omniauth-adfs-open-id-connect 0.0.1 → 0.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +24 -0
  3. data/.rubocop.yml +4 -1
  4. data/Gemfile +1 -1
  5. data/lib/omniauth/adfs_open_id_connect/version.rb +1 -1
  6. data/lib/omniauth/strategies/adfs_open_id_connect.rb +43 -9
  7. data/omniauth-adfs-open-id-connect.gemspec +2 -3
  8. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 53db3de00b2d52ce07e5c8868e3f0c11350c7ee9c61d812ada2461eb41ee1449
4
- data.tar.gz: 2f96feca3e74a390ccf8711ad0b1ad8497bbd971ff66b1aa1216e2d426615a7c
3
+ metadata.gz: fc77cec391ab75442f586b5b0aa5901644fe8af59888011aced75523b41bd9dc
4
+ data.tar.gz: ee96183ea80abc1262ca9b2fafc8b370f2444c91a9145e894834b230cdb588e2
5
5
  SHA512:
6
- metadata.gz: b4c54ed04b6a6fa172434c0b5c1190cd6a2083fac621652a321f04873412a7a16b14931b07edc493a6ffdbaa4a170cb71e8cce067adaeb45b94dca204fc488b7
7
- data.tar.gz: af65e341a082bfe4ce0c03a7964c5c888354bb665b38520a2012b99281169385e16fd1061c530a72fea1094cd2011b8404dbaa3fb594d9e4fe668e82b9ae556f
6
+ metadata.gz: '09f0bedcf11d83f79adbc8e9cc6e4cc2ff23b30f7b76bbfc64b45285278b699536aacfc9a02c5da13bf7db1b1a5b6df24f1ac962e597bf4555506d83378e17e4'
7
+ data.tar.gz: eacfb72c4c3e3878569960e673a43096eea871b613bce8252094b45a18930b3c0366abf79239748039bb71007529d6399a791a958f1e1555cc6fc0e431ea20a7
data/.github/workflows/ci.yml ADDED
@@ -0,0 +1,24 @@
1
+ name: CI
2
+ on: [push]
3
+
4
+ jobs:
5
+ test:
6
+ runs-on: ubuntu-latest
7
+ steps:
8
+ - uses: actions/checkout@v2
9
+ - uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
10
+ with:
11
+ ruby-version: 2.7
12
+ bundler-cache: true
13
+ - run: bundle install
14
+ - run: bundle exec rspec
15
+ rubocop:
16
+ runs-on: ubuntu-latest
17
+ steps:
18
+ - uses: actions/checkout@v2
19
+ - uses: ruby/setup-ruby@477b21f02be01bcb8030d50f37cfec92bfa615b6
20
+ with:
21
+ ruby-version: 2.7
22
+ bundler-cache: true
23
+ - run: bundle install
24
+ - run: bundle exec rubocop
data/.rubocop.yml CHANGED
@@ -3,7 +3,10 @@ require:
3
3
 
4
4
  AllCops:
5
5
  NewCops: enable
6
- TargetRubyVersion: 2.6
6
+ TargetRubyVersion: 2.7
7
+ Naming/FileName:
8
+ Exclude:
9
+ - 'lib/adfs-open-id-connect.rb'
7
10
  Metrics/AbcSize:
8
11
  Enabled: false
9
12
  Metrics/BlockLength:
data/Gemfile CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- source "https://rubygems.org"
3
+ source 'https://rubygems.org'
4
4
 
5
5
  # Specify your gem's dependencies in omniauth-adfs-open-id-connect.gemspec
6
6
  gemspec
data/lib/omniauth/adfs_open_id_connect/version.rb CHANGED
@@ -4,7 +4,7 @@ module OmniAuth
4
4
  module Adfs
5
5
  module OpenId
6
6
  module Connect
7
- VERSION = '0.0.1'
7
+ VERSION = '0.0.5'
8
8
  end
9
9
  end
10
10
  end
data/lib/omniauth/strategies/adfs_open_id_connect.rb CHANGED
@@ -10,7 +10,8 @@ module OmniAuth
10
10
  DEFAULT_SCOPE = 'openid profile email'
11
11
 
12
12
  def client
13
- options.authorize_params.scope = (options.scope if options.respond_to?(:scope) && options.scope) || DEFAULT_SCOPE
13
+ options.authorize_params.scope =
14
+ (options.scope if options.respond_to?(:scope) && options.scope) || DEFAULT_SCOPE
14
15
 
15
16
  options.client_options.authorize_url = "#{options.base_adfs_url}/adfs/oauth2/authorize"
16
17
  options.client_options.token_url = "#{options.base_adfs_url}/adfs/oauth2/token"
@@ -18,17 +19,17 @@ module OmniAuth
18
19
  super
19
20
  end
20
21
 
21
- uid {
22
- raw_info['oid']
23
- }
22
+ uid do
23
+ raw_info['unique_name']
24
+ end
24
25
 
25
26
  info do
26
27
  {
27
- name: raw_info['name'],
28
- email: raw_info['email'] || raw_info['upn'],
29
- nickname: raw_info['unique_name'],
30
- first_name: raw_info['given_name'],
31
- last_name: raw_info['family_name']
28
+ name: raw_info['name'],
29
+ email: raw_info['email'] || raw_info['upn'],
30
+ nickname: raw_info['unique_name'],
31
+ first_name: raw_info['given_name'],
32
+ last_name: raw_info['family_name']
32
33
  }
33
34
  end
34
35
 
@@ -39,6 +40,39 @@ module OmniAuth
39
40
  def callback_url
40
41
  full_host + script_name + callback_path
41
42
  end
43
+
44
+ # The omniauth-azure-activedirectory-v2 gem implements the raw_info method as follows.
45
+ # It's unclear if this is required for AD FS, but will implement with the fallback on
46
+ # the ID token just as a precaution and we can later remove and use access_token.token directly
47
+ # if it's not needed.
48
+ #
49
+ # Some account types from Microsoft seem to only have a decodable ID token,
50
+ # with JWT unable to decode the access token. Information is limited in those
51
+ # cases. Other account types provide an expanded set of data inside the auth
52
+ # token, which does decode as a JWT.
53
+ #
54
+ # Merge the two, allowing the expanded auth token data to overwrite the ID
55
+ # token data if keys collide, and use this as raw info.
56
+ #
57
+ def raw_info
58
+ if @raw_info.nil?
59
+ id_token_data = begin
60
+ ::JWT.decode(access_token.params['id_token'], nil, false).first
61
+ rescue StandardError
62
+ # no-op, ignore the error if token decoding fails
63
+ end
64
+ auth_token_data = begin
65
+ ::JWT.decode(access_token.token, nil, false).first
66
+ rescue StandardError
67
+ # no-op, ignore the error if token decoding fails
68
+ end
69
+
70
+ id_token_data.merge!(auth_token_data)
71
+ @raw_info = id_token_data
72
+ end
73
+
74
+ @raw_info
75
+ end
42
76
  end
43
77
  end
44
78
  end
data/omniauth-adfs-open-id-connect.gemspec CHANGED
@@ -1,4 +1,3 @@
1
- # -*- encoding: utf-8 -*-
2
1
  # frozen_string_literal: true
3
2
 
4
3
  lib = File.expand_path('lib', __dir__)
@@ -9,8 +8,8 @@ Gem::Specification.new do |s|
9
8
  s.name = 'omniauth-adfs-open-id-connect'
10
9
  s.version = OmniAuth::Adfs::OpenId::Connect::VERSION
11
10
  s.summary = 'OAuth 2 authentication with Active Directory Federations Services OpenId Connect.'
12
- s.authors = [ 'Diego Marcet' ]
13
- s.email = [ 'systems@controlshiftlabs.com' ]
11
+ s.authors = ['Diego Marcet']
12
+ s.email = ['systems@controlshiftlabs.com']
14
13
  s.homepage = 'https://github.com/controlshift/omniauth-adfs-open-id-connect'
15
14
  s.license = 'MIT'
16
15
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-adfs-open-id-connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Diego Marcet
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-10-25 00:00:00.000000000 Z
11
+ date: 2021-11-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-oauth2
@@ -115,6 +115,7 @@ executables: []
115
115
  extensions: []
116
116
  extra_rdoc_files: []
117
117
  files:
118
+ - ".github/workflows/ci.yml"
118
119
  - ".gitignore"
119
120
  - ".rspec"
120
121
  - ".rubocop.yml"