ginjo-omniauth-slack 2.4.1 → 2.5.0

data/Rakefile

@@ -3,6 +3,7 @@ require "rake/testtask"
 
 Rake::TestTask.new do |task|
   task.libs << "test"
+  #task.test_files = FileList['test/*test.rb']
 end
 
 task :default => :test

data/lib/omniauth-slack/debug.rb

@@ -0,0 +1,57 @@
+require 'omniauth-slack/refinements'
+require 'logger'
+
+# Appends 'TRACE' option to Logger levels.
+sev_label_new = Logger::SEV_LABEL.dup
+sev_label_new << 'TRACE'
+Logger::Severity::TRACE = (sev_label_new.size - 1)
+Logger.send(:remove_const, :SEV_LABEL)
+Logger::SEV_LABEL = sev_label_new.freeze
+
+module OmniAuth
+  module Slack
+    module Debug
+      #using ObjectRefinements
+      LOG_ALL = %w(1 true yes all debug)
+      LOG_NONE = %w(0 false no none nil nill null)
+      
+      include CallerMethodName
+    
+      def self.included(other)
+        other.send(:include, CallerMethodName)
+        other.send(:extend, Extensions)
+      end
+    
+      module Extensions
+        def debug(method_name = nil, klass=nil, &block)
+          method_name ||= caller_method_name
+          klass ||= self
+          filter = ENV['OMNIAUTH_SLACK_DEBUG']
+          return if filter.nil? || filter.to_s=='' || LOG_NONE.include?(filter.to_s.downcase)
+          klass = case klass
+            when Class; klass.name
+            when Module; klass.name
+            when String; klass
+            else klass.to_s
+          end
+          klass_name = klass.to_s.split('::').last.to_s
+          log_text = yield
+          full_text = "(#{klass_name} #{method_name}) #{log_text}"   #{Thread.current.object_id} 
+          
+          if filter && !LOG_ALL.include?(filter.to_s.downcase)
+            regexp = filter.is_a?(Regexp) ? filter : Regexp.new(filter.to_s, true)
+            return unless full_text[regexp]
+          end
+          
+          OmniAuth.logger.log(Logger::TRACE, full_text)
+        end
+      end
+      
+      def debug(method_name=nil, klass=nil, &block)
+        method_name ||= caller_method_name
+        self.class.debug(method_name, klass, &block)
+      end
+      
+    end
+  end
+end

data/lib/omniauth-slack/oauth2/access_token.rb

@@ -0,0 +1,382 @@
+# :markup: tomdoc
+
+require 'oauth2/access_token'
+require 'omniauth-slack/refinements'
+require 'omniauth-slack/debug'
+
+module OmniAuth
+  module Slack
+    using StringRefinements
+    using OAuth2Refinements
+    
+    module OAuth2
+    
+      # This is an enhanced subclass of OAuth2::AccessToken.
+      # It handles Slack-specific data and behavior, and it also adds
+      # a scope-query method has_scope?
+      #
+      # The AccessToken object is built with the hash returned from the get-token API request
+      # or is passed in manually via AccessToken.from_hash() or OmniAuth::Slack::build_access_token.
+      #
+      # The original hash from the API can always be found at AccessToken#params.
+      # As a convenience, you can call '[]' on the params hash by sending
+      # the method and args directly to the access-token object.
+      #
+      #     my_token['ok']      --> true
+      #     my_token['app_id']  --> A012345678
+      #
+      # The AccessToken instance provides getter methods for top-level data points
+      # of the returned token hash. See define_getters call below for more convenience methods.
+      #
+      # See Slack's documentation for the different types of tokens available.
+      #
+      # * https://api.slack.com/methods/oauth.access
+      # * https://api.slack.com/methods/oauth.v2.access
+      #
+      class AccessToken < ::OAuth2::AccessToken        
+        include OmniAuth::Slack::Debug
+        
+        # Creates simple getter methods to pull specific data from the raw token hash.
+        def self.define_getters(ary_of_words)
+          ary_of_words.each do |word|
+            obj, atrb = word.split('_')
+            define_method(word) do
+              rslt = (
+                params[word] ||
+                params && params[obj] && params[obj][atrb]
+              )
+              debug { "Simple getter '#{word}' rslt: #{rslt}" }
+              rslt
+            end
+          end
+        end
+        
+        define_getters %w(
+          app_id
+          authorizing_user
+          enterprise
+          installer_user
+          scope
+          team
+          team_id
+          team_name
+          team_domain
+          user
+        )
+        
+        # Check's the token hash 'ok' field.
+        #
+        # Returns true or false, representing the success status of the token response.
+        # 
+        def ok?
+          params['ok'] == true ||
+          params['ok'].to_s[/true/i] ||
+          false
+        end
+             
+        # Intercepts super to return nil instead of an empty string.
+        #
+        # Returns the token string or nil.
+        #
+        def token
+          rslt = super
+          rslt.to_s == '' ? nil : rslt
+        end
+        
+        # Inspects the token and determines token type.
+        #
+        # Returns a string representing token type.
+        #
+        def token_type
+          params['token_type'] ||
+          case
+            when 
+              params['token_type'] == 'user' ||
+              @token.to_s[/xoxp/]; 'user'
+            when
+              params['token_type'] == 'bot' ||
+              @token.to_s[/xoxb/]; 'bot'
+            when
+              params['token_type'] == 'app' ||
+              @token.to_s[/xoxa/]; 'app'
+            when
+              @token.to_s[/xoxr/]; 'refresh'
+          end
+        end
+        
+        # Compares given token type with actual token_type.
+        #
+        # Returns true if given type matches actual token_type, otherwise false.
+        #
+        def token_type?(*_type)
+          #debug{"'#{_type}'"}
+          [_type].flatten.any? do |t|
+            token_type.to_s == t.to_s
+          end || false
+        end
+        
+        # Converts 'authed_user' hash (of Slack v2 oauth flow) to AccessToken object.
+        #
+        # Returns an AccessToken instance or nil.
+        #
+        def user_token
+          @user_token ||= (
+            if token_type?('user')
+              self
+            elsif params['authed_user']
+              rslt = self.class.from_hash(client, params['authed_user']).tap do |t|
+                t.params['token_type'] = 'user'
+                t.params['team_id'] = team_id
+              end
+            end
+          )
+        end
+        alias_method :authed_user, :user_token
+
+        # Gets the AccessToken person-user-id if it exists.
+        #
+        # Returns string or nil.
+        #
+        def user_id
+          rslt = (
+            # classic token.
+            params['user_id'] ||
+            # from sub-token in 'authed_user'
+            params['authed_user'].to_h['id'] ||
+            # workspace-app token with attached user.
+            params['user'].to_h['id'] ||
+            # workspace-app token with authorizing user.
+            params['authorizing_user'].to_h['user_id'] ||
+            # workspace-app token with installer user.
+            params['installer_user'].to_h['user_id'] ||
+            # user-id from authed_user hash.
+            params['id'] #||
+            # v2 api bot token, as a last resort.
+            #params['bot_user_id']
+          )
+          debug { rslt }
+          rslt
+        end
+        
+        # Gets the AccessToken unique user-team-id combo, if it can be determined.
+        #
+        # Returns string or nil.
+        #
+        def uid
+          rslt = (user_id && team_id) ? "#{user_id}-#{team_id}" : nil
+          debug { rslt }
+          rslt
+        end
+        
+        # Gets user_name from wherever it can be found in the returned token,
+        # regardless of what type of token is returned.
+        #
+        # Returns string or nil.
+        #
+        def user_name
+          params['user_name'] ||
+          # from sub-token in 'authed_user'
+          params['authed_user'].to_h['name'] ||
+          # workspace-app token with attached user.
+          params['user'].to_h['name'] ||
+          # from authed_user hash.
+          params['name'] ||
+          # workspace token with authorizing user.
+          params['authorizing_user'].to_h['name'] ||
+          # workspace token with installer user.
+          params['installer_user'].to_h['name'] ||
+          # more workspace token possibilities.
+          to_auth_hash.deep_find('nickname') ||
+          to_auth_hash.deep_find('real_name')
+        end
+        
+        # Gets bot_user_id if it exists.
+        #
+        # Returns string or nil.
+        #
+        def bot_user_id
+          params['bot_user_id']
+        end
+        
+        # Gets the app_user_id if it exists.
+        #
+        # Returns string or nil.
+        #
+        def app_user_id
+          params['app_user_id']
+        end
+        
+        # Experimental, converts this AccessToken instance to an AuthHash object.
+        #
+        # Returns OmniAuth::Slack::AuthHash instance.
+        #
+        def to_auth_hash
+          Module.const_get('::OmniAuth::Slack::AuthHash').new(params)
+        end
+
+        # Compiles scopes awarded to this AccessToken.
+        #
+        # Returns hash of scope arrays where *key* is scope section
+        # and *value* is Array of scopes.
+        #
+        def all_scopes
+          @all_scopes ||= (
+            case
+              when ! params['scope'].to_s.empty?
+                {'classic' => params['scope'].words}
+              when params['scopes'].to_h.any?
+                params['scopes']
+            end
+          )
+        end
+        alias_method :scopes, :all_scopes
+        
+        # Match a given set of scopes against this token's awarded scopes,
+        # classic and workspace token compatible.
+        #
+        # If the scope-query is a string, it will be interpreted as a Slack Classic App
+        # scope string {classic: scope-query-string}, even if the token is a v2 token.
+        #
+        # The keywords need to be symbols, so any hash passed as an argument
+        # (or as the entire set of args) should have symbolized keys!
+        #
+        # freeform_array    - [*Array, nil] default: [], array of scope query hashes or string(s).
+        #
+        # :query            - [Hash, Array, nil] default: nil, a single scope-query Hash (or Array of Hashes).
+        #
+        # :logic            - [String, Symbol] default: 'or' [:or | :and] logic for the scope-query.
+        #                     Applies to a single query hash.
+        #                     The reverse logic is applied to an array of query hashes.
+        #
+        # :user             - [String] (nil) default: nil, user_id of the Slack user to query against.
+        #                       Leave blank for non-user queries.
+        #
+        # :base             - [Hash] default: nil, a set of scopes to query against
+        #                       defaults to the awarded scopes on this token.
+        #
+        # freeform_hash     - [**Hash] default: {}, interpreted as single scope query hash.
+        #
+        def has_scope?(*freeform_array, query: nil, logic:'or', user:nil, base:nil, **freeform_hash)
+          #OmniAuth.logger.debug({freeform_array:freeform_array, freeform_hash:freeform_hash, query:query, logic:logic, user:user, base:base})
+          debug{{freeform_array:freeform_array, freeform_hash:freeform_hash, query:query, logic:logic, user:user, base:base}}
+          
+          query ||= case
+            #when simple_string; {classic: simple_string}
+            when freeform_array.any?; freeform_array
+            when freeform_hash.any?; freeform_hash
+          end
+          return unless query
+          
+          query = [query].flatten if query.is_a?(Array) || query.is_a?(String)
+          
+          user ||= user_id
+          debug{"using user '#{user}' and query '#{query}'"}
+          
+          is_identity_query = case query
+            when Hash
+              query.keys.detect{|k| k.to_s == 'identity'}
+            when Array
+              query.detect{ |q| q.is_a?(Hash) && q.keys.detect{|k| k.to_s == 'identity'} }
+          end
+          
+          base ||= case
+            when user && is_identity_query
+              #debug{"calling all_scopes(user=#{user}) to build base-scopes"}
+              all_scopes(user)
+            else
+              #debug{"calling all_scopes to build base-scopes"}
+              all_scopes
+          end
+          
+          #debug{{freeform_array:freeform_array, freeform_hash:freeform_hash, query:query, logic:logic, user:user, base:base}}
+          self.class.has_scope?(scope_query:query, scope_base:base, logic:logic)
+        end
+        
+        # Matches the given scope_query against the given scope_base, with the given logic.
+        #
+        # This is classic and workspace token compatible.
+        #
+        # keywords      - All arguments are keyword arguments:
+        #
+        # :scope_query  - [Hash, Array of hashes] default: {}.
+        #                 If scope_query is a string, it will be interpreted as {classic: scope-query-string}.
+        #
+        #                 key     - Symbol of scope type, can be:
+        #                         [app_home|team|channel|group|mpim|im|identity|classic].
+        #                 
+        #                 value   - Array or String of individual scopes.
+        #
+        # :scope_base   - [Hash] defaul: {}, represents the set of scopes to query against.
+        #
+        # :logic        - [String, Symbol] default: or. One of [and|or].
+        #                 Applies to a single query hash.
+        #                 The reverse logic is applied to an array of query hashes.
+        #
+        # Examples
+        #                 
+        #   has_scope?(scope_query: {channel: 'channels:read chat:write'})
+        #   has_scope?(scope_query: [{identity:'uers:read', channel:'chat:write'}, {app_home:'chat:write'}], logic:'and')
+        #   has_scope?(scope_query: 'identity:users identity:team identity:avatar')
+        #
+        def self.has_scope?(scope_query:{}, scope_base:{}, logic:'or')
+          debug{"class-level scope_query '#{scope_query}' scope_base '#{scope_base}' logic '#{logic}'"}
+          _scope_query = scope_query.is_a?(String) ? {classic: scope_query} : scope_query
+          _scope_query = [_scope_query].flatten
+          
+          # Converts array of unknown strings to uniform hash of classic:[array-of-scope-strings].
+          if _scope_query.is_a?(Array)
+            new_query = []
+            classic_array = []
+            _scope_query.each_with_index do |q,n|
+              if q.is_a?(String)
+                classic_array.concat(q.words)
+                debug{"building classic_array with words from string '#{q.words}' to give: #{classic_array}"}
+              else
+                new_query << _scope_query[n]
+              end
+            end
+            if classic_array.any?
+              new_query.unshift({classic: classic_array.flatten.uniq})
+            end
+            _scope_query = new_query
+          end
+          
+          _scope_base  = scope_base
+          raise "scope_base must be a hash" unless (_scope_base.is_a?(Hash) || _scope_base.respond_to?(:to_h))
+          
+          out=false
+          
+          _logic = case
+            when logic.to_s.downcase == 'or'; {outter: 'all?', inner: 'any?'}
+            when logic.to_s.downcase == 'and'; {outter: 'any?', inner: 'all?'}
+            else {outter: 'all?', inner: 'any?'}
+          end
+          debug{"_logic #{_logic.inspect}"}
+          debug{"_scope_query #{_scope_query}"}
+          
+          _scope_query.send(_logic[:outter]) do |query|
+            debug{"outter query: #{_scope_query.inspect}"}
+
+            query.send(_logic[:inner]) do |section, scopes|
+              test_scopes = case
+                when scopes.is_a?(String); scopes.words
+                when scopes.is_a?(Array); scopes
+                else raise "Scope data must be a string or array of strings, like this {team: 'chat:write,team:read', channels: ['channels:read', 'chat:write']}"
+              end
+              
+              test_scopes.send(_logic[:inner]) do |scope|
+                debug{"inner query section: #{section.to_s}, scope: #{scope}"}
+                out = _scope_base.to_h[section.to_s].to_a.include?(scope.to_s)
+              end
+            end
+            
+          end # scope_query.send outter-query
+          debug{"output: #{out}"}
+          return out
+          
+        end # self.has_scope?
+        
+      end # AccessToken
+    end
+  end
+end

data/lib/omniauth-slack/oauth2/client.rb

@@ -0,0 +1,95 @@
+require 'oauth2/client'
+require 'oauth2/response'
+require 'omniauth'
+require 'omniauth-slack/debug'
+require 'omniauth-slack/oauth2/access_token'
+require 'omniauth-slack/omniauth/auth_hash'
+
+module OmniAuth
+  module Slack
+    module OAuth2
+      class Client < ::OAuth2::Client
+        
+        include OmniAuth::Slack::Debug
+        
+        #using StringRefinements
+        #using OAuth2Refinements
+        
+        # If this is an array, request history will be stored.
+        # Only store request history if each Client instance is relatively short-lived.
+        #
+        # From your app, you can set this:
+        #   OmniAuth::Slack::OAuth2::Client::HISTORY_DEFAULT ||= []
+        #
+        # Then, in your authorization callback action, you can direct
+        # the OAuth2::Client request history to the AuthHash#['extra']['raw_info']:
+        #   @auth_hash = env['omniauth.auth']
+        #   @access_token = env['omniauth.strategy'].access_token
+        #   @access_token.client.history = @auth_hash.extra.raw_info
+        #
+        # TODO: The above seems a little messy. Maybe use a proc
+        #       to rediredct Client request history to wherever.
+        #       Or maybe don't offer any history storage at all.
+        #
+        HISTORY_DEFAULT=nil
+        SUBDOMAIN_DEFAULT=nil
+      
+        attr_accessor :logger, :history, :subdomain
+        
+        def initialize(*args, **options)
+          debug{"args: #{args}"}
+          super
+          self.logger = OmniAuth.logger
+          self.history ||= (options[:history] || HISTORY_DEFAULT)
+          # Moved 'dup' to it's own line, cuz we can't dup nil in older ruby version.
+          self.history && self.history = self.history.dup
+          self.subdomain ||= options[:subdomain] || SUBDOMAIN_DEFAULT
+        end
+                
+        # Wraps OAuth2::Client#get_token to pass in the omniauth-slack AccessToken class.
+        def get_token(params, access_token_opts = {}, access_token_class = OmniAuth::Slack::OAuth2::AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+          debug{"params #{params}, access_token_opts #{access_token_opts}"}
+          rslt = super(params, access_token_opts, access_token_class)
+          debug{"Client #{self} built AccessToken #{rslt}"}
+          rslt
+        end
+        
+        # Logs each API request and stores the API result in History array (if exists).
+        #
+        # Storage can be disabled by setting client_options: {history: false}.
+        # Storage can be enabled by setting client_options: {history: Array.new}.
+        # Storage is enabled by default, when client is created from Strategy.
+        # 
+        # 
+        def request(*args)
+          logger.debug "(slack) API request '#{args[0..1]}'."  # in thread '#{Thread.current.object_id}'."  # by Client '#{self}'
+          debug{"API request args #{args}"}
+          request_output = super(*args)
+          uri = args[1].to_s.gsub(/^.*\/([^\/]+)/, '\1') # use single-quote or double-back-slash for replacement.
+          if history.is_a?(Array)
+            debug{"Saving response to history object #{history.object_id}"}
+            history << OmniAuth::Slack::AuthHash.new(
+              {api_call: uri.to_s, time: Time.now, response: request_output}
+            )
+          end
+          #debug{"API response (#{args[0..1]}) #{request_output.class}"}
+          debug{"API response #{request_output.response.env.body}"}
+          request_output
+        end
+
+        # Wraps #site to insert custom subdomain for API calls.
+        def site(*args)
+          if !@subdomain.to_s.empty?
+            site_uri = URI.parse(super)
+            site_uri.host = "#{@subdomain}.#{site_uri.host}"
+            logger.debug "(slack) Oauth site uri with custom team_domain #{site_uri}"
+            site_uri.to_s
+          else
+            super
+          end
+        end
+        
+      end
+    end
+  end
+end