diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-18 08:17:02 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-18 08:17:02 +0000 |
| commit | b39512ed755239198a9c294b6a45e65c05900235 (patch) | |
| tree | d234a3efade1de67c46b9e5a38ce813627726aa7 /vendor | |
| parent | d31474cf3b17ece37939d20082b07f6657cc79a9 (diff) | |
| download | gitlab-ce-b39512ed755239198a9c294b6a45e65c05900235.tar.gz | |
Add latest changes from gitlab-org/gitlab@15-3-stable-eev15.3.0-rc42
Diffstat (limited to 'vendor')
52 files changed, 2132 insertions, 75 deletions
diff --git a/vendor/gems/devise-pbkdf2-encryptable/.gitlab-ci.yml b/vendor/gems/devise-pbkdf2-encryptable/.gitlab-ci.yml index a2517953178..ed5e27f5a8c 100644 --- a/vendor/gems/devise-pbkdf2-encryptable/.gitlab-ci.yml +++ b/vendor/gems/devise-pbkdf2-encryptable/.gitlab-ci.yml @@ -13,6 +13,8 @@ workflow: - gem install bundler --no-document # Bundler is not installed with the image - bundle config set --local path 'vendor' # Install dependencies into ./vendor/ruby - bundle config set with 'development' + - bundle config set --local frozen 'true' # Disallow Gemfile.lock changes on CI + - bundle config # Show bundler configuration - bundle install -j $(nproc) script: - bundle exec rspec diff --git a/vendor/gems/error_tracking_open_api/README.md b/vendor/gems/error_tracking_open_api/README.md index 18757e2e183..1d7c3df8526 100644 --- a/vendor/gems/error_tracking_open_api/README.md +++ b/vendor/gems/error_tracking_open_api/README.md @@ -1,4 +1,4 @@ -# Generated by `rake gems:error_tracking_open_api:generate` on 2022-07-14 +# Generated by `rake gems:error_tracking_open_api:generate` on 2022-07-18 See https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/rake_tasks.md#update-openapi-client-for-error-tracking-feature @@ -60,6 +60,14 @@ Please follow the [installation](#installation) procedure and then run the follo # Load the gem require 'error_tracking_open_api' +# Setup authorization +ErrorTrackingOpenAPI.configure do |config| + # Configure API key authorization: internalToken + config.api_key['internalToken'] = 'YOUR API KEY' + # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil) + # config.api_key_prefix['internalToken'] = 'Bearer' +end + api_instance = ErrorTrackingOpenAPI::ErrorsApi.new project_id = 56 # Integer | ID of the project where the error was created fingerprint = 56 # Integer | ID of the error that needs to be updated deleted @@ -99,5 +107,11 @@ Class | Method | HTTP request | Description ## Documentation for Authorization - All endpoints do not require authorization. + +### internalToken + + +- **Type**: API key +- **API key parameter name**: Gitlab-Error-Tracking-Token +- **Location**: HTTP header diff --git a/vendor/gems/error_tracking_open_api/docs/ErrorsApi.md b/vendor/gems/error_tracking_open_api/docs/ErrorsApi.md index 79d0c2a46de..b9b7d2f6421 100644 --- a/vendor/gems/error_tracking_open_api/docs/ErrorsApi.md +++ b/vendor/gems/error_tracking_open_api/docs/ErrorsApi.md @@ -21,6 +21,13 @@ Get information about the error ```ruby require 'time' require 'error_tracking_open_api' +# setup authorization +ErrorTrackingOpenAPI.configure do |config| + # Configure API key authorization: internalToken + config.api_key['internalToken'] = 'YOUR API KEY' + # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil) + # config.api_key_prefix['internalToken'] = 'Bearer' +end api_instance = ErrorTrackingOpenAPI::ErrorsApi.new project_id = 56 # Integer | ID of the project where the error was created @@ -66,7 +73,7 @@ end ### Authorization -No authorization required +[internalToken](../README.md#internalToken) ### HTTP request headers @@ -85,6 +92,13 @@ List of errors ```ruby require 'time' require 'error_tracking_open_api' +# setup authorization +ErrorTrackingOpenAPI.configure do |config| + # Configure API key authorization: internalToken + config.api_key['internalToken'] = 'YOUR API KEY' + # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil) + # config.api_key_prefix['internalToken'] = 'Bearer' +end api_instance = ErrorTrackingOpenAPI::ErrorsApi.new project_id = 56 # Integer | ID of the project where the error was created @@ -140,7 +154,7 @@ end ### Authorization -No authorization required +[internalToken](../README.md#internalToken) ### HTTP request headers @@ -159,6 +173,13 @@ Get information about the events related to the error ```ruby require 'time' require 'error_tracking_open_api' +# setup authorization +ErrorTrackingOpenAPI.configure do |config| + # Configure API key authorization: internalToken + config.api_key['internalToken'] = 'YOUR API KEY' + # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil) + # config.api_key_prefix['internalToken'] = 'Bearer' +end api_instance = ErrorTrackingOpenAPI::ErrorsApi.new project_id = 56 # Integer | ID of the project where the error was created @@ -212,7 +233,7 @@ end ### Authorization -No authorization required +[internalToken](../README.md#internalToken) ### HTTP request headers @@ -231,6 +252,13 @@ Update the status of the error ```ruby require 'time' require 'error_tracking_open_api' +# setup authorization +ErrorTrackingOpenAPI.configure do |config| + # Configure API key authorization: internalToken + config.api_key['internalToken'] = 'YOUR API KEY' + # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil) + # config.api_key_prefix['internalToken'] = 'Bearer' +end api_instance = ErrorTrackingOpenAPI::ErrorsApi.new project_id = 56 # Integer | ID of the project where the error was created @@ -278,7 +306,7 @@ end ### Authorization -No authorization required +[internalToken](../README.md#internalToken) ### HTTP request headers diff --git a/vendor/gems/error_tracking_open_api/docs/EventsApi.md b/vendor/gems/error_tracking_open_api/docs/EventsApi.md index 3b4586be611..a9882fac515 100644 --- a/vendor/gems/error_tracking_open_api/docs/EventsApi.md +++ b/vendor/gems/error_tracking_open_api/docs/EventsApi.md @@ -20,6 +20,13 @@ Get information about the events related to the error ```ruby require 'time' require 'error_tracking_open_api' +# setup authorization +ErrorTrackingOpenAPI.configure do |config| + # Configure API key authorization: internalToken + config.api_key['internalToken'] = 'YOUR API KEY' + # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil) + # config.api_key_prefix['internalToken'] = 'Bearer' +end api_instance = ErrorTrackingOpenAPI::EventsApi.new project_id = 56 # Integer | ID of the project where the error was created @@ -73,7 +80,7 @@ end ### Authorization -No authorization required +[internalToken](../README.md#internalToken) ### HTTP request headers @@ -92,6 +99,13 @@ Ingestion endpoint for error events sent from client SDKs ```ruby require 'time' require 'error_tracking_open_api' +# setup authorization +ErrorTrackingOpenAPI.configure do |config| + # Configure API key authorization: internalToken + config.api_key['internalToken'] = 'YOUR API KEY' + # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil) + # config.api_key_prefix['internalToken'] = 'Bearer' +end api_instance = ErrorTrackingOpenAPI::EventsApi.new project_id = 56 # Integer | ID of the project where the error was created @@ -135,7 +149,7 @@ end ### Authorization -No authorization required +[internalToken](../README.md#internalToken) ### HTTP request headers @@ -154,6 +168,13 @@ Ingestion endpoint for error events sent from client SDKs ```ruby require 'time' require 'error_tracking_open_api' +# setup authorization +ErrorTrackingOpenAPI.configure do |config| + # Configure API key authorization: internalToken + config.api_key['internalToken'] = 'YOUR API KEY' + # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil) + # config.api_key_prefix['internalToken'] = 'Bearer' +end api_instance = ErrorTrackingOpenAPI::EventsApi.new project_id = 56 # Integer | ID of the project where the error was created @@ -197,7 +218,7 @@ end ### Authorization -No authorization required +[internalToken](../README.md#internalToken) ### HTTP request headers diff --git a/vendor/gems/error_tracking_open_api/docs/ProjectsApi.md b/vendor/gems/error_tracking_open_api/docs/ProjectsApi.md index e6397b23f8f..adcb4a84ad9 100644 --- a/vendor/gems/error_tracking_open_api/docs/ProjectsApi.md +++ b/vendor/gems/error_tracking_open_api/docs/ProjectsApi.md @@ -18,6 +18,13 @@ Deletes all project related data. Mostly for testing purposes and later for prod ```ruby require 'time' require 'error_tracking_open_api' +# setup authorization +ErrorTrackingOpenAPI.configure do |config| + # Configure API key authorization: internalToken + config.api_key['internalToken'] = 'YOUR API KEY' + # Uncomment the following line to set a prefix for the API key, e.g. 'Bearer' (defaults to nil) + # config.api_key_prefix['internalToken'] = 'Bearer' +end api_instance = ErrorTrackingOpenAPI::ProjectsApi.new id = 56 # Integer | ID of the project @@ -60,7 +67,7 @@ nil (empty response body) ### Authorization -No authorization required +[internalToken](../README.md#internalToken) ### HTTP request headers diff --git a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/errors_api.rb b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/errors_api.rb index f21d3c51baf..992d37abb6c 100644 --- a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/errors_api.rb +++ b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/errors_api.rb @@ -67,7 +67,7 @@ module ErrorTrackingOpenAPI return_type = opts[:debug_return_type] || 'Error' # auth_names - auth_names = opts[:debug_auth_names] || [] + auth_names = opts[:debug_auth_names] || ['internalToken'] new_options = opts.merge( :operation => :"ErrorsApi.get_error", @@ -159,7 +159,7 @@ module ErrorTrackingOpenAPI return_type = opts[:debug_return_type] || 'Array<Error>' # auth_names - auth_names = opts[:debug_auth_names] || [] + auth_names = opts[:debug_auth_names] || ['internalToken'] new_options = opts.merge( :operation => :"ErrorsApi.list_errors", @@ -247,7 +247,7 @@ module ErrorTrackingOpenAPI return_type = opts[:debug_return_type] || 'Array<ErrorEvent>' # auth_names - auth_names = opts[:debug_auth_names] || [] + auth_names = opts[:debug_auth_names] || ['internalToken'] new_options = opts.merge( :operation => :"ErrorsApi.list_events", @@ -325,7 +325,7 @@ module ErrorTrackingOpenAPI return_type = opts[:debug_return_type] || 'Error' # auth_names - auth_names = opts[:debug_auth_names] || [] + auth_names = opts[:debug_auth_names] || ['internalToken'] new_options = opts.merge( :operation => :"ErrorsApi.update_error", diff --git a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/events_api.rb b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/events_api.rb index 49e2af7bb64..48e9375b266 100644 --- a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/events_api.rb +++ b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/events_api.rb @@ -88,7 +88,7 @@ module ErrorTrackingOpenAPI return_type = opts[:debug_return_type] || 'Array<ErrorEvent>' # auth_names - auth_names = opts[:debug_auth_names] || [] + auth_names = opts[:debug_auth_names] || ['internalToken'] new_options = opts.merge( :operation => :"EventsApi.list_events", @@ -149,7 +149,7 @@ module ErrorTrackingOpenAPI return_type = opts[:debug_return_type] || 'ErrorEvent' # auth_names - auth_names = opts[:debug_auth_names] || [] + auth_names = opts[:debug_auth_names] || ['internalToken'] new_options = opts.merge( :operation => :"EventsApi.projects_api_project_id_envelope_post", @@ -210,7 +210,7 @@ module ErrorTrackingOpenAPI return_type = opts[:debug_return_type] || 'ErrorEvent' # auth_names - auth_names = opts[:debug_auth_names] || [] + auth_names = opts[:debug_auth_names] || ['internalToken'] new_options = opts.merge( :operation => :"EventsApi.projects_api_project_id_store_post", diff --git a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/projects_api.rb b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/projects_api.rb index 15ebe6efc35..781b1a17512 100644 --- a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/projects_api.rb +++ b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api/projects_api.rb @@ -59,7 +59,7 @@ module ErrorTrackingOpenAPI return_type = opts[:debug_return_type] # auth_names - auth_names = opts[:debug_auth_names] || [] + auth_names = opts[:debug_auth_names] || ['internalToken'] new_options = opts.merge( :operation => :"ProjectsApi.delete_project", diff --git a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api_client.rb b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api_client.rb index e2dedf57925..02118a56a3a 100644 --- a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api_client.rb +++ b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/api_client.rb @@ -95,6 +95,7 @@ module ErrorTrackingOpenAPI form_params = opts[:form_params] || {} follow_location = opts[:follow_location] || true + update_params_for_auth! header_params, query_params, opts[:auth_names] # set ssl_verifyhosts option based on @config.verify_ssl_host (true/false) _verify_ssl_host = @config.verify_ssl_host ? 2 : 0 diff --git a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/configuration.rb b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/configuration.rb index c27c0aa3bb9..6855082c17b 100644 --- a/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/configuration.rb +++ b/vendor/gems/error_tracking_open_api/lib/error_tracking_open_api/configuration.rb @@ -216,6 +216,13 @@ module ErrorTrackingOpenAPI # Returns Auth Settings hash for api client. def auth_settings { + 'internalToken' => + { + type: 'api_key', + in: 'header', + key: 'Gitlab-Error-Tracking-Token', + value: api_key_with_prefix('internalToken') + }, } end diff --git a/vendor/gems/ipynbdiff/.gitlab-ci.yml b/vendor/gems/ipynbdiff/.gitlab-ci.yml index 7b0c9df6cd9..bf8f8b15c26 100644 --- a/vendor/gems/ipynbdiff/.gitlab-ci.yml +++ b/vendor/gems/ipynbdiff/.gitlab-ci.yml @@ -19,6 +19,8 @@ workflow: - gem install bundler --no-document # Bundler is not installed with the image - bundle config set --local path 'vendor' # Install dependencies into ./vendor/ruby - bundle config set with 'development' + - bundle config set --local frozen 'true' # Disallow Gemfile.lock changes on CI + - bundle config # Show bundler configuration - bundle install -j $(nproc) script: - bundle exec rspec diff --git a/vendor/gems/mail-smtp_pool/.gitlab-ci.yml b/vendor/gems/mail-smtp_pool/.gitlab-ci.yml index 4c9e62f7d11..dee865f3cd6 100644 --- a/vendor/gems/mail-smtp_pool/.gitlab-ci.yml +++ b/vendor/gems/mail-smtp_pool/.gitlab-ci.yml @@ -13,14 +13,12 @@ workflow: - gem install bundler --no-document # Bundler is not installed with the image - bundle config set --local path 'vendor' # Install dependencies into ./vendor/ruby - bundle config set with 'development' + - bundle config set --local frozen 'true' # Disallow Gemfile.lock changes on CI + - bundle config # Show bundler configuration - bundle install -j $(nproc) script: - bundle exec rspec -rspec-2.6: - image: "ruby:2.6" - extends: .rspec - rspec-2.7: image: "ruby:2.7" extends: .rspec diff --git a/vendor/gems/omniauth-azure-oauth2/.gitlab-ci.yml b/vendor/gems/omniauth-azure-oauth2/.gitlab-ci.yml new file mode 100644 index 00000000000..575fec39767 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/.gitlab-ci.yml @@ -0,0 +1,28 @@ +workflow: + rules: + - if: $CI_MERGE_REQUEST_ID + +.rspec: + cache: + key: omniauth-azure-oauth2 + paths: + - vendor/gems/omniauth-azure-oauth2/vendor/ruby + before_script: + - cd vendor/gems/omniauth-azure-oauth2 + - ruby -v # Print out ruby version for debugging + - gem install bundler --no-document # Bundler is not installed with the image + - bundle config set --local path 'vendor' # Install dependencies into ./vendor/ruby + - bundle config set with 'development' + - bundle config set --local frozen 'true' # Disallow Gemfile.lock changes on CI + - bundle config # Show bundler configuration + - bundle install -j $(nproc) + script: + - bundle exec rspec + +rspec-2.7: + image: "ruby:2.7" + extends: .rspec + +rspec-3.0: + image: "ruby:3.0" + extends: .rspec diff --git a/vendor/gems/omniauth-azure-oauth2/CHANGELOG.md b/vendor/gems/omniauth-azure-oauth2/CHANGELOG.md new file mode 100644 index 00000000000..ca274303b18 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/CHANGELOG.md @@ -0,0 +1,31 @@ +# Version 0.0.9 +* Expand JWT dep. Thanks @ronaldsalas + +# Version 0.0.9 +* Added support for dynamic tenant urls. Thanks @marcus-fellinger-esc + +# Version 0.0.8 +* Upgrade to omniauth-oauth2 1.4.0 and fix callback url issue +* Allow prompt parameter, thanks @hilu +* Add tenant id to info +* Updated base url + +# Version 0.0.6 +* Use 'name' from Azure for name, and 'unique_name' for nickname per Auth Hash spec. Thanks @jayme-github + +# Version 0.0.5 +* loosen jwt requirement + +# Version 0.0.5 +* loosen jwt requirement + +# VERSION 0.0.4 +* fix for JWT scoping, thanks @tobsher + +# VERSION 0.0.3 +* added common endpoint and removed mandatory requirement for tenant-id +* upgraded jwt + +# VERSION 0.0.1 + +* Initial build
\ No newline at end of file diff --git a/vendor/gems/omniauth-azure-oauth2/Gemfile b/vendor/gems/omniauth-azure-oauth2/Gemfile new file mode 100644 index 00000000000..ef2f8b4147f --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/Gemfile @@ -0,0 +1,8 @@ +source 'https://rubygems.org' + +# Specify your gem's dependencies in omniauth-azure-oauth2.gemspec +gemspec + +group :example do + gem 'sinatra' +end
\ No newline at end of file diff --git a/vendor/gems/omniauth-azure-oauth2/Gemfile.lock b/vendor/gems/omniauth-azure-oauth2/Gemfile.lock new file mode 100644 index 00000000000..0bd5d401175 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/Gemfile.lock @@ -0,0 +1,73 @@ +PATH + remote: . + specs: + omniauth-azure-oauth2 (0.0.10) + jwt (>= 1.0, < 3.0) + omniauth (~> 1.0, < 3) + omniauth-oauth2 (~> 1.4) + +GEM + remote: https://rubygems.org/ + specs: + diff-lcs (1.5.0) + faraday (2.5.2) + faraday-net_http (>= 2.0, < 3.1) + ruby2_keywords (>= 0.0.4) + faraday-net_http (3.0.0) + hashie (5.0.0) + jwt (2.4.1) + multi_xml (0.6.0) + mustermann (2.0.2) + ruby2_keywords (~> 0.0.1) + oauth2 (2.0.6) + faraday (>= 0.17.3, < 3.0) + jwt (>= 1.0, < 3.0) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + rash_alt (>= 0.4, < 1) + version_gem (~> 1.1) + omniauth (1.9.1) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + omniauth-oauth2 (1.7.3) + oauth2 (>= 1.4, < 3) + omniauth (>= 1.9, < 3) + rack (2.2.4) + rack-protection (2.2.2) + rack + rake (13.0.6) + rash_alt (0.4.12) + hashie (>= 3.4) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-mocks (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-support (3.11.0) + ruby2_keywords (0.0.5) + sinatra (2.2.2) + mustermann (~> 2.0) + rack (~> 2.2) + rack-protection (= 2.2.2) + tilt (~> 2.0) + tilt (2.0.11) + version_gem (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + omniauth-azure-oauth2! + rake + rspec (>= 2.14.0) + sinatra + +BUNDLED WITH + 2.3.20 diff --git a/vendor/gems/omniauth-azure-oauth2/LICENSE b/vendor/gems/omniauth-azure-oauth2/LICENSE new file mode 100644 index 00000000000..57ecd3eabb9 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/LICENSE @@ -0,0 +1,22 @@ +Copyright (c) 2014 Deltek + +MIT License + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file diff --git a/vendor/gems/omniauth-azure-oauth2/README.md b/vendor/gems/omniauth-azure-oauth2/README.md new file mode 100644 index 00000000000..a28e9ffdfd2 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/README.md @@ -0,0 +1,161 @@ +# OmniAuth Windows Azure Active Directory Strategy + +This is fork of [omniauth-azure-oauth2](https://github.com/marknadig/omniauth-azure-oauth2) to support: + +1. OmniAuth v1 and v2. OmniAuth v2 disables GET requests by default + and defaults to POST. GitLab already has patched v1 to use POST, + but other dependencies need to be updated: + https://gitlab.com/gitlab-org/gitlab/-/issues/30073. +2. We may deprecate this library entirely in the future: + https://gitlab.com/gitlab-org/gitlab/-/issues/366212 + +[](https://travis-ci.org/KonaTeam/omniauth-azure-oauth2) + +This gem provides a simple way to authenticate to Windows Azure Active Directory (WAAD) over OAuth2 using OmniAuth. + +One of the unique challenges of WAAD OAuth is that WAAD is multi tenant. Any given tenant can have multiple active +directories. The CLIENT-ID, REPLY-URL and keys will be unique to the tenant/AD/application combination. This gem simply +provides hooks for determining those unique values for each call. + +## Installation + +Add this line to your application's Gemfile: + +```ruby +gem 'omniauth-azure-oauth2' +``` + +## Usage + +First, you will need to add your site as an application in WAAD.: +[Adding, Updating, and Removing an Application](http://msdn.microsoft.com/en-us/library/azure/dn132599.aspx) + +Summary: +Select your Active Directory in https://manage.windowsazure.com/<tenantid> of type 'Web Application'. Name, sign-on url, +logo are not important. You will need the CLIENT-ID from the application configuration and you will need to generate +an expiring key (aka 'client secret'). REPLY URL is the oauth redirect uri which will be the omniauth callback path +https://example.com/users/auth/azure_oauth2/callback. The APP ID UI just needs to be unique to that tenant and identify +your site and isn't needed to configure the gem. +Permissions need Delegated Permissions to at least have "Enable sign-on and read user's profiles". + +Note: Seems like the terminology is still fluid, so follow the MS guidance (buwahaha) to set this up. + +The TenantInfo information can be a hash or class. It must provide client_id and client_secret. +Optionally a domain_hint and tenant_id. For a simple single-tenant app, this could be: + +```ruby +use OmniAuth::Builder do + provider :azure_oauth2, + { + client_id: ENV['AZURE_CLIENT_ID'], + client_secret: ENV['AZURE_CLIENT_SECRET'], + tenant_id: ENV['AZURE_TENANT_ID'] + } +end +``` + +Or the alternative format for use with [devise](https://github.com/plataformatec/devise): + +```ruby +config.omniauth :azure_oauth2, client_id: ENV['AZURE_CLIENT_ID'], + client_secret: ENV['AZURE_CLIENT_SECRET'], tenant_id: ENV['AZURE_TENANT_ID'] +``` + +For multi-tenant apps where you don't know the tenant_id in advance, simply leave out the tenant_id to use the +[common endpoint](http://msdn.microsoft.com/en-us/library/azure/dn645542.aspx). + +```ruby +use OmniAuth::Builder do + provider :azure_oauth2, + { + client_id: ENV['AZURE_CLIENT_ID'], + client_secret: ENV['AZURE_CLIENT_SECRET'] + } +end +``` + +For dynamic tenant assignment, pass a class that supports those same attributes and accepts the strategy as a parameter + +```ruby +class YouTenantProvider + def initialize(strategy) + @strategy = strategy + end + + def client_id + tenant.azure_client_id + end + + def client_secret + tenant.azure_client_secret + end + + def tenant_id + tenant.azure_tanant_id + end + + def domain_hint + tenant.azure_domain_hint + end + + private + + def tenant + # whatever strategy you want to figure out the right tenant from params/session + @tenant ||= Customer.find(@strategy.session[:customer_id]) + end +end + +use OmniAuth::Builder do + provider :azure_oauth2, YourTenantProvider +end +``` + +The base_azure_url can be overridden in the provider configuration for different locales; e.g. `base_azure_url: "https://login.microsoftonline.de"` + + +## Auth Hash Schema + +The following information is provided back to you for this provider: + +```ruby +{ + uid: '12345', + info: { + name: 'some one', + first_name: 'some', + last_name: 'one', + email: 'someone@example.com' + }, + credentials: { + token: 'thetoken', + refresh_token: 'refresh' + }, + extra: { raw_info: raw_api_response } +} +``` +## notes + +When you make a request to WAAD you must specify a resource. The gem currently assumes this is the AD identified as '00000002-0000-0000-c000-000000000000'. +This can be passed in as part of the config. It currently isn't designed to be dynamic. + +```ruby +use OmniAuth::Builder do + provider :azure_oauth2, TenantInfo, resource: 'myresource' +end +``` + +## Contributing + +1. Fork it +2. Create your feature branch (`git checkout -b my-new-feature`) +3. Make your changes, add tests, run tests (`rake`) +4. Commit your changes and tests (`git commit -am 'Added some feature'`) +5. Push to the branch (`git push origin my-new-feature`) +6. Create new Pull Request + + +## Misc +Run tests `bundle exec rake` +Push to rubygems `bundle exec rake release`. + diff --git a/vendor/gems/omniauth-azure-oauth2/Rakefile b/vendor/gems/omniauth-azure-oauth2/Rakefile new file mode 100644 index 00000000000..965431eb7c9 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/Rakefile @@ -0,0 +1,6 @@ +require File.join('bundler', 'gem_tasks') +require File.join('rspec', 'core', 'rake_task') + +RSpec::Core::RakeTask.new(:spec) + +task :default => :spec
\ No newline at end of file diff --git a/vendor/gems/omniauth-azure-oauth2/examples/sinatra.rb b/vendor/gems/omniauth-azure-oauth2/examples/sinatra.rb new file mode 100644 index 00000000000..3db9e5fe435 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/examples/sinatra.rb @@ -0,0 +1,31 @@ +$:.push File.dirname(__FILE__) + '/../lib' + +require 'omniauth-azure-oauth2' +require 'sinatra' + +class MyAzureProvider + def self.client_id + ENV['AZURE_CLIENT_ID'] + end + + def self.client_secret + ENV['AZURE_CLIENT_SECRET'] + end + + def self.tenant_id + ENV['AZURE_TENANT_ID'] + end + +end + +use Rack::Session::Cookie +use OmniAuth::Strategies::Azure, MyAzureProvider + +get '/' do + "<a href='/auth/azure_oauth2'>Log in with Azure</a>" +end + +get '/auth/azure_oauth2/callback' do + content_type 'text/plain' + request.env['omniauth.auth'].inspect +end
\ No newline at end of file diff --git a/vendor/gems/omniauth-azure-oauth2/lib/omniauth-azure-oauth2.rb b/vendor/gems/omniauth-azure-oauth2/lib/omniauth-azure-oauth2.rb new file mode 100644 index 00000000000..121c26842aa --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/lib/omniauth-azure-oauth2.rb @@ -0,0 +1 @@ +require File.join('omniauth', 'azure_oauth2')
\ No newline at end of file diff --git a/vendor/gems/omniauth-azure-oauth2/lib/omniauth/azure_oauth2.rb b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/azure_oauth2.rb new file mode 100644 index 00000000000..69651ede9e7 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/azure_oauth2.rb @@ -0,0 +1 @@ +require File.join('omniauth', 'strategies', 'azure_oauth2')
\ No newline at end of file diff --git a/vendor/gems/omniauth-azure-oauth2/lib/omniauth/azure_oauth2/version.rb b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/azure_oauth2/version.rb new file mode 100644 index 00000000000..cfaa9ddd458 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/azure_oauth2/version.rb @@ -0,0 +1,5 @@ +module OmniAuth + module AzureOauth2 + VERSION = "0.0.10" + end +end diff --git a/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb new file mode 100644 index 00000000000..f18babc0619 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb @@ -0,0 +1,73 @@ +require 'omniauth/strategies/oauth2' +require 'jwt' + +module OmniAuth + module Strategies + class AzureOauth2 < OmniAuth::Strategies::OAuth2 + BASE_AZURE_URL = 'https://login.microsoftonline.com' + + option :name, 'azure_oauth2' + + option :tenant_provider, nil + + # AD resource identifier + option :resource, '00000002-0000-0000-c000-000000000000' + + # tenant_provider must return client_id, client_secret and optionally tenant_id and base_azure_url + args [:tenant_provider] + + def client + if options.tenant_provider + provider = options.tenant_provider.new(self) + else + provider = options # if pass has to config, get mapped right on to options + end + + options.client_id = provider.client_id + options.client_secret = provider.client_secret + options.tenant_id = + provider.respond_to?(:tenant_id) ? provider.tenant_id : 'common' + options.base_azure_url = + provider.respond_to?(:base_azure_url) ? provider.base_azure_url : BASE_AZURE_URL + + options.authorize_params = provider.authorize_params if provider.respond_to?(:authorize_params) + options.authorize_params.domain_hint = provider.domain_hint if provider.respond_to?(:domain_hint) && provider.domain_hint + options.authorize_params.prompt = request.params['prompt'] if request.params['prompt'] + options.client_options.authorize_url = "#{options.base_azure_url}/#{options.tenant_id}/oauth2/authorize" + options.client_options.token_url = "#{options.base_azure_url}/#{options.tenant_id}/oauth2/token" + super + end + + uid { + raw_info['sub'] + } + + info do + { + name: raw_info['name'], + nickname: raw_info['unique_name'], + first_name: raw_info['given_name'], + last_name: raw_info['family_name'], + email: raw_info['email'] || raw_info['upn'], + oid: raw_info['oid'], + tid: raw_info['tid'] + } + end + + def token_params + azure_resource = request.env['omniauth.params'] && request.env['omniauth.params']['azure_resource'] + super.merge(resource: azure_resource || options.resource) + end + + def callback_url + full_host + script_name + callback_path + end + + def raw_info + # it's all here in JWT http://msdn.microsoft.com/en-us/library/azure/dn195587.aspx + @raw_info ||= ::JWT.decode(access_token.token, nil, false).first + end + + end + end +end diff --git a/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec b/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec new file mode 100644 index 00000000000..6e1bc583881 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec @@ -0,0 +1,25 @@ +# -*- encoding: utf-8 -*- +require File.expand_path(File.join('..', 'lib', 'omniauth', 'azure_oauth2', 'version'), __FILE__) + +Gem::Specification.new do |gem| + gem.authors = ["Mark Nadig"] + gem.email = ["mark@nadigs.net"] + gem.description = %q{An Windows Azure Active Directory OAuth2 strategy for OmniAuth} + gem.summary = %q{An Windows Azure Active Directory OAuth2 strategy for OmniAuth} + gem.homepage = "https://github.com/KonaTeam/omniauth-azure-oauth2" + + gem.files = Dir.glob("lib/**/*.*") + gem.test_files = Dir.glob("spec/**/**/*.*") + gem.name = "omniauth-azure-oauth2" + gem.require_paths = ["lib"] + gem.version = OmniAuth::AzureOauth2::VERSION + gem.license = "MIT" + + gem.add_runtime_dependency 'omniauth', '~> 1.0', '< 3' + gem.add_dependency 'jwt', ['>= 1.0', '< 3.0'] + + gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.4' + + gem.add_development_dependency 'rspec', '>= 2.14.0' + gem.add_development_dependency 'rake' +end diff --git a/vendor/gems/omniauth-azure-oauth2/spec/omniauth/strategies/azure_oauth2_spec.rb b/vendor/gems/omniauth-azure-oauth2/spec/omniauth/strategies/azure_oauth2_spec.rb new file mode 100644 index 00000000000..d171d88ac6c --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/spec/omniauth/strategies/azure_oauth2_spec.rb @@ -0,0 +1,332 @@ +require 'spec_helper' +require 'omniauth-azure-oauth2' + +module OmniAuth + module Strategies + module JWT; end + end +end + +describe OmniAuth::Strategies::AzureOauth2 do + let(:request) { double('Request', :params => {}, :cookies => {}, :env => {}) } + let(:app) { + lambda do + [200, {}, ["Hello."]] + end + } + + before do + OmniAuth.config.test_mode = true + end + + after do + OmniAuth.config.test_mode = false + end + + describe 'static configuration' do + let(:options) { @options || {} } + subject do + OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret', tenant_id: 'tenant'}.merge(options)) + end + + describe '#client' do + it 'has correct authorize url' do + allow(subject).to receive(:request) { request } + expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/authorize') + end + + it 'has correct authorize params' do + allow(subject).to receive(:request) { request } + subject.client + expect(subject.authorize_params[:domain_hint]).to be_nil + end + + it 'has correct token url' do + allow(subject).to receive(:request) { request } + expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/token') + end + + describe "overrides" do + it 'should override domain_hint' do + @options = {domain_hint: 'hint'} + allow(subject).to receive(:request) { request } + subject.client + expect(subject.authorize_params[:domain_hint]).to eql('hint') + end + end + end + + end + + describe 'static configuration - german' do + let(:options) { @options || {} } + subject do + OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret', tenant_id: 'tenant', base_azure_url: 'https://login.microsoftonline.de'}.merge(options)) + end + + describe '#client' do + it 'has correct authorize url' do + allow(subject).to receive(:request) { request } + expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/authorize') + end + + it 'has correct authorize params' do + allow(subject).to receive(:request) { request } + subject.client + expect(subject.authorize_params[:domain_hint]).to be_nil + end + + it 'has correct token url' do + allow(subject).to receive(:request) { request } + expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/token') + end + + it 'has correct token params' do + allow(subject).to receive(:request) { request } + subject.client + expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000') + end + + describe "overrides" do + it 'should override domain_hint' do + @options = {domain_hint: 'hint'} + allow(subject).to receive(:request) { request } + subject.client + expect(subject.authorize_params[:domain_hint]).to eql('hint') + end + end + end + end + + describe 'static common configuration' do + let(:options) { @options || {} } + subject do + OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret'}.merge(options)) + end + + before do + allow(subject).to receive(:request) { request } + end + + describe '#client' do + it 'has correct authorize url' do + expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/common/oauth2/authorize') + end + + it 'has correct token url' do + expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/common/oauth2/token') + end + end + end + + describe 'dynamic configuration' do + let(:provider_klass) { + Class.new { + def initialize(strategy) + end + + def client_id + 'id' + end + + def client_secret + 'secret' + end + + def tenant_id + 'tenant' + end + + def authorize_params + { custom_option: 'value' } + end + } + } + + subject do + OmniAuth::Strategies::AzureOauth2.new(app, provider_klass) + end + + before do + allow(subject).to receive(:request) { request } + end + + describe '#client' do + it 'has correct authorize url' do + expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/authorize') + end + + it 'has correct authorize params' do + subject.client + expect(subject.authorize_params[:domain_hint]).to be_nil + expect(subject.authorize_params[:custom_option]).to eql('value') + end + + it 'has correct token url' do + expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/token') + end + + it 'has correct token params' do + subject.client + expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000') + end + + # todo: how to get this working? + # describe "overrides" do + # it 'should override domain_hint' do + # provider_klass.domain_hint = 'hint' + # subject.client + # expect(subject.authorize_params[:domain_hint]).to eql('hint') + # end + # end + end + + end + + describe 'dynamic configuration - german' do + let(:provider_klass) { + Class.new { + def initialize(strategy) + end + + def client_id + 'id' + end + + def client_secret + 'secret' + end + + def tenant_id + 'tenant' + end + + def base_azure_url + 'https://login.microsoftonline.de' + end + } + } + + subject do + OmniAuth::Strategies::AzureOauth2.new(app, provider_klass) + end + + before do + allow(subject).to receive(:request) { request } + end + + describe '#client' do + it 'has correct authorize url' do + expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/authorize') + end + + it 'has correct authorize params' do + subject.client + expect(subject.authorize_params[:domain_hint]).to be_nil + end + + it 'has correct token url' do + expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/token') + end + + it 'has correct token params' do + subject.client + expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000') + end + + # todo: how to get this working? + # describe "overrides" do + # it 'should override domain_hint' do + # provider_klass.domain_hint = 'hint' + # subject.client + # expect(subject.authorize_params[:domain_hint]).to eql('hint') + # end + # end + end + + end + + describe 'dynamic common configuration' do + let(:provider_klass) { + Class.new { + def initialize(strategy) + end + + def client_id + 'id' + end + + def client_secret + 'secret' + end + } + } + + subject do + OmniAuth::Strategies::AzureOauth2.new(app, provider_klass) + end + + before do + allow(subject).to receive(:request) { request } + end + + describe '#client' do + it 'has correct authorize url' do + expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/common/oauth2/authorize') + end + + it 'has correct token url' do + expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/common/oauth2/token') + end + end + end + + describe "raw_info" do + subject do + OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret'}) + end + + let(:token) do + JWT.encode({"some" => "payload"}, "secret") + end + + let(:access_token) do + double(:token => token) + end + + before do + allow(subject).to receive(:access_token) { access_token } + allow(subject).to receive(:request) { request } + end + + it "does not clash if JWT strategy is used" do + expect do + subject.info + end.to_not raise_error + end + end + + describe 'token_params' do + let(:strategy) { OmniAuth::Strategies::AzureOauth2.new(app, client_id: 'id', client_secret: 'secret') } + let(:request) { double('Request', env: env) } + let(:env) { {} } + + subject { strategy.token_params } + + before { allow(strategy).to receive(:request).and_return request } + + it { is_expected.to be_a OmniAuth::Strategy::Options } + it 'has default resource' do + expect(subject.resource).to eq '00000002-0000-0000-c000-000000000000' + end + + context 'when custom crm url' do + let(:crm_url) { 'https://mydomain.crm.dynamics.com/' } + let(:env) { { 'omniauth.params' => { 'azure_resource' => crm_url } } } + + it 'has resource from url params' do + expect(subject.resource).to eq crm_url + end + end + end +end diff --git a/vendor/gems/omniauth-azure-oauth2/spec/spec_helper.rb b/vendor/gems/omniauth-azure-oauth2/spec/spec_helper.rb new file mode 100644 index 00000000000..9d0890421a2 --- /dev/null +++ b/vendor/gems/omniauth-azure-oauth2/spec/spec_helper.rb @@ -0,0 +1,2 @@ +require File.join('bundler', 'setup') +require 'rspec'
\ No newline at end of file diff --git a/vendor/gems/omniauth-cas3/.gitlab-ci.yml b/vendor/gems/omniauth-cas3/.gitlab-ci.yml new file mode 100644 index 00000000000..e728d704d21 --- /dev/null +++ b/vendor/gems/omniauth-cas3/.gitlab-ci.yml @@ -0,0 +1,28 @@ +workflow: + rules: + - if: $CI_MERGE_REQUEST_ID + +.rspec: + cache: + key: omniauth-cas3-ruby + paths: + - vendor/gems/omniauth-cas3/vendor/ruby + before_script: + - cd vendor/gems/omniauth-cas3 + - ruby -v # Print out ruby version for debugging + - gem install bundler --no-document # Bundler is not installed with the image + - bundle config set --local path 'vendor' # Install dependencies into ./vendor/ruby + - bundle config set with 'development' + - bundle config set --local frozen 'true' # Disallow Gemfile.lock changes on CI + - bundle config # Show bundler configuration + - bundle install -j $(nproc) + script: + - bundle exec rspec + +rspec-2.7: + image: "ruby:2.7" + extends: .rspec + +rspec-3.0: + image: "ruby:3.0" + extends: .rspec diff --git a/vendor/gems/omniauth-cas3/Gemfile b/vendor/gems/omniauth-cas3/Gemfile new file mode 100644 index 00000000000..adc6d8b37a3 --- /dev/null +++ b/vendor/gems/omniauth-cas3/Gemfile @@ -0,0 +1,4 @@ +source 'https://rubygems.org' + +# Specify your gem's dependencies in omniauth-cas3.gemspec +gemspec diff --git a/vendor/gems/omniauth-cas3/Gemfile.lock b/vendor/gems/omniauth-cas3/Gemfile.lock new file mode 100644 index 00000000000..4c59eb05d50 --- /dev/null +++ b/vendor/gems/omniauth-cas3/Gemfile.lock @@ -0,0 +1,64 @@ +PATH + remote: . + specs: + omniauth-cas3 (1.1.4) + addressable (~> 2.3) + nokogiri (~> 1.7, >= 1.7.1) + omniauth (~> 1.2, < 3) + +GEM + remote: https://rubygems.org/ + specs: + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) + awesome_print (1.9.2) + crack (0.4.5) + rexml + diff-lcs (1.5.0) + hashdiff (1.0.1) + hashie (5.0.0) + mini_portile2 (2.8.0) + nokogiri (1.13.7) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) + omniauth (1.9.1) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + public_suffix (4.0.7) + racc (1.6.0) + rack (2.2.4) + rack-test (0.8.3) + rack (>= 1.0, < 3) + rake (10.5.0) + rexml (3.2.5) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-mocks (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-support (3.11.0) + webmock (3.14.0) + addressable (>= 2.8.0) + crack (>= 0.3.2) + hashdiff (>= 0.4.0, < 2.0.0) + +PLATFORMS + ruby + +DEPENDENCIES + awesome_print + omniauth-cas3! + rack-test (~> 0.6) + rake (~> 10.0) + rspec (>= 3.4) + webmock + +BUNDLED WITH + 2.3.18 diff --git a/vendor/gems/omniauth-cas3/LICENSE b/vendor/gems/omniauth-cas3/LICENSE new file mode 100644 index 00000000000..402cb6e4380 --- /dev/null +++ b/vendor/gems/omniauth-cas3/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2011 Derek Lindahl and CustomInk, LLC +Copyright (c) 2015 tduehr + +MIT License + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file diff --git a/vendor/gems/omniauth-cas3/README.md b/vendor/gems/omniauth-cas3/README.md new file mode 100644 index 00000000000..3c66341defb --- /dev/null +++ b/vendor/gems/omniauth-cas3/README.md @@ -0,0 +1,134 @@ +# OmniAuth CAS Strategy [![Gem Version][version_badge]][version] [![Build Status][travis_status]][travis] + +This is a fork of [omniauth-cas3](https://github.com/tduehr/omniauth-cas3) to +support: + +1. OmniAuth v1 and v2. OmniAuth v2 disables GET requests by default + and defaults to POST. GitLab already has patched v1 to use POST, + but other dependencies need to be updated: + https://gitlab.com/gitlab-org/gitlab/-/issues/30073. +2. We may deprecate this library entirely in the future: + https://gitlab.com/gitlab-org/gitlab/-/issues/366212 + +[version_badge]: https://badge.fury.io/rb/omniauth-cas3.png +[version]: http://badge.fury.io/rb/omniauth-cas3 +[travis]: http://travis-ci.org/tduehr/omniauth-cas3 +[travis_status]: https://secure.travis-ci.org/dlindahl/omniauth-cas3.png +[releases]: https://github.com/tduehr/omniauth-cas3/releases + +This is a OmniAuth 1.0 compatible port of the previously available +[OmniAuth CAS strategy][old_omniauth_cas] that was bundled with OmniAuth 0.3. This strategy has also been updated for CAS protocol version 3.0 and patched to deal with namespace issues. + +* [View the documentation][document_up] +* [Changelog][releases] + +## Installation + +Add this line to your application's Gemfile: + + gem 'omniauth-cas3' + +And then execute: + + $ bundle + +Or install it yourself as: + + $ gem install omniauth-cas3 + +## Usage + +Use like any other OmniAuth strategy: + +```ruby +Rails.application.config.middleware.use OmniAuth::Builder do + provider :cas3, host: 'cas.yourdomain.com' +end +``` + +### Configuration Options + +#### Required + +OmniAuth CAS requires at least one of the following two configuration options: + + * `url` - Defines the URL of your CAS server (i.e. `http://example.org:8080`) + * `host` - Defines the host of your CAS server (i.e. `example.org`). + +#### Optional + +Other configuration options: + + * `port` - The port to use for your configured CAS `host`. Optional if using `url`. + * `ssl` - TRUE to connect to your CAS server over SSL. Optional if using `url`. + * `service_validate_url` - The URL to use to validate a user. Defaults to `'/serviceValidate'`. + * `callback_url` - The URL custom URL path which CAS uses to call back to the service. Defaults to `/users/auth/cas3/callback`. + * `logout_url` - The URL to use to logout a user. Defaults to `'/logout'`. + * `login_url` - Defines the URL used to prompt users for their login information. Defaults to `/login` If no `host` is configured, the host application's domain will be used. + * `uid_field` - The user data attribute to use as your user's unique identifier. Defaults to `'user'` (which usually contains the user's login name). + * `ca_path` - Optional when `ssl` is `true`. Sets path of a CA certification directory. See [Net::HTTP][net_http] for more details. + * `disable_ssl_verification` - Optional when `ssl` is true. Disables verification. + * `on_single_sign_out` - Optional. Callback used when a [CAS 3.1 Single Sign Out][sso] + request is received. + * `fetch_raw_info` - Optional. Callback used to return additional "raw" user + info from other sources. + + ```ruby + provider :cas3, + fetch_raw_info: lambda { |strategy, options, ticket, user_info| + ExternalService.get(user_info[:user]).attributes + } + ``` + +Configurable options for values returned by CAS: + + * `uid_key` - The user ID data attribute to use as your user's unique identifier. Defaults to `'user'` (which usually contains the user's login name). + * `name_key` - The data attribute containing user first and last name. Defaults to `'name'`. + * `email_key` - The data attribute containing user email address. Defaults to `'email'`. + * `nickname_key` - The data attribute containing user's nickname. Defaults to `'user'`. + * `first_name_key` - The data attribute containing user first name. Defaults to `'first_name'`. + * `last_name_key` - The data attribute containing user last name. Defaults to `'last_name'`. + * `location_key` - The data attribute containing user location/address. Defaults to `'location'`. + * `image_key` - The data attribute containing user image/picture. Defaults to `'image'`. + * `phone_key` - The data attribute containing user contact phone number. Defaults to `'phone'`. + +## Migrating from OmniAuth 0.3 + +Given the following OmniAuth 0.3 configuration: + +```ruby +provider :CAS, cas_server: 'https://cas.example.com/cas/' +``` + +Your new settings should look similar to this: + +```ruby +provider :cas3, + host: 'cas.example.com', + login_url: '/cas/login', + service_validate_url: '/cas/p3/serviceValidate' +``` + +If you encounter problems wih SSL certificates you may want to set the `ca_path` parameter or activate `disable_ssl_verification` (not recommended). + +## Contributing + +1. Fork it +2. Create your feature branch (`git checkout -b my-new-feature`) +3. Commit your changes (`git commit -am 'Added some feature'`) +4. Push to the branch (`git push origin my-new-feature`) +5. Create new Pull Request + +## Thanks + +Special thanks go out to the following people + + * @dlindahl For the original work in porting this from OmniAuth 0.3 + * Phillip Aldridge (@iterateNZ) and JB Barth (@jbbarth) for helping out with Issue #3 + * Elber Ribeiro (@dynaum) for Ubuntu SSL configuration support + * @rbq for README updates and OmniAuth 0.3 migration guide + +[old_omniauth_cas]: https://github.com/intridea/omniauth/blob/0-3-stable/oa-enterprise/lib/omniauth/strategies/cas.rb +[document_up]: http://tduehr.github.com/omniauth-cas3/ +[net_http]: http://ruby-doc.org/stdlib-1.9.3/libdoc/net/http/rdoc/Net/HTTP.html +[sso]: https://wiki.jasig.org/display/CASUM/Single+Sign+Out diff --git a/vendor/gems/omniauth-cas3/Rakefile b/vendor/gems/omniauth-cas3/Rakefile new file mode 100644 index 00000000000..af92638ba13 --- /dev/null +++ b/vendor/gems/omniauth-cas3/Rakefile @@ -0,0 +1,15 @@ +#!/usr/bin/env rake +require 'bundler/gem_tasks' + +require 'rspec/core/rake_task' +desc 'Default: run specs.' +task default: :spec + +desc 'Run specs' +RSpec::Core::RakeTask.new(:spec) do |t| + t.rspec_opts = '--require spec_helper --color --order rand' +end + +task :test do + fail %q{This application uses RSpec. Try running "rake spec"} +end diff --git a/vendor/gems/omniauth-cas3/lib/omniauth-cas3.rb b/vendor/gems/omniauth-cas3/lib/omniauth-cas3.rb new file mode 100644 index 00000000000..58509b933c8 --- /dev/null +++ b/vendor/gems/omniauth-cas3/lib/omniauth-cas3.rb @@ -0,0 +1 @@ +require 'omniauth/cas3' diff --git a/vendor/gems/omniauth-cas3/lib/omniauth/cas3.rb b/vendor/gems/omniauth-cas3/lib/omniauth/cas3.rb new file mode 100644 index 00000000000..80460aa1f31 --- /dev/null +++ b/vendor/gems/omniauth-cas3/lib/omniauth/cas3.rb @@ -0,0 +1,2 @@ +require 'omniauth/cas3/version' +require 'omniauth/strategies/cas3'
\ No newline at end of file diff --git a/vendor/gems/omniauth-cas3/lib/omniauth/cas3/version.rb b/vendor/gems/omniauth-cas3/lib/omniauth/cas3/version.rb new file mode 100644 index 00000000000..9508dd69125 --- /dev/null +++ b/vendor/gems/omniauth-cas3/lib/omniauth/cas3/version.rb @@ -0,0 +1,5 @@ +module Omniauth + module Cas3 + VERSION = '1.1.4' + end +end diff --git a/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3.rb b/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3.rb new file mode 100644 index 00000000000..7271621c564 --- /dev/null +++ b/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3.rb @@ -0,0 +1,222 @@ +require 'omniauth' +require 'addressable/uri' + +module OmniAuth + module Strategies + class CAS3 + include OmniAuth::Strategy + + # Custom Exceptions + class MissingCASTicket < StandardError; end + class InvalidCASTicket < StandardError; end + + autoload :ServiceTicketValidator, 'omniauth/strategies/cas3/service_ticket_validator' + autoload :LogoutRequest, 'omniauth/strategies/cas3/logout_request' + + attr_accessor :raw_info + alias_method :user_info, :raw_info + + option :name, :cas3 # Required property by OmniAuth::Strategy + + option :host, nil + option :port, nil + option :path, nil + option :ssl, true + option :service_validate_url, '/p3/serviceValidate' + option :login_url, '/login' + option :logout_url, '/logout' + option :on_single_sign_out, Proc.new {} + # A Proc or lambda that returns a Hash of additional user info to be + # merged with the info returned by the CAS server. + # + # @param [Object] An instance of OmniAuth::Strategies::CAS for the current request + # @param [String] The user's Service Ticket value + # @param [Hash] The user info for the Service Ticket returned by the CAS server + # + # @return [Hash] Extra user info + option :fetch_raw_info, Proc.new { Hash.new } + # Make all the keys configurable with some defaults set here + option :uid_field, 'user' + option :name_key, 'name' + option :email_key, 'email' + option :nickname_key, 'user' + option :first_name_key, 'first_name' + option :last_name_key, 'last_name' + option :location_key, 'location' + option :image_key, 'image' + option :phone_key, 'phone' + + # As required by https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema + AuthHashSchemaKeys = %w{name email nickname first_name last_name location image phone} + info do + prune!({ + name: raw_info[options[:name_key].to_s], + email: raw_info[options[:email_key].to_s], + nickname: raw_info[options[:nickname_key].to_s], + first_name: raw_info[options[:first_name_key].to_s], + last_name: raw_info[options[:last_name_key].to_s], + location: raw_info[options[:location_key].to_s], + image: raw_info[options[:image_key].to_s], + phone: raw_info[options[:phone_key].to_s] + }) + end + + extra do + prune!( + raw_info.delete_if{ |k,v| AuthHashSchemaKeys.include?(k) } + ) + end + + uid do + raw_info[options[:uid_field].to_s] + end + + credentials do + prune!({ ticket: @ticket }) + end + + def callback_phase + if on_sso_path? + single_sign_out_phase + else + @ticket = request.params['ticket'] + return fail!(:no_ticket, MissingCASTicket.new('No CAS Ticket')) unless @ticket + fetch_raw_info(@ticket) + return fail!(:invalid_ticket, InvalidCASTicket.new('Invalid CAS Ticket')) if raw_info.empty? + super + end + end + + def request_phase + service_url = append_params(callback_url, return_url) + + [ + 302, + { + 'Location' => login_url(service_url), + 'Content-Type' => 'text/plain' + }, + ["You are being redirected to CAS for sign-in."] + ] + end + + def on_sso_path? + request.post? && request.params.has_key?('logoutRequest') + end + + def single_sign_out_phase + logout_request_service.new(self, request).call(options) + end + + # Build a CAS host with protocol and port + # + # + def cas_url + extract_url if options['url'] + validate_cas_setup + @cas_url ||= begin + uri = Addressable::URI.new + uri.host = options.host + uri.scheme = options.ssl ? 'https' : 'http' + uri.port = options.port + uri.path = options.path + uri.to_s + end + end + + def extract_url + url = Addressable::URI.parse(options.delete('url')) + options.merge!( + 'host' => url.host, + 'port' => url.port, + 'path' => url.path, + 'ssl' => url.scheme == 'https' + ) + end + + def validate_cas_setup + if options.host.nil? || options.login_url.nil? + raise ArgumentError.new(":host and :login_url MUST be provided") + end + end + + # Build a service-validation URL from +service+ and +ticket+. + # If +service+ has a ticket param, first remove it. URL-encode + # +service+ and add it and the +ticket+ as paraemters to the + # CAS serviceValidate URL. + # + # @param [String] service the service (a.k.a. return-to) URL + # @param [String] ticket the ticket to validate + # + # @return [String] a URL like `http://cas.mycompany.com/serviceValidate?service=...&ticket=...` + def service_validate_url(service_url, ticket) + service_url = Addressable::URI.parse(service_url) + service_url.query_values = service_url.query_values.tap { |qs| qs.delete('ticket') } + cas_url + append_params(options.service_validate_url, { + service: service_url.to_s, + ticket: ticket + }) + end + + # Build a CAS login URL from +service+. + # + # @param [String] service the service (a.k.a. return-to) URL + # + # @return [String] a URL like `http://cas.mycompany.com/login?service=...` + def login_url(service) + cas_url + append_params(options.login_url, { service: service }) + end + + # Adds URL-escaped +parameters+ to +base+. + # + # @param [String] base the base URL + # @param [String] params the parameters to append to the URL + # + # @return [String] the new joined URL. + def append_params(base, params) + params = params.each { |k,v| v = Rack::Utils.escape(v) } + Addressable::URI.parse(base).tap do |base_uri| + base_uri.query_values = (base_uri.query_values || {}).merge(params) + end.to_s + end + + # Validate the Service Ticket + # @return [Object] the validated Service Ticket + def validate_service_ticket(ticket) + ServiceTicketValidator.new(self, options, callback_url, ticket).call + end + + private + + def fetch_raw_info(ticket) + ticket_user_info = validate_service_ticket(ticket).user_info + custom_user_info = options.fetch_raw_info.call(self, options, ticket, ticket_user_info) + self.raw_info = ticket_user_info.merge(custom_user_info) + end + + # Deletes Hash pairs with `nil` values. + # From https://github.com/mkdynamic/omniauth-facebook/blob/972ed5e3456bcaed7df1f55efd7c05c216c8f48e/lib/omniauth/strategies/facebook.rb#L122-127 + def prune!(hash) + hash.delete_if do |_, value| + prune!(value) if value.is_a?(Hash) + value.nil? || (value.respond_to?(:empty?) && value.empty?) + end + end + + def return_url + # If the request already has a `url` parameter, then it will already be appended to the callback URL. + if request.params && request.params['url'] + {} + else + { url: request.referer } + end + end + + def logout_request_service + LogoutRequest + end + end + end +end + +OmniAuth.config.add_camelization 'cas3', 'CAS3' diff --git a/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3/logout_request.rb b/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3/logout_request.rb new file mode 100644 index 00000000000..72978227edb --- /dev/null +++ b/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3/logout_request.rb @@ -0,0 +1,73 @@ +module OmniAuth + module Strategies + class CAS3 + class LogoutRequest + def initialize(strategy, request) + @strategy, @request = strategy, request + end + + def call(options = {}) + @options = options + + begin + result = single_sign_out_callback.call(*logout_request) + rescue StandardError => err + return @strategy.fail! :logout_request, err + else + result = [200,{},'OK'] if result == true || result.nil? + ensure + return unless result + + # TODO: Why does ActionPack::Response return [status,headers,body] + # when Rack::Response#new wants [body,status,headers]? Additionally, + # why does Rack::Response differ in argument order from the usual + # Rack-like [status,headers,body] array? + return Rack::Response.new(result[2],result[0],result[1]).finish + end + end + + private + + def logout_request + @logout_request ||= begin + saml = parse_and_ensure_namespaces(@request.params['logoutRequest']) + ns = saml.collect_namespaces + name_id = saml.xpath('//saml:NameID', ns).text + sess_idx = saml.xpath('//samlp:SessionIndex', ns).text + inject_params(name_id:name_id, session_index:sess_idx) + @request + end + end + + def parse_and_ensure_namespaces(logout_request_xml) + doc = Nokogiri.parse(logout_request_xml) + ns = doc.collect_namespaces + if ns.include?('xmlns:samlp') && ns.include?('xmlns:saml') + doc + else + add_namespaces(doc) + end + end + + def add_namespaces(logout_request_doc) + root = logout_request_doc.root + root.add_namespace('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol') + root.add_namespace('saml', 'urn:oasis:names:tc:SAML:2.0:assertion\\') + + # In order to add namespaces properly we need to re-parse the document + Nokogiri.parse(logout_request_doc.to_s) + end + + def inject_params(new_params) + new_params.each do |key, val| + @request.update_param(key, val) + end + end + + def single_sign_out_callback + @options[:on_single_sign_out] + end + end + end + end +end diff --git a/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3/service_ticket_validator.rb b/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3/service_ticket_validator.rb new file mode 100644 index 00000000000..4f9a61c5216 --- /dev/null +++ b/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3/service_ticket_validator.rb @@ -0,0 +1,103 @@ +require 'net/http' +require 'net/https' +require 'nokogiri' + +module OmniAuth + module Strategies + class CAS3 + class ServiceTicketValidator + VALIDATION_REQUEST_HEADERS = { 'Accept' => '*/*' } + + # Build a validator from a +configuration+, a + # +return_to+ URL, and a +ticket+. + # + # @param [Hash] options the OmniAuth Strategy options + # @param [String] return_to_url the URL of this CAS client service + # @param [String] ticket the service ticket to validate + def initialize(strategy, options, return_to_url, ticket) + @options = options + @uri = URI.parse(strategy.service_validate_url(return_to_url, ticket)) + end + + # Executes a network request to process the CAS Service Response + def call + @response_body = get_service_response_body + @success_body = find_authentication_success(@response_body) + self + end + + # Request validation of the ticket from the CAS server's + # serviceValidate (CAS 2.0) function. + # + # Swallows all XML parsing errors (and returns +nil+ in those cases). + # + # @return [Hash, nil] a user information hash if the response is valid; +nil+ otherwise. + # + # @raise any connection errors encountered. + def user_info + parse_user_info(@success_body) + end + + private + + # turns an `<cas:authenticationSuccess>` node into a Hash; + # returns nil if given nil + def parse_user_info(node) + return nil if node.nil? + {}.tap do |hash| + node.children.each do |e| + node_name = e.name.sub(/^cas:/, '') + unless e.kind_of?(Nokogiri::XML::Text) || node_name == 'proxies' + # There are no child elements + if e.element_children.count == 0 + hash[node_name] = e.content + elsif e.element_children.count + # JASIG style extra attributes + if node_name == 'attributes' + hash.merge!(parse_user_info(e)) + else + hash[node_name] = [] if hash[node_name].nil? + hash[node_name].push(parse_user_info(e)) + end + end + end + end + end + end + + # finds an `<cas:authenticationSuccess>` node in + # a `<cas:serviceResponse>` body if present; returns nil + # if the passed body is nil or if there is no such node. + def find_authentication_success(body) + return nil if body.nil? || body == '' + begin + doc = Nokogiri::XML(body) + begin + doc.xpath('/cas:serviceResponse/cas:authenticationSuccess') + rescue Nokogiri::XML::XPath::SyntaxError + doc.xpath('/serviceResponse/authenticationSuccess') + end + rescue Nokogiri::XML::XPath::SyntaxError + nil + end + end + + # retrieves the `<cas:serviceResponse>` XML from the CAS server + def get_service_response_body + result = '' + http = Net::HTTP.new(@uri.host, @uri.port) + http.use_ssl = @uri.port == 443 || @uri.instance_of?(URI::HTTPS) + if http.use_ssl? + http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @options.disable_ssl_verification? + http.ca_path = @options.ca_path + end + http.start do |c| + response = c.get "#{@uri.path}?#{@uri.query}", VALIDATION_REQUEST_HEADERS.dup + result = response.body + end + result + end + end + end + end +end diff --git a/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec b/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec new file mode 100644 index 00000000000..abbcaa268d0 --- /dev/null +++ b/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec @@ -0,0 +1,27 @@ +# -*- encoding: utf-8 -*- +require File.expand_path('../lib/omniauth/cas3/version', __FILE__) + +Gem::Specification.new do |gem| + gem.authors = ["Derek Lindahl, tduehr"] + gem.email = ["td@matasano.com"] + gem.summary = %q{CAS 3.0 Strategy for OmniAuth} + gem.description = gem.summary + gem.homepage = "https://github.com/tduehr/omniauth-cas3" + + gem.files = Dir.glob("lib/**/*.*") + gem.test_files = Dir.glob("spec/**/**/*.*") + gem.name = "omniauth-cas3" + gem.require_paths = ["lib"] + gem.version = Omniauth::Cas3::VERSION + + gem.add_dependency 'omniauth', '~> 1.2', '< 3' + gem.add_dependency 'nokogiri', '~> 1.7', '>= 1.7.1' + gem.add_dependency 'addressable', '~> 2.3' + + gem.add_development_dependency 'rake', '~> 10.0' + gem.add_development_dependency 'webmock' + gem.add_development_dependency 'rspec', '>= 3.4' + gem.add_development_dependency 'rack-test', '~> 0.6' + + gem.add_development_dependency 'awesome_print' +end diff --git a/vendor/gems/omniauth-cas3/spec/fixtures/cas_failure.xml b/vendor/gems/omniauth-cas3/spec/fixtures/cas_failure.xml new file mode 100644 index 00000000000..f8238a18014 --- /dev/null +++ b/vendor/gems/omniauth-cas3/spec/fixtures/cas_failure.xml @@ -0,0 +1,4 @@ +<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> + <cas:authenticationFailure> + </cas:authenticationFailure> +</cas:serviceResponse> diff --git a/vendor/gems/omniauth-cas3/spec/fixtures/cas_success.xml b/vendor/gems/omniauth-cas3/spec/fixtures/cas_success.xml new file mode 100644 index 00000000000..18904f64b35 --- /dev/null +++ b/vendor/gems/omniauth-cas3/spec/fixtures/cas_success.xml @@ -0,0 +1,14 @@ +<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> + <cas:authenticationSuccess> + <cas:user>psegel</cas:user> + <cas:employeeid>54</cas:employeeid> + <cas:first_name>P. Segel</cas:first_name> + <cas:first_name>Peter</cas:first_name> + <cas:last_name>Segel</cas:last_name> + <cas:email>psegel@intridea.com</cas:email> + <cas:location>Washington, D.C.</cas:location> + <cas:image>/images/user.jpg</cas:image> + <cas:phone>555-555-5555</cas:phone> + <cas:hire_date>2004-07-13</cas:hire_date> + </cas:authenticationSuccess> +</cas:serviceResponse> diff --git a/vendor/gems/omniauth-cas3/spec/fixtures/cas_success_jasig.xml b/vendor/gems/omniauth-cas3/spec/fixtures/cas_success_jasig.xml new file mode 100644 index 00000000000..72f58edfb46 --- /dev/null +++ b/vendor/gems/omniauth-cas3/spec/fixtures/cas_success_jasig.xml @@ -0,0 +1,16 @@ +<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> + <cas:authenticationSuccess> + <cas:user>psegel</cas:user> + <cas:attributes> + <cas:employeeid>54</cas:employeeid> + <cas:first_name>P. Segel</cas:first_name> + <cas:first_name>Peter</cas:first_name> + <cas:last_name>Segel</cas:last_name> + <cas:email>psegel@intridea.com</cas:email> + <cas:location>Washington, D.C.</cas:location> + <cas:image>/images/user.jpg</cas:image> + <cas:phone>555-555-5555</cas:phone> + <cas:hire_date>2004-07-13</cas:hire_date> + </cas:attributes> + </cas:authenticationSuccess> +</cas:serviceResponse> diff --git a/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3/logout_request_spec.rb b/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3/logout_request_spec.rb new file mode 100644 index 00000000000..4834347fa03 --- /dev/null +++ b/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3/logout_request_spec.rb @@ -0,0 +1,127 @@ +require 'spec_helper' + +describe OmniAuth::Strategies::CAS3::LogoutRequest do + let(:strategy) { double('strategy') } + let(:env) do + { 'rack.input' => StringIO.new('','r') } + end + let(:request) { double('request', params:params, env:env) } + let(:params) { { 'url' => url, 'logoutRequest' => logoutRequest } } + let(:url) { 'http://notes.dev/signed_in' } + let(:logoutRequest) do + %Q[ + <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion\" ID="123abc-1234-ab12-cd34-1234abcd" Version="2.0" IssueInstant="#{Time.now.to_s}"> + <saml:NameID>@NOT_USED@</saml:NameID> + <samlp:SessionIndex>ST-123456-123abc456def</samlp:SessionIndex> + </samlp:LogoutRequest> + ] + end + + subject { described_class.new(strategy, request).call(options) } + + describe 'SAML attributes' do + let(:callback) { Proc.new{} } + let(:options) do + { on_single_sign_out: callback } + end + + before do + @rack_input = nil + allow(callback).to receive(:call) do |req| + @rack_input = req.env['rack.input'].read + true + end + end + + it 'are parsed and injected into the Rack Request parameters', :skip => true do + subject + expect(@rack_input).to eq 'name_id=%40NOT_USED%40&session_index=ST-123456-123abc456def' + end + + it 'are parsed and injected even if saml defined inside NameID', :skip => true do + request.params['logoutRequest'] = + %Q[ + <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="foobarbaz" Version="2.0" IssueInstant="2014-10-19T17:13:50Z"> + <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@</saml:NameID> + <samlp:SessionIndex>ST-foo-bar</samlp:SessionIndex> + </samlp:LogoutRequest> + ] + subject + expect(@rack_input).to eq 'name_id=%40NOT_USED%40&session_index=ST-foo-bar' + end + + it 'are parsed and injected even if saml and samlp namespaces not defined', :skip => true do + request.params['logoutRequest'] = + %Q[ + <samlp:LogoutRequest ID="123abc-1234-ab12-cd34-1234abcd" Version="2.0" IssueInstant="#{Time.now.to_s}"> + <saml:NameID>@NOT_USED@</saml:NameID> + <samlp:SessionIndex>ST-789000-456def789ghi</samlp:SessionIndex> + </samlp:LogoutRequest> + ] + subject + expect(@rack_input).to eq 'name_id=%40NOT_USED%40&session_index=ST-789000-456def789ghi' + end + + context 'that raise when parsed' do + let(:env) { { 'rack.input' => nil } } + + before do + allow(strategy).to receive(:fail!) + subject + expect(strategy).to have_received(:fail!) + end + + it 'responds with an error', skip: true do + expect(strategy).to have_received(:fail!) + end + end + end + + describe 'with a configured callback' do + let(:options) do + { on_single_sign_out: callback } + end + + context 'that returns TRUE' do + let(:callback) { Proc.new{true} } + + it 'responds with OK', skip: true do + expect(subject[0]).to eq 200 + expect(subject[2].body).to eq ['OK'] + end + end + + context 'that returns Nil' do + let(:callback) { Proc.new{} } + + it 'responds with OK', skip: true do + expect(subject[0]).to eq 200 + expect(subject[2].body).to eq ['OK'] + end + end + + context 'that returns a tuple' do + let(:callback) { Proc.new{ [400,{},'Bad Request'] } } + + it 'responds with OK', skip: true do + expect(subject[0]).to eq 400 + expect(subject[2].body).to eq ['Bad Request'] + end + end + + context 'that raises an error' do + let(:exception) { RuntimeError.new('error' )} + let(:callback) { Proc.new{raise exception} } + + before do + allow(strategy).to receive(:fail!) + subject + end + + it 'responds with an error', skip: true do + expect(strategy).to have_received(:fail!) + .with(:logout_request, exception) + end + end + end +end diff --git a/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3/service_ticket_validator_spec.rb b/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3/service_ticket_validator_spec.rb new file mode 100644 index 00000000000..b031d1d68fc --- /dev/null +++ b/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3/service_ticket_validator_spec.rb @@ -0,0 +1,55 @@ +require 'spec_helper' + +describe OmniAuth::Strategies::CAS3::ServiceTicketValidator do + let(:strategy) do + double('strategy', + service_validate_url: 'https://example.org/serviceValidate' + ) + end + let(:provider_options) do + double('provider_options', + disable_ssl_verification?: false, + ca_path: '/etc/ssl/certsZOMG' + ) + end + let(:validator) do + OmniAuth::Strategies::CAS3::ServiceTicketValidator.new( strategy, provider_options, '/foo', nil ) + end + + describe '#call' do + before do + stub_request(:get, 'https://example.org/serviceValidate?') + .to_return(status: 200, body: '') + end + + subject { validator.call } + + it 'returns itself' do + expect(subject).to eq validator + end + + it 'uses the configured CA path' do + subject + expect(provider_options).to have_received :ca_path + end + end + + describe '#user_info' do + let(:ok_fixture) do + File.expand_path(File.join(File.dirname(__FILE__), '../../../fixtures/cas_success.xml')) + end + let(:service_response) { File.read(ok_fixture) } + + before do + stub_request(:get, 'https://example.org/serviceValidate?') + .to_return(status: 200, body:service_response) + validator.call + end + + subject { validator.user_info } + + it 'parses user info from the response' do + expect(subject).to include 'user' => 'psegel' + end + end +end diff --git a/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3_spec.rb b/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3_spec.rb new file mode 100644 index 00000000000..fd61fc79580 --- /dev/null +++ b/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3_spec.rb @@ -0,0 +1,250 @@ +require 'spec_helper' + +describe OmniAuth::Strategies::CAS3, type: :strategy do + include Rack::Test::Methods + + let(:my_cas_provider) { Class.new(OmniAuth::Strategies::CAS3) } + before do + stub_const 'MyCasProvider', my_cas_provider + end + let(:app) do + Rack::Builder.new { + use OmniAuth::Test::PhonySession + use MyCasProvider, name: :cas3, host: 'cas.example.org', ssl: false, port: 8080, uid_field: :employeeid + run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] } + }.to_app + end + + # TODO: Verify that these are even useful tests + shared_examples_for 'a CAS redirect response' do + let(:redirect_params) { 'service=' + Rack::Utils.escape("http://example.org/auth/cas3/callback?url=#{Rack::Utils.escape(return_url)}") } + + before { get url, nil, request_env } + + subject { last_response } + + it { should be_redirect } + + it 'redirects to the CAS server' do + expect(subject.headers).to include 'Location' => "http://cas.example.org:8080/login?#{redirect_params}" + end + end + + describe '#cas_url' do + let(:params) { Hash.new } + let(:provider) { MyCasProvider.new(nil, params) } + + subject { provider.cas_url } + + it 'raises an ArgumentError' do + expect{subject}.to raise_error ArgumentError, %r{:host and :login_url MUST be provided} + end + + context 'with an explicit :url option' do + let(:url) { 'https://example.org:8080/my_cas' } + let(:params) { super().merge url:url } + + before { subject } + + it { should eq url } + + it 'parses the URL into it the appropriate strategy options' do + expect(provider.options).to include ssl:true + expect(provider.options).to include host:'example.org' + expect(provider.options).to include port:8080 + expect(provider.options).to include path:'/my_cas' + end + end + + context 'with explicit URL component' do + let(:params) { super().merge host:'example.org', port:1234, ssl:true, path:'/a/path' } + + before { subject } + + it { should eq 'https://example.org:1234/a/path' } + + it 'parses the URL into it the appropriate strategy options' do + expect(provider.options).to include ssl:true + expect(provider.options).to include host:'example.org' + expect(provider.options).to include port:1234 + expect(provider.options).to include path:'/a/path' + end + end + end + + describe 'defaults' do + subject { MyCasProvider.default_options.to_hash } + + it { should include('ssl' => true) } + end + + describe 'GET /auth/cas3' do + let(:return_url) { 'http://myapp.com/admin/foo' } + + context 'with a referer' do + let(:url) { '/auth/cas3' } + + let(:request_env) { { 'HTTP_REFERER' => return_url } } + + it_behaves_like 'a CAS redirect response' + end + + context 'with an explicit return URL' do + let(:url) { "/auth/cas3?url=#{return_url}" } + + let(:request_env) { {} } + + it_behaves_like 'a CAS redirect response' + end + end + + describe 'GET /auth/cas3/callback' do + context 'without a ticket' do + before { get '/auth/cas3/callback' } + + subject { last_response } + + it { should be_redirect } + + it 'redirects with a failure message' do + expect(subject.headers).to include 'Location' => '/auth/failure?message=no_ticket&strategy=cas3' + end + end + + context 'with an invalid ticket' do + before do + stub_request(:get, /^http:\/\/cas.example.org:8080?\/p3\/serviceValidate\?([^&]+&)?ticket=9391d/). + to_return( body: File.read('spec/fixtures/cas_failure.xml') ) + get '/auth/cas3/callback?ticket=9391d' + end + + subject { last_response } + + it { should be_redirect } + + it 'redirects with a failure message' do + expect(subject.headers).to include 'Location' => '/auth/failure?message=invalid_ticket&strategy=cas3' + end + end + + describe 'with a valid ticket' do + shared_examples :successful_validation do + before do + stub_request(:get, /^http:\/\/cas.example.org:8080?\/p3\/serviceValidate\?([^&]+&)?ticket=593af/) + .with { |request| @request_uri = request.uri.to_s } + .to_return( body: File.read("spec/fixtures/#{xml_file_name}") ) + + get "/auth/cas3/callback?ticket=593af&url=#{return_url}" + end + + it 'strips the ticket parameter from the callback URL' do + expect(@request_uri.scan('ticket=').size).to eq 1 + end + + it 'properly encodes the service URL' do + expect(WebMock).to have_requested(:get, 'http://cas.example.org:8080/p3/serviceValidate') + .with(query: { + ticket: '593af', + service: 'http://example.org/auth/cas3/callback?url=' + Rack::Utils.escape('http://127.0.0.10/?some=parameter') + }) + end + + context "request.env['omniauth.auth']" do + subject { last_request.env['omniauth.auth'] } + + it { should be_kind_of Hash } + + it 'identifes the provider' do + expect(subject.provider).to eq :cas3 + end + + it 'returns the UID of the user' do + expect(subject.uid).to eq '54' + end + + context 'the info hash' do + subject { last_request.env['omniauth.auth']['info'] } + + it 'includes user info attributes' do + expect(subject.name).to eq 'Peter Segel' + expect(subject.first_name).to eq 'Peter' + expect(subject.last_name).to eq 'Segel' + expect(subject.nickname).to eq 'psegel' + expect(subject.email).to eq 'psegel@intridea.com' + expect(subject.location).to eq 'Washington, D.C.' + expect(subject.image).to eq '/images/user.jpg' + expect(subject.phone).to eq '555-555-5555' + end + end + + context 'the extra hash' do + subject { last_request.env['omniauth.auth']['extra'] } + + it 'includes additional user attributes' do + expect(subject.user).to eq 'psegel' + expect(subject.employeeid).to eq '54' + expect(subject.hire_date).to eq '2004-07-13' + end + end + + context 'the credentials hash' do + subject { last_request.env['omniauth.auth']['credentials'] } + + it 'has a ticket value' do + expect(subject.ticket).to eq '593af' + end + end + end + + it 'calls through to the master app' do + expect(last_response.body).to eq 'true' + end + end + + let(:return_url) { 'http://127.0.0.10/?some=parameter' } + + context 'with JASIG flavored XML' do + let(:xml_file_name) { 'cas_success_jasig.xml' } + + it_behaves_like :successful_validation + end + + context 'with classic XML' do + let(:xml_file_name) { 'cas_success.xml' } + + it_behaves_like :successful_validation + end + end + end + + describe 'POST /auth/cas3/callback' do + describe 'with a Single Sign-Out logoutRequest' do + let(:logoutRequest) do + %Q[ + <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion\" ID="123abc-1234-ab12-cd34-1234abcd" Version="2.0" IssueInstant="#{Time.now.to_s}"> + <saml:NameID>@NOT_USED@</saml:NameID> + <samlp:SessionIndex>ST-123456-123abc456def</samlp:SessionIndex> + </samlp:LogoutRequest> + ] + end + + let(:logout_request) { double('logout_request', call:[200,{},'OK']) } + + subject do + post 'auth/cas3/callback', logoutRequest:logoutRequest + end + + before do + allow_any_instance_of(MyCasProvider) + .to receive(:logout_request_service) + .and_return double('LogoutRequest', new:logout_request) + + subject + end + + it 'initializes a LogoutRequest' do + expect(logout_request).to have_received :call + end + end + end +end diff --git a/vendor/gems/omniauth-cas3/spec/spec_helper.rb b/vendor/gems/omniauth-cas3/spec/spec_helper.rb new file mode 100644 index 00000000000..75231268ff3 --- /dev/null +++ b/vendor/gems/omniauth-cas3/spec/spec_helper.rb @@ -0,0 +1,13 @@ +require 'bundler/setup' +require 'awesome_print' + +RSpec.configure do |c| + c.filter_run focus: true + c.run_all_when_everything_filtered = true +end + +require 'rack/test' +require 'webmock/rspec' +require 'omniauth-cas3' + +OmniAuth.config.logger = Logger.new( '/dev/null' ) diff --git a/vendor/gems/omniauth-gitlab/.gitlab-ci.yml b/vendor/gems/omniauth-gitlab/.gitlab-ci.yml index ad9545e2998..da6547a1766 100644 --- a/vendor/gems/omniauth-gitlab/.gitlab-ci.yml +++ b/vendor/gems/omniauth-gitlab/.gitlab-ci.yml @@ -13,18 +13,16 @@ workflow: - gem install bundler --no-document # Bundler is not installed with the image - bundle config set --local path 'vendor' # Install dependencies into ./vendor/ruby - bundle config set with 'development' + - bundle config set --local frozen 'true' # Disallow Gemfile.lock changes on CI + - bundle config # Show bundler configuration - bundle install -j $(nproc) script: - bundle exec rspec -rspec-2.6: - image: "ruby:2.6" - extends: .rspec - rspec-2.7: image: "ruby:2.7" extends: .rspec rspec-3.0: image: "ruby:3.0" - extends: .rspec
\ No newline at end of file + extends: .rspec diff --git a/vendor/gems/omniauth_crowd/.gitlab-ci.yml b/vendor/gems/omniauth_crowd/.gitlab-ci.yml index 98e686db4e3..08a5da1a3d1 100644 --- a/vendor/gems/omniauth_crowd/.gitlab-ci.yml +++ b/vendor/gems/omniauth_crowd/.gitlab-ci.yml @@ -4,7 +4,7 @@ workflow: .rspec: cache: - key: omniauth-gitlab-ruby + key: omniauth_crowd paths: - vendor/gems/omniauth_crowd/vendor/ruby before_script: @@ -13,14 +13,12 @@ workflow: - gem install bundler --no-document # Bundler is not installed with the image - bundle config set --local path 'vendor' # Install dependencies into ./vendor/ruby - bundle config set with 'development' + - bundle config set --local frozen 'true' # Disallow Gemfile.lock changes on CI + - bundle config # Show bundler configuration - bundle install -j $(nproc) script: - bundle exec rspec -rspec-2.6: - image: "ruby:2.6" - extends: .rspec - rspec-2.7: image: "ruby:2.7" extends: .rspec diff --git a/vendor/gems/omniauth_crowd/Gemfile.lock b/vendor/gems/omniauth_crowd/Gemfile.lock index 0ac781e9948..56c9bd4cc7e 100644 --- a/vendor/gems/omniauth_crowd/Gemfile.lock +++ b/vendor/gems/omniauth_crowd/Gemfile.lock @@ -9,49 +9,51 @@ PATH GEM remote: http://rubygems.org/ specs: - activesupport (5.0.0.1) + activesupport (7.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) - minitest (~> 5.1) - tzinfo (~> 1.1) - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) - concurrent-ruby (1.0.5) - crack (0.4.3) - safe_yaml (~> 1.0.0) - diff-lcs (1.2.5) - hashdiff (0.3.6) - hashie (3.4.3) - i18n (0.8.1) - mini_portile2 (2.1.0) - minitest (5.10.1) - nokogiri (1.6.8.1) - mini_portile2 (~> 2.1.0) - omniauth (1.3.1) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 3) - public_suffix (3.0.0) - rack (1.6.4) - rack-test (0.6.3) - rack (>= 1.0) - rake (10.5.0) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) + concurrent-ruby (1.1.10) + crack (0.4.5) + rexml + diff-lcs (1.5.0) + hashdiff (1.0.1) + hashie (5.0.0) + i18n (1.12.0) + concurrent-ruby (~> 1.0) + mini_portile2 (2.8.0) + minitest (5.16.2) + nokogiri (1.13.8) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) + omniauth (1.9.1) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + public_suffix (4.0.7) + racc (1.6.0) + rack (2.2.4) + rack-test (2.0.2) + rack (>= 1.3) + rake (13.0.6) rexml (3.2.5) - rspec (3.0.0) - rspec-core (~> 3.0.0) - rspec-expectations (~> 3.0.0) - rspec-mocks (~> 3.0.0) - rspec-core (3.0.4) - rspec-support (~> 3.0.0) - rspec-expectations (3.0.4) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.0.0) - rspec-mocks (3.0.4) - rspec-support (~> 3.0.0) - rspec-support (3.0.4) - safe_yaml (1.0.4) - thread_safe (0.3.6) - tzinfo (1.2.2) - thread_safe (~> 0.1) + rspec-support (~> 3.11.0) + rspec-mocks (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-support (3.11.0) + tzinfo (2.0.5) + concurrent-ruby (~> 1.0) webmock (3.0.1) addressable (>= 2.3.6) crack (>= 0.3.2) @@ -67,8 +69,8 @@ DEPENDENCIES rack-test rake rexml (~> 3.2.5) - rspec (~> 3.0.0) + rspec (>= 3.4) webmock (~> 3.0.0) BUNDLED WITH - 2.3.15 + 2.3.19 diff --git a/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec b/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec index 4963c5fef1b..1707c7f3f10 100644 --- a/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec +++ b/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec @@ -22,7 +22,7 @@ Gem::Specification.new do |gem| gem.add_development_dependency(%q<rake>, [">= 0"]) gem.add_development_dependency(%q<rack-test>, [">= 0"]) gem.add_development_dependency(%q<rexml>, ["~> 3.2.5"]) - gem.add_development_dependency(%q<rspec>, ["~> 3.0.0"]) + gem.add_development_dependency(%q<rspec>, [">= 3.4"]) gem.add_development_dependency(%q<webmock>, ["~> 3.0.0"]) gem.add_development_dependency(%q<bundler>, ["> 1.0.0"]) end diff --git a/vendor/project_templates/hugo.tar.gz b/vendor/project_templates/hugo.tar.gz Binary files differindex 1f756a696e3..3d037bbf1df 100644 --- a/vendor/project_templates/hugo.tar.gz +++ b/vendor/project_templates/hugo.tar.gz |