From 7ec7b9bb40e81e36c983a91423ef439e302895b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jun 2023 11:01:38 +0100 Subject: [PATCH 01/26] chore(deps-dev): bump rubocop from 1.52.1 to 1.53.0 (#487) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index fff35ec3..a228962d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -86,6 +86,7 @@ GEM reline (>= 0.3.0) json (2.6.3) jwt (2.7.1) + language_server-protocol (3.17.0.3) listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) @@ -167,8 +168,9 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.0) - rubocop (1.52.1) + rubocop (1.53.0) json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) parser (>= 3.2.2.3) rainbow (>= 2.2.2, < 4.0) From 222c3c8a0c2709564fa0665ae762c2f9446fbff5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 10:30:23 +0100 Subject: [PATCH 02/26] chore(deps-dev): bump rubocop from 1.53.0 to 1.53.1 (#488) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index a228962d..ab628192 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -168,7 +168,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.0) - rubocop (1.53.0) + rubocop (1.53.1) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) From 1ec60cda889cafc4527a90a200b56259a81e4ae2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 10:53:06 +0100 Subject: [PATCH 03/26] chore(deps-dev): bump vcr from 6.1.0 to 6.2.0 (#489) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index ab628192..260fd00e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -210,7 +210,7 @@ GEM unf_ext unf_ext (0.0.8.2) unicode-display_width (2.4.2) - vcr (6.1.0) + vcr (6.2.0) webmock (3.18.1) addressable (>= 2.8.0) crack (>= 0.3.2) From 1263bcf5cd1de231b72595891aab424c4bf2236c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:54:10 +0100 Subject: [PATCH 04/26] chore(deps): bump actionpack from 7.0.4.3 to 7.0.5.1 (#490) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 260fd00e..22b909d6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,20 +11,20 @@ PATH GEM remote: https://rubygems.org/ specs: - actionpack (7.0.4.3) - actionview (= 7.0.4.3) - activesupport (= 7.0.4.3) - rack (~> 2.0, >= 2.2.0) + actionpack (7.0.5.1) + actionview (= 7.0.5.1) + activesupport (= 7.0.5.1) + rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (7.0.4.3) - activesupport (= 7.0.4.3) + actionview (7.0.5.1) + activesupport (= 7.0.5.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activesupport (7.0.4.3) + activesupport (7.0.5.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -90,9 +90,9 @@ GEM listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.20.0) + loofah (2.21.3) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) lumberjack (1.2.8) method_source (1.0.0) mime-types (3.4.1) @@ -102,13 +102,13 @@ GEM multi_json (1.15.0) nenv (0.3.0) netrc (0.11.0) - nokogiri (1.14.3-aarch64-linux) + nokogiri (1.15.2-aarch64-linux) racc (~> 1.4) - nokogiri (1.14.3-arm64-darwin) + nokogiri (1.15.2-arm64-darwin) racc (~> 1.4) - nokogiri (1.14.3-x86_64-darwin) + nokogiri (1.15.2-x86_64-darwin) racc (~> 1.4) - nokogiri (1.14.3-x86_64-linux) + nokogiri (1.15.2-x86_64-linux) racc (~> 1.4) notiffany (0.1.3) nenv (~> 0.1) @@ -131,11 +131,12 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.5.0) - loofah (~> 2.19, >= 2.19.1) - railties (7.0.4.3) - actionpack (= 7.0.4.3) - activesupport (= 7.0.4.3) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + railties (7.0.5.1) + actionpack (= 7.0.5.1) + activesupport (= 7.0.5.1) method_source rake (>= 12.2) thor (~> 1.0) From 328602aadc1d5eb96782f6061861e27063162b10 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Jul 2023 11:02:19 +0100 Subject: [PATCH 05/26] chore(deps-dev): bump rubocop from 1.53.1 to 1.54.1 (#493) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 22b909d6..dd50721b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -169,7 +169,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.0) - rubocop (1.53.1) + rubocop (1.54.1) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) From 6efdda632020c4c0165fce1e41d039b00ba37f0f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Jul 2023 11:11:37 +0100 Subject: [PATCH 06/26] chore(deps-dev): bump irb from 1.7.0 to 1.7.1 (#491) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index dd50721b..82e98bbe 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -82,7 +82,7 @@ GEM i18n (1.14.1) concurrent-ruby (~> 1.0) io-console (0.6.0) - irb (1.7.0) + irb (1.7.1) reline (>= 0.3.0) json (2.6.3) jwt (2.7.1) From 948c1f3f0ce32d6b50e58073eb89f557dcc6c07a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Jul 2023 08:55:31 +0100 Subject: [PATCH 07/26] chore(deps-dev): bump irb from 1.7.1 to 1.7.2 (#494) --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 82e98bbe..54768d76 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -82,8 +82,8 @@ GEM i18n (1.14.1) concurrent-ruby (~> 1.0) io-console (0.6.0) - irb (1.7.1) - reline (>= 0.3.0) + irb (1.7.2) + reline (>= 0.3.6) json (2.6.3) jwt (2.7.1) language_server-protocol (3.17.0.3) @@ -147,7 +147,7 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) regexp_parser (2.8.1) - reline (0.3.5) + reline (0.3.6) io-console (~> 0.5) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) From 438e1b70b5b0df5afa4cb3fd7c1aee7261c09a63 Mon Sep 17 00:00:00 2001 From: Steve Hobbs Date: Thu, 13 Jul 2023 10:19:06 +0100 Subject: [PATCH 08/26] [SDK-4386] Support Organization Name in Authorize (#495) --- .devcontainer/Dockerfile | 2 +- EXAMPLES.md | 18 ++--- Gemfile.lock | 2 +- auth0.gemspec | 2 +- lib/auth0/mixins/validation.rb | 25 +++++-- spec/lib/auth0/mixins/validation_spec.rb | 86 +++++++++++++++++++----- 6 files changed, 100 insertions(+), 35 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 2b08ca51..18c1b425 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,7 +1,7 @@ # See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/ruby/.devcontainer/base.Dockerfile # [Choice] Ruby version (use -bullseye variants on local arm64/Apple Silicon): 3, 3.1, 3.0, 2, 2.7, 3-bullseye, 3.1-bullseye, 3.0-bullseye, 2-bullseye, 2.7-bullseye, 3-buster, 3.1-buster, 3.0-buster, 2-buster, 2.7-buster -ARG VARIANT="3.1-bullseye" +ARG VARIANT="3.2-bullseye" FROM mcr.microsoft.com/vscode/devcontainers/ruby:0-${VARIANT} # [Choice] Node.js version: none, lts/*, 16, 14, 12, 10 diff --git a/EXAMPLES.md b/EXAMPLES.md index 73732b33..4ed0d060 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -85,7 +85,7 @@ Note that Organizations is currently only available to customers on our Enterpri ### Logging in with an Organization -Configure the Authentication API client and pass your Organization ID to the authorize url: +Configure the Authentication API client and pass your Organization ID or name to the authorize url: ```ruby require 'auth0' @@ -94,7 +94,7 @@ require 'auth0' client_id: '{YOUR_APPLICATION_CLIENT_ID}', client_secret: '{YOUR_APPLICATION_CLIENT_SECRET}', domain: '{YOUR_TENANT}.auth0.com', - organization: "{YOUR_ORGANIZATION_ID}" + organization: "{YOUR_ORGANIZATION_ID_OR_NAME}" ) universal_login_url = @auth0_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}") @@ -113,7 +113,7 @@ require 'auth0' client_id: '{YOUR_APPLICATION_CLIENT_ID}', client_secret: '{YOUR_APPLICATION_CLIENT_ID}', domain: '{YOUR_TENANT}.auth0.com', - organization: "{YOUR_ORGANIZATION_ID}" + organization: "{YOUR_ORGANIZATION_ID_OR_NAME}" ) universal_login_url = @auth0_client.authorization_url("https://{YOUR_APPLICATION_CALLBACK_URL}", { @@ -148,7 +148,7 @@ The method takes the following optional keyword parameters: | `max_age` | Integer | The `max_age` value you sent in the call to `/authorize`, if any. | `nil` | | `issuer` | String | By default the `iss` claim will be checked against the URL of your **Auth0 Domain**. Use this parameter to override that. | `nil` | | `audience` | String | By default the `aud` claim will be compared to your **Auth0 Client ID**. Use this parameter to override that. | `nil` | -| `organization` | String | By default the `org_id` claim will be compared to your **Organization ID**. Use this parameter to override that. | `nil` | +| `organization` | String | By default the `org_id` or `org_name` claims will be compared to the `organization` value specified at client creation. Use this parameter to override that. | `nil` | You can check the signing algorithm value under **Advanced Settings > OAuth > JsonWebToken Signature Algorithm** in your Auth0 application settings panel. [We recommend](https://auth0.com/docs/tokens/concepts/signing-algorithms#our-recommendation) that you make use of asymmetric signing algorithms like `RS256` instead of symmetric ones like `HS256`. @@ -170,15 +170,17 @@ rescue Auth0::InvalidIdToken => e end ``` -### Organization ID Token Validation +### Organization claim validation -If an org_id claim is present in the Access Token, then the claim should be validated by the API to ensure that the value received is expected or known. +If an `org_id` or `org_name` claim is present in the access token, then the claim should be validated by the API to ensure that the value received is expected or known. In particular: - The issuer (iss) claim should be checked to ensure the token was issued by Auth0 -- the org_id claim should be checked to ensure it is a value that is already known to the application. This could be validated against a known list of organization IDs, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the Access Token. +- the `org_id` or `org_name` claim should be checked to ensure it is a value that is already known to the application. Which claim you check depends on the organization value being validated: if it starts with `org_`, validate against the `org_id` claim. Otherwise, validate against `org_name`. Further, `org_name` validation should be done using a **case-insensitive** check, whereas `org_id` should be an exact case-sensitive match. + +This could be validated against a known list of organization IDs or names, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the Access Token. Normally, validating the issuer would be enough to ensure that the token was issued by Auth0. In the case of organizations, additional checks should be made so that the organization within an Auth0 tenant is expected. @@ -186,7 +188,7 @@ If the claim cannot be validated, then the application should deem the token inv ```ruby begin - @auth0_client.validate_id_token 'YOUR_ID_TOKEN', organization: '{Expected org_id}' + @auth0_client.validate_id_token 'YOUR_ID_TOKEN', organization: '{Expected org_id or org_name}' rescue Auth0::InvalidIdToken => e # In this case the ID Token contents should not be trusted end diff --git a/Gemfile.lock b/Gemfile.lock index 54768d76..9a1f2a41 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -3,7 +3,7 @@ PATH specs: auth0 (5.13.0) addressable (~> 2.8) - jwt (~> 2.5) + jwt (~> 2.7) rest-client (~> 2.1) retryable (~> 3.0) zache (~> 0.12) diff --git a/auth0.gemspec b/auth0.gemspec index 1b7f93da..d1f1e6ab 100644 --- a/auth0.gemspec +++ b/auth0.gemspec @@ -17,7 +17,7 @@ Gem::Specification.new do |s| s.require_paths = ['lib'] s.add_runtime_dependency 'rest-client', '~> 2.1' - s.add_runtime_dependency 'jwt', '~> 2.5' + s.add_runtime_dependency 'jwt', '~> 2.7' s.add_runtime_dependency 'zache', '~> 0.12' s.add_runtime_dependency 'addressable', '~> 2.8' s.add_runtime_dependency 'retryable', '~> 3.0' diff --git a/lib/auth0/mixins/validation.rb b/lib/auth0/mixins/validation.rb index 2bd895f4..8690abc9 100644 --- a/lib/auth0/mixins/validation.rb +++ b/lib/auth0/mixins/validation.rb @@ -188,13 +188,26 @@ def validate_nonce(claims, expected) end def validate_org(claims, expected) - unless claims.key?('org_id') && claims['org_id'].is_a?(String) - raise Auth0::InvalidIdToken, 'Organization Id (org_id) claim must be a string present in the ID token' - end + validate_as_id = expected.start_with? 'org_' + + if validate_as_id + unless claims.key?('org_id') && claims['org_id'].is_a?(String) + raise Auth0::InvalidIdToken, 'Organization Id (org_id) claim must be a string present in the ID token' + end - unless expected == claims['org_id'] - raise Auth0::InvalidIdToken, "Organization Id (org_id) claim value mismatch in the ID token; expected \"#{expected}\","\ - " found \"#{claims['org_id']}\"" + unless expected == claims['org_id'] + raise Auth0::InvalidIdToken, "Organization Id (org_id) claim value mismatch in the ID token; expected \"#{expected}\","\ + " found \"#{claims['org_id']}\"" + end + else + unless claims.key?('org_name') && claims['org_name'].is_a?(String) + raise Auth0::InvalidIdToken, 'Organization Name (org_name) claim must be a string present in the ID token' + end + + unless expected.downcase == claims['org_name'].downcase + raise Auth0::InvalidIdToken, "Organization Name (org_name) claim value mismatch in the ID token; expected \"#{expected}\","\ + " found \"#{claims['org_name']}\"" + end end end diff --git a/spec/lib/auth0/mixins/validation_spec.rb b/spec/lib/auth0/mixins/validation_spec.rb index 56dea958..08094974 100644 --- a/spec/lib/auth0/mixins/validation_spec.rb +++ b/spec/lib/auth0/mixins/validation_spec.rb @@ -1,5 +1,6 @@ # rubocop:disable Metrics/BlockLength require 'spec_helper' +require 'jwt' RSA_PUB_KEY_JWK_1 = { 'kty': "RSA", 'use': 'sig', 'n': "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-spi5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902v9w-Iplu1WyoB2aPfitxEhRN0Yw", 'e': 'AQAB', 'kid': 'test-key-1' }.freeze RSA_PUB_KEY_JWK_2 = { 'kty': "RSA", 'use': 'sig', 'n': "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-spi5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902v9w-Iplu1WyoB2aPfitxEhRN0Yw", 'e': 'AQAB', 'kid': 'test-key-2' }.freeze @@ -13,8 +14,14 @@ CLOCK = 1587592561 # Apr 22 2020 21:56:01 UTC CONTEXT = { algorithm: Auth0::Algorithm::HS256.secret(HMAC_SHARED_SECRET), leeway: LEEWAY, audience: 'tokens-test-123', issuer: 'https://tokens-test.auth0.com/', clock: CLOCK }.freeze +def build_id_token(payload = {}) + default_payload = { iss: CONTEXT[:issuer], sub: 'user123', aud: CONTEXT[:audience], exp: CLOCK, iat: CLOCK } + JWT.encode(default_payload.merge(payload), HMAC_SHARED_SECRET, 'HS256') +end + describe Auth0::Mixins::Validation::IdTokenValidator do subject { @instance } + let (:minimal_id_token) { build_id_token } context 'instance' do it 'is expected respond to :validate' do @@ -285,30 +292,73 @@ expect { instance.validate(token) }.to raise_exception("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time \"#{clock}\" is after last auth at \"#{auth_time}\"") end - it 'is expected not to raise an error when org_id exsist in the token, but not required' do - token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I' - expect { @instance.validate(token) }.not_to raise_exception - end + context 'Organization claims validation' do + it 'is expected not to raise an error when org_id exsist in the token, but not required' do + token = build_id_token org_id: 'org_123' + expect { @instance.validate(token) }.not_to raise_exception + end - it 'is expected to raise an error with a missing but required organization' do - token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE4MTg1LCJpYXQiOjE2MTY0NDUzODUsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTc4NX0.UMo5pmgceXO9lIKzbk7X0ZhE5DOe0IP2LfMKdUj03zQ' - instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'a1b2c3d4e5' })) + it 'is expected not to raise an error when org_name exists in the token, but not required' do + token = build_id_token org_name: 'my-organization' + expect { @instance.validate(token) }.not_to raise_exception + end - expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim must be a string present in the ID token') - end + it 'is expected to raise an error with a missing but required organization ID' do + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'org_1234' })) + expect { instance.validate(minimal_id_token) }.to raise_exception('Organization Id (org_id) claim must be a string present in the ID token') + end - it 'is expected to raise an error with an invalid organization' do - token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I' - instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'a1b2c3d4e5' })) + it 'is expected to raise an error with a missing but required organization name' do + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' })) + expect { instance.validate(minimal_id_token) }.to raise_exception('Organization Name (org_name) claim must be a string present in the ID token') + end - expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim value mismatch in the ID token; expected "a1b2c3d4e5", found "testOrg"') - end + it 'is expected to raise an error with an invalid organization ID' do + token = build_id_token org_id: 'org_1234' + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'org_5678' })) + + expect { instance.validate(token) }.to raise_exception('Organization Id (org_id) claim value mismatch in the ID token; expected "org_5678", found "org_1234"') + end + + it 'is expected to raise an error with an invalid organization name' do + token = build_id_token org_name: 'another-organization' + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' })) + + expect { instance.validate(token) }.to raise_exception('Organization Name (org_name) claim value mismatch in the ID token; expected "my-organization", found "another-organization"') + end + + it 'is expected to NOT raise an error with a valid organization ID' do + token = build_id_token org_id: 'org_1234' + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'org_1234' })) + + expect { instance.validate(token) }.not_to raise_exception + end + + it 'is expected to NOT raise an error with a valid organization name' do + token = build_id_token org_name: 'my-organization' + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' })) + + expect { instance.validate(token) }.not_to raise_exception + end + + it 'is expected to NOT raise an error with organization name in different casing' do + token = build_id_token org_name: 'MY-ORGANIZATION' + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' })) + + expect { instance.validate(token) }.not_to raise_exception + end - it 'is expected to NOT raise an error with a valid organization' do - token = 'eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3Rva2Vucy10ZXN0LmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHwxMjM0NTY3ODkiLCJhdWQiOlsidG9rZW5zLXRlc3QtMTIzIiwiZXh0ZXJuYWwtdGVzdC05OTkiXSwiZXhwIjoxNjE2NjE3ODgxLCJpYXQiOjE2MTY0NDUwODEsIm5vbmNlIjoiYTFiMmMzZDRlNSIsImF6cCI6InRva2Vucy10ZXN0LTEyMyIsImF1dGhfdGltZSI6MTYxNjUzMTQ4MSwib3JnX2lkIjoidGVzdE9yZyJ9.AOafUKUNgaxUXpSRYFCeJERcwrQZ4q2NZlutwGXnh9I' - instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'testOrg' })) + it 'validates org_id when both claims are present in the token' do + token = build_id_token org_name: 'my-organization', org_id: 'org_1234' + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'org_1234' })) + expect { instance.validate(token) }.not_to raise_exception + end - expect { instance.validate(token) }.not_to raise_exception + it 'validates org_name when both claims are present in the token' do + token = build_id_token org_name: 'my-organization', org_id: 'org_1234' + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' })) + expect { instance.validate(token) }.not_to raise_exception + end end end end From f23db58167c6ce822da82e98e585c0d94895a77c Mon Sep 17 00:00:00 2001 From: Steve Hobbs Date: Thu, 13 Jul 2023 10:41:49 +0100 Subject: [PATCH 09/26] Release v5.14.0 (#496) --- CHANGELOG.md | 6 ++++++ Gemfile.lock | 45 ++++++++++++++++++++++---------------------- lib/auth0/version.rb | 2 +- 3 files changed, 30 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1cce24e4..7babf211 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change Log +## [v5.14.0](https://github.com/auth0/ruby-auth0/tree/v5.14.0) (2023-07-13) +[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.13.0...v5.14.0) + +**Added** +- [SDK-4386] Support Organization Name in Authorize [\#495](https://github.com/auth0/ruby-auth0/pull/495) ([stevehobbsdev](https://github.com/stevehobbsdev)) + ## [v5.13.0](https://github.com/auth0/ruby-auth0/tree/v5.13.0) (2023-04-24) [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.12.0...v5.13.0) diff --git a/Gemfile.lock b/Gemfile.lock index 9a1f2a41..d0ee57b3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - auth0 (5.13.0) + auth0 (5.14.0) addressable (~> 2.8) jwt (~> 2.7) rest-client (~> 2.1) @@ -11,20 +11,20 @@ PATH GEM remote: https://rubygems.org/ specs: - actionpack (7.0.5.1) - actionview (= 7.0.5.1) - activesupport (= 7.0.5.1) + actionpack (7.0.6) + actionview (= 7.0.6) + activesupport (= 7.0.6) rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (7.0.5.1) - activesupport (= 7.0.5.1) + actionview (7.0.6) + activesupport (= 7.0.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activesupport (7.0.5.1) + activesupport (7.0.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -82,7 +82,7 @@ GEM i18n (1.14.1) concurrent-ruby (~> 1.0) io-console (0.6.0) - irb (1.7.2) + irb (1.7.3) reline (>= 0.3.6) json (2.6.3) jwt (2.7.1) @@ -102,13 +102,13 @@ GEM multi_json (1.15.0) nenv (0.3.0) netrc (0.11.0) - nokogiri (1.15.2-aarch64-linux) + nokogiri (1.15.3-aarch64-linux) racc (~> 1.4) - nokogiri (1.15.2-arm64-darwin) + nokogiri (1.15.3-arm64-darwin) racc (~> 1.4) - nokogiri (1.15.2-x86_64-darwin) + nokogiri (1.15.3-x86_64-darwin) racc (~> 1.4) - nokogiri (1.15.2-x86_64-linux) + nokogiri (1.15.3-x86_64-linux) racc (~> 1.4) notiffany (0.1.3) nenv (~> 0.1) @@ -123,20 +123,21 @@ GEM pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) - public_suffix (5.0.1) + public_suffix (5.0.3) racc (1.7.1) rack (2.2.7) rack-test (0.8.3) rack (>= 1.0, < 3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.1.1) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.0.5.1) - actionpack (= 7.0.5.1) - activesupport (= 7.0.5.1) + railties (7.0.6) + actionpack (= 7.0.6) + activesupport (= 7.0.6) method_source rake (>= 12.2) thor (~> 1.0) @@ -165,10 +166,10 @@ GEM rspec-expectations (3.12.3) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) - rspec-mocks (3.12.5) + rspec-mocks (3.12.6) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) - rspec-support (3.12.0) + rspec-support (3.12.1) rubocop (1.54.1) json (~> 2.3) language_server-protocol (>= 3.17.0) @@ -201,7 +202,7 @@ GEM term-ansicolor (1.7.1) tins (~> 1.0) terminal-notifier-guard (1.7.0) - thor (1.2.1) + thor (1.2.2) timecop (0.9.6) tins (1.32.1) sync @@ -217,7 +218,7 @@ GEM crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) zache (0.13.0) - zeitwerk (2.6.7) + zeitwerk (2.6.8) PLATFORMS aarch64-linux diff --git a/lib/auth0/version.rb b/lib/auth0/version.rb index e46ed870..bded92cc 100644 --- a/lib/auth0/version.rb +++ b/lib/auth0/version.rb @@ -1,4 +1,4 @@ # current version of gem module Auth0 - VERSION = '5.13.0'.freeze + VERSION = '5.14.0'.freeze end From e998b947f6b52a7a29f0b9c7f6a5e00d3b41c3e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Jul 2023 12:37:23 +0100 Subject: [PATCH 10/26] chore(deps-dev): bump rubocop from 1.54.1 to 1.54.2 (#497) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index d0ee57b3..dff77a80 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -170,7 +170,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.1) - rubocop (1.54.1) + rubocop (1.54.2) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) From 507462f3a5c50268743bb002754eaccffb6dbace Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 01:04:10 -0500 Subject: [PATCH 11/26] chore(deps-dev): bump irb from 1.7.3 to 1.7.4 (#498) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index dff77a80..b1037424 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -82,7 +82,7 @@ GEM i18n (1.14.1) concurrent-ruby (~> 1.0) io-console (0.6.0) - irb (1.7.3) + irb (1.7.4) reline (>= 0.3.6) json (2.6.3) jwt (2.7.1) From 871ce9ca274c6d9a7985560a07af34fe763acd06 Mon Sep 17 00:00:00 2001 From: Steve Hobbs Date: Wed, 19 Jul 2023 09:15:57 +0100 Subject: [PATCH 12/26] chore: should not lowercase org_name claim (#499) --- EXAMPLES.md | 2 +- lib/auth0/mixins/validation.rb | 2 +- spec/lib/auth0/mixins/validation_spec.rb | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/EXAMPLES.md b/EXAMPLES.md index 4ed0d060..fe5f2fd9 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -178,7 +178,7 @@ In particular: - The issuer (iss) claim should be checked to ensure the token was issued by Auth0 -- the `org_id` or `org_name` claim should be checked to ensure it is a value that is already known to the application. Which claim you check depends on the organization value being validated: if it starts with `org_`, validate against the `org_id` claim. Otherwise, validate against `org_name`. Further, `org_name` validation should be done using a **case-insensitive** check, whereas `org_id` should be an exact case-sensitive match. +- the `org_id` or `org_name` claim should be checked to ensure it is a value that is already known to the application. Which claim you check depends on the organization value being validated: if it starts with `org_`, validate against the `org_id` claim. Otherwise, validate against `org_name`. Further, the value of the `org_name` claim will always be lowercase. To aid the developer experience, you may also lowercase the input organization name when checking against the `org_name`, but do not modify the `org_name` claim value. This could be validated against a known list of organization IDs or names, or perhaps checked in conjunction with the current request URL. e.g. the sub-domain may hint at what organization should be used to validate the Access Token. diff --git a/lib/auth0/mixins/validation.rb b/lib/auth0/mixins/validation.rb index 8690abc9..f2596668 100644 --- a/lib/auth0/mixins/validation.rb +++ b/lib/auth0/mixins/validation.rb @@ -204,7 +204,7 @@ def validate_org(claims, expected) raise Auth0::InvalidIdToken, 'Organization Name (org_name) claim must be a string present in the ID token' end - unless expected.downcase == claims['org_name'].downcase + unless expected.downcase == claims['org_name'] raise Auth0::InvalidIdToken, "Organization Name (org_name) claim value mismatch in the ID token; expected \"#{expected}\","\ " found \"#{claims['org_name']}\"" end diff --git a/spec/lib/auth0/mixins/validation_spec.rb b/spec/lib/auth0/mixins/validation_spec.rb index 08094974..5d31a5a5 100644 --- a/spec/lib/auth0/mixins/validation_spec.rb +++ b/spec/lib/auth0/mixins/validation_spec.rb @@ -342,8 +342,8 @@ def build_id_token(payload = {}) end it 'is expected to NOT raise an error with organization name in different casing' do - token = build_id_token org_name: 'MY-ORGANIZATION' - instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'my-organization' })) + token = build_id_token org_name: 'my-organization' + instance = Auth0::Mixins::Validation::IdTokenValidator.new(CONTEXT.merge({ organization: 'MY-ORGANIZATION' })) expect { instance.validate(token) }.not_to raise_exception end From 37f00a6866094c827c6429dada2488d0c03add30 Mon Sep 17 00:00:00 2001 From: Steve Hobbs Date: Wed, 19 Jul 2023 10:39:51 +0100 Subject: [PATCH 13/26] Release v5.14.1 (#501) --- CHANGELOG.md | 6 ++++++ Gemfile.lock | 4 ++-- lib/auth0/version.rb | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7babf211..fe9112d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change Log +## [v5.14.1](https://github.com/auth0/ruby-auth0/tree/v5.14.1) (2023-07-19) +[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.14.0...v5.14.1) + +**Fixed** +- chore: should not lowercase org_name claim [\#499](https://github.com/auth0/ruby-auth0/pull/499) ([stevehobbsdev](https://github.com/stevehobbsdev)) + ## [v5.14.0](https://github.com/auth0/ruby-auth0/tree/v5.14.0) (2023-07-13) [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.13.0...v5.14.0) diff --git a/Gemfile.lock b/Gemfile.lock index b1037424..9498808e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - auth0 (5.14.0) + auth0 (5.14.1) addressable (~> 2.8) jwt (~> 2.7) rest-client (~> 2.1) @@ -93,7 +93,7 @@ GEM loofah (2.21.3) crass (~> 1.0.2) nokogiri (>= 1.12.0) - lumberjack (1.2.8) + lumberjack (1.2.9) method_source (1.0.0) mime-types (3.4.1) mime-types-data (~> 3.2015) diff --git a/lib/auth0/version.rb b/lib/auth0/version.rb index bded92cc..38f8f95b 100644 --- a/lib/auth0/version.rb +++ b/lib/auth0/version.rb @@ -1,4 +1,4 @@ # current version of gem module Auth0 - VERSION = '5.14.0'.freeze + VERSION = '5.14.1'.freeze end From b212c912014937aafebf1043d3e15c38532ee273 Mon Sep 17 00:00:00 2001 From: Steve Hobbs Date: Mon, 14 Aug 2023 13:52:22 +0100 Subject: [PATCH 14/26] chore: stop removing Gemfile.lock on build (#506) --- .circleci/config.yml | 1 - Gemfile.lock | 24 +++++++++--------------- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9c867ea9..9e90030b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -31,7 +31,6 @@ jobs: steps: - checkout - run: gem install bundler:2.3.22 - - run: rm Gemfile.lock - restore_cache: key: gems-v2-{{ checksum "Gemfile.lock" }} - run: bundle check --path=vendor/bundle || bundle install --path=vendor/bundle diff --git a/Gemfile.lock b/Gemfile.lock index 9498808e..0df44ae7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -29,7 +29,7 @@ GEM i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - addressable (2.8.4) + addressable (2.8.5) public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) builder (3.2.4) @@ -98,16 +98,12 @@ GEM mime-types (3.4.1) mime-types-data (~> 3.2015) mime-types-data (3.2023.0218.1) - minitest (5.18.1) + minitest (5.19.0) multi_json (1.15.0) nenv (0.3.0) netrc (0.11.0) - nokogiri (1.15.3-aarch64-linux) - racc (~> 1.4) nokogiri (1.15.3-arm64-darwin) racc (~> 1.4) - nokogiri (1.15.3-x86_64-darwin) - racc (~> 1.4) nokogiri (1.15.3-x86_64-linux) racc (~> 1.4) notiffany (0.1.3) @@ -125,7 +121,7 @@ GEM method_source (~> 1.0) public_suffix (5.0.3) racc (1.7.1) - rack (2.2.7) + rack (2.2.8) rack-test (0.8.3) rack (>= 1.0, < 3) rails-dom-testing (2.1.1) @@ -148,7 +144,7 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) regexp_parser (2.8.1) - reline (0.3.6) + reline (0.3.7) io-console (~> 0.5) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) @@ -156,7 +152,7 @@ GEM mime-types (>= 1.16, < 4.0) netrc (~> 0.8) retryable (3.0.5) - rexml (3.2.5) + rexml (3.2.6) rspec (3.12.0) rspec-core (~> 3.12.0) rspec-expectations (~> 3.12.0) @@ -170,7 +166,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.1) - rubocop (1.54.2) + rubocop (1.55.1) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) @@ -178,7 +174,7 @@ GEM rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.28.0, < 2.0) + rubocop-ast (>= 1.28.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) rubocop-ast (1.29.0) @@ -217,13 +213,11 @@ GEM addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - zache (0.13.0) - zeitwerk (2.6.8) + zache (0.13.1) + zeitwerk (2.6.11) PLATFORMS - aarch64-linux arm64-darwin-21 - x86_64-darwin-21 x86_64-linux DEPENDENCIES From 38e83d919533c643e1cdf027fdd04dc91e17b436 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:02:22 +0100 Subject: [PATCH 15/26] chore(deps-dev): bump timecop from 0.9.6 to 0.9.7 (#510) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0df44ae7..2b65ba06 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -199,7 +199,7 @@ GEM tins (~> 1.0) terminal-notifier-guard (1.7.0) thor (1.2.2) - timecop (0.9.6) + timecop (0.9.7) tins (1.32.1) sync tzinfo (2.0.6) From c440e630e34b9daa36caf0505a1b08cdb10a4d89 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:16:54 +0100 Subject: [PATCH 16/26] chore(deps-dev): bump rubocop from 1.54.2 to 1.56.0 (#508) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2b65ba06..c18ed8d8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -32,6 +32,7 @@ GEM addressable (2.8.5) public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) + base64 (0.1.1) builder (3.2.4) coderay (1.1.3) concurrent-ruby (1.2.2) @@ -166,7 +167,8 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.1) - rubocop (1.55.1) + rubocop (1.56.0) + base64 (~> 0.1.1) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) From addff69fbd75a5240464db5e35980348eaa5ca65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:22:57 +0100 Subject: [PATCH 17/26] chore(deps-dev): bump rack from 2.2.7 to 2.2.8 (#503) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Steve Hobbs From 6d84bf9fc87dd01eb8dff9abbaccc335fd32d702 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Aug 2023 11:31:02 +0100 Subject: [PATCH 18/26] chore(deps-dev): bump timecop from 0.9.7 to 0.9.8 (#511) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index c18ed8d8..78c04551 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -201,7 +201,7 @@ GEM tins (~> 1.0) terminal-notifier-guard (1.7.0) thor (1.2.2) - timecop (0.9.7) + timecop (0.9.8) tins (1.32.1) sync tzinfo (2.0.6) From 72d4ef69edfe022f4951790f03369028b9cf5961 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 20 Aug 2023 22:02:18 +0100 Subject: [PATCH 19/26] chore(deps): bump puma from 5.6.5 to 5.6.7 in /examples/ruby-api (#512) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- examples/ruby-api/Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/ruby-api/Gemfile.lock b/examples/ruby-api/Gemfile.lock index 801755a2..8569ce58 100644 --- a/examples/ruby-api/Gemfile.lock +++ b/examples/ruby-api/Gemfile.lock @@ -5,8 +5,8 @@ GEM jwt (2.5.0) mustermann (2.0.2) ruby2_keywords (~> 0.0.1) - nio4r (2.5.8) - puma (5.6.5) + nio4r (2.5.9) + puma (5.6.7) nio4r (~> 2.0) rack (2.2.6.4) rack-protection (2.2.3) From 662d351b0d60a9b4544c4b0a293ed857b922b563 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Aug 2023 09:05:12 +0100 Subject: [PATCH 20/26] chore(deps-dev): bump rubocop from 1.56.0 to 1.56.1 (#513) --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 78c04551..a1c18340 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -167,7 +167,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.1) - rubocop (1.56.0) + rubocop (1.56.1) base64 (~> 0.1.1) json (~> 2.3) language_server-protocol (>= 3.17.0) From 6688733285297e99614d4846f4e2b8a87c96dea8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Aug 2023 12:56:54 +0100 Subject: [PATCH 21/26] chore(deps-dev): bump activesupport from 7.0.6 to 7.0.7.2 (#514) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a1c18340..0aef8bb0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,20 +11,20 @@ PATH GEM remote: https://rubygems.org/ specs: - actionpack (7.0.6) - actionview (= 7.0.6) - activesupport (= 7.0.6) + actionpack (7.0.7.2) + actionview (= 7.0.7.2) + activesupport (= 7.0.7.2) rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (7.0.6) - activesupport (= 7.0.6) + actionview (7.0.7.2) + activesupport (= 7.0.7.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activesupport (7.0.6) + activesupport (7.0.7.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -132,9 +132,9 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.0.6) - actionpack (= 7.0.6) - activesupport (= 7.0.6) + railties (7.0.7.2) + actionpack (= 7.0.7.2) + activesupport (= 7.0.7.2) method_source rake (>= 12.2) thor (~> 1.0) From ae48eaf921c7bb0de51ad4ef759edf9a4db78d75 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Aug 2023 08:40:00 +0100 Subject: [PATCH 22/26] chore(deps-dev): bump webmock from 3.18.1 to 3.19.0 (#515) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0aef8bb0..51579770 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -211,7 +211,7 @@ GEM unf_ext (0.0.8.2) unicode-display_width (2.4.2) vcr (6.2.0) - webmock (3.18.1) + webmock (3.19.0) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) From a1f9a96e5bc72a5991e3aa58d667b763ff146fd2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Aug 2023 11:29:49 +0100 Subject: [PATCH 23/26] chore(deps-dev): bump rubocop from 1.56.1 to 1.56.2 (#516) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 51579770..607d424c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -167,7 +167,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.1) - rubocop (1.56.1) + rubocop (1.56.2) base64 (~> 0.1.1) json (~> 2.3) language_server-protocol (>= 3.17.0) From e765ec038b01c91ef7efaf5cd575f84162e16824 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Aug 2023 11:32:36 +0100 Subject: [PATCH 24/26] chore(deps-dev): bump webmock from 3.19.0 to 3.19.1 (#517) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Rita Zerrizuela --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 607d424c..7a6bcf8a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -211,7 +211,7 @@ GEM unf_ext (0.0.8.2) unicode-display_width (2.4.2) vcr (6.2.0) - webmock (3.19.0) + webmock (3.19.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) From cf6636ac2d51862510a0de7071fc658edec90658 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 09:26:55 +0100 Subject: [PATCH 25/26] chore(deps-dev): bump irb from 1.7.4 to 1.8.0 (#518) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7a6bcf8a..9a15f07d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -83,7 +83,8 @@ GEM i18n (1.14.1) concurrent-ruby (~> 1.0) io-console (0.6.0) - irb (1.7.4) + irb (1.8.0) + rdoc (~> 6.5) reline (>= 0.3.6) json (2.6.3) jwt (2.7.1) @@ -120,6 +121,8 @@ GEM pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) + psych (5.1.0) + stringio public_suffix (5.0.3) racc (1.7.1) rack (2.2.8) @@ -144,8 +147,10 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) + rdoc (6.5.0) + psych (>= 4.0.0) regexp_parser (2.8.1) - reline (0.3.7) + reline (0.3.8) io-console (~> 0.5) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) @@ -196,6 +201,7 @@ GEM simplecov (~> 0.19) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) + stringio (3.0.8) sync (0.5.0) term-ansicolor (1.7.1) tins (~> 1.0) From 96c43e9699415e1b26ce6219ba3f4ee626eff7d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Sep 2023 10:28:02 +0100 Subject: [PATCH 26/26] chore(deps-dev): bump irb from 1.8.0 to 1.8.1 (#519) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 9a15f07d..24868844 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -83,9 +83,9 @@ GEM i18n (1.14.1) concurrent-ruby (~> 1.0) io-console (0.6.0) - irb (1.8.0) - rdoc (~> 6.5) - reline (>= 0.3.6) + irb (1.8.1) + rdoc + reline (>= 0.3.8) json (2.6.3) jwt (2.7.1) language_server-protocol (3.17.0.3)