google_sign_in 1.2.0 → 1.3.0

data/Rakefile

@@ -1,40 +0,0 @@
-require "bundler/setup"
-require "bundler/gem_tasks"
-require "rake/testtask"
-
-Rake::TestTask.new do |test|
-  test.libs << "test"
-  test.test_files = FileList["test/**/*_test.rb"]
-  test.warning = false
-end
-
-task default: :test
-
-desc "Generates an X509 certificate for decoding test ID tokens"
-task "test:certificate:generate" do
-  require "openssl"
-  require "active_support"
-  require "active_support/core_ext/integer/time"
-
-  key = OpenSSL::PKey::RSA.new(File.read(File.expand_path("test/key.pem", __dir__)))
-
-  certificate = OpenSSL::X509::Certificate.new
-  certificate.subject = certificate.issuer = OpenSSL::X509::Name.parse("/CN=google-sign-in-for-rails.example.com")
-  certificate.not_before = Time.now
-  certificate.not_after = 5.years.from_now
-  certificate.public_key = key.public_key
-  certificate.serial = 0
-  certificate.version = 1
-
-  extension_factory = OpenSSL::X509::ExtensionFactory.new
-  extension_factory.subject_certificate = certificate
-  extension_factory.issuer_certificate = certificate
-  certificate.extensions = [
-    extension_factory.create_extension("basicConstraints", "CA:FALSE", true),
-    extension_factory.create_extension("keyUsage", "digitalSignature", true),
-    extension_factory.create_extension("extendedKeyUsage", "clientAuth", true)
-  ]
-
-  certificate.sign(key, OpenSSL::Digest::SHA1.new)
-  File.write(File.expand_path("test/certificate.pem", __dir__), certificate.to_pem)
-end

data/bin/rails

@@ -1,16 +0,0 @@
-#!/usr/bin/env ruby
-# This command will automatically be run when you run "rails" with Rails gems
-# installed from the root of your application.
-
-ENGINE_ROOT = File.expand_path('..', __dir__)
-ENGINE_PATH = File.expand_path('../lib/google_sign_in/engine', __dir__)
-APP_PATH = File.expand_path('../test/dummy/config/application', __dir__)
-
-# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
-require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
-
-require 'rails'
-require 'action_controller/railtie'
-require 'rails/test_unit/railtie'
-require 'rails/engine/commands'

data/google_sign_in.gemspec

@@ -1,22 +0,0 @@
-Gem::Specification.new do |s|
-  s.name     = 'google_sign_in'
-  s.version  = '1.2.0'
-  s.authors  = ['David Heinemeier Hansson', 'George Claghorn']
-  s.email    = ['david@basecamp.com', 'george@basecamp.com']
-  s.summary  = 'Sign in (or up) with Google for Rails applications'
-  s.homepage = 'https://github.com/basecamp/google_sign_in'
-  s.license  = 'MIT'
-
-  s.required_ruby_version = '>= 1.9.3'
-
-  s.add_dependency 'rails', '>= 5.2.0'
-  s.add_dependency 'google-id-token', '>= 1.4.0'
-  s.add_dependency 'oauth2', '>= 1.4.0'
-
-  s.add_development_dependency 'bundler', '~> 1.15'
-  s.add_development_dependency 'jwt', '>= 1.5.6'
-  s.add_development_dependency 'webmock', '>= 3.4.2'
-
-  s.files      = `git ls-files`.split("\n")
-  s.test_files = `git ls-files -- test/*`.split("\n")
-end

data/test/certificate.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDETCCAfmgAwIBAQIBADANBgkqhkiG9w0BAQUFADAvMS0wKwYDVQQDDCRnb29n
-bGUtc2lnbi1pbi1mb3ItcmFpbHMuZXhhbXBsZS5jb20wHhcNMTgwOTAyMjI0MTQw
-WhcNMjMwOTAyMjI0MTQwWjAvMS0wKwYDVQQDDCRnb29nbGUtc2lnbi1pbi1mb3It
-cmFpbHMuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQCtnO1OcLbdxj4f6I/aUMJkCJfrDNvp0v2ljUJoaq6hqWPmoZgcl92njBvt91np
-JPfGaCy0ZYLfizUNBRKkfo6u3MXvubktYqk3SVCejy0TUE11PwRx1u/x0c2rCTa6
-Y7ppAoO9Ur3yoccDmkceP8MpofHWetrdaxyhktlqy6gpM7V+kjj+anySQk4XqDJl
-F4FXHt82HMNK3xbjXJyEoyMudGUISBDn/rG8b3LxEKawUiLVCI54g3+L/Oi4nZCE
-XNCd/mvWpVFoPpFQGMoKW3S9KxFowvfkDSxWYwgYnWnsO0ueXS+WYML88KO1Qf7V
-mEZ91u7w1/EiMVxiuczxycSfAgMBAAGjODA2MAwGA1UdEwEB/wQCMAAwDgYDVR0P
-AQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUA
-A4IBAQCVXynTCZhpbINC4j1prGaPfY6mRkCZzcRpQFim4C6hJtYSRn57qjpmYWG3
-eVc3ElfNUAWgC3trACjN3hDqKv0/hH9TGTY9iFhc747L/VSaKWzH/uWewj1qTwsX
-dUEFxZILAWvAMBNUT060t8bt+pSFc2h4fHsftOqFLfkFUcCr22QsWyueXzWZyDeZ
-XWFGtD+WOR5SC4mIY359e75/vZsJymzZIfM+pfcaHnXtXez9SeLM81rvnRdR1b+H
-/S0LT0dPRkXSvC2HRPwzHxVctNrDoaxON+OIMgd4lHAFs6doVoYmnprzO69+IBUK
-s0LBENxbn2rd7IEl6EaC91cXCl3y
------END CERTIFICATE-----

data/test/controllers/authorizations_controller_test.rb

@@ -1,26 +0,0 @@
-require 'test_helper'
-
-class GoogleSignIn::AuthorizationsControllerTest < ActionDispatch::IntegrationTest
-  test "redirecting to Google for authorization" do
-    post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-    assert_response :redirect
-    assert_match 'https://accounts.google.com/o/oauth2/auth', response.location
-
-    params = extract_query_params_from(response.location)
-    assert_equal FAKE_GOOGLE_CLIENT_ID, params[:client_id]
-    assert_equal 'login', params[:prompt]
-    assert_equal 'code', params[:response_type]
-    assert_equal 'http://www.example.com/google_sign_in/callback', params[:redirect_uri]
-    assert_equal 'openid profile email', params[:scope]
-    assert_match /[A-Za-z0-9+\/]{32}/, params[:state]
-
-    assert_equal 'http://www.example.com/login', flash[:proceed_to]
-    assert_equal params[:state], flash[:state]
-  end
-
-  private
-    def extract_query_params_from(url)
-      query = URI(url).query
-      Rack::Utils.parse_query(query).symbolize_keys
-    end
-end

data/test/controllers/callbacks_controller_test.rb

@@ -1,133 +0,0 @@
-require 'test_helper'
-
-class GoogleSignIn::CallbacksControllerTest < ActionDispatch::IntegrationTest
-  test "receiving an authorization code" do
-    post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-    assert_response :redirect
-
-    stub_token_for '4/SgCpHSVW5-Cy', access_token: 'ya29.GlwIBo', id_token: 'eyJhbGciOiJSUzI'
-
-    get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: flash[:state])
-    assert_redirected_to 'http://www.example.com/login'
-    assert_equal 'eyJhbGciOiJSUzI', flash[:google_sign_in][:id_token]
-    assert_nil flash[:google_sign_in][:error]
-  end
-
-  # Authorization request errors: https://tools.ietf.org/html/rfc6749#section-4.1.2.1
-  %w[ invalid_request unauthorized_client access_denied unsupported_response_type invalid_scope server_error temporarily_unavailable ].each do |error|
-    test "receiving an authorization code grant error: #{error}" do
-      post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-      assert_response :redirect
-
-      get google_sign_in.callback_url(error: error, state: flash[:state])
-      assert_redirected_to 'http://www.example.com/login'
-      assert_nil flash[:google_sign_in][:id_token]
-      assert_equal error, flash[:google_sign_in][:error]
-    end
-  end
-
-  test "receiving an invalid authorization error" do
-    post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-    assert_response :redirect
-
-    get google_sign_in.callback_url(error: 'unknown error code', state: flash[:state])
-    assert_redirected_to 'http://www.example.com/login'
-    assert_nil flash[:google_sign_in][:id_token]
-    assert_equal "invalid_request", flash[:google_sign_in][:error]
-  end
-
-  test "receiving neither code nor error" do
-    post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-    assert_response :redirect
-
-    get google_sign_in.callback_url(state: flash[:state])
-    assert_redirected_to 'http://www.example.com/login'
-    assert_nil flash[:google_sign_in][:id_token]
-    assert_equal 'invalid_request', flash[:google_sign_in][:error]
-  end
-
-  # Access token request errors: https://tools.ietf.org/html/rfc6749#section-5.2
-  %w[ invalid_request invalid_client invalid_grant unauthorized_client unsupported_grant_type invalid_scope ].each do |error|
-    test "receiving an access token request error: #{error}" do
-      post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-      assert_response :redirect
-
-      stub_token_error_for '4/SgCpHSVW5-Cy', error: error
-
-      get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: flash[:state])
-      assert_redirected_to 'http://www.example.com/login'
-      assert_nil flash[:google_sign_in][:id_token]
-      assert_equal error, flash[:google_sign_in][:error]
-    end
-  end
-
-  test "protecting against CSRF without flash state" do
-    post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-    assert_response :redirect
-
-    get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: 'invalid')
-    assert_redirected_to 'http://www.example.com/login'
-    assert_nil flash[:google_sign_in][:id_token]
-    assert_equal 'invalid_request', flash[:google_sign_in][:error]
-  end
-
-  test "protecting against CSRF with invalid state" do
-    post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-    assert_response :redirect
-    assert_not_nil flash[:state]
-
-    get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: 'invalid')
-    assert_redirected_to 'http://www.example.com/login'
-    assert_nil flash[:google_sign_in][:id_token]
-    assert_equal 'invalid_request', flash[:google_sign_in][:error]
-  end
-
-  test "protecting against CSRF with missing state" do
-    post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
-    assert_response :redirect
-    assert_not_nil flash[:state]
-
-    get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy')
-    assert_redirected_to 'http://www.example.com/login'
-    assert_nil flash[:google_sign_in][:id_token]
-    assert_equal 'invalid_request', flash[:google_sign_in][:error]
-  end
-
-  test "protecting against open redirects" do
-    post google_sign_in.authorization_url, params: { proceed_to: 'http://malicious.example.com/login' }
-    assert_response :redirect
-
-    get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: flash[:state])
-    assert_response :bad_request
-  end
-
-  test "receiving no proceed_to URL" do
-    get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: 'invalid')
-    assert_response :bad_request
-  end
-
-  private
-    def stub_token_for(code, **response_body)
-      stub_token_request(code, status: 200, response: response_body)
-    end
-
-    def stub_token_error_for(code, error:)
-      stub_token_request(code, status: 418, response: { error: error })
-    end
-
-    def stub_token_request(code, status:, response:)
-      stub_request(:post, 'https://oauth2.googleapis.com/token').with(
-        body: {
-          grant_type: 'authorization_code',
-          code: code,
-          client_id: FAKE_GOOGLE_CLIENT_ID,
-          client_secret: FAKE_GOOGLE_CLIENT_SECRET,
-          redirect_uri: 'http://www.example.com/google_sign_in/callback'
-        }
-      ).to_return(
-        status: status,
-        headers: { 'Content-Type' => 'application/json' },
-        body: JSON.generate(response)
-      )
-    end
-end

data/test/dummy/.ruby-version

@@ -1 +0,0 @@
-2.5.0

data/test/dummy/Rakefile

@@ -1,6 +0,0 @@
-# Add your own tasks in files placed in lib/tasks ending in .rake,
-# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
-
-require_relative 'config/application'
-
-Rails.application.load_tasks

data/test/dummy/app/assets/config/manifest.js

@@ -1,3 +0,0 @@
-//= link_tree ../images
-//= link_directory ../javascripts .js
-//= link_directory ../stylesheets .css

data/test/dummy/app/assets/javascripts/application.js

@@ -1,15 +0,0 @@
-// This is a manifest file that'll be compiled into application.js, which will include all the files
-// listed below.
-//
-// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
-// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
-//
-// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
-// compiled file. JavaScript code in this file should be added after the last require_* statement.
-//
-// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
-// about supported directives.
-//
-//= require rails-ujs
-//= require activestorage
-//= require_tree .

data/test/dummy/app/assets/javascripts/cable.js

@@ -1,13 +0,0 @@
-// Action Cable provides the framework to deal with WebSockets in Rails.
-// You can generate new channels where WebSocket features live using the `rails generate channel` command.
-//
-//= require action_cable
-//= require_self
-//= require_tree ./channels
-
-(function() {
-  this.App || (this.App = {});
-
-  App.cable = ActionCable.createConsumer();
-
-}).call(this);

data/test/dummy/app/assets/stylesheets/application.css

@@ -1,15 +0,0 @@
-/*
- * This is a manifest file that'll be compiled into application.css, which will include all the files
- * listed below.
- *
- * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
- *
- * You're free to add application-wide styles to this file and they'll appear at the bottom of the
- * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
- * files in this directory. Styles in this file should be added after the last require_* statement.
- * It is generally better to create a new file per style scope.
- *
- *= require_tree .
- *= require_self
- */

data/test/dummy/app/channels/application_cable/channel.rb

@@ -1,4 +0,0 @@
-module ApplicationCable
-  class Channel < ActionCable::Channel::Base
-  end
-end

data/test/dummy/app/channels/application_cable/connection.rb

@@ -1,4 +0,0 @@
-module ApplicationCable
-  class Connection < ActionCable::Connection::Base
-  end
-end

data/test/dummy/app/controllers/application_controller.rb

@@ -1,2 +0,0 @@
-class ApplicationController < ActionController::Base
-end

data/test/dummy/app/helpers/application_helper.rb

@@ -1,2 +0,0 @@
-module ApplicationHelper
-end

data/test/dummy/app/jobs/application_job.rb

@@ -1,2 +0,0 @@
-class ApplicationJob < ActiveJob::Base
-end

data/test/dummy/app/mailers/application_mailer.rb

@@ -1,4 +0,0 @@
-class ApplicationMailer < ActionMailer::Base
-  default from: 'from@example.com'
-  layout 'mailer'
-end

data/test/dummy/app/models/application_record.rb

@@ -1,3 +0,0 @@
-class ApplicationRecord < ActiveRecord::Base
-  self.abstract_class = true
-end

data/test/dummy/app/views/layouts/application.html.erb

@@ -1,15 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>Dummy</title>
-    <%= csrf_meta_tags %>
-    <%= csp_meta_tag %>
-
-    <%= stylesheet_link_tag    'application', media: 'all' %>
-    <%= javascript_include_tag 'application' %>
-  </head>
-
-  <body>
-    <%= yield %>
-  </body>
-</html>

data/test/dummy/app/views/layouts/mailer.html.erb

@@ -1,13 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <style>
-      /* Email styles need to be inline */
-    </style>
-  </head>
-
-  <body>
-    <%= yield %>
-  </body>
-</html>

data/test/dummy/app/views/layouts/mailer.text.erb

@@ -1 +0,0 @@
-<%= yield %>

data/test/dummy/bin/bundle

@@ -1,3 +0,0 @@
-#!/usr/bin/env ruby
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
-load Gem.bin_path('bundler', 'bundle')

data/test/dummy/bin/rails

@@ -1,4 +0,0 @@
-#!/usr/bin/env ruby
-APP_PATH = File.expand_path('../config/application', __dir__)
-require_relative '../config/boot'
-require 'rails/commands'

data/test/dummy/bin/rake

@@ -1,4 +0,0 @@
-#!/usr/bin/env ruby
-require_relative '../config/boot'
-require 'rake'
-Rake.application.run

data/test/dummy/bin/setup

@@ -1,36 +0,0 @@
-#!/usr/bin/env ruby
-require 'fileutils'
-include FileUtils
-
-# path to your application root.
-APP_ROOT = File.expand_path('..', __dir__)
-
-def system!(*args)
-  system(*args) || abort("\n== Command #{args} failed ==")
-end
-
-chdir APP_ROOT do
-  # This script is a starting point to setup your application.
-  # Add necessary setup steps to this file.
-
-  puts '== Installing dependencies =='
-  system! 'gem install bundler --conservative'
-  system('bundle check') || system!('bundle install')
-
-  # Install JavaScript dependencies if using Yarn
-  # system('bin/yarn')
-
-  # puts "\n== Copying sample files =="
-  # unless File.exist?('config/database.yml')
-  #   cp 'config/database.yml.sample', 'config/database.yml'
-  # end
-
-  puts "\n== Preparing database =="
-  system! 'bin/rails db:setup'
-
-  puts "\n== Removing old logs and tempfiles =="
-  system! 'bin/rails log:clear tmp:clear'
-
-  puts "\n== Restarting application server =="
-  system! 'bin/rails restart'
-end

data/test/dummy/bin/update

@@ -1,31 +0,0 @@
-#!/usr/bin/env ruby
-require 'fileutils'
-include FileUtils
-
-# path to your application root.
-APP_ROOT = File.expand_path('..', __dir__)
-
-def system!(*args)
-  system(*args) || abort("\n== Command #{args} failed ==")
-end
-
-chdir APP_ROOT do
-  # This script is a way to update your development environment automatically.
-  # Add necessary update steps to this file.
-
-  puts '== Installing dependencies =='
-  system! 'gem install bundler --conservative'
-  system('bundle check') || system!('bundle install')
-
-  # Install JavaScript dependencies if using Yarn
-  # system('bin/yarn')
-
-  puts "\n== Updating database =="
-  system! 'bin/rails db:migrate'
-
-  puts "\n== Removing old logs and tempfiles =="
-  system! 'bin/rails log:clear tmp:clear'
-
-  puts "\n== Restarting application server =="
-  system! 'bin/rails restart'
-end

data/test/dummy/bin/yarn

@@ -1,11 +0,0 @@
-#!/usr/bin/env ruby
-APP_ROOT = File.expand_path('..', __dir__)
-Dir.chdir(APP_ROOT) do
-  begin
-    exec "yarnpkg", *ARGV
-  rescue Errno::ENOENT
-    $stderr.puts "Yarn executable was not detected in the system."
-    $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install"
-    exit 1
-  end
-end

data/test/dummy/config/application.rb

@@ -1,20 +0,0 @@
-require_relative 'boot'
-
-require 'rails'
-require 'action_controller/railtie'
-require 'rails/test_unit/railtie'
-require 'google_sign_in'
-
-Bundler.require(*Rails.groups)
-
-module Dummy
-  class Application < Rails::Application
-    # Initialize configuration defaults for originally generated Rails version.
-    config.load_defaults 5.2
-
-    # Settings in config/environments/* take precedence over those specified here.
-    # Application configuration can go into files in config/initializers
-    # -- all .rb files in that directory are automatically loaded after loading
-    # the framework and any gems in your application.
-  end
-end

data/test/dummy/config/boot.rb

@@ -1,5 +0,0 @@
-# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
-
-require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
-$LOAD_PATH.unshift File.expand_path('../../../lib', __dir__)

data/test/dummy/config/cable.yml

@@ -1,10 +0,0 @@
-development:
-  adapter: async
-
-test:
-  adapter: async
-
-production:
-  adapter: redis
-  url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %>
-  channel_prefix: dummy_production

data/test/dummy/config/database.yml

@@ -1,25 +0,0 @@
-# SQLite version 3.x
-#   gem install sqlite3
-#
-#   Ensure the SQLite 3 gem is defined in your Gemfile
-#   gem 'sqlite3'
-#
-default: &default
-  adapter: sqlite3
-  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
-  timeout: 5000
-
-development:
-  <<: *default
-  database: db/development.sqlite3
-
-# Warning: The database defined as "test" will be erased and
-# re-generated from your development database when you run "rake".
-# Do not set this db to the same as development or production.
-test:
-  <<: *default
-  database: db/test.sqlite3
-
-production:
-  <<: *default
-  database: db/production.sqlite3

data/test/dummy/config/environment.rb

@@ -1,5 +0,0 @@
-# Load the Rails application.
-require_relative 'application'
-
-# Initialize the Rails application.
-Rails.application.initialize!

data/test/dummy/config/environments/development.rb

@@ -1,32 +0,0 @@
-Rails.application.configure do
-  # Settings specified here will take precedence over those in config/application.rb.
-
-  # In the development environment your application's code is reloaded on
-  # every request. This slows down response time but is perfect for development
-  # since you don't have to restart the web server when you make code changes.
-  config.cache_classes = false
-
-  # Do not eager load code on boot.
-  config.eager_load = false
-
-  # Show full error reports.
-  config.consider_all_requests_local = true
-
-  # Enable/disable caching. By default caching is disabled.
-  # Run rails dev:cache to toggle caching.
-  if Rails.root.join('tmp', 'caching-dev.txt').exist?
-    config.action_controller.perform_caching = true
-
-    config.cache_store = :memory_store
-    config.public_file_server.headers = {
-      'Cache-Control' => "public, max-age=#{2.days.to_i}"
-    }
-  else
-    config.action_controller.perform_caching = false
-
-    config.cache_store = :null_store
-  end
-
-  # Print deprecation notices to the Rails logger.
-  config.active_support.deprecation = :log
-end