google_sign_in 0.1.4 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +12 -0
  3. data/.travis.yml +18 -0
  4. data/Gemfile.lock +130 -10
  5. data/README.md +114 -47
  6. data/Rakefile +31 -1
  7. data/SECURITY.md +15 -0
  8. data/app/controllers/google_sign_in/authorizations_controller.rb +17 -0
  9. data/app/controllers/google_sign_in/base_controller.rb +15 -0
  10. data/app/controllers/google_sign_in/callbacks_controller.rb +27 -0
  11. data/app/helpers/google_sign_in/button_helper.rb +7 -0
  12. data/bin/rails +16 -0
  13. data/config/routes.rb +4 -0
  14. data/google_sign_in.gemspec +9 -6
  15. data/lib/google_sign_in.rb +9 -1
  16. data/lib/google_sign_in/engine.rb +28 -0
  17. data/lib/google_sign_in/identity.rb +10 -21
  18. data/lib/google_sign_in/redirect_protector.rb +25 -0
  19. data/test/certificate.pem +19 -0
  20. data/test/controllers/authorizations_controller_test.rb +26 -0
  21. data/test/controllers/callbacks_controller_test.rb +36 -0
  22. data/test/dummy/.ruby-version +1 -0
  23. data/test/dummy/Rakefile +6 -0
  24. data/test/dummy/app/assets/config/manifest.js +3 -0
  25. data/test/dummy/app/assets/images/.keep +0 -0
  26. data/test/dummy/app/assets/javascripts/application.js +15 -0
  27. data/test/dummy/app/assets/javascripts/cable.js +13 -0
  28. data/test/dummy/app/assets/javascripts/channels/.keep +0 -0
  29. data/test/dummy/app/assets/stylesheets/application.css +15 -0
  30. data/test/dummy/app/channels/application_cable/channel.rb +4 -0
  31. data/test/dummy/app/channels/application_cable/connection.rb +4 -0
  32. data/test/dummy/app/controllers/application_controller.rb +2 -0
  33. data/test/dummy/app/controllers/concerns/.keep +0 -0
  34. data/test/dummy/app/helpers/application_helper.rb +2 -0
  35. data/test/dummy/app/jobs/application_job.rb +2 -0
  36. data/test/dummy/app/mailers/application_mailer.rb +4 -0
  37. data/test/dummy/app/models/application_record.rb +3 -0
  38. data/test/dummy/app/models/concerns/.keep +0 -0
  39. data/test/dummy/app/views/layouts/application.html.erb +15 -0
  40. data/test/dummy/app/views/layouts/mailer.html.erb +13 -0
  41. data/test/dummy/app/views/layouts/mailer.text.erb +1 -0
  42. data/test/dummy/bin/bundle +3 -0
  43. data/test/dummy/bin/rails +4 -0
  44. data/test/dummy/bin/rake +4 -0
  45. data/test/dummy/bin/setup +36 -0
  46. data/test/dummy/bin/update +31 -0
  47. data/test/dummy/bin/yarn +11 -0
  48. data/test/dummy/config.ru +5 -0
  49. data/test/dummy/config/application.rb +20 -0
  50. data/test/dummy/config/boot.rb +5 -0
  51. data/test/dummy/config/cable.yml +10 -0
  52. data/test/dummy/config/database.yml +25 -0
  53. data/test/dummy/config/environment.rb +5 -0
  54. data/test/dummy/config/environments/development.rb +32 -0
  55. data/test/dummy/config/environments/production.rb +57 -0
  56. data/test/dummy/config/environments/test.rb +33 -0
  57. data/test/dummy/config/initializers/application_controller_renderer.rb +8 -0
  58. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  59. data/test/dummy/config/initializers/content_security_policy.rb +25 -0
  60. data/test/dummy/config/initializers/cookies_serializer.rb +5 -0
  61. data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  62. data/test/dummy/config/initializers/google_sign_in.rb +4 -0
  63. data/test/dummy/config/initializers/inflections.rb +16 -0
  64. data/test/dummy/config/initializers/mime_types.rb +4 -0
  65. data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
  66. data/test/dummy/config/locales/en.yml +33 -0
  67. data/test/dummy/config/puma.rb +34 -0
  68. data/test/dummy/config/routes.rb +2 -0
  69. data/test/dummy/config/spring.rb +6 -0
  70. data/test/dummy/config/storage.yml +34 -0
  71. data/test/dummy/lib/assets/.keep +0 -0
  72. data/test/dummy/log/.keep +0 -0
  73. data/test/dummy/package.json +5 -0
  74. data/test/dummy/public/404.html +67 -0
  75. data/test/dummy/public/422.html +67 -0
  76. data/test/dummy/public/500.html +66 -0
  77. data/test/dummy/public/apple-touch-icon-precomposed.png +0 -0
  78. data/test/dummy/public/apple-touch-icon.png +0 -0
  79. data/test/dummy/public/favicon.ico +0 -0
  80. data/test/helpers/button_helper_test.rb +36 -0
  81. data/test/key.pem +27 -0
  82. data/test/models/identity_test.rb +76 -0
  83. data/test/models/redirect_protector_test.rb +34 -0
  84. data/test/test_helper.rb +27 -3
  85. metadata +200 -10
  86. data/lib/google_sign_in/helper.rb +0 -76
  87. data/lib/google_sign_in/railtie.rb +0 -12
  88. data/test/identity_test.rb +0 -13
@@ -0,0 +1,14 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # This file contains settings for ActionController::ParamsWrapper which
4
+ # is enabled by default.
5
+
6
+ # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
7
+ ActiveSupport.on_load(:action_controller) do
8
+ wrap_parameters format: [:json]
9
+ end
10
+
11
+ # To enable root element in JSON for ActiveRecord objects.
12
+ # ActiveSupport.on_load(:active_record) do
13
+ # self.include_root_in_json = true
14
+ # end
@@ -0,0 +1,33 @@
1
+ # Files in the config/locales directory are used for internationalization
2
+ # and are automatically loaded by Rails. If you want to use locales other
3
+ # than English, add the necessary files in this directory.
4
+ #
5
+ # To use the locales, use `I18n.t`:
6
+ #
7
+ # I18n.t 'hello'
8
+ #
9
+ # In views, this is aliased to just `t`:
10
+ #
11
+ # <%= t('hello') %>
12
+ #
13
+ # To use a different locale, set it with `I18n.locale`:
14
+ #
15
+ # I18n.locale = :es
16
+ #
17
+ # This would use the information in config/locales/es.yml.
18
+ #
19
+ # The following keys must be escaped otherwise they will not be retrieved by
20
+ # the default I18n backend:
21
+ #
22
+ # true, false, on, off, yes, no
23
+ #
24
+ # Instead, surround them with single quotes.
25
+ #
26
+ # en:
27
+ # 'true': 'foo'
28
+ #
29
+ # To learn more, please read the Rails Internationalization guide
30
+ # available at http://guides.rubyonrails.org/i18n.html.
31
+
32
+ en:
33
+ hello: "Hello world"
@@ -0,0 +1,34 @@
1
+ # Puma can serve each request in a thread from an internal thread pool.
2
+ # The `threads` method setting takes two numbers: a minimum and maximum.
3
+ # Any libraries that use thread pools should be configured to match
4
+ # the maximum value specified for Puma. Default is set to 5 threads for minimum
5
+ # and maximum; this matches the default thread size of Active Record.
6
+ #
7
+ threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }
8
+ threads threads_count, threads_count
9
+
10
+ # Specifies the `port` that Puma will listen on to receive requests; default is 3000.
11
+ #
12
+ port ENV.fetch("PORT") { 3000 }
13
+
14
+ # Specifies the `environment` that Puma will run in.
15
+ #
16
+ environment ENV.fetch("RAILS_ENV") { "development" }
17
+
18
+ # Specifies the number of `workers` to boot in clustered mode.
19
+ # Workers are forked webserver processes. If using threads and workers together
20
+ # the concurrency of the application would be max `threads` * `workers`.
21
+ # Workers do not work on JRuby or Windows (both of which do not support
22
+ # processes).
23
+ #
24
+ # workers ENV.fetch("WEB_CONCURRENCY") { 2 }
25
+
26
+ # Use the `preload_app!` method when specifying a `workers` number.
27
+ # This directive tells Puma to first boot the application and load code
28
+ # before forking the application. This takes advantage of Copy On Write
29
+ # process behavior so workers use less memory.
30
+ #
31
+ # preload_app!
32
+
33
+ # Allow puma to be restarted by `rails restart` command.
34
+ plugin :tmp_restart
@@ -0,0 +1,2 @@
1
+ Rails.application.routes.draw do
2
+ end
@@ -0,0 +1,6 @@
1
+ %w[
2
+ .ruby-version
3
+ .rbenv-vars
4
+ tmp/restart.txt
5
+ tmp/caching-dev.txt
6
+ ].each { |path| Spring.watch(path) }
@@ -0,0 +1,34 @@
1
+ test:
2
+ service: Disk
3
+ root: <%= Rails.root.join("tmp/storage") %>
4
+
5
+ local:
6
+ service: Disk
7
+ root: <%= Rails.root.join("storage") %>
8
+
9
+ # Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
10
+ # amazon:
11
+ # service: S3
12
+ # access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
13
+ # secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
14
+ # region: us-east-1
15
+ # bucket: your_own_bucket
16
+
17
+ # Remember not to checkin your GCS keyfile to a repository
18
+ # google:
19
+ # service: GCS
20
+ # project: your_project
21
+ # credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
22
+ # bucket: your_own_bucket
23
+
24
+ # Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key)
25
+ # microsoft:
26
+ # service: AzureStorage
27
+ # storage_account_name: your_account_name
28
+ # storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %>
29
+ # container: your_container_name
30
+
31
+ # mirror:
32
+ # service: Mirror
33
+ # primary: local
34
+ # mirrors: [ amazon, google, microsoft ]
File without changes
File without changes
@@ -0,0 +1,5 @@
1
+ {
2
+ "name": "dummy",
3
+ "private": true,
4
+ "dependencies": {}
5
+ }
@@ -0,0 +1,67 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>The page you were looking for doesn't exist (404)</title>
5
+ <meta name="viewport" content="width=device-width,initial-scale=1">
6
+ <style>
7
+ .rails-default-error-page {
8
+ background-color: #EFEFEF;
9
+ color: #2E2F30;
10
+ text-align: center;
11
+ font-family: arial, sans-serif;
12
+ margin: 0;
13
+ }
14
+
15
+ .rails-default-error-page div.dialog {
16
+ width: 95%;
17
+ max-width: 33em;
18
+ margin: 4em auto 0;
19
+ }
20
+
21
+ .rails-default-error-page div.dialog > div {
22
+ border: 1px solid #CCC;
23
+ border-right-color: #999;
24
+ border-left-color: #999;
25
+ border-bottom-color: #BBB;
26
+ border-top: #B00100 solid 4px;
27
+ border-top-left-radius: 9px;
28
+ border-top-right-radius: 9px;
29
+ background-color: white;
30
+ padding: 7px 12% 0;
31
+ box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
32
+ }
33
+
34
+ .rails-default-error-page h1 {
35
+ font-size: 100%;
36
+ color: #730E15;
37
+ line-height: 1.5em;
38
+ }
39
+
40
+ .rails-default-error-page div.dialog > p {
41
+ margin: 0 0 1em;
42
+ padding: 1em;
43
+ background-color: #F7F7F7;
44
+ border: 1px solid #CCC;
45
+ border-right-color: #999;
46
+ border-left-color: #999;
47
+ border-bottom-color: #999;
48
+ border-bottom-left-radius: 4px;
49
+ border-bottom-right-radius: 4px;
50
+ border-top-color: #DADADA;
51
+ color: #666;
52
+ box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
53
+ }
54
+ </style>
55
+ </head>
56
+
57
+ <body class="rails-default-error-page">
58
+ <!-- This file lives in public/404.html -->
59
+ <div class="dialog">
60
+ <div>
61
+ <h1>The page you were looking for doesn't exist.</h1>
62
+ <p>You may have mistyped the address or the page may have moved.</p>
63
+ </div>
64
+ <p>If you are the application owner check the logs for more information.</p>
65
+ </div>
66
+ </body>
67
+ </html>
@@ -0,0 +1,67 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>The change you wanted was rejected (422)</title>
5
+ <meta name="viewport" content="width=device-width,initial-scale=1">
6
+ <style>
7
+ .rails-default-error-page {
8
+ background-color: #EFEFEF;
9
+ color: #2E2F30;
10
+ text-align: center;
11
+ font-family: arial, sans-serif;
12
+ margin: 0;
13
+ }
14
+
15
+ .rails-default-error-page div.dialog {
16
+ width: 95%;
17
+ max-width: 33em;
18
+ margin: 4em auto 0;
19
+ }
20
+
21
+ .rails-default-error-page div.dialog > div {
22
+ border: 1px solid #CCC;
23
+ border-right-color: #999;
24
+ border-left-color: #999;
25
+ border-bottom-color: #BBB;
26
+ border-top: #B00100 solid 4px;
27
+ border-top-left-radius: 9px;
28
+ border-top-right-radius: 9px;
29
+ background-color: white;
30
+ padding: 7px 12% 0;
31
+ box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
32
+ }
33
+
34
+ .rails-default-error-page h1 {
35
+ font-size: 100%;
36
+ color: #730E15;
37
+ line-height: 1.5em;
38
+ }
39
+
40
+ .rails-default-error-page div.dialog > p {
41
+ margin: 0 0 1em;
42
+ padding: 1em;
43
+ background-color: #F7F7F7;
44
+ border: 1px solid #CCC;
45
+ border-right-color: #999;
46
+ border-left-color: #999;
47
+ border-bottom-color: #999;
48
+ border-bottom-left-radius: 4px;
49
+ border-bottom-right-radius: 4px;
50
+ border-top-color: #DADADA;
51
+ color: #666;
52
+ box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
53
+ }
54
+ </style>
55
+ </head>
56
+
57
+ <body class="rails-default-error-page">
58
+ <!-- This file lives in public/422.html -->
59
+ <div class="dialog">
60
+ <div>
61
+ <h1>The change you wanted was rejected.</h1>
62
+ <p>Maybe you tried to change something you didn't have access to.</p>
63
+ </div>
64
+ <p>If you are the application owner check the logs for more information.</p>
65
+ </div>
66
+ </body>
67
+ </html>
@@ -0,0 +1,66 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>We're sorry, but something went wrong (500)</title>
5
+ <meta name="viewport" content="width=device-width,initial-scale=1">
6
+ <style>
7
+ .rails-default-error-page {
8
+ background-color: #EFEFEF;
9
+ color: #2E2F30;
10
+ text-align: center;
11
+ font-family: arial, sans-serif;
12
+ margin: 0;
13
+ }
14
+
15
+ .rails-default-error-page div.dialog {
16
+ width: 95%;
17
+ max-width: 33em;
18
+ margin: 4em auto 0;
19
+ }
20
+
21
+ .rails-default-error-page div.dialog > div {
22
+ border: 1px solid #CCC;
23
+ border-right-color: #999;
24
+ border-left-color: #999;
25
+ border-bottom-color: #BBB;
26
+ border-top: #B00100 solid 4px;
27
+ border-top-left-radius: 9px;
28
+ border-top-right-radius: 9px;
29
+ background-color: white;
30
+ padding: 7px 12% 0;
31
+ box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
32
+ }
33
+
34
+ .rails-default-error-page h1 {
35
+ font-size: 100%;
36
+ color: #730E15;
37
+ line-height: 1.5em;
38
+ }
39
+
40
+ .rails-default-error-page div.dialog > p {
41
+ margin: 0 0 1em;
42
+ padding: 1em;
43
+ background-color: #F7F7F7;
44
+ border: 1px solid #CCC;
45
+ border-right-color: #999;
46
+ border-left-color: #999;
47
+ border-bottom-color: #999;
48
+ border-bottom-left-radius: 4px;
49
+ border-bottom-right-radius: 4px;
50
+ border-top-color: #DADADA;
51
+ color: #666;
52
+ box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
53
+ }
54
+ </style>
55
+ </head>
56
+
57
+ <body class="rails-default-error-page">
58
+ <!-- This file lives in public/500.html -->
59
+ <div class="dialog">
60
+ <div>
61
+ <h1>We're sorry, but something went wrong.</h1>
62
+ </div>
63
+ <p>If you are the application owner check the logs for more information.</p>
64
+ </div>
65
+ </body>
66
+ </html>
File without changes
File without changes
@@ -0,0 +1,36 @@
1
+ require "test_helper"
2
+
3
+ class GoogleSignIn::ButtonHelperTest < ActionView::TestCase
4
+ test "generating a login button with text content" do
5
+ assert_dom_equal <<-HTML, google_sign_in_button("Log in with Google", proceed_to: "https://www.example.com/login")
6
+ <form action="/google_sign_in/authorization" accept-charset="UTF-8" data-remote="true" method="post">
7
+ <input name="utf8" type="hidden" value="&#x2713;" />
8
+ <input name="proceed_to" type="hidden" value="https://www.example.com/login" />
9
+ <button type="submit">Log in with Google</button>
10
+ </form>
11
+ HTML
12
+ end
13
+
14
+ test "generating a login button with HTML content" do
15
+ assert_dom_equal <<-HTML, google_sign_in_button(proceed_to: "https://www.example.com/login") { image_tag("google.png") }
16
+ <form action="/google_sign_in/authorization" accept-charset="UTF-8" data-remote="true" method="post">
17
+ <input name="utf8" type="hidden" value="&#x2713;" />
18
+ <input name="proceed_to" type="hidden" value="https://www.example.com/login" />
19
+ <button type="submit"><img src="/images/google.png"></button>
20
+ </form>
21
+ HTML
22
+ end
23
+
24
+ test "generating a login button with custom attributes" do
25
+ button = google_sign_in_button("Log in with Google", proceed_to: "https://www.example.com/login",
26
+ class: "login-button", data: { disable_with: "Loading Google login…" })
27
+
28
+ assert_dom_equal <<-HTML, button
29
+ <form action="/google_sign_in/authorization" accept-charset="UTF-8" data-remote="true" method="post">
30
+ <input name="utf8" type="hidden" value="&#x2713;" />
31
+ <input name="proceed_to" type="hidden" value="https://www.example.com/login" />
32
+ <button type="submit" class="login-button" data-disable-with="Loading Google login…">Log in with Google</button>
33
+ </form>
34
+ HTML
35
+ end
36
+ end
@@ -0,0 +1,27 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIIEowIBAAKCAQEArZztTnC23cY+H+iP2lDCZAiX6wzb6dL9pY1CaGquoalj5qGY
3
+ HJfdp4wb7fdZ6ST3xmgstGWC34s1DQUSpH6OrtzF77m5LWKpN0lQno8tE1BNdT8E
4
+ cdbv8dHNqwk2umO6aQKDvVK98qHHA5pHHj/DKaHx1nra3WscoZLZasuoKTO1fpI4
5
+ /mp8kkJOF6gyZReBVx7fNhzDSt8W41ychKMjLnRlCEgQ5/6xvG9y8RCmsFIi1QiO
6
+ eIN/i/zouJ2QhFzQnf5r1qVRaD6RUBjKClt0vSsRaML35A0sVmMIGJ1p7DtLnl0v
7
+ lmDC/PCjtUH+1ZhGfdbu8NfxIjFcYrnM8cnEnwIDAQABAoIBAQCFsPlg1RVMlJNU
8
+ eP8Fq/j1lVR/UYird6mRacUAqV5O6SUf/cIoCp5Knm8Hgdl/2tLeu2vpgt4UDJvO
9
+ qeBgQYDYkPPvlcJOe9I428E0SKb6X3U2W0+t5kkhm2FYWyEEyTVMFf6itOvGwuOB
10
+ F7W6SnmcPrP/aN3PceM7XN0GC0w0ZPOgpsKO4zJiXyA+NQhOdV/xsUtAgM/zXPVb
11
+ UzJyixPDqJfBHBNCkP6FcJxkc+cLlxnZaG7ug2qfWzvj0l2EepcWQ3R/E56mixcN
12
+ nIoha07jBMJhX0KbRgcZsMmvR0/Z2sLkUgphTI/EdIsPQ/zvfqSQTQAKjDB4Orsi
13
+ quaIerupAoGBANVfWh+d4GnhcxtHYb1CCS6CU1dJDh6vGifeLvAAxuiAOBAepQUs
14
+ 9+ewVaS7ARnZ7jwtqOOKRDvAZpEukh7lqFj5haqzuRrImTO6v/Lk8XAA2RC7hY6v
15
+ b65WszIYgGemSubJot7Tevk/lu8lhdkZKp+OZdPU9NS2cEPCcQ3zDchbAoGBANBM
16
+ IVJuQHutAzCTKfjhbZCn78e7AA/eQGMycZUM6i60muYC7L57P0W++ycK6A1cJ49X
17
+ XJ9VvKtjtfqITbIUGuvaFii7XAaGMV85LffJ5t1DjucLScIBDxYp5EJz5/Qj2RDw
18
+ hWJZ+IF0Z4+k1jmIM+eyoNzmjWyYvgpmhFfhx0gNAoGAHcRyt0x4PW1FeL3JpfSr
19
+ gUCPTfMUNDWriXpWxAbnuRICQEV2MjWm1DzmhdfM/IVJ1j1sfWoRwOBDrud3XTYe
20
+ +WK+QiVWoqTvsqbQFpvYDw8fOVVf+ZsCEqln0IpYh51Mf8wLm9iXJGS5st1iQfpf
21
+ 1uivzhC8o1xcZyeeTBrnhlcCgYBHp7ja04SpRwZO4oFQ1bPMTIlHC0RlMQ6zUToT
22
+ jULOWGDk+WKZ0GoewylA8BaN6gLN477ALU1fJEkI63TW6uWr9vUig/mPYQCBAnmW
23
+ wUUDHud9AbwY2iZneHfGiHrl2KMmmac5AzxixDmQB6OOXRWGAkQmWcWS8ySFDWk/
24
+ ljLozQKBgE1gv+PXyxFOsuKNAylj2h8SlfzyOReS7XgPOX3x27yhp18Y8Wq9jeBr
25
+ INjRFL7CpydZZOB5B8i4CLqa3B0dA/lIYbc5FaLefBY+mt82YtpMsYP1I4bAe/ub
26
+ K7fp2z10/eKfa2e5mcTS2WBwJmVz0cR8Plqd2zPb3+yE+JMiU/k7
27
+ -----END RSA PRIVATE KEY-----
@@ -0,0 +1,76 @@
1
+ require 'test_helper'
2
+ require 'jwt'
3
+
4
+ class GoogleSignIn::IdentityTest < ActiveSupport::TestCase
5
+ test "client_id must be set" do
6
+ switch_client_id_to nil do
7
+ assert_raises(ArgumentError) { GoogleSignIn::Identity.new("some_fake_token") }
8
+ end
9
+ end
10
+
11
+ test "client_id must be in the token audience" do
12
+ assert_raises GoogleSignIn::Identity::ValidationError do
13
+ GoogleSignIn::Identity.new(token_with(aud: "invalid"))
14
+ end
15
+ end
16
+
17
+ test "token must have a valid issuer" do
18
+ assert_raises GoogleSignIn::Identity::ValidationError do
19
+ GoogleSignIn::Identity.new(token_with(iss: "invalid"))
20
+ end
21
+ end
22
+
23
+ test "token must be signed with the correct key" do
24
+ assert_raises GoogleSignIn::Identity::ValidationError do
25
+ GoogleSignIn::Identity.new(token_with(key: OpenSSL::PKey::RSA.new(2048)))
26
+ end
27
+ end
28
+
29
+ test "token must not be expired" do
30
+ freeze_time do
31
+ assert_raises GoogleSignIn::Identity::ValidationError do
32
+ GoogleSignIn::Identity.new(token_with(iat: 10.minutes.ago.to_i, exp: 5.minutes.ago.to_i))
33
+ end
34
+ end
35
+ end
36
+
37
+ test "extracting user ID" do
38
+ assert_equal "573222559223877", GoogleSignIn::Identity.new(token_with(sub: "573222559223877")).user_id
39
+ end
40
+
41
+ test "extracting name" do
42
+ assert_equal "George Claghorn", GoogleSignIn::Identity.new(token_with(name: "George Claghorn")).name
43
+ end
44
+
45
+ test "extracting email address" do
46
+ assert_equal "george@basecamp.com", GoogleSignIn::Identity.new(token_with(email: "george@basecamp.com")).email_address
47
+ end
48
+
49
+ test "extracting email verification status" do
50
+ assert GoogleSignIn::Identity.new(token_with(email: "george@basecamp.com", email_verified: true)).email_verified?
51
+ assert_not GoogleSignIn::Identity.new(token_with(email: "george@basecamp.com", email_verified: false)).email_verified?
52
+ assert_not GoogleSignIn::Identity.new(token_with(email: "george@basecamp.com")).email_verified?
53
+ end
54
+
55
+ test "extracting avatar URL" do
56
+ assert_equal "https://example.com/avatar.png",
57
+ GoogleSignIn::Identity.new(token_with(picture: "https://example.com/avatar.png")).avatar_url
58
+ end
59
+
60
+ test "extracting locale" do
61
+ assert_equal "en-US", GoogleSignIn::Identity.new(token_with(locale: "en-US")).locale
62
+ end
63
+
64
+ private
65
+ def switch_client_id_to(value)
66
+ previous_value = GoogleSignIn.client_id
67
+ GoogleSignIn.client_id = value
68
+ yield
69
+ ensure
70
+ GoogleSignIn.client_id = previous_value
71
+ end
72
+
73
+ def token_with(aud: FAKE_GOOGLE_CLIENT_ID, iss: "https://accounts.google.com", key: GOOGLE_PRIVATE_KEY, **payload)
74
+ JWT.encode(payload.merge(aud: aud, iss: iss), key, "RS256")
75
+ end
76
+ end