authpwn_rails 0.16.2 → 0.17.0

data/app/models/tokens/base.rb

@@ -1,19 +1,5 @@
 require 'securerandom'
 
-# :nodoc: Backport urlsafe_base64 to 1.8.7.
-unless SecureRandom.respond_to? :urlsafe_base64
-  SecureRandom.class_eval do
-    # :nodoc: lifted from 1.9.3 securerandom.rb, line 190
-    def self.urlsafe_base64(n=nil, padding=false)
-      s = [random_bytes(n)].pack("m*")
-      s.delete!("\n")
-      s.tr!("+/", "-_")
-      s.delete!("=") if !padding
-      s
-    end
-  end
-end
-
 # :namespace
 module Tokens
 
@@ -45,30 +31,17 @@ class Base < ::Credential
     credential ? credential.authenticate : :invalid
   end
 
-  
-  begin
-    ActiveRecord::QueryMethods.instance_method :references
-    # Rails 4.
-
-    # Scope that uses a secret code.
-    def self.with_code(code)
-      # NOTE 1: The where query must be performed off the root type, otherwise
-      #         Rails will try to guess the right values for the 'type' column,
-      #         and will sometimes get them wrong.
-      # NOTE 2: After using this method, it's likely that the user's other
-      #         tokens (e.g., email or Facebook OAuth token) will be required,
-      #         so we pre-fetch them.
-      Credential.where(name: code).includes(user: :credentials).
-          where(Credential.arel_table[:type].matches('Tokens::%')).
-          references(:credential)
-    end
-  rescue NameError
-    # Rails 3.
-
-    def self.with_code(code)
-      Credential.where(name: code).includes(user: :credentials).
-          where(Credential.arel_table[:type].matches('Tokens::%'))
-    end
+  # Scope that uses a secret code.
+  def self.with_code(code)
+    # NOTE 1: The where query must be performed off the root type, otherwise
+    #         Rails will try to guess the right values for the 'type' column,
+    #         and will sometimes get them wrong.
+    # NOTE 2: After using this method, it's likely that the user's other
+    #         tokens (e.g., email or Facebook OAuth token) will be required,
+    #         so we pre-fetch them.
+    Credential.where(name: code).includes(user: :credentials).
+        where(Credential.arel_table[:type].matches('Tokens::%')).
+        references(:credential)
   end
 
   # Authenticates a user using this token.

data/authpwn_rails.gemspec

@@ -2,14 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+# stub: authpwn_rails 0.17.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "authpwn_rails"
-  s.version = "0.16.2"
+  s.version = "0.17.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
   s.authors = ["Victor Costan"]
-  s.date = "2014-02-20"
+  s.date = "2014-11-07"
   s.description = "Works with Facebook."
   s.email = "victor@costan.us"
   s.extra_rdoc_files = [
@@ -22,15 +24,16 @@ Gem::Specification.new do |s|
     ".travis.yml",
     "Gemfile",
     "Gemfile.lock",
-    "Gemfile.rails3",
     "Gemfile.rails4",
+    "Gemfile.rails41",
+    "Gemfile.rails42",
     "LICENSE",
     "README.rdoc",
     "Rakefile",
     "VERSION",
     "app/helpers/session_helper.rb",
     "app/models/credentials/email.rb",
-    "app/models/credentials/facebook.rb",
+    "app/models/credentials/omni_auth_uid.rb",
     "app/models/credentials/password.rb",
     "app/models/tokens/base.rb",
     "app/models/tokens/email_verification.rb",
@@ -45,13 +48,13 @@ Gem::Specification.new do |s|
     "lib/authpwn_rails/current_user.rb",
     "lib/authpwn_rails/engine.rb",
     "lib/authpwn_rails/expires.rb",
-    "lib/authpwn_rails/facebook_session.rb",
     "lib/authpwn_rails/generators/all_generator.rb",
     "lib/authpwn_rails/generators/templates/001_create_users.rb",
     "lib/authpwn_rails/generators/templates/003_create_credentials.rb",
     "lib/authpwn_rails/generators/templates/credential.rb",
     "lib/authpwn_rails/generators/templates/credentials.yml",
     "lib/authpwn_rails/generators/templates/initializer.rb",
+    "lib/authpwn_rails/generators/templates/omniauth_initializer.rb",
     "lib/authpwn_rails/generators/templates/session.rb",
     "lib/authpwn_rails/generators/templates/session/forbidden.html.erb",
     "lib/authpwn_rails/generators/templates/session/home.html.erb",
@@ -76,19 +79,17 @@ Gem::Specification.new do |s|
     "lib/authpwn_rails/session_model.rb",
     "lib/authpwn_rails/test_extensions.rb",
     "lib/authpwn_rails/user_extensions/email_field.rb",
-    "lib/authpwn_rails/user_extensions/facebook_fields.rb",
     "lib/authpwn_rails/user_extensions/password_field.rb",
     "lib/authpwn_rails/user_model.rb",
     "test/cookie_controller_test.rb",
     "test/credentials/email_credential_test.rb",
     "test/credentials/email_verification_token_test.rb",
-    "test/credentials/facebook_credential_test.rb",
+    "test/credentials/omni_auth_uid_credential_test.rb",
     "test/credentials/one_time_token_credential_test.rb",
     "test/credentials/password_credential_test.rb",
     "test/credentials/password_reset_token_test.rb",
     "test/credentials/session_uid_token_test.rb",
     "test/credentials/token_crendential_test.rb",
-    "test/facebook_controller_test.rb",
     "test/fixtures/bare_session/forbidden.html.erb",
     "test/fixtures/bare_session/home.html.erb",
     "test/fixtures/bare_session/new.html.erb",
@@ -104,66 +105,67 @@ Gem::Specification.new do |s|
     "test/helpers/rails.rb",
     "test/helpers/rails_undo.rb",
     "test/helpers/routes.rb",
+    "test/helpers/test_order.rb",
     "test/helpers/view_helpers.rb",
     "test/http_basic_controller_test.rb",
     "test/initializer_test.rb",
     "test/routes_test.rb",
     "test/session_controller_api_test.rb",
+    "test/session_controller_test.rb",
     "test/session_mailer_api_test.rb",
+    "test/session_mailer_test.rb",
     "test/session_test.rb",
     "test/test_extensions_test.rb",
     "test/test_helper.rb",
     "test/user_extensions/email_field_test.rb",
-    "test/user_extensions/facebook_fields_test.rb",
     "test/user_extensions/password_field_test.rb",
     "test/user_test.rb"
   ]
   s.homepage = "http://github.com/pwnall/authpwn_rails"
   s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = "2.0.14"
-  s.summary = "User authentication for Rails 3 and 4 applications."
+  s.rubygems_version = "2.2.2"
+  s.summary = "User authentication for Rails 4 applications."
 
   if s.respond_to? :specification_version then
     s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
-      s.add_runtime_dependency(%q<rails>, [">= 3.2.17"])
-      s.add_development_dependency(%q<bundler>, [">= 1.3.5"])
+      s.add_runtime_dependency(%q<rails>, [">= 4.0.9"])
+      s.add_development_dependency(%q<bundler>, [">= 1.7.3"])
       s.add_development_dependency(%q<mocha>, [">= 0.14.0"])
-      s.add_development_dependency(%q<jeweler>, [">= 1.8.8"])
+      s.add_development_dependency(%q<jeweler>, [">= 2.0.1"])
       s.add_development_dependency(%q<simplecov>, [">= 0"])
-      s.add_development_dependency(%q<mysql2>, [">= 0.3.14"])
-      s.add_development_dependency(%q<pg>, [">= 0.17.0"])
-      s.add_development_dependency(%q<sqlite3>, [">= 1.3.8"])
+      s.add_development_dependency(%q<mysql2>, [">= 0.3.16"])
+      s.add_development_dependency(%q<omniauth>, [">= 1.2.2"])
+      s.add_development_dependency(%q<pg>, [">= 0.17.1"])
+      s.add_development_dependency(%q<sqlite3>, [">= 1.3.9"])
       s.add_development_dependency(%q<rubysl>, [">= 0"])
       s.add_development_dependency(%q<rubysl-bundler>, [">= 0"])
       s.add_development_dependency(%q<rubysl-rake>, [">= 0"])
     else
-      s.add_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
-      s.add_dependency(%q<rails>, [">= 3.2.17"])
-      s.add_dependency(%q<bundler>, [">= 1.3.5"])
+      s.add_dependency(%q<rails>, [">= 4.0.9"])
+      s.add_dependency(%q<bundler>, [">= 1.7.3"])
       s.add_dependency(%q<mocha>, [">= 0.14.0"])
-      s.add_dependency(%q<jeweler>, [">= 1.8.8"])
+      s.add_dependency(%q<jeweler>, [">= 2.0.1"])
       s.add_dependency(%q<simplecov>, [">= 0"])
-      s.add_dependency(%q<mysql2>, [">= 0.3.14"])
-      s.add_dependency(%q<pg>, [">= 0.17.0"])
-      s.add_dependency(%q<sqlite3>, [">= 1.3.8"])
+      s.add_dependency(%q<mysql2>, [">= 0.3.16"])
+      s.add_dependency(%q<omniauth>, [">= 1.2.2"])
+      s.add_dependency(%q<pg>, [">= 0.17.1"])
+      s.add_dependency(%q<sqlite3>, [">= 1.3.9"])
       s.add_dependency(%q<rubysl>, [">= 0"])
       s.add_dependency(%q<rubysl-bundler>, [">= 0"])
       s.add_dependency(%q<rubysl-rake>, [">= 0"])
     end
   else
-    s.add_dependency(%q<fbgraph_rails>, [">= 0.2.2"])
-    s.add_dependency(%q<rails>, [">= 3.2.17"])
-    s.add_dependency(%q<bundler>, [">= 1.3.5"])
+    s.add_dependency(%q<rails>, [">= 4.0.9"])
+    s.add_dependency(%q<bundler>, [">= 1.7.3"])
     s.add_dependency(%q<mocha>, [">= 0.14.0"])
-    s.add_dependency(%q<jeweler>, [">= 1.8.8"])
+    s.add_dependency(%q<jeweler>, [">= 2.0.1"])
     s.add_dependency(%q<simplecov>, [">= 0"])
-    s.add_dependency(%q<mysql2>, [">= 0.3.14"])
-    s.add_dependency(%q<pg>, [">= 0.17.0"])
-    s.add_dependency(%q<sqlite3>, [">= 1.3.8"])
+    s.add_dependency(%q<mysql2>, [">= 0.3.16"])
+    s.add_dependency(%q<omniauth>, [">= 1.2.2"])
+    s.add_dependency(%q<pg>, [">= 0.17.1"])
+    s.add_dependency(%q<sqlite3>, [">= 1.3.9"])
     s.add_dependency(%q<rubysl>, [">= 0"])
     s.add_dependency(%q<rubysl-bundler>, [">= 0"])
     s.add_dependency(%q<rubysl-rake>, [">= 0"])

data/lib/authpwn_rails/credential_model.rb

@@ -20,13 +20,9 @@ module CredentialModel
 
     # Secret information associated with the token.
     validates :key, length: { in: 1..2.kilobytes, allow_nil: true }
-
-    if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
-      attr_accessible
-    end
   end
 
-  # Included in the metaclass of models that call pwnauth_facebook_token_model.
+  # Class methods on models that include Authpwn::CredentialModel.
   module ClassMethods
 
   end  # module Authpwn::FacebookTokenModel::ClassMethods

data/lib/authpwn_rails/generators/all_generator.rb

@@ -66,9 +66,11 @@ class AllGenerator < Rails::Generators::Base
                         'reset_password_email.text.erb')
   end
 
-  def create_initializer
+  def create_initializers
     copy_file 'initializer.rb',
               File.join('config', 'initializers', 'authpwn.rb')
+    copy_file 'omniauth_initializer.rb',
+              File.join('config', 'initializers', 'authpwn_omniauth.rb')
   end
 end  # class Authpwn::AllGenerator
 

data/lib/authpwn_rails/generators/templates/001_create_users.rb

@@ -3,9 +3,9 @@ class CreateUsers < ActiveRecord::Migration
     create_table :users do |t|
       t.string :exuid, limit: 32, null: false
 
-      t.timestamps
-    end
+      t.timestamps null: false
 
-    add_index :users, :exuid, unique: true
+      t.index :exuid, unique: true
+    end
   end
 end

data/lib/authpwn_rails/generators/templates/003_create_credentials.rb

@@ -8,13 +8,13 @@ class CreateCredentials < ActiveRecord::Migration
       t.timestamp :updated_at, null: false
 
       t.binary :key, limit: 2.kilobytes, null: true
-    end
 
-    # All the credentials (maybe of a specific type) belonging to a user.
-    add_index :credentials, [:user_id, :type], unique: false
-    # A specific credential, to find out what user it belongs to.
-    add_index :credentials, [:type, :name], unique: true
-    # Expired credentials (particularly useful for tokens).
-    add_index :credentials, [:type, :updated_at], unique: false
+      # All the credentials (maybe of a specific type) belonging to a user.
+      t.index [:user_id, :type], unique: false
+      # A specific credential, to find out what user it belongs to.
+      t.index [:type, :name], unique: true
+      # Expired credentials (particularly useful for tokens).
+      t.index [:type, :updated_at], unique: false
+    end
   end
 end

data/lib/authpwn_rails/generators/templates/credentials.yml

@@ -20,19 +20,6 @@ john_password:
   user: john
   key: <%= Credentials::Password.hash_password('password', '1234').inspect %>
 
-# Test account vic.tor@costan.us
-jane_facebook:
-  user: jane
-  type: Credentials::Facebook
-  name: 1011950666
-  key: AAAEj8jKX2a8BAA4kNheRhOs6SlECVcZCE9o5pPKMytOjjoiNAoZBGZAwuL4KrrxXWesfJRhzDZCJiqrcQG3UdjRRNtyMJQMZD
-
-john_facebook:
-  user: john
-  type: Credentials::Facebook
-  name: 702659
-  key: 702659|ffffffffffffffffffffffff-702659|ZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
-
 jane_token:
   user: jane
   type: Tokens::OneTime
@@ -69,3 +56,16 @@ jane_session_token:
   key: <%= { :browser_ip => '18.70.0.160',
              :browser_ua => 'Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1'
            }.to_yaml.inspect %>
+
+john_omniauth_developer:
+  user: john
+  type: Credentials::OmniAuthUid
+  name: developer,john@gmail.com
+  key: "0"
+
+jane_omniauth_developer:
+  user: jane
+  type: Credentials::OmniAuthUid
+  name: developer,jane@gmail.com
+  key: "1"
+

data/lib/authpwn_rails/generators/templates/omniauth_initializer.rb

@@ -0,0 +1,13 @@
+# See the OmniAuth documentation for the contents of this file.
+#
+#     https://github.com/intridea/omniauth
+#     https://github.com/intridea/omniauth/wiki
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :developer unless Rails.env.production?
+
+  # provider :twitter, Rails.application.secrets.twitter_api_key,
+  #                    Rails.application.secrets.twitter_api_secret
+end
+
+OmniAuth.config.logger = Rails.logger

data/lib/authpwn_rails/generators/templates/session_controller_test.rb

@@ -5,6 +5,7 @@ class SessionControllerTest < ActionController::TestCase
     @user = users(:jane)
     @email_credential = credentials(:jane_email)
     @password_credential = credentials(:jane_password)
+    @omniauth_credential = credentials(:jane_omniauth_developer)
   end
 
   test "user home page" do
@@ -118,4 +119,25 @@ class SessionControllerTest < ActionController::TestCase
 
     assert_redirected_to new_session_url
   end
+
+  test "OmniAuth failure" do
+    get :omniauth_failure
+
+    assert_redirected_to new_session_url
+  end
+
+  test "OmniAuth login via developer strategy and good account" do
+    old_token = credentials(:jane_session_token)
+    old_token.updated_at = Time.now - 1.year
+    old_token.save!
+
+    request.env['omniauth.auth'] = {
+        'provider' => @omniauth_credential.provider,
+        'uid' => @omniauth_credential.uid }
+    post :omniauth, provider: @omniauth_credential.provider
+    assert_equal @user, session_current_user, 'session'
+    assert_redirected_to session_url
+    assert_nil Tokens::Base.with_code(old_token.code).first,
+               'old session not purged'
+  end
 end

data/lib/authpwn_rails/generators/templates/session_mailer/email_verification_email.html.erb

@@ -6,14 +6,14 @@
     <p>
       You are receiving this e-mail because someone (hopefully you) registered
       an account at
-      <%= link_to @host, root_url(:host => @host, :protocol => @protocol) %>
+      <%= link_to @host, root_url(host: @host, protocol: @protocol) %>
       using your e-mail address.
     </p>
 
     <p>
       Please go
-      <%= link_to 'here', token_session_url(@token, :host => @host,
-                                            :protocol => @protocol) %>
+      <%= link_to 'here', token_session_url(@token, host: @host,
+                                            protocol: @protocol) %>
       to confirm your e-mail address.
     </p>
 

data/lib/authpwn_rails/generators/templates/session_mailer/email_verification_email.text.erb

@@ -5,7 +5,7 @@ You are receiving this e-mail because someone (hopefully you) registered an
 account at <%= @host %> using your e-mail address.
 
 Please go to the address below to confirm your e-mail address.
-<%= token_session_url @token, :host => @host, :protocol => @protocol %>
+<%= token_session_url @token, host: @host, protocol: @protocol %>
 
 If you haven't registered an account, please ignore this e-mail. Someone most
 likely mistyped their e-mail.

data/lib/authpwn_rails/generators/templates/session_mailer/reset_password_email.html.erb

@@ -6,14 +6,14 @@
     <p>
       You are receiving this e-mail because someone (hopefully you) requested a
       password reset for your
-      <%= link_to @host, root_url(:host => @host, :protocol => @protocol) %>
+      <%= link_to @host, root_url(host: @host, protocol: @protocol) %>
       account.
     </p>
 
     <p>
       Please go
-      <%= link_to 'here', token_session_url(@token, :host => @host,
-                                            :protocol => @protocol) %>
+      <%= link_to 'here', token_session_url(@token, host: @host,
+                                            protocol: @protocol) %>
       to reset your password.
     </p>
 

data/lib/authpwn_rails/generators/templates/session_mailer/reset_password_email.text.erb

@@ -5,7 +5,7 @@ You are receiving this e-mail because someone (hopefully you) requested a
 password reset for your <%= @host %> account.
 
 Please go to the address below to reset your password.
-<%= token_session_url @token, :host => @host, :protocol => @protocol %>
+<%= token_session_url @token, host: @host, protocol: @protocol %>
 
 If you haven't requested a password reset, please ignore this e-mail. Someone
 most likely mistyped their e-mail.

data/lib/authpwn_rails/generators/templates/session_mailer.rb

@@ -21,6 +21,6 @@ class SessionMailer < ActionMailer::Base
     %Q|"#{server_hostname} staff" <admin@#{server_hostname}>|
   end
 
-  # You shouldn't extend the session controller, so you can benefit from future
+  # You shouldn't extend the session mailer, so you can benefit from future
   # features. But, if you must, you can do it here.
 end

data/lib/authpwn_rails/generators/templates/session_mailer_test.rb

@@ -10,8 +10,13 @@ class SessionMailerTest < ActionMailer::TestCase
   end
 
   test 'email verification email' do
-    email = SessionMailer.email_verification_email(@verification_token,
-                                                   @root_url).deliver
+    email_draft = SessionMailer.email_verification_email @verification_token,
+                                                         @root_url
+    if email_draft.respond_to? :deliver_now
+      email = email_draft.deliver_now  # Rails 4.2+
+    else
+      email = email_draft.deliver  # Rails 4.0 and 4.1
+    end
     assert !ActionMailer::Base.deliveries.empty?
 
     assert_equal 'test.host e-mail verification', email.subject
@@ -23,8 +28,13 @@ class SessionMailerTest < ActionMailer::TestCase
   end
 
   test 'password reset email' do
-    email = SessionMailer.reset_password_email(@reset_email, @reset_token,
-                                               @root_url).deliver
+    email_draft = SessionMailer.reset_password_email @reset_email,
+                                                     @reset_token, @root_url
+    if email_draft.respond_to? :deliver_now
+      email = email_draft.deliver_now  # Rails 4.2+
+    else
+      email = email_draft.deliver  # Rails 4.0 and 4.1
+    end
     assert !ActionMailer::Base.deliveries.empty?
 
     assert_equal 'test.host password reset', email.subject

data/lib/authpwn_rails/generators/templates/user.rb

@@ -6,15 +6,50 @@ class User < ActiveRecord::Base
   # include Authpwn::UserExtensions::EmailField
   # Virtual password attribute, with confirmation validation.
   # include Authpwn::UserExtensions::PasswordField
-  # Convenience Facebook accessors.
-  # include Authpwn::UserExtensions::FacebookFields
 
-  # Change this method to change the way users are looked up when signing in.
+  # Change this to customize user lookup in the e-mail/password signin process.
   #
   # For example, to implement Facebook / Twitter's ability to log in using
   # either an e-mail address or a username, look up the user by the username,
-  # and pass their e-mail to super.
-  def self.authenticate_signin(email, password)
+  # create a new Session with the e-mail and password, and pass it to super
+  #
+  # @param [Session] signin the information entered in the sign-in form
+  # @return [User, Symbol] the authenticated user, or a symbol indicating the
+  #     reason why the authentication failed
+  def self.authenticate_signin(signin)
+    super
+  end
+
+  # Change this to customize user lookup in the OmniAuth signup process.
+  #
+  # This method is called when there is no Credential matching the OmniAuth
+  # information, but before {User#create_from_omniauth}. It is an opportunity
+  # to identify an existing user who uses a new sign-in method.
+  #
+  # The default implementation finds an user whose e-mail matches the 'email'
+  # value in the OmniAuth hash.
+  #
+  # @param [Hash] omniauth_hash the hash provided by OmniAuth
+  # @return [User] the user who should be signed in, or nil if no such user
+  #   exists
+  def self.related_to_omniauth(omniauth_hash)
+    super
+  end
+
+  # Change this to customize on-demand user creation on OmniAuth signup.
+  #
+  # This method is called when there is no existing user matching the OmniAuth
+  # information, and is responsible for creating a user. It is an opportunity
+  # to collect the OmniAuth information to populate the user's account.
+  #
+  # The default implementation creates a user with the e-mail matching the
+  # 'email' key in the OmniAuth hash. If no e-mail key is present, no User is
+  # created.
+  #
+  # @param [Hash] omniauth_hash the hash provided by OmniAuth
+  # @return [User] a saved User, or nil if the OmniAuth sign-in information
+  #   should not be used to create a user
+  def self.create_from_omniauth(omniauth_hash)
     super
   end
 

data/lib/authpwn_rails/http_basic.rb

@@ -2,14 +2,14 @@ require 'action_controller'
 
 # :nodoc: adds authenticates_using_http_basic
 class ActionController::Base
-  # Keeps track of the currently authenticated user via the session. 
+  # Keeps track of the currently authenticated user via the session.
   #
   # Assumes the existence of a User model. A bare ActiveModel model will do the
   # trick. Model instances must implement id, and the model class must implement
   # find_by_id.
   def self.authenticates_using_http_basic(options = {})
     include Authpwn::HttpBasicControllerInstanceMethods
-    before_filter :authenticate_using_http_basic, options   
+    before_filter :authenticate_using_http_basic, options
   end
 end
 
@@ -29,17 +29,18 @@ module HttpBasicControllerInstanceMethods
   def authenticate_using_http_basic
     return if current_user
     authenticate_with_http_basic do |email, password|
-      auth = User.authenticate_signin email, password
+      signin = Session.new email: email, password: password
+      auth = User.authenticate_signin signin
       self.current_user = auth unless auth.kind_of? Symbol
     end
   end
   private :authenticate_using_http_basic
-  
+
   # Inform the user that their request is forbidden.
   #
   # If a user is logged on, this renders the session/forbidden view with a HTTP
   # 403 code.
-  # 
+  #
   # If no user is logged in, a HTTP 403 code is returned, together with an
   # HTTP Authentication header causing the user-agent (browser) to initiate
   # http basic authentication.

data/lib/authpwn_rails/routes.rb

@@ -10,17 +10,22 @@ module Routes
 module MapperMixin
   # Draws the routes for a session controller.
   #
-  # The options hash accepts the following keys.
-  #   :controller:: the name of the controller; defaults to "session" for
-  #                 SessionController
-  #   :paths:: the prefix of the route paths; defaults to the controller name
-  #   :method_names:: the root of name used in the path methods; defaults to
-  #                   "session", which will generate names like session_path,
-  #                   new_session_path, and token_session_path
+  # @param [Object] options
+  # @option options [String] controller the name of the controller; defaults to
+  #     "session" for SessionController
+  # @option options [String] paths the prefix of the route paths; defaults to
+  #     the controller name
+  # @option options [String] method_names the root of name used in the path
+  #     methods; defaults to "session", which will generate names like
+  #     session_path, new_session_path, and token_session_path
+  # @option options [String] omniauth_path_prefix the prefix of the OmniAuth
+  #     route paths; defaults to '/auth'; this option should equal
+  #     OmniAuth.config.path_prefix
   def authpwn_session(options = {})
     controller = options[:controller] || 'session'
     paths = options[:paths] || controller
     methods = options[:method_names] || 'session'
+    oa_prefix = options[:omniauth_path_prefix] || '/auth'
 
     get "/#{paths}/token/:code", controller: controller, action: 'token',
                                  as: :"token_#{methods}"
@@ -40,6 +45,14 @@ module MapperMixin
     post "/#{paths}/reset_password", controller: controller,
                                      action: 'reset_password',
                                      as: "reset_password_#{methods}"
+
+    match "#{oa_prefix}/:provider/callback", via: [:get, :post],
+                                             controller: controller,
+                                             action: 'omniauth',
+                                             as: "omniauth_#{methods}"
+    get "#{oa_prefix}/failure", controller: controller,
+                                action: 'omniauth_failure',
+                                as: "omniauth_failure_#{methods}"
   end
 end
 

data/lib/authpwn_rails/session.rb

@@ -45,7 +45,7 @@ module ControllerInstanceMethods
     end
     if user
       session[:authpwn_suid] = Tokens::SessionUid.random_for(user,
-          request.remote_ip, request.user_agent).suid
+          request.remote_ip, request.user_agent || 'N/A').suid
     else
       session.delete :authpwn_suid
     end