7.2.0 (2024-04-25)
- Support Ruby 3.3 (245bb06)
- Add MAuth::PrivateKeyHelper.load method to process RSA private keys.
- Update Faraday configuration in SecurityTokenCacher:
- Add the
MAUTH_USE_RAILS_CACHEenvironment variable to makeRails.cacheusable to cache public keys. - Shorten timeout for connection, add retries, and use persistent HTTP connections.
- Add the
- Drop support for Faraday < 1.9.
- Remove dice_bag and set configuration through environment variables directly.
- Rename the
V2_ONLY_SIGN_REQUESTS,V2_ONLY_AUTHENTICATE,DISABLE_FALLBACK_TO_V1_ON_V2_FAILUREandV1_ONLY_SIGN_REQUESTSenvironment variables. - Remove the remote authenticator.
- Support Ruby 3.2.
See UPGRADE_GUIDE.md for migration.
- Force Rack > 2.2.3 to resolve CVE-2022-30123.
- Add MAuth::ServerHelper module with convenience methods for servers to access requester app uuid.
- Fix MAuth::Rack::Response to not raise FrozenError.
- Support Ruby 3.1.
- Drop support for Ruby < 2.6.0.
- Allow Faraday 2.x.
- Support Ruby 3.0.
- Drop support for Ruby < 2.5.0.
- Fix SecurityTokenCacher to not cache tokens forever.
- Drop legacy security token expiry in favor of honoring server cache headers via Faraday HTTP Cache Middleware.
- Replace
URI.escapewithCGI.escapein SecurityTokenCacher to suppress "URI.escape is obsolete" warning.
- Allow Faraday 1.x.
- Added parsing code to test with mauth-protocol-test-suite.
- Added unescape step in query_string encoding in order to remove 'double encoding'.
- Added normalization of paths.
- Added flag to sign only with V1.
- Changed V2 to V1 fallback to be configurable.
- Fixed bug in sorting query parameters.
- Fall back to V1 when V2 authentication fails.
- Fix to not raise FrozenError when string to sign contains frozen value.
- Update euresource escaping of query string.
- Add support for MWSV2 protocol.
- Change request signing to sign with both V1 and V2 protocols by default.
- Update log message for authentication request to include protocol version used.
- Added
benchmarkrake task to benchmark request signing and authentication.
- Use warning level instead of error level for logs about missing mauth header.
- Drop support for Ruby < 2.3.0
- Update development dependencies
- Restore original behavior in the proxy of forwarding of headers that begin with HTTP_ (except for HTTP_HOST) but removing the HTTP_.
- Updated signature to decode number sign (#) in requests
- Store the config data to not load the config file multiple times
- Open source and publish this gem on rubygems.org, no functionality changes
- yanked
- Use String#bytesize method instead of Rack::Utils' one, which was removed in Rack 2.0
- Increased the default timeout when fetching keys from MAuth from 1 second to 10 seconds
- Properly honor faraday_options: timeout in mauth.yml for faraday < 0.9
- Fixed bug in Faraday call, not to raise exception when adding authenticate information to response.
- Properly require version file. Solves exception with the Faraday middleware.
- Updated
mauth.rb.dicetemplate to useMAuth::Client.default_configmethod and store the config inMAUTH_CONFconstant
- Always pass a private key to the
ensure_is_private_keymethod
- Use
ensure_is_private_keyin themauth_keytemplate
- Drop support for ruby 1.x
- Add a dice template for mauth initializer
- Added an ssl_certs_path option to support JRuby applications
- Updated dice templates to ensure
rake configraises an error in production env if required variables are missing.
- Added logging of mauth app_uuid of requester and requestee on each request
- Ability to pass custom headers into mauth-client and mauth-proxy
- Upgraded to use newest version of Faraday Middleware
- Faraday_options now only get merged to the request (previously got merged into everything)
- Syntax highlighting in hale+json output
- Less restrictive rack versioning to allow for more consumers.
- Allow verification even if intermediate web servers unescape URLs.
- Fixed bug where nil Rails.logger prevented a logger from being built.
- Added templates for dice_bag, now rake config:generate_all will create mauth config files when you include this gem.
- Imported documentation from Medinet into the project's doc directory
- Add Shamus
- CLI option --no-ssl-verify disables SSL verification
- Syntax highlighting with CodeRay colorizes request and response bodies of recognized media types
- MAuth::Proxy class now lives in lib, in mauth/proxy, and may be used as a rack application
- mauth-proxy executable recognizes --no-authenticate option for responses
- MAuth::Proxy bugfix usage of REQUEST_URI; use Rack::Request#fullpath instead
- MAuth::Rack::RequestAuthenticator middleware responds with json (instead of text/plain) for inauthentic requests and requests which it is unable to authenticate
- Added MAuth::Client.default_config method
- Added mauth-proxy executable
- Faraday middlewares are registered with Faraday
- Rack middleware correctly handles Content-Length with HEAD requests
- MAuth::Client raises MAuth::Client::ConfigurationError instead of ArgumentError or RuntimeError as appropriate
- Colorized output from the mauth-client CLI
- Add --content-type option to CLI
- CLI rescues and prints MAuth errors instead of them bubbling up to the interpreter
- Improved method documentation
- Fix default null logger on windows where /dev/null is not available
- Improve error logging
- When authentication headers are missing, the previous message ("No x-mws-time present") is replaced by the somewhat more informative "Authentication Failed. No mAuth signature present; X-MWS-Authentication header is blank."
- More informative help messages from mauth-client CLI
- CLI sets a user-agent
- Handling timeout errors is fixed (previously only handled connection errors)
- Middleware MAuth::Rack::RequestAuthenticationFaker for testing
- More and better specs
- Fixes an issue where requests which have a body and are not PUT or POST were not being correctly signed in rack middleware
- Improves the CLI, adding command-line options --[no-]authenticate to decide whether to authenticate responses, and --[no-]verbose to decide whether to dump the entire request and response, or just the response body. and --help to Remind you.
- Fixes mauth-client CLI being registered as an executable in the gemspec - now it should be possible to just
bundle exec mauth-clientif you have the gem bundle installed (or justmauth-clientif you have it installed as a regular gem, but that's less straightforward) - New middleware MAuth::Rack::RequestAuthenticatorNoAppStatus - same as MAuth::Rack::RequestAuthenticator, but does not authenticate /app_status. this will be the most commonly used case, so made it its own middleware.
- Middleware responds to HEAD requests correctly in error conditions, not including a response body
- Drops backports dependency (Ben has found some issues with this gem, and it was easier to drop the depedency entirely than figure out whether these issues affected mauth-client and if it could be fixed)
- Fix issue with remote authentication against the currently-deployed mauth service with a request signed by a nonexistent app_uuid
- Fix an issue in a case where the rack.input is not rewound before mauth-client attempts to read it
- MAuth::Client handles the :private_key_file, so you can remove from your application the bit that does that - this bit can be deleted:
if mauth_conf['private_key_file']
mauth_conf['private_key'] = File.read(mauth_conf['private_key_file'])
end
- Autoloads are in place so that once you require 'mauth/client', you should not need to require mauth/rack, mauth/faraday, or mauth/request_and_response.
- Rewrite combining the mauth_signer and rack-mauth gems