gle 1.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7a59e3dfbe071b099b9d543b9fea4c6a5bccbde1b285dc451c2fa011b4e4c07a
+  data.tar.gz: e6ace1b16d3f4ed687b8947c782d4bc46b4fcdc009345b39a76edfa78dd86d35
+SHA512:
+  metadata.gz: 40d36942ad6a9896a5b6ae0f7399fa9459843860dd210ab9d4c9fa1cfd18f879774fa48612c03d0fe4532da56c568cd34b95dbe3c294a9d090c2fab88c511200
+  data.tar.gz: d598f16213f60e12d98b81e3d5c65e8b4c2fa7c876d1a4164e4817611f7900fa36a70865c47ec5e4373cbb5396518a21a4f9364e9263cb29a50763ad13c18559

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,9 @@
+sudo: false
+language: ruby
+notifications:
+  email: false
+rvm:
+  - 2.3.1
+script:
+  - bundle exec rspec
+  - bundle exec yard stats | grep "100.00% documented"

data/CHANGELOG.md

@@ -0,0 +1,70 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+For more information about changelogs, check
+[Keep a Changelog](http://keepachangelog.com) and
+[Vandamme](http://tech-angels.github.io/vandamme).
+
+## 1.2.0  - 2026-05-24
+
+* Renamed to Gle
+
+## 1.1.0  - 2024-12-10
+
+* [FEATURE] Support mocking
+
+- Use `Yt.configuration.mock_auth_error` to mock an error response
+- Use `Yt.configuration.mock_auth_email` to mock authenticating as an email
+- If the value of `mock_auth_email` is `invalid-email`, raise a Yt::HTTPError
+
+## 1.0.0  - 2024-11-26
+
+Released major version. No breaking changes.
+
+## 0.3.1  - 2017-08-26
+
+* [ENHANCEMENT] Add placeholder method to be notified when token is refreshed.
+
+## 0.3.0  - 2017-08-25
+
+**How to upgrade**
+
+If your code uses `Gle#url` then you must use `Gle.url_for` instead.
+If your code uses `Gle.new(code:)` then you must use `Gle.create(code:)` instead.
+If your code uses `Gle.new(refresh_token:)` then you must use `Gle.find_by(refresh_token:)` instead.
+
+* [ENHANCEMENT] Extract `Auth#url` into `Auth.url_for`
+* [ENHANCEMENT] Rename `Auth.new(code:)` into `Auth.create(code:)`
+* [ENHANCEMENT] Rename `Auth.new(refresh_token:)` into `Auth.find_by(refresh_token:)`
+* [FEATURE] Gle.url_for now accepts the scope to authenticate
+* [FEATURE] Gle.url_for now accepts an option to force re-authentication
+* [FEATURE] Add `Auth#revoke` to revoke a refresh token
+
+## 0.2.3  - 2017-08-24
+
+* [FEATURE] Add the ability to generate access token from a refresh token
+
+## 0.2.2  - 2017-05-31
+
+* [FEATURE] Add `Auth#access_token`
+
+## 0.2.1  - 2017-03-29
+
+* [ENHANCEMENT] Speed up process by fetching email with 1 HTTP request (not 2).
+
+## 0.2.0  - 2017-03-29
+
+**How to upgrade**
+
+If your code uses `GleError` then you must use `Yt::HTTPError` instead.
+If your code uses `GleRequest` then you must use `Yt::HTTPRequest` instead.
+
+* [ENHANCEMENT] Extract `AuthError` to `HTTPError` in yt-support gem
+* [ENHANCEMENT] Extract `AuthRequest` to `HTTPRequest` in yt-support gem
+
+## 0.1.0  - 2017-03-27
+
+* [FEATURE] Add `AuthError`
+* [FEATURE] Add `email`
+* [FEATURE] Add `url`

data/Gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in gle.gemspec
+gemspec
+
+gem 'debug' # to invoke 'debugger'
+gem 'irb'

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Fullscreen, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,123 @@
+Authenticate users with their Google account
+============================================
+
+Gle lets you easily authenticate users of your website by means of
+their Google-based email address.
+
+With Gle, it is easy to limit access to your app to a few users without
+the need for them to create a username and password.
+
+The **source code** is available on [GitHub](https://github.com/claudiob/gle) and the **documentation** on [RubyDoc](http://www.rubydoc.info/gems/gle/frames).
+
+[![Build Status](http://img.shields.io/travis/claudiob/gle/master.svg)](https://travis-ci.org/claudiob/gle)
+[![Coverage Status](http://img.shields.io/coveralls/claudiob/gle/master.svg)](https://coveralls.io/r/claudiob/gle)
+[![Dependency Status](http://img.shields.io/gemnasium/claudiob/gle.svg)](https://gemnasium.com/claudiob/gle)
+[![Code Climate](http://img.shields.io/codeclimate/github/claudiob/gle.svg)](https://codeclimate.com/github/claudiob/gle)
+[![Online docs](http://img.shields.io/badge/docs-✓-green.svg)](http://www.rubydoc.info/gems/gle/frames)
+[![Gem Version](http://img.shields.io/gem/v/gle.svg)](http://rubygems.org/gems/gle)
+
+Gle.url_for
+----------------
+
+With the `url_for` class method, you can obtain a URL where to redirect users
+who need to authenticate with their Google account in order to use your
+application:
+
+```ruby
+redirect_uri = 'https://example.com/auth' # REPLACE WITH REAL ONE
+scope = %i(yt-analytics.readonly youtube)
+Gle.url_for(redirect_uri: redirect_uri, scope: scope, force: true)
+ # => https://accounts.google.com/o/oauth2/auth?client_id=...&scope=email&redirect_uri=https%3A%2F%2Fexample.com%2Fauth&response_type=code
+```
+
+Gle.create
+----------------
+
+After users have authenticated with their Google account, they will be
+redirected to the `redirect_uri` you indicated, with an extra `code` query
+parameter, e.g. `https://example.com/auth?code=1234`
+
+With the `create` class method, you can create an instance for that
+authentication:
+
+```ruby
+redirect_uri = 'https://example.com/auth' # REPLACE WITH REAL ONE
+code = 'dfwe7r9djd234ffdjf3009dfknfd98re' # REPLACE WITH REAL ONE
+auth = Gle.create(redirect_uri: redirect_uri, code: code)
+ # => #<Gle:0x007fe61d…>
+```
+
+Gle#email
+--------------
+
+Once you have an instance of `Gle`, you can obtain the verified email
+of the authenticated user:
+
+```ruby
+auth.email
+ # => "user@example.com"
+```
+
+Gle#access_token
+---------------------
+
+Once you have an instance of `Gle`, you can also obtain the access token
+of the authenticated user:
+
+```ruby
+auth.access_token
+ # => "ya29.df8er8e9r89er"
+```
+
+Gle#refresh_token
+----------------------
+
+Once you have an instance of `Gle`, you can also obtain the refresh token
+of the authenticated user:
+
+```ruby
+auth.refresh_token
+ # => "sdf7f7erre98df"
+```
+
+Gle.find_by
+----------------
+
+If you already know the refresh token of a Google account, you can obtain its
+complete authentication object:
+
+```ruby
+auth = Gle.find_by(refresh_token: "sdf7f7erre98df")
+auth.email
+ # => "user@example.com"
+```
+
+
+Yt::HTTPError
+-------------
+
+`Yt::HTTPError` will be raised whenever something goes wrong during the
+authentication process. The message of the error will include the details:
+
+```ruby
+redirect_uri = 'https://example.com/auth' # REPLACE WITH REAL ONE
+code = 'this-is-not-a-valid-code'
+Gle.new(redirect_uri: redirect_uri, code: code).email
+ # => Yt::HTTPError: Invalid authorization code.
+```
+
+How to contribute
+=================
+
+Contribute to the code by forking the project, adding the missing code,
+writing the appropriate tests and submitting a pull request.
+
+To run the tests correctly, set up the environment variables `YT_ACCOUNT_CLIENT_ID`
+and `YT_ACCOUNT_CLIENT_SECRET` with the credentials of an existing Google OAuth app.
+
+In order for a PR to be approved, all the tests need to pass and all the public
+methods need to be documented and listed in the guides. Remember:
+
+- to run all tests locally: `bundle exec rspec`
+- to generate the docs locally: `bundle exec yard`
+- to list undocumented methods: `bundle exec yard stats --list-undoc`

data/Rakefile

@@ -0,0 +1,9 @@
+require 'bundler/gem_tasks'
+
+require 'rspec/core/rake_task'
+require 'rspec/core/version'
+
+desc 'Run all examples'
+RSpec::Core::RakeTask.new :spec
+
+task default: [:spec]

data/bin/console

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'gle'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/gle.gemspec

@@ -0,0 +1,34 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = 'gle'
+  spec.version       = '1.1.0'
+  spec.authors       = ['claudiob']
+  spec.email         = ['claudiob@users.noreply.github.com']
+
+  spec.summary       = %q{Google Authentication Ruby client}
+  spec.description   = %q{Gle makes it easy to authenticate users to any
+    web application by means of their Google account.}
+  spec.homepage      = 'https://github.com/claudiob/gle'
+  spec.license       = 'MIT'
+
+  spec.required_ruby_version = '>= 2.2.2'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'yt-support'
+  spec.add_dependency 'jwt'
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'coveralls'
+  spec.add_development_dependency 'yard'
+end

data/lib/gle.rb

@@ -0,0 +1,143 @@
+require 'jwt'
+require 'yt/config'
+require 'yt/http_request'
+
+# Provides methods to authenticate a user with the Google OAuth flow.
+# @see https://developers.google.com/accounts/docs/OAuth2
+class Gle
+  # @param [Hash] options the options to initialize an instance of Gle.
+  # @option options [String] :redirect_uri The URI to redirect users to
+  #   after they have completed the Google OAuth flow.
+  # @option options [String] :code A single-use authorization code provided
+  #   by Google OAuth to obtain an access token to access Google API.
+  def self.create(options = {})
+    new options.merge(grant_type: :authorization_code)
+  end
+
+  # @param [Hash] options the options to initialize an instance of Gle.
+  # @option options [String] :refresh_token A multi-use refresh token to
+  #   obtain an access token to access Google API.
+  def self.find_by(options = {})
+    new options.merge(grant_type: :refresh_token)
+  end
+
+  # @return [String] the URL where to authenticate with a Google account.
+  # @param [Hash] options the options to initialize an instance of Gle.
+  # @option options [String] :redirect_uri The URI to redirect users to
+  #   after they have completed the Google OAuth flow.
+  # @option options [Boolean] :force whether to force users to re-authenticate
+  #   an account that was previously authenticated.
+  # @option options [Array<String>] :scopes The list of scopes that users
+  #   are requested to authorize.
+  def self.url_for(options = {})
+    if Yt.configuration.mock_auth_error
+      options[:redirect_uri] + '?error=' + Yt.configuration.mock_auth_error
+    elsif Yt.configuration.mock_auth_email
+      options[:redirect_uri] + '?code=mock-email'
+    else
+      host = 'accounts.google.com'
+      path = '/o/oauth2/auth'
+      query = URI.encode_www_form url_params(options)
+      URI::HTTPS.build(host: host, path: path, query: query).to_s
+    end
+  end
+
+  # @param [Hash] options the options to initialize an instance of Gle.
+  # @option options [String] :grant_type
+  # @option options [String] :redirect_uri
+  # @option options [String] :code
+  # @option options [String] :refresh_token
+  def initialize(options = {})
+    @tokens_body = options
+    @tokens_body[:client_id] = Yt.configuration.client_id
+    @tokens_body[:client_secret] = Yt.configuration.client_secret
+  end
+
+  # @return [Boolean] whether the authentication was revoked.
+  def revoke
+    !!Yt::HTTPRequest.new(revoke_params).run
+  end
+
+  # @return [String] the email of an authenticated Google account.
+  def email
+    if Yt.configuration.mock_auth_email
+      if Yt.configuration.mock_auth_email.eql? 'invalid-email'
+        raise Yt::HTTPError, 'Malformed auth code'
+      else
+        Yt.configuration.mock_auth_email
+      end
+    else
+      profile['email']
+    end
+  end
+
+  # @return [String] the access token of an authenticated Google account.
+  def access_token
+    tokens['access_token']
+  end
+
+  # @return [String] the refresh token of an authenticated Google account.
+  def refresh_token
+    tokens['refresh_token']
+  end
+
+  # Placeholder method that can be invoked after a refresh token is used
+  # to generate a new access token. Applications can override this method,
+  # for instance to store the new token in a database
+  def access_token_was_refreshed
+  end
+
+private
+
+  def self.url_params(options)
+    {}.tap do |params|
+      params[:client_id] = Yt.configuration.client_id
+      params[:scope] = scope_for(options.fetch :scopes, [])
+      params[:access_type] = :offline
+      params[:approval_prompt] = options[:force] ? :force : :auto
+      params[:redirect_uri] = options[:redirect_uri]
+      params[:response_type] = :code
+    end
+  end
+
+  def self.scope_for(scopes)
+    ['userinfo.email'].concat(scopes).map do |scope|
+      "https://www.googleapis.com/auth/#{scope}"
+    end.join(' ')
+  end
+
+  # @return [Hash] the tokens of an authenticated Google account.
+  def tokens
+    @tokens ||= Yt::HTTPRequest.new(tokens_params).run.body
+  end
+
+  # @return [Hash] the profile of an authenticated Google account.
+  def profile
+    decoded_tokens = JWT.decode tokens['id_token'], nil, false
+    decoded_tokens[0]
+  end
+
+  def tokens_params
+    {}.tap do |params|
+      params[:host] = 'oauth2.googleapis.com'
+      params[:path] = '/token'
+      params[:method] = :post
+      params[:request_format] = :form
+      params[:body] = @tokens_body
+      params[:error_message] = ->(code) { error_message_for code }
+    end
+  end
+
+  def revoke_params
+    {}.tap do |params|
+      params[:host] = 'oauth2.googleapis.com'
+      params[:path] = '/revoke'
+      params[:params] = {token: refresh_token || access_token}
+    end
+  end
+
+  def error_message_for(code)
+    key = @tokens_body[:grant_type].to_s.tr '_', ' '
+    JSON(@tokens_body)['error_description'] || "Invalid #{key}."
+  end
+end

metadata

@@ -0,0 +1,152 @@
+--- !ruby/object:Gem::Specification
+name: gle
+version: !ruby/object:Gem::Version
+  version: 1.1.0
+platform: ruby
+authors:
+- claudiob
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: yt-support
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |-
+  Gle makes it easy to authenticate users to any
+      web application by means of their Google account.
+email:
+- claudiob@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- gle.gemspec
+- lib/gle.rb
+homepage: https://github.com/claudiob/gle
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.2.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.3
+specification_version: 4
+summary: Google Authentication Ruby client
+test_files: []