Hello community,
here is the log from the commit of package rubygem-omniauth-google-oauth2 for
openSUSE:Factory checked in at 2020-03-07 21:39:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-omniauth-google-oauth2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-omniauth-google-oauth2.new.26092
(New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-omniauth-google-oauth2"
Sat Mar 7 21:39:13 2020 rev:7 rq:773827 version:0.8.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-omniauth-google-oauth2/rubygem-omniauth-google-oauth2.changes
2019-08-06 15:10:12.427779527 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-omniauth-google-oauth2.new.26092/rubygem-omniauth-google-oauth2.changes
2020-03-07 21:39:20.756317013 +0100
@@ -1,0 +2,20 @@
+Mon Feb 10 15:19:32 UTC 2020 - Stephan Kulow <co...@suse.com>
+
+- updated to version 0.8.0
+ see installed CHANGELOG.md
+
+ ## 0.8.0 - 2019-08-21
+
+ ### Added
+ - Updated omniauth-oauth2 to v1.6.0 for security fixes.
+
+ ### Deprecated
+ - Nothing.
+
+ ### Removed
+ - Ruby 2.1 support.
+
+ ### Fixed
+ - Nothing.
+
+-------------------------------------------------------------------
Old:
----
omniauth-google-oauth2-0.7.0.gem
New:
----
omniauth-google-oauth2-0.8.0.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-omniauth-google-oauth2.spec ++++++
--- /var/tmp/diff_new_pack.xUikWK/_old 2020-03-07 21:39:21.292317375 +0100
+++ /var/tmp/diff_new_pack.xUikWK/_new 2020-03-07 21:39:21.296317377 +0100
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-omniauth-google-oauth2
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,15 +24,15 @@
#
Name: rubygem-omniauth-google-oauth2
-Version: 0.7.0
+Version: 0.8.0
Release: 0
%define mod_name omniauth-google-oauth2
%define mod_full_name %{mod_name}-%{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: %{ruby >= 2.1}
+BuildRequires: %{ruby >= 2.2}
BuildRequires: %{rubygem gem2rpm}
BuildRequires: ruby-macros >= 5
-Url: https://github.com/zquestz/omniauth-google-oauth2
+URL: https://github.com/zquestz/omniauth-google-oauth2
Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1: gem2rpm.yml
Summary: A Google OAuth2 strategy for OmniAuth 1.x
++++++ omniauth-google-oauth2-0.7.0.gem -> omniauth-google-oauth2-0.8.0.gem
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.travis.yml new/.travis.yml
--- old/.travis.yml 2019-06-03 20:05:11.000000000 +0200
+++ new/.travis.yml 2019-08-22 08:40:10.000000000 +0200
@@ -1,6 +1,5 @@
language: ruby
rvm:
- - '2.1.10'
- '2.2.7'
- '2.3.4'
- '2.4.1'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2019-06-03 20:05:11.000000000 +0200
+++ new/CHANGELOG.md 2019-08-22 08:40:10.000000000 +0200
@@ -1,6 +1,20 @@
# Changelog
All notable changes to this project will be documented in this file.
+## 0.8.0 - 2019-08-21
+
+### Added
+- Updated omniauth-oauth2 to v1.6.0 for security fixes.
+
+### Deprecated
+- Nothing.
+
+### Removed
+- Ruby 2.1 support.
+
+### Fixed
+- Nothing.
+
## 0.7.0 - 2019-06-03
### Added
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2019-06-03 20:05:11.000000000 +0200
+++ new/README.md 2019-08-22 08:40:10.000000000 +0200
@@ -73,7 +73,7 @@
* `hd`: (Optional) Limit sign-in to a particular Google Apps hosted domain.
This can be simply string `'domain.com'` or an array `%w(domain.com
domain.co)`. More information at:
https://developers.google.com/accounts/docs/OpenIDConnect#hd-param
-* `jwt_leeway`: Number of seconds passed to the JWT library as leeway.
Defaults to 60 seconds.
+* `jwt_leeway`: Number of seconds passed to the JWT library as leeway.
Defaults to 60 seconds. Note this only works if you use jwt 2.1, as the leeway
option was removed in later versions.
* `skip_jwt`: Skip JWT processing. This is for users who are seeing JWT
decoding errors with the `iat` field. Always try adjusting the leeway before
disabling JWT processing.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/examples/Gemfile new/examples/Gemfile
--- old/examples/Gemfile 2019-06-03 20:05:11.000000000 +0200
+++ new/examples/Gemfile 2019-08-22 08:40:10.000000000 +0200
@@ -2,6 +2,6 @@
source 'https://rubygems.org'
-gem 'omniauth-google-oauth2', '~> 0.6.1'
+gem 'omniauth-google-oauth2', '~> 0.8.0'
gem 'rubocop'
gem 'sinatra', '~> 1.4'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/omniauth/google_oauth2/version.rb
new/lib/omniauth/google_oauth2/version.rb
--- old/lib/omniauth/google_oauth2/version.rb 2019-06-03 20:05:11.000000000
+0200
+++ new/lib/omniauth/google_oauth2/version.rb 2019-08-22 08:40:10.000000000
+0200
@@ -2,6 +2,6 @@
module OmniAuth
module GoogleOauth2
- VERSION = '0.7.0'
+ VERSION = '0.8.0'
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/omniauth/strategies/google_oauth2.rb
new/lib/omniauth/strategies/google_oauth2.rb
--- old/lib/omniauth/strategies/google_oauth2.rb 2019-06-03
20:05:11.000000000 +0200
+++ new/lib/omniauth/strategies/google_oauth2.rb 2019-08-22
08:40:10.000000000 +0200
@@ -94,6 +94,7 @@
verify_hd(access_token)
access_token
end
+
alias build_access_token custom_build_access_token
private
@@ -103,14 +104,12 @@
end
def get_access_token(request)
- if request.xhr? && request.params['code']
- verifier = request.params['code']
- redirect_uri = request.params['redirect_uri'] || 'postmessage'
- client.auth_code.get_token(verifier,
get_token_options(redirect_uri), deep_symbolize(options.auth_token_params ||
{}))
- elsif request.params['code'] && request.params['redirect_uri']
- verifier = request.params['code']
- redirect_uri = request.params['redirect_uri']
- client.auth_code.get_token(verifier,
get_token_options(redirect_uri), deep_symbolize(options.auth_token_params ||
{}))
+ verifier = request.params['code']
+ redirect_uri = request.params['redirect_uri']
+ if verifier && request.xhr?
+ client_get_token(verifier, redirect_uri || 'postmessage')
+ elsif verifier
+ client_get_token(verifier, redirect_uri || callback_url)
elsif verify_token(request.params['access_token'])
::OAuth2::AccessToken.from_hash(client, request.params.dup)
elsif request.content_type =~ /json/i
@@ -118,19 +117,21 @@
body = JSON.parse(request.body.read)
request.body.rewind # rewind request body for downstream
middlewares
verifier = body && body['code']
- if verifier
- redirect_uri = 'postmessage'
- client.auth_code.get_token(verifier,
get_token_options(redirect_uri), deep_symbolize(options.auth_token_params ||
{}))
- end
+ client_get_token(verifier, 'postmessage') if verifier
rescue JSON::ParserError => e
warn "[omniauth google-oauth2] JSON parse error=#{e}"
end
- else
- verifier = request.params['code']
- client.auth_code.get_token(verifier,
get_token_options(callback_url), deep_symbolize(options.auth_token_params))
end
end
+ def client_get_token(verifier, redirect_uri)
+ client.auth_code.get_token(verifier, get_token_options(redirect_uri),
get_token_params)
+ end
+
+ def get_token_params
+ deep_symbolize(options.auth_token_params || {})
+ end
+
def get_scope(params)
raw_scope = params[:scope] || DEFAULT_SCOPE
scope_list = raw_scope.split(' ').map { |item| item.split(',')
}.flatten
@@ -142,7 +143,7 @@
raw_info['email_verified'] ? raw_info['email'] : nil
end
- def get_token_options(redirect_uri)
+ def get_token_options(redirect_uri = '')
{ redirect_uri: redirect_uri
}.merge(token_params.to_hash(symbolize_keys: true))
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2019-06-03 20:05:11.000000000 +0200
+++ new/metadata 2019-08-22 08:40:10.000000000 +0200
@@ -1,7 +1,7 @@
--- !ruby/object:Gem::Specification
name: omniauth-google-oauth2
version: !ruby/object:Gem::Version
- version: 0.7.0
+ version: 0.8.0
platform: ruby
authors:
- Josh Ellithorpe
@@ -9,7 +9,7 @@
autorequire:
bindir: bin
cert_chain: []
-date: 2019-06-03 00:00:00.000000000 Z
+date: 2019-08-22 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: jwt
@@ -45,14 +45,14 @@
requirements:
- - ">="
- !ruby/object:Gem::Version
- version: '1.5'
+ version: '1.6'
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
- version: '1.5'
+ version: '1.6'
- !ruby/object:Gem::Dependency
name: rake
requirement: !ruby/object:Gem::Requirement
@@ -133,14 +133,15 @@
requirements:
- - ">="
- !ruby/object:Gem::Version
- version: '2.1'
+ version: '2.2'
required_rubygems_version: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.0.3
+rubyforge_project:
+rubygems_version: 2.7.9
signing_key:
specification_version: 4
summary: A Google OAuth2 strategy for OmniAuth 1.x
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/omniauth-google-oauth2.gemspec
new/omniauth-google-oauth2.gemspec
--- old/omniauth-google-oauth2.gemspec 2019-06-03 20:05:11.000000000 +0200
+++ new/omniauth-google-oauth2.gemspec 2019-08-22 08:40:10.000000000 +0200
@@ -18,11 +18,11 @@
gem.files = `git ls-files`.split("\n")
gem.require_paths = ['lib']
- gem.required_ruby_version = '>= 2.1'
+ gem.required_ruby_version = '>= 2.2'
gem.add_runtime_dependency 'jwt', '>= 2.0'
gem.add_runtime_dependency 'omniauth', '>= 1.1.1'
- gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.5'
+ gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.6'
gem.add_development_dependency 'rake', '~> 12.0'
gem.add_development_dependency 'rspec', '~> 3.6'
