diff --git a/.ruby-version b/.ruby-version index a3ec5a4bd..944880fa1 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.2 +3.2.0 diff --git a/Gemfile.lock b/Gemfile.lock index a142eac6e..653e5a17f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -204,7 +204,7 @@ GEM method_source (1.0.0) mini_cache (1.1.0) mini_mime (1.1.5) - mini_portile2 (2.8.5) + mini_portile2 (2.8.6) minitest (5.19.0) msgpack (1.7.2) nenv (0.3.0) @@ -219,7 +219,7 @@ GEM net-protocol newrelic_rpm (8.16.0) nio4r (2.7.0) - nokogiri (1.16.2) + nokogiri (1.16.5) mini_portile2 (~> 2.8.2) racc (~> 1.4) notiffany (0.1.3) diff --git a/app/models/certificate.rb b/app/models/certificate.rb index 5754c1590..5bea31b2a 100644 --- a/app/models/certificate.rb +++ b/app/models/certificate.rb @@ -193,6 +193,7 @@ def token_for_valid_certificate(extra) subject: subject_s, issuer: issuer.to_s, uuid: piv.uuid, + key_id: key_id, ) ) end diff --git a/spec/controllers/identify_controller_spec.rb b/spec/controllers/identify_controller_spec.rb index 0a122df50..eecd5d35c 100644 --- a/spec/controllers/identify_controller_spec.rb +++ b/spec/controllers/identify_controller_spec.rb @@ -135,7 +135,7 @@ allow(OcspService).to receive(:new).and_return(ocsp_responder) end - it 'returns a token with a uuid and subject and logs certificate metadata' do + it 'returns a token with a uuid, subject, key id, and logs certificate metadata' do allow(IdentityConfig.store).to receive(:client_cert_escaped).and_return(true) cert = Certificate.new(client_cert) @@ -169,6 +169,7 @@ expect(token).to be_truthy expect(token_contents['nonce']).to eq '123' + expect(token_contents['key_id']).to eq(cert.key_id) # N.B.: we do this split/sort because DNs match without respect to # ordering of components. OpenSSL::X509::Name doesn't match correctly.