Revert "bundle update oauth2"

This reverts commit 9e69dde208.

Change-Id: I3cf8a7ebe352134a17db94f253718ae9fa97a08f
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/327804
Reviewed-by: Jacob Burroughs <jburroughs@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Build-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
This commit is contained in:
Cody Cutrer 2023-09-14 10:52:18 -06:00
parent 9b3ece58a0
commit c4207958fe
7 changed files with 61 additions and 12 deletions

View File

@ -77,7 +77,7 @@ gem "neighbor", "~> 0.3"
gem "net-http", "~> 0.1", require: false
gem "net-ldap", "~> 0.18", require: false
gem "oauth", "~> 1.1", require: false
gem "oauth2", "~> 2.0", require: false
gem "oauth2", "~> 1.4", require: false
gem "oj", "~> 3.16"
gem "outrigger", "3.0.1"
gem "parallel", "~> 1.23", require: false

View File

@ -744,13 +744,12 @@ GEM
version_gem (~> 1.1)
oauth-tty (1.0.5)
version_gem (~> 1.1, >= 1.1.1)
oauth2 (2.0.9)
oauth2 (1.4.11)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 4)
snaky_hash (~> 2.0)
version_gem (~> 1.1)
oj (3.16.1)
once-ler (2.0.1)
activerecord (>= 6.0, < 7.1)
@ -1256,7 +1255,7 @@ DEPENDENCIES
net-http (~> 0.1)
net-ldap (~> 0.18)
oauth (~> 1.1)
oauth2 (~> 2.0)
oauth2 (~> 1.4)
oj (~> 3.16)
once-ler (= 2.0.1)
outrigger (= 3.0.1)

View File

@ -73,7 +73,7 @@ class AuthenticationProvider::Apple < AuthenticationProvider::OpenIDConnect
end
user = JSON.parse(params[:user]) if params[:user]
id_token.merge!(user["name"].slice("firstName", "lastName")) if user && user["name"]
id_token.merge!(user["name"].slice("firstName", "lastName")) if user["name"]
id_token
end
@ -81,6 +81,14 @@ class AuthenticationProvider::Apple < AuthenticationProvider::OpenIDConnect
token
end
def generate_authorize_url(redirect_uri, state)
# wtf Apple https://forums.developer.apple.com/thread/122458
# we _could_ update faraday, which has been fixed to deal with this as well,
# but that's a long rabbit whole of other gems that would need updating and
# have very large breaking changes, so far riskier
super.gsub("+", "%20")
end
protected
def authorize_url

View File

@ -92,8 +92,8 @@ class AuthenticationProvider::LinkedIn < AuthenticationProvider::OAuth2
def client_options
{
site: "https://api.linkedin.com",
authorize_url: "https://www.linkedin.com/oauth/v2/authorization",
token_url: "https://www.linkedin.com/oauth/v2/accessToken"
authorize_url: "https://www.linkedin.com/uas/oauth2/authorization",
token_url: "https://www.linkedin.com/uas/oauth2/accessToken"
}
end
@ -108,8 +108,4 @@ class AuthenticationProvider::LinkedIn < AuthenticationProvider::OAuth2
"r_liteprofile"
end
end
def token_options
{ client_secret: }
end
end

View File

@ -19,6 +19,7 @@
#
require "oauth2"
require "canvas/core_ext/oauth2"
class AuthenticationProvider::OAuth < AuthenticationProvider::Delegated
SENSITIVE_PARAMS = [:consumer_secret].freeze

View File

@ -19,6 +19,7 @@
#
require "oauth2"
require "canvas/core_ext/oauth2"
class OAuthValidationError < RuntimeError
end

View File

@ -0,0 +1,44 @@
# frozen_string_literal: true
#
# Copyright (C) 2016 - present Instructure, Inc.
#
# This file is part of Canvas.
#
# Canvas is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, version 3 of the License.
#
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
module Canvas::CoreExt
module OAuth2
def get_token(params, access_token_opts = {}, access_token_class = ::OAuth2::AccessToken)
params = ::OAuth2::Authenticator.new(id, secret, options[:auth_scheme]).apply(params)
opts = { raise_errors: options[:raise_errors], parse: params.delete(:parse) }
headers = params.delete(:headers) || {}
if options[:token_method] == :post
opts[:body] = params
opts[:headers] = { "Content-Type" => "application/x-www-form-urlencoded" }
else
opts[:params] = params
opts[:headers] = {}
end
opts[:headers].merge!(headers)
response = request(options[:token_method], token_url, opts)
# only change is on this line; Microsoft doesn't send back an access_token if you're doing a pure OpenID Connect auth
if options[:raise_errors] && !((response.parsed.is_a?(Hash) && response.parsed["access_token"]) || response.parsed["id_token"])
error = ::OAuth2::Error.new(response)
raise(error)
end
access_token_class.from_hash(self, response.parsed.merge(access_token_opts))
end
end
end
OAuth2::Client.prepend(Canvas::CoreExt::OAuth2)