RubyGems - omniauth-azure-activedirectory-davevanfleet - Versions diffs - 1.0.0 - Mend

omniauth-azure-activedirectory-davevanfleet 1.0.0

Files changed (78) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 828fe19975bac7f5f474aa857ccf270f4179b820d356e867e0a14a967394be11
+  data.tar.gz: 378db41b6ec6417c33f76be86cc48096514452e8ca3a45e0cdd596bb41fd85b3
+SHA512:
+  metadata.gz: 7c119bf089fdc6d9c8e9723a697415dc1c882680d718aca30c584e4c15543fa8922240d94f5edcf292ddfc082e828c672c5f82c9cd0801a34ecb88e2668170ee
+  data.tar.gz: f01ac84858a88f18e70955a649761797e84fb2529e3dafff112ec548bcf61a10e8035cf7ddfce3616d198d41a4ad4acc45038da3352b5d64233f23a9c4674089

data/.gitignore ADDED Viewed

@@ -0,0 +1,9 @@
+*.gem
+*.log
+.bundle
+coverage
+.powenv
+.rspec
+Gemfile.lock
+pkg/*
+tmp

data/.rubocop.yml ADDED Viewed

@@ -0,0 +1,8 @@
+inherit_from: .rubocop_todo.yml
+AllCops:
+  Exclude:
+    - 'spec/fixtures/**/*'
+Style/Encoding:
+  Enabled: false

data/.rubocop_todo.yml ADDED Viewed

@@ -0,0 +1,20 @@
+# This configuration was generated by `rubocop --auto-gen-config`
+# on 2015-08-06 14:09:24 -0700 using RuboCop version 0.32.1.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+# Offense count: 2
+Metrics/AbcSize:
+  Max: 19
+# Offense count: 1
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 118
+# Offense count: 1
+# Configuration parameters: Exclude.
+Style/FileName:
+  Enabled: false

data/.travis.yml ADDED Viewed

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 2.1
+  - 2.2
+script: bundle exec rake spec

data/Gemfile ADDED Viewed

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+Copyright (c) 2021 Dave Van Fleet
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,86 @@
+# OmniAuth Azure Active Directory
+This is a fork of Microsoft's official ruby gem for Azure Active Directory as an omniauth provider.  Most of this README is taken from Microsoft's original gem, [found here](https://github.com/AzureAD/omniauth-azure-activedirectory).
+OmniAuth strategy to authenticate to Azure Active Directory via OpenId Connect.
+Before starting, set up a tenant and register a Web Application at [https://manage.windowsazure.com](https://manage.windowsazure.com). Note your client id and tenant for later.
+# Why this Repo?
+While Microsoft's original gem still works, when Azure AD is being used as the only provider for omniauth, it hasn't been updated in a significant amount of time.  When trying to implement this gem in my own projects, I faced the issue of having many runtime dependency conflicts, meaning I either needed to use older versions of other provider gems (not always possible), or update this gem for myself.  This repo is the result of deciding on the latter.
+## Samples and Documentation
+[Find Microsoft's examples here](https://github.com/AzureADSamples) to help you get started with learning the Azure Identity system. This includes tutorials for native clients such as Windows, Windows Phone, iOS, OSX, Android, and Linux. We also provide full walkthroughs for authentication flows such as OAuth2, OpenID Connect, Graph API, and other awesome features.
+## How to use this SDK
+#### Installation
+Add to your Gemfile:
+```ruby
+gem 'omniauth-azure-activedirectory-davevanfleet'
+```
+### Usage
+If you are already using OmniAuth, adding AzureAD is as simple as adding a new provider to your `OmniAuth::Builder`. The provider requires your AzureAD client id and your AzureAD tenant.
+For example, in Rails you would add this in `config/initializers/omniauth.rb`:
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :azure_activedirectory_davevanfleet, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']
+  # other providers here
+end
+```
+When you want to authenticate the user, simply redirect them to `/auth/azureactivedirectorydavevanfleet`. From there, OmniAuth will takeover. Once the user authenticates (or fails to authenticate), they will be redirected to `/auth/azureactivedirectorydavevanfleet/callback`. The authentication result is available in `request.env['omniauth.auth']`.
+### Auth Hash
+OmniAuth AzureAD tries to be consistent with the auth hash schema recommended by OmniAuth. [https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema](https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema).
+Here's an example of an authentication hash available in the callback. You can access this hash as `request.env['omniauth.auth']`.
+```
+  :provider => "azureactivedirectory",
+  :uid => "123456abcdef",
+  :info => {
+    :name => "John Smith",
+    :email => "jsmith@contoso.net",
+    :first_name => "John",
+    :last_name => "Smith"
+  },
+  :credentials => {
+    :code => "ffdsjap9fdjw893-rt2wj8r9r32jnkdsflaofdsa9"
+  },
+  :extra => {
+    :session_state => '532fgdsgtfera32',
+    :raw_info => {
+      :id_token => "fjeri9wqrfe98r23.fdsaf121435rt.f42qfdsaf",
+      :id_token_claims => {
+        "aud" => "fdsafdsa-fdsafd-fdsa-sfdasfds",
+        "iss" => "https://sts.windows.net/fdsafdsa-fdsafdsa/",
+        "iat" => 53315113,
+        "nbf" => 53143215,
+        "exp" => 53425123,
+        "ver" => "1.0",
+        "tid" => "5ffdsa2f-dsafds-sda-sds",
+        "oid" => "fdsafdsaafdsa",
+        "upn" => "jsmith@contoso.com",
+        "sub" => "123456abcdef",
+        "nonce" => "fdsaf342rfdsafdsafsads"
+      },
+      :id_token_header => {
+        "typ" => "JWT",
+        "alg" => "RS256",
+        "x5t" => "fdsafdsafdsafdsa4t4er32",
+        "kid" => "tjiofpjd8ap9fgdsa44"
+      }
+    }
+  }
+```

data/RELEASES.md ADDED Viewed

@@ -0,0 +1,48 @@
+# Microsoft Identity SDK Versioning and Servicing FAQ
+We have adopted the semantic versioning flow that is industry standard for OSS projects. It gives the maximum amount of control on what risk you take with what versions. If you know how semantic versioning works with node.js, java, and ruby none of this will be new.
+##Semantic Versioning and API stability promises
+Microsoft Identity libraries are independent open source libraries that are used by partners both internal and external to Microsoft. As with the rest of Microsoft, we have moved to a rapid iteration model where bugs are fixed daily and new versions are produced as required. To communicate these frequent changes to external partners and customers, we use semantic versioning for all our public Microsoft Identity SDK libraries. This follows the practices of other open source libraries on the internet. This allows us to support our downstream partners which will lock on certain versions for stability purposes, as well as providing for the distribution over NuGet, CocoaPods, and Maven.
+The semantics are: MAJOR.MINOR.PATCH (example 1.1.5)
+We will update our code distributions to use the latest PATCH semantic version number in order to make sure our customers and partners get the latest bug fixes. Downstream partner needs to pull the latest PATCH version. Most partners should try lock on the latest MINOR version number in their builds and accept any updates in the PATCH number.
+Examples:
+Using Cocapods, the following in the podfile will take the latest ADALiOS build that is > 1.1 but not 1.2.
+```
+pod 'ADALiOS', '~> 1.1'
+```
+Using NuGet, this ensures all 1.1.0 to 1.1.x updates are included when building your code, but not 1.2.
+```
+<dependency
+id="ADALfordotNet"
+version="[1.1,1.2)"
+/>
+```
+| Version |                                                                                                                                                                                                                                                            Description                                                                                                                                                                                                                                                            |                                                  Example                                                  |
+|:-------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------:|
+| x.x.x   | PATCH version number. Incrementing these numbers is for bug fixes and updates but do not introduce new features. This is used for close partners who build on our platform release (ex. Azure AD Fabric, Office, etc.),In addition, Cocoapods, NuGet, and Maven use this number to deliver the latest release to customers.,This will update frequently (sometimes within the same day),There is no new features, and no regressions or API surface changes. Code will continue to work unless affected by a particular code fix. | ADAL for iOS 1.0.10,(this was a fix for the Storyboard display that was fixed for a specific Office team) |
+| x.x     | MINOR version numbers. Incrementing these second numbers are for new feature additions that do not impact existing features or introduce regressions. They are purely additive, but may require testing to ensure nothing is impacted.,All x.x.x bug fixes will also roll up in to this number.,There is no regressions or API surface changes. Code will continue to work unless affected by a particular code fix or needs this new feature.                                                                                    | ADAL for iOS 1.1.0,(this added WPJ capability to ADAL, and rolled all the updates from 1.0.0 to 1.0.12)   |
+| x       | MAJOR version numbers. This should be considered a new, supported version of Microsoft Identity SDK and begins the Azure two year support cycle anew. Major new features are introduced and API changes can occur.,This should only be used after a large amount of testing and used only if those features are needed.,We will continue to service MAJOR version numbers with bug fixes up to the two year support cycle.                                                                                                        | ADAL for iOS 1.0,(our first official release of ADAL)                                                     |
+## Serviceability
+When we release a new MINOR version, the previous MINOR version is abandoned.
+When we release a new MAJOR version, we will continue to apply bug fixes to the existing features in the previous MAJOR version for up to the 2 year support cycle for Azure.
+Example: We release ADALiOS 2.0 in the future which supports unified Auth for AAD and MSA. Later, we then have a fix in Conditional Access for ADALiOS. Since that feature exists both in ADALiOS 1.1 and ADALiOS 2.0, we will fix both. It will roll up in a PATCH number for each. Customers that are still locked down on ADALiOS 1.1 will receive the benefit of this fix.
+## Microsoft Identity SDKs and Azure Active Directory
+Microsoft Identity SDKs major versions will maintain backwards compatibility with Azure Active Directory web services through the support period. This means that the API surface area defined in a MAJOR version will continue to work for 2 years after release.
+We will respond to bugs quickly from our partners and customers submitted through GitHub and through our private alias (tellaad@microsoft.com) for security issues and update the PATCH version number. We will also submit a change summary for each PATCH number.
+Occasionally, there will be security bugs or breaking bugs from our partners that will require an immediate fix and a publish of an update to all partners and customers. When this occurs, we will do an emergency roll up to a PATCH version number and update all our distribution methods to the latest.

data/Rakefile ADDED Viewed

@@ -0,0 +1,22 @@
+#!/usr/bin/env rake
+require 'rake'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+# This can be run with `bundle exec rake spec`.
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.pattern = `git ls-files`.split("\n").select { |f| f.end_with? 'spec.rb' }
+  t.rspec_opts = '--format documentation'
+end
+# This can be run with `bundle exec rake rubocop`.
+RuboCop::RakeTask.new(:rubocop) do |t|
+  t.patterns = `git ls-files`.split("\n").select do |f|
+    f.end_with?('.rb') && !f.start_with?('examples')
+  end
+  t.fail_on_error = false
+end
+task default: :spec

data/examples/rails-todo-list-app/.gitignore ADDED Viewed

@@ -0,0 +1,25 @@
+*.rbc
+capybara-*.html
+rspec
+/log
+/tmp
+/public/system
+/coverage/
+/spec/tmp
+**.orig
+rerun.txt
+pickle-email-*.html
+config/secrets.yml
+config/initializers/secret_token.rb
+/vendor/bundle
+.rvmrc
+/vendor/assets/bower_components
+*.bowerrc
+bower.json
+.powenv
+/.bundle
+/db/*.sqlite3
+/db/*.sqlite3-journal
+/log/*
+!/log/.keep
+/tmp

data/examples/rails-todo-list-app/Gemfile ADDED Viewed

@@ -0,0 +1,33 @@
+source 'https://rubygems.org'
+gem 'rails', '4.2.1'
+# Stores the todo list.
+gem 'sqlite3'
+# Templating library for views.
+gem 'haml'
+# The actual web server.
+gem 'thin'
+# Rack middleware authentication framework.
+gem 'omniauth'
+# AzureAD specific strategy for OmniAuth.
+gem 'omniauth-azure-activedirectory'
+# Loads configurations from .env into ENV hash.
+gem 'dotenv'
+# Acquires access tokens for resources.
+gem 'adal'
+# For the front end.
+gem 'sass-rails', '~> 5.0'
+gem 'uglifier', '>= 1.3.0'
+gem 'coffee-rails', '~> 4.1.0'
+gem 'jquery-rails'
+gem 'jbuilder', '~> 2.0'
+gem 'sdoc', '~> 0.4.0', group: :doc
+gem 'turbolinks'

data/examples/rails-todo-list-app/README.md ADDED Viewed

@@ -0,0 +1,83 @@
+Rails, OmniAuth and Graph API
+=============================
+This is a sample MVC web application that demonstrates user authentication with OmniAuth for Azure Active Directory and RESTful calls to the AzureAD Graph API with ADAL Ruby.
+## How to run this sample
+To run this sample you will need
+- [Ruby](https://www.ruby-lang.org/en/documentation/installation/)
+- [Bundler](http://bundler.io)
+- An internet connection
+- An Azure subscription (a free trial is sufficient)
+### Step 1 - Install ADAL from source
+Note: This can and should be removed once ADAL is available on RubyGems. After that point ADAL will be installed along with the other dependencies in step 3.
+```
+git clone git@github.com:AzureAD/azure-activedirectory-library-for-ruby
+cd azure-activedirectory-library-for-ruby
+gem build adal.gemspec
+gem install adal
+```
+### Step 2 - Install OmniAuth AzureAD from source
+Note: This can and should be removed once ADAL is available on RubyGems. After that point ADAL will be installed along with the other dependencies in step 3.
+```
+git clone git@github.com:AzureAD/omniauth-azure-activedirectory-priv
+cd omniauth-azure-activedirectory-priv
+gem build omniauth-azure-activedirectory.gemspec
+gem install omniauth-azure-activedirectory
+```
+### Step 3 - Install the sample dependencies
+```
+cd examples/rails-todo-list-app
+bundle
+```
+### Step 4 - Set up the database
+```
+rake db:schema:load
+```
+Note: Depending on your host environment, you may need to install a Javascript runtime. We suggest Node.js. Installation will differ by platform.
+### Step 5 - Configure the app
+Open `config/environment.rb` and replace the `CLIENT_ID`, `CLIENT_SECRET` and `TENANT` with your values.
+### Step 6 - Set up SSL
+This step is optional to get the sample running and varies across platform and choice of webserver. Here we will present one set of instructions to accomplish this, but there are many others.
+Generate a self-signed certificate.
+```
+openssl req -new -newkey rsa:2048 -sha1 -days 365 -nodes -x509 -keyout server.key -out server.crt
+```
+Get your machine/browser to trust the certificate. This varies wildly by platform.
+On OSX with Safari or Chrome, double click on `server.crt` in Finder to add it to the keychain and then select 'Trust Always'. In Firefox go to Preferences > Advanced > View Certificates > Import and add `server.crt`.
+### Step 7 - Start up Rails
+This sample uses the Thin webserver to host the app on port 9292.
+If you generated a certificate in Step 6
+```
+bundle exec thin start --port 9292 --ssl --ssl-key-file server.key --ssl-cert-file server.crt
+```
+If you want to skip SSL verification (shame!)
+```
+bundle exec thing start --port 9292 --ssl --ssl-disable-verify
+```
+You may now proceed to https://localhost:9292 to view the application. You may get a warning about the self-signed certificate. This is nothing to worry about, as in production you will not be using self-signed certs.

data/examples/rails-todo-list-app/Rakefile ADDED Viewed

@@ -0,0 +1,3 @@
+require File.expand_path('../config/application', __FILE__)
+Rails.application.load_tasks

data/examples/rails-todo-list-app/app/assets/javascripts/application.js ADDED Viewed

@@ -0,0 +1,4 @@
+//= require jquery
+//= require jquery_ujs
+//= require turbolinks
+//= require_tree .

data/examples/rails-todo-list-app/app/assets/stylesheets/application.css ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ //= require_tree .
2	+ //= require_self

data/examples/rails-todo-list-app/app/controllers/application_controller.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+ protect_from_forgery with: :exception
+end

data/examples/rails-todo-list-app/app/controllers/home_controller.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ class HomeController < ApplicationController
2	+ end

data/examples/rails-todo-list-app/app/controllers/profile_controller.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class ProfileController < SignedInController
+  # If we have the user's ADAL credentials, then we can get an access token.
+  # Otherwise we need to do the auth code flow dance.
+  def index
+    @profile = user_data_hash(current_user.graph_access_token)
+    super
+  rescue ADAL::TokenRequest::UserCredentialError
+    redirect_to User.authorization_request_url.to_s
+  end
+  # @return Hash
+  def user_data_hash(access_token)
+    headers = { 'authorization' => access_token }
+    me_endpt = URI('https://graph.windows.net/me?api-version=1.5')
+    http = Net::HTTP.new(me_endpt.hostname, me_endpt.port)
+    http.use_ssl = true
+    JSON.parse(http.get(me_endpt, headers).body)
+  end
+end

data/examples/rails-todo-list-app/app/controllers/sessions_controller.rb ADDED Viewed

@@ -0,0 +1,28 @@
+class SessionsController < ApplicationController
+  skip_before_filter :verify_authenticity_token
+  def new
+    redirect_to '/auth/azureactivedirectory'
+  end
+  def create
+    # If the session expires, they still access the same todo list next time
+    # that they log in with omniauth.
+    user = User.find_by_provider_and_uid(auth_hash['provider'],
+                                         auth_hash['uid'])
+    user ||= User.from_omniauth(auth_hash)
+    session['user_id'] = user.id
+    redirect_to tasks_path
+  end
+  def destroy
+    reset_session
+    redirect_to root_url
+  end
+  protected
+  def auth_hash
+    request.env['omniauth.auth']
+  end
+end