From 4428e47c7e1b54c297e780c5f6fb3a8a7ed20959 Mon Sep 17 00:00:00 2001 From: tmilewski Date: Thu, 28 Dec 2017 14:50:50 -0500 Subject: [PATCH 1/6] Bring deps up-to-date; Fix Yard vulnerability --- .rspec | 2 +- Gemfile | 3 +- Gemfile.lock | 156 +++++++++++++++-------- omniauth-openid.gemspec | 20 +-- spec/omniauth/strategies/open_id_spec.rb | 71 +++++------ 5 files changed, 148 insertions(+), 104 deletions(-) diff --git a/.rspec b/.rspec index e41b078..5f16476 100644 --- a/.rspec +++ b/.rspec @@ -1,2 +1,2 @@ --color ---format=nested +--format progress diff --git a/Gemfile b/Gemfile index 0df8091..055a7aa 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ source 'http://rubygems.org' platforms :jruby do - gem 'jruby-openssl', '~> 0.7' + gem 'jruby-openssl', '~> 0.9' end gem 'ruby-openid', '2.1.8', :git => 'git://github.com/mbleigh/ruby-openid.git' @@ -11,7 +11,6 @@ gemspec group :development, :test do gem 'guard' gem 'guard-rspec' - gem 'growl' gem 'rb-fsevent' end diff --git a/Gemfile.lock b/Gemfile.lock index 06967e6..62a1dac 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -7,76 +7,122 @@ GIT PATH remote: . specs: - omniauth-openid (1.0.0.beta1) - omniauth (~> 1.0.0.beta1) - rack-openid (~> 1.3.1) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.4.0) GEM remote: http://rubygems.org/ specs: - addressable (2.2.6) - crack (0.3.1) - diff-lcs (1.1.3) - growl (1.0.3) - guard (0.8.7) - thor (~> 0.14.6) - guard-rspec (0.5.0) - guard (>= 0.8.4) - hashie (1.2.0) - multi_json (1.0.3) - omniauth (1.0.0.pr2) - hashie - rack - rack (1.3.5) - rack-openid (1.3.1) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) + coderay (1.1.2) + crack (0.4.3) + safe_yaml (~> 1.0.0) + diff-lcs (1.3) + docile (1.1.5) + ffi (1.9.18) + formatador (0.2.5) + guard (2.14.1) + formatador (>= 0.2.4) + listen (>= 2.7, < 4.0) + lumberjack (~> 1.0) + nenv (~> 0.1) + notiffany (~> 0.0) + pry (>= 0.9.12) + shellany (~> 0.0) + thor (>= 0.18.1) + guard-compat (1.2.1) + guard-rspec (4.7.3) + guard (~> 2.1) + guard-compat (~> 1.1) + rspec (>= 2.99.0, < 4.0) + hashdiff (0.3.7) + hashie (3.5.7) + json (2.1.0) + listen (3.1.5) + rb-fsevent (~> 0.9, >= 0.9.4) + rb-inotify (~> 0.9, >= 0.9.7) + ruby_dep (~> 1.2) + lumberjack (1.0.12) + method_source (0.9.0) + mustermann (1.0.1) + nenv (0.3.0) + notiffany (0.1.1) + nenv (~> 0.1) + shellany (~> 0.0) + omniauth (1.8.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) + pry (0.11.3) + coderay (~> 1.1.0) + method_source (~> 0.9.0) + public_suffix (3.0.1) + rack (2.0.3) + rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-protection (1.1.2) + rack-protection (2.0.0) rack - rack-test (0.6.1) - rack (>= 1.0) - rake (0.9.2) - rb-fsevent (0.4.3.1) - rdiscount (1.6.8) - rspec (2.7.0) - rspec-core (~> 2.7.0) - rspec-expectations (~> 2.7.0) - rspec-mocks (~> 2.7.0) - rspec-core (2.7.0) - rspec-expectations (2.7.0) - diff-lcs (~> 1.1.2) - rspec-mocks (2.7.0) - simplecov (0.5.4) - multi_json (~> 1.0.3) - simplecov-html (~> 0.5.3) - simplecov-html (0.5.3) - sinatra (1.3.0) - rack (~> 1.3) - rack-protection (~> 1.1) - tilt (~> 1.3) - thor (0.14.6) - tilt (1.3.3) - webmock (1.7.7) - addressable (> 2.2.5, ~> 2.2) - crack (>= 0.1.7) - yard (0.7.2) + rack-test (0.8.2) + rack (>= 1.0, < 3) + rake (12.3.0) + rb-fsevent (0.10.2) + rb-inotify (0.9.10) + ffi (>= 0.5.0, < 2) + rdiscount (2.2.0.1) + rspec (3.7.0) + rspec-core (~> 3.7.0) + rspec-expectations (~> 3.7.0) + rspec-mocks (~> 3.7.0) + rspec-core (3.7.0) + rspec-support (~> 3.7.0) + rspec-expectations (3.7.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.7.0) + rspec-mocks (3.7.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.7.0) + rspec-support (3.7.0) + ruby_dep (1.5.0) + safe_yaml (1.0.4) + shellany (0.0.1) + simplecov (0.15.1) + docile (~> 1.1.0) + json (>= 1.8, < 3) + simplecov-html (~> 0.10.0) + simplecov-html (0.10.2) + sinatra (2.0.0) + mustermann (~> 1.0) + rack (~> 2.0) + rack-protection (= 2.0.0) + tilt (~> 2.0) + thor (0.20.0) + tilt (2.0.8) + webmock (3.1.1) + addressable (>= 2.3.6) + crack (>= 0.3.2) + hashdiff + yard (0.9.12) PLATFORMS ruby DEPENDENCIES - growl guard guard-rspec - jruby-openssl (~> 0.7) + jruby-openssl (~> 0.9) omniauth-openid! - rack-test (~> 0.5) - rake (~> 0.8) + rack-test (~> 0.8) + rake (~> 12.3) rb-fsevent - rdiscount (~> 1.6) - rspec (~> 2.5) + rdiscount (~> 2.2) + rspec (~> 3.0) ruby-openid (= 2.1.8)! - simplecov (~> 0.4) + simplecov (~> 0.15) sinatra - webmock (~> 1.7) - yard (~> 0.7) + webmock (~> 3.1) + yard (~> 0.9.11) + +BUNDLED WITH + 1.15.4 diff --git a/omniauth-openid.gemspec b/omniauth-openid.gemspec index 14036be..ff1f652 100644 --- a/omniauth-openid.gemspec +++ b/omniauth-openid.gemspec @@ -4,18 +4,18 @@ require File.expand_path('../lib/omniauth-openid/version', __FILE__) Gem::Specification.new do |gem| gem.add_dependency 'omniauth', '~> 1.0' - gem.add_dependency 'rack-openid', '~> 1.3.1' - gem.add_development_dependency 'rack-test', '~> 0.5' - gem.add_development_dependency 'rake', '~> 0.8' - gem.add_development_dependency 'rdiscount', '~> 1.6' - gem.add_development_dependency 'rspec', '~> 2.7' - gem.add_development_dependency 'simplecov', '~> 0.4' - gem.add_development_dependency 'webmock', '~> 1.7' - gem.add_development_dependency 'yard', '~> 0.7' + gem.add_dependency 'rack-openid', '~> 1.4.0' + gem.add_development_dependency 'rack-test', '~> 0.8' + gem.add_development_dependency 'rake', '~> 12.3' + gem.add_development_dependency 'rdiscount', '~> 2.2' + gem.add_development_dependency 'rspec', '~> 3.0' + gem.add_development_dependency 'simplecov', '~> 0.15' + gem.add_development_dependency 'webmock', '~> 3.1' + gem.add_development_dependency 'yard', '~> 0.9.11' - gem.authors = ['Michael Bleigh', 'Erik Michaels-Ober'] + gem.authors = ['Michael Bleigh', 'Erik Michaels-Ober', 'Tom Milewski'] gem.description = %q{OpenID strategy for OmniAuth.} - gem.email = ['michael@intridea.com', 'sferik@gmail.com'] + gem.email = ['michael@intridea.com', 'sferik@gmail.com', 'tmilewski@gmail.com'] gem.files = `git ls-files`.split("\n") gem.homepage = 'https://github.com/intridea/omniauth-openid' gem.name = 'omniauth-openid' diff --git a/spec/omniauth/strategies/open_id_spec.rb b/spec/omniauth/strategies/open_id_spec.rb index e7843b8..d1e749d 100644 --- a/spec/omniauth/strategies/open_id_spec.rb +++ b/spec/omniauth/strategies/open_id_spec.rb @@ -6,7 +6,7 @@ def app strat = OmniAuth::Strategies::OpenID Rack::Builder.new { - use Rack::Session::Cookie + use Rack::Session::Cookie, secret: 'foobar' use strat run lambda {|env| [404, {'Content-Type' => 'text/plain'}, [nil || env.key?('omniauth.auth').to_s]] } }.to_app @@ -22,55 +22,55 @@ def expired_query_string end it 'should respond with OK' do - last_response.should be_ok + expect(last_response).to be_ok end it 'should respond with HTML' do - last_response.content_type.should == 'text/html' + expect(last_response.content_type).to eq 'text/html' end it 'should render an identifier URL input' do - last_response.body.should =~ %r{]*openid_url} + expect(last_response.body).to match %r{]*openid_url} end end - #describe '/auth/open_id with an identifier URL' do - # context 'successful' do - # before do - # @identifier_url = 'http://me.example.org' - # # TODO: change this mock to actually return some sort of OpenID response - # stub_request(:get, @identifier_url) - # get '/auth/open_id?openid_url=' + @identifier_url - # end - # - # it 'should redirect to the OpenID identity URL' do - # last_response.should be_redirect - # last_response.headers['Location'].should =~ %r{^#{@identifier_url}.*} - # end - # - # it 'should tell the OpenID server to return to the callback URL' do - # return_to = CGI.escape(last_request.url + '/callback') - # last_response.headers['Location'].should =~ %r{[\?&]openid.return_to=#{return_to}} - # end - # end - #end + # describe '/auth/open_id with an identifier URL' do + # context 'successful' do + # before do + # @identifier_url = 'http://me.example.org' + # # TODO: change this mock to actually return some sort of OpenID response + # stub_request(:get, @identifier_url) + # get '/auth/open_id?openid_url=' + @identifier_url + # end + # + # it 'should redirect to the OpenID identity URL' do + # last_response.should be_redirect + # last_response.headers['Location'].should =~ %r{^#{@identifier_url}.*} + # end + # + # it 'should tell the OpenID server to return to the callback URL' do + # return_to = CGI.escape(last_request.url + '/callback') + # last_response.headers['Location'].should =~ %r{[\?&]openid.return_to=#{return_to}} + # end + # end + # end describe 'followed by /auth/open_id/callback' do context 'successful' do - #before do - # @identifier_url = 'http://me.example.org' - # # TODO: change this mock to actually return some sort of OpenID response - # stub_request(:get, @identifier_url) - # get '/auth/open_id/callback' - #end + # before do + # @identifier_url = 'http://me.example.org' + # # TODO: change this mock to actually return some sort of OpenID response + # stub_request(:get, @identifier_url) + # get '/auth/open_id/callback' + # end it "should set provider to open_id" it "should create auth_hash based on sreg" it "should create auth_hash based on ax" - #it 'should call through to the master app' do - # last_response.body.should == 'true' - #end + # it 'should call through to the master app' do + # last_response.body.should == 'true' + # end end context 'unsuccessful' do @@ -81,11 +81,10 @@ def expired_query_string it 'it should redirect to invalid credentials' do pending - last_response.should be_redirect - last_response.headers['Location'].should =~ %r{invalid_credentials} + expect(last_response).to be_redirect + expect(last_response).to match %r{invalid_credentials} end end end end - end From 7073fdd17d92369227af3288c73f651014fd2f1e Mon Sep 17 00:00:00 2001 From: tmilewski Date: Thu, 28 Dec 2017 14:54:19 -0500 Subject: [PATCH 2/6] Add TravisCI --- .travis.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..78460a5 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,24 @@ +bundler_args: --without development +before_install: + - gem update --system + - gem update bundler +cache: bundler +env: + global: + - JRUBY_OPTS="$JRUBY_OPTS --debug" +language: ruby +rvm: + - jruby-9000 + - 2.1.10 # EOL Soon + - 2.2.9 + - 2.3.6 + - 2.4.3 + - 2.5.0 + - jruby-head + - ruby-head +matrix: + allow_failures: + - rvm: jruby-head + - rvm: ruby-head + fast_finish: true +sudo: false From 07f7caa09fa8e279220c0b3c8cd0490be67f5b86 Mon Sep 17 00:00:00 2001 From: tmilewski Date: Thu, 28 Dec 2017 14:58:50 -0500 Subject: [PATCH 3/6] Add Rake --- Gemfile | 2 ++ Gemfile.lock | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 055a7aa..e0586fb 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,7 @@ source 'http://rubygems.org' +gem 'rake', '~> 12.0' + platforms :jruby do gem 'jruby-openssl', '~> 0.9' end diff --git a/Gemfile.lock b/Gemfile.lock index 62a1dac..741b50a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -114,7 +114,7 @@ DEPENDENCIES jruby-openssl (~> 0.9) omniauth-openid! rack-test (~> 0.8) - rake (~> 12.3) + rake (~> 12.0) rb-fsevent rdiscount (~> 2.2) rspec (~> 3.0) From e57bc11e8bd95795ef5c8764d3c9dabaf9ab679b Mon Sep 17 00:00:00 2001 From: tmilewski Date: Thu, 28 Dec 2017 15:05:38 -0500 Subject: [PATCH 4/6] Remove support for 2.1.10 (EOL) --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 78460a5..f313f2a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,6 @@ env: language: ruby rvm: - jruby-9000 - - 2.1.10 # EOL Soon - 2.2.9 - 2.3.6 - 2.4.3 From ecd8d3a536a316fd10c228789b4bea42ae2d6afc Mon Sep 17 00:00:00 2001 From: tmilewski Date: Thu, 28 Dec 2017 15:11:08 -0500 Subject: [PATCH 5/6] Update dependency listing --- Gemfile | 9 +++++--- Gemfile.lock | 51 +++++------------------------------------ omniauth-openid.gemspec | 8 ------- 3 files changed, 12 insertions(+), 56 deletions(-) diff --git a/Gemfile b/Gemfile index e0586fb..ba9151f 100644 --- a/Gemfile +++ b/Gemfile @@ -11,9 +11,12 @@ gem 'ruby-openid', '2.1.8', :git => 'git://github.com/mbleigh/ruby-openid.git' gemspec group :development, :test do - gem 'guard' - gem 'guard-rspec' - gem 'rb-fsevent' + gem 'rack-test' + gem 'rdiscount' + gem 'rspec', '>= 3.0' + gem 'simplecov', '>= 0.9' + gem 'webmock', '~> 3.0' + gem 'yard', '>= 0.9.11' end group :example do diff --git a/Gemfile.lock b/Gemfile.lock index 741b50a..ce2ac9d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -16,47 +16,17 @@ GEM specs: addressable (2.5.2) public_suffix (>= 2.0.2, < 4.0) - coderay (1.1.2) crack (0.4.3) safe_yaml (~> 1.0.0) diff-lcs (1.3) docile (1.1.5) - ffi (1.9.18) - formatador (0.2.5) - guard (2.14.1) - formatador (>= 0.2.4) - listen (>= 2.7, < 4.0) - lumberjack (~> 1.0) - nenv (~> 0.1) - notiffany (~> 0.0) - pry (>= 0.9.12) - shellany (~> 0.0) - thor (>= 0.18.1) - guard-compat (1.2.1) - guard-rspec (4.7.3) - guard (~> 2.1) - guard-compat (~> 1.1) - rspec (>= 2.99.0, < 4.0) hashdiff (0.3.7) hashie (3.5.7) json (2.1.0) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) - lumberjack (1.0.12) - method_source (0.9.0) mustermann (1.0.1) - nenv (0.3.0) - notiffany (0.1.1) - nenv (~> 0.1) - shellany (~> 0.0) omniauth (1.8.1) hashie (>= 3.4.6, < 3.6.0) rack (>= 1.6.2, < 3) - pry (0.11.3) - coderay (~> 1.1.0) - method_source (~> 0.9.0) public_suffix (3.0.1) rack (2.0.3) rack-openid (1.4.2) @@ -67,9 +37,6 @@ GEM rack-test (0.8.2) rack (>= 1.0, < 3) rake (12.3.0) - rb-fsevent (0.10.2) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) rdiscount (2.2.0.1) rspec (3.7.0) rspec-core (~> 3.7.0) @@ -84,9 +51,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.7.0) rspec-support (3.7.0) - ruby_dep (1.5.0) safe_yaml (1.0.4) - shellany (0.0.1) simplecov (0.15.1) docile (~> 1.1.0) json (>= 1.8, < 3) @@ -97,7 +62,6 @@ GEM rack (~> 2.0) rack-protection (= 2.0.0) tilt (~> 2.0) - thor (0.20.0) tilt (2.0.8) webmock (3.1.1) addressable (>= 2.3.6) @@ -109,20 +73,17 @@ PLATFORMS ruby DEPENDENCIES - guard - guard-rspec jruby-openssl (~> 0.9) omniauth-openid! - rack-test (~> 0.8) + rack-test rake (~> 12.0) - rb-fsevent - rdiscount (~> 2.2) - rspec (~> 3.0) + rdiscount + rspec (>= 3.0) ruby-openid (= 2.1.8)! - simplecov (~> 0.15) + simplecov (>= 0.9) sinatra - webmock (~> 3.1) - yard (~> 0.9.11) + webmock (~> 3.0) + yard (>= 0.9.11) BUNDLED WITH 1.15.4 diff --git a/omniauth-openid.gemspec b/omniauth-openid.gemspec index ff1f652..7c8237d 100644 --- a/omniauth-openid.gemspec +++ b/omniauth-openid.gemspec @@ -2,16 +2,8 @@ require File.expand_path('../lib/omniauth-openid/version', __FILE__) Gem::Specification.new do |gem| - gem.add_dependency 'omniauth', '~> 1.0' gem.add_dependency 'rack-openid', '~> 1.4.0' - gem.add_development_dependency 'rack-test', '~> 0.8' - gem.add_development_dependency 'rake', '~> 12.3' - gem.add_development_dependency 'rdiscount', '~> 2.2' - gem.add_development_dependency 'rspec', '~> 3.0' - gem.add_development_dependency 'simplecov', '~> 0.15' - gem.add_development_dependency 'webmock', '~> 3.1' - gem.add_development_dependency 'yard', '~> 0.9.11' gem.authors = ['Michael Bleigh', 'Erik Michaels-Ober', 'Tom Milewski'] gem.description = %q{OpenID strategy for OmniAuth.} From d098e7025416592281624cb3b189187c7260eb56 Mon Sep 17 00:00:00 2001 From: tmilewski Date: Thu, 28 Dec 2017 15:18:28 -0500 Subject: [PATCH 6/6] Remove rdiscount --- Gemfile | 1 - Gemfile.lock | 2 -- 2 files changed, 3 deletions(-) diff --git a/Gemfile b/Gemfile index ba9151f..402aaf2 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,6 @@ gemspec group :development, :test do gem 'rack-test' - gem 'rdiscount' gem 'rspec', '>= 3.0' gem 'simplecov', '>= 0.9' gem 'webmock', '~> 3.0' diff --git a/Gemfile.lock b/Gemfile.lock index ce2ac9d..d06610d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -37,7 +37,6 @@ GEM rack-test (0.8.2) rack (>= 1.0, < 3) rake (12.3.0) - rdiscount (2.2.0.1) rspec (3.7.0) rspec-core (~> 3.7.0) rspec-expectations (~> 3.7.0) @@ -77,7 +76,6 @@ DEPENDENCIES omniauth-openid! rack-test rake (~> 12.0) - rdiscount rspec (>= 3.0) ruby-openid (= 2.1.8)! simplecov (>= 0.9)