:upgrade: use rbsso 0.3.0 with nonce support

We do not make use of the nonce yet. We lack a way to store the nonce in the session for now. It probably exists as helpy also knows to store the page one tried to visit in the session but I need to research how to access it from within an omniauth strategy.

:upgrade: use rbsso 0.3.0 with nonce support
232fb673 · azul · ae91d937 · 232fb673 · 232fb673
Unverified Commit 232fb673 authored 8 years ago by azul
--- a/omniauth-sso.gemspec
+++ b/omniauth-sso.gemspec
@@ -11,7 +11,7 @@ Omniauth strategy for "ai's sso"(https://git.autistici.org/ai/sso) based on rbss
  s.homepage    = 'https://0xacab.org/riseup/omniauth-sso'

  s.add_runtime_dependency 'omniauth', '~> 1.3'
-  s.add_runtime_dependency 'rbsso', '~> 0.2.2'
+  s.add_runtime_dependency 'rbsso', '~> 0.3.0'

  s.add_development_dependency 'rake', '>= 10', '< 13'
  s.add_development_dependency 'minitest', '~>5.0'

--- a/test/omniauth/strategies/sso_test.rb
+++ b/test/omniauth/strategies/sso_test.rb
@@ -49,7 +49,7 @@ class OmniAuth::Strategies::SSOTest < Minitest::Test

  def test_wrong_service
    assert_raises RuntimeError do
-      post '/auth/sso/callback', t: server.ticket(user, 'other_service', domain)
+      post '/auth/sso/callback', t: ticket_for_other_service
    end
    assert_nil auth_hash
  end
@@ -64,6 +64,10 @@ class OmniAuth::Strategies::SSOTest < Minitest::Test
    end
  end

+  def ticket_for_other_service
+    server.ticket user: user, service: 'other_service', domain: domain
+  end
+
  # We modify the content of the ticket so the signature becomes invalid.
  # It still should have the right length and be Base64 compatible.
  def invalid_ticket
@@ -77,7 +81,7 @@ class OmniAuth::Strategies::SSOTest < Minitest::Test
  end

  def ticket
-    server.ticket(user, service, domain)
+    server.ticket(user: user, service: service, domain: domain)
  end

  def server; RbSSO::Server.new seed; end