Hello community, here is the log from the commit of package rubygem-rack-oauth2 for openSUSE:Factory checked in at 2018-02-27 16:58:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-rack-oauth2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-rack-oauth2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-rack-oauth2" Tue Feb 27 16:58:04 2018 rev:5 rq:579859 version:1.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-rack-oauth2/rubygem-rack-oauth2.changes 2018-02-22 15:02:37.489617971 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-rack-oauth2.new/rubygem-rack-oauth2.changes 2018-02-27 16:58:07.267688098 +0100 @@ -1,0 +2,12 @@ +Fri Feb 23 05:32:08 UTC 2018 - factory-auto@kulow.org + +- updated to version 1.9.0 + no changelog found + +------------------------------------------------------------------- +Thu Feb 22 05:31:18 UTC 2018 - factory-auto@kulow.org + +- updated to version 1.8.2 + no changelog found + +------------------------------------------------------------------- Old: ---- rack-oauth2-1.8.1.gem New: ---- rack-oauth2-1.9.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-rack-oauth2.spec ++++++ --- /var/tmp/diff_new_pack.zUDD48/_old 2018-02-27 16:58:08.411646765 +0100 +++ /var/tmp/diff_new_pack.zUDD48/_new 2018-02-27 16:58:08.415646621 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-rack-oauth2 -Version: 1.8.1 +Version: 1.9.0 Release: 0 %define mod_name rack-oauth2 %define mod_full_name %{mod_name}-%{version} ++++++ rack-oauth2-1.8.1.gem -> rack-oauth2-1.9.0.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile --- old/Gemfile 2018-02-20 05:43:39.000000000 +0100 +++ new/Gemfile 2018-02-23 04:35:00.000000000 +0100 @@ -1,7 +1,7 @@ -source 'http://rubygems.org' +source 'https://rubygems.org' platforms :jruby do gem 'jruby-openssl', '>= 0.7' end -gemspec \ No newline at end of file +gemspec diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/VERSION new/VERSION --- old/VERSION 2018-02-20 05:43:39.000000000 +0100 +++ new/VERSION 2018-02-23 04:35:00.000000000 +0100 @@ -1 +1 @@ -1.8.1 +1.9.0 Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/oauth2/client.rb new/lib/rack/oauth2/client.rb --- old/lib/rack/oauth2/client.rb 2018-02-20 05:43:39.000000000 +0100 +++ new/lib/rack/oauth2/client.rb 2018-02-23 04:35:00.000000000 +0100 @@ -3,7 +3,7 @@ class Client include AttrRequired, AttrOptional attr_required :identifier - attr_optional :secret, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint + attr_optional :secret, :private_key, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint def initialize(attributes = {}) (required_attributes + optional_attributes).each do |key| @@ -90,6 +90,18 @@ params.merge!( client_assertion_type: URN::ClientAssertionType::JWT_BEARER ) + # NOTE: optionally auto-generate client_assertion. + if params[:client_assertion].blank? + require 'json/jwt' + params[:client_assertion] = JSON::JWT.new( + iss: identifier, + sub: identifier, + aud: absolute_uri_for(token_endpoint), + jti: SecureRandom.hex(16), + iat: Time.now, + exp: 3.minutes.from_now + ).sign(private_key || secret).to_s + end when :saml2_bearer params.merge!( client_assertion_type: URN::ClientAssertionType::SAML2_BEARER diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2018-02-20 05:43:39.000000000 +0100 +++ new/metadata 2018-02-23 04:35:00.000000000 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: rack-oauth2 version: !ruby/object:Gem::Version - version: 1.8.1 + version: 1.9.0 platform: ruby authors: - nov matake autorequire: bindir: bin cert_chain: [] -date: 2018-02-20 00:00:00.000000000 Z +date: 2018-02-23 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: rack @@ -16,70 +16,84 @@ requirements: - - ">=" - !ruby/object:Gem::Version - version: '1.1' + version: '0' type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: '1.1' + version: '0' - !ruby/object:Gem::Dependency name: httpclient requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: '2.4' + version: '0' type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: '2.4' + version: '0' - !ruby/object:Gem::Dependency name: activesupport requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: '2.3' + version: '0' type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: '2.3' + version: '0' - !ruby/object:Gem::Dependency name: attr_required requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: 0.0.5 + version: '0' + type: :runtime + prerelease: false + version_requirements: !ruby/object:Gem::Requirement + requirements: + - - ">=" + - !ruby/object:Gem::Version + version: '0' +- !ruby/object:Gem::Dependency + name: json-jwt + requirement: !ruby/object:Gem::Requirement + requirements: + - - ">=" + - !ruby/object:Gem::Version + version: 1.9.0 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: 0.0.5 + version: 1.9.0 - !ruby/object:Gem::Dependency name: rake requirement: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: '0.8' + version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version - version: '0.8' + version: '0' - !ruby/object:Gem::Dependency name: simplecov requirement: !ruby/object:Gem::Requirement @@ -126,16 +140,16 @@ name: webmock requirement: !ruby/object:Gem::Requirement requirements: - - - "<" + - - ">=" - !ruby/object:Gem::Version - version: '1.24' + version: '0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - "<" + - - ">=" - !ruby/object:Gem::Version - version: '1.24' + version: '0' description: OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are supported. email: nov@matake.jp @@ -284,10 +298,10 @@ requirements: - - ">=" - !ruby/object:Gem::Version - version: 1.3.6 + version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.6.13 +rubygems_version: 2.6.11 signing_key: specification_version: 4 summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rack-oauth2.gemspec new/rack-oauth2.gemspec --- old/rack-oauth2.gemspec 2018-02-20 05:43:39.000000000 +0100 +++ new/rack-oauth2.gemspec 2018-02-23 04:35:00.000000000 +0100 @@ -1,26 +1,26 @@ Gem::Specification.new do |s| - s.name = "rack-oauth2" - s.version = File.read("VERSION") - s.required_rubygems_version = Gem::Requirement.new(">= 1.3.6") if s.respond_to? :required_rubygems_version= - s.authors = ["nov matake"] + s.name = 'rack-oauth2' + s.version = File.read('VERSION') + s.authors = ['nov matake'] s.description = %q{OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are supported.} s.summary = %q{OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported} - s.email = "nov@matake.jp" - s.extra_rdoc_files = ["LICENSE", "README.rdoc"] - s.rdoc_options = ["--charset=UTF-8"] - s.homepage = "http://github.com/nov/rack-oauth2" + s.email = 'nov@matake.jp' + s.extra_rdoc_files = ['LICENSE', 'README.rdoc'] + s.rdoc_options = ['--charset=UTF-8'] + s.homepage = 'http://github.com/nov/rack-oauth2' s.license = 'MIT' - s.require_paths = ["lib"] + s.require_paths = ['lib'] s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) } s.files = `git ls-files`.split("\n") s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") - s.add_runtime_dependency "rack", ">= 1.1" - s.add_runtime_dependency "httpclient", ">= 2.4" - s.add_runtime_dependency "activesupport", ">= 2.3" - s.add_runtime_dependency "attr_required", ">= 0.0.5" - s.add_development_dependency "rake", ">= 0.8" - s.add_development_dependency "simplecov" - s.add_development_dependency "rspec" - s.add_development_dependency "rspec-its" - s.add_development_dependency "webmock", "< 1.24" + s.add_runtime_dependency 'rack' + s.add_runtime_dependency 'httpclient' + s.add_runtime_dependency 'activesupport' + s.add_runtime_dependency 'attr_required' + s.add_runtime_dependency 'json-jwt', '>= 1.9.0' + s.add_development_dependency 'rake' + s.add_development_dependency 'simplecov' + s.add_development_dependency 'rspec' + s.add_development_dependency 'rspec-its' + s.add_development_dependency 'webmock' end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/rack/oauth2/client_spec.rb new/spec/rack/oauth2/client_spec.rb --- old/spec/rack/oauth2/client_spec.rb 2018-02-20 05:43:39.000000000 +0100 +++ new/spec/rack/oauth2/client_spec.rb 2018-02-23 04:35:00.000000000 +0100 @@ -79,8 +79,7 @@ describe '#access_token!' do subject { client.access_token! } - context 'when *args given' do - + context '*args handling' do describe 'client authentication method' do before do client.authorization_code = 'code' @@ -98,6 +97,108 @@ client.access_token! end + context 'when jwt_bearer auth method specified' do + context 'when client_secret is given' do + it 'should be JWT bearer client assertion w/ auto-generated HS256-signed JWT assertion' do + mock_response( + :post, + 'https://server.example.com/oauth2/token', + 'tokens/bearer.json', + params: { + client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9\..+/, # NOTE: HS256 + client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER, + code: 'code', + grant_type: 'authorization_code', + redirect_uri: 'https://client.example.com/callback' + } + ) + client.access_token! :jwt_bearer + end + end + + context 'when private_key is given' do + context 'when RSA key' do + let :client do + Rack::OAuth2::Client.new( + identifier: 'client_id', + private_key: OpenSSL::PKey::RSA.generate(2048), + host: 'server.example.com', + redirect_uri: 'https://client.example.com/callback' + ) + end + + it 'should be JWT bearer client assertion w/ auto-generated RS256-signed JWT assertion' do + mock_response( + :post, + 'https://server.example.com/oauth2/token', + 'tokens/bearer.json', + params: { + client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9\..+/, # NOTE: RS256 + client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER, + code: 'code', + grant_type: 'authorization_code', + redirect_uri: 'https://client.example.com/callback' + } + ) + client.access_token! :jwt_bearer + end + end + + context 'when EC key' do + let :client do + Rack::OAuth2::Client.new( + identifier: 'client_id', + private_key: OpenSSL::PKey::EC.new('prime256v1').generate_key, + host: 'server.example.com', + redirect_uri: 'https://client.example.com/callback' + ) + end + + it 'should be JWT bearer client assertion w/ auto-generated ES256-signed JWT assertion' do + mock_response( + :post, + 'https://server.example.com/oauth2/token', + 'tokens/bearer.json', + params: { + client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9\..+/, # NOTE: ES256 + client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER, + code: 'code', + grant_type: 'authorization_code', + redirect_uri: 'https://client.example.com/callback' + } + ) + client.access_token! :jwt_bearer + end + end + end + + context 'when client_assertion is explicitly given' do + let :client do + Rack::OAuth2::Client.new( + identifier: 'client_id', + host: 'server.example.com', + redirect_uri: 'https://client.example.com/callback' + ) + end + + it 'should be JWT bearer client assertion w/ specified assertion' do + mock_response( + :post, + 'https://server.example.com/oauth2/token', + 'tokens/bearer.json', + params: { + client_assertion: 'any.jwt.assertion', + client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER, + code: 'code', + grant_type: 'authorization_code', + redirect_uri: 'https://client.example.com/callback' + } + ) + client.access_token! :jwt_bearer, client_assertion: 'any.jwt.assertion' + end + end + end + context 'when other auth method specified' do it 'should be body params' do mock_response(