linkedin_sign_in 0.4.0 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1ee16026971b50c11efcd2f1882de53f9ba5c3855fd4641d6901939571d7c277
4
- data.tar.gz: 23d35a4f027293b47294757ec195ae6676c5e7809f72c4c1f3d1a71619bcf41c
3
+ metadata.gz: e12e4f61db5ed79a11bb444e5dae36e4c248e270f5e1ddcaf1d0c590a27896a4
4
+ data.tar.gz: 45476fbc4ddde3ea6d327fff5d8ecf67670518c8c1536863e6b3bdcd91bd6b9e
5
5
  SHA512:
6
- metadata.gz: 6721873e8eff33dd2b6fead2e547f138b9a987a4d71f275e59b54462a17010891a09eff4e75da15caa695aa395baef92e529dc4b4ac4b32c186d030bb133f975
7
- data.tar.gz: '0845e4f905d41382d50b0d80e38ced16e8dfd6af72f3ba2e7487edb8275da7a1c0bd1b8c5be28618914b4ae0f755e5ac1b9bda790803c99bfbdcc36ba7a34773'
6
+ metadata.gz: 4fb3b6d5444026e8be4712a0be3098c57b2dc88133633069559ef37f3188b90f0bfcc726e00901cb30aefc436eeea19eee9d55def6887ead2c36b38ab136b1b0
7
+ data.tar.gz: d67d197717024c96d66e9a2f14770b6c102a20f5a3f7030265c601ac6fe23d9843a3e113cae20db11a66912032558caf9822c0e9fb8a7c2fb2dba637b18ad2b7
data/.travis.yml CHANGED
@@ -6,10 +6,8 @@ cache: bundler
6
6
  before_install: gem update --system && gem install bundler -v 1.17.3
7
7
 
8
8
  rvm:
9
- - 2.3
10
- - 2.4
11
- - 2.5
12
- - 2.6
9
+ - 2.7
10
+ - 3.0
13
11
  - ruby-head
14
12
 
15
13
  matrix:
data/Gemfile.lock CHANGED
@@ -1,150 +1,184 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- linkedin_sign_in (0.4.0)
4
+ linkedin_sign_in (0.6.0)
5
5
  oauth2 (>= 1.4.0)
6
6
  rails (>= 5.2.0)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- actioncable (5.2.2.1)
12
- actionpack (= 5.2.2.1)
11
+ actioncable (7.0.4)
12
+ actionpack (= 7.0.4)
13
+ activesupport (= 7.0.4)
13
14
  nio4r (~> 2.0)
14
15
  websocket-driver (>= 0.6.1)
15
- actionmailer (5.2.2.1)
16
- actionpack (= 5.2.2.1)
17
- actionview (= 5.2.2.1)
18
- activejob (= 5.2.2.1)
16
+ actionmailbox (7.0.4)
17
+ actionpack (= 7.0.4)
18
+ activejob (= 7.0.4)
19
+ activerecord (= 7.0.4)
20
+ activestorage (= 7.0.4)
21
+ activesupport (= 7.0.4)
22
+ mail (>= 2.7.1)
23
+ net-imap
24
+ net-pop
25
+ net-smtp
26
+ actionmailer (7.0.4)
27
+ actionpack (= 7.0.4)
28
+ actionview (= 7.0.4)
29
+ activejob (= 7.0.4)
30
+ activesupport (= 7.0.4)
19
31
  mail (~> 2.5, >= 2.5.4)
32
+ net-imap
33
+ net-pop
34
+ net-smtp
20
35
  rails-dom-testing (~> 2.0)
21
- actionpack (5.2.2.1)
22
- actionview (= 5.2.2.1)
23
- activesupport (= 5.2.2.1)
24
- rack (~> 2.0)
36
+ actionpack (7.0.4)
37
+ actionview (= 7.0.4)
38
+ activesupport (= 7.0.4)
39
+ rack (~> 2.0, >= 2.2.0)
25
40
  rack-test (>= 0.6.3)
26
41
  rails-dom-testing (~> 2.0)
27
- rails-html-sanitizer (~> 1.0, >= 1.0.2)
28
- actionview (5.2.2.1)
29
- activesupport (= 5.2.2.1)
42
+ rails-html-sanitizer (~> 1.0, >= 1.2.0)
43
+ actiontext (7.0.4)
44
+ actionpack (= 7.0.4)
45
+ activerecord (= 7.0.4)
46
+ activestorage (= 7.0.4)
47
+ activesupport (= 7.0.4)
48
+ globalid (>= 0.6.0)
49
+ nokogiri (>= 1.8.5)
50
+ actionview (7.0.4)
51
+ activesupport (= 7.0.4)
30
52
  builder (~> 3.1)
31
53
  erubi (~> 1.4)
32
54
  rails-dom-testing (~> 2.0)
33
- rails-html-sanitizer (~> 1.0, >= 1.0.3)
34
- activejob (5.2.2.1)
35
- activesupport (= 5.2.2.1)
55
+ rails-html-sanitizer (~> 1.1, >= 1.2.0)
56
+ activejob (7.0.4)
57
+ activesupport (= 7.0.4)
36
58
  globalid (>= 0.3.6)
37
- activemodel (5.2.2.1)
38
- activesupport (= 5.2.2.1)
39
- activerecord (5.2.2.1)
40
- activemodel (= 5.2.2.1)
41
- activesupport (= 5.2.2.1)
42
- arel (>= 9.0)
43
- activestorage (5.2.2.1)
44
- actionpack (= 5.2.2.1)
45
- activerecord (= 5.2.2.1)
46
- marcel (~> 0.3.1)
47
- activesupport (5.2.2.1)
59
+ activemodel (7.0.4)
60
+ activesupport (= 7.0.4)
61
+ activerecord (7.0.4)
62
+ activemodel (= 7.0.4)
63
+ activesupport (= 7.0.4)
64
+ activestorage (7.0.4)
65
+ actionpack (= 7.0.4)
66
+ activejob (= 7.0.4)
67
+ activerecord (= 7.0.4)
68
+ activesupport (= 7.0.4)
69
+ marcel (~> 1.0)
70
+ mini_mime (>= 1.1.0)
71
+ activesupport (7.0.4)
48
72
  concurrent-ruby (~> 1.0, >= 1.0.2)
49
- i18n (>= 0.7, < 2)
50
- minitest (~> 5.1)
51
- tzinfo (~> 1.1)
52
- addressable (2.6.0)
53
- public_suffix (>= 2.0.2, < 4.0)
54
- arel (9.0.0)
55
- builder (3.2.3)
56
- byebug (11.0.1)
57
- concurrent-ruby (1.1.5)
58
- crack (0.4.3)
59
- safe_yaml (~> 1.0.0)
60
- crass (1.0.4)
61
- erubi (1.8.0)
62
- faraday (0.15.4)
63
- multipart-post (>= 1.2, < 3)
64
- globalid (0.4.2)
65
- activesupport (>= 4.2.0)
66
- hashdiff (0.3.8)
67
- i18n (1.6.0)
73
+ i18n (>= 1.6, < 2)
74
+ minitest (>= 5.1)
75
+ tzinfo (~> 2.0)
76
+ addressable (2.8.1)
77
+ public_suffix (>= 2.0.2, < 6.0)
78
+ builder (3.2.4)
79
+ byebug (11.1.3)
80
+ concurrent-ruby (1.1.10)
81
+ crack (0.4.5)
82
+ rexml
83
+ crass (1.0.6)
84
+ erubi (1.11.0)
85
+ faraday (2.7.1)
86
+ faraday-net_http (>= 2.0, < 3.1)
87
+ ruby2_keywords (>= 0.0.4)
88
+ faraday-net_http (3.0.2)
89
+ globalid (1.0.0)
90
+ activesupport (>= 5.0)
91
+ hashdiff (1.0.1)
92
+ hashie (5.0.0)
93
+ i18n (1.12.0)
68
94
  concurrent-ruby (~> 1.0)
69
- jwt (2.1.0)
70
- loofah (2.2.3)
95
+ jwt (2.5.0)
96
+ loofah (2.19.0)
71
97
  crass (~> 1.0.2)
72
98
  nokogiri (>= 1.5.9)
73
99
  mail (2.7.1)
74
100
  mini_mime (>= 0.1.1)
75
- marcel (0.3.3)
76
- mimemagic (~> 0.3.2)
77
- method_source (0.9.2)
78
- mimemagic (0.3.3)
79
- mini_mime (1.0.1)
80
- mini_portile2 (2.4.0)
81
- minitest (5.11.3)
82
- multi_json (1.13.1)
101
+ marcel (1.0.2)
102
+ method_source (1.0.0)
103
+ mini_mime (1.1.2)
104
+ mini_portile2 (2.8.0)
105
+ minitest (5.16.3)
83
106
  multi_xml (0.6.0)
84
- multipart-post (2.0.0)
85
- nio4r (2.3.1)
86
- nokogiri (1.10.1)
87
- mini_portile2 (~> 2.4.0)
88
- oauth2 (1.4.1)
89
- faraday (>= 0.8, < 0.16.0)
107
+ net-imap (0.3.1)
108
+ net-protocol
109
+ net-pop (0.1.2)
110
+ net-protocol
111
+ net-protocol (0.1.3)
112
+ timeout
113
+ net-smtp (0.3.3)
114
+ net-protocol
115
+ nio4r (2.5.8)
116
+ nokogiri (1.13.9)
117
+ mini_portile2 (~> 2.8.0)
118
+ racc (~> 1.4)
119
+ oauth2 (2.0.9)
120
+ faraday (>= 0.17.3, < 3.0)
90
121
  jwt (>= 1.0, < 3.0)
91
- multi_json (~> 1.3)
92
122
  multi_xml (~> 0.5)
93
- rack (>= 1.2, < 3)
94
- public_suffix (3.0.3)
95
- rack (2.0.6)
96
- rack-test (1.1.0)
97
- rack (>= 1.0, < 3)
98
- rails (5.2.2.1)
99
- actioncable (= 5.2.2.1)
100
- actionmailer (= 5.2.2.1)
101
- actionpack (= 5.2.2.1)
102
- actionview (= 5.2.2.1)
103
- activejob (= 5.2.2.1)
104
- activemodel (= 5.2.2.1)
105
- activerecord (= 5.2.2.1)
106
- activestorage (= 5.2.2.1)
107
- activesupport (= 5.2.2.1)
108
- bundler (>= 1.3.0)
109
- railties (= 5.2.2.1)
110
- sprockets-rails (>= 2.0.0)
123
+ rack (>= 1.2, < 4)
124
+ snaky_hash (~> 2.0)
125
+ version_gem (~> 1.1)
126
+ public_suffix (5.0.0)
127
+ racc (1.6.0)
128
+ rack (2.2.4)
129
+ rack-test (2.0.2)
130
+ rack (>= 1.3)
131
+ rails (7.0.4)
132
+ actioncable (= 7.0.4)
133
+ actionmailbox (= 7.0.4)
134
+ actionmailer (= 7.0.4)
135
+ actionpack (= 7.0.4)
136
+ actiontext (= 7.0.4)
137
+ actionview (= 7.0.4)
138
+ activejob (= 7.0.4)
139
+ activemodel (= 7.0.4)
140
+ activerecord (= 7.0.4)
141
+ activestorage (= 7.0.4)
142
+ activesupport (= 7.0.4)
143
+ bundler (>= 1.15.0)
144
+ railties (= 7.0.4)
111
145
  rails-dom-testing (2.0.3)
112
146
  activesupport (>= 4.2.0)
113
147
  nokogiri (>= 1.6)
114
- rails-html-sanitizer (1.0.4)
115
- loofah (~> 2.2, >= 2.2.2)
116
- railties (5.2.2.1)
117
- actionpack (= 5.2.2.1)
118
- activesupport (= 5.2.2.1)
148
+ rails-html-sanitizer (1.4.3)
149
+ loofah (~> 2.3)
150
+ railties (7.0.4)
151
+ actionpack (= 7.0.4)
152
+ activesupport (= 7.0.4)
119
153
  method_source
120
- rake (>= 0.8.7)
121
- thor (>= 0.19.0, < 2.0)
122
- rake (12.3.2)
123
- safe_yaml (1.0.5)
124
- sprockets (3.7.2)
154
+ rake (>= 12.2)
155
+ thor (~> 1.0)
156
+ zeitwerk (~> 2.5)
157
+ rake (13.0.6)
158
+ rexml (3.2.5)
159
+ ruby2_keywords (0.0.5)
160
+ snaky_hash (2.0.1)
161
+ hashie
162
+ version_gem (~> 1.1, >= 1.1.1)
163
+ thor (1.2.1)
164
+ timeout (0.3.0)
165
+ tzinfo (2.0.5)
125
166
  concurrent-ruby (~> 1.0)
126
- rack (> 1, < 3)
127
- sprockets-rails (3.2.1)
128
- actionpack (>= 4.0)
129
- activesupport (>= 4.0)
130
- sprockets (>= 3.0.0)
131
- thor (0.20.3)
132
- thread_safe (0.3.6)
133
- tzinfo (1.2.5)
134
- thread_safe (~> 0.1)
135
- webmock (3.5.1)
136
- addressable (>= 2.3.6)
167
+ version_gem (1.1.1)
168
+ webmock (3.18.1)
169
+ addressable (>= 2.8.0)
137
170
  crack (>= 0.3.2)
138
- hashdiff
139
- websocket-driver (0.7.0)
171
+ hashdiff (>= 0.4.0, < 2.0.0)
172
+ websocket-driver (0.7.5)
140
173
  websocket-extensions (>= 0.1.0)
141
- websocket-extensions (0.1.3)
174
+ websocket-extensions (0.1.5)
175
+ zeitwerk (2.6.6)
142
176
 
143
177
  PLATFORMS
144
178
  ruby
145
179
 
146
180
  DEPENDENCIES
147
- bundler (~> 1.17.2)
181
+ bundler (~> 2.3.26)
148
182
  byebug
149
183
  jwt (>= 1.5.6)
150
184
  linkedin_sign_in!
@@ -152,4 +186,4 @@ DEPENDENCIES
152
186
  webmock (>= 3.4.2)
153
187
 
154
188
  BUNDLED WITH
155
- 1.17.2
189
+ 2.3.26
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- This gem is shamlessly based on [Google SignIn by Basecamp](https://github.com/basecamp/google_sign_in).
1
+ This gem is shamelessly based on [Google SignIn by Basecamp](https://github.com/basecamp/google_sign_in).
2
2
 
3
3
  # Linkedin Sign-In for Rails
4
4
 
@@ -62,6 +62,16 @@ end
62
62
 
63
63
  **⚠️ Important:** Take care to protect your client secret from disclosure to third parties.
64
64
 
65
+ 9. (Optional) The callback route can be configured using:
66
+
67
+ ```ruby
68
+ # config/initializers/linkedin_sign_in.rb
69
+ Rails.application.configure do
70
+ config.linkedin_sign_in.root = "my_own/linkedin_sign_in_route"
71
+ end
72
+ ```
73
+
74
+ Which would make the callback `/my_own/linkedin_sign_in_route/callback`.
65
75
 
66
76
  ## Usage
67
77
 
@@ -1,9 +1,11 @@
1
1
  require 'securerandom'
2
2
 
3
3
  class LinkedinSignIn::AuthorizationsController < LinkedinSignIn::BaseController
4
+ skip_forgery_protection only: :create
5
+
4
6
  def create
5
7
  redirect_to login_url(scope: 'r_basicprofile r_emailaddress', state: state),
6
- flash: { proceed_to: params.require(:proceed_to), state: state }
8
+ allow_other_host: true, flash: { proceed_to: params.require(:proceed_to), state: state }
7
9
  end
8
10
 
9
11
  private
@@ -5,11 +5,6 @@ class LinkedinSignIn::BaseController < ActionController::Base
5
5
 
6
6
  private
7
7
  def client
8
- @client ||= OAuth2::Client.new \
9
- LinkedinSignIn.client_id,
10
- LinkedinSignIn.client_secret,
11
- authorize_url: 'https://www.linkedin.com/oauth/v2/authorization',
12
- token_url: 'https://www.linkedin.com/oauth/v2/accessToken',
13
- redirect_uri: callback_url
8
+ @client ||= LinkedinSignIn.oauth2_client(redirect_uri: callback_url)
14
9
  end
15
10
  end
@@ -1,15 +1,26 @@
1
1
  require 'rails/engine'
2
+ require 'linkedin_sign_in' unless defined?(LinkedinSignIn)
2
3
 
3
4
  module LinkedinSignIn
4
5
  class Engine < ::Rails::Engine
5
6
  isolate_namespace LinkedinSignIn
6
7
 
7
- config.linkedin_sign_in = ActiveSupport::OrderedOptions.new
8
+ # Set default config so apps can modify rather than starting from nil, e.g.
9
+ #
10
+ # config.linkedin_sign_in.authorize_url += "?disallow_webview=true"
11
+ #
12
+ config.linkedin_sign_in = ActiveSupport::OrderedOptions.new.update \
13
+ authorize_url: LinkedinSignIn.authorize_url,
14
+ token_url: LinkedinSignIn.token_url
8
15
 
9
16
  initializer 'linkedin_sign_in.config' do |app|
10
17
  config.after_initialize do
11
18
  LinkedinSignIn.client_id = config.linkedin_sign_in.client_id || app.credentials.dig(:linkedin_sign_in, :client_id)
12
19
  LinkedinSignIn.client_secret = config.linkedin_sign_in.client_secret || app.credentials.dig(:linkedin_sign_in, :client_secret)
20
+ LinkedinSignIn.authorize_url = config.linkedin_sign_in.authorize_url
21
+ LinkedinSignIn.token_url = config.linkedin_sign_in.token_url
22
+
23
+ LinkedinSignIn.oauth2_client_options = config.linkedin_sign_in.oauth2_client_options
13
24
  end
14
25
  end
15
26
 
@@ -9,8 +9,8 @@ module LinkedinSignIn
9
9
  QUALIFIED_URL_PATTERN = /\A#{URI::DEFAULT_PARSER.make_regexp}\z/
10
10
 
11
11
  def ensure_same_origin(target, source)
12
- if target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source)
13
- raise Violation, "Redirect target #{target} does not have same origin as request (expected #{origin_of(source)})"
12
+ if target.blank? || (target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source))
13
+ raise Violation, "Redirect target #{target.inspect} does not have same origin as request (expected #{origin_of(source)})"
14
14
  end
15
15
  end
16
16
 
@@ -1,9 +1,13 @@
1
1
  require 'active_support'
2
2
  require 'active_support/rails'
3
+ require 'oauth2'
3
4
 
4
5
  module LinkedinSignIn
5
6
  mattr_accessor :client_id
6
7
  mattr_accessor :client_secret
8
+ mattr_accessor :authorize_url, default: "https://www.linkedin.com/oauth/v2/authorization"
9
+ mattr_accessor :token_url, default: "https://www.linkedin.com/oauth/v2/accessToken"
10
+ mattr_accessor :oauth2_client_options, default: nil
7
11
 
8
12
  # https://tools.ietf.org/html/rfc6749#section-4.1.2.1
9
13
  authorization_request_errors = %w[
@@ -29,7 +33,17 @@ module LinkedinSignIn
29
33
  # Authorization Code Grant errors from both authorization requests
30
34
  # and access token requests.
31
35
  OAUTH2_ERRORS = authorization_request_errors | access_token_request_errors
36
+
37
+ def self.oauth2_client(redirect_uri:)
38
+ OAuth2::Client.new \
39
+ LinkedinSignIn.client_id,
40
+ LinkedinSignIn.client_secret,
41
+ authorize_url: LinkedinSignIn.authorize_url,
42
+ token_url: LinkedinSignIn.token_url,
43
+ redirect_uri: redirect_uri,
44
+ **LinkedinSignIn.oauth2_client_options.to_h
45
+ end
32
46
  end
33
47
 
34
48
  require 'linkedin_sign_in/identity'
35
- require 'linkedin_sign_in/engine' if defined?(Rails)
49
+ require 'linkedin_sign_in/engine' if defined?(Rails) && !defined?(LinkedinSignIn::Engine)
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'linkedin_sign_in'
3
- s.version = '0.4.0'
3
+ s.version = '0.6.0'
4
4
  s.authors = ['Vincent Robert']
5
5
  s.email = ['vincent.robert@genezys.net']
6
6
  s.summary = 'Sign in (or up) with Linkedin for Rails applications'
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
12
12
  s.add_dependency 'rails', '>= 5.2.0'
13
13
  s.add_dependency 'oauth2', '>= 1.4.0'
14
14
 
15
- s.add_development_dependency 'bundler', '~> 1.17.2'
15
+ s.add_development_dependency 'bundler', '~> 2.3.26'
16
16
  s.add_development_dependency 'jwt', '>= 1.5.6'
17
17
  s.add_development_dependency 'webmock', '>= 3.4.2'
18
18
 
@@ -1,25 +1,54 @@
1
1
  require 'test_helper'
2
2
 
3
3
  class LinkedinSignIn::AuthorizationsControllerTest < ActionDispatch::IntegrationTest
4
- test "redirecting to Linkedin for authorization" do
5
- post linkedin_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
6
- assert_response :redirect
7
- assert_match 'https://www.linkedin.com/oauth/v2/authorization', response.location
8
-
9
- params = extract_query_params_from(response.location)
10
- assert_equal FAKE_LINKEDIN_CLIENT_ID, params[:client_id]
11
- assert_equal 'login', params[:prompt]
12
- assert_equal 'code', params[:response_type]
13
- assert_equal 'http://www.example.com/linkedin_sign_in/callback', params[:redirect_uri]
14
- assert_equal 'r_basicprofile r_emailaddress', params[:scope]
15
- assert_match /[A-Za-z0-9+\/]{32}/, params[:state]
16
-
17
- assert_equal 'http://www.example.com/login', flash[:proceed_to]
18
- assert_equal params[:state], flash[:state]
4
+ default_authorize_url = LinkedinSignIn.authorize_url
5
+
6
+ teardown do
7
+ LinkedinSignIn.authorize_url = default_authorize_url
8
+ end
9
+
10
+ setup do
11
+ @proceed_to = "http://www.example.com/login"
12
+ end
13
+
14
+ test "redirecting to LinkedIn for authorization" do
15
+ post linkedin_sign_in.authorization_url, params: { proceed_to: @proceed_to }
16
+
17
+ assert_redirected_to_authorize
18
+ end
19
+
20
+ test "configuring LinkedIn authorization URL including query param" do
21
+ LinkedinSignIn.authorize_url = "https://example.com/auth?param=value"
22
+
23
+ post linkedin_sign_in.authorization_url, params: { proceed_to: @proceed_to }
24
+
25
+ assert_redirected_to_authorize do |params|
26
+ assert_equal "value", params[:param]
27
+ end
19
28
  end
20
29
 
21
30
  private
22
- def extract_query_params_from(url)
31
+ def assert_redirected_to_authorize(proceed_to: @proceed_to)
32
+ assert_response :redirect
33
+
34
+ authorize_url = URI(LinkedinSignIn.authorize_url).tap { _1.query = nil }.to_s
35
+ assert_match authorize_url, redirect_to_url
36
+
37
+ params = extract_query_params_from(redirect_to_url)
38
+ assert_equal FAKE_LINKEDIN_CLIENT_ID, params[:client_id]
39
+ assert_equal "login", params[:prompt]
40
+ assert_equal "code", params[:response_type]
41
+ assert_equal linkedin_sign_in.callback_url, params[:redirect_uri]
42
+ assert_equal "r_basicprofile r_emailaddress", params[:scope]
43
+ assert_match /[A-Za-z0-9+\/]{32}/, params[:state]
44
+
45
+ assert_equal proceed_to, flash[:proceed_to]
46
+ assert_equal params[:state], flash[:state]
47
+
48
+ yield params if block_given?
49
+ end
50
+
51
+ def extract_query_params_from(url)
23
52
  query = URI(url).query
24
53
  Rack::Utils.parse_query(query).symbolize_keys
25
54
  end
@@ -101,6 +101,11 @@ class LinkedinSignIn::CallbacksControllerTest < ActionDispatch::IntegrationTest
101
101
  assert_response :bad_request
102
102
  end
103
103
 
104
+ test "receiving no proceed_to URL" do
105
+ get linkedin_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: 'invalid')
106
+ assert_response :bad_request
107
+ end
108
+
104
109
  private
105
110
  def stub_token_for(code, **response_body)
106
111
  stub_token_request(code, status: 200, response: response_body)
@@ -10,7 +10,7 @@ Bundler.require(*Rails.groups)
10
10
  module Dummy
11
11
  class Application < Rails::Application
12
12
  # Initialize configuration defaults for originally generated Rails version.
13
- config.load_defaults 5.2
13
+ config.load_defaults 7.0
14
14
 
15
15
  # Settings in config/environments/* take precedence over those specified here.
16
16
  # Application configuration can go into files in config/initializers
@@ -15,7 +15,7 @@ Rails.application.configure do
15
15
  # Configure public file server for tests with Cache-Control for performance.
16
16
  config.public_file_server.enabled = true
17
17
  config.public_file_server.headers = {
18
- 'Cache-Control' => "public, max-age=#{1.hour.to_i}"
18
+ 'Cache-Control' => "public, max-age=3600"
19
19
  }
20
20
 
21
21
  # Show full error reports and disable caching.
@@ -1,4 +1,7 @@
1
1
  Rails.application.configure do
2
2
  config.linkedin_sign_in.client_id = FAKE_LINKEDIN_CLIENT_ID
3
3
  config.linkedin_sign_in.client_secret = FAKE_LINKEDIN_CLIENT_SECRET
4
+
5
+ # Default changed to basic auth. Use old :request_body for the sake of our test stubs.
6
+ config.linkedin_sign_in.oauth2_client_options = { auth_scheme: :request_body }
4
7
  end
@@ -4,8 +4,7 @@ class LinkedinSignIn::ButtonHelperTest < ActionView::TestCase
4
4
  test "generating a login button with text content" do
5
5
  assert_dom_equal <<-HTML, linkedin_sign_in_button("Log in with Linkedin", proceed_to: "https://www.example.com/login")
6
6
  <form action="/linkedin_sign_in/authorization" accept-charset="UTF-8" method="post">
7
- <input name="utf8" type="hidden" value="&#x2713;" />
8
- <input name="proceed_to" type="hidden" value="https://www.example.com/login" />
7
+ <input type="hidden" name="proceed_to" value="https://www.example.com/login" autocomplete="off" />
9
8
  <button type="submit">Log in with Linkedin</button>
10
9
  </form>
11
10
  HTML
@@ -14,8 +13,7 @@ class LinkedinSignIn::ButtonHelperTest < ActionView::TestCase
14
13
  test "generating a login button with HTML content" do
15
14
  assert_dom_equal <<-HTML, linkedin_sign_in_button(proceed_to: "https://www.example.com/login") { image_tag("linkedin.png") }
16
15
  <form action="/linkedin_sign_in/authorization" accept-charset="UTF-8" method="post">
17
- <input name="utf8" type="hidden" value="&#x2713;" />
18
- <input name="proceed_to" type="hidden" value="https://www.example.com/login" />
16
+ <input type="hidden" name="proceed_to" value="https://www.example.com/login" autocomplete="off" />
19
17
  <button type="submit"><img src="/images/linkedin.png"></button>
20
18
  </form>
21
19
  HTML
@@ -27,8 +25,7 @@ class LinkedinSignIn::ButtonHelperTest < ActionView::TestCase
27
25
 
28
26
  assert_dom_equal <<-HTML, button
29
27
  <form action="/linkedin_sign_in/authorization" accept-charset="UTF-8" method="post">
30
- <input name="utf8" type="hidden" value="&#x2713;" />
31
- <input name="proceed_to" type="hidden" value="https://www.example.com/login" />
28
+ <input type="hidden" name="proceed_to" value="https://www.example.com/login" autocomplete="off" />
32
29
  <button type="submit" class="login-button" data-disable-with="Loading Linkedin login…">Log in with Linkedin</button>
33
30
  </form>
34
31
  HTML
@@ -20,6 +20,13 @@ class LinkedinSignIn::RedirectProtectorTest < ActiveSupport::TestCase
20
20
  end
21
21
  end
22
22
 
23
+ test "disallows empty URL target" do
24
+ assert_raises LinkedinSignIn::RedirectProtector::Violation do
25
+ LinkedinSignIn::RedirectProtector.ensure_same_origin nil, 'http://genezys.net'
26
+ end
27
+ end
28
+
29
+
23
30
  test "allows URL target with same origin as source" do
24
31
  assert_nothing_raised do
25
32
  LinkedinSignIn::RedirectProtector.ensure_same_origin 'https://genezys.net', 'https://genezys.net'
data/test/test_helper.rb CHANGED
@@ -17,6 +17,17 @@ if LINKEDIN_X509_CERTIFICATE.not_after <= Time.now
17
17
  raise "Test certificate is expired. Generate a new one and run the tests again: `bundle exec rake test:certificate:generate`."
18
18
  end
19
19
 
20
+ # Suppress incorrect OAuth2 client warning about having both an access token
21
+ # and an ID token. They aren't interchangeable. And ID token is returned with
22
+ # OIDC scoped requests and is used for authentication, whereas the access token
23
+ # is used for authorization.
24
+ module SuppressOAuthExtraTokensWarning
25
+ def from_hash(client, hash)
26
+ new client, hash.fetch("access_token"), hash.except("access_token")
27
+ end
28
+ end
29
+ OAuth2::AccessToken.singleton_class.prepend SuppressOAuthExtraTokensWarning
30
+
20
31
  class ActionView::TestCase
21
32
  private
22
33
  def assert_dom_equal(expected, actual, message = nil)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: linkedin_sign_in
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vincent Robert
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-20 00:00:00.000000000 Z
11
+ date: 2022-11-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 1.17.2
47
+ version: 2.3.26
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 1.17.2
54
+ version: 2.3.26
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: jwt
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -80,7 +80,7 @@ dependencies:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: 3.4.2
83
- description:
83
+ description:
84
84
  email:
85
85
  - vincent.robert@genezys.net
86
86
  executables: []
@@ -110,7 +110,6 @@ files:
110
110
  - test/certificate.pem
111
111
  - test/controllers/authorizations_controller_test.rb
112
112
  - test/controllers/callbacks_controller_test.rb
113
- - test/dummy/.ruby-version
114
113
  - test/dummy/Rakefile
115
114
  - test/dummy/app/assets/config/manifest.js
116
115
  - test/dummy/app/assets/images/.keep
@@ -170,19 +169,16 @@ files:
170
169
  - test/dummy/public/apple-touch-icon.png
171
170
  - test/dummy/public/favicon.ico
172
171
  - test/dummy/storage/.keep
173
- - test/dummy/tmp/.keep
174
- - test/dummy/tmp/storage/.keep
175
172
  - test/helpers/button_helper_test.rb
176
173
  - test/key.pem
177
174
  - test/models/identity_test.rb
178
175
  - test/models/redirect_protector_test.rb
179
176
  - test/test_helper.rb
180
- - tmp/.keep
181
177
  homepage: https://github.com/genezys/linkedin_sign_in
182
178
  licenses:
183
179
  - MIT
184
180
  metadata: {}
185
- post_install_message:
181
+ post_install_message:
186
182
  rdoc_options: []
187
183
  require_paths:
188
184
  - lib
@@ -197,16 +193,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
197
193
  - !ruby/object:Gem::Version
198
194
  version: '0'
199
195
  requirements: []
200
- rubyforge_project:
201
- rubygems_version: 2.7.6
202
- signing_key:
196
+ rubygems_version: 3.2.33
197
+ signing_key:
203
198
  specification_version: 4
204
199
  summary: Sign in (or up) with Linkedin for Rails applications
205
200
  test_files:
206
201
  - test/certificate.pem
207
202
  - test/controllers/authorizations_controller_test.rb
208
203
  - test/controllers/callbacks_controller_test.rb
209
- - test/dummy/.ruby-version
210
204
  - test/dummy/Rakefile
211
205
  - test/dummy/app/assets/config/manifest.js
212
206
  - test/dummy/app/assets/images/.keep
@@ -266,8 +260,6 @@ test_files:
266
260
  - test/dummy/public/apple-touch-icon.png
267
261
  - test/dummy/public/favicon.ico
268
262
  - test/dummy/storage/.keep
269
- - test/dummy/tmp/.keep
270
- - test/dummy/tmp/storage/.keep
271
263
  - test/helpers/button_helper_test.rb
272
264
  - test/key.pem
273
265
  - test/models/identity_test.rb
@@ -1 +0,0 @@
1
- 2.5.0
data/test/dummy/tmp/.keep DELETED
File without changes
File without changes
data/tmp/.keep DELETED
File without changes