google_sign_in 0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ce2cbe6f38376f6f4ec06a59c7b0fcb916ed1611
+  data.tar.gz: 4acaea345f5840be79e9a2d77b301e96e2eaaf90
+SHA512:
+  metadata.gz: db6f84a43691f47461ad4d7572d165fd23b2010fbc1f28b96dd81c624eef1e1af3b5070b56d1dce1fcb8293ce85d8dd74e3b134ca75aa14d24b6be94216d633d
+  data.tar.gz: 7c3a4756ceaf4e6a7a96fee9ddf361843b6c46f61c825023ab2319290d46f0cdcb799fa24eea4d88f0e7bc34eaa62a3074badd56b51035a13f311a59a319b514

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gemspec
+
+gem 'rake'
+gem 'byebug'

data/Gemfile.lock

@@ -0,0 +1,40 @@
+PATH
+  remote: .
+  specs:
+    google_sign_in (0.1)
+      activesupport (>= 5.1)
+      google-id-token (>= 1.3.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (5.1.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    byebug (9.0.6)
+    concurrent-ruby (1.0.5)
+    google-id-token (1.3.1)
+      jwt
+      multi_json
+    i18n (0.8.1)
+    jwt (1.5.6)
+    minitest (5.10.2)
+    multi_json (1.12.1)
+    rake (12.0.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.3)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.15)
+  byebug
+  google_sign_in!
+  rake
+
+BUNDLED WITH
+   1.15.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2017 David Heinemeier Hansson, Basecamp
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,73 @@
+# Google Sign-In for Rails
+
+Google Sign-In provides an easy and secure way to let users signin into and up for your service,
+without adding yet-another per-app email/password combination. Integrating it into your Rails app
+should be drop-in easy. This gem makes it so.
+
+The only configuration needed is setting the Google client id for your application. [Google has a
+tutorial on how to setup a client id](https://developers.google.com/identity/sign-in/web/server-side-flow#step_1_create_a_client_id_and_client_secret).
+
+Once you have your client id, create a `config/initializers/google_sign_in_client_id.rb` file with this:
+`GoogleSignIn::Identity.client_id = <THAT CLIENT ID YOU GOT FROM GOOGLE>`
+
+Now you can use the sign-in integration on your signup or sigin screen. 
+
+## Example
+
+Here's the most basic example:
+
+```ruby
+# app/views/sessions/new.html.erb
+<%= google_sign_in(url: session_path) do %>
+  <%= button_tag("Signin with Google") %>
+<% end %>
+```
+
+The `url` option is the URL that the hidden form will be submitted against along with the Google ID Token
+that's set after the user has picked the account and authenticated in the pop-up window Google provides.
+
+You can then use that in a sessions controller like so:
+
+```ruby
+class SessionsController < ApplicationController
+  def new
+  end
+
+  def create
+    if user = authenticate_via_google
+      cookies.signed[:user_id] = user.id
+      redirect_to user
+    else
+      redirect_to new_session_url, alert: "authentication_failed"
+    end
+  end
+
+  private
+    def authenticate_via_google
+      if params[:google_id_token].present?
+        User.find_by google_id: GoogleSignIn::Identity.new(params[:google_id_token]).user_id
+      end
+    end
+end
+```
+
+(This example assumes that a user has already signed up for your service using Google Sign-In and that
+you're storing the Google user id in the `User#google_id` attribute).
+
+That's it! You can checkout the `GoogleSignIn::Identity` class for the thin wrapping it provides around
+the decoding of the Google ID Token using the google-id-token library. Interrogating this identity object
+for profile details is particularly helpful when you use Google for signup, as you can get the name, email
+address, avatar url, and locale through it.
+
+## Unreleased gem caveat
+
+The gem google-id-token is currently behind its GitHub repository on the release schedule. The latest release
+is version 1.3.1 from 2015. So for now, you should depend on the github version in your app's Gemfile:
+
+```ruby
+gem 'google-id-token', github: 'google/google-id-token'
+```
+
+## License
+
+Google Sign-In for Rails is released under the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/setup"
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new do |test|
+  test.libs << "test"
+  test.test_files = FileList["test/*_test.rb"]
+end
+
+task default: :test

data/google_sign_in.gemspec

@@ -0,0 +1,19 @@
+Gem::Specification.new do |s|
+  s.name     = 'google_sign_in'
+  s.version  = '0.1'
+  s.authors  = 'David Heinemeier Hansson'
+  s.email    = 'david@basecamp.com'
+  s.summary  = 'Sign in (or up) with Google for Rails applications'
+  s.homepage = 'https://github.com/basecamp/google_sign_in'
+  s.license  = 'MIT'
+
+  s.required_ruby_version = '>= 1.9.3'
+
+  s.add_dependency 'activesupport', '>= 5.1'
+  s.add_dependency 'google-id-token', '>= 1.3.1'
+
+  s.add_development_dependency 'bundler', '~> 1.15'
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- test/*`.split("\n")
+end

data/lib/google_sign_in.rb

@@ -0,0 +1,2 @@
+require 'google_sign_in/identity'
+require 'google_sign_in/railtie' if defined?(Rails)

data/lib/google_sign_in/helper.rb

@@ -0,0 +1,60 @@
+require 'google_sign_in/identity'
+
+module GoogleSignIn
+  module Helper
+    def google_sign_in(url:, &block)
+      content_for :head,
+        google_sign_in_javacript_include_tag +
+        google_sign_in_client_id_meta_tag
+
+      google_sign_in_javascript_tag + 
+      google_sign_in_hidden_form_tag(url: url) +
+      google_sign_in_click_handler(&block)
+    end
+
+    private
+      def google_sign_in_javacript_include_tag
+        javascript_include_tag "https://apis.google.com/js/platform.js?onload=setupGoogleSignIn", async: true, defer: true
+      end
+
+      def google_sign_in_client_id_meta_tag
+        tag.meta name: "google-signin-client_id", content: GoogleSignIn::Identity.client_id
+      end
+
+      def google_sign_in_hidden_form_tag(url:)
+        form_with url: url, id: "google_signin", html: { style: "display: none" } do |form|
+          form.hidden_field :google_id_token, id: "google_id_token"
+        end
+      end
+
+      def google_sign_in_click_handler(&block)
+        tag.div(onclick: 'selectGoogleSignInAccount(event)') { capture(&block) }
+      end
+
+      def google_sign_in_javascript_tag
+        javascript_tag(<<-EOS
+          function setupGoogleSignIn() {
+            gapi.load("auth2", function () { gapi.auth2.init() })
+          }
+
+          function selectGoogleSignInAccount(event) {
+            event.preventDefault()
+      
+            options = new gapi.auth2.SigninOptionsBuilder
+            options.setPrompt("select_account")
+
+            gapi.auth2.getAuthInstance().signIn(options).then(function (googleUser) {
+              var token = googleUser.getAuthResponse().id_token
+
+              if (token !== null) {
+                document.getElementById('google_id_token').value = token
+                document.getElementById('google_signin').submit()
+                gapi.auth2.getAuthInstance().signOut()
+              }
+            })
+          }
+  EOS
+        )
+      end
+  end
+end

data/lib/google_sign_in/identity.rb

@@ -0,0 +1,63 @@
+require 'google-id-token'
+require 'active_support/core_ext/class/attribute'
+require 'active_support/core_ext/numeric/time'
+
+module GoogleSignIn
+  class Identity
+    class_attribute :client_id
+
+    class_attribute :token_expiry
+    self.token_expiry = 5.minutes
+
+    class_attribute :logger
+    self.logger = defined?(Rails) ? Rails.logger : Logger.new(STDOUT)
+
+    def initialize(token)
+      ensure_client_id_present
+      set_extracted_payload(token)
+      ensure_proper_audience
+    end
+
+    def user_id
+      @payload["sub"]
+    end
+
+    def name
+      @payload["name"]
+    end
+
+    def email_address
+      @payload["email"]
+    end
+
+    def email_verified?
+      @payload["email_verified"] == "true"
+    end
+
+    def avatar_url
+      @payload["picture"]
+    end
+
+    def locale
+      @payload["locale"]
+    end
+
+    private
+      def ensure_client_id_present
+        if client_id.blank?
+          raise ArgumentError, "GoogleSignIn.client_id must be set to validate identity"
+        end
+      end
+
+      def set_extracted_payload(token)
+        @payload = GoogleIDToken::Validator.new(expiry: token_expiry).check(token, client_id)
+      rescue GoogleIDToken::ValidationError => e
+        logger.error "Google token failed to validate (#{e.message})"
+        @payload = {}
+      end
+
+      def ensure_proper_audience
+        @payload["aud"].include?(client_id)
+      end
+  end
+end

data/lib/google_sign_in/railtie.rb

@@ -0,0 +1,12 @@
+require 'rails/railtie'
+require 'google_sign_in/helper'
+
+module GoogleSignIn
+  class Engine < ::Rails::Engine
+    initializer :google_sign_in do |app|
+      ActiveSupport.on_load :action_controller do
+        ActionController::Base.send :helper, GoogleSignIn::Helper
+      end
+    end
+  end
+end

data/test/identity_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+require 'google_sign_in/identity'
+
+class GoogleSignIn::IdentityTest < ActiveSupport::TestCase
+  test "client_id must be set" do
+    GoogleSignIn::Identity.client_id = nil
+    assert_raises(ArgumentError) { GoogleSignIn::Identity.new("some_fake_token") }
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,4 @@
+require 'bundler/setup'
+require 'active_support'
+require 'active_support/testing/autorun'
+require 'byebug'

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification
+name: google_sign_in
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- David Heinemeier Hansson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-05-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.1'
+- !ruby/object:Gem::Dependency
+  name: google-id-token
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+description: 
+email: david@basecamp.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- MIT-LICENSE
+- README.md
+- Rakefile
+- google_sign_in.gemspec
+- lib/google_sign_in.rb
+- lib/google_sign_in/helper.rb
+- lib/google_sign_in/identity.rb
+- lib/google_sign_in/railtie.rb
+- test/identity_test.rb
+- test/test_helper.rb
+homepage: https://github.com/basecamp/google_sign_in
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.11
+signing_key: 
+specification_version: 4
+summary: Sign in (or up) with Google for Rails applications
+test_files:
+- test/identity_test.rb
+- test/test_helper.rb