Commit 594bcf37 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'sh-bump-omniauth-google-gem' into 'master'

Upgrade Omniauth and JWT gems to switch away from Google+ API

Closes #55668

See merge request gitlab-org/gitlab-ce!24068
parents eab7e3c8 c6d7130f
...@@ -34,7 +34,7 @@ gem 'omniauth-cas3', '~> 1.1.4' ...@@ -34,7 +34,7 @@ gem 'omniauth-cas3', '~> 1.1.4'
gem 'omniauth-facebook', '~> 4.0.0' gem 'omniauth-facebook', '~> 4.0.0'
gem 'omniauth-github', '~> 1.3' gem 'omniauth-github', '~> 1.3'
gem 'omniauth-gitlab', '~> 1.0.2' gem 'omniauth-gitlab', '~> 1.0.2'
gem 'omniauth-google-oauth2', '~> 0.5.3' gem 'omniauth-google-oauth2', '~> 0.6.0'
gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
gem 'omniauth-oauth2-generic', '~> 0.2.2' gem 'omniauth-oauth2-generic', '~> 0.2.2'
gem 'omniauth-saml', '~> 1.10' gem 'omniauth-saml', '~> 1.10'
...@@ -43,7 +43,7 @@ gem 'omniauth-twitter', '~> 1.4' ...@@ -43,7 +43,7 @@ gem 'omniauth-twitter', '~> 1.4'
gem 'omniauth_crowd', '~> 2.2.0' gem 'omniauth_crowd', '~> 2.2.0'
gem 'omniauth-authentiq', '~> 0.3.3' gem 'omniauth-authentiq', '~> 0.3.3'
gem 'rack-oauth2', '~> 1.2.1' gem 'rack-oauth2', '~> 1.2.1'
gem 'jwt', '~> 1.5.6' gem 'jwt', '~> 2.1.0'
# Spam and anti-bot protection # Spam and anti-bot protection
gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails' gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails'
......
...@@ -403,7 +403,7 @@ GEM ...@@ -403,7 +403,7 @@ GEM
bindata bindata
json-schema (2.8.0) json-schema (2.8.0)
addressable (>= 2.4) addressable (>= 2.4)
jwt (1.5.6) jwt (2.1.0)
kaminari (1.0.1) kaminari (1.0.1)
activesupport (>= 4.1.0) activesupport (>= 4.1.0)
kaminari-actionview (= 1.0.1) kaminari-actionview (= 1.0.1)
...@@ -483,24 +483,24 @@ GEM ...@@ -483,24 +483,24 @@ GEM
nokogiri nokogiri
numerizer (0.1.1) numerizer (0.1.1)
oauth (0.5.4) oauth (0.5.4)
oauth2 (1.4.0) oauth2 (1.4.1)
faraday (>= 0.8, < 0.13) faraday (>= 0.8, < 0.16.0)
jwt (~> 1.0) jwt (>= 1.0, < 3.0)
multi_json (~> 1.3) multi_json (~> 1.3)
multi_xml (~> 0.5) multi_xml (~> 0.5)
rack (>= 1.2, < 3) rack (>= 1.2, < 3)
octokit (4.9.0) octokit (4.9.0)
sawyer (~> 0.8.0, >= 0.5.3) sawyer (~> 0.8.0, >= 0.5.3)
omniauth (1.8.1) omniauth (1.9.0)
hashie (>= 3.4.6, < 3.6.0) hashie (>= 3.4.6, < 3.7.0)
rack (>= 1.6.2, < 3) rack (>= 1.6.2, < 3)
omniauth-auth0 (2.0.0) omniauth-auth0 (2.0.0)
omniauth-oauth2 (~> 1.4) omniauth-oauth2 (~> 1.4)
omniauth-authentiq (0.3.3) omniauth-authentiq (0.3.3)
jwt (>= 1.5) jwt (>= 1.5)
omniauth-oauth2 (>= 1.5) omniauth-oauth2 (>= 1.5)
omniauth-azure-oauth2 (0.0.9) omniauth-azure-oauth2 (0.0.10)
jwt (~> 1.0) jwt (>= 1.0, < 3.0)
omniauth (~> 1.0) omniauth (~> 1.0)
omniauth-oauth2 (~> 1.4) omniauth-oauth2 (~> 1.4)
omniauth-cas3 (1.1.4) omniauth-cas3 (1.1.4)
...@@ -515,8 +515,8 @@ GEM ...@@ -515,8 +515,8 @@ GEM
omniauth-gitlab (1.0.3) omniauth-gitlab (1.0.3)
omniauth (~> 1.0) omniauth (~> 1.0)
omniauth-oauth2 (~> 1.0) omniauth-oauth2 (~> 1.0)
omniauth-google-oauth2 (0.5.3) omniauth-google-oauth2 (0.6.0)
jwt (>= 1.5) jwt (>= 2.0)
omniauth (>= 1.1.1) omniauth (>= 1.1.1)
omniauth-oauth2 (>= 1.5) omniauth-oauth2 (>= 1.5)
omniauth-kerberos (0.3.0) omniauth-kerberos (0.3.0)
...@@ -527,9 +527,9 @@ GEM ...@@ -527,9 +527,9 @@ GEM
omniauth-oauth (1.1.0) omniauth-oauth (1.1.0)
oauth oauth
omniauth (~> 1.0) omniauth (~> 1.0)
omniauth-oauth2 (1.5.0) omniauth-oauth2 (1.6.0)
oauth2 (~> 1.1) oauth2 (~> 1.1)
omniauth (~> 1.2) omniauth (~> 1.9)
omniauth-oauth2-generic (0.2.2) omniauth-oauth2-generic (0.2.2)
omniauth-oauth2 (~> 1.0) omniauth-oauth2 (~> 1.0)
omniauth-saml (1.10.0) omniauth-saml (1.10.0)
...@@ -1041,7 +1041,7 @@ DEPENDENCIES ...@@ -1041,7 +1041,7 @@ DEPENDENCIES
jquery-atwho-rails (~> 1.3.2) jquery-atwho-rails (~> 1.3.2)
js_regex (~> 2.2.1) js_regex (~> 2.2.1)
json-schema (~> 2.8.0) json-schema (~> 2.8.0)
jwt (~> 1.5.6) jwt (~> 2.1.0)
kaminari (~> 1.0) kaminari (~> 1.0)
knapsack (~> 1.17) knapsack (~> 1.17)
kubeclient (~> 4.0.0) kubeclient (~> 4.0.0)
...@@ -1070,7 +1070,7 @@ DEPENDENCIES ...@@ -1070,7 +1070,7 @@ DEPENDENCIES
omniauth-facebook (~> 4.0.0) omniauth-facebook (~> 4.0.0)
omniauth-github (~> 1.3) omniauth-github (~> 1.3)
omniauth-gitlab (~> 1.0.2) omniauth-gitlab (~> 1.0.2)
omniauth-google-oauth2 (~> 0.5.3) omniauth-google-oauth2 (~> 0.6.0)
omniauth-kerberos (~> 0.3.0) omniauth-kerberos (~> 0.3.0)
omniauth-oauth2-generic (~> 0.2.2) omniauth-oauth2-generic (~> 0.2.2)
omniauth-saml (~> 1.10) omniauth-saml (~> 1.10)
......
---
title: Upgrade Omniauth and JWT gems to switch away from Google+ API
merge_request: 24068
author:
type: changed
...@@ -35,7 +35,6 @@ In Google's side: ...@@ -35,7 +35,6 @@ In Google's side:
1. You should now be able to see a Client ID and Client secret. Note them down 1. You should now be able to see a Client ID and Client secret. Note them down
or keep this page open as you will need them later. or keep this page open as you will need them later.
1. From the **Dashboard** select **ENABLE APIS AND SERVICES > Social > Google+ API > Enable**
1. To enable projects to access [Google Kubernetes Engine](../user/project/clusters/index.md), you must also 1. To enable projects to access [Google Kubernetes Engine](../user/project/clusters/index.md), you must also
enable these APIs: enable these APIs:
- Google Kubernetes Engine API - Google Kubernetes Engine API
......
...@@ -18,7 +18,7 @@ module JSONWebToken ...@@ -18,7 +18,7 @@ module JSONWebToken
end end
def encoded def encoded
JWT.encode(payload, secret, JWT_ALGORITHM) JWT.encode(payload, secret, JWT_ALGORITHM, { typ: 'JWT' })
end end
private private
......
...@@ -11,7 +11,8 @@ module JSONWebToken ...@@ -11,7 +11,8 @@ module JSONWebToken
def encoded def encoded
headers = { headers = {
kid: kid kid: kid,
typ: 'JWT'
} }
JWT.encode(payload, key, 'RS256', headers) JWT.encode(payload, key, 'RS256', headers)
end end
......
...@@ -25,7 +25,7 @@ describe JSONWebToken::RSAToken do ...@@ -25,7 +25,7 @@ describe JSONWebToken::RSAToken do
rsa_token['key'] = 'value' rsa_token['key'] = 'value'
end end
subject { JWT.decode(rsa_encoded, rsa_key) } subject { JWT.decode(rsa_encoded, rsa_key, true, { algorithm: 'RS256' }) }
it { expect {subject}.not_to raise_error } it { expect {subject}.not_to raise_error }
it { expect(subject.first).to include('key' => 'value') } it { expect(subject.first).to include('key' => 'value') }
...@@ -39,7 +39,7 @@ describe JSONWebToken::RSAToken do ...@@ -39,7 +39,7 @@ describe JSONWebToken::RSAToken do
context 'for invalid key to raise an exception' do context 'for invalid key to raise an exception' do
let(:new_key) { OpenSSL::PKey::RSA.generate(512) } let(:new_key) { OpenSSL::PKey::RSA.generate(512) }
subject { JWT.decode(rsa_encoded, new_key) } subject { JWT.decode(rsa_encoded, new_key, true, { algorithm: 'RS256' }) }
it { expect {subject}.to raise_error(JWT::DecodeError) } it { expect {subject}.to raise_error(JWT::DecodeError) }
end end
......
...@@ -5,7 +5,7 @@ describe Auth::ContainerRegistryAuthenticationService do ...@@ -5,7 +5,7 @@ describe Auth::ContainerRegistryAuthenticationService do
let(:current_user) { nil } let(:current_user) { nil }
let(:current_params) { {} } let(:current_params) { {} }
let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) } let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
let(:payload) { JWT.decode(subject[:token], rsa_key).first } let(:payload) { JWT.decode(subject[:token], rsa_key, true, { algorithm: 'RS256' }).first }
let(:authentication_abilities) do let(:authentication_abilities) do
[:read_container_image, :create_container_image, :admin_container_image] [:read_container_image, :create_container_image, :admin_container_image]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment