diff --git a/Gemfile b/Gemfile
index f5e43a5493b5bcb1752c38c4205ab987c2a13b9a..c2e8019a26b52b093f2080a913277fb941f58334 100644
--- a/Gemfile
+++ b/Gemfile
@@ -36,8 +36,7 @@ gem 'doorkeeper', '~> 5.5.0.rc2'
gem 'doorkeeper-openid_connect', '~> 1.7.5'
gem 'rexml', '~> 3.2.5'
gem 'ruby-saml', '~> 1.13.0'
-gem 'omniauth-rails_csrf_protection'
-gem 'omniauth', '~> 2.1.0'
+gem 'omniauth', '~> 1.8'
gem 'omniauth-auth0', '~> 2.0.0'
gem 'omniauth-azure-activedirectory-v2', '~> 1.0'
gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md
@@ -45,16 +44,16 @@ gem 'omniauth-cas3', '~> 1.1.4', path: 'vendor/gems/omniauth-cas3' # See vendor/
gem 'omniauth-dingtalk-oauth2', '~> 1.0'
gem 'omniauth-alicloud', '~> 1.0.1'
gem 'omniauth-facebook', '~> 4.0.0'
-gem 'omniauth-github', '2.0.0'
+gem 'omniauth-github', '~> 1.4'
gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md
-gem 'omniauth-google-oauth2', '~> 1.0.1', path: 'vendor/gems/omniauth-google-oauth2' # See gem README.md
+gem 'omniauth-google-oauth2', '~> 0.6.0', path: 'vendor/gems/omniauth-google-oauth2' # See gem README.md
gem 'omniauth-oauth2-generic', '~> 0.2.2'
-gem 'omniauth-saml', '~> 2.1.0'
+gem 'omniauth-saml', '~> 1.10'
gem 'omniauth-shibboleth', '~> 1.3.0'
gem 'omniauth-twitter', '~> 1.4'
gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md
gem 'omniauth-authentiq', '~> 0.3.3'
-gem 'gitlab-omniauth-openid-connect', '~> 0.10.0', require: 'omniauth_openid_connect'
+gem 'gitlab-omniauth-openid-connect', '~> 0.9.0', require: 'omniauth_openid_connect'
gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md
gem 'omniauth-atlassian-oauth2', '~> 0.2.0'
gem 'rack-oauth2', '~> 1.21.2'
diff --git a/Gemfile.lock b/Gemfile.lock
index 6178c733c8f0536034735805c6a25d4e4f666ad2..74a89c79d5eaff4c6e4535802ca8152aeaefa837 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -29,7 +29,7 @@ PATH
specs:
omniauth-azure-oauth2 (0.0.10)
jwt (>= 1.0, < 3.0)
- omniauth (~> 2.0)
+ omniauth (~> 1.0, < 3)
omniauth-oauth2 (~> 1.4)
PATH
@@ -38,29 +38,28 @@ PATH
omniauth-cas3 (1.1.4)
addressable (~> 2.3)
nokogiri (~> 1.7, >= 1.7.1)
- omniauth (~> 2.0)
+ omniauth (~> 1.2, < 3)
PATH
remote: vendor/gems/omniauth-gitlab
specs:
omniauth-gitlab (4.0.0)
- omniauth (~> 2.0)
+ omniauth (~> 1.0)
omniauth-oauth2 (~> 1.7.1)
PATH
remote: vendor/gems/omniauth-google-oauth2
specs:
- omniauth-google-oauth2 (1.0.1)
+ omniauth-google-oauth2 (0.6.0)
jwt (>= 2.0)
- oauth2 (~> 2.0)
- omniauth (~> 2.0)
- omniauth-oauth2 (~> 1.7.1)
+ omniauth (>= 1.9, < 3)
+ omniauth-oauth2 (>= 1.5)
PATH
remote: vendor/gems/omniauth-salesforce
specs:
omniauth-salesforce (1.0.5)
- omniauth (~> 2.0)
+ omniauth (~> 1.0, < 3)
omniauth-oauth2 (~> 1.0)
PATH
@@ -69,7 +68,7 @@ PATH
omniauth_crowd (2.4.0)
activesupport
nokogiri (>= 1.4.4)
- omniauth (~> 2.0)
+ omniauth (~> 1.0, < 3)
GEM
remote: https://rubygems.org/
@@ -566,9 +565,9 @@ GEM
gitlab-mail_room (0.0.9)
gitlab-markup (1.8.0)
gitlab-net-dns (0.9.1)
- gitlab-omniauth-openid-connect (0.10.0)
+ gitlab-omniauth-openid-connect (0.9.1)
addressable (~> 2.7)
- omniauth (>= 1.9, < 3)
+ omniauth (~> 1.9)
openid_connect (~> 1.2)
gitlab-sidekiq-fetcher (0.8.0)
sidekiq (~> 6.1)
@@ -914,10 +913,9 @@ GEM
train-core
wmi-lite (~> 1.0)
oj (3.13.21)
- omniauth (2.1.0)
+ omniauth (1.9.1)
hashie (>= 3.4.6)
- rack (>= 2.2.3)
- rack-protection
+ rack (>= 1.6.2, < 3)
omniauth-alicloud (1.0.1)
omniauth-oauth2 (~> 1.7.1)
omniauth-atlassian-oauth2 (0.2.0)
@@ -934,9 +932,9 @@ GEM
omniauth-oauth2 (~> 1.7)
omniauth-facebook (4.0.0)
omniauth-oauth2 (~> 1.2)
- omniauth-github (2.0.0)
- omniauth (~> 2.0)
- omniauth-oauth2 (~> 1.7.1)
+ omniauth-github (1.4.0)
+ omniauth (~> 1.5)
+ omniauth-oauth2 (>= 1.4.0, < 2.0)
omniauth-oauth (1.2.0)
oauth
omniauth (>= 1.0, < 3)
@@ -945,12 +943,9 @@ GEM
omniauth (>= 1.9, < 3)
omniauth-oauth2-generic (0.2.2)
omniauth-oauth2 (~> 1.0)
- omniauth-rails_csrf_protection (1.0.1)
- actionpack (>= 4.2)
- omniauth (~> 2.0)
- omniauth-saml (2.1.0)
- omniauth (~> 2.0)
- ruby-saml (~> 1.12)
+ omniauth-saml (1.10.0)
+ omniauth (~> 1.3, >= 1.3.2)
+ ruby-saml (~> 1.7)
omniauth-shibboleth (1.3.0)
omniauth (>= 1.0.0)
omniauth-twitter (1.4.0)
@@ -1059,8 +1054,6 @@ GEM
httpclient
json-jwt (>= 1.11.0)
rack (>= 2.1.0)
- rack-protection (2.2.2)
- rack
rack-proxy (0.7.2)
rack
rack-test (1.1.0)
@@ -1453,7 +1446,7 @@ GEM
validate_email (0.1.6)
activemodel (>= 3.0)
mail (>= 2.2.5)
- validate_url (1.0.15)
+ validate_url (1.0.13)
activemodel (>= 3.0.0)
public_suffix
validates_hostname (1.0.11)
@@ -1606,7 +1599,7 @@ DEPENDENCIES
gitlab-mail_room (~> 0.0.9)
gitlab-markup (~> 1.8.0)
gitlab-net-dns (~> 0.9.1)
- gitlab-omniauth-openid-connect (~> 0.10.0)
+ gitlab-omniauth-openid-connect (~> 0.9.0)
gitlab-sidekiq-fetcher (= 0.8.0)
gitlab-styles (~> 8.0.0)
gitlab_chronic_duration (~> 0.10.6.2)
@@ -1673,7 +1666,7 @@ DEPENDENCIES
octokit (~> 4.15)
ohai (~> 16.10)
oj (~> 3.13.21)
- omniauth (~> 2.1.0)
+ omniauth (~> 1.8)
omniauth-alicloud (~> 1.0.1)
omniauth-atlassian-oauth2 (~> 0.2.0)
omniauth-auth0 (~> 2.0.0)
@@ -1683,13 +1676,12 @@ DEPENDENCIES
omniauth-cas3 (~> 1.1.4)!
omniauth-dingtalk-oauth2 (~> 1.0)
omniauth-facebook (~> 4.0.0)
- omniauth-github (= 2.0.0)
+ omniauth-github (~> 1.4)
omniauth-gitlab (~> 4.0.0)!
- omniauth-google-oauth2 (~> 1.0.1)!
+ omniauth-google-oauth2 (~> 0.6.0)!
omniauth-oauth2-generic (~> 0.2.2)
- omniauth-rails_csrf_protection
omniauth-salesforce (~> 1.0.5)!
- omniauth-saml (~> 2.1.0)
+ omniauth-saml (~> 1.10)
omniauth-shibboleth (~> 1.3.0)
omniauth-twitter (~> 1.4)
omniauth_crowd (~> 2.4.0)!
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 2454b5ea8180a3b643b9a7bc9eb4c5d9988715ee..38bd1034b36519aa1413b8a46b89355e80eb9e5c 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -11,17 +11,6 @@ module OmniAuth::Strategies
end
end
-module OmniAuth
- module Strategies
- class AzureActivedirectoryV2
- # override until https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/6 is merged
- def callback_url
- full_host + callback_path
- end
- end
- end
-end
-
OmniAuth.config.full_host = Gitlab::OmniauthInitializer.full_host
OmniAuth.config.allowed_request_methods = [:post]
diff --git a/ee/spec/lib/omni_auth/strategies/group_saml_spec.rb b/ee/spec/lib/omni_auth/strategies/group_saml_spec.rb
index 28af82eded614a195bcfebfb1306d4dca028ec92..c6eaa766663b1771adf77d793ea0cc86c461a4b6 100644
--- a/ee/spec/lib/omni_auth/strategies/group_saml_spec.rb
+++ b/ee/spec/lib/omni_auth/strategies/group_saml_spec.rb
@@ -64,11 +64,12 @@ def check(path)
expect(options['idp_cert_fingerprint']).to eq fingerprint
end
- it 'redirects to failure endpoint when SAML is disabled for the group' do
+ it 'returns 404 when SAML is disabled for the group' do
saml_provider.update!(enabled: false)
- post "/groups/my-group/-/saml/callback", SAMLResponse: saml_response
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=my-group&strategy=group_saml")
+
+ expect do
+ post "/groups/my-group/-/saml/callback", SAMLResponse: saml_response
+ end.to raise_error(ActionController::RoutingError)
end
context 'user is testing SAML response' do
@@ -106,10 +107,10 @@ def check(path)
end
end
- it 'redirects to failure endpoint when the group is not found' do
- post "/groups/not-a-group/-/saml/callback", SAMLResponse: saml_response
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=not-a-group&strategy=group_saml")
+ it 'returns 404 when the group is not found' do
+ expect do
+ post "/groups/not-a-group/-/saml/callback", SAMLResponse: saml_response
+ end.to raise_error(ActionController::RoutingError)
end
context 'Group SAML not licensed for group' do
@@ -117,10 +118,10 @@ def check(path)
stub_licensed_features(group_saml: false)
end
- it 'redirects to failure endpoint' do
- post "/groups/my-group/-/saml/callback", SAMLResponse: saml_response
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=my-group&strategy=group_saml")
+ it 'returns 404' do
+ expect do
+ post "/groups/my-group/-/saml/callback", SAMLResponse: saml_response
+ end.to raise_error(ActionController::RoutingError)
end
end
end
@@ -133,22 +134,22 @@ def check(path)
expect(last_response.location).to match(/\A#{Regexp.quote(idp_sso_url)}/)
end
- it 'redirects to failure endpoint for groups without SAML configured' do
- post '/users/auth/group_saml', group_path: 'unconfigured-group'
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=unconfigured-group&strategy=group_saml")
+ it 'returns 404 for groups without SAML configured' do
+ expect do
+ post '/users/auth/group_saml', group_path: 'unconfigured-group'
+ end.to raise_error(ActionController::RoutingError)
end
- it 'redirects to the failure endpoint when the group is not found' do
- post '/users/auth/group_saml', group_path: 'not-a-group'
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=not-a-group&strategy=group_saml")
+ it 'returns 404 when the group is not found' do
+ expect do
+ post '/users/auth/group_saml', group_path: 'not-a-group'
+ end.to raise_error(ActionController::RoutingError)
end
- it 'redirects to failure endpoint when missing group_path param' do
- post '/users/auth/group_saml'
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=ActionController%3A%3ARoutingError&strategy=group_saml")
+ it 'returns 404 when missing group_path param' do
+ expect do
+ post '/users/auth/group_saml'
+ end.to raise_error(ActionController::RoutingError)
end
it "stores request ID during request phase" do
@@ -164,16 +165,16 @@ def check(path)
end
describe 'POST /users/auth/group_saml/metadata' do
- it 'redirects to the failure endpoint when the group is not found' do
- post '/users/auth/group_saml/metadata', group_path: 'not-a-group'
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=not-a-group&strategy=group_saml")
+ it 'returns 404 when the group is not found' do
+ expect do
+ post '/users/auth/group_saml/metadata', group_path: 'not-a-group'
+ end.to raise_error(ActionController::RoutingError)
end
- it 'redirects to the failure endpoint with generic error to avoid disclosing group existence' do
- post '/users/auth/group_saml/metadata', group_path: 'my-group'
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=my-group&strategy=group_saml")
+ it 'returns 404 to avoid disclosing group existence' do
+ expect do
+ post '/users/auth/group_saml/metadata', group_path: 'my-group'
+ end.to raise_error(ActionController::RoutingError)
end
it 'returns metadata when a valid token is provided' do
@@ -184,16 +185,16 @@ def check(path)
expect(last_response.header["Content-Type"]).to eq "application/xml"
end
- it 'redirects to failure endpoint when an invalid token is provided' do
- post '/users/auth/group_saml/metadata', group_path: 'my-group', token: 'invalidtoken'
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=my-group&strategy=group_saml")
+ it 'returns 404 when an invalid token is provided' do
+ expect do
+ post '/users/auth/group_saml/metadata', group_path: 'my-group', token: 'invalidtoken'
+ end.to raise_error(ActionController::RoutingError)
end
- it 'redirects to failure endpoint when group is not found but a token is provided' do
- post '/users/auth/group_saml/metadata', group_path: 'not-a-group', token: 'dummytoken'
- expect(last_response.status).to eq(302)
- expect(last_response.location).to eq("/users/auth/failure?message=not-a-group&strategy=group_saml")
+ it 'returns 404 when if group is not found but a token is provided' do
+ expect do
+ post '/users/auth/group_saml/metadata', group_path: 'not-a-group', token: 'dummytoken'
+ end.to raise_error(ActionController::RoutingError)
end
it 'sets omniauth setings from default settings' do
diff --git a/ee/spec/requests/omniauth_kerberos_spnego_spec.rb b/ee/spec/requests/omniauth_kerberos_spnego_spec.rb
index edb05c1635e66a70361d2e5c78e750563f8be9c0..bf56458b5a3192dfb2d116a491de584edc852e07 100644
--- a/ee/spec/requests/omniauth_kerberos_spnego_spec.rb
+++ b/ee/spec/requests/omniauth_kerberos_spnego_spec.rb
@@ -10,11 +10,8 @@
# In production user_kerberos_spnego_omniauth_callback_path is defined
# dynamically early when the app boots. Because this is hard to set up
# during testing we stub out this path helper on the controller.
- omniauth_kerberos = OmniAuth::Strategies::KerberosSpnego.new(:app)
- allow(omniauth_kerberos).to receive(:script_name).and_return('')
- allow_any_instance_of(OmniAuth::Strategies::KerberosSpnego).to receive(:new).and_return(omniauth_kerberos)
allow_any_instance_of(controller_class).to receive(:user_kerberos_spnego_omniauth_callback_path)
- .and_return(omniauth_kerberos.callback_path)
+ .and_return(OmniAuth::Strategies::KerberosSpnego.new(:app).callback_path)
end
it 'asks for an SPNEGO token' do
diff --git a/vendor/gems/omniauth-azure-oauth2/Gemfile.lock b/vendor/gems/omniauth-azure-oauth2/Gemfile.lock
index d2bbe3e8d2f633cfbdc0070ce0ae49f0a112e59c..0bd5d4011759217439a06475f437c30e353b8969 100644
--- a/vendor/gems/omniauth-azure-oauth2/Gemfile.lock
+++ b/vendor/gems/omniauth-azure-oauth2/Gemfile.lock
@@ -3,7 +3,7 @@ PATH
specs:
omniauth-azure-oauth2 (0.0.10)
jwt (>= 1.0, < 3.0)
- omniauth (~> 2.0)
+ omniauth (~> 1.0, < 3)
omniauth-oauth2 (~> 1.4)
GEM
@@ -19,17 +19,16 @@ GEM
multi_xml (0.6.0)
mustermann (2.0.2)
ruby2_keywords (~> 0.0.1)
- oauth2 (2.0.3)
+ oauth2 (2.0.6)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
rash_alt (>= 0.4, < 1)
- version_gem (~> 1.0)
- omniauth (2.1.0)
+ version_gem (~> 1.1)
+ omniauth (1.9.1)
hashie (>= 3.4.6)
- rack (>= 2.2.3)
- rack-protection
+ rack (>= 1.6.2, < 3)
omniauth-oauth2 (1.7.3)
oauth2 (>= 1.4, < 3)
omniauth (>= 1.9, < 3)
@@ -71,4 +70,4 @@ DEPENDENCIES
sinatra
BUNDLED WITH
- 2.3.21
+ 2.3.20
diff --git a/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb
index d71911b9876c19436b88f5c8ff8ebc085a579b87..f18babc0619cdcb0b4546aa2598a407d7cbb8972 100644
--- a/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb
+++ b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb
@@ -59,10 +59,8 @@ def token_params
super.merge(resource: azure_resource || options.resource)
end
- # for compatibility with OmniAuth 2.0
- # see https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/6
def callback_url
- full_host + callback_path
+ full_host + script_name + callback_path
end
def raw_info
diff --git a/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec b/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec
index 1299285b9450b90a0294f28ded22e1a50df1b2be..6e1bc583881b5067ce0383d5f6b6fa10421d1e20 100644
--- a/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec
+++ b/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec
@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
gem.version = OmniAuth::AzureOauth2::VERSION
gem.license = "MIT"
- gem.add_runtime_dependency 'omniauth', '~> 2.0'
+ gem.add_runtime_dependency 'omniauth', '~> 1.0', '< 3'
gem.add_dependency 'jwt', ['>= 1.0', '< 3.0']
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.4'
diff --git a/vendor/gems/omniauth-cas3/Gemfile.lock b/vendor/gems/omniauth-cas3/Gemfile.lock
index a856e78f00ff9fbda32c1a849bbbe16737a8b729..4c59eb05d50e266bd8fe3779e067d1571f0a7b12 100644
--- a/vendor/gems/omniauth-cas3/Gemfile.lock
+++ b/vendor/gems/omniauth-cas3/Gemfile.lock
@@ -4,30 +4,29 @@ PATH
omniauth-cas3 (1.1.4)
addressable (~> 2.3)
nokogiri (~> 1.7, >= 1.7.1)
- omniauth (~> 2.0)
+ omniauth (~> 1.2, < 3)
GEM
remote: https://rubygems.org/
specs:
- addressable (2.8.1)
- public_suffix (>= 2.0.2, < 6.0)
+ addressable (2.8.0)
+ public_suffix (>= 2.0.2, < 5.0)
awesome_print (1.9.2)
crack (0.4.5)
rexml
diff-lcs (1.5.0)
hashdiff (1.0.1)
hashie (5.0.0)
+ mini_portile2 (2.8.0)
nokogiri (1.13.7)
+ mini_portile2 (~> 2.8.0)
racc (~> 1.4)
- omniauth (2.1.0)
+ omniauth (1.9.1)
hashie (>= 3.4.6)
- rack (>= 2.2.3)
- rack-protection
- public_suffix (5.0.0)
+ rack (>= 1.6.2, < 3)
+ public_suffix (4.0.7)
racc (1.6.0)
rack (2.2.4)
- rack-protection (2.2.2)
- rack
rack-test (0.8.3)
rack (>= 1.0, < 3)
rake (10.5.0)
@@ -45,7 +44,7 @@ GEM
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-support (3.11.0)
- webmock (3.18.1)
+ webmock (3.14.0)
addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
@@ -62,4 +61,4 @@ DEPENDENCIES
webmock
BUNDLED WITH
- 2.3.21
+ 2.3.18
diff --git a/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec b/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec
index c976d85df99dbea5e795c28ae1f0be795f10d6f1..abbcaa268d03e6ef9c81ba098c79ff1843832ddf 100644
--- a/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec
+++ b/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec
@@ -14,7 +14,7 @@ Gem::Specification.new do |gem|
gem.require_paths = ["lib"]
gem.version = Omniauth::Cas3::VERSION
- gem.add_dependency 'omniauth', '~> 2.0'
+ gem.add_dependency 'omniauth', '~> 1.2', '< 3'
gem.add_dependency 'nokogiri', '~> 1.7', '>= 1.7.1'
gem.add_dependency 'addressable', '~> 2.3'
diff --git a/vendor/gems/omniauth-gitlab/Gemfile.lock b/vendor/gems/omniauth-gitlab/Gemfile.lock
index b59ba59b95b9d7fbc932397ac94b9d83f2277d5b..b5979104080a56b319957856e03b1b0c38700cda 100644
--- a/vendor/gems/omniauth-gitlab/Gemfile.lock
+++ b/vendor/gems/omniauth-gitlab/Gemfile.lock
@@ -2,7 +2,7 @@ PATH
remote: .
specs:
omniauth-gitlab (4.0.0)
- omniauth (~> 2.0)
+ omniauth (~> 1.0)
omniauth-oauth2 (~> 1.7.1)
GEM
@@ -24,16 +24,13 @@ GEM
rack (>= 1.2, < 3)
rash_alt (>= 0.4, < 1)
version_gem (~> 1.0)
- omniauth (2.1.0)
+ omniauth (1.9.1)
hashie (>= 3.4.6)
- rack (>= 2.2.3)
- rack-protection
+ rack (>= 1.6.2, < 3)
omniauth-oauth2 (1.7.3)
oauth2 (>= 1.4, < 3)
omniauth (>= 1.9, < 3)
- rack (2.2.4)
- rack-protection (2.2.2)
- rack
+ rack (2.2.3.1)
rake (13.0.6)
rash_alt (0.4.12)
hashie (>= 3.4)
diff --git a/vendor/gems/omniauth-gitlab/omniauth-gitlab.gemspec b/vendor/gems/omniauth-gitlab/omniauth-gitlab.gemspec
index ca4b8d904f0de6086213b09d13bd324394a27d07..be25cb50af6e38f24398cd8010fb8e15e8670cd6 100644
--- a/vendor/gems/omniauth-gitlab/omniauth-gitlab.gemspec
+++ b/vendor/gems/omniauth-gitlab/omniauth-gitlab.gemspec
@@ -16,7 +16,7 @@ Gem::Specification.new do |gem|
gem.test_files = Dir['spec/**/*.rb']
gem.require_paths = ['lib']
- gem.add_dependency 'omniauth', '~> 2.0'
+ gem.add_dependency 'omniauth', '~> 1.0'
gem.add_dependency 'omniauth-oauth2', '~> 1.7.1'
gem.add_development_dependency 'rspec', '~> 3.1'
gem.add_development_dependency 'rspec-its', '~> 1.0'
diff --git a/vendor/gems/omniauth-google-oauth2/CHANGELOG.md b/vendor/gems/omniauth-google-oauth2/CHANGELOG.md
index 5b252048fd6a3791891c8acaa7c9a680c7ea5572..7d3e1234f2d87bb428a30135d56b13a3c1dccc45 100644
--- a/vendor/gems/omniauth-google-oauth2/CHANGELOG.md
+++ b/vendor/gems/omniauth-google-oauth2/CHANGELOG.md
@@ -1,106 +1,6 @@
# Changelog
All notable changes to this project will be documented in this file.
-## 1.0.1 - 2022-03-10
-
-### Added
-- Output granted scopes in credentials block of the auth hash.
-- Migrated to GitHub actions.
-
-### Deprecated
-- Nothing.
-
-### Removed
-- Nothing.
-
-### Fixed
-- Overriding the `redirect_uri` via params or JSON request body.
-
-## 1.0.0 - 2021-03-14
-
-### Added
-- Support for Omniauth 2.x!
-
-### Deprecated
-- Nothing.
-
-### Removed
-- Support for Omniauth 1.x.
-
-### Fixed
-- Nothing.
-
-## 0.8.2 - 2021-03-14
-
-### Added
-- Constrains the version to Omniauth 1.x.
-
-### Deprecated
-- Nothing.
-
-### Removed
-- Nothing.
-
-### Fixed
-- Nothing.
-
-## 0.8.1 - 2020-12-12
-
-### Added
-- Support reading the access token from a json request body.
-
-### Deprecated
-- Nothing.
-
-### Removed
-- No longer verify the iat claim for JWT.
-
-### Fixed
-- A few minor issues with .rubocop.yml.
-- Issues with image resizing code when the image came with size information from Google.
-
-## 0.8.0 - 2019-08-21
-
-### Added
-- Updated omniauth-oauth2 to v1.6.0 for security fixes.
-
-### Deprecated
-- Nothing.
-
-### Removed
-- Ruby 2.1 support.
-
-### Fixed
-- Nothing.
-
-## 0.7.0 - 2019-06-03
-
-### Added
-- Ensure `info[:email]` is always verified, and include `unverified_email`
-
-### Deprecated
-- Nothing.
-
-### Removed
-- Nothing.
-
-### Fixed
-- Nothing.
-
-## 0.6.1 - 2019-03-07
-
-### Added
-- Return `email` and `email_verified` keys in response.
-
-### Deprecated
-- Nothing.
-
-### Removed
-- Nothing.
-
-### Fixed
-- Nothing.
-
## 0.6.0 - 2018-12-28
### Added
@@ -112,7 +12,6 @@ All notable changes to this project will be documented in this file.
### Removed
- Support for JWT 1.x.
- Support for `raw_friend_info` and `raw_image_info`.
-- Stop using Google+ API endpoints.
### Fixed
- Nothing.
diff --git a/vendor/gems/omniauth-google-oauth2/Gemfile.lock b/vendor/gems/omniauth-google-oauth2/Gemfile.lock
index 6c3f5ff3f68ac78e7ac92d0e984b2afb8d2d689d..a7f71e0a3767c24c4da5c16fbcb229a65f69da66 100644
--- a/vendor/gems/omniauth-google-oauth2/Gemfile.lock
+++ b/vendor/gems/omniauth-google-oauth2/Gemfile.lock
@@ -1,11 +1,10 @@
PATH
remote: .
specs:
- omniauth-google-oauth2 (1.0.1)
+ omniauth-google-oauth2 (0.6.0)
jwt (>= 2.0)
- oauth2 (~> 2.0)
- omniauth (~> 2.0)
- omniauth-oauth2 (~> 1.7.1)
+ omniauth (>= 1.9, < 3)
+ omniauth-oauth2 (>= 1.5)
GEM
remote: https://rubygems.org/
@@ -26,10 +25,9 @@ GEM
rack (>= 1.2, < 3)
rash_alt (>= 0.4, < 1)
version_gem (~> 1.0)
- omniauth (2.1.0)
+ omniauth (1.9.2)
hashie (>= 3.4.6)
- rack (>= 2.2.3)
- rack-protection
+ rack (>= 1.6.2, < 3)
omniauth-oauth2 (1.7.3)
oauth2 (>= 1.4, < 3)
omniauth (>= 1.9, < 3)
@@ -37,8 +35,6 @@ GEM
parser (3.1.2.0)
ast (~> 2.4.1)
rack (2.2.4)
- rack-protection (2.2.2)
- rack
rainbow (3.1.1)
rake (12.3.3)
rash_alt (0.4.12)
diff --git a/vendor/gems/omniauth-google-oauth2/README.md b/vendor/gems/omniauth-google-oauth2/README.md
index 80c611392cab4da7074a17726ea507f811f71737..5d811693a60740b1318c85417983e639888b9af0 100644
--- a/vendor/gems/omniauth-google-oauth2/README.md
+++ b/vendor/gems/omniauth-google-oauth2/README.md
@@ -1,4 +1,5 @@
[](https://badge.fury.io/rb/omniauth-google-oauth2)
+[](https://travis-ci.org/zquestz/omniauth-google-oauth2)
# OmniAuth Google OAuth2 Strategy
@@ -33,7 +34,6 @@ Here's an example for adding the middleware to a Rails app in `config/initialize
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end
-OmniAuth.config.allowed_request_methods = %i[get]
```
You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
@@ -54,10 +54,10 @@ You can configure several options, which you pass in to the `provider` method vi
* `prompt`: A space-delimited list of string values that determines whether the user is re-prompted for authentication and/or consent. Possible values are:
* `none`: No authentication or consent pages will be displayed; it will return an error if the user is not already authenticated and has not pre-configured consent for the requested scopes. This can be used as a method to check for existing authentication and/or consent.
- * `consent`: The user will always be prompted for consent, even if they have previously allowed access a given set of scopes.
+ * `consent`: The user will always be prompted for consent, even if he has previously allowed access a given set of scopes.
* `select_account`: The user will always be prompted to select a user account. This allows a user who has multiple current account sessions to select one amongst them.
- If no value is specified, the user only sees the authentication page if they are not logged in and only sees the consent page the first time they authorize a given set of scopes.
+ If no value is specified, the user only sees the authentication page if he is not logged in and only sees the consent page the first time he authorizes a given set of scopes.
* `image_aspect_ratio`: The shape of the user's profile picture. Possible values are:
* `original`: Picture maintains its original aspect ratio.
@@ -73,7 +73,7 @@ You can configure several options, which you pass in to the `provider` method vi
* `hd`: (Optional) Limit sign-in to a particular Google Apps hosted domain. This can be simply string `'domain.com'` or an array `%w(domain.com domain.co)`. More information at: https://developers.google.com/accounts/docs/OpenIDConnect#hd-param
-* `jwt_leeway`: Number of seconds passed to the JWT library as leeway. Defaults to 60 seconds. Note this only works if you use jwt 2.1, as the leeway option was removed in later versions.
+* `jwt_leeway`: Number of seconds passed to the JWT library as leeway. Defaults to 60 seconds.
* `skip_jwt`: Skip JWT processing. This is for users who are seeing JWT decoding errors with the `iat` field. Always try adjusting the leeway before disabling JWT processing.
@@ -81,11 +81,9 @@ You can configure several options, which you pass in to the `provider` method vi
* `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental Authorization](https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth) for additional details.
-* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `['extra']['id_info']` in the authentication hash with the value of the user's OpenID ID URL.
+* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `[:extra][:id_info]` in the authentication hash with the value of the user's OpenID ID URL.
-* `provider_ignores_state`: You will need to set this to `true` when using the `One-time Code Flow` below. In this flow there is no server side redirect that would set the state.
-
-Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select their account when logging in and the user's profile picture is returned as a thumbnail:
+Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select his account when logging in and the user's profile picture is returned as a thumbnail:
```ruby
Rails.application.config.middleware.use OmniAuth::Builder do
@@ -178,8 +176,6 @@ devise :omniauthable, omniauth_providers: [:google_oauth2]
Then make sure your callbacks controller is setup.
```ruby
-# app/controllers/users/omniauth_callbacks_controller.rb:
-
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def google_oauth2
# You need to implement the method below in your model (e.g. app/models/user.rb)
@@ -189,7 +185,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Google'
sign_in_and_redirect @user, event: :authentication
else
- session['devise.google_data'] = request.env['omniauth.auth'].except('extra') # Removing extra as it can overflow some session stores
+ session['devise.google_data'] = request.env['omniauth.auth'].except(:extra) # Removing extra as it can overflow some session stores
redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n")
end
end
@@ -217,10 +213,6 @@ end
For your views you can login using:
```erb
-<%# omniauth-google-oauth2 1.0.x uses OmniAuth 2 and requires using HTTP Post to initiate authentication: %>
-<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path, method: :post %>
-
-<%# omniauth-google-oauth2 prior 1.0.0: %>
<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path %>
<%# Devise prior 4.1.0: %>
@@ -231,7 +223,7 @@ An overview is available at https://github.com/plataformatec/devise/wiki/OmniAut
### One-time Code Flow (Hybrid Authentication)
-Google describes the One-time Code Flow [here](https://developers.google.com/identity/sign-in/web/server-side-flow). This hybrid authentication flow has significant functional and security advantages over a pure server-side or pure client-side flow. The following steps occur in this flow:
+Google describes the One-time Code Flow [here](https://developers.google.com/+/web/signin/server-side-flow). This hybrid authentication flow has significant functional and security advantages over a pure server-side or pure client-side flow. The following steps occur in this flow:
1. The client (web browser) authenticates the user directly via Google's JS API. During this process assorted modals may be rendered by Google.
2. On successful authentication, Google returns a one-time use code, which requires the Google client secret (which is only available server-side).
@@ -240,7 +232,7 @@ Google describes the One-time Code Flow [here](https://developers.google.com/ide
This flow is immune to replay attacks, and conveys no useful information to a man in the middle.
-The omniauth-google-oauth2 gem supports this mode of operation when `provider_ignores_state` is set to `true`. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows.
+The omniauth-google-oauth2 gem supports this mode of operation out of the box. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows.
```javascript
// Basic hybrid auth example following the pattern at:
@@ -255,7 +247,7 @@ function init() {
// Ready.
$('.google-login-button').click(function(e) {
e.preventDefault();
-
+
gapi.auth2.authorize({
client_id: 'YOUR_CLIENT_ID',
cookie_policy: 'single_host_origin',
@@ -268,7 +260,7 @@ function init() {
success: function(data) {
// response from server
}
- });
+ });
} else {
// google authentication failed
}
@@ -288,66 +280,6 @@ In that case, ensure to send an additional parameter `redirect_uri=` (empty stri
If you're making POST requests to `/auth/google_oauth2/callback` from another domain, then you need to make sure `'X-Requested-With': 'XMLHttpRequest'` header is included with your request, otherwise your server might respond with `OAuth2::Error, : Invalid Value` error.
-#### Getting around the `redirect_uri_mismatch` error (See [Issue #365](https://github.com/zquestz/omniauth-google-oauth2/issues/365))
-
-If you are struggling with a persistent `redirect_uri_mismatch`, you can instead pass the `access_token` from [`getAuthResponse`](https://developers.google.com/identity/sign-in/web/reference#googleusergetauthresponseincludeauthorizationdata) directly to the `auth/google_oauth2/callback` endpoint, like so:
-
-```javascript
-// Initialize the GoogleAuth object
-let googleAuth;
-gapi.load('client:auth2', async () => {
- await gapi.client.init({ scope: '...', client_id: '...' });
- googleAuth = gapi.auth2.getAuthInstance();
-});
-
-// Call this when the Google Sign In button is clicked
-async function signInGoogle() {
- const googleUser = await googleAuth.signIn(); // wait for the user to authorize through the modal
- const { access_token } = googleUser.getAuthResponse();
-
- const data = new FormData();
- data.append('access_token', access_token);
-
- const response = await api.post('/auth/google_oauth2/callback', data)
- console.log(response);
-}
-```
-
-#### Using Axios
-If you're making a GET resquests from another domain using `access_token`.
-```
-axios
- .get(
- 'url(path to your callback}',
- { params: { access_token: 'token' } },
- headers....
- )
-```
-
-If you're making a POST resquests from another domain using `access_token`.
-```
-axios
- .post(
- 'url(path to your callback}',
- { access_token: 'token' },
- headers....
- )
-
---OR--
-
-axios
- .post(
- 'url(path to your callback}',
- null,
- {
- params: {
- access_token: 'token'
- },
- headers....
- }
- )
-```
-
## Fixing Protocol Mismatch for `redirect_uri` in Rails
Just set the `full_host` in OmniAuth based on the Rails.env.
diff --git a/vendor/gems/omniauth-google-oauth2/examples/Gemfile b/vendor/gems/omniauth-google-oauth2/examples/Gemfile
index ba019344a671cb351e51113c9e2fdb7fff6c8dc5..cd02ff9bf7db06073768f58d13e858529531f97e 100644
--- a/vendor/gems/omniauth-google-oauth2/examples/Gemfile
+++ b/vendor/gems/omniauth-google-oauth2/examples/Gemfile
@@ -2,7 +2,6 @@
source 'https://rubygems.org'
-gem 'omniauth-google-oauth2', '~> 0.8.1'
+gem 'omniauth-google-oauth2', '~> 0.5'
gem 'rubocop'
gem 'sinatra', '~> 1.4'
-gem 'webrick'
diff --git a/vendor/gems/omniauth-google-oauth2/examples/omni_auth.rb b/vendor/gems/omniauth-google-oauth2/examples/omni_auth.rb
index 0a94164d766df78565f01be91bab7cc1e6e2f787..127b62a9aaf005365659d134eb3b26d0b65d2773 100644
--- a/vendor/gems/omniauth-google-oauth2/examples/omni_auth.rb
+++ b/vendor/gems/omniauth-google-oauth2/examples/omni_auth.rb
@@ -10,10 +10,6 @@
#
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile'
- # Custom redirect_uri
- #
- # provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile', redirect_uri: 'https://localhost:3000/redirect'
-
# Manual setup for offline access with a refresh token.
#
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], access_type: 'offline'
diff --git a/vendor/gems/omniauth-google-oauth2/lib/omniauth/google_oauth2/version.rb b/vendor/gems/omniauth-google-oauth2/lib/omniauth/google_oauth2/version.rb
index 93ae5e9e9900c6cbdc0dc7b6940211628a6acb03..565fb5d66421f04f680a09f147eac5dc37fa52c0 100644
--- a/vendor/gems/omniauth-google-oauth2/lib/omniauth/google_oauth2/version.rb
+++ b/vendor/gems/omniauth-google-oauth2/lib/omniauth/google_oauth2/version.rb
@@ -2,6 +2,6 @@
module OmniAuth
module GoogleOauth2
- VERSION = '1.0.1'
+ VERSION = '0.6.0'
end
end
diff --git a/vendor/gems/omniauth-google-oauth2/lib/omniauth/strategies/google_oauth2.rb b/vendor/gems/omniauth-google-oauth2/lib/omniauth/strategies/google_oauth2.rb
index 4ce32eb80d1636b65aa5b1e74313feb17992f570..62e2d4462e58678e8400b0fec6a720de187005d4 100644
--- a/vendor/gems/omniauth-google-oauth2/lib/omniauth/strategies/google_oauth2.rb
+++ b/vendor/gems/omniauth-google-oauth2/lib/omniauth/strategies/google_oauth2.rb
@@ -1,7 +1,6 @@
# frozen_string_literal: true
require 'jwt'
-require 'oauth2'
require 'omniauth/strategies/oauth2'
require 'uri'
@@ -14,7 +13,6 @@ class GoogleOauth2 < OmniAuth::Strategies::OAuth2
BASE_SCOPES = %w[profile email openid].freeze
DEFAULT_SCOPE = 'email,profile'
USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
- IMAGE_SIZE_REGEXP = /(s\d+(-c)?)|(w\d+-h\d+(-c)?)|(w\d+(-c)?)|(h\d+(-c)?)|c/
option :name, 'google_oauth2'
option :skip_friends, true
@@ -49,8 +47,6 @@ def authorize_params
prune!(
name: raw_info['name'],
email: verified_email,
- unverified_email: raw_info['email'],
- email_verified: raw_info['email_verified'],
first_name: raw_info['given_name'],
last_name: raw_info['family_name'],
image: image_url,
@@ -60,11 +56,6 @@ def authorize_params
)
end
- credentials do
- # Tokens and expiration will be used from OAuth2 strategy credentials block
- prune!({ 'scope' => token_info(access_token.token)['scope'] })
- end
-
extra do
hash = {}
hash[:id_token] = access_token['id_token']
@@ -81,7 +72,7 @@ def authorize_params
verify_sub: false,
verify_expiration: true,
verify_not_before: true,
- verify_iat: false,
+ verify_iat: true,
verify_jti: false,
leeway: options[:jwt_leeway])
@@ -101,51 +92,31 @@ def custom_build_access_token
verify_hd(access_token)
access_token
end
-
alias build_access_token custom_build_access_token
private
def callback_url
- options[:redirect_uri] || (full_host + callback_path)
+ options[:redirect_uri] || (full_host + script_name + callback_path)
end
def get_access_token(request)
- verifier = request.params['code']
- redirect_uri = request.params['redirect_uri']
- access_token = request.params['access_token']
- if verifier && request.xhr?
- client_get_token(verifier, redirect_uri || 'postmessage')
- elsif verifier
- client_get_token(verifier, redirect_uri || callback_url)
- elsif access_token && verify_token(access_token)
+ if request.xhr? && request.params['code']
+ verifier = request.params['code']
+ redirect_uri = request.params['redirect_uri'] || 'postmessage'
+ client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
+ elsif request.params['code'] && request.params['redirect_uri']
+ verifier = request.params['code']
+ redirect_uri = request.params['redirect_uri']
+ client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
+ elsif verify_token(request.params['access_token'])
::OAuth2::AccessToken.from_hash(client, request.params.dup)
- elsif request.content_type =~ /json/i
- begin
- body = JSON.parse(request.body.read)
- request.body.rewind # rewind request body for downstream middlewares
- verifier = body && body['code']
- access_token = body && body['access_token']
- redirect_uri ||= body && body['redirect_uri']
- if verifier
- client_get_token(verifier, redirect_uri || 'postmessage')
- elsif verify_token(access_token)
- ::OAuth2::AccessToken.from_hash(client, body.dup)
- end
- rescue JSON::ParserError => e
- warn "[omniauth google-oauth2] JSON parse error=#{e}"
- end
+ else
+ verifier = request.params['code']
+ client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
end
end
- def client_get_token(verifier, redirect_uri)
- client.auth_code.get_token(verifier, get_token_options(redirect_uri), get_token_params)
- end
-
- def get_token_params
- deep_symbolize(options.auth_token_params || {})
- end
-
def get_scope(params)
raw_scope = params[:scope] || DEFAULT_SCOPE
scope_list = raw_scope.split(' ').map { |item| item.split(',') }.flatten
@@ -153,11 +124,7 @@ def get_scope(params)
scope_list.join(' ')
end
- def verified_email
- raw_info['email_verified'] ? raw_info['email'] : nil
- end
-
- def get_token_options(redirect_uri = '')
+ def get_token_options(redirect_uri)
{ redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
end
@@ -168,6 +135,10 @@ def prune!(hash)
end
end
+ def verified_email
+ raw_info['email_verified'] ? raw_info['email'] : nil
+ end
+
def image_url
return nil unless raw_info['picture']
@@ -178,10 +149,6 @@ def image_url
if path_index && image_size_opts_passed?
u.path.insert(path_index, image_params)
u.path = u.path.gsub('//', '/')
-
- # Check if the image is already sized!
- split_path = u.path.split('/')
- u.path = u.path.sub("/#{split_path[-3]}", '') if split_path[-3] =~ IMAGE_SIZE_REGEXP
end
u.query = strip_unnecessary_query_parameters(u.query)
@@ -220,21 +187,12 @@ def strip_unnecessary_query_parameters(query_parameters)
URI.encode_www_form(stripped_params)
end
- def token_info(access_token)
- return nil unless access_token
-
- @token_info ||= Hash.new do |h, k|
- h[k] = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo', params: { access_token: access_token }).parsed
- end
-
- @token_info[access_token]
- end
-
def verify_token(access_token)
return false unless access_token
- token_info = token_info(access_token)
- token_info['aud'] == options.client_id || options.authorized_client_ids.include?(token_info['aud'])
+ raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo',
+ params: { access_token: access_token }).parsed
+ raw_response['aud'] == options.client_id || options.authorized_client_ids.include?(raw_response['aud'])
end
def verify_hd(access_token)
diff --git a/vendor/gems/omniauth-google-oauth2/omniauth-google-oauth2.gemspec b/vendor/gems/omniauth-google-oauth2/omniauth-google-oauth2.gemspec
index a50d67bc9a0c2cdf19cc5fab5c4d3814fce45dbc..fb66d7ee282678a6e6eed10fbedcb8e5c9e60a28 100644
--- a/vendor/gems/omniauth-google-oauth2/omniauth-google-oauth2.gemspec
+++ b/vendor/gems/omniauth-google-oauth2/omniauth-google-oauth2.gemspec
@@ -15,15 +15,14 @@ Gem::Specification.new do |gem|
gem.email = ['quest@mac.com']
gem.homepage = 'https://github.com/zquestz/omniauth-google-oauth2'
- gem.files = Dir.glob("lib/**/*.*")
+ gem.files = Dir.glob("lib/**/*.*")
gem.require_paths = ['lib']
- gem.required_ruby_version = '>= 2.2'
+ gem.required_ruby_version = '>= 2.1'
gem.add_runtime_dependency 'jwt', '>= 2.0'
- gem.add_runtime_dependency 'oauth2', '~> 2.0'
- gem.add_runtime_dependency 'omniauth', '~> 2.0'
- gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.7.1'
+ gem.add_runtime_dependency 'omniauth', '>= 1.9', '< 3'
+ gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.5'
gem.add_development_dependency 'rake', '~> 12.0'
gem.add_development_dependency 'rspec', '~> 3.6'
diff --git a/vendor/gems/omniauth-google-oauth2/spec/omniauth/strategies/google_oauth2_spec.rb b/vendor/gems/omniauth-google-oauth2/spec/omniauth/strategies/google_oauth2_spec.rb
index 3a2bcf07e543316dc09c21f4d7b280e894b7ebfc..6bc6f6d9e955cd8e2e4c19299ef833f354f2f45e 100644
--- a/vendor/gems/omniauth-google-oauth2/spec/omniauth/strategies/google_oauth2_spec.rb
+++ b/vendor/gems/omniauth-google-oauth2/spec/omniauth/strategies/google_oauth2_spec.rb
@@ -3,7 +3,6 @@
require 'spec_helper'
require 'json'
require 'omniauth-google-oauth2'
-require 'stringio'
describe OmniAuth::Strategies::GoogleOauth2 do
let(:request) { double('Request', params: {}, cookies: {}, env: {}) }
@@ -178,8 +177,8 @@
describe 'scope' do
it 'should expand scope shortcuts' do
- @options = { scope: 'calendar' }
- expect(subject.authorize_params['scope']).to eq('https://www.googleapis.com/auth/calendar')
+ @options = { scope: 'plus.me' }
+ expect(subject.authorize_params['scope']).to eq('https://www.googleapis.com/auth/plus.me')
end
it 'should leave base scopes as is' do
@@ -289,92 +288,14 @@
end
end
- describe '#callback_url' do
- let(:base_url) { 'https://example.com' }
-
+ describe '#callback_path' do
it 'has the correct default callback path' do
- allow(subject).to receive(:full_host) { base_url }
- allow(subject).to receive(:script_name) { '' }
- expect(subject.send(:callback_url)).to eq(base_url + '/auth/google_oauth2/callback')
- end
-
- it 'should set the callback path with script_name if present' do
- allow(subject).to receive(:full_host) { base_url }
- allow(subject).to receive(:script_name) { '/v1' }
- expect(subject.send(:callback_url)).to eq(base_url + '/v1/auth/google_oauth2/callback')
+ expect(subject.callback_path).to eq('/auth/google_oauth2/callback')
end
it 'should set the callback_path parameter if present' do
@options = { callback_path: '/auth/foo/callback' }
- allow(subject).to receive(:full_host) { base_url }
- allow(subject).to receive(:script_name) { '' }
- expect(subject.send(:callback_url)).to eq(base_url + '/auth/foo/callback')
- end
- end
-
- describe '#info' do
- let(:client) do
- OAuth2::Client.new('abc', 'def') do |builder|
- builder.request :url_encoded
- builder.adapter :test do |stub|
- stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, response_hash.to_json] }
- end
- end
- end
- let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
- before { allow(subject).to receive(:access_token).and_return(access_token) }
-
- context 'with verified email' do
- let(:response_hash) do
- { email: 'something@domain.invalid', email_verified: true }
- end
-
- it 'should return equal email and unverified_email' do
- expect(subject.info[:email]).to eq('something@domain.invalid')
- expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
- end
- end
-
- context 'with unverified email' do
- let(:response_hash) do
- { email: 'something@domain.invalid', email_verified: false }
- end
-
- it 'should return nil email, and correct unverified email' do
- expect(subject.info[:email]).to eq(nil)
- expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
- end
- end
- end
-
- describe '#credentials' do
- let(:client) { OAuth2::Client.new('abc', 'def') }
- let(:access_token) { OAuth2::AccessToken.from_hash(client, access_token: 'valid_access_token', expires_at: 123_456_789, refresh_token: 'valid_refresh_token') }
- before(:each) do
- allow(subject).to receive(:access_token).and_return(access_token)
- subject.options.client_options[:connection_build] = proc do |builder|
- builder.request :url_encoded
- builder.adapter :test do |stub|
- stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do
- [200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
- aud: '000000000000.apps.googleusercontent.com',
- sub: '123456789',
- scope: 'profile email'
- )]
- end
- end
- end
- end
-
- it 'should return access token and (optionally) refresh token' do
- expect(subject.credentials.to_h).to \
- match(hash_including(
- 'token' => 'valid_access_token',
- 'refresh_token' => 'valid_refresh_token',
- 'scope' => 'profile email',
- 'expires_at' => 123_456_789,
- 'expires' => true
- ))
+ expect(subject.callback_path).to eq('/auth/foo/callback')
end
end
@@ -392,7 +313,7 @@
before { allow(subject).to receive(:access_token).and_return(access_token) }
describe 'id_token' do
- shared_examples 'id_token issued by valid issuer' do |issuer|
+ shared_examples 'id_token issued by valid issuer' do |issuer| # rubocop:disable Metrics/BlockLength
context 'when the id_token is passed into the access token' do
let(:token_info) do
{
@@ -505,12 +426,6 @@
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/s50/photo.jpg')
end
- it 'should return the image with size specified in the `image_size` option when sizing is in the picture' do
- @options = { image_size: 50 }
- allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh4.googleusercontent.com/url/s96-c/photo.jpg' } }
- expect(subject.info[:image]).to eq('https://lh4.googleusercontent.com/url/s50/photo.jpg')
- end
-
it 'should handle a picture with too many slashes correctly' do
@options = { image_size: 50 }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url//photo.jpg' } }
@@ -541,48 +456,24 @@
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40/photo.jpg')
end
- it 'should return the image with width and height specified in the `image_size` option when sizing is in the picture' do
- @options = { image_size: { width: 50, height: 40 } }
- allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/w100-h80-c/photo.jpg' } }
- expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40/photo.jpg')
- end
-
it 'should return square image when `image_aspect_ratio` is specified' do
@options = { image_aspect_ratio: 'square' }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/c/photo.jpg')
end
- it 'should return square image when `image_aspect_ratio` is specified and sizing is in the picture' do
- @options = { image_aspect_ratio: 'square' }
- allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/c/photo.jpg' } }
- expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/c/photo.jpg')
- end
-
it 'should return square sized image when `image_aspect_ratio` and `image_size` is set' do
@options = { image_aspect_ratio: 'square', image_size: 50 }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/s50-c/photo.jpg')
end
- it 'should return square sized image when `image_aspect_ratio` and `image_size` is set and sizing is in the picture' do
- @options = { image_aspect_ratio: 'square', image_size: 50 }
- allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/s90/photo.jpg' } }
- expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/s50-c/photo.jpg')
- end
-
it 'should return square sized image when `image_aspect_ratio` and `image_size` has height and width' do
@options = { image_aspect_ratio: 'square', image_size: { width: 50, height: 40 } }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40-c/photo.jpg')
end
- it 'should return square sized image when `image_aspect_ratio` and `image_size` has height and width and sizing is in the picture' do
- @options = { image_aspect_ratio: 'square', image_size: { width: 50, height: 40 } }
- allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/w100-h80/photo.jpg' } }
- expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40-c/photo.jpg')
- end
-
it 'should return original image if image url does not end in `photo.jpg`' do
@options = { image_size: 50 }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photograph.jpg' } }
@@ -656,58 +547,9 @@
expect(token.client).to eq(:client)
end
- it 'reads the code from a json request body' do
- body = StringIO.new(%({"code":"json_access_token"}))
- client = double(:client)
- auth_code = double(:auth_code)
-
- allow(request).to receive(:xhr?).and_return(false)
- allow(request).to receive(:content_type).and_return('application/json')
- allow(request).to receive(:body).and_return(body)
- allow(client).to receive(:auth_code).and_return(auth_code)
- expect(subject).to receive(:client).and_return(client)
-
- expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'postmessage' }, {})
-
- subject.build_access_token
- end
-
- it 'reads the redirect uri from a json request body' do
- body = StringIO.new(%({"code":"json_access_token", "redirect_uri":"sample"}))
- client = double(:client)
- auth_code = double(:auth_code)
-
- allow(request).to receive(:xhr?).and_return(false)
- allow(request).to receive(:content_type).and_return('application/json')
- allow(request).to receive(:body).and_return(body)
- allow(client).to receive(:auth_code).and_return(auth_code)
- expect(subject).to receive(:client).and_return(client)
-
- expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'sample' }, {})
-
- subject.build_access_token
- end
-
- it 'reads the access token from a json request body' do
- body = StringIO.new(%({"access_token":"valid_access_token"}))
-
- allow(request).to receive(:xhr?).and_return(false)
- allow(request).to receive(:content_type).and_return('application/json')
- allow(request).to receive(:body).and_return(body)
- expect(subject).to receive(:client).and_return(:client)
-
- expect(subject).to receive(:verify_token).with('valid_access_token').and_return true
-
- token = subject.build_access_token
- expect(token).to be_instance_of(::OAuth2::AccessToken)
- expect(token.token).to eq('valid_access_token')
- expect(token.client).to eq(:client)
- end
-
it 'should use callback_url without query_string if this is not an AJAX request' do
allow(request).to receive(:xhr?).and_return(false)
allow(request).to receive(:params).and_return('code' => 'valid_code')
- allow(request).to receive(:content_type).and_return('application/x-www-form-urlencoded')
client = double(:client)
auth_code = double(:auth_code)
diff --git a/vendor/gems/omniauth-salesforce/Gemfile.lock b/vendor/gems/omniauth-salesforce/Gemfile.lock
index 0317b16dd9f577ec6fd275f7354927b943bdc0c8..0eb983bcd76e882f12e40a85c0848a4629bbbac9 100644
--- a/vendor/gems/omniauth-salesforce/Gemfile.lock
+++ b/vendor/gems/omniauth-salesforce/Gemfile.lock
@@ -2,7 +2,7 @@ PATH
remote: .
specs:
omniauth-salesforce (1.0.5)
- omniauth (~> 2.0)
+ omniauth (~> 1.0, < 3)
omniauth-oauth2 (~> 1.0)
GEM
@@ -53,17 +53,16 @@ GEM
notiffany (0.1.3)
nenv (~> 0.1)
shellany (~> 0.0)
- oauth2 (2.0.3)
+ oauth2 (2.0.7)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
rash_alt (>= 0.4, < 1)
- version_gem (~> 1.0)
- omniauth (2.1.0)
+ version_gem (~> 1.1)
+ omniauth (1.9.2)
hashie (>= 3.4.6)
- rack (>= 2.2.3)
- rack-protection
+ rack (>= 1.6.2, < 3)
omniauth-oauth2 (1.7.3)
oauth2 (>= 1.4, < 3)
omniauth (>= 1.9, < 3)
@@ -72,8 +71,6 @@ GEM
method_source (~> 1.0)
public_suffix (5.0.0)
rack (2.2.4)
- rack-protection (2.2.2)
- rack
rack-test (2.0.2)
rack (>= 1.3)
rash_alt (0.4.12)
@@ -121,4 +118,4 @@ DEPENDENCIES
webmock
BUNDLED WITH
- 2.3.21
+ 2.3.20
diff --git a/vendor/gems/omniauth-salesforce/omniauth-salesforce.gemspec b/vendor/gems/omniauth-salesforce/omniauth-salesforce.gemspec
index 9c87746e9fd5f3e64ae05d9af1105b5e0d79ffb7..0b9cfbd73ff42196b9262315765c5af1d6271c0f 100755
--- a/vendor/gems/omniauth-salesforce/omniauth-salesforce.gemspec
+++ b/vendor/gems/omniauth-salesforce/omniauth-salesforce.gemspec
@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
gem.version = OmniAuth::Salesforce::VERSION
gem.license = "MIT"
- gem.add_dependency 'omniauth', '~> 2.0'
+ gem.add_dependency 'omniauth', '~> 1.0', '< 3'
gem.add_dependency 'omniauth-oauth2', '~> 1.0'
gem.add_development_dependency 'rspec', '~> 2.7'
gem.add_development_dependency 'rack-test'
diff --git a/vendor/gems/omniauth_crowd/Gemfile.lock b/vendor/gems/omniauth_crowd/Gemfile.lock
index 43518582535d5a298cec83c6062b40485d120768..56c9bd4cc7e61d00c37a721a5baafcc12be9eac5 100644
--- a/vendor/gems/omniauth_crowd/Gemfile.lock
+++ b/vendor/gems/omniauth_crowd/Gemfile.lock
@@ -4,7 +4,7 @@ PATH
omniauth_crowd (2.4.0)
activesupport
nokogiri (>= 1.4.4)
- omniauth (~> 2.0)
+ omniauth (~> 1.0, < 3)
GEM
remote: http://rubygems.org/
@@ -29,15 +29,12 @@ GEM
nokogiri (1.13.8)
mini_portile2 (~> 2.8.0)
racc (~> 1.4)
- omniauth (2.1.0)
+ omniauth (1.9.1)
hashie (>= 3.4.6)
- rack (>= 2.2.3)
- rack-protection
+ rack (>= 1.6.2, < 3)
public_suffix (4.0.7)
racc (1.6.0)
rack (2.2.4)
- rack-protection (2.2.2)
- rack
rack-test (2.0.2)
rack (>= 1.3)
rake (13.0.6)
diff --git a/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec b/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec
index dcbf403419feb19586c96a157508e40e4a8c29ff..1707c7f3f109f9ddc9315efd62d1f05274fe2b94 100644
--- a/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec
+++ b/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec
@@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
gem.require_paths = ["lib"]
gem.version = OmniAuth::Crowd::VERSION
- gem.add_runtime_dependency 'omniauth', '~> 2.0'
+ gem.add_runtime_dependency 'omniauth', '~> 1.0', '< 3'
gem.add_runtime_dependency 'nokogiri', '>= 1.4.4'
gem.add_runtime_dependency 'activesupport', '>= 0'
gem.add_development_dependency(%q<rack>, [">= 0"])