holistic_auth 0.9.8

data/lib/holistic_auth/end_point_listener.rb

@@ -0,0 +1,35 @@
+module HolisticAuth
+  class EndPointListener
+    attr_reader :provider, :auth_code, :options, :errors
+    def initialize(hash = {})
+      @provider = hash.delete :provider
+      @auth_code = hash.delete :auth_code
+      @options = hash
+      @errors = []
+    end
+
+    def valid?
+      validator_presence? &&
+        validator_valid_provider?
+    end
+
+  private
+
+    def validator_presence?
+      provider_present = @provider.present?
+      auth_code_present = @auth_code.present?
+
+      return true if provider_present && auth_code_present
+      errors << 'A required param is missing'
+      errors << '"provider" field missing' unless provider_present
+      errors << '"auth_code" field missing' unless auth_code_present
+      false
+    end
+
+    def validator_valid_provider?
+      return true if @provider.is_a? HolisticAuth::Providers::GenericProvider
+      errors << "Provider '#{@provider}' is invalid"
+      false
+    end
+  end
+end

data/lib/holistic_auth/errors.rb

@@ -0,0 +1,4 @@
+module HolisticAuth
+  class EmailNotVerifiedError < ArgumentError
+  end
+end

data/lib/holistic_auth/orm_handlers/active_record.rb

@@ -0,0 +1,56 @@
+module HolisticAuth
+  module OrmHandlers
+    class ActiveRecord
+      # TODO: Railtie this properly rather than hacks
+      require 'active_record'
+
+      attr_reader :info, :account, :provider_name
+
+      def initialize(info, provider_name)
+        @info = info
+        @provider_name = provider_name
+      end
+
+      def discover_user!
+        discover_account!.user
+      end
+
+      def discover_account!
+        @account.present? ? @account : (@account = find_or_create_account)
+      end
+
+      def store_provider_credentials!(access_token)
+        raise 'Account not discovered yet!' unless @account.present?
+
+        @account.replace_credential!(
+          access_token: access_token.token,
+          refresh_token: access_token.refresh_token,
+          expires_at: (Time.now.utc + access_token.expires_in),
+          expires: access_token.expires_in.present? ? true : false,
+        )
+      end
+
+    private
+
+      def find_or_create_account
+        Account.find_by(email: info[:email], provider: @provider_name) || create_account!
+      end
+
+      def create_account!
+        user = User.find_by(primary_email: info[:email]) || create_user!
+        user.create_account!(
+          email: info[:email],
+          provider: @provider_name,
+          provider_uid: info[:uid],
+        )
+      end
+
+      def create_user!
+        User.create!(
+          primary_email: info[:email], display_name: info[:display_name],
+          name: info[:name], picture_url: info[:picture_url]
+        )
+      end
+    end
+  end
+end

data/lib/holistic_auth/providers/generic_provider.rb

@@ -0,0 +1,100 @@
+module HolisticAuth
+  module Providers
+    require 'oauth2'
+
+    class GenericProvider
+      attr_accessor :client_id,
+                    :client_secret,
+                    :site,
+                    :tenant_id,
+                    :token_url,
+                    :api_key,
+                    :user_info_url
+
+      attr_reader :oauth2_client
+
+      def initialize(options = {})
+        @client_id = options.delete :client_id
+        @client_secret = options.delete :client_secret
+        @site = options.delete(:site) || settings[:site]
+        @token_url = options.delete(:token_url) || settings[:token_url]
+        @api_key = options.delete :api_key
+        @user_info_url = options.delete(:user_info_url) || settings[:user_info_url]
+        @additional_parameters = options.delete(:additional_parameters) || settings[:additional_parameters] || {}
+      end
+
+      def add_secrets(options = {})
+        @client_id = options.delete :client_id if options[:client_id]
+        @client_secret = options.delete :client_secret if options[:client_secret]
+        @api_key = options.delete :api_key if options[:api_key]
+        @tenant_id = options.delete :tenant_id if options[:tenant_id]
+        @additional_parameters.merge!(options.delete(:additional_parameters)) if options[:additional_parameters]
+      end
+
+      def settings
+        {}
+      end
+
+      def secrets
+        sec = {}
+        sec[:client_id] = @client_id if @client_id
+        sec[:client_secret] = @client_secret if @client_secret
+        sec[:api_key] = @api_key if @api_key
+
+        sec
+      end
+
+      def exchange(auth_code, redirect_uri)
+        errors = []
+        errors << 'auth_code missing' if auth_code.blank?
+        errors << 'redirect_uri missing' if redirect_uri.blank?
+        errors << 'Client ID not set' if client_id.blank?
+        errors << 'Client Secret not set' if client_secret.blank?
+
+        raise "Cannot exchange auth code:\n#{errors}" if errors.present?
+
+        @oauth2_client = OAuth2::Client.new(client_id, client_secret, to_hash)
+        @oauth2_client.auth_code.get_token(auth_code, redirect_uri: redirect_uri)
+      end
+
+      def retrieve_user_info(*_params)
+        raise 'Not implemented'
+      end
+
+      def name(*_params)
+        raise 'Generic provider doesn\'t have a name'
+      end
+
+      def full_site_url
+        raise "site not specified for class #{self}" unless site.present?
+        site
+      end
+
+      def site_token_url
+        full_site_url + token_url
+      end
+
+      def to_hash
+        {
+          client_id: @client_id,
+          client_secret: @client_secret,
+          site: full_site_url,
+          token_url: @token_url,
+          api_key: @api_key,
+          user_info_url: @user_info_url,
+          additional_parameters: @additional_parameters,
+        }
+      end
+
+      def present?
+        !empty?
+      end
+
+      def empty?
+        site.nil? || token_url.nil?
+      end
+
+      alias inspect to_hash
+    end
+  end
+end

data/lib/holistic_auth/providers/google.rb

@@ -0,0 +1,82 @@
+module HolisticAuth
+  module Providers
+    class Google < GenericProvider
+      SETTINGS = {
+        site: 'https://accounts.google.com',
+        token_url: '/o/oauth2/token',
+        user_info_url: 'https://www.googleapis.com/plus/v1/people/me/openIdConnect',
+      }.freeze
+
+      def settings
+        SETTINGS
+      end
+
+      def name
+        :google
+      end
+
+      def retrieve_user_info(access_token)
+        client = GoogleClient::Builder.new('plus', 'v1', 1)
+        result = client.execute access_token,
+                                api_method: client.service.people.get,
+                                parameters: {
+                                  userId: 'me',
+                                }
+
+        process_user_info JSON.parse(result.body)
+      end
+
+    private
+
+      def process_user_info(hash)
+        {
+          email_verified: hash['emails'].first['type'].eql?('account'),
+          email: hash['emails'].first['value'],
+          display_name: hash['displayName'],
+          name: hash['name'],
+          picture_url: hash['image']['url'],
+          uid: hash['id'],
+          language: hash['language'],
+        }.with_indifferent_access
+
+        # {
+        #   "kind" => "plus#person",
+        #   "etag" => "\"xyz-something/abc\"",
+        #   "gender" => "female",
+        #   "emails" => [
+        #     {
+        #       "value" => "info@foogi.me",
+        #       "type" => "account"
+        #     }
+        #   ],
+        #   "objectType" => "person",
+        #   "id" => "12345",
+        #   "displayName" => "Leading Foogster",
+        #   "name" => {
+        #     "familyName" => "Foogster",
+        #     "givenName" => "Leading"
+        #   },
+        #   "url" => "https://plus.google.com/+FoogiMe",
+        #   "image" => {
+        #     "url" => "https://someurl/photo.jpg?sz=50",
+        #     "isDefault" => false
+        #   },
+        #   "placesLived" => [
+        #     {
+        #       "value" => "Sydney, Australia",
+        #       "primary" => true
+        #     },
+        #     {
+        #       "value" => "San Francisco, USA"
+        #     }
+        #   ],
+        #   "isPlusUser" => true,
+        #   "language" => "en_GB",
+        #   "circledByCount" => 11225,
+        #   "verified" => false,
+        #   "domain" => "foogi.me"
+        # }
+      end
+    end
+  end
+end

data/lib/holistic_auth/providers/ms_graph.rb

@@ -0,0 +1,93 @@
+module HolisticAuth
+  module Providers
+    class MsGraph < GenericProvider
+      GRAPH_RESOURCE = 'https://graph.microsoft.com'.freeze
+      DEFAULT_CONTENT_TYPE = 'application/json;odata.metadata=minimal;odata.streaming=true'.freeze
+      API_VERSION = 'beta'.freeze
+
+      SETTINGS = {
+        site: 'https://login.microsoftonline.com',
+        token_url: 'oauth2/token',
+        user_info_url: URI("#{GRAPH_RESOURCE}/#{API_VERSION}/me"),
+        additional_parameters: {
+          resource: GRAPH_RESOURCE,
+        },
+      }.freeze
+
+      def settings
+        self.class::SETTINGS
+      end
+
+      def name
+        :ms_graph
+      end
+
+      def full_site_url
+        tenant_id.present? ? (site + '/' + tenant_id + '/') : (site + '/common/')
+      end
+
+      def retrieve_user_info(access_token)
+        result = query! :get, access_token.token, settings[:user_info_url]
+        process_info JSON.parse(result.body)
+      end
+
+      def process_info(hash)
+        sanity_check! hash
+
+        {
+          email_verified: hash['mail'].present?,
+          email: hash['mail'],
+          display_name: hash['displayName'],
+          name: {
+            givenName: hash['givenName'],
+            familyName: hash['familyName'],
+          },
+          picture_url: '',
+          uid: hash['id'],
+          language: hash['preferredLanguage'],
+        }.with_indifferent_access
+      end
+
+      # def events
+      #   query_params = {
+      #     startdatetime: DateTime.now.utc,
+      #     enddatetime: DateTime.now.utc + 2.months,
+      #     '$orderby' => 'start/dateTime',
+      #   }
+      # end
+
+      # Need error handling for when the token has expired.
+      def query!(method, access_token, uri, body = nil)
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+
+        headers = {
+          'Authorization' => "Bearer #{access_token}",
+          'Content-Type' => DEFAULT_CONTENT_TYPE,
+        }
+
+        full_endpoint = uri.query.present? ? "#{uri.path}?#{uri.query}" : uri.path
+
+        response =
+          case method
+            when :get
+              http.get(full_endpoint, headers)
+            when :post
+              http.post(full_endpoint, body, headers)
+            else
+              raise "method #{method} not implemented"
+          end
+
+        response
+      end
+
+      def sanity_check!(hash)
+        raise "Can't process empty user info" unless hash.is_a? Hash
+
+        if hash.key?('error')
+          raise "Could not process user info: \n #{hash['error']['code']}: #{hash['error']['message']}"
+        end
+      end
+    end
+  end
+end

data/lib/holistic_auth/providers/outlook.rb

@@ -0,0 +1,38 @@
+module HolisticAuth
+  module Providers
+    class Outlook < MsGraph
+      RESOURCE = 'https://outlook.office.com'.freeze
+      API_VERSION = 'v2.0'.freeze
+
+      SETTINGS = {
+        site: 'https://login.microsoftonline.com',
+        token_url: 'oauth2/v2.0/token',
+        user_info_url: URI("#{RESOURCE}/api/#{API_VERSION}/Me"),
+        additional_parameters: {
+          resource: RESOURCE,
+        },
+      }.freeze
+
+      def name
+        :outlook
+      end
+
+      def process_info(hash)
+        sanity_check!(hash)
+
+        {
+          email_verified: hash['EmailAddress'].present?,
+          email: hash['EmailAddress'],
+          display_name: hash['DisplayName'],
+          name: {
+            givenName: hash['givenName'],
+            familyName: hash['familyName'],
+          },
+          picture_url: '',
+          uid: hash['Id'],
+          language: hash['preferredLanguage'],
+        }.with_indifferent_access
+      end
+    end
+  end
+end

data/lib/holistic_auth/providers/stub.rb

@@ -0,0 +1,60 @@
+module HolisticAuth
+  module Providers
+    class Stub < GenericProvider
+      SETTINGS = {
+        client_id: 'stub_cl_id',
+        client_secret: 'stub_cl_sec',
+        site: 'https://example.org',
+        token_url: '/extoken',
+        api_key: 'api_key',
+        user_info_url: 'http://example.org/info',
+      }.freeze
+
+      STUB_SAMPLE_TOKEN = {
+        token: 'ya29.token',
+        refresh_token: '1/refresh',
+        expires_in: 3600,
+      }.freeze
+
+      def initialize(options = {})
+        super(options)
+
+        @client_id ||= settings[:client_id]
+        @client_secret ||= settings[:client_secret]
+        @api_key ||= settings[:api_key]
+      end
+
+      def settings
+        SETTINGS
+      end
+
+      def name
+        :stub
+      end
+
+      def exchange(_, __)
+        @client = OAuth2::Client.new(
+          client_id,
+          client_secret,
+        )
+
+        OAuth2::AccessToken.new(
+          @client,
+          STUB_SAMPLE_TOKEN[:token],
+          refresh_token: STUB_SAMPLE_TOKEN[:refresh_token],
+          expires_in: STUB_SAMPLE_TOKEN[:expires_in],
+        )
+      end
+
+      def retrieve_user_info(_access_token)
+        {
+          email_verified: true,
+          email: 'a@b.c',
+          given_name: 'first',
+          family_name: 'last',
+          profile: 'xyz',
+        }.with_indifferent_access
+      end
+    end
+  end
+end