oauth_token_verifier 0.1.4 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b189b60e84201d8ad6e95201e22be0f3b61e65a7
-  data.tar.gz: 5088e0b935db3bc6b084192ee1ce7fcc8b0ba884
+  metadata.gz: 5c9354ca786fb7678c32477020f6957561457639
+  data.tar.gz: 94c29354f7ff28eb2cb5086e97f34c9aca82141a
 SHA512:
-  metadata.gz: 71cff4613c3e8c3182e809b04904d6c9967067c305bdd565707b9369757dd3b144a574352c36d5a88b425a57e7ca54b2f880a0bd730c8fc8f3c05d318076a6c2
-  data.tar.gz: b9100cb88e30830ca990077bc6b78259fd5ba962b2aa64639e94e436a93eec5858e86c362714818d7abded7e432b921f86ef89103b0088063759d41dd2970b06
+  metadata.gz: 9dd5ba7c7fd9c47404366e85bc1eddfe60395af9db2c97e57e07a027d8983afd6a26901301af44c2fea23519e1ea31bdd97a47e045bb2cee4ddfd83d381e55e1
+  data.tar.gz: 1d50eb2330d884ef0377a8669db98b3573b3953354aba4fc43a7e0c3fc2d216a5a23b9c6b5f31cc93e3f139969e57250100a452cb55f13d1b0a6a7bf18643da7

data/.gitignore

@@ -10,3 +10,4 @@
 
 # rspec failure tracking
 .rspec_status
+.byebug_history

data/.rubocop.yml

@@ -0,0 +1,45 @@
+# Offense count: 1
+# Configuration parameters: AllowSafeAssignment.
+Lint/AssignmentInCondition:
+  Enabled: false
+
+# Offense count: 2
+Lint/HandleExceptions:
+  Enabled: false
+
+# Offense count: 1
+Metrics/AbcSize:
+  Max: 20
+
+# Offense count: 84
+# Configuration parameters: AllowURI, URISchemes.
+Metrics/LineLength:
+  Max: 120
+
+# Offense count: 1
+# Configuration parameters: CountComments.
+Metrics/MethodLength:
+  Max: 21
+
+# Offense count: 6
+# Configuration parameters: EnforcedStyle, SupportedStyles.
+Style/ClassAndModuleChildren:
+  Enabled: false
+
+# Offense count: 19
+Style/Documentation:
+  Enabled: false
+
+AllCops:
+  TargetRubyVersion: 2.2
+  Exclude:
+    - bin/**/*
+    - config/**/*
+    - db/**/*
+    - vendor/**/*
+    - Gemfile
+    - Gemfile.lock
+    - Guardfile
+
+Rails:
+  Enabled: true

data/.travis.yml

@@ -1,8 +1,19 @@
 sudo: false
 language: ruby
-rvm:
-  - 2.3.3
-before_install: gem install bundler -v 1.15.1
+matrix:
+  fast_finish: true
+  include:
+    - rvm: ruby-head
+    - rvm: jruby-9.1.0.0
+    - rvm: 2.5.0
+    - rvm: 2.4.1
+    - rvm: 2.3.1
+    - rvm: 2.2.0
+  allow_failures:
+    - rvm: ruby-head
+    - rvm: jruby-9.1.0.0
+
+before_install: gem install bundler -v 1.16.0
 install: bundle install --jobs=3 --retry=3
 script:
   - bundle exec rspec

data/CHANGELOG.md

@@ -1,7 +1,19 @@
 Changelog
 ============
 
+#### 0.1.5
+- added version parameter reflecting recent vk.com API changes
+
+#### 0.1.4
+- minor fixes, travis integration added
+
+#### 0.1.3
+- Remove activesupport specifics
+
 #### 0.1.2
 - Explicitly require net/http
 
+#### 0.1.1
+- Basic API interaction logic
+
 

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,61 @@
+## Code of Conduct
+
+### Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+### Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+### Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+### Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+### Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/CONTRIBUTING.md

@@ -0,0 +1,26 @@
+### Reporting issues
+
+Please, provide further explanations to your issue:
+
+- Expected behaviour
+
+- Actual behaviour
+
+- Steps to reproduce
+
+Make sure to include as much information as possible. It's even better if you include test, showin failing scenario,
+or all-in-one script to make easier to reproduce the bug.
+
+### Submitting a pull request
+
+Key points when submitting a pull request:
+
+- Add tests
+
+- Update documentation
+
+- Make all changes in feature branch, i.e. `feature/tg_integration`
+
+- Make one pull request for each feature, don't include all in one pull request
+
+- Maintain sensible commit history

data/README.md

@@ -1,68 +1,146 @@
+# OauthTokenVerifier
+
+[![Gem Version](https://badge.fury.io/rb/oauth_token_verifier.svg)](https://badge.fury.io/rb/oauth_token_verifier)
 [![Build Status](https://travis-ci.org/Shkrt/oauth_token_verifier.svg?branch=master)](https://travis-ci.org/Shkrt/oauth_token_verifier)
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/7458de9e473f4a7188f8b17cdf8806b8)](https://www.codacy.com/app/zxcgpppmnn/oauth_token_verifier?utm_source=github.com&utm_medium=referral&utm_content=Shkrt/oauth_token_verifier&utm_campaign=Badge_Grade)
 
-# OauthTokenVerifier
+## Motivation
+
+This library's only responsibility is to verify oauth2 access tokens that have been obtained from third party.
+No access tokens needed.
+
+Real-world use case:
 
-This library helps to verify oauth2 access tokens that have been obtained from third party, i.e. mobile application.
+- You have a mobile application, with users authenticating via oauth2 providers.
+
+With the help of this library you can use oauth2 access tokens to validate the token, verify the user identity and map users' attributes to the custom attributes.
 
 Example of oauth2 flow using this library is shown below:
 
 ![alt text](https://github.com/Shkrt/oauth_token_verifier/raw/master/oauth2_flow.png "Flow example")
 
+The depicted workflow consists of the following steps:
+
+1. User clicks OAuth login button at the mobile application interface
+
+2. User is being shown an authorization dialogue from OAuth provider, where he/she approves permissions to access account data
+
+3. Mobile application receives an access token from OAuth2 provider and immediately passes it to backend app
+
+4. Backend application receives the token and makes a request to the OAuth provider
+
+5. Backend application receives info from OAuth provider and does something with it - authenticates the user, creates the user, updates user's data.
+
 ## Installation
 
 install manually:
 
-`gem install oauth_token_verifier`
+```shell
+gem install oauth_token_verifier
+```
 
-or using Gemfile:
+or using Bundler:
 
-`gem 'oauth_token_verifier'`
+```ruby
+# Gemfile
+
+gem 'oauth_token_verifier'
+```
 
 ## Configuration
 
-```
+```ruby
 OauthTokenVerifier.configure do |c|
   ...
 end
 ```
 
+##### Enabled providers
+
 You should configure enabled providers first, only three providers are supported by now
 
-```
+```ruby
 c.enabled_providers = [:google, :facebook, :vk]
 ```
 
-then goes separate configuration for each provider
+If you try to use the provider that is not in `enabled_providers` list, the `NoProviderFoundError` will be raised.
 
-```
+Then goes separate configuration for each provider
+
+##### name
+
+Name, that will be returned in the resulting Struct. Basically, it's just a custom alias for provider. Each provider
+will be given the default name if no alias provided.
+
+```ruby
 # provider name to be returned
-c.facebook.name = 'facebook'
+c.facebook.name = 'fb'
 ```
 
-```
+##### id_field
+
+Id field from OAuth provider response, that will be used as unique id. The default values are `email` for `Google`,
+`id` for `Facebook` and `uid` for `Vk`.
+
+```ruby
 # id field - this used to uniquely identify user
 c.facebook.id_field = 'id'
 ```
+##### fields_mapping
 
-mapping of other returned fields to arbitrary field names. By default, no fields parameter passed when querying a provider. Feel free to add any field supported by chosen provider
+Mapping of other returned fields to arbitrary field names.
+By default, no fields parameter passed when querying a provider. With this setting configured, the query parameter will
+contain the additional parameters to query more information from OAuth provider.
+Feel free to add any field supported by the chosen provider, but keeo in mind that not all the fields are available to
+query without api tokens.
 
-```
+```ruby
 c.facebook.fields_mapping = { first_name: :name }
 
 c.vk.name = 'vkontakte'
 c.vk.id_field = 'uid'
+
+# here we map vk's sex field to gender, and photo_id field to avatar
 c.vk.fields_mapping = { sex: :gender, photo_id: :avatar }
 
 c.google.name = 'google'
 c.google.id_field = 'email'
 c.google.fields_mapping = { given_name: :first_name, picture: :avatar }
+```
+
+##### version
+
+Version is a required parameter for VK provider. Default VK API version 3.0 is deprecated so it is
+neccessary to pass `v` parameter explicitly for any API call to VK. Recommended API version is 5.0+.
+Version `5.0` is configured in gem by default, but it's possible to override it:
 
+```ruby
+c.vk.version = '5.73'
 ```
 
+
 ## Usage
 
-`include OauthTokenVerifier`
+```ruby
+include OauthTokenVerifier
+```
+
+```ruby
+verify(:google, token: 'some_very_long_unreadable_sequence_here')
+
+```
 
-`verify(:google, 'qweqweqwLKJNlknlknlk343=')`
+The response will either return a struct, containing profile info fields, or raise an exception with error explanation:
 
-The response will either return a struct, containing profile info fields, or raise an exception with error explanation
+```ruby
+=> #<struct OauthTokenVerifier::Providers::Vk::BaseFields
+ uid=00010101010,
+ provider="vk",
+ info=#<struct  first_name="John", last_name="Smith">>
+```
+
+Example of error response:
+
+ ```ruby
+OauthTokenVerifier::TokenVerifier::TokenCheckError: Invalid Value
+```

data/lib/oauth_token_verifier/configuration.rb

@@ -1,24 +1,24 @@
 module OauthTokenVerifier
   class Configuration
     attr_accessor :enabled_providers, :google, :vk, :facebook
-    ProviderSettings = Struct.new(:fields_mapping, :name, :id_field)
+    ProviderSettings = Struct.new(:fields_mapping, :name, :id_field, :version)
 
     def initialize
       @enabled_providers = []
 
       @google = ProviderSettings.new({
-        first_name: :given_name,
-        last_name: :family_name
-      }, 'google', 'email')
+                                       first_name: :given_name,
+                                       last_name: :family_name
+                                     }, 'google', 'email')
 
       @vk = ProviderSettings.new({
-        first_name: :first_name,
-        last_name: :last_name
-      }, 'vk', 'uid')
+                                   first_name: :first_name,
+                                   last_name: :last_name
+                                 }, 'vk', 'uid', '5.0')
 
       @facebook = ProviderSettings.new({
-        first_name: :name,
-      }, 'facebook', 'id')
+                                         first_name: :name
+                                       }, 'facebook', 'id')
     end
   end
 end

data/lib/oauth_token_verifier/providers/facebook.rb

@@ -1,50 +1,52 @@
 # frozen_string_literal: true
 
-module OauthTokenVerifier::Providers
-  class Facebook
-    BaseFields = Struct.new(:uid, :provider, :info)
-
-    def initialize
-      @data_fields = Struct.new(*config.fields_mapping.values)
-      @request_fields = config.fields_mapping.keys.join(',')
-    end
+module OauthTokenVerifier
+  module Providers
+    class Facebook
+      BaseFields = Struct.new(:uid, :provider, :info)
+
+      def initialize
+        @data_fields = Struct.new(*config.fields_mapping.values)
+        @request_fields = config.fields_mapping.keys.join(',')
+      end
 
-    def verify_token(context)
-      uri = build_uri(context.token)
-      response = check_response(uri)
-      parse_response(response)
-    end
+      def verify_token(context)
+        uri = build_uri(context.token)
+        response = check_response(uri)
+        parse_response(response)
+      end
 
-    private
+      private
 
-    def config
-      OauthTokenVerifier.configuration.facebook
-    end
+      def config
+        OauthTokenVerifier.configuration.facebook
+      end
 
-    def build_uri(token)
-      params = { access_token: token, fields: @request_fields }
-      URI::HTTPS.build(host: 'graph.facebook.com',
-                       path: '/me',
-                       query: URI.encode_www_form(params))
-    end
+      def build_uri(token)
+        params = { access_token: token, fields: @request_fields }
+        URI::HTTPS.build(host: 'graph.facebook.com',
+                         path: '/me',
+                         query: URI.encode_www_form(params))
+      end
 
-    def check_response(uri)
-      response = JSON.parse(Net::HTTP.get(uri))
-      if error = response['error']
-        raise OauthTokenVerifier::TokenVerifier::TokenCheckError, error['message']
-      else
-        response
+      def check_response(uri)
+        response = JSON.parse(Net::HTTP.get(uri))
+        if error = response['error']
+          raise OauthTokenVerifier::TokenVerifier::TokenCheckError, error['message']
+        else
+          response
+        end
       end
-    end
 
-    def parse_response(data)
-      BaseFields.new(
-        data[config.id_field],
-        config.name,
-        @data_fields.new(
-          *data.values_at(*config.fields_mapping.keys.map(&:to_s))
+      def parse_response(data)
+        BaseFields.new(
+          data[config.id_field],
+          config.name,
+          @data_fields.new(
+            *data.values_at(*config.fields_mapping.keys.map(&:to_s))
+          )
         )
-      )
+      end
     end
   end
 end

data/lib/oauth_token_verifier/providers/google.rb

@@ -1,49 +1,51 @@
 # frozen_string_literal: true
 
-module OauthTokenVerifier::Providers
-  class Google
-    BaseFields = Struct.new(:uid, :provider, :info)
+module OauthTokenVerifier
+  module Providers
+    class Google
+      BaseFields = Struct.new(:uid, :provider, :info)
 
-    def initialize
-      @data_fields = Struct.new(*config.fields_mapping.values)
-    end
+      def initialize
+        @data_fields = Struct.new(*config.fields_mapping.values)
+      end
 
-    def verify_token(context)
-      uri = build_uri(context.token)
-      response = check_response(uri)
-      parse_response(response)
-    end
+      def verify_token(context)
+        uri = build_uri(context.token)
+        response = check_response(uri)
+        parse_response(response)
+      end
 
-    private
+      private
 
-    def config
-      OauthTokenVerifier.configuration.google
-    end
+      def config
+        OauthTokenVerifier.configuration.google
+      end
 
-    def build_uri(token)
-      params = { id_token: token }
-      URI::HTTPS.build(host: 'www.googleapis.com',
-                       path: '/oauth2/v3/tokeninfo',
-                       query: URI.encode_www_form(params))
-    end
+      def build_uri(token)
+        params = { id_token: token }
+        URI::HTTPS.build(host: 'www.googleapis.com',
+                         path: '/oauth2/v3/tokeninfo',
+                         query: URI.encode_www_form(params))
+      end
 
-    def check_response(uri)
-      response = JSON.parse(Net::HTTP.get(uri))
-      if error = response['error_description']
-        raise OauthTokenVerifier::TokenVerifier::TokenCheckError, error
-      else
-        response
+      def check_response(uri)
+        response = JSON.parse(Net::HTTP.get(uri))
+        if error = response['error_description']
+          raise OauthTokenVerifier::TokenVerifier::TokenCheckError, error
+        else
+          response
+        end
       end
-    end
 
-    def parse_response(data)
-      BaseFields.new(
-        data[config.id_field],
-        config.name,
-        @data_fields.new(
-          *data.values_at(*config.fields_mapping.keys.map(&:to_s))
+      def parse_response(data)
+        BaseFields.new(
+          data[config.id_field],
+          config.name,
+          @data_fields.new(
+            *data.values_at(*config.fields_mapping.keys.map(&:to_s))
+          )
         )
-      )
+      end
     end
   end
 end

data/lib/oauth_token_verifier/providers/vk.rb

@@ -1,50 +1,53 @@
 # frozen_string_literal: true
 
-module OauthTokenVerifier::Providers
-  class Vk
-    BaseFields = Struct.new(:uid, :provider, :info)
-
-    def initialize
-      @data_fields = Struct.new(*config.fields_mapping.values)
-      @request_fields = config.fields_mapping.keys.join(',')
-    end
+module OauthTokenVerifier
+  module Providers
+    class Vk
+      BaseFields = Struct.new(:uid, :provider, :info)
+
+      def initialize
+        @data_fields = Struct.new(*config.fields_mapping.values)
+        @request_fields = config.fields_mapping.keys.join(',')
+        @version = config.version
+      end
 
-    def verify_token(context)
-      uri = build_uri(context.token)
-      response = check_response(uri)
-      parse_response(response)
-    end
+      def verify_token(context)
+        uri = build_uri(context.token)
+        response = check_response(uri)
+        parse_response(response)
+      end
 
-    private
+      private
 
-    def config
-      OauthTokenVerifier.configuration.vk
-    end
+      def config
+        OauthTokenVerifier.configuration.vk
+      end
 
-    def build_uri(token)
-      params = { access_token: token, fields: @request_fields }
-      URI::HTTPS.build(host: 'api.vk.com',
-                       path: '/method/users.get',
-                       query: URI.encode_www_form(params))
-    end
+      def build_uri(token)
+        params = { access_token: token, fields: @request_fields, v: @version }
+        URI::HTTPS.build(host: 'api.vk.com',
+                         path: '/method/users.get',
+                         query: URI.encode_www_form(params))
+      end
 
-    def check_response(uri)
-      response = JSON.parse(Net::HTTP.get(uri))
-      if error = response['error']
-        raise OauthTokenVerifier::TokenVerifier::TokenCheckError, error['error_msg']
-      else
-        response['response'].first
+      def check_response(uri)
+        response = JSON.parse(Net::HTTP.get(uri))
+        if error = response['error']
+          raise OauthTokenVerifier::TokenVerifier::TokenCheckError, error['error_msg']
+        else
+          response['response'].first
+        end
       end
-    end
 
-    def parse_response(data)
-      BaseFields.new(
-        data[config.id_field],
-        config.name,
-        @data_fields.new(
-          *data.values_at(*config.fields_mapping.keys.map(&:to_s))
+      def parse_response(data)
+        BaseFields.new(
+          data[config.id_field],
+          config.name,
+          @data_fields.new(
+            *data.values_at(*config.fields_mapping.keys.map(&:to_s))
+          )
         )
-      )
+      end
     end
   end
 end

data/lib/oauth_token_verifier/version.rb

@@ -1,3 +1,3 @@
 module OauthTokenVerifier
-  VERSION = '0.1.4'.freeze
+  VERSION = '0.1.5'.freeze
 end

data/oauth_token_verifier.gemspec

@@ -1,5 +1,3 @@
-# coding: utf-8
-
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'oauth_token_verifier/version'
@@ -12,7 +10,7 @@ Gem::Specification.new do |spec|
 
   spec.summary       = 'Oauth2 token verification'
   spec.description   = 'This library provides possibility of verifying oauth2 access tokens obtained from third party'
-  spec.homepage      = "https://github.com/Shkrt/oauth_token_verifier"
+  spec.homepage      = 'https://github.com/Shkrt/oauth_token_verifier'
   spec.license       = 'MIT'
 
   spec.files = `git ls-files -z`.split("\x0").reject do |f|
@@ -23,6 +21,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_development_dependency 'bundler', '~> 1.15'
+  spec.add_development_dependency 'byebug'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'webmock'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oauth_token_verifier
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Shkrt
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-07-31 00:00:00.000000000 Z
+date: 2018-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -76,8 +90,11 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
 - CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
 - Gemfile
 - LICENSE.txt
 - README.md