/Gemfile b/Gemfile index 0dbce159..4657b438 100644 --- a/Gemfile +++ b/Gemfile @@ -1,29 +1,52 @@ +# frozen_string_literal: true + source 'https://rubygems.org' +gemspec + git_source(:github) { |repo_name| "https://github.com/#{repo_name}" } gem 'faraday', ['>= 0.8', '< 2.0'], :platforms => [:jruby_18, :ruby_18] gem 'jwt', '< 1.5.2', :platforms => [:jruby_18, :ruby_18] gem 'rake', '< 11.0' -gem 'rdoc', '~> 4.2.2' -group :test do - ruby_version = Gem::Version.new(RUBY_VERSION) - if ruby_version >= Gem::Version.new('2.1') - # TODO: Upgrade to >= 0.59 when we drop Rubies below 2.2 - # Error: Unsupported Ruby version 2.1 found in `TargetRubyVersion` parameter (in .rubocop.yml). 2.1-compatible analysis was dropped after version 0.58. - # Supported versions: 2.2, 2.3, 2.4, 2.5 - gem 'rubocop', '~> 0.57.0' - gem 'rubocop-rspec', '~> 1.27.0' # last version that can use rubocop < 0.58 +ruby_version = Gem::Version.new(RUBY_VERSION) + +### deps for documentation and rdoc.info +group :documentation do + gem 'github-markup', :platform => :mri + gem 'rdoc' + gem 'redcarpet', :platform => :mri + gem 'yard', :require => false +end + +group :development, :test do + if ruby_version >= Gem::Version.new('2.4') + # No need to run byebug / pry on earlier versions + gem 'byebug', :platform => :mri + gem 'pry', :platform => :mri + gem 'pry-byebug', :platform => :mri end - gem 'pry', '~> 0.11' if ruby_version >= Gem::Version.new('2.0') + if ruby_version >= Gem::Version.new('2.7') + # No need to run rubocop or simplecov on earlier versions + gem 'rubocop', '~> 1.9', :platform => :mri + gem 'rubocop-md', :platform => :mri + gem 'rubocop-packaging', :platform => :mri + gem 'rubocop-performance', :platform => :mri + gem 'rubocop-rake', :platform => :mri + gem 'rubocop-rspec', :platform => :mri + + gem 'coveralls' + gem 'simplecov', :platform => :mri + end +end + +group :test do gem 'addressable', '~> 2.3.8' gem 'backports' - gem 'coveralls' gem 'rack', '~> 1.2', :platforms => [:jruby_18, :jruby_19, :ruby_18, :ruby_19, :ruby_20, :ruby_21] gem 'rspec', '>= 3' - gem 'simplecov', '>= 0.9' platforms :jruby_18, :ruby_18 do gem 'mime-types', '~> 1.25' @@ -36,5 +59,3 @@ group :test do gem 'tins', '< 1.7' end end - -gemspec diff --git a/README.md b/README.md index 5a81ae3d..8cff087e 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ client.auth_code.authorize_url(:redirect_uri => 'http://localhost:8080/oauth2/ca # => "https://example.org/oauth/authorization?response_type=code&client_id=client_id&redirect_uri=http://localhost:8080/oauth2/callback" token = client.auth_code.get_token('authorization_code_value', :redirect_uri => 'http://localhost:8080/oauth2/callback', :headers => {'Authorization' => 'Basic some_password'}) -response = token.get('/api/resource', :params => { 'query_foo' => 'bar' }) +response = token.get('/api/resource', :params => {'query_foo' => 'bar'}) response.class.name # => OAuth2::Response ``` diff --git a/Rakefile b/Rakefile index 1066a1b6..19bdfa31 100644 --- a/Rakefile +++ b/Rakefile @@ -33,7 +33,7 @@ end namespace :doc do require 'rdoc/task' - require File.expand_path('../lib/oauth2/version', __FILE__) + require 'oauth2/version' RDoc::Task.new do |rdoc| rdoc.rdoc_dir = 'rdoc' rdoc.title = "oauth2 #{OAuth2::Version}" diff --git a/gemfiles/jruby_1.7.gemfile b/gemfiles/jruby_1.7.gemfile index bbef7523..276621ef 100644 --- a/gemfiles/jruby_1.7.gemfile +++ b/gemfiles/jruby_1.7.gemfile @@ -4,7 +4,7 @@ gem 'faraday', '~> 0.15.4' gem 'json', '< 2.0' gem 'rack', '~> 1.2' -gem 'rake', [">= 10.0", "< 12"] +gem 'rake', ['>= 10.0', '< 12'] gem 'term-ansicolor', '< 1.4.0' gem 'tins', '< 1.7' diff --git a/gemfiles/jruby_9.0.gemfile b/gemfiles/jruby_9.0.gemfile index 13fd08d3..6d3ebd53 100644 --- a/gemfiles/jruby_9.0.gemfile +++ b/gemfiles/jruby_9.0.gemfile @@ -2,6 +2,6 @@ source 'https://rubygems.org' gem 'faraday', '~> 0.15.4' -gem 'rake', [">= 10.0", "< 12"] +gem 'rake', ['>= 10.0', '< 12'] gemspec :path => '../' diff --git a/gemfiles/ruby_1.9.gemfile b/gemfiles/ruby_1.9.gemfile index bbef7523..276621ef 100644 --- a/gemfiles/ruby_1.9.gemfile +++ b/gemfiles/ruby_1.9.gemfile @@ -4,7 +4,7 @@ gem 'faraday', '~> 0.15.4' gem 'json', '< 2.0' gem 'rack', '~> 1.2' -gem 'rake', [">= 10.0", "< 12"] +gem 'rake', ['>= 10.0', '< 12'] gem 'term-ansicolor', '< 1.4.0' gem 'tins', '< 1.7' diff --git a/gemfiles/ruby_2.1.gemfile b/gemfiles/ruby_2.1.gemfile deleted file mode 100644 index 87a679f6..00000000 --- a/gemfiles/ruby_2.1.gemfile +++ /dev/null @@ -1,6 +0,0 @@ -source 'https://rubygems.org' - -gem 'faraday', '~> 0.15.4' -gem 'rack', '~> 1.2' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.2.gemfile b/gemfiles/ruby_2.2.gemfile deleted file mode 100644 index a02c547f..00000000 --- a/gemfiles/ruby_2.2.gemfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://rubygems.org' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.3.gemfile b/gemfiles/ruby_2.3.gemfile deleted file mode 100644 index a02c547f..00000000 --- a/gemfiles/ruby_2.3.gemfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://rubygems.org' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.4.gemfile b/gemfiles/ruby_2.4.gemfile deleted file mode 100644 index a02c547f..00000000 --- a/gemfiles/ruby_2.4.gemfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://rubygems.org' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.5.gemfile b/gemfiles/ruby_2.5.gemfile deleted file mode 100644 index a02c547f..00000000 --- a/gemfiles/ruby_2.5.gemfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://rubygems.org' - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.6.gemfile b/gemfiles/ruby_2.6.gemfile deleted file mode 100644 index 822e2f2c..00000000 --- a/gemfiles/ruby_2.6.gemfile +++ /dev/null @@ -1,9 +0,0 @@ -source 'https://rubygems.org' - -group :development do - gem 'pry' - gem 'byebug' - gem 'pry-byebug' -end - -gemspec :path => '../' diff --git a/gemfiles/ruby_2.7.gemfile b/gemfiles/ruby_2.7.gemfile deleted file mode 100644 index 822e2f2c..00000000 --- a/gemfiles/ruby_2.7.gemfile +++ /dev/null @@ -1,9 +0,0 @@ -source 'https://rubygems.org' - -group :development do - gem 'pry' - gem 'byebug' - gem 'pry-byebug' -end - -gemspec :path => '../' diff --git a/gemfiles/ruby_head.gemfile b/gemfiles/ruby_head.gemfile index 822e2f2c..c7a3bfd9 100644 --- a/gemfiles/ruby_head.gemfile +++ b/gemfiles/ruby_head.gemfile @@ -1,8 +1,8 @@ source 'https://rubygems.org' group :development do - gem 'pry' gem 'byebug' + gem 'pry' gem 'pry-byebug' end diff --git a/lib/oauth2/access_token.rb b/lib/oauth2/access_token.rb index 656eccba..db8c2239 100644 --- a/lib/oauth2/access_token.rb +++ b/lib/oauth2/access_token.rb @@ -49,9 +49,9 @@ def initialize(client, token, opts = {}) # rubocop:disable Metrics/AbcSize @expires_in &&= @expires_in.to_i @expires_at &&= convert_expires_at(@expires_at) @expires_at ||= Time.now.to_i + @expires_in if @expires_in - @options = {:mode => opts.delete(:mode) || :header, + @options = {:mode => opts.delete(:mode) || :header, :header_format => opts.delete(:header_format) || 'Bearer %s', - :param_name => opts.delete(:param_name) || 'access_token'} + :param_name => opts.delete(:param_name) || 'access_token'} @params = opts end @@ -82,6 +82,7 @@ def expired? # @note options should be carried over to the new AccessToken def refresh!(params = {}) raise('A refresh_token is not available') unless refresh_token + params[:grant_type] = 'refresh_token' params[:refresh_token] = refresh_token new_token = @client.get_token(params) @@ -150,7 +151,7 @@ def headers private - def configure_authentication!(opts) # rubocop:disable MethodLength, Metrics/AbcSize + def configure_authentication!(opts) # rubocop:disable Metrics/AbcSize case options[:mode] when :header opts[:headers] ||= {} @@ -175,6 +176,7 @@ def convert_expires_at(expires_at) expires_at_i = expires_at.to_i return expires_at_i if expires_at_i > Time.now.utc.to_i return Time.parse(expires_at).to_i if expires_at.is_a?(String) + expires_at_i end end diff --git a/lib/oauth2/authenticator.rb b/lib/oauth2/authenticator.rb index 6194b837..9588da34 100644 --- a/lib/oauth2/authenticator.rb +++ b/lib/oauth2/authenticator.rb @@ -49,7 +49,7 @@ def apply_params_auth(params) # When using schemes that don't require the client_secret to be passed i.e TLS Client Auth, # we don't want to send the secret def apply_client_id(params) - { 'client_id' => id }.merge(params) + {'client_id' => id}.merge(params) end # Adds an `Authorization` header with Basic Auth credentials if and only if diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index eb354a45..1cba2402 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -36,16 +36,16 @@ def initialize(client_id, client_secret, options = {}, &block) ssl = opts.delete(:ssl) @options = { - :authorize_url => '/oauth/authorize', - :token_url => '/oauth/token', - :token_method => :post, - :auth_scheme => :request_body, - :connection_opts => {}, - :connection_build => block, - :max_redirects => 5, - :raise_errors => true, - :extract_access_token => DEFAULT_EXTRACT_ACCESS_TOKEN - }.merge(opts) + :authorize_url => '/oauth/authorize', + :token_url => '/oauth/token', + :token_method => :post, + :auth_scheme => :request_body, + :connection_opts => {}, + :connection_build => block, + :max_redirects => 5, + :raise_errors => true, + :extract_access_token => DEFAULT_EXTRACT_ACCESS_TOKEN, + }.merge(opts) @options[:connection_opts][:ssl] = ssl if ssl end @@ -97,7 +97,7 @@ def token_url(params = nil) # code response for this request. Will default to client option # @option opts [Symbol] :parse @see Response::initialize # @yield [req] The Faraday request - def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity + def request(verb, url, opts = {}) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize connection.response :logger, ::Logger.new($stdout) if ENV['OAUTH_DEBUG'] == 'true' url = connection.build_url(url).to_s @@ -113,6 +113,7 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method opts[:redirect_count] ||= 0 opts[:redirect_count] += 1 return response if opts[:redirect_count] > options[:max_redirects] + if response.status == 303 verb = :get opts.delete(:body) @@ -124,6 +125,7 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method when 400..599 error = Error.new(response) raise(error) if opts.fetch(:raise_errors, options[:raise_errors]) + response.error = error response else @@ -138,7 +140,7 @@ def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, Method # @param [Hash] access token options, to pass to the AccessToken object # @param [Class] class of access token for easier subclassing OAuth2::AccessToken # @return [AccessToken] the initialized AccessToken - def get_token(params, access_token_opts = {}, extract_access_token = options[:extract_access_token]) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity + def get_token(params, access_token_opts = {}, extract_access_token = options[:extract_access_token]) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength params = params.map do |key, value| if RESERVED_PARAM_KEYS.include?(key) [key.to_sym, value] @@ -161,7 +163,11 @@ def get_token(params, access_token_opts = {}, extract_access_token = options[:ex opts[:headers].merge!(headers) response = request(options[:token_method], token_url, opts) - access_token = build_access_token(response, access_token_opts, extract_access_token) rescue nil + access_token = begin + build_access_token(response, access_token_opts, extract_access_token) + rescue StandardError + nil + end if options[:raise_errors] && !access_token error = Error.new(response) @@ -243,7 +249,7 @@ def build_access_token(response, access_token_opts, extract_access_token) # Provide backwards compatibility for old AcessToken.form_hash pattern # Should be deprecated in 2.x if extract_access_token.is_a?(Class) && extract_access_token.respond_to?(:from_hash) - extract_access_token.from_hash(self, hash) + extract_access_token.from_hash(self, hash) else extract_access_token.call(self, hash) end diff --git a/lib/oauth2/mac_token.rb b/lib/oauth2/mac_token.rb index db7d4d77..99c6f5ec 100644 --- a/lib/oauth2/mac_token.rb +++ b/lib/oauth2/mac_token.rb @@ -98,9 +98,17 @@ def algorithm=(alg) @algorithm = begin case alg.to_s when 'hmac-sha-1' - OpenSSL::Digest::SHA1.new + begin + OpenSSL::Digest('SHA1').new + rescue StandardError + OpenSSL::Digest.new('SHA1') + end when 'hmac-sha-256' - OpenSSL::Digest::SHA256.new + begin + OpenSSL::Digest('SHA256').new + rescue StandardError + OpenSSL::Digest.new('SHA256') + end else raise(ArgumentError, 'Unsupported algorithm') end diff --git a/lib/oauth2/response.rb b/lib/oauth2/response.rb index 13657fd9..fd98617b 100644 --- a/lib/oauth2/response.rb +++ b/lib/oauth2/response.rb @@ -11,9 +11,9 @@ class Response # Procs that, when called, will parse a response body according # to the specified format. @@parsers = { - :json => lambda { |body| MultiJson.load(body) rescue body }, # rubocop:disable RescueModifier + :json => lambda { |body| MultiJson.load(body) rescue body }, # rubocop:disable Style/RescueModifier :query => lambda { |body| Rack::Utils.parse_query(body) }, - :text => lambda { |body| body }, + :text => lambda { |body| body }, } # Content type assignments for various potential HTTP content types. @@ -68,6 +68,7 @@ def body # application/json Content-Type response bodies def parsed return nil unless @@parsers.key?(parser) + @parsed ||= @@parsers[parser].call(body) end @@ -79,11 +80,12 @@ def content_type # Determines the parser that will be used to supply the content of #parsed def parser return options[:parse].to_sym if @@parsers.key?(options[:parse]) + @@content_types[content_type] end end end OAuth2::Response.register_parser(:xml, ['text/xml', 'application/rss+xml', 'application/rdf+xml', 'application/atom+xml']) do |body| - MultiXml.parse(body) rescue body # rubocop:disable RescueModifier + MultiXml.parse(body) rescue body # rubocop:disable Style/RescueModifier end diff --git a/lib/oauth2/strategy/assertion.rb b/lib/oauth2/strategy/assertion.rb index b3b577be..8dc27b50 100644 --- a/lib/oauth2/strategy/assertion.rb +++ b/lib/oauth2/strategy/assertion.rb @@ -50,10 +50,10 @@ def get_token(params = {}, opts = {}) def build_request(params) assertion = build_assertion(params) { - :grant_type => 'assertion', + :grant_type => 'assertion', :assertion_type => 'urn:ietf:params:oauth:grant-type:jwt-bearer', - :assertion => assertion, - :scope => params[:scope], + :assertion => assertion, + :scope => params[:scope], } end diff --git a/lib/oauth2/strategy/password.rb b/lib/oauth2/strategy/password.rb index 49bfc6e3..075dec51 100644 --- a/lib/oauth2/strategy/password.rb +++ b/lib/oauth2/strategy/password.rb @@ -18,8 +18,8 @@ def authorize_url # @param [Hash] params additional params def get_token(username, password, params = {}, opts = {}) params = {'grant_type' => 'password', - 'username' => username, - 'password' => password}.merge(params) + 'username' => username, + 'password' => password}.merge(params) @client.get_token(params, opts) end end diff --git a/maintenance-branch b/maintenance-branch new file mode 100644 index 00000000..8b25206f --- /dev/null +++ b/maintenance-branch @@ -0,0 +1 @@ +master \ No newline at end of file diff --git a/oauth2.gemspec b/oauth2.gemspec index 1e8b8aa1..9c58103b 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -23,11 +23,11 @@ Gem::Specification.new do |spec| spec.version = OAuth2::Version spec.metadata = { - 'bug_tracker_uri' => 'https://github.com/oauth-xx/oauth2/issues', - 'changelog_uri' => "https://github.com/oauth-xx/oauth2/blob/v#{spec.version}/CHANGELOG.md", + 'bug_tracker_uri' => 'https://github.com/oauth-xx/oauth2/issues', + 'changelog_uri' => "https://github.com/oauth-xx/oauth2/blob/v#{spec.version}/CHANGELOG.md", 'documentation_uri' => "https://www.rubydoc.info/gems/oauth2/#{spec.version}", - 'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}", - 'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki' + 'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}", + 'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki', } spec.require_paths = %w[lib] @@ -44,9 +44,9 @@ Gem::Specification.new do |spec| spec.add_development_dependency 'rake', '~> 12.3' spec.add_development_dependency 'rdoc', ['>= 5.0', '< 7'] spec.add_development_dependency 'rspec', '~> 3.0' - spec.add_development_dependency 'rspec-stubbed_env' - spec.add_development_dependency 'rspec-pending_for' spec.add_development_dependency 'rspec-block_is_expected' + spec.add_development_dependency 'rspec-pending_for' + spec.add_development_dependency 'rspec-stubbed_env' spec.add_development_dependency 'silent_stream' spec.add_development_dependency 'wwtd' end diff --git a/spec/helper.rb b/spec/helper.rb index e3cf4805..5ce4d82f 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -1,6 +1,8 @@ DEBUG = ENV['DEBUG'] == 'true' -if RUBY_VERSION >= '1.9' +ruby_version = Gem::Version.new(RUBY_VERSION) + +if ruby_version >= Gem::Version.new('2.7') require 'simplecov' require 'coveralls' @@ -12,9 +14,7 @@ end end -if DEBUG && RUBY_VERSION >= '2.6' - require 'byebug' -end +require 'byebug' if DEBUG && ruby_version >= Gem::Version.new('2.4') require 'oauth2' require 'addressable/uri' diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index cb3f45f3..93890491 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -167,8 +167,8 @@ def assert_initialized_token(target) # rubocop:disable Metrics/AbcSize describe '#refresh!' do let(:access) do described_class.new(client, token, :refresh_token => 'abaca', - :expires_in => 600, - :param_name => 'o_param') + :expires_in => 600, + :param_name => 'o_param') end it 'returns a refresh token with appropriate values carried over' do diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 2d3705d6..46f75b4b 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -169,7 +169,7 @@ end end end - header_params = {'headers' => { 'CustomHeader' => 'CustomHeader' }} + header_params = {'headers' => {'CustomHeader' => 'CustomHeader'}} client.auth_code.get_token('code', header_params) end end @@ -184,7 +184,7 @@ end end end - header_params = {headers: { 'CustomHeader' => 'CustomHeader' }} + header_params = {:headers => {'CustomHeader' => 'CustomHeader'}} client.auth_code.get_token('code', header_params) end end @@ -199,7 +199,7 @@ end end end - header_params = {'headers' => { 'CustomHeader' => 'CustomHeader' }} + header_params = {'headers' => {'CustomHeader' => 'CustomHeader'}} client.auth_code.get_token('code', header_params) end end @@ -214,7 +214,7 @@ end end end - header_params = {headers: { 'CustomHeader' => 'CustomHeader' }} + header_params = {:headers => {'CustomHeader' => 'CustomHeader'}} client.auth_code.get_token('code', header_params) end end @@ -274,12 +274,13 @@ end end + # rubocop:disable Style/RedundantBegin it 're-encodes response body in the error message' do begin subject.request(:get, '/ascii_8bit_encoding') - rescue StandardError => ex - expect(ex.message.encoding.name).to eq('UTF-8') - expect(ex.message).to eq("invalid_request: é\n{\"error\":\"invalid_request\",\"error_description\":\"��\"}") + rescue StandardError => e + expect(e.message.encoding.name).to eq('UTF-8') + expect(e.message).to eq("invalid_request: é\n{\"error\":\"invalid_request\",\"error_description\":\"��\"}") end end @@ -302,12 +303,14 @@ expect(e.to_s).to match(/unknown error/) end end + # rubocop:enable Style/RedundantBegin context 'with ENV' do include_context 'with stubbed env' before do stub_env('OAUTH_DEBUG' => 'true') end + it 'outputs to $stdout when OAUTH_DEBUG=true' do output = capture(:stdout) do subject.request(:get, '/success') @@ -315,7 +318,7 @@ logs = [ '-- request: GET https://api.example.com/success', '-- response: Status 200', - '-- response: Content-Type: "text/awesome"' + '-- response: Content-Type: "text/awesome"', ] expect(output).to include(*logs) end @@ -348,6 +351,7 @@ client = stubbed_client(:auth_scheme => :basic_auth) do |stub| stub.post('/oauth/token') do |env| raise Faraday::Adapter::Test::Stubs::NotFound unless env[:request_headers]['Authorization'] == OAuth2::Authenticator.encode_basic_auth('abc', 'def') + [200, {'Content-Type' => 'application/json'}, MultiJson.encode('access_token' => 'the-token')] end end @@ -355,7 +359,7 @@ end describe 'extract_access_token option' do - let(:client) do + let(:client) do client = stubbed_client(:extract_access_token => extract_access_token) do |stub| stub.post('/oauth/token') do [200, {'Content-Type' => 'application/json'}, MultiJson.encode('data' => {'access_token' => 'the-token'})] @@ -363,7 +367,7 @@ end end - context "with proc extract_access_token" do + context 'with proc extract_access_token' do let(:extract_access_token) do proc do |client, hash| token = hash['data']['access_token'] @@ -378,10 +382,10 @@ end end - context "with depracted Class.from_hash option" do + context 'with depracted Class.from_hash option' do let(:extract_access_token) do CustomAccessToken = Class.new(AccessToken) - CustomAccessToken.define_singleton_method(:from_hash) do |client, hash| + CustomAccessToken.define_singleton_method(:from_hash) do |client, hash| token = hash['data']['access_token'] AccessToken.new(client, token, hash) end diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index ace9ac52..f402455a 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -8,8 +8,8 @@ it 'returns the status, headers and body' do response = double('response', :headers => headers, - :status => status, - :body => body) + :status => status, + :body => body) subject = Response.new(response) expect(subject.headers).to eq(headers) expect(subject.status).to eq(status) diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index 36ea17de..a40220f4 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -22,8 +22,8 @@ let(:params) do { - :hmac_secret => 'foo', - :exp => Time.now.utc.to_i + 3600 + :hmac_secret => 'foo', + :exp => Time.now.utc.to_i + 3600, } end From a7f949e70062b914744b8a8ee26cc5b9bea6546e Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 14:39:35 -0600 Subject: [PATCH 33/43] CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1e04a6a..eafc3a2f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. ## unreleased +- [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions (@pboling) - [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) ## [1.4.4] - 2020-02-12 From 6743d0c64eaf560f5fc12f486f94087f069f4fa8 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 14:40:34 -0600 Subject: [PATCH 34/43] Update Code of Conduct to v2.0 --- CODE_OF_CONDUCT.md | 151 +++++++++++++++++++++++++++++++-------------- 1 file changed, 105 insertions(+), 46 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 395b407d..99ab478b 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,74 +1,133 @@ + # Contributor Covenant Code of Conduct ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, gender identity and expression, level of experience, -nationality, personal appearance, race, religion, or sexual identity and -orientation. +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to a positive environment for our +community include: -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community -Examples of unacceptable behavior by participants include: +Examples of unacceptable behavior include: -* The use of sexualized language or imagery and unwelcome sexual attention or -advances -* Trolling, insulting/derogatory comments, and personal or political attacks +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks * Public or private harassment -* Publishing others' private information, such as a physical or electronic - address, without explicit permission +* Publishing others' private information, such as a physical or email + address, without their explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting -## Our Responsibilities +## Enforcement Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at peter.boling@gmail.com. All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. +reported to the community leaders responsible for enforcement at +[INSERT CONTACT METHOD]. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at [http://contributor-covenant.org/version/1/4][version] +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available +at [https://www.contributor-covenant.org/translations][translations]. -[homepage]: http://contributor-covenant.org -[version]: http://contributor-covenant.org/version/1/4/ +[homepage]: https://www.contributor-covenant.org +[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations From 24961fcbad975301e489888e9a53e2456ff6a619 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 15:46:50 -0600 Subject: [PATCH 35/43] Prep for 1.4.5 release --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index eafc3a2f..6e718feb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file. ## unreleased +## [1.4.5] - 2020-03-18 + - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions (@pboling) - [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) From 8fcf3d7c1638bc97df8fbffaee63977a88d6c070 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 15:53:03 -0600 Subject: [PATCH 36/43] Add a VERSION constant --- .rspec | 2 ++ lib/oauth2/version.rb | 1 + spec/oauth2/access_token_spec.rb | 2 -- spec/oauth2/authenticator_spec.rb | 2 -- spec/oauth2/mac_token_spec.rb | 2 -- spec/oauth2/response_spec.rb | 2 -- spec/oauth2/strategy/assertion_spec.rb | 2 -- spec/oauth2/strategy/auth_code_spec.rb | 2 -- spec/oauth2/strategy/base_spec.rb | 2 -- spec/oauth2/strategy/client_credentials_spec.rb | 2 -- spec/oauth2/strategy/implicit_spec.rb | 2 -- spec/oauth2/strategy/password_spec.rb | 2 -- spec/oauth2/version_spec.rb | 7 +++++++ 13 files changed, 10 insertions(+), 20 deletions(-) create mode 100644 spec/oauth2/version_spec.rb diff --git a/.rspec b/.rspec index 09127182..3629a4a1 100644 --- a/.rspec +++ b/.rspec @@ -1,2 +1,4 @@ --color --order random +--require helper +--format=documentation diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index cc1365f4..3d6984fb 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -1,5 +1,6 @@ module OAuth2 module Version + VERSION = to_s module_function # The major version diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 93890491..868aaf8e 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -1,5 +1,3 @@ -require 'helper' - describe AccessToken do subject { described_class.new(client, token) } diff --git a/spec/oauth2/authenticator_spec.rb b/spec/oauth2/authenticator_spec.rb index e4d60482..48cbac9b 100644 --- a/spec/oauth2/authenticator_spec.rb +++ b/spec/oauth2/authenticator_spec.rb @@ -1,5 +1,3 @@ -require 'helper' - describe OAuth2::Authenticator do subject do described_class.new(client_id, client_secret, mode) diff --git a/spec/oauth2/mac_token_spec.rb b/spec/oauth2/mac_token_spec.rb index add5f72e..b18c2469 100644 --- a/spec/oauth2/mac_token_spec.rb +++ b/spec/oauth2/mac_token_spec.rb @@ -1,5 +1,3 @@ -require 'helper' - describe MACToken do subject { described_class.new(client, token, 'abc123') } diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index f402455a..9672b52c 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -1,5 +1,3 @@ -require 'helper' - describe OAuth2::Response do describe '#initialize' do let(:status) { 200 } diff --git a/spec/oauth2/strategy/assertion_spec.rb b/spec/oauth2/strategy/assertion_spec.rb index a40220f4..148e3e3a 100644 --- a/spec/oauth2/strategy/assertion_spec.rb +++ b/spec/oauth2/strategy/assertion_spec.rb @@ -1,5 +1,3 @@ -require 'helper' - describe OAuth2::Strategy::Assertion do subject { client.assertion } diff --git a/spec/oauth2/strategy/auth_code_spec.rb b/spec/oauth2/strategy/auth_code_spec.rb index bcb1984f..36cd3a5a 100644 --- a/spec/oauth2/strategy/auth_code_spec.rb +++ b/spec/oauth2/strategy/auth_code_spec.rb @@ -1,7 +1,5 @@ # encoding: utf-8 -require 'helper' - describe OAuth2::Strategy::AuthCode do subject { client.auth_code } diff --git a/spec/oauth2/strategy/base_spec.rb b/spec/oauth2/strategy/base_spec.rb index fb59e963..67c66d1a 100644 --- a/spec/oauth2/strategy/base_spec.rb +++ b/spec/oauth2/strategy/base_spec.rb @@ -1,5 +1,3 @@ -require 'helper' - describe OAuth2::Strategy::Base do it 'initializes with a Client' do expect { described_class.new(OAuth2::Client.new('abc', 'def')) }.not_to raise_error diff --git a/spec/oauth2/strategy/client_credentials_spec.rb b/spec/oauth2/strategy/client_credentials_spec.rb index 11d3b525..4f91bfd5 100644 --- a/spec/oauth2/strategy/client_credentials_spec.rb +++ b/spec/oauth2/strategy/client_credentials_spec.rb @@ -1,5 +1,3 @@ -require 'helper' - describe OAuth2::Strategy::ClientCredentials do subject { client.client_credentials } diff --git a/spec/oauth2/strategy/implicit_spec.rb b/spec/oauth2/strategy/implicit_spec.rb index 7f48ec04..c4df8ebd 100644 --- a/spec/oauth2/strategy/implicit_spec.rb +++ b/spec/oauth2/strategy/implicit_spec.rb @@ -1,5 +1,3 @@ -require 'helper' - describe OAuth2::Strategy::Implicit do subject { client.implicit } diff --git a/spec/oauth2/strategy/password_spec.rb b/spec/oauth2/strategy/password_spec.rb index 0c9a07dd..c8b006aa 100644 --- a/spec/oauth2/strategy/password_spec.rb +++ b/spec/oauth2/strategy/password_spec.rb @@ -1,5 +1,3 @@ -require 'helper' - describe OAuth2::Strategy::Password do subject { client.password } diff --git a/spec/oauth2/version_spec.rb b/spec/oauth2/version_spec.rb new file mode 100644 index 00000000..27cba9e0 --- /dev/null +++ b/spec/oauth2/version_spec.rb @@ -0,0 +1,7 @@ +describe OAuth2::Version do + context 'Constant' do + it 'is a sting' do + expect(OAuth2::Version::VERSION).to be_a(String) + end + end +end \ No newline at end of file From e395da8299cdef70138667656f68e2fbdc3d5402 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 15:54:23 -0600 Subject: [PATCH 37/43] Improve version --- oauth2.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 9c58103b..86a825c7 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -20,7 +20,7 @@ Gem::Specification.new do |spec| spec.required_ruby_version = '>= 1.9.0' spec.required_rubygems_version = '>= 1.3.5' spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.' - spec.version = OAuth2::Version + spec.version = OAuth2::Version.to_s spec.metadata = { 'bug_tracker_uri' => 'https://github.com/oauth-xx/oauth2/issues', From 5f54ebec470aec2043790ef1b7e2f6579fcfc205 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 16:01:46 -0600 Subject: [PATCH 38/43] Typo in CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e718feb..17811d16 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ All notable changes to this project will be documented in this file. ## unreleased -## [1.4.5] - 2020-03-18 +## [1.4.5] - 2021-03-18 - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions (@pboling) - [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer) From c2bc396076acc0aa8409dbb348cb3a04c145b470 Mon Sep 17 00:00:00 2001 From: Anders Carling Date: Fri, 19 Mar 2021 03:13:43 +0100 Subject: [PATCH 39/43] Fix crash in OAuth2::Client#get_token (#537) `def build_access_token` as not found as it was implemented on OAuth2 instead of OAuth2::Client --- lib/oauth2/client.rb | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index 1cba2402..f98a9f37 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -231,27 +231,27 @@ def redirection_params {} end end - end - DEFAULT_EXTRACT_ACCESS_TOKEN = proc do |client, hash| - token = hash.delete('access_token') || hash.delete(:access_token) - token && AccessToken.new(client, token, hash) - end + DEFAULT_EXTRACT_ACCESS_TOKEN = proc do |client, hash| + token = hash.delete('access_token') || hash.delete(:access_token) + token && AccessToken.new(client, token, hash) + end -private + private - def build_access_token(response, access_token_opts, extract_access_token) - parsed_response = response.parsed.dup - return unless parsed_response.is_a?(Hash) + def build_access_token(response, access_token_opts, extract_access_token) + parsed_response = response.parsed.dup + return unless parsed_response.is_a?(Hash) - hash = parsed_response.merge(access_token_opts) + hash = parsed_response.merge(access_token_opts) - # Provide backwards compatibility for old AcessToken.form_hash pattern - # Should be deprecated in 2.x - if extract_access_token.is_a?(Class) && extract_access_token.respond_to?(:from_hash) - extract_access_token.from_hash(self, hash) - else - extract_access_token.call(self, hash) + # Provide backwards compatibility for old AcessToken.form_hash pattern + # Should be deprecated in 2.x + if extract_access_token.is_a?(Class) && extract_access_token.respond_to?(:from_hash) + extract_access_token.from_hash(self, hash) + else + extract_access_token.call(self, hash) + end end end end From ad62ca1e87b5a75c8fc3a0f8aa7af6ddd5a0d054 Mon Sep 17 00:00:00 2001 From: Anders Carling Date: Fri, 19 Mar 2021 03:16:39 +0100 Subject: [PATCH 40/43] Remove reliance on globally included OAuth2 in tests for version 1.4 (#538) --- lib/oauth2/client.rb | 1 + spec/helper.rb | 5 ----- spec/oauth2/access_token_spec.rb | 4 ++-- spec/oauth2/client_spec.rb | 6 +++--- spec/oauth2/mac_token_spec.rb | 6 +++--- spec/oauth2/response_spec.rb | 8 ++++---- 6 files changed, 13 insertions(+), 17 deletions(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index f98a9f37..a3c64d10 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -166,6 +166,7 @@ def get_token(params, access_token_opts = {}, extract_access_token = options[:ex access_token = begin build_access_token(response, access_token_opts, extract_access_token) rescue StandardError + raise nil end diff --git a/spec/helper.rb b/spec/helper.rb index 5ce4d82f..8b64d420 100644 --- a/spec/helper.rb +++ b/spec/helper.rb @@ -30,11 +30,6 @@ Faraday.default_adapter = :test -# This is dangerous - HERE BE DRAGONS. -# It allows us to refer to classes without the namespace, but at what cost?!? -# TODO: Refactor to use explicit references everywhere -include OAuth2 - RSpec.configure do |conf| conf.include SilentStream end diff --git a/spec/oauth2/access_token_spec.rb b/spec/oauth2/access_token_spec.rb index 868aaf8e..c586bc4c 100644 --- a/spec/oauth2/access_token_spec.rb +++ b/spec/oauth2/access_token_spec.rb @@ -1,10 +1,10 @@ -describe AccessToken do +describe OAuth2::AccessToken do subject { described_class.new(client, token) } let(:token) { 'monkey' } let(:refresh_body) { MultiJson.encode(:access_token => 'refreshed_foo', :expires_in => 600, :refresh_token => 'refresh_bar') } let(:client) do - Client.new('abc', 'def', :site => 'https://api.example.com') do |builder| + OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com') do |builder| builder.request :url_encoded builder.adapter :test do |stub| VERBS.each do |verb| diff --git a/spec/oauth2/client_spec.rb b/spec/oauth2/client_spec.rb index 46f75b4b..583ea12f 100644 --- a/spec/oauth2/client_spec.rb +++ b/spec/oauth2/client_spec.rb @@ -371,7 +371,7 @@ let(:extract_access_token) do proc do |client, hash| token = hash['data']['access_token'] - AccessToken.new(client, token, hash) + OAuth2::AccessToken.new(client, token, hash) end end @@ -384,10 +384,10 @@ context 'with depracted Class.from_hash option' do let(:extract_access_token) do - CustomAccessToken = Class.new(AccessToken) + CustomAccessToken = Class.new(OAuth2::AccessToken) CustomAccessToken.define_singleton_method(:from_hash) do |client, hash| token = hash['data']['access_token'] - AccessToken.new(client, token, hash) + OAuth2::AccessToken.new(client, token, hash) end CustomAccessToken end diff --git a/spec/oauth2/mac_token_spec.rb b/spec/oauth2/mac_token_spec.rb index b18c2469..0685350f 100644 --- a/spec/oauth2/mac_token_spec.rb +++ b/spec/oauth2/mac_token_spec.rb @@ -1,9 +1,9 @@ -describe MACToken do +describe OAuth2::MACToken do subject { described_class.new(client, token, 'abc123') } let(:token) { 'monkey' } let(:client) do - Client.new('abc', 'def', :site => 'https://api.example.com') do |builder| + OAuth2::Client.new('abc', 'def', :site => 'https://api.example.com') do |builder| builder.request :url_encoded builder.adapter :test do |stub| VERBS.each do |verb| @@ -89,7 +89,7 @@ subject { described_class.from_access_token(access_token, 'hello') } let(:access_token) do - AccessToken.new( + OAuth2::AccessToken.new( client, token, :expires_at => 1, :expires_in => 1, diff --git a/spec/oauth2/response_spec.rb b/spec/oauth2/response_spec.rb index 9672b52c..3171fd26 100644 --- a/spec/oauth2/response_spec.rb +++ b/spec/oauth2/response_spec.rb @@ -8,7 +8,7 @@ response = double('response', :headers => headers, :status => status, :body => body) - subject = Response.new(response) + subject = described_class.new(response) expect(subject.headers).to eq(headers) expect(subject.status).to eq(status) expect(subject.body).to eq(body) @@ -43,7 +43,7 @@ headers = {'Content-Type' => 'application/x-www-form-urlencoded'} body = 'foo=bar&answer=42' response = double('response', :headers => headers, :body => body) - subject = Response.new(response) + subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) expect(subject.parsed['foo']).to eq('bar') expect(subject.parsed['answer']).to eq('42') @@ -53,7 +53,7 @@ headers = {'Content-Type' => 'application/json'} body = MultiJson.encode(:foo => 'bar', :answer => 42) response = double('response', :headers => headers, :body => body) - subject = Response.new(response) + subject = described_class.new(response) expect(subject.parsed.keys.size).to eq(2) expect(subject.parsed['foo']).to eq('bar') expect(subject.parsed['answer']).to eq(42) @@ -69,7 +69,7 @@ expect(MultiJson).not_to receive(:load) expect(Rack::Utils).not_to receive(:parse_query) - subject = Response.new(response) + subject = described_class.new(response) expect(subject.parsed).to be_nil end end From 6d90718b7207413eb0a7ee3ac6646b89749ca64a Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 20:22:07 -0600 Subject: [PATCH 41/43] Add VERSION constant --- CHANGELOG.md | 6 ++++++ lib/oauth2/version.rb | 1 + spec/oauth2/version_spec.rb | 8 +++----- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 17811d16..1782b22f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,12 @@ All notable changes to this project will be documented in this file. ## unreleased +## [1.4.6] - 2021-03-18 + + +- [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) +- [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests for version 1.4 (@anderscarling) + ## [1.4.5] - 2021-03-18 - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions (@pboling) diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb index 3d6984fb..6b7b63e0 100644 --- a/lib/oauth2/version.rb +++ b/lib/oauth2/version.rb @@ -1,6 +1,7 @@ module OAuth2 module Version VERSION = to_s + module_function # The major version diff --git a/spec/oauth2/version_spec.rb b/spec/oauth2/version_spec.rb index 27cba9e0..3e395eac 100644 --- a/spec/oauth2/version_spec.rb +++ b/spec/oauth2/version_spec.rb @@ -1,7 +1,5 @@ describe OAuth2::Version do - context 'Constant' do - it 'is a sting' do - expect(OAuth2::Version::VERSION).to be_a(String) - end + it 'VERSION a sting' do + expect(OAuth2::Version::VERSION).to be_a(String) end -end \ No newline at end of file +end From ca1ba3f5f072bfc44d1ea24f9621e3049a823ae2 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 20:27:10 -0600 Subject: [PATCH 42/43] Use :raise_errors option to have error raised --- lib/oauth2/client.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/oauth2/client.rb b/lib/oauth2/client.rb index a3c64d10..f98a9f37 100644 --- a/lib/oauth2/client.rb +++ b/lib/oauth2/client.rb @@ -166,7 +166,6 @@ def get_token(params, access_token_opts = {}, extract_access_token = options[:ex access_token = begin build_access_token(response, access_token_opts, extract_access_token) rescue StandardError - raise nil end From 95d0c753cf0921478d41e98d6aeba40ebacd9204 Mon Sep 17 00:00:00 2001 From: Peter Boling Date: Thu, 18 Mar 2021 20:29:26 -0600 Subject: [PATCH 43/43] Prepare CHANGELOG for 1.4.6 release --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1782b22f..2d6ad964 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,9 @@ All notable changes to this project will be documented in this file. ## [1.4.6] - 2021-03-18 - - [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling) - [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests for version 1.4 (@anderscarling) +- [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add Oauth::Version::VERSION constant (@pboling) ## [1.4.5] - 2021-03-18