Use a more permissive version spec for omniauth

.github/workflows/ci.yml

@@ -0,0 +1,49 @@
+name: CI
+
+on: [push]
+
+env:
+  CI_BRANCH: "${{ github.ref_name }}"
+  BUNDLE_SAGEONEGEMS__JFROG__IO: "${{ secrets.BUNDLE_SAGEONEGEMS__JFROG__IO }}"
+
+jobs:
+  test:
+    name: test ruby ${{ matrix.ruby }}
+    strategy:
+      matrix:
+        ruby: [ 3.2, 3.1, "3.0", 2.7 ]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Tests
+        run: 'bundle exec rspec spec --force-color --format doc'
+  release:
+    needs: test
+    if: startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/build-')
+    runs-on: ubuntu-latest
+    env:
+      GEMS_PATH: "pkg/*.gem"
+      RUBYGEMS_HOST: "${{ secrets.RUBYGEMS_HOST }}"
+      JFROG_USER: "${{ secrets.JFROG_USER }}"
+      JFROG_PASS: "${{ secrets.JFROG_PASS }}"
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '2.7'
+          bundler-cache: true
+      - name: Clear any existing packages
+        run: rm -f $GEMS_PATH
+      - name: Retrieve credentials
+        run: |
+          mkdir -p $HOME/.gem
+          curl -u $JFROG_USER:$JFROG_PASS $RUBYGEMS_HOST/api/v1/api_key.yaml > $HOME/.gem/credentials
+          chmod 600 $HOME/.gem/credentials
+      - name: Build gem
+        run: bundle exec rake build omniauth-jwt.gemspec
+      - name: Publish
+        run: gem push $GEMS_PATH

Dockerfile

@@ -0,0 +1,16 @@
+FROM ruby:2.7.8-alpine
+
+RUN apk --update add --no-cache bash curl less ruby-dev build-base openssl-dev grep git
+
+ARG BUNDLE_SAGEONEGEMS__JFROG__IO
+ENV HOME /usr/src/gem
+WORKDIR $HOME
+
+COPY . $HOME
+
+ENV BUNDLE_PATH /usr/src/bundle
+RUN bundle install --system
+
+ENTRYPOINT []
+CMD ["./container_loop.sh"]
+

Gemfile

@@ -2,7 +2,3 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in omniauth-jwt.gemspec
 gemspec
-
-group :test, :development do
-  gem 'multi_json'
-end

container_loop.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+while :
+do
+	echo "Container is running.."
+	sleep 1
+done

docker-compose.yml

@@ -0,0 +1,11 @@
+version: '2'
+
+services:
+  sage-omniauth-jwt:
+    build:
+      context: .
+    container_name: sage-omniauth-jwt
+    environment:
+      - BUNDLE_SAGEONEGEMS__JFROG__IO
+    volumes:
+      - .:/usr/src/gem

omniauth-jwt.gemspec

@@ -1,30 +1,32 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'omniauth/jwt/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "sage-omniauth-jwt"
+  spec.name          = 'sage-omniauth-jwt'
   spec.version       = Omniauth::JWT::VERSION
-  spec.authors       = ["Michael Bleigh", "Tobias Haar"]
-  spec.email         = ["[email protected]", "[email protected]"]
-  spec.description   = %q{An OmniAuth strategy to accept JWT-based single sign-on.}
-  spec.summary       = %q{An OmniAuth strategy to accept JWT-based single sign-on.}
-  spec.homepage      = "http://github.com/Sage/omniauth-jwt"
-  spec.license       = "MIT"
+  spec.authors       = ['Michael Bleigh', 'Tobias Haar']
+  spec.email         = ['[email protected]', '[email protected]']
+  spec.description   = 'An OmniAuth strategy to accept JWT-based single sign-on.'
+  spec.summary       = 'An OmniAuth strategy to accept JWT-based single sign-on.'
+  spec.homepage      = 'http://github.com/Sage/omniauth-jwt'
+  spec.license       = 'MIT'
 
   spec.files         = `git ls-files`.split($/)
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_development_dependency "bundler", "~> 1.3"
-  spec.add_development_dependency "rake"
-  spec.add_development_dependency "rspec"
-  spec.add_development_dependency "guard"
-  spec.add_development_dependency "guard-rspec"
-  spec.add_development_dependency "rack-test"
+  spec.add_development_dependency 'bundler', '>= 2.0'
+  spec.add_development_dependency 'debug'
+  spec.add_development_dependency 'guard'
+  spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'multi_json'
+  spec.add_development_dependency 'rack-session'
+  spec.add_development_dependency 'rack-test'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
 
-  spec.add_dependency "jwt"
-  spec.add_dependency "omniauth", "~> 1.1"
+  spec.add_dependency 'jwt'
+  spec.add_dependency 'omniauth', '>= 1.1'
 end

spec/lib/omniauth/strategies/jwt_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 require 'multi_json'
 
@@ -7,40 +9,48 @@ def initialize(request)
   end
 
   def secret
-    "test_secret"
+    'test_secret'
   end
 
-  def uid(decoded)
-    "foo"
+  def uid(_decoded)
+    'foo'
   end
 end
 
 describe OmniAuth::Strategies::JWT do
-  let(:response_json){ MultiJson.load(last_response.body) }
-  let(:args){ ['imasecret', {auth_url: 'http://example.com/login'}] }
+  let(:response_json) { MultiJson.load(last_response.body) }
+  let(:auth_url) { 'http://example.com/login' }
+  let(:args) { ['imasecret', { auth_url: auth_url }] }
 
-  let(:app){
+  let(:app)  do
     the_args = args
     Rack::Builder.new do |b|
-      b.use Rack::Session::Cookie, secret: 'sekrit'
+      b.use Rack::Session::Cookie, secret: SecureRandom.hex(64)
       b.use OmniAuth::Strategies::JWT, *the_args
-      b.run lambda{|env| [200, {}, [(env['omniauth.auth'] || {}).to_json]]}
+      b.map '/auth/jwt' do
+        run ->(env) do
+          unless env['PATH_INFO'] == '/callback'
+            return [302, { 'location' => 'http://example.com/login' }, [(env['omniauth.auth'] || {}).to_json]]
+          end
+          [200, {}, [(env['omniauth.auth'] || {}).to_json]]
+        end
+      end
     end
-  }
+  end
 
-  context "when lookup class is defined" do
-    let(:args) { [TestLookup, {:uid_claim => TestLookup}] }
+  context 'when lookup class is defined' do
+    let(:args) { [TestLookup, { uid_claim: TestLookup }] }
 
-    it "uses the provided class to lookup the key" do
-      encoded = JWT.encode({name: 'Bob', email: '[email protected]'}, "test_secret")
+    it 'uses the provided class to lookup the key' do
+      encoded = JWT.encode({ name: 'Bob', email: '[email protected]' }, 'test_secret')
       get '/auth/jwt/callback?jwt=' + encoded
-      expect(response_json["info"]["email"]).to eq("[email protected]")
+      expect(response_json['info']['email']).to eq('[email protected]')
     end
 
-    it "provides a UID for the signatory" do
-      encoded = JWT.encode({name: 'Bob', email: '[email protected]'}, "test_secret")
+    it 'provides a UID for the signatory' do
+      encoded = JWT.encode({ name: 'Bob', email: '[email protected]' }, 'test_secret')
       get '/auth/jwt/callback?jwt=' + encoded
-      expect(response_json["uid"]).to eq('foo')
+      expect(response_json['uid']).to eq('foo')
     end
   end
 
@@ -54,53 +64,53 @@ def uid(decoded)
 
   context 'callback phase' do
     it 'should decode the response' do
-      encoded = JWT.encode({name: 'Bob', email: '[email protected]'}, 'imasecret')
+      encoded = JWT.encode({ name: 'Bob', email: '[email protected]' }, 'imasecret')
       get '/auth/jwt/callback?jwt=' + encoded
-      expect(response_json["info"]["email"]).to eq("[email protected]")
+      expect(response_json['info']['email']).to eq('[email protected]')
     end
 
     it 'should not work without required fields' do
-      encoded = JWT.encode({name: 'Steve'}, 'imasecret')
+      encoded = JWT.encode({ name: 'Steve' }, 'imasecret')
       get '/auth/jwt/callback?jwt=' + encoded
       expect(last_response.status).to eq(302)
     end
 
     it 'should assign the uid' do
-      encoded = JWT.encode({name: 'Steve', email: '[email protected]'}, 'imasecret')
+      encoded = JWT.encode({ name: 'Steve', email: '[email protected]' }, 'imasecret')
       get '/auth/jwt/callback?jwt=' + encoded
-      expect(response_json["uid"]).to eq('[email protected]')
+      expect(response_json['uid']).to eq('[email protected]')
     end
 
     context 'with a :valid_within option set' do
-      let(:args){ ['imasecret', {auth_url: 'http://example.com/login', valid_within: 300}] }
+      let(:args) { ['imasecret', { auth_url: 'http://example.com/login', valid_within: 300 }] }
 
       it 'should work if the iat key is within the time window' do
-        encoded = JWT.encode({name: 'Ted', email: '[email protected]', iat: Time.now.to_i}, 'imasecret')
+        encoded = JWT.encode({ name: 'Ted', email: '[email protected]', iat: Time.now.to_i }, 'imasecret')
         get '/auth/jwt/callback?jwt=' + encoded
         expect(last_response.status).to eq(200)
       end
 
       it 'should not work if the iat key is outside the time window' do
-        encoded = JWT.encode({name: 'Ted', email: '[email protected]', iat: Time.now.to_i + 500}, 'imasecret')
+        encoded = JWT.encode({ name: 'Ted', email: '[email protected]', iat: Time.now.to_i + 500 }, 'imasecret')
         get '/auth/jwt/callback?jwt=' + encoded
         expect(last_response.status).to eq(302)
       end
 
       it 'should not work if the iat key is missing' do
-        encoded = JWT.encode({name: 'Ted', email: '[email protected]'}, 'imasecret')
+        encoded = JWT.encode({ name: 'Ted', email: '[email protected]' }, 'imasecret')
         get '/auth/jwt/callback?jwt=' + encoded
         expect(last_response.status).to eq(302)
       end
     end
 
     describe 'secret' do
       context 'multiple issuers' do
-        let(:args) { [{ issuer_1: 'secret_1', issuer_2: 'secret_2' }, {auth_url: 'http://example.com/login'}] }
+        let(:args) { [{ issuer_1: 'secret_1', issuer_2: 'secret_2' }, { auth_url: 'http://example.com/login' }] }
 
         it 'should assign the uid' do
-          encoded = JWT.encode({name: 'Steve', email: '[email protected]', iss: 'issuer_1'}, 'secret_1')
+          encoded = JWT.encode({ name: 'Steve', email: '[email protected]', iss: 'issuer_1' }, 'secret_1')
           get '/auth/jwt/callback?jwt=' + encoded
-          expect(response_json["uid"]).to eq('[email protected]')
+          expect(response_json['uid']).to eq('[email protected]')
         end
       end
     end

spec/spec_helper.rb

@@ -1,4 +1,9 @@
-$:.unshift File.dirname(__FILE__) + "/../lib"
+# frozen_string_literal: true
+
+require 'debug'
+
+$:.unshift File.dirname(__FILE__) + '/../lib'
+require 'rack/session'
 require 'rack/test'
 
 require 'omniauth/jwt'
@@ -13,7 +18,7 @@
   config.treat_symbols_as_metadata_keys_with_true_values = true
   config.run_all_when_everything_filtered = true
   config.filter_run :focus
-  
+
   include Rack::Test::Methods
 
   # Run specs in random order to surface order dependencies. If you find an