omniauth-accounts 0.1.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ODA3YjFiYTMxODIwZjU1NDQxN2RjZGZiZjY2MjBjZmU1MmUwY2JhOQ==
+  data.tar.gz: !binary |-
+    ODc3ZDE1YzYyYjE0Y2NhZmE3NWEyNjQ5MTlkNTFiNTBhNmMyYjM5MA==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    ZDg0YzYxNDAxNzUzYjA0ZTEyM2UzMmQwNTQzYWJhZDZkZTc2MjM4N2JhNGE2
+    MWQzY2UxYTVjNmM3MGU2YTEwMWYzNzgwNDE1ZjlkMmY0MTYwNWU0YWIzMjQ0
+    OTJjMDBmY2RiM2FlYzdjZjU4NjhlZjFkMmRlNjI5ZmRkOTJmNWQ=
+  data.tar.gz: !binary |-
+    ODFmOTFjNDJkMzZjYWQyYWYwYmMyNmYxMzE4NzFkNWVhOWY0ODJjY2U1YzMw
+    MDJhZDgwN2FlM2JjMjg5M2VjMDg0YzhjZGQ4ZWQ3NDhmNzRkZGFiNGU5OGE2
+    MGQ1Y2QwMzJmZGI1MDQ5YjNlNDFhMTNlMDczMmNhMDlkZDEwZTY=

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.powenv
+.idea/
+*.sublime-project
+*.sublime-workspace

data/.rvmrc

@@ -0,0 +1 @@
+rvm use 1.9.3@omniauth-accounts --create

data/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+
+gemspec

data/README.md

@@ -0,0 +1,40 @@
+# OmniAuth Accounts Strategy
+
+Strategy to authenticate via OAuth2 in OmniAuth.
+
+Worked with some demo-projects:
+
+- [provider-site](http://github.com/gambala/demo-sso-provider)
+- [client-site](http://github.com/gambala/demo-sso-client)
+
+## Installation
+
+Add to your `Gemfile`:
+
+```ruby
+gem "omniauth-accounts"
+```
+
+Then `bundle install`.
+
+## Usage
+
+Here's an example, adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :accounts, ENV["ACCOUNTS_KEY"], ENV["ACCOUNTS_SECRET"]
+end
+```
+
+You can now access the OmniAuth Accounts URL: `/auth/accounts`
+
+## License
+
+Copyright (c) 2012 by Josh Ellithorpe
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/omniauth/accounts/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Accounts
+    VERSION = "0.1.1"
+  end
+end

data/lib/omniauth/accounts.rb

@@ -0,0 +1 @@
+require 'omniauth/strategies/accounts'

data/lib/omniauth/strategies/accounts.rb

@@ -0,0 +1,44 @@
+require 'omniauth-oauth2'
+require 'multi_json'
+
+module OmniAuth
+ module Strategies
+  class Accounts < OmniAuth::Strategies::OAuth2
+
+    option :name, "accounts"
+    option :client_options, {
+      :site => 'http://accounts.fromfuture.net',
+      :authorize_url => "/authorize",
+      :access_token_url => "/token"
+    }
+
+    uid{ raw_info['id'] }
+
+    info do
+      {
+        email: raw_info['email'],
+        name: raw_info['name'],
+        nickname: raw_info['nickname'],
+        first_name: raw_info['first_name'],
+        last_name: raw_info['last_name'],
+        image: raw_info['image'],
+        urls: raw_info['urls'],
+        location: raw_info['location'],
+        sex: raw_info['sex'],
+        born_date: raw_info['born_date']
+      }
+    end
+
+    extra do
+      {
+        'raw_info' => raw_info
+      }
+    end
+
+    def raw_info
+      @raw_info ||= access_token.get('/get_info.json?access_token='+access_token.token+'&client='+access_token.client.id).parsed
+    end
+
+  end
+ end
+end

data/lib/omniauth-accounts.rb

@@ -0,0 +1 @@
+require "omniauth/accounts"

data/omniauth-contrib.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/omniauth/accounts/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.add_dependency 'omniauth', '~> 1.0'
+
+  gem.authors       = ["Vitaliy Emeliyatsev"]
+  gem.email         = ["gambala.rus@gmail.com"]
+  gem.description   = %q{A Accounts from the Future oauth2 strategy for OmniAuth 1.0}
+  gem.summary       = %q{A simple oauth 2.0 strategy}
+  gem.homepage      = "https://github.com/gambala/omniauth-accounts"
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "omniauth-accounts"
+  gem.require_paths = ["lib"]
+  gem.version       = OmniAuth::Accounts::VERSION
+
+  gem.add_runtime_dependency 'omniauth-oauth2'
+
+  gem.add_development_dependency 'rspec', '~> 2.6.0'
+  gem.add_development_dependency 'rake'
+end

data/spec/omniauth/strategies/google_oauth2_spec.rb

@@ -0,0 +1,219 @@
+require 'spec_helper'
+require 'omniauth-accounts'
+
+describe OmniAuth::Strategies::Accounts do
+  def app; lambda{|env| [200, {}, ["Hello."]]} end
+
+  before :each do
+    OmniAuth.config.test_mode = true
+    @request = double('Request')
+    @request.stub(:params) { {} }
+    @request.stub(:cookies) { {} }
+    @request.stub(:env) { {} }
+  end
+
+  after do
+    OmniAuth.config.test_mode = false
+  end
+
+  subject do
+    args = ['appid', 'secret', @options || {}].compact
+    OmniAuth::Strategies::Accounts.new(app, *args).tap do |strategy|
+      strategy.stub(:request) { @request }
+    end
+  end
+
+  it_should_behave_like 'an oauth2 strategy'
+
+  describe '#client' do
+    it 'has correct Google site' do
+      subject.client.site.should eq('https://accounts.google.com')
+    end
+
+    it 'has correct authorize url' do
+      subject.client.options[:authorize_url].should eq('/o/oauth2/auth')
+    end
+
+    it 'has correct token url' do
+      subject.client.options[:token_url].should eq('/o/oauth2/token')
+    end
+  end
+
+  describe '#callback_path' do
+    it 'has the correct callback path' do
+      subject.callback_path.should eq('/auth/google_oauth2/callback')
+    end
+  end
+
+  describe '#authorize_params' do
+    %w(approval_prompt access_type state hd any_other).each do |k|
+      it "should set the #{k} authorize option dynamically in the request" do
+        @options = {:authorize_options => [k.to_sym], k.to_sym => ''}
+        subject.stub(:request) { double('Request', {:params => { k => 'something' }, :env => {}}) }
+        subject.authorize_params[k].should eq('something')
+      end
+    end
+
+    describe 'scope' do
+      it 'should expand scope shortcuts' do
+        @options = { :authorize_options => [:scope], :scope => 'userinfo.email'}
+        subject.authorize_params['scope'].should eq('https://www.googleapis.com/auth/userinfo.email')
+      end
+
+      it 'should leave full scopes as is' do
+        @options = { :authorize_options => [:scope], :scope => 'https://www.googleapis.com/auth/userinfo.profile'}
+        subject.authorize_params['scope'].should eq('https://www.googleapis.com/auth/userinfo.profile')
+      end
+
+      it 'should join scopes' do
+        @options = { :authorize_options => [:scope], :scope => 'userinfo.profile,userinfo.email'}
+        subject.authorize_params['scope'].should eq('https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email')
+      end
+
+      it 'should set default scope to userinfo.email,userinfo.profile' do
+        @options = { :authorize_options => [:scope]}
+        subject.authorize_params['scope'].should eq('https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile')
+      end
+
+      it 'should dynamically set the scope in the request' do
+        @options = {:scope => 'http://example.com'}
+        subject.stub(:request) { double('Request', {:params => { 'scope' => 'userinfo.email' }, :env => {}}) }
+        subject.authorize_params['scope'].should eq('https://www.googleapis.com/auth/userinfo.email')
+      end
+    end
+
+    describe 'approval_prompt' do
+      it 'should set the approval_prompt parameter if present' do
+        @options = {:approval_prompt => 'prompt'}
+        subject.authorize_params['approval_prompt'].should eq('prompt')
+      end
+
+      it 'should default to "force"' do
+        @options = {}
+        subject.authorize_params['approval_prompt'].should eq('force')
+      end
+    end
+
+    describe 'access_type' do
+      it 'should set the access_type parameter if present' do
+        @options = {:access_type => 'type'}
+        subject.authorize_params['access_type'].should eq('type')
+      end
+
+      it 'should default to "offline"' do
+        @options = {}
+        subject.authorize_params['access_type'].should eq('offline')
+      end
+    end
+
+    describe 'state' do
+      it 'should set the state parameter' do
+        @options = {:state => 'some_state'}
+        subject.authorize_params['state'].should eq('some_state')
+        subject.session['omniauth.state'].should eq('some_state')
+      end
+
+      it 'should set the omniauth.state dynamically' do
+        subject.stub(:request) { double('Request', {:params => { 'state' => 'some_state' }, :env => {}}) }
+        subject.authorize_params['state'].should eq('some_state')
+        subject.session['omniauth.state'].should eq('some_state')
+      end
+    end
+
+    describe 'hd' do
+      it 'should set the hd (hosted domain) parameter if present' do
+        @options = {:hd => 'example.com'}
+        subject.authorize_params['hd'].should eq('example.com')
+      end
+    end
+
+    describe 'login_hint' do
+      it 'should set the login_hint parameter if present' do
+        subject.stub(:request) { double('Request', {:params => { 'login_hint' => 'example@example.com' }, :env => {}}) }
+        subject.authorize_params['login_hint'].should eq('example@example.com')
+      end
+    end
+  end
+
+  describe 'raw info' do
+    it 'should include raw_info in extras hash by default' do
+      subject.stub(:raw_info) { { :foo => 'bar' } }
+      subject.extra[:raw_info].should eq({ :foo => 'bar' })
+    end
+
+    it 'should not include raw_info in extras hash when skip_info is specified' do
+      @options = { :skip_info => true }
+      subject.extra.should_not have_key(:raw_info)
+    end
+  end
+
+  describe 'populate auth hash url' do
+    it 'should populate url map in auth hash if link present in raw_info' do
+      subject.stub(:raw_info) { { 'name' => 'Foo', 'link' => 'https://plus.google.com/123456' } }
+      subject.info[:urls]['Google'].should eq('https://plus.google.com/123456')
+    end
+
+    it 'should not populate url map in auth hash if no link present in raw_info' do
+      subject.stub(:raw_info) { { 'name' => 'Foo' } }
+      subject.info.should_not have_key(:urls)
+    end
+  end
+
+  describe 'build_access_token' do
+    it 'should read access_token from hash' do
+      @request.stub(:params).and_return('id_token' => 'valid_id_token', 'access_token' => 'valid_access_token')
+      subject.should_receive(:verify_token).with('valid_id_token', 'valid_access_token').and_return true
+      subject.should_receive(:client).and_return(:client)
+
+      token = subject.build_access_token
+      token.should be_instance_of(::OAuth2::AccessToken)
+      token.token.should eq('valid_access_token')
+      token.client.should eq(:client)
+    end
+
+    it 'should call super' do
+      subject.should_receive(:build_access_token_without_access_token)
+      subject.build_access_token
+    end
+  end
+
+  describe 'verify_token' do
+    before(:each) do
+      subject.options.client_options[:connection_build] = proc do |builder|
+        builder.request :url_encoded
+        builder.adapter :test do |stub|
+          stub.get('/oauth2/v2/tokeninfo?id_token=valid_id_token&access_token=valid_access_token') do |env|
+            [200, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(
+              :issued_to => '000000000000.apps.googleusercontent.com',
+              :audience => '000000000000.apps.googleusercontent.com',
+              :user_id => '000000000000000000000',
+              :scope => 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email',
+              :expires_in => 3514,
+              :email => 'me@example.com',
+              :verified_email => true,
+              :access_type => 'online'
+            )]
+          end
+          stub.get('/oauth2/v2/tokeninfo?id_token=invalid_id_token&access_token=invalid_access_token') do |env|
+            [400, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(:error_description => 'Invalid Value')]
+          end
+        end
+      end
+    end
+
+    it 'should verify token if access_token and id_token are valid and app_id equals' do
+      subject.options.client_id =  '000000000000.apps.googleusercontent.com'
+      subject.send(:verify_token, 'valid_id_token', 'valid_access_token').should == true
+    end
+
+    it 'should not verify token if access_token and id_token are valid but app_id is false' do
+      subject.send(:verify_token, 'valid_id_token', 'valid_access_token').should == false
+    end
+
+    it 'should raise error if access_token or id_token is invalid' do
+      expect {
+        subject.send(:verify_token, 'invalid_id_token', 'invalid_access_token')
+      }.to raise_error(OAuth2::Error)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,7 @@
+require 'bundler/setup'
+require 'rspec'
+
+Dir[File.expand_path('../support/**/*', __FILE__)].each { |f| require f }
+
+RSpec.configure do |config|
+end

data/spec/support/shared_examples.rb

@@ -0,0 +1,37 @@
+# NOTE it would be useful if this lived in omniauth-oauth2 eventually
+shared_examples 'an oauth2 strategy' do
+  describe '#client' do
+    it 'should be initialized with symbolized client_options' do
+      @options = { :client_options => { 'authorize_url' => 'https://example.com' } }
+      subject.client.options[:authorize_url].should == 'https://example.com'
+    end
+  end
+
+  describe '#authorize_params' do
+    it 'should include any authorize params passed in the :authorize_params option' do
+      @options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
+      subject.authorize_params['foo'].should eq('bar')
+      subject.authorize_params['baz'].should eq('zip')
+    end
+
+    it 'should include top-level options that are marked as :authorize_options' do
+      @options = { :authorize_options => [:scope, :foo], :scope => 'http://bar', :foo => 'baz' }
+      subject.authorize_params['scope'].should eq('http://bar')
+      subject.authorize_params['foo'].should eq('baz')
+    end
+  end
+
+  describe '#token_params' do
+    it 'should include any token params passed in the :token_params option' do
+      @options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
+      subject.token_params['foo'].should eq('bar')
+      subject.token_params['baz'].should eq('zip')
+    end
+
+    it 'should include top-level options that are marked as :token_options' do
+      @options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      subject.token_params['scope'].should eq('bar')
+      subject.token_params['foo'].should eq('baz')
+    end
+  end
+end

metadata

@@ -0,0 +1,112 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-accounts
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Vitaliy Emeliyatsev
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-08-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A Accounts from the Future oauth2 strategy for OmniAuth 1.0
+email:
+- gambala.rus@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- Gemfile
+- README.md
+- Rakefile
+- lib/omniauth-accounts.rb
+- lib/omniauth/accounts.rb
+- lib/omniauth/accounts/version.rb
+- lib/omniauth/strategies/accounts.rb
+- omniauth-contrib.gemspec
+- spec/omniauth/strategies/google_oauth2_spec.rb
+- spec/spec_helper.rb
+- spec/support/shared_examples.rb
+homepage: https://github.com/gambala/omniauth-accounts
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.6
+signing_key: 
+specification_version: 4
+summary: A simple oauth 2.0 strategy
+test_files: []