Revert "bundle update oauth2"
This reverts commit 9e69dde208
.
Change-Id: I3cf8a7ebe352134a17db94f253718ae9fa97a08f
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/327804
Reviewed-by: Jacob Burroughs <jburroughs@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Build-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
This commit is contained in:
parent
9b3ece58a0
commit
c4207958fe
|
@ -77,7 +77,7 @@ gem "neighbor", "~> 0.3"
|
|||
gem "net-http", "~> 0.1", require: false
|
||||
gem "net-ldap", "~> 0.18", require: false
|
||||
gem "oauth", "~> 1.1", require: false
|
||||
gem "oauth2", "~> 2.0", require: false
|
||||
gem "oauth2", "~> 1.4", require: false
|
||||
gem "oj", "~> 3.16"
|
||||
gem "outrigger", "3.0.1"
|
||||
gem "parallel", "~> 1.23", require: false
|
||||
|
|
|
@ -744,13 +744,12 @@ GEM
|
|||
version_gem (~> 1.1)
|
||||
oauth-tty (1.0.5)
|
||||
version_gem (~> 1.1, >= 1.1.1)
|
||||
oauth2 (2.0.9)
|
||||
oauth2 (1.4.11)
|
||||
faraday (>= 0.17.3, < 3.0)
|
||||
jwt (>= 1.0, < 3.0)
|
||||
multi_json (~> 1.3)
|
||||
multi_xml (~> 0.5)
|
||||
rack (>= 1.2, < 4)
|
||||
snaky_hash (~> 2.0)
|
||||
version_gem (~> 1.1)
|
||||
oj (3.16.1)
|
||||
once-ler (2.0.1)
|
||||
activerecord (>= 6.0, < 7.1)
|
||||
|
@ -1256,7 +1255,7 @@ DEPENDENCIES
|
|||
net-http (~> 0.1)
|
||||
net-ldap (~> 0.18)
|
||||
oauth (~> 1.1)
|
||||
oauth2 (~> 2.0)
|
||||
oauth2 (~> 1.4)
|
||||
oj (~> 3.16)
|
||||
once-ler (= 2.0.1)
|
||||
outrigger (= 3.0.1)
|
||||
|
|
|
@ -73,7 +73,7 @@ class AuthenticationProvider::Apple < AuthenticationProvider::OpenIDConnect
|
|||
end
|
||||
|
||||
user = JSON.parse(params[:user]) if params[:user]
|
||||
id_token.merge!(user["name"].slice("firstName", "lastName")) if user && user["name"]
|
||||
id_token.merge!(user["name"].slice("firstName", "lastName")) if user["name"]
|
||||
id_token
|
||||
end
|
||||
|
||||
|
@ -81,6 +81,14 @@ class AuthenticationProvider::Apple < AuthenticationProvider::OpenIDConnect
|
|||
token
|
||||
end
|
||||
|
||||
def generate_authorize_url(redirect_uri, state)
|
||||
# wtf Apple https://forums.developer.apple.com/thread/122458
|
||||
# we _could_ update faraday, which has been fixed to deal with this as well,
|
||||
# but that's a long rabbit whole of other gems that would need updating and
|
||||
# have very large breaking changes, so far riskier
|
||||
super.gsub("+", "%20")
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def authorize_url
|
||||
|
|
|
@ -92,8 +92,8 @@ class AuthenticationProvider::LinkedIn < AuthenticationProvider::OAuth2
|
|||
def client_options
|
||||
{
|
||||
site: "https://api.linkedin.com",
|
||||
authorize_url: "https://www.linkedin.com/oauth/v2/authorization",
|
||||
token_url: "https://www.linkedin.com/oauth/v2/accessToken"
|
||||
authorize_url: "https://www.linkedin.com/uas/oauth2/authorization",
|
||||
token_url: "https://www.linkedin.com/uas/oauth2/accessToken"
|
||||
}
|
||||
end
|
||||
|
||||
|
@ -108,8 +108,4 @@ class AuthenticationProvider::LinkedIn < AuthenticationProvider::OAuth2
|
|||
"r_liteprofile"
|
||||
end
|
||||
end
|
||||
|
||||
def token_options
|
||||
{ client_secret: }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#
|
||||
|
||||
require "oauth2"
|
||||
require "canvas/core_ext/oauth2"
|
||||
|
||||
class AuthenticationProvider::OAuth < AuthenticationProvider::Delegated
|
||||
SENSITIVE_PARAMS = [:consumer_secret].freeze
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
#
|
||||
|
||||
require "oauth2"
|
||||
require "canvas/core_ext/oauth2"
|
||||
|
||||
class OAuthValidationError < RuntimeError
|
||||
end
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
#
|
||||
# Copyright (C) 2016 - present Instructure, Inc.
|
||||
#
|
||||
# This file is part of Canvas.
|
||||
#
|
||||
# Canvas is free software: you can redistribute it and/or modify it under
|
||||
# the terms of the GNU Affero General Public License as published by the Free
|
||||
# Software Foundation, version 3 of the License.
|
||||
#
|
||||
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
# details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License along
|
||||
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
module Canvas::CoreExt
|
||||
module OAuth2
|
||||
def get_token(params, access_token_opts = {}, access_token_class = ::OAuth2::AccessToken)
|
||||
params = ::OAuth2::Authenticator.new(id, secret, options[:auth_scheme]).apply(params)
|
||||
opts = { raise_errors: options[:raise_errors], parse: params.delete(:parse) }
|
||||
headers = params.delete(:headers) || {}
|
||||
if options[:token_method] == :post
|
||||
opts[:body] = params
|
||||
opts[:headers] = { "Content-Type" => "application/x-www-form-urlencoded" }
|
||||
else
|
||||
opts[:params] = params
|
||||
opts[:headers] = {}
|
||||
end
|
||||
opts[:headers].merge!(headers)
|
||||
response = request(options[:token_method], token_url, opts)
|
||||
# only change is on this line; Microsoft doesn't send back an access_token if you're doing a pure OpenID Connect auth
|
||||
if options[:raise_errors] && !((response.parsed.is_a?(Hash) && response.parsed["access_token"]) || response.parsed["id_token"])
|
||||
error = ::OAuth2::Error.new(response)
|
||||
raise(error)
|
||||
end
|
||||
access_token_class.from_hash(self, response.parsed.merge(access_token_opts))
|
||||
end
|
||||
end
|
||||
end
|
||||
OAuth2::Client.prepend(Canvas::CoreExt::OAuth2)
|
Loading…
Reference in New Issue