Bump json-jwt and openid_connect (cd30a281) · Commits · Gigadoc 2 / diaspora

Gemfile

+1 −1

Original line number	Diff line number	Diff line
		@@ -164,7 +164,7 @@ gem "omniauth-wordpress", "0.2.2"
		gem "twitter", "6.2.0"

		# OpenID Connect
		gem "openid_connect", "1.1.5"
		gem "openid_connect", "1.1.6"

		# Serializers

Gemfile.lock

+7 −11

Original line number	Diff line number	Diff line
		@@ -306,7 +306,7 @@ GEM
		httparty (0.16.2)
		multi_xml (>= 0.5.2)
		httpclient (2.8.3)
		i18n (1.0.0)
		i18n (1.1.0)
		concurrent-ruby (~> 1.0)
		i18n-inflector (2.6.7)
		i18n (>= 0.4.1)
		@@ -333,12 +333,10 @@ GEM
		rails (>= 4.0, < 6.0)
		sprockets (>= 3.0.0)
		json (2.1.0)
		json-jwt (1.9.2)
		json-jwt (1.9.4)
		activesupport
		aes_key_wrap
		bindata
		securecompare
		url_safe_base64
		json-schema (2.8.0)
		addressable (>= 2.4)
		json-schema-rspec (0.0.4)
		@@ -379,7 +377,7 @@ GEM
		mime-types-data (~> 3.2015)
		mime-types-data (3.2016.0521)
		mini_magick (4.8.0)
		mini_mime (1.0.0)
		mini_mime (1.0.1)
		mini_portile2 (2.3.0)
		minitest (5.11.3)
		mobile-fu (1.4.0)
		@@ -429,7 +427,7 @@ GEM
		open_graph_reader (0.6.2)
		faraday (>= 0.9.0)
		nokogiri (~> 1.6)
		openid_connect (1.1.5)
		openid_connect (1.1.6)
		activemodel
		attr_required (>= 1.0.0)
		json-jwt (>= 1.5.0)
		@@ -475,7 +473,7 @@ GEM
		pry-byebug (3.6.0)
		byebug (~> 10.0)
		pry (~> 0.10)
		public_suffix (3.0.2)
		public_suffix (3.0.3)
		rack (2.0.5)
		rack-cors (1.0.2)
		rack-google-analytics (1.2.0)
		@@ -483,7 +481,7 @@ GEM
		activesupport
		rack-mobile-detect (0.4.0)
		rack
		rack-oauth2 (1.9.1)
		rack-oauth2 (1.9.2)
		activesupport
		attr_required
		httpclient
		@@ -642,7 +640,6 @@ GEM
		sass (~> 3.4.20)
		secure_headers (5.0.5)
		useragent (>= 0.15.0)
		securecompare (1.0.0)
		shellany (0.0.1)
		shoulda-matchers (3.1.2)
		activesupport (>= 4.0.0)
		@@ -728,7 +725,6 @@ GEM
		unicorn-worker-killer (0.4.4)
		get_process_mem (~> 0)
		unicorn (>= 4, < 6)
		url_safe_base64 (0.2.2)
		useragent (0.16.10)
		uuid (2.3.8)
		macaddr (~> 1.0)
		@@ -829,7 +825,7 @@ DEPENDENCIES
		omniauth-twitter (= 1.4.0)
		omniauth-wordpress (= 0.2.2)
		open_graph_reader (= 0.6.2)
		openid_connect (= 1.1.5)
		openid_connect (= 1.1.6)
		pg (= 1.0.0)
		poltergeist (= 1.17.0)
		pronto (= 0.9.5)

spec/controllers/api/openid_connect/authorizations_controller_spec.rb

+3 −1

Original line number	Diff line number	Diff line
		@@ -296,7 +296,9 @@ describe Api::OpenidConnect::AuthorizationsController, type: :request do
		decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token,
		Api::OpenidConnect::IdTokenConfig::PUBLIC_KEY
		access_token = response.location[/(?<=access_token=)[^&]+/]
		access_token_check_num = UrlSafeBase64.encode64(OpenSSL::Digest::SHA256.digest(access_token)[0, 128 / 8])
		access_token_check_num = Base64.urlsafe_encode64(
		OpenSSL::Digest::SHA256.digest(access_token)[0, 128 / 8], padding: false
		)
		expect(decoded_token.at_hash).to eq(access_token_check_num)
		end
		end

spec/fixtures/client_assertion_with_tampered_sig.txt

+1 −1

Original line number	Diff line number	Diff line
		eyJhbGciOiJSUzI1NiIsImtpZCI6ImExIn0.eyJhdWQiOiBbImh0dHBzOi8va2VudHNoaWthbWEuY29tL2FwaS9vcGVuaWRfY29ubmVjdC9hY2Nlc3NfdG9rZW5zIl0sICJpc3MiOiAiMTRkNjkyY2Q1M2Q5YzFhOWY0NmZkNjllMGU1NzQ0M2UiLCAianRpIjogIjBtY3JyZVlIIiwgImV4cCI6IDE0NDMxNzA4OTEuMzk3NDU2LCAiaWF0IjogMTQ0MzE3MDI5MS4zOTc0NTYsICJzdWIiOiAiMTRkNjkyY2Q1M2Q5YzFhOWY0NmZkNjllMGU1NzQ0M2UifQ.QJUR3SYFrEIlbfOKjO0NYInddklytbJ2LSWNpkQ1aNThgneDCVCjIYGCaL2C9Sw-GR8j7QSUsKOwBbjZMUmVPFTjsfB4wdgObbxVt1QAXwDjAXc5w1smOerRsoahZ4yKI1an6PTaFxMwnoXUQcBZTsOS6RgXOCPPPoxibxohxoehPLieM0l7LYcF5DQKg7fTxZYOpmtiP--nibJxomXdVQNLSnZuQwnyWtlp_gYmqrYMMN1LPSmNCgZMZZZIYttaaAIA96SylglqubowJRShtDO9rSvUz_sgeCo7qo5Bfb0B5n9_PtIlr1CZSVoHyYj2lVqQldx7fnGuqqQJCfDQoe
		No newline at end of file
		eyJhbGciOiJSUzI1NiIsImtpZCI6ImExIn0.eyJhdWQiOiBbImh0dHBzOi8va2VudHNoaWthbWEuY29tL2FwaS9vcGVuaWRfY29ubmVjdC9hY2Nlc3NfdG9rZW5zIl0sICJpc3MiOiAiMTRkNjkyY2Q1M2Q5YzFhOWY0NmZkNjllMGU1NzQ0M2UiLCAianRpIjogIjBtY3JyZVlIIiwgImV4cCI6IDE0NDMxNzA4OTEuMzk3NDU2LCAiaWF0IjogMTQ0MzE3MDI5MS4zOTc0NTYsICJzdWIiOiAiMTRkNjkyY2Q1M2Q5YzFhOWY0NmZkNjllMGU1NzQ0M2UifQ.QJUR3SYFrEIlbfOKjO0NYInddklytbJ2LSWNpkQ1aNThgneDCVCjIYGCaL2C9Sw-GR8j7QSUsKOwBbjZMUmVPFTjsfB4wdgObbxVt1QAXwDjAXc5w1smOerRsoahZ4yKI1an6PTaFxMwnoXUQcBZTsOS6RgXOCPPPoxibxohxoehPLieM0l7LYcF5DQKg7fTxZYOpmtiP--nibJxomXdVQNLSnZuQwnyWtlp_gYmqrYMMN1LPSmNCgZMZZZIYttaaAIA96SylglqubowJRShtDO9rSvUz_sgeCo7qo5Bfb0B5n9_PtIlr1CZSVoHyYj2lVqQldx7fnGuqqQJCfDQoQ
		No newline at end of file

spec/lib/api/openid_connect/token_endpoint_spec.rb

+6 −2

Original line number	Diff line number	Diff line
		@@ -49,7 +49,9 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
		decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token,
		Api::OpenidConnect::IdTokenConfig::PUBLIC_KEY
		access_token = json["access_token"]
		access_token_check_num = UrlSafeBase64.encode64(OpenSSL::Digest::SHA256.digest(access_token)[0, 128 / 8])
		access_token_check_num = Base64.urlsafe_encode64(
		OpenSSL::Digest::SHA256.digest(access_token)[0, 128 / 8], padding: false
		)
		expect(decoded_token.at_hash).to eq(access_token_check_num)
		end

		@@ -93,7 +95,9 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
		decoded_token = OpenIDConnect::ResponseObject::IdToken.decode encoded_id_token,
		Api::OpenidConnect::IdTokenConfig::PUBLIC_KEY
		access_token = json["access_token"]
		access_token_check_num = UrlSafeBase64.encode64(OpenSSL::Digest::SHA256.digest(access_token)[0, 128 / 8])
		access_token_check_num = Base64.urlsafe_encode64(
		OpenSSL::Digest::SHA256.digest(access_token)[0, 128 / 8], padding: false
		)
		expect(decoded_token.at_hash).to eq(access_token_check_num)
		end