commit rubygem-omniauth for openSUSE:Factory

30 Apr 2022

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package rubygem-omniauth for openSUSE:Factory checked in at 2022-04-30 22:52:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-omniauth (Old)
 and      /work/SRC/openSUSE:Factory/.rubygem-omniauth.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rubygem-omniauth"

Sat Apr 30 22:52:36 2022 rev:7 rq:974059 version:2.1.0

Changes:
--------

--- /work/SRC/openSUSE:Factory/rubygem-omniauth/rubygem-omniauth.changes	2021-07-02 13:28:42.592182024 +0200
+++ /work/SRC/openSUSE:Factory/.rubygem-omniauth.new.1538/rubygem-omniauth.changes	2022-04-30 22:52:47.964245486 +0200
@@ -1,0 +2,6 @@
+Thu Apr 28 05:38:51 UTC 2022 - Stephan Kulow <coolo@suse.com>
+
+updated to version 2.1.0
+  no changelog found
+
+-------------------------------------------------------------------

Old:
----
  omniauth-2.0.4.gem

New:
----
  omniauth-2.1.0.gem

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rubygem-omniauth.spec ++++++
--- /var/tmp/diff_new_pack.Jnx6J3/_old	2022-04-30 22:52:49.248247223 +0200
+++ /var/tmp/diff_new_pack.Jnx6J3/_new	2022-04-30 22:52:49.252247228 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package rubygem-omniauth
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 #
 
 Name:           rubygem-omniauth
-Version:        2.0.4
+Version:        2.1.0
 Release:        0
 %define mod_name omniauth
 %define mod_full_name %{mod_name}-%{version}

++++++ omniauth-2.0.4.gem -> omniauth-2.1.0.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.github/workflows/main.yml new/.github/workflows/main.yml
--- old/.github/workflows/main.yml	2021-04-07 22:18:29.000000000 +0200
+++ new/.github/workflows/main.yml	2022-04-13 20:45:53.000000000 +0200
@@ -20,7 +20,7 @@
       fail-fast: false
       matrix:
         os: [ubuntu, macos]
-        ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
+        ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug, truffleruby, truffleruby-head]
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore	2021-04-07 22:18:29.000000000 +0200
+++ new/.gitignore	2022-04-13 20:45:53.000000000 +0200
@@ -11,3 +11,4 @@
 measurement/*
 pkg/*
 .DS_Store
+.tool-versions
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile
--- old/Gemfile	2021-04-07 22:18:29.000000000 +0200
+++ new/Gemfile	2022-04-13 20:45:53.000000000 +0200
@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'jruby-openssl', '~> 0.10.5', :platforms => :jruby
+gem 'jruby-openssl', '~> 0.10.5', platforms: :jruby
 gem 'rake', '>= 12.0'
 gem 'yard', '>= 0.9.11'
 
@@ -13,17 +13,16 @@
 
 group :test do
   gem 'coveralls_reborn', '~> 0.19.0', require: false
-  gem 'hashie', '>= 3.4.6', '~> 4.0.0', :platforms => [:jruby_18]
-  gem 'json', '~> 2.3.0', :platforms => %i[jruby_18 jruby_19 ruby_19]
-  gem 'mime-types', '~> 3.1', :platforms => [:jruby_18]
-  gem 'rack', '>= 2.0.6', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20 ruby_21]
+  gem 'hashie', '>= 3.4.6', '~> 4.0.0', platforms: [:jruby_18]
+  gem 'json', '~> 2.3.0', platforms: %i[jruby_18 jruby_19 ruby_19]
+  gem 'mime-types', '~> 3.1', platforms: [:jruby_18]
   gem 'rack-test'
-  gem 'rest-client', '~> 2.0.0', :platforms => [:jruby_18]
+  gem 'rest-client', '~> 2.0.0', platforms: [:jruby_18]
   gem 'rspec', '~> 3.5'
   gem 'rack-freeze'
-  gem 'rubocop', '>= 0.58.2', '< 0.69.0', :platforms => %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
+  gem 'rubocop', '>= 0.58.2', '< 0.69.0', platforms: %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
   gem 'simplecov-lcov'
-  gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
+  gem 'tins', '~> 1.13', platforms: %i[jruby_18 jruby_19 ruby_19]
 end
 
 gemspec
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md
--- old/README.md	2021-04-07 22:18:29.000000000 +0200
+++ new/README.md	2022-04-13 20:45:53.000000000 +0200
@@ -10,7 +10,7 @@
 [codeclimate]: https://codeclimate.com/github/omniauth/omniauth
 [coveralls]: https://coveralls.io/r/omniauth/omniauth
 
-This is the documentation for the version [v2.0.4](https://github.com/omniauth/omniauth/tree/v2.0.4) of OmniAuth.
+This is the documentation for our latest release [v2.1.0](https://github.com/omniauth/omniauth/releases/tag/v2.1.0). 
 
 ## An Introduction
 OmniAuth is a library that standardizes multi-provider authentication for
@@ -83,34 +83,7 @@
 contains as much information about the user as OmniAuth was able to
 glean from the utilized strategy. You should set up an endpoint in your
 application that matches to the callback URL and then performs whatever
-steps are necessary for your application. For example, in a Rails app
-you would add a line in your `routes.rb` file like this:
-
-```ruby
-post '/auth/:provider/callback', to: 'sessions#create'
-```
-
-And you might then have a `SessionsController` with code that looks
-something like this:
-
-```ruby
-class SessionsController < ApplicationController
-  # If you're using a strategy that POSTs during callback, you'll need to skip the authenticity token check for the callback action only. 
-  skip_before_action :verify_authenticity_token, only: :create
-
-  def create
-    @user = User.find_or_create_from_auth_hash(auth_hash)
-    self.current_user = @user
-    redirect_to '/'
-  end
-
-  protected
-
-  def auth_hash
-    request.env['omniauth.auth']
-  end
-end
-```
+steps are necessary for your application. 
 
 The `omniauth.auth` key in the environment hash provides an
 Authentication Hash which will contain information about the just
@@ -124,35 +97,67 @@
 you how you want to implement the particulars of your application's
 authentication flow.
 
-**Please note:** there is currently a CSRF vulnerability which affects OmniAuth (designated [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284)) that requires mitigation at the application level. More details on how to do this can be found on the [Wiki](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284).
 
-## Configuring The `origin` Param
-The `origin` url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to.
+## Rails (without Devise)
+To get started, add the following gems
+
+**Gemfile**:
+```ruby
+gem 'omniauth'
+gem "omniauth-rails_csrf_protection"
+```
 
-There are three possible options:
+Then insert OmniAuth as a middleware
 
-Default Flow:
+**config/initializers/omniauth.rb**:
 ```ruby
-# /auth/twitter/?origin=[URL]
-# No change
-# If blank, `omniauth.origin` is set to HTTP_REFERER
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :developer if Rails.env.development?
+end
 ```
 
-Renaming Origin Param:
+Additional providers can be added here in the future. Next we wire it
+all up using routes, a controller and a login view.
+
+**config/routes.rb**:
+
 ```ruby
-# /auth/twitter/?return_to=[URL]
-# If blank, `omniauth.origin` is set to HTTP_REFERER
-provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
+  get 'auth/:provider/callback', to: 'sessions#create'
+  get '/login', to: 'sessions#new'
 ```
 
-Disabling Origin Param:
+**app/controllers/sessions_controller.rb**:
 ```ruby
-# /auth/twitter
-# Origin handled externally, if need be. `omniauth.origin` is not set
-provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
+class SessionsController < ApplicationController
+  def new
+    render :new
+  end
+
+  def create
+    user_info = request.env['omniauth.auth']
+    raise user_info # Your own session management should be placed here.
+  end
+end
 ```
 
-## Integrating OmniAuth Into Your Rails API
+**app/views/sessions/new.html.erb**:
+```erb
+<%= form_tag('/auth/developer', method: 'post', data: {turbo: false}) do %>
+  <button type='submit'>Login with Developer</button>
+<% end %>
+```
+
+Now if you visit `/login` and click the Login button, you should see the
+OmniAuth developer login screen. After submitting it, you are returned to your
+application at `Sessions#create`. The raise should now display all the Omniauth
+details you have available to integrate it into your own user management.
+
+If you want out of the box usermanagement, you should consider using Omniauth
+through Devise. Please visit the [Devise Github page](https://github.com/heartcombo/devise#omniauth)
+for more information.
+
+
+## Rails API
 The following middleware are (by default) included for session management in
 Rails applications. When using OmniAuth with a Rails API, you'll need to add
 one of these required middleware back in:
@@ -191,6 +196,33 @@
 OmniAuth.config.logger = Rails.logger
 ```
 
+## Origin Param
+The `origin` url parameter is typically used to inform where a user came from
+and where, should you choose to use it, they'd want to return to.
+Omniauth supports the following settings which can be configured on a provider level:
+
+**Default**:
+```ruby
+provider :twitter, ENV['KEY'], ENV['SECRET']
+POST /auth/twitter/?origin=[URL]
+# If the `origin` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
+```
+
+**Using a differently named origin parameter**:
+```ruby
+provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
+POST /auth/twitter/?return_to=[URL]
+# If the `return_to` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
+```
+
+**Disabled**:
+```ruby
+provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
+POST /auth/twitter
+# This means the origin should be handled by your own application. 
+# Note that `omniauth.origin` will always be blank.
+```
+
 ## Resources
 The [OmniAuth Wiki](https://github.com/omniauth/omniauth/wiki) has
 actively maintained in-depth documentation for OmniAuth. It should be
@@ -201,7 +233,11 @@
 
 Available as part of the Tidelift Subscription.
 
-The maintainers of OmniAuth and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
+The maintainers of OmniAuth and thousands of other packages are working with
+Tidelift to deliver commercial support and maintenance for the open source
+packages you use to build your applications. Save time, reduce risk, and
+improve code health, while paying the maintainers of the exact packages you use.
+[Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
 
 ## Supported Ruby Versions
 OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/omniauth/builder.rb new/lib/omniauth/builder.rb
--- old/lib/omniauth/builder.rb	2021-04-07 22:18:29.000000000 +0200
+++ new/lib/omniauth/builder.rb	2022-04-13 20:45:53.000000000 +0200
@@ -26,7 +26,7 @@
       @options = options
     end
 
-    def provider(klass, *args, &block)
+    def provider(klass, *args, **opts, &block)
       if klass.is_a?(Class)
         middleware = klass
       else
@@ -37,8 +37,7 @@
         end
       end
 
-      args.last.is_a?(Hash) ? args.push(options.merge(args.pop)) : args.push(options)
-      use middleware, *args, &block
+      use middleware, *args, **options.merge(opts), &block
     end
 
     def call(env)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/omniauth/version.rb new/lib/omniauth/version.rb
--- old/lib/omniauth/version.rb	2021-04-07 22:18:29.000000000 +0200
+++ new/lib/omniauth/version.rb	2022-04-13 20:45:53.000000000 +0200
@@ -1,3 +1,3 @@
 module OmniAuth
-  VERSION = '2.0.4'.freeze
+  VERSION = '2.1.0'.freeze
 end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata
--- old/metadata	2021-04-07 22:18:29.000000000 +0200
+++ new/metadata	2022-04-13 20:45:53.000000000 +0200
@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: omniauth
 version: !ruby/object:Gem::Version
-  version: 2.0.4
+  version: 2.1.0
 platform: ruby
 authors:
 - Michael Bleigh
 - Erik Michaels-Ober
 - Tom Milewski
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-04-07 00:00:00.000000000 Z
+date: 2022-04-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hashie
@@ -32,20 +32,14 @@
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '3'
+        version: 2.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.2
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '3'
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -129,7 +123,7 @@
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -144,8 +138,8 @@
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
-rubygems_version: 3.0.0
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: A generalized Rack framework for multiple-provider authentication.
 test_files: []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/omniauth.gemspec new/omniauth.gemspec
--- old/omniauth.gemspec	2021-04-07 22:18:29.000000000 +0200
+++ new/omniauth.gemspec	2022-04-13 20:45:53.000000000 +0200
@@ -6,7 +6,7 @@
 
 Gem::Specification.new do |spec|
   spec.add_dependency 'hashie', ['>= 3.4.6']
-  spec.add_dependency 'rack', ['>= 1.6.2', '< 3']
+  spec.add_dependency 'rack', '>= 2.2.3'
   spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_dependency 'rack-protection'
   spec.add_development_dependency 'rake', '~> 12.0'

    

Source-Sync

tags

participants (1)