diff -Nru ruby-openid-connect-0.12.0/debian/changelog ruby-openid-connect-1.1.6/debian/changelog --- ruby-openid-connect-0.12.0/debian/changelog 2016-08-25 10:23:36.000000000 +0000 +++ ruby-openid-connect-1.1.6/debian/changelog 2019-02-07 09:46:47.000000000 +0000 @@ -1,3 +1,23 @@ +ruby-openid-connect (1.1.6-2) unstable; urgency=medium + + * Team upload + * Bump Standards-Version to 4.3.0 (no changes needed) + + -- Pirate Praveen Thu, 07 Feb 2019 15:16:47 +0530 + +ruby-openid-connect (1.1.6-1) experimental; urgency=medium + + * New upstream release + - Fixes FTBFS (Closes: #906656) + + -- Sruthi Chandran Thu, 06 Dec 2018 14:22:33 +0530 + +ruby-openid-connect (1.1.3-1) experimental; urgency=medium + + * New upstream release + + -- Sruthi Chandran Tue, 19 Sep 2017 00:08:52 +0530 + ruby-openid-connect (0.12.0-1) unstable; urgency=medium * Initial release (Closes: #835201) diff -Nru ruby-openid-connect-0.12.0/debian/compat ruby-openid-connect-1.1.6/debian/compat --- ruby-openid-connect-0.12.0/debian/compat 2016-08-25 10:23:36.000000000 +0000 +++ ruby-openid-connect-1.1.6/debian/compat 2018-07-04 06:59:06.000000000 +0000 @@ -1 +1 @@ -9 +11 diff -Nru ruby-openid-connect-0.12.0/debian/control ruby-openid-connect-1.1.6/debian/control --- ruby-openid-connect-0.12.0/debian/control 2016-08-25 10:23:36.000000000 +0000 +++ ruby-openid-connect-1.1.6/debian/control 2019-02-07 09:46:00.000000000 +0000 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian Ruby Extras Maintainers Uploaders: Sruthi Chandran -Build-Depends: debhelper (>= 9~), +Build-Depends: debhelper (>= 11~), gem2deb, rake, ruby-activemodel, @@ -19,9 +19,9 @@ ruby-validate-url, ruby-webfinger (>= 1.0.1), ruby-webmock -Standards-Version: 3.9.8 -Vcs-Git: https://anonscm.debian.org/git/pkg-ruby-extras/ruby-openid-connect.git -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-openid-connect.git +Standards-Version: 4.3.0 +Vcs-Git: https://salsa.debian.org/ruby-team/ruby-openid-connect.git +Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-openid-connect Homepage: https://github.com/nov/openid_connect Testsuite: autopkgtest-pkg-ruby XS-Ruby-Versions: all diff -Nru ruby-openid-connect-0.12.0/debian/copyright ruby-openid-connect-1.1.6/debian/copyright --- ruby-openid-connect-0.12.0/debian/copyright 2016-08-25 10:23:36.000000000 +0000 +++ ruby-openid-connect-1.1.6/debian/copyright 2018-07-04 06:59:06.000000000 +0000 @@ -1,4 +1,4 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: openid_connect Source: https://github.com/nov/openid_connect diff -Nru ruby-openid-connect-0.12.0/debian/patches/disable-failing-test.patch ruby-openid-connect-1.1.6/debian/patches/disable-failing-test.patch --- ruby-openid-connect-0.12.0/debian/patches/disable-failing-test.patch 2016-08-25 10:23:36.000000000 +0000 +++ ruby-openid-connect-1.1.6/debian/patches/disable-failing-test.patch 2018-07-04 06:59:06.000000000 +0000 @@ -15,7 +15,7 @@ --- a/spec/openid_connect/response_object/id_token_spec.rb +++ b/spec/openid_connect/response_object/id_token_spec.rb -@@ -140,7 +140,7 @@ +@@ -153,7 +153,7 @@ it { should be_a String } context 'when block given' do @@ -24,10 +24,3 @@ t = id_token.to_jwt private_key do |t| t.header[:x5u] = "http://server.example.com/x5u" end -@@ -302,4 +302,4 @@ - its(:sub_jwk) { should == sub_jwk} - its(:subject) { should == sub_jwk.thumbprint } - end --end -\ No newline at end of file -+end diff -Nru ruby-openid-connect-0.12.0/debian/watch ruby-openid-connect-1.1.6/debian/watch --- ruby-openid-connect-0.12.0/debian/watch 2016-08-25 10:23:36.000000000 +0000 +++ ruby-openid-connect-1.1.6/debian/watch 2019-02-07 09:45:05.000000000 +0000 @@ -1,2 +1,2 @@ version=3 -http://pkg-ruby-extras.alioth.debian.org/cgi-bin/gemwatch/openid_connect .*/openid_connect-(.*).tar.gz +https://gemwatch.debian.net/openid_connect .*/openid_connect-(.*).tar.gz diff -Nru ruby-openid-connect-0.12.0/lib/openid_connect/client.rb ruby-openid-connect-1.1.6/lib/openid_connect/client.rb --- ruby-openid-connect-0.12.0/lib/openid_connect/client.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/openid_connect/client.rb 2018-06-19 04:51:37.000000000 +0000 @@ -9,6 +9,7 @@ def authorization_uri(params = {}) params[:scope] = setup_required_scope params[:scope] + params[:prompt] = Array(params[:prompt]).join(' ') super end @@ -19,14 +20,15 @@ private def setup_required_scope(scopes) - _scopes_ = Array(scopes).collect(&:to_s).join(' ').split(' ') + _scopes_ = Array(scopes).join(' ').split(' ') _scopes_ << 'openid' unless _scopes_.include?('openid') _scopes_ end def handle_success_response(response) token_hash = JSON.parse(response.body).with_indifferent_access - case token_type = token_hash[:token_type].try(:downcase) + token_type = (@forced_token_type || token_hash[:token_type]).try(:downcase) + case token_type when 'bearer' AccessToken.new token_hash.merge(client: self) else @@ -40,4 +42,4 @@ Dir[File.dirname(__FILE__) + '/client/*.rb'].each do |file| require file -end \ No newline at end of file +end diff -Nru ruby-openid-connect-0.12.0/lib/openid_connect/discovery/provider/config/response.rb ruby-openid-connect-1.1.6/lib/openid_connect/discovery/provider/config/response.rb --- ruby-openid-connect-0.12.0/lib/openid_connect/discovery/provider/config/response.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/openid_connect/discovery/provider/config/response.rb 2018-06-19 04:51:37.000000000 +0000 @@ -7,6 +7,7 @@ cattr_accessor :metadata_attributes attr_reader :raw + attr_accessor :expected_issuer uri_attributes = { required: [ :issuer, @@ -17,7 +18,9 @@ :token_endpoint, :userinfo_endpoint, :registration_endpoint, + :end_session_endpoint, :service_documentation, + :check_session_iframe, :op_policy_uri, :op_tos_uri ] @@ -55,6 +58,7 @@ validates *required_attributes, presence: true validates *uri_attributes.values.flatten, url: true, allow_nil: true + validates :issuer, with: :validate_issuer_matching def initialize(hash) (required_attributes + optional_attributes).each do |key| @@ -72,10 +76,8 @@ end end - def validate!(expected_issuer = nil) - valid? && ( - expected_issuer.blank? || issuer == expected_issuer - ) or raise ValidationFailed.new(self) + def validate! + valid? or raise ValidationFailed.new(self) end def jwks @@ -88,8 +90,20 @@ def public_keys @public_keys ||= jwks.collect(&:to_key) end + + private + + def validate_issuer_matching + if expected_issuer.present? && issuer != expected_issuer + if OpenIDConnect.validate_discovery_issuer + errors.add :issuer, 'mismatch' + else + OpenIDConnect.logger.warn 'ignoring issuer mismach.' + end + end + end end end end end -end \ No newline at end of file +end diff -Nru ruby-openid-connect-0.12.0/lib/openid_connect/discovery/provider/config.rb ruby-openid-connect-1.1.6/lib/openid_connect/discovery/provider/config.rb --- ruby-openid-connect-0.12.0/lib/openid_connect/discovery/provider/config.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/openid_connect/discovery/provider/config.rb 2018-06-19 04:51:37.000000000 +0000 @@ -5,7 +5,8 @@ def self.discover!(identifier, cache_options = {}) uri = URI.parse(identifier) Resource.new(uri).discover!(cache_options).tap do |response| - response.validate! identifier + response.expected_issuer = identifier + response.validate! end rescue SWD::Exception, ValidationFailed => e raise DiscoveryFailed.new(e.message) diff -Nru ruby-openid-connect-0.12.0/lib/openid_connect/response_object/id_token.rb ruby-openid-connect-1.1.6/lib/openid_connect/response_object/id_token.rb --- ruby-openid-connect-0.12.0/lib/openid_connect/response_object/id_token.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/openid_connect/response_object/id_token.rb 2018-06-19 04:51:37.000000000 +0000 @@ -1,12 +1,14 @@ -require 'json/jwt' - module OpenIDConnect class ResponseObject class IdToken < ConnectObject class InvalidToken < Exception; end + class ExpiredToken < InvalidToken; end + class InvalidIssuer < InvalidToken; end + class InvalidNonce < InvalidToken; end + class InvalidAudience < InvalidToken; end attr_required :iss, :sub, :aud, :exp, :iat - attr_optional :acr, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash + attr_optional :acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :events attr_accessor :access_token, :code alias_method :subject, :sub alias_method :subject=, :sub= @@ -16,14 +18,20 @@ (all_attributes - [:aud, :exp, :iat, :auth_time, :sub_jwk]).each do |key| self.send "#{key}=", self.send(key).try(:to_s) end + self.auth_time = auth_time.to_i unless auth_time.nil? end def verify!(expected = {}) - exp.to_i > Time.now.to_i && - iss == expected[:issuer] && - Array(aud).include?(expected[:client_id]) && # aud(ience) can be a string or an array of strings - nonce == expected[:nonce] or - raise InvalidToken.new('Invalid ID Token') + raise ExpiredToken.new('Invalid ID token: Expired token') unless exp.to_i > Time.now.to_i + raise InvalidIssuer.new('Invalid ID token: Issuer does not match') unless iss == expected[:issuer] + raise InvalidNonce.new('Invalid ID Token: Nonce does not match') unless nonce == expected[:nonce] + + # aud(ience) can be a string or an array of strings + unless Array(aud).include?(expected[:audience] || expected[:client_id]) + raise InvalidAudience.new('Invalid ID token: Audience does not match') + end + + true end include JWTnizable @@ -48,7 +56,7 @@ def left_half_hash_of(string, hash_length) digest = OpenSSL::Digest.new("SHA#{hash_length}").digest string - UrlSafeBase64.encode64 digest[0, hash_length / (2 * 8)] + Base64.urlsafe_encode64 digest[0, hash_length / (2 * 8)], padding: false end class << self @@ -80,4 +88,4 @@ end end end -end \ No newline at end of file +end diff -Nru ruby-openid-connect-0.12.0/lib/openid_connect.rb ruby-openid-connect-1.1.6/lib/openid_connect.rb --- ruby-openid-connect-0.12.0/lib/openid_connect.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/openid_connect.rb 2018-06-19 04:51:37.000000000 +0000 @@ -8,6 +8,7 @@ require 'validate_email' require 'attr_required' require 'attr_optional' +require 'json/jwt' require 'rack/oauth2' require 'rack/oauth2/server/authorize/error_with_connect_ext' require 'rack/oauth2/server/authorize/request_with_connect_params' @@ -76,6 +77,16 @@ end @@http_config ||= block end + + def self.validate_discovery_issuer=(boolean) + @@validate_discovery_issuer = boolean + end + + def self.validate_discovery_issuer + @@validate_discovery_issuer + end + + self.validate_discovery_issuer = true end require 'openid_connect/exception' diff -Nru ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/extension/code_and_id_token_and_token.rb ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/extension/code_and_id_token_and_token.rb --- ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/extension/code_and_id_token_and_token.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/extension/code_and_id_token_and_token.rb 2018-06-19 04:51:37.000000000 +0000 @@ -10,7 +10,7 @@ end end - def call(env) + def _call(env) @request = Request.new env @response = Response.new request super diff -Nru ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb --- ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb 2018-06-19 04:51:37.000000000 +0000 @@ -10,7 +10,7 @@ end end - def call(env) + def _call(env) @request = Request.new env @response = Response.new request super diff -Nru ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb --- ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb 2018-06-19 04:51:37.000000000 +0000 @@ -10,7 +10,7 @@ end end - def call(env) + def _call(env) @request = Request.new env @response = Response.new request super diff -Nru ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/extension/id_token.rb ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/extension/id_token.rb --- ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/extension/id_token.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/extension/id_token.rb 2018-06-19 04:51:37.000000000 +0000 @@ -10,7 +10,7 @@ end end - def call(env) + def _call(env) @request = Request.new env @response = Response.new request super diff -Nru ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/request_with_connect_params.rb ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/request_with_connect_params.rb --- ruby-openid-connect-0.12.0/lib/rack/oauth2/server/authorize/request_with_connect_params.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/lib/rack/oauth2/server/authorize/request_with_connect_params.rb 2018-06-19 04:51:37.000000000 +0000 @@ -14,6 +14,7 @@ CONNECT_EXT_PARAMS.each do |attribute| self.send :"#{attribute}=", params[attribute.to_s] end + self.prompt = Array(prompt.to_s.split(' ')) self.max_age = max_age.try(:to_i) end diff -Nru ruby-openid-connect-0.12.0/openid_connect.gemspec ruby-openid-connect-1.1.6/openid_connect.gemspec --- ruby-openid-connect-0.12.0/openid_connect.gemspec 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/openid_connect.gemspec 2018-06-19 04:51:37.000000000 +0000 @@ -12,7 +12,6 @@ s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) } s.require_paths = ["lib"] - s.add_runtime_dependency "json", ">= 1.4.3" s.add_runtime_dependency "tzinfo" s.add_runtime_dependency "attr_required", ">= 1.0.0" s.add_runtime_dependency "activemodel" @@ -21,10 +20,10 @@ s.add_runtime_dependency "json-jwt", ">= 1.5.0" s.add_runtime_dependency "swd", ">= 1.0.0" s.add_runtime_dependency "webfinger", ">= 1.0.1" - s.add_runtime_dependency "rack-oauth2", ">= 1.3.1" + s.add_runtime_dependency "rack-oauth2", ">= 1.6.1" s.add_development_dependency "rake" s.add_development_dependency "rspec" s.add_development_dependency "rspec-its" s.add_development_dependency "webmock" s.add_development_dependency "simplecov" -end \ No newline at end of file +end diff -Nru ruby-openid-connect-0.12.0/README.rdoc ruby-openid-connect-1.1.6/README.rdoc --- ruby-openid-connect-0.12.0/README.rdoc 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/README.rdoc 2018-06-19 04:51:37.000000000 +0000 @@ -28,6 +28,11 @@ * Running on Heroku (https://connect-rp.herokuapp.com) * Source on GitHub (https://github.com/nov/openid_connect_sample_rp) +There is also OpenID Foudation Certified RP implementation using this gem below. + +* Running on Heroku (https://connect-rp-certified.herokuapp.com) +* Source on GitHub (https://github.com/nov/connect-rp-certified) + == Note on Patches/Pull Requests * Fork the project. diff -Nru ruby-openid-connect-0.12.0/spec/helpers/crypto_spec_helper.rb ruby-openid-connect-1.1.6/spec/helpers/crypto_spec_helper.rb --- ruby-openid-connect-0.12.0/spec/helpers/crypto_spec_helper.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/helpers/crypto_spec_helper.rb 2018-06-19 04:51:37.000000000 +0000 @@ -8,7 +8,7 @@ end def private_key - @private_key ||= OpenSSL::PKey::RSA.new rsa_key.export(OpenSSL::Cipher::Cipher.new('DES-EDE3-CBC'), 'pass-phrase'), 'pass-phrase' + @private_key ||= OpenSSL::PKey::RSA.new rsa_key.export(OpenSSL::Cipher.new('DES-EDE3-CBC'), 'pass-phrase'), 'pass-phrase' end def ec_key diff -Nru ruby-openid-connect-0.12.0/spec/mock_response/access_token/without_token_type.json ruby-openid-connect-1.1.6/spec/mock_response/access_token/without_token_type.json --- ruby-openid-connect-0.12.0/spec/mock_response/access_token/without_token_type.json 1970-01-01 00:00:00.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/mock_response/access_token/without_token_type.json 2018-06-19 04:51:37.000000000 +0000 @@ -0,0 +1,3 @@ +{ + "access_token":"access_token" +} diff -Nru ruby-openid-connect-0.12.0/spec/openid_connect/client_spec.rb ruby-openid-connect-1.1.6/spec/openid_connect/client_spec.rb --- ruby-openid-connect-0.12.0/spec/openid_connect/client_spec.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/openid_connect/client_spec.rb 2018-06-19 04:51:37.000000000 +0000 @@ -35,10 +35,12 @@ describe '#authorization_uri' do let(:scope) { nil } + let(:prompt) { nil } let(:response_type) { nil } let(:query) do params = { scope: scope, + prompt: prompt, response_type: response_type }.reject do |k,v| v.blank? @@ -97,6 +99,27 @@ it { should == 'openid' } end end + + describe 'prompt' do + subject do + query[:prompt] + end + + context 'when prompt is a scalar value' do + let(:prompt) { :login } + it { should == 'login' } + end + + context 'when prompt is a space-delimited string' do + let(:prompt) { 'login consent' } + it { should == 'login consent' } + end + + context 'when prompt is an array' do + let(:prompt) { [:login, :consent] } + it { should == 'login consent' } + end + end end describe '#access_token!' do @@ -155,6 +178,15 @@ expect { access_token }.to raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac' end end + + context 'when token_type is forced' do + before { client.force_token_type! :bearer } + it 'should use forced token_type' do + mock_json :post, client.token_endpoint, 'access_token/without_token_type', request_header: header_params, params: protocol_params do + access_token.should be_a OpenIDConnect::AccessToken + end + end + end end end -end \ No newline at end of file +end diff -Nru ruby-openid-connect-0.12.0/spec/openid_connect/discovery/provider/config/response_spec.rb ruby-openid-connect-1.1.6/spec/openid_connect/discovery/provider/config/response_spec.rb --- ruby-openid-connect-0.12.0/spec/openid_connect/discovery/provider/config/response_spec.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/openid_connect/discovery/provider/config/response_spec.rb 2018-06-19 04:51:37.000000000 +0000 @@ -35,6 +35,28 @@ it { should_not be_valid } end + context 'when end_session_endpoint given' do + let(:end_session_endpoint) { 'https://server.example.com/end_session' } + let :attributes do + minimum_attributes.merge( + end_session_endpoint: end_session_endpoint + ) + end + it { should be_valid } + its(:end_session_endpoint) { should == end_session_endpoint } + end + + context 'when check_session_iframe given' do + let(:check_session_iframe) { 'https://server.example.com/check_session_iframe.html' } + let :attributes do + minimum_attributes.merge( + check_session_iframe: check_session_iframe + ) + end + it { should be_valid } + its(:check_session_iframe) { should == check_session_iframe } + end + describe '#as_json' do subject { instance.as_json } it { should == minimum_attributes } @@ -81,4 +103,4 @@ public_keys.first.should be_instance_of OpenSSL::PKey::RSA end end -end \ No newline at end of file +end diff -Nru ruby-openid-connect-0.12.0/spec/openid_connect/discovery/provider/config_spec.rb ruby-openid-connect-1.1.6/spec/openid_connect/discovery/provider/config_spec.rb --- ruby-openid-connect-0.12.0/spec/openid_connect/discovery/provider/config_spec.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/openid_connect/discovery/provider/config_spec.rb 2018-06-19 04:51:37.000000000 +0000 @@ -56,13 +56,33 @@ end end - context 'when response include invalid issuer' do - it do - expect do - mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do - OpenIDConnect::Discovery::Provider::Config.discover! provider - end - end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed + describe 'when response include invalid issuer' do + context 'with normal configuration' do + it do + expect do + mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do + OpenIDConnect::Discovery::Provider::Config.discover! provider + end + end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed + end + end + + context 'when issuer validation is disabled.' do + before :each do + OpenIDConnect.validate_discovery_issuer = false + end + + after :each do + OpenIDConnect.validate_discovery_issuer = true + end + + it do + expect do + mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do + OpenIDConnect::Discovery::Provider::Config.discover! provider + end + end.not_to raise_error + end end end @@ -76,4 +96,4 @@ end end end -end \ No newline at end of file +end diff -Nru ruby-openid-connect-0.12.0/spec/openid_connect/response_object/id_token_spec.rb ruby-openid-connect-1.1.6/spec/openid_connect/response_object/id_token_spec.rb --- ruby-openid-connect-0.12.0/spec/openid_connect/response_object/id_token_spec.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/openid_connect/response_object/id_token_spec.rb 2018-06-19 04:51:37.000000000 +0000 @@ -19,7 +19,20 @@ describe 'attributes' do subject { klass } its(:required_attributes) { should == [:iss, :sub, :aud, :exp, :iat] } - its(:optional_attributes) { should == [:acr, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash] } + its(:optional_attributes) { should == [:acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :events] } + + describe 'auth_time' do + subject { id_token.auth_time } + + context 'when Time object given' do + let(:attributes) do + required_attributes.merge(auth_time: Time.now) + end + it do + should be_a Numeric + end + end + end end describe '#verify!' do @@ -144,7 +157,7 @@ t = id_token.to_jwt private_key do |t| t.header[:x5u] = "http://server.example.com/x5u" end - h = UrlSafeBase64.decode64 t.split('.').first + h = Base64.urlsafe_decode64 t.split('.').first h.should include 'x5u' end end @@ -156,8 +169,9 @@ jwt = JSON::JWT.decode t, public_key jwt.should include :at_hash jwt.should_not include :c_hash - jwt[:at_hash].should == UrlSafeBase64.encode64( - OpenSSL::Digest::SHA256.digest('access_token')[0, 128 / 8] + jwt[:at_hash].should == Base64.urlsafe_encode64( + OpenSSL::Digest::SHA256.digest('access_token')[0, 128 / 8], + padding: false ) end end @@ -180,8 +194,9 @@ jwt = JSON::JWT.decode t, public_key jwt.should_not include :at_hash jwt.should include :c_hash - jwt[:c_hash].should == UrlSafeBase64.encode64( - OpenSSL::Digest::SHA256.digest('authorization_code')[0, 128 / 8] + jwt[:c_hash].should == Base64.urlsafe_encode64( + OpenSSL::Digest::SHA256.digest('authorization_code')[0, 128 / 8], + padding: false ) end end @@ -196,11 +211,13 @@ jwt = JSON::JWT.decode t, public_key jwt.should include :at_hash jwt.should include :c_hash - jwt[:at_hash].should == UrlSafeBase64.encode64( - OpenSSL::Digest::SHA256.digest('access_token')[0, 128 / 8] + jwt[:at_hash].should == Base64.urlsafe_encode64( + OpenSSL::Digest::SHA256.digest('access_token')[0, 128 / 8], + padding: false ) - jwt[:c_hash].should == UrlSafeBase64.encode64( - OpenSSL::Digest::SHA256.digest('authorization_code')[0, 128 / 8] + jwt[:c_hash].should == Base64.urlsafe_encode64( + OpenSSL::Digest::SHA256.digest('authorization_code')[0, 128 / 8], + padding: false ) end end @@ -302,4 +319,4 @@ its(:sub_jwk) { should == sub_jwk} its(:subject) { should == sub_jwk.thumbprint } end -end \ No newline at end of file +end diff -Nru ruby-openid-connect-0.12.0/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb ruby-openid-connect-1.1.6/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb --- ruby-openid-connect-0.12.0/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb 2018-06-19 04:51:37.000000000 +0000 @@ -53,4 +53,15 @@ expect { response }.to raise_error AttrRequired::AttrMissing, "'access_token', 'code', 'id_token' required." end end + + context 'when error response' do + let(:env) { Rack::MockRequest.env_for("/authorize?client_id=client_id") } + let(:request) { Rack::OAuth2::Server::Authorize::Extension::CodeAndIdTokenAndToken::Request.new env } + + it 'should set protocol_params_location = :fragment' do + expect { request.bad_request! }.to raise_error(Rack::OAuth2::Server::Authorize::BadRequest) { |e| + e.protocol_params_location.should == :fragment + } + end + end end \ No newline at end of file diff -Nru ruby-openid-connect-0.12.0/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb ruby-openid-connect-1.1.6/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb --- ruby-openid-connect-0.12.0/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb 2018-06-19 04:51:37.000000000 +0000 @@ -50,4 +50,15 @@ expect { response }.to raise_error AttrRequired::AttrMissing, "'id_token' required." end end + + context 'when error response' do + let(:env) { Rack::MockRequest.env_for("/authorize?client_id=client_id") } + let(:request) { Rack::OAuth2::Server::Authorize::Extension::CodeAndIdToken::Request.new env } + + it 'should set protocol_params_location = :fragment' do + expect { request.bad_request! }.to raise_error(Rack::OAuth2::Server::Authorize::BadRequest) { |e| + e.protocol_params_location.should == :fragment + } + end + end end \ No newline at end of file diff -Nru ruby-openid-connect-0.12.0/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb ruby-openid-connect-1.1.6/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb --- ruby-openid-connect-0.12.0/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb 2018-06-19 04:51:37.000000000 +0000 @@ -51,4 +51,15 @@ expect { response }.to raise_error AttrRequired::AttrMissing, "'id_token' required." end end + + context 'when error response' do + let(:env) { Rack::MockRequest.env_for("/authorize?client_id=client_id") } + let(:request) { Rack::OAuth2::Server::Authorize::Extension::IdTokenAndToken::Request.new env } + + it 'should set protocol_params_location = :fragment' do + expect { request.bad_request! }.to raise_error(Rack::OAuth2::Server::Authorize::BadRequest) { |e| + e.protocol_params_location.should == :fragment + } + end + end end \ No newline at end of file diff -Nru ruby-openid-connect-0.12.0/spec/rack/oauth2/server/authorize/request_with_connect_params_spec.rb ruby-openid-connect-1.1.6/spec/rack/oauth2/server/authorize/request_with_connect_params_spec.rb --- ruby-openid-connect-0.12.0/spec/rack/oauth2/server/authorize/request_with_connect_params_spec.rb 1970-01-01 00:00:00.000000000 +0000 +++ ruby-openid-connect-1.1.6/spec/rack/oauth2/server/authorize/request_with_connect_params_spec.rb 2018-06-19 04:51:37.000000000 +0000 @@ -0,0 +1,45 @@ +require 'spec_helper' + +describe Rack::OAuth2::Server::Authorize::RequestWithConnectParams do + let(:base_params) do + { + client_id: 'client_id', + redirect_uri: 'https://client.example.com/callback' + } + end + let(:env) { Rack::MockRequest.env_for("/authorize?#{base_params.to_query}&#{params.to_query}") } + let(:request) { Rack::OAuth2::Server::Authorize::Request.new env } + subject { request } + + describe 'prompt' do + context 'when a space-delimited string given' do + let(:params) do + {prompt: 'login consent'} + end + its(:prompt) { should == ['login', 'consent']} + end + + context 'when a single string given' do + let(:params) do + {prompt: 'login'} + end + its(:prompt) { should == ['login']} + end + end + + describe 'max_age' do + context 'when numeric value given' do + let(:params) do + {max_age: '5'} + end + its(:max_age) { should == 5} + end + + context 'when non-numeric string given' do + let(:params) do + {max_age: 'foo'} + end + its(:max_age) { should == 0} + end + end +end \ No newline at end of file diff -Nru ruby-openid-connect-0.12.0/.travis.yml ruby-openid-connect-1.1.6/.travis.yml --- ruby-openid-connect-0.12.0/.travis.yml 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/.travis.yml 2018-06-19 04:51:37.000000000 +0000 @@ -2,7 +2,6 @@ - gem install bundler rvm: - - 2.0 - - 2.1 - - 2.2 - - 2.3.0 \ No newline at end of file + - 2.3.6 + - 2.4.3 + - 2.5.0 diff -Nru ruby-openid-connect-0.12.0/VERSION ruby-openid-connect-1.1.6/VERSION --- ruby-openid-connect-0.12.0/VERSION 2016-08-23 14:42:09.000000000 +0000 +++ ruby-openid-connect-1.1.6/VERSION 2018-06-19 04:51:37.000000000 +0000 @@ -1 +1 @@ -0.12.0 \ No newline at end of file +1.1.6 \ No newline at end of file