diff options
Diffstat (limited to 'vendor/gems/omniauth-cas3')
4 files changed, 38 insertions, 16 deletions
diff --git a/vendor/gems/omniauth-cas3/Gemfile.lock b/vendor/gems/omniauth-cas3/Gemfile.lock index 4c59eb05d50..a856e78f00f 100644 --- a/vendor/gems/omniauth-cas3/Gemfile.lock +++ b/vendor/gems/omniauth-cas3/Gemfile.lock @@ -4,29 +4,30 @@ PATH omniauth-cas3 (1.1.4) addressable (~> 2.3) nokogiri (~> 1.7, >= 1.7.1) - omniauth (~> 1.2, < 3) + omniauth (~> 2.0) GEM remote: https://rubygems.org/ specs: - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) awesome_print (1.9.2) crack (0.4.5) rexml diff-lcs (1.5.0) hashdiff (1.0.1) hashie (5.0.0) - mini_portile2 (2.8.0) nokogiri (1.13.7) - mini_portile2 (~> 2.8.0) racc (~> 1.4) - omniauth (1.9.1) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - public_suffix (4.0.7) + rack (>= 2.2.3) + rack-protection + public_suffix (5.0.0) racc (1.6.0) rack (2.2.4) + rack-protection (2.2.2) + rack rack-test (0.8.3) rack (>= 1.0, < 3) rake (10.5.0) @@ -44,7 +45,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.11.0) rspec-support (3.11.0) - webmock (3.14.0) + webmock (3.18.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -61,4 +62,4 @@ DEPENDENCIES webmock BUNDLED WITH - 2.3.18 + 2.3.21 diff --git a/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3.rb b/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3.rb index 7271621c564..441529b67d8 100644 --- a/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3.rb +++ b/vendor/gems/omniauth-cas3/lib/omniauth/strategies/cas3.rb @@ -62,9 +62,14 @@ module OmniAuth end extra do - prune!( - raw_info.delete_if{ |k,v| AuthHashSchemaKeys.include?(k) } - ) + hash = {} + + unless skip_info? + hash = raw_info.dup + hash.delete_if { |k, _v| AuthHashSchemaKeys.include?(k) } + end + + prune! hash end uid do diff --git a/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec b/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec index abbcaa268d0..c976d85df99 100644 --- a/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec +++ b/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec @@ -14,7 +14,7 @@ Gem::Specification.new do |gem| gem.require_paths = ["lib"] gem.version = Omniauth::Cas3::VERSION - gem.add_dependency 'omniauth', '~> 1.2', '< 3' + gem.add_dependency 'omniauth', '~> 2.0' gem.add_dependency 'nokogiri', '~> 1.7', '>= 1.7.1' gem.add_dependency 'addressable', '~> 2.3' diff --git a/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3_spec.rb b/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3_spec.rb index fd61fc79580..f434d711f02 100644 --- a/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3_spec.rb +++ b/vendor/gems/omniauth-cas3/spec/omniauth/strategies/cas3_spec.rb @@ -1,4 +1,5 @@ require 'spec_helper' +require 'securerandom' describe OmniAuth::Strategies::CAS3, type: :strategy do include Rack::Test::Methods @@ -15,17 +16,32 @@ describe OmniAuth::Strategies::CAS3, type: :strategy do }.to_app end + let(:csrf_token) { SecureRandom.base64(32) } + let(:base_env) { { 'rack.session' => { csrf: csrf_token }, 'rack.input' => StringIO.new("authenticity_token=#{escaped_token}") } } + let(:post_env) { make_env('/auth/cas3', base_env.merge(request_env)) } + let(:escaped_token) { URI.encode_www_form_component(csrf_token, Encoding::UTF_8) } + + def make_env(path = '/auth/cas3', props = {}) + { + 'REQUEST_METHOD' => 'POST', + 'PATH_INFO' => path, + 'rack.session' => {}, + 'rack.input' => StringIO.new('test=true') + }.merge(props) + end + # TODO: Verify that these are even useful tests shared_examples_for 'a CAS redirect response' do let(:redirect_params) { 'service=' + Rack::Utils.escape("http://example.org/auth/cas3/callback?url=#{Rack::Utils.escape(return_url)}") } - before { get url, nil, request_env } + before { post url, nil, post_env } subject { last_response } it { should be_redirect } it 'redirects to the CAS server' do + expect(subject.status).to eq(302) expect(subject.headers).to include 'Location' => "http://cas.example.org:8080/login?#{redirect_params}" end end @@ -78,7 +94,7 @@ describe OmniAuth::Strategies::CAS3, type: :strategy do it { should include('ssl' => true) } end - describe 'GET /auth/cas3' do + describe 'POST /auth/cas3' do let(:return_url) { 'http://myapp.com/admin/foo' } context 'with a referer' do |