Hello community,
here is the log from the commit of package rubygem-omniauth-google-oauth2 for openSUSE:Factory checked in at 2019-08-06 15:10:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-omniauth-google-oauth2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-omniauth-google-oauth2.new.4126 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-omniauth-google-oauth2"
Tue Aug 6 15:10:09 2019 rev:6 rq:717312 version:0.7.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-omniauth-google-oauth2/rubygem-omniauth-google-oauth2.changes 2019-03-27 16:17:54.699573423 +0100
+++ /work/SRC/openSUSE:Factory/.rubygem-omniauth-google-oauth2.new.4126/rubygem-omniauth-google-oauth2.changes 2019-08-06 15:10:12.427779527 +0200
@@ -1,0 +2,20 @@
+Fri Jul 19 09:26:54 UTC 2019 - Stephan Kulow
+
+- updated to version 0.7.0
+ see installed CHANGELOG.md
+
+ ## 0.7.0 - 2019-06-03
+
+ ### Added
+ - Ensure `info[:email]` is always verified, and include `unverified_email`
+
+ ### Deprecated
+ - Nothing.
+
+ ### Removed
+ - Nothing.
+
+ ### Fixed
+ - Nothing.
+
+-------------------------------------------------------------------
Old:
----
omniauth-google-oauth2-0.6.1.gem
New:
----
omniauth-google-oauth2-0.7.0.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-omniauth-google-oauth2.spec ++++++
--- /var/tmp/diff_new_pack.6l4eJi/_old 2019-08-06 15:10:13.039779180 +0200
+++ /var/tmp/diff_new_pack.6l4eJi/_new 2019-08-06 15:10:13.039779180 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-omniauth-google-oauth2
-Version: 0.6.1
+Version: 0.7.0
Release: 0
%define mod_name omniauth-google-oauth2
%define mod_full_name %{mod_name}-%{version}
++++++ omniauth-google-oauth2-0.6.1.gem -> omniauth-google-oauth2-0.7.0.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2019-03-07 19:46:53.000000000 +0100
+++ new/CHANGELOG.md 2019-06-03 20:05:11.000000000 +0200
@@ -1,6 +1,20 @@
# Changelog
All notable changes to this project will be documented in this file.
+## 0.7.0 - 2019-06-03
+
+### Added
+- Ensure `info[:email]` is always verified, and include `unverified_email`
+
+### Deprecated
+- Nothing.
+
+### Removed
+- Nothing.
+
+### Fixed
+- Nothing.
+
## 0.6.1 - 2019-03-07
### Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2019-03-07 19:46:53.000000000 +0100
+++ new/README.md 2019-06-03 20:05:11.000000000 +0200
@@ -54,10 +54,10 @@
* `prompt`: A space-delimited list of string values that determines whether the user is re-prompted for authentication and/or consent. Possible values are:
* `none`: No authentication or consent pages will be displayed; it will return an error if the user is not already authenticated and has not pre-configured consent for the requested scopes. This can be used as a method to check for existing authentication and/or consent.
- * `consent`: The user will always be prompted for consent, even if he has previously allowed access a given set of scopes.
+ * `consent`: The user will always be prompted for consent, even if they have previously allowed access a given set of scopes.
* `select_account`: The user will always be prompted to select a user account. This allows a user who has multiple current account sessions to select one amongst them.
- If no value is specified, the user only sees the authentication page if he is not logged in and only sees the consent page the first time he authorizes a given set of scopes.
+ If no value is specified, the user only sees the authentication page if they are not logged in and only sees the consent page the first time they authorize a given set of scopes.
* `image_aspect_ratio`: The shape of the user's profile picture. Possible values are:
* `original`: Picture maintains its original aspect ratio.
@@ -83,7 +83,7 @@
* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `[:extra][:id_info]` in the authentication hash with the value of the user's OpenID ID URL.
-Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select his account when logging in and the user's profile picture is returned as a thumbnail:
+Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select their account when logging in and the user's profile picture is returned as a thumbnail:
```ruby
Rails.application.config.middleware.use OmniAuth::Builder do
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/examples/Gemfile new/examples/Gemfile
--- old/examples/Gemfile 2019-03-07 19:46:53.000000000 +0100
+++ new/examples/Gemfile 2019-06-03 20:05:11.000000000 +0200
@@ -2,6 +2,6 @@
source 'https://rubygems.org'
-gem 'omniauth-google-oauth2', '~> 0.6'
+gem 'omniauth-google-oauth2', '~> 0.6.1'
gem 'rubocop'
gem 'sinatra', '~> 1.4'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/omniauth/google_oauth2/version.rb new/lib/omniauth/google_oauth2/version.rb
--- old/lib/omniauth/google_oauth2/version.rb 2019-03-07 19:46:53.000000000 +0100
+++ new/lib/omniauth/google_oauth2/version.rb 2019-06-03 20:05:11.000000000 +0200
@@ -2,6 +2,6 @@
module OmniAuth
module GoogleOauth2
- VERSION = '0.6.1'
+ VERSION = '0.7.0'
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/omniauth/strategies/google_oauth2.rb new/lib/omniauth/strategies/google_oauth2.rb
--- old/lib/omniauth/strategies/google_oauth2.rb 2019-03-07 19:46:53.000000000 +0100
+++ new/lib/omniauth/strategies/google_oauth2.rb 2019-06-03 20:05:11.000000000 +0200
@@ -46,7 +46,8 @@
info do
prune!(
name: raw_info['name'],
- email: raw_info['email'],
+ email: verified_email,
+ unverified_email: raw_info['email'],
email_verified: raw_info['email_verified'],
first_name: raw_info['given_name'],
last_name: raw_info['family_name'],
@@ -112,6 +113,18 @@
client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
elsif verify_token(request.params['access_token'])
::OAuth2::AccessToken.from_hash(client, request.params.dup)
+ elsif request.content_type =~ /json/i
+ begin
+ body = JSON.parse(request.body.read)
+ request.body.rewind # rewind request body for downstream middlewares
+ verifier = body && body['code']
+ if verifier
+ redirect_uri = 'postmessage'
+ client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
+ end
+ rescue JSON::ParserError => e
+ warn "[omniauth google-oauth2] JSON parse error=#{e}"
+ end
else
verifier = request.params['code']
client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
@@ -125,6 +138,10 @@
scope_list.join(' ')
end
+ def verified_email
+ raw_info['email_verified'] ? raw_info['email'] : nil
+ end
+
def get_token_options(redirect_uri)
{ redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2019-03-07 19:46:53.000000000 +0100
+++ new/metadata 2019-06-03 20:05:11.000000000 +0200
@@ -1,7 +1,7 @@
--- !ruby/object:Gem::Specification
name: omniauth-google-oauth2
version: !ruby/object:Gem::Version
- version: 0.6.1
+ version: 0.7.0
platform: ruby
authors:
- Josh Ellithorpe
@@ -9,7 +9,7 @@
autorequire:
bindir: bin
cert_chain: []
-date: 2019-03-07 00:00:00.000000000 Z
+date: 2019-06-03 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: jwt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/omniauth/strategies/google_oauth2_spec.rb new/spec/omniauth/strategies/google_oauth2_spec.rb
--- old/spec/omniauth/strategies/google_oauth2_spec.rb 2019-03-07 19:46:53.000000000 +0100
+++ new/spec/omniauth/strategies/google_oauth2_spec.rb 2019-06-03 20:05:11.000000000 +0200
@@ -3,6 +3,7 @@
require 'spec_helper'
require 'json'
require 'omniauth-google-oauth2'
+require 'stringio'
describe OmniAuth::Strategies::GoogleOauth2 do
let(:request) { double('Request', params: {}, cookies: {}, env: {}) }
@@ -299,6 +300,41 @@
end
end
+ describe '#info' do
+ let(:client) do
+ OAuth2::Client.new('abc', 'def') do |builder|
+ builder.request :url_encoded
+ builder.adapter :test do |stub|
+ stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, response_hash.to_json] }
+ end
+ end
+ end
+ let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
+ before { allow(subject).to receive(:access_token).and_return(access_token) }
+
+ context 'with verified email' do
+ let(:response_hash) do
+ { email: 'something@domain.invalid', email_verified: true }
+ end
+
+ it 'should return equal email and unverified_email' do
+ expect(subject.info[:email]).to eq('something@domain.invalid')
+ expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
+ end
+ end
+
+ context 'with unverified email' do
+ let(:response_hash) do
+ { email: 'something@domain.invalid', email_verified: false }
+ end
+
+ it 'should return nil email, and correct unverified email' do
+ expect(subject.info[:email]).to eq(nil)
+ expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
+ end
+ end
+ end
+
describe '#extra' do
let(:client) do
OAuth2::Client.new('abc', 'def') do |builder|
@@ -547,9 +583,26 @@
expect(token.client).to eq(:client)
end
+ it 'reads the code from a json request body' do
+ body = StringIO.new(%({"code":"json_access_token"}))
+ client = double(:client)
+ auth_code = double(:auth_code)
+
+ allow(request).to receive(:xhr?).and_return(false)
+ allow(request).to receive(:content_type).and_return('application/json')
+ allow(request).to receive(:body).and_return(body)
+ allow(client).to receive(:auth_code).and_return(auth_code)
+ expect(subject).to receive(:client).and_return(client)
+
+ expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'postmessage' }, {})
+
+ subject.build_access_token
+ end
+
it 'should use callback_url without query_string if this is not an AJAX request' do
allow(request).to receive(:xhr?).and_return(false)
allow(request).to receive(:params).and_return('code' => 'valid_code')
+ allow(request).to receive(:content_type).and_return('application/x-www-form-urlencoded')
client = double(:client)
auth_code = double(:auth_code)