holistic_auth 0.9.8

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d134bcc56c80376e039b96488f493657ba8acc35
+  data.tar.gz: 36fb20712f7771ed77e259c4e049380caca4d628
+SHA512:
+  metadata.gz: 1b6c280cb443d173da63b58c784cb856151413aade51dcb34abdcde225c3150413ba543e368e52b3b55dbdce84d1de04ba1356655e713025da858ace073da13f
+  data.tar.gz: 6521ee9607847f88b1332c38234ac3157b5f0685d7d6b051836d9ee9f5823eb7939f88ec750ac5543a24dd175d13865b986b40ff76c3b0d9fd59633ea5fae359

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+*.gem
+mkmf.log

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/.rubocop.yml

@@ -0,0 +1,62 @@
+AllCops:
+  Exclude:
+    - 'holistic_auth.gemspec'
+
+Metrics/BlockNesting:
+  Max: 2
+
+Metrics/LineLength:
+  AllowURI: true
+  Enabled: false
+
+Metrics/MethodLength:
+  CountComments: false
+  Max: 20
+
+Metrics/ParameterLists:
+  Max: 4
+  CountKeywordArgs: true
+
+Style/AccessModifierIndentation:
+  EnforcedStyle: outdent
+
+Style/CollectionMethods:
+  PreferredMethods:
+    map:      'collect'
+    reduce:   'inject'
+    find:     'detect'
+    find_all: 'select'
+
+Style/Documentation:
+  Enabled: false
+
+Style/DotPosition:
+  EnforcedStyle: trailing
+
+Style/DoubleNegation:
+  Enabled: false
+
+Style/EachWithObject:
+  Enabled: false
+
+Style/Encoding:
+  Enabled: false
+
+Style/Lambda:
+  Enabled: false
+
+Style/TrailingCommaInLiteral:
+  EnforcedStyleForMultiline: 'comma'
+
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: 'comma'
+
+# Avoid complex methods.
+Metrics/CyclomaticComplexity:
+  Max: 7
+
+Metrics/AbcSize:
+  Max: 20
+
+Style/CaseIndentation:
+  IndentOneStep: true

data/.ruby-gemset

@@ -0,0 +1 @@
+holistic_auth

data/.ruby-version

@@ -0,0 +1 @@
+ruby-2.2.4

data/.travis.yml

@@ -0,0 +1,22 @@
+before_install:
+  - gem update bundler
+bundler_args: "--without development"
+env:
+  global:
+  - JRUBY_OPTS="$JRUBY_OPTS --debug"
+language: ruby
+rvm:
+- 2.2
+- 2.1
+- 2.0.0
+- 2.3
+- ruby-head
+matrix:
+  allow_failures:
+  - rvm: 2.3
+  - rvm: ruby-head
+  fast_finish: true
+sudo: false
+notifications:
+  slack:
+    secure: G6D51WJ/dtKpab6CUWMMEha3Joo5SwM4ycfYMAJFhmV4Zzs0wcPAWOU2jsFydYIUXkM8pkUnEn6scW3k01eTXZ7P/QYMMJqwZ6OvTH80x7mZj+WfD0vbQAg1lHYus32ADXI0F3IqTOlG/M4D9USe2TJmFI3sZ7+U0jPINOBLSWA=

data/Gemfile

@@ -0,0 +1,21 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in holistic_auth.gemspec
+gemspec
+
+gem 'rake'
+
+group :test do
+  gem 'coveralls'
+  gem 'json', platforms: [:jruby, :ruby_18, :ruby_19]
+  gem 'mime-types', '~> 2.4.0', platforms: [:jruby, :ruby_18]
+  gem 'rack-test'
+  gem 'rest-client', '~> 1.7.0', platforms: [:jruby, :ruby_18]
+  gem 'rspec', '~> 3.2.0'
+  gem 'rubocop', '>= 0.28', platforms: [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23]
+  gem 'simplecov', '>= 0.9'
+  gem 'webmock'
+end
+
+# gem 'abstract_google_client', path: '/Users/abradner/foogi/google_client', require: 'google_client'
+gem 'abstract_google_client', github: 'abradner/google_client', require: 'google_client'

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Alexander Bradner
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,42 @@
+# Ruby Holistic Auth
+[![Gem Version](http://img.shields.io/gem/v/holistic_auth.svg)][gem]
+[![Build Status](http://img.shields.io/travis/abradner/holistic_auth.svg)][travis]
+[![Dependency Status](http://img.shields.io/gemnasium/abradner/holistic_auth.svg)][gemnasium]
+[![Code Climate](http://img.shields.io/codeclimate/github/abradner/holistic_auth.svg)][codeclimate]
+[![Coverage Status](http://img.shields.io/coveralls/abradner/holistic_auth.svg)][coveralls]
+
+[gem]: https://rubygems.org/gems/holistic_auth
+[travis]: http://travis-ci.org/abradner/holistic_auth
+[gemnasium]: https://gemnasium.com/abradner/holistic_auth
+[codeclimate]: https://codeclimate.com/github/abradner/holistic_auth
+[coveralls]: https://coveralls.io/r/abradner/holistic_auth
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'holistic_auth'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install holistic_auth
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( https://github.com/abradner/holistic_auth/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,18 @@
+#!/usr/bin/env rake
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new
+
+task test: :spec
+
+begin
+  require 'rubocop/rake_task'
+  RuboCop::RakeTask.new
+rescue LoadError
+  task :rubocop do
+    $stderr.puts 'RuboCop is disabled'
+  end
+end
+
+task default: [:spec, :rubocop]

data/holistic_auth.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'holistic_auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'holistic_auth'
+  spec.version       = HolisticAuth::VERSION
+  spec.authors       = ['Alexander Bradner']
+  spec.email         = ['alex@bradner.net']
+  spec.summary       = 'Single-Sign-On for the front and rails backend of a Single-Page-App'
+  # spec.description   = ''
+  spec.homepage      = 'https://github.com/abradner/holistic_auth'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_runtime_dependency 'oauth2', '~> 1.0'
+  spec.add_runtime_dependency 'doorkeeper',     '~> 2.0'
+  spec.add_runtime_dependency 'activesupport', '>= 4.2'
+  spec.add_runtime_dependency 'activerecord', '>= 4.2'
+
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3'
+  spec.add_development_dependency 'rubocop'
+end

data/lib/holistic_auth.rb

@@ -0,0 +1,17 @@
+require 'active_support/all'
+require 'holistic_auth/version'
+require 'holistic_auth/errors'
+require 'holistic_auth/configuration'
+require 'holistic_auth/end_point_listener'
+require 'holistic_auth/client_token_issuer'
+
+require 'holistic_auth/providers/generic_provider'
+require 'holistic_auth/providers/stub'
+require 'holistic_auth/providers/google'
+require 'holistic_auth/providers/ms_graph'
+require 'holistic_auth/providers/outlook'
+
+require 'holistic_auth/orm_handlers/active_record'
+
+module HolisticAuth
+end

data/lib/holistic_auth/client_token_issuer.rb

@@ -0,0 +1,106 @@
+module HolisticAuth
+  class ClientTokenIssuer
+    # Options can
+    def initialize(params, options = {})
+      @params = params.with_indifferent_access
+      provider_name = get_provider_name(options)
+      unless HolisticAuth.configuration.providers.include? provider_name
+        raise ArgumentError,
+              "Provider #{provider_name} not in supported provider list:\n" <<
+              HolisticAuth.configuration.providers.inspect
+      end
+
+      @provider = HolisticAuth.configuration.provider(provider_name)
+
+      assign_instance_vars(options)
+    end
+
+    def authorize!(options = {})
+      return { error: "Invalid Application #{@app_name}" }, :bad_request unless @valid_applications.include? @app_name
+
+      validator = EndPointListener.new(auth_code: @auth_code, provider: @provider)
+      raise "End provider/config not valid:\n #{validator.inspect}" unless validator.valid?
+
+      handle(options)
+    end
+
+    def handle(options = {})
+      provider_access_token = @provider.exchange @auth_code, @redirect_uri
+
+      begin
+        info = load_info(provider_access_token)
+      rescue EmailNotVerifiedError => _e
+        return { error: 'Cannot create a Foogi account with an unverified email address' }, :bad_request
+      end
+
+      orm_handler = HolisticAuth::OrmHandlers::ActiveRecord.new(info, @provider.name.to_s)
+
+      user = orm_handler.discover_user!
+      orm_handler.store_provider_credentials!(provider_access_token)
+
+      token_data = prepare_token(provider_access_token, user, options.delete(:expires_in))
+
+      [token_data.to_json, :ok]
+    end
+
+    def load_info(access_token)
+      # raw_info = provider_access_token.get('https://www.googleapis.com/plus/v1/people/me/openIdConnect').parsed
+
+      raw_info = @provider.retrieve_user_info(access_token)
+
+      verified_email = raw_info[:email_verified] ? raw_info[:email] : nil
+      raise EmailNotVerifiedError, 'Email not verified' unless verified_email.present?
+
+      raw_info
+    end
+
+  private
+
+    def prepare_token(provider_access_token, user, expires_in = 2.hours)
+      application = Doorkeeper::Application.where(name: @app_name)
+
+      client_access_token = Doorkeeper::AccessToken.create!(
+        application_id: application,
+        resource_owner_id: user.id,
+        expires_in: expires_in,
+        use_refresh_token: true,
+        scopes: :user,
+      )
+
+      {
+        access_token: client_access_token.token,
+        refresh_token: client_access_token.refresh_token,
+        token_type: 'bearer',
+        expires_in: client_access_token.expires_in,
+        user_id: user.to_param,
+        provider_access_token: provider_access_token.token,
+        provider_expires_in: provider_access_token.expires_in,
+        # provider_id_token: provider_access_token.id_token,
+      }
+    end
+
+    def application_name
+      @params['application_name'].present? ? @params['application_name'].to_sym : nil
+    end
+
+    def prune!(hash)
+      hash.delete_if do |_, v|
+        prune!(v) if v.is_a?(Hash)
+        v.nil? || (v.respond_to?(:empty?) && v.empty?)
+      end
+    end
+
+    def get_provider_name(options)
+      return options.delete(:provider) if options[:provider]
+      return @params[:provider].to_sym if @params[:provider].present?
+      nil
+    end
+
+    def assign_instance_vars(options)
+      @auth_code = options.delete(:auth_code) || @params['code']
+      @redirect_uri = options.delete(:redirect_uri) || @params['redirect_uri']
+      @app_name = options.delete(:app_name) || application_name
+      @valid_applications = options.delete(:valid_applications) || HolisticAuth.configuration.valid_applications
+    end
+  end
+end

data/lib/holistic_auth/configuration.rb

@@ -0,0 +1,67 @@
+module HolisticAuth
+  # Exception to handle a missing initializer
+  # class MissingConfiguration < StandardError
+  #   def initialize
+  #     super('Configuration for holistic_auth missing. Do you have an HolisticAuth initializer?')
+  #   end
+  # end
+
+  # Module level methods
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration)
+  end
+
+  # def self.configuration
+  #   @config || (fail MissingConfiguration.new)
+  # end
+
+  # Configuration class
+  class Configuration
+    attr_reader :providers
+    attr_accessor :valid_applications
+
+    def initialize
+      @providers = {
+        stub: provider_for(:stub).new,
+        google: provider_for(:google).new,
+        ms_graph: provider_for(:ms_graph).new,
+        outlook: provider_for(:outlook).new,
+      }
+    end
+
+    def providers
+      @providers.keys
+    end
+
+    def provider(provider_name)
+      test_for_provider!(provider_name)
+      @providers[provider_name]
+    end
+
+    def add_secrets(provider_name, options = {})
+      test_for_provider!(provider_name)
+      @providers[provider_name].add_secrets(options)
+    end
+
+  private
+
+    def test_for_provider!(provider_name)
+      raise(
+        ArgumentError,
+        "#{provider_name} is not a configured provider.\n" \
+        "Valid Providers:\n" <<
+          providers.to_s,
+      ) if @providers[provider_name].nil?
+    end
+
+    # A more abstracted way of accessing the providers
+    def provider_for(provider_name)
+      "HolisticAuth::Providers::#{provider_name.to_s.camelize}".constantize
+    end
+  end
+end