Merge pull request #130 from omniauth/require-MFA

SECURITY updates

Author: pboling

LICENSE renamed to LICENSE.txt

@@ -1,3 +1,5 @@
+MIT License
+
 Copyright (c) 2021, 2024 Peter H. Boling, and OmniAuth-Identity Maintainers
 Copyright (c) 2020 Peter H. Boling, Andrew Roberts, and Jellybooks Ltd.
 Copyright (c) 2010-2015 Michael Bleigh, and Intridea, Inc.

SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 3.1.x   | ✅         |
+| 3.0.x   | ❌         |
+| 2.x     | ❌         |
+| 1.x     | ❌         |
+| 0.x     | ❌         |
+
+## Reporting a Vulnerability
+
+Peter Boling is the primary maintainer of this gem. Please find a way
+to [contact him directly](https://railsbling.com/contact) to report the issue. Include as much relevant information as
+possible.
+
+If you are interested in support for versions older than the latest release,
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
+or find other sponsorship links in the [README].
+
+[README]: README.md

maintenance-branch

@@ -7,13 +7,14 @@ gem_version = OmniAuth::Identity::Version::VERSION
 OmniAuth::Identity::Version.send(:remove_const, :VERSION)
 
 Gem::Specification.new do |spec|
-  # See CONTRIBUTING.md
-  spec.cert_chain = [ENV.fetch("GEM_CERT_PATH", "certs/#{ENV.fetch("GEM_CERT_USER", ENV["USER"])}.pem")]
-  spec.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $PROGRAM_NAME.end_with?("gem")
-
   spec.name = "omniauth-identity"
   spec.version = gem_version
   spec.authors = ["Peter Boling", "Andrew Roberts", "Michael Bleigh"]
+  spec.email = ["[email protected]"]
+
+  # See CONTRIBUTING.md
+  spec.cert_chain = [ENV.fetch("GEM_CERT_PATH", "certs/#{ENV.fetch("GEM_CERT_USER", ENV["USER"])}.pem")]
+  spec.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $PROGRAM_NAME.end_with?("gem")
 
   spec.summary = spec.description
   spec.description = "Traditional username/password based authentication system for OmniAuth"
@@ -22,14 +23,25 @@ Gem::Specification.new do |spec|
   spec.license = "MIT"
   spec.required_ruby_version = ">= 2.4"
 
+  spec.metadata["homepage_uri"] = "https://railsbling.com/tags/#{spec.name}/"
+  spec.metadata["source_code_uri"] = "#{spec.homepage}/tree/v#{spec.version}"
+  spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/v#{spec.version}/CHANGELOG.md"
+  spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/issues"
+  spec.metadata["documentation_uri"] = "https://www.rubydoc.info/gems/#{spec.name}/#{spec.version}"
+  spec.metadata["wiki_uri"] = "#{spec.homepage}/wiki"
+  spec.metadata["funding_uri"] = "https://liberapay.com/pboling"
+  spec.metadata["rubygems_mfa_required"] = "true"
+
   spec.files = Dir[
     # Splats (alphabetical)
     "lib/**/*",
     # Files (alphabetical)
     "CHANGELOG.md",
     "CODE_OF_CONDUCT.md",
-    "LICENSE",
+    "CONTRIBUTING.md",
+    "LICENSE.txt",
     "README.md",
+    "SECURITY.md",
   ]
   spec.bindir = "exe"
   spec.require_paths = ["lib"]