Commit d499c58

authored

431/fix post json for token (#629)

* 📝 Document release 2.0.7 Signed-off-by: Peter Boling <peter.boling@gmail.com> * 🐛 Allow POST of JSON to get token - Fixes #431 - Thanks @terracatta Signed-off-by: Peter Boling <peter.boling@gmail.com> * ♻️ Refactor method names that are too long Signed-off-by: Peter Boling <peter.boling@gmail.com> * 🔖 Prepare release 2.0.7 Signed-off-by: Peter Boling <peter.boling@gmail.com> * ♻️ Small Client refactor Signed-off-by: Peter Boling <peter.boling@gmail.com> * 📝 Document impact of fix Signed-off-by: Peter Boling <peter.boling@gmail.com> Signed-off-by: Peter Boling <peter.boling@gmail.com>

1 parent 5e20fdd commit d499c58Copy full SHA for d499c58

File tree

4 files changed

+62

-20

lines changed

CHANGELOG.md
lib/oauth2
- client.rb
- version.rb
spec/oauth2
- client_spec.rb

4 files changed

+62

-20

lines changed

`‎CHANGELOG.md`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.`
`4`	`4`	`The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),`
`5`	`5`	`and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).`
`6`	`6`
	`7`	`+## [2.0.7] - 2022年08月22日`
	`8`	`+### Added`
	`9`	`+- [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta)`
	`10`	`+`
	`11`	`+### Fixed`
	`12`	`+- [#626](https://github.com/oauth-xx/oauth2/pull/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)`
	`13`	+ - Note: This fixes compatibility with `omniauth-oauth2` and AWS
	`14`	`+- [#625](https://github.com/oauth-xx/oauth2/pull/625) - Fixes the printed version in the post install message (@hasghari)`
	`15`	`+`
`7`	`16`	`## [2.0.6] - 2022年07月13日`
`8`	`17`	`### Fixed`
`9`	`18`	`- [#624](https://github.com/oauth-xx/oauth2/pull/624) - Fixes a [regression](https://github.com/oauth-xx/oauth2/pull/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)`

`‎lib/oauth2/client.rb`

Lines changed: 39 additions & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -157,46 +157,50 @@ def request(verb, url, opts = {}, &block)`
`157`	`157`	`def get_token(params, access_token_opts = {}, extract_access_token = nil, &block)`
`158`	`158`	warn('OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.') if extract_access_token
`159`	`159`	`extract_access_token \|\|= options[:extract_access_token]`
`160`		`- params = params.map do \|key, value\|`
`161`		`- if RESERVED_PARAM_KEYS.include?(key)`
`162`		`- [key.to_sym, value]`
`163`		`- else`
`164`		`- [key, value]`
`165`		`- end`
`166`		`- end.to_h`
`167`		`-`
`168`		`- parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]`
`169`		`- snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]`
	`160`	`+ parse, snaky, params, headers = parse_snaky_params_headers(params)`
`170`	`161`
`171`	`162`	`request_opts = {`
`172`	`163`	`raise_errors: options[:raise_errors],`
`173`	`164`	`parse: parse,`
`174`	`165`	`snaky: snaky,`
`175`	`166`	`}`
`176`		`- params = authenticator.apply(params)`
`177`		`- headers = params.delete(:headers) \|\| {}`
`178`	`167`	`if options[:token_method] == :post`
`179`		`- request_opts[:body] = params`
	`168`	`+`
	`169`	`+ # NOTE: If proliferation of request types continues we should implement a parser solution for Request,`
	`170`	`+ # just like we have with Response.`
	`171`	`+ request_opts[:body] = if headers['Content-Type'] == 'application/json'`
	`172`	`+ params.to_json`
	`173`	`+ else`
	`174`	`+ params`
	`175`	`+ end`
	`176`	`+`
`180`	`177`	`request_opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}`
`181`	`178`	`else`
`182`	`179`	`request_opts[:params] = params`
`183`	`180`	`request_opts[:headers] = {}`
`184`	`181`	`end`
`185`	`182`	`request_opts[:headers].merge!(headers)`
`186`		`- http_method = options[:token_method]`
`187`		`- http_method = :post if http_method == :post_with_query_string`
`188`	`183`	`response = request(http_method, token_url, request_opts, &block)`
`189`	`184`
`190`	`185`	`# In v1.4.x, the deprecated extract_access_token option retrieves the token from the response.`
`191`	`186`	`# We preserve this behavior here, but a custom access_token_class that implements #from_hash`
`192`	`187`	`# should be used instead.`
`193`	`188`	`if extract_access_token`
`194`		`- parse_response_with_legacy_extract(response, access_token_opts, extract_access_token)`
	`189`	`+ parse_response_legacy(response, access_token_opts, extract_access_token)`
`195`	`190`	`else`
`196`	`191`	`parse_response(response, access_token_opts)`
`197`	`192`	`end`
`198`	`193`	`end`
`199`	`194`
	`195`	`+ # The HTTP Method of the request`
	`196`	`+ # @return [Symbol] HTTP verb, one of :get, :post, :put, :delete`
	`197`	`+ def http_method`
	`198`	`+ http_meth = options[:token_method].to_sym`
	`199`	`+ return :post if http_meth == :post_with_query_string`
	`200`	`+`
	`201`	`+ http_meth`
	`202`	`+ end`
	`203`	`+`
`200`	`204`	`# The Authorization Code strategy`
`201`	`205`	`#`
`202`	`206`	`# @see http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.1`
`@@ -255,6 +259,22 @@ def redirection_params`
`255`	`259`
`256`	`260`	`private`
`257`	`261`
	`262`	`+ def parse_snaky_params_headers(params)`
	`263`	`+ params = params.map do \|key, value\|`
	`264`	`+ if RESERVED_PARAM_KEYS.include?(key)`
	`265`	`+ [key.to_sym, value]`
	`266`	`+ else`
	`267`	`+ [key, value]`
	`268`	`+ end`
	`269`	`+ end.to_h`
	`270`	`+ parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]`
	`271`	`+ snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]`
	`272`	`+ params = authenticator.apply(params)`
	`273`	`+ # authenticator may add :headers, and we remove them here`
	`274`	`+ headers = params.delete(:headers) \|\| {}`
	`275`	`+ [parse, snaky, params, headers]`
	`276`	`+ end`
	`277`	`+`
`258`	`278`	`def execute_request(verb, url, opts = {})`
`259`	`279`	`url = connection.build_url(url).to_s`
`260`	`280`
`@@ -282,8 +302,8 @@ def authenticator`
`282`	`302`	`Authenticator.new(id, secret, options[:auth_scheme])`
`283`	`303`	`end`
`284`	`304`
`285`		`- def parse_response_with_legacy_extract(response, access_token_opts, extract_access_token)`
`286`		`- access_token = build_access_token_legacy_extract(response, access_token_opts, extract_access_token)`
	`305`	`+ def parse_response_legacy(response, access_token_opts, extract_access_token)`
	`306`	`+ access_token = build_access_token_legacy(response, access_token_opts, extract_access_token)`
`287`	`307`
`288`	`308`	`return access_token if access_token`
`289`	`309`
`@@ -321,7 +341,7 @@ def build_access_token(response, access_token_opts, access_token_class)`
`321`	`341`	`# Builds the access token from the response of the HTTP call with legacy extract_access_token`
`322`	`342`	`#`
`323`	`343`	`# @return [AccessToken] the initialized AccessToken`
`324`		`- def build_access_token_legacy_extract(response, access_token_opts, extract_access_token)`
	`344`	`+ def build_access_token_legacy(response, access_token_opts, extract_access_token)`
`325`	`345`	`extract_access_token.call(self, response.parsed.merge(access_token_opts))`
`326`	`346`	`rescue StandardError`
`327`	`347`	`nil`

`‎lib/oauth2/version.rb`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,6 @@`
`2`	`2`
`3`	`3`	`module OAuth2`
`4`	`4`	`module Version`
`5`		`- VERSION = '2.0.6'.freeze`
	`5`	`+ VERSION = '2.0.7'.freeze`
`6`	`6`	`end`
`7`	`7`	`end`

`‎spec/oauth2/client_spec.rb`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -583,6 +583,15 @@`
`583`	`583`	`client.get_token({})`
`584`	`584`	`end`
`585`	`585`
	`586`	`+ it 'authenticates with JSON' do`
	`587`	`+ client = stubbed_client(auth_scheme: :basic_auth) do \|stub\|`
	`588`	`+ stub.post('/oauth/token') do \|env\|`
	`589`	`+ [200, {'Content-Type' => 'application/json'}, JSON.dump('access_token' => 'the-token')]`
	`590`	`+ end`
	`591`	`+ end`
	`592`	`+ client.get_token(headers: {'Content-Type' => 'application/json'})`
	`593`	`+ end`
	`594`	`+`
`586`	`595`	`it 'sets the response object on the access token' do`
`587`	`596`	`client = stubbed_client do \|stub\|`
`588`	`597`	`stub.post('/oauth/token') do`
`@@ -901,6 +910,10 @@ def stubbed_client(params = {}, &stubs)`
`901`	`910`	`end`
`902`	`911`	`end`
`903`	`912`
	`913`	`+ it 'instantiates an HTTP Method with this client' do`
	`914`	`+ expect(subject.http_method).to be_kind_of(Symbol)`
	`915`	`+ end`
	`916`	`+`
`904`	`917`	`it 'instantiates an AuthCode strategy with this client' do`
`905`	`918`	`expect(subject.auth_code).to be_kind_of(OAuth2::Strategy::AuthCode)`
`906`	`919`	`end`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit d499c58

File tree

4 files changed

4 files changed

`‎CHANGELOG.md`

`‎lib/oauth2/client.rb`

`‎lib/oauth2/version.rb`

`‎spec/oauth2/client_spec.rb`

0 commit comments