oauth_im 0.1.0.beta → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +58 -12
- data/app/controllers/concerns/oauth_im/authenticable.rb +5 -6
- data/app/controllers/oauth_im/client_controller.rb +1 -1
- data/lib/oauth_im/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0ba9ab7f3674cc033d6ceaa2adb235c3a046f0b4090ea7d712318d8787d9abdf
|
|
4
|
+
data.tar.gz: ae1998dbd428f00ee8f2b30e334de251be35ae760b0efab820a37bc00900e7d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7a87bf27fc06e740fe0b4de963d553e2d5077e55db71ce2137850fdc01bd9ee2092c600c760c788e200ef7dc0dfc0710a5961ce4b23a5310215e9cf6e4d51ff4
|
|
7
|
+
data.tar.gz: 9be6e477b2e60ad61e73e25edbc4151cbe986bb01e2125b35fb527f9c58dbbd3dd56a750492957900d539e4b0fe2312b04fd91714c580b3a9dc2d2dabc6bd188
|
data/README.md
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
# OauthIm
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
2
|
+
The IIAB apps use an OAuth service provider (currently FusionAuth). This gem
|
|
3
|
+
serves to standardize integration with this service. The hope is that,
|
|
4
|
+
at some point, we can add this service to the CMS, Kamaji, and related
|
|
5
|
+
apps.
|
|
6
6
|
|
|
7
7
|
## Installation
|
|
8
8
|
Add this line to your application's Gemfile:
|
|
@@ -11,18 +11,64 @@ Add this line to your application's Gemfile:
|
|
|
11
11
|
gem 'oauth_im'
|
|
12
12
|
```
|
|
13
13
|
|
|
14
|
-
|
|
14
|
+
Then run:
|
|
15
15
|
```bash
|
|
16
16
|
$ bundle
|
|
17
17
|
```
|
|
18
18
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
19
|
+
## Configuration
|
|
20
|
+
Once the gem is installed, add an initializer. Here is an example:
|
|
21
|
+
|
|
22
|
+
```ruby
|
|
23
|
+
# config/initializers/oauth_im.rb
|
|
24
|
+
module OauthIm
|
|
25
|
+
configure do |config|
|
|
26
|
+
config.api_key = ENV['FUSION_AUTH_API_KEY']
|
|
27
|
+
config.callback_path = ENV['FUSION_CALLBACK_PATH'] || DEFAULT_CALLBACK_PATH
|
|
28
|
+
config.client_id = ENV['FUSION_AUTH_CLIENT_ID']
|
|
29
|
+
config.client_secret = ENV['FUSION_AUTH_CLIENT_SECRET']
|
|
30
|
+
config.domain = ENV['FUSION_AUTH_DOMAIN']
|
|
31
|
+
config.hmac = ENV['FUSION_AUTH_HMAC']
|
|
32
|
+
config.iss_domain = ENV['FUSION_AUTH_ISS_DOMAIN']
|
|
33
|
+
config.tenant_id = ENV['FUSION_AUTH_TENANT_ID']
|
|
34
|
+
config.authorize_url = ENV['FUSION_AUTH_AUTHORIZE_URL'] || DEFAULT_AUTHORIZE_URL
|
|
35
|
+
config.token_url = ENV['FUSION_AUTH_TOKEN_URL'] || DEFAULT_TOKEN_URL
|
|
36
|
+
end
|
|
37
|
+
end
|
|
22
38
|
```
|
|
23
39
|
|
|
24
|
-
|
|
25
|
-
|
|
40
|
+
* The `ENV` variable values can be obtained from the OAuth provider.
|
|
41
|
+
* The `callback_path` setting is used in two related ways:
|
|
42
|
+
* It [defines a route](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L4) to the [`OAuthIm::ClientController#callback`
|
|
43
|
+
action](https://github.com/illustrativemathematics/oauth_im/blob/main/app/controllers/oauth_im/client_controller.rb#L7-L12).
|
|
44
|
+
* It defines a [callback URL](https://github.com/illustrativemathematics/oauth_im/blob/main/app/controllers/oauth_im/client_controller.rb#L69) used by the OAuth provider.
|
|
45
|
+
* Note that this callback URL must be whitelisted at the provider.
|
|
46
|
+
At FusionAuth, this is done under the `Applications|OAuth` tab.
|
|
47
|
+
* For instance, for the app `staging-kh-iiab.herokuapp.com`, if
|
|
48
|
+
`config.callback_path` is set to `callback` (the default), then
|
|
49
|
+
the URL `https://staging-kh-iiab.herokuapp.com/oauth_im/callback`
|
|
50
|
+
must be entered in the OAuth provider's list of authorized
|
|
51
|
+
redirect URLs.
|
|
52
|
+
|
|
53
|
+
## Usage
|
|
54
|
+
### Helpers for Logging in and Out
|
|
55
|
+
The engine provides [two endpoints](https://github.com/illustrativemathematics/oauth_im/blob/main/config/routes.rb#L5-L6) for logging in and out, and exposes
|
|
56
|
+
corresponding view helpers. These are accessible from the main app as:
|
|
57
|
+
* `oauth_im.login_path` or `oauth_im.login_url`
|
|
58
|
+
* `oauth_im.logout_path` or `oauth_im.logout_url`
|
|
59
|
+
|
|
60
|
+
Note that the helpers are namespaced to the engine.
|
|
61
|
+
|
|
62
|
+
The [controller actions](https://github.com/illustrativemathematics/oauth_im/blob/main/app/controllers/oauth_im/client_controller.rb#L14-L21) for these routes are provided and should "just
|
|
63
|
+
work." Note that there are no view templates associated with these
|
|
64
|
+
actions, since requests to them are redirected to the OAuth provider.
|
|
65
|
+
|
|
66
|
+
### Helpers for User ID and Authentication
|
|
67
|
+
The gem provides a controller concern, `OauthIm::Authenticable`, that
|
|
68
|
+
exposes [two helper methods](https://github.com/illustrativemathematics/oauth_im/blob/main/app/controllers/concerns/oauth_im/authenticable.rb#L9-L10) for use in views:
|
|
69
|
+
* `authenticated?`: returns `true` if the user has been authenticated
|
|
70
|
+
by the OAuth service, false otherwise.
|
|
71
|
+
* `email`: returns the current user's authenticated email address.
|
|
26
72
|
|
|
27
|
-
|
|
28
|
-
|
|
73
|
+
You can include this concern in your app's `ApplicationController` or
|
|
74
|
+
some other appropriate location.
|
|
@@ -5,7 +5,6 @@ module OauthIm
|
|
|
5
5
|
extend ActiveSupport::Concern
|
|
6
6
|
|
|
7
7
|
included do
|
|
8
|
-
before_action :auth_uid
|
|
9
8
|
helper_method :authenticated?
|
|
10
9
|
helper_method :email
|
|
11
10
|
end
|
|
@@ -20,10 +19,6 @@ module OauthIm
|
|
|
20
19
|
@email ||= jwt_token['email']
|
|
21
20
|
end
|
|
22
21
|
|
|
23
|
-
def auth_uid
|
|
24
|
-
gon.user_id = session[:user_jwt]['value'].first['jti'] if authenticated?
|
|
25
|
-
end
|
|
26
|
-
|
|
27
22
|
def user_jwt
|
|
28
23
|
@user_jwt ||= session[:user_jwt] || {}
|
|
29
24
|
end
|
|
@@ -48,7 +43,11 @@ module OauthIm
|
|
|
48
43
|
end
|
|
49
44
|
|
|
50
45
|
def logged_in?
|
|
51
|
-
current_user.present?
|
|
46
|
+
current_user.present? || local_login?
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def local_login?
|
|
50
|
+
session[:userinfo].present?
|
|
52
51
|
end
|
|
53
52
|
end
|
|
54
53
|
end
|
|
@@ -21,7 +21,7 @@ module OauthIm
|
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
def local_login
|
|
24
|
-
raise 'Disallowed'
|
|
24
|
+
raise 'Disallowed' if Rails.env.production?
|
|
25
25
|
|
|
26
26
|
session[:userinfo] = { info: { email: 'local_login@example.com' } }
|
|
27
27
|
redirect_back(fallback_location: main_app.root_path)
|
data/lib/oauth_im/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oauth_im
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Connally
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '2.
|
|
19
|
+
version: '2.2'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '2.
|
|
26
|
+
version: '2.2'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: oauth2
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -109,9 +109,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
109
109
|
version: 2.6.6
|
|
110
110
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
111
111
|
requirements:
|
|
112
|
-
- - "
|
|
112
|
+
- - ">="
|
|
113
113
|
- !ruby/object:Gem::Version
|
|
114
|
-
version:
|
|
114
|
+
version: '0'
|
|
115
115
|
requirements: []
|
|
116
116
|
rubygems_version: 3.0.3
|
|
117
117
|
signing_key:
|