From a942025ff4163ec6e45748e69268aa1dc6ad110b Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sat, 21 Jan 2023 22:41:30 -0800
Subject: [PATCH] Switch to upstream omniauth_openid_connect gem

We forked the original gem a while ago into to fix a number of issues
and add a number of features.

Since then we've upstreamed all the changes into the
omniauth_openid_connect repository. In addition, the upstream project
has added PKCE support and has other contributors.

This commit locks the openid_connect gem to v1.3.0 since upgrading
past that version pulls in an updated net-smtp, which cannot be used
with Ruby 2.7 due to https://bugs.ruby-lang.org/issues/17761.  See
https://docs.gitlab.com/ee/development/emails.html#rationale for more
details.

Relates to
https://gitlab.com/gitlab-org/ruby/gems/gitlab-omniauth-openid-connect/-/issues/5

Changelog: changed
---
 Gemfile          |  5 ++++-
 Gemfile.checksum |  2 +-
 Gemfile.lock     | 10 +++++-----
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index 6136829299741..4a8d7cf05e794 100644
--- a/Gemfile
+++ b/Gemfile
@@ -73,7 +73,10 @@ gem 'omniauth-shibboleth', '~> 1.3.0'
 gem 'omniauth-twitter', '~> 1.4'
 gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md
 gem 'omniauth-authentiq', '~> 0.3.3'
-gem 'gitlab-omniauth-openid-connect', '~> 0.10.0', require: 'omniauth_openid_connect'
+gem 'omniauth_openid_connect', '~> 0.6.0'
+# Locked until Ruby 3.0 upgrade since upgrading will pull in an updated net-smtp gem.
+# See https://docs.gitlab.com/ee/development/emails.html#rationale.
+gem 'openid_connect', '= 1.3.0'
 gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md
 gem 'omniauth-atlassian-oauth2', '~> 0.2.0'
 gem 'rack-oauth2', '~> 1.21.3'
diff --git a/Gemfile.checksum b/Gemfile.checksum
index c75e1530c471b..7c972b2f1d932 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -209,7 +209,6 @@
 {"name":"gitlab-mail_room","version":"0.0.9","platform":"ruby","checksum":"6700374b5c0aa9d9ad4e711aeb677f0b7d415a6d01d3baa699efab25349d851c"},
 {"name":"gitlab-markup","version":"1.8.1","platform":"ruby","checksum":"ab1f9fd016977497c2af25b76341dea670533014f406861834a0bd99f646707b"},
 {"name":"gitlab-net-dns","version":"0.9.1","platform":"ruby","checksum":"bcd1a08dcb31b731e8ff602d828de619d2d9f53f5812f6abacf11c720873d4cb"},
-{"name":"gitlab-omniauth-openid-connect","version":"0.10.0","platform":"ruby","checksum":"ea44a23ea93457057bba6a9912e883f5aefab36a941c6c58512c8a7095fb1153"},
 {"name":"gitlab-sidekiq-fetcher","version":"0.9.0","platform":"ruby","checksum":"54041aec059f20c8e6dfce394e1b60e0c0a9c7cef32da912a58abbd333e13897"},
 {"name":"gitlab-styles","version":"9.2.0","platform":"ruby","checksum":"7106e7fb2de01f0c4a8d074ccff5c1f37502eab98cc51c8b5dd72a081785cea4"},
 {"name":"gitlab_chronic_duration","version":"0.10.6.2","platform":"ruby","checksum":"6dda4cfe7dca9b958f163ac8835c3d9cc70cf8df8cbb89bb2fbf9ba4375105fb"},
@@ -400,6 +399,7 @@
 {"name":"omniauth-saml","version":"2.0.0","platform":"ruby","checksum":"02594fd6630de26a9e65a2e64223e9ad32324fa97a6c7f1f22a1553ea3dd44c7"},
 {"name":"omniauth-shibboleth","version":"1.3.0","platform":"ruby","checksum":"b0bb725ced5cb76fbfc187ddbb8ad6864d0cd5df714cab36a528df8ee4b1d113"},
 {"name":"omniauth-twitter","version":"1.4.0","platform":"ruby","checksum":"c5cc6c77cd767745ffa9ebbd5fbd694a3fa99d1d2d82a4d7def0bf3b6131b264"},
+{"name":"omniauth_openid_connect","version":"0.6.0","platform":"ruby","checksum":"b8e48ca67fdea2dff56cc161855b88707a290ae01125149dbe0f8c94e818cfd3"},
 {"name":"open4","version":"1.3.4","platform":"ruby","checksum":"a1df037310624ecc1ea1d81264b11c83e96d0c3c1c6043108d37d396dcd0f4b1"},
 {"name":"openid_connect","version":"1.3.0","platform":"ruby","checksum":"a796855096850cc01140e37ea6ae9fd14f2be818b9b5bc698418063dfe228770"},
 {"name":"openssl","version":"2.2.2","platform":"ruby","checksum":"53f72382bac046c36c37049c7ec9d5597d42628d140b5cfbcd61e0226c0ca077"},
diff --git a/Gemfile.lock b/Gemfile.lock
index 3b65e2b4061c3..7f4ecb8ea596d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -594,10 +594,6 @@ GEM
     gitlab-mail_room (0.0.9)
     gitlab-markup (1.8.1)
     gitlab-net-dns (0.9.1)
-    gitlab-omniauth-openid-connect (0.10.0)
-      addressable (~> 2.7)
-      omniauth (>= 1.9, < 3)
-      openid_connect (~> 1.2)
     gitlab-sidekiq-fetcher (0.9.0)
       json (>= 2.5)
       sidekiq (~> 6.1)
@@ -1020,6 +1016,9 @@ GEM
     omniauth-twitter (1.4.0)
       omniauth-oauth (~> 1.1)
       rack
+    omniauth_openid_connect (0.6.0)
+      omniauth (>= 1.9, < 3)
+      openid_connect (~> 1.1)
     open4 (1.3.4)
     openid_connect (1.3.0)
       activemodel
@@ -1674,7 +1673,6 @@ DEPENDENCIES
   gitlab-mail_room (~> 0.0.9)
   gitlab-markup (~> 1.8.0)
   gitlab-net-dns (~> 0.9.1)
-  gitlab-omniauth-openid-connect (~> 0.10.0)
   gitlab-sidekiq-fetcher (= 0.9.0)
   gitlab-styles (~> 9.2.0)
   gitlab_chronic_duration (~> 0.10.6.2)
@@ -1765,6 +1763,8 @@ DEPENDENCIES
   omniauth-shibboleth (~> 1.3.0)
   omniauth-twitter (~> 1.4)
   omniauth_crowd (~> 2.4.0)!
+  omniauth_openid_connect (~> 0.6.0)
+  openid_connect (= 1.3.0)
   openssl (= 2.2.2)
   org-ruby (~> 0.9.12)
   pact (~> 1.63)
-- 
GitLab