omniauth-clever 1.2.0 → 1.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 458dce33b0c16ae69f770ac1f759d070ecb339a5
4
- data.tar.gz: 2484de2c25fa6c9cf24058abef451a32cb504565
3
+ metadata.gz: 66fffece22d76f800d950c85b783f41f5879bfad
4
+ data.tar.gz: 05ccd3ee2aad3d7b5f443c53de7fc995f2e780e9
5
5
  SHA512:
6
- metadata.gz: 71073ce5b8faa831d24f559e51aefd4412f7a7243e245b534148c1415f271f9dac21ebf9a33c253afc2f6ed2249bb8119ffab9acf91b29512d66bcb3bd65e3fe
7
- data.tar.gz: 26a7e7e5db382cfe5149b11d3f4b7488d9ea3fea818170987251629f8be37a7569ba8223737a986889b652c0e923685fe785906f3b91d60e17323ea80841a650
6
+ metadata.gz: 15eec45d3d127ed0c77266692be1c75e6c7db2e5341f93e38e47b80d6071ad117fa9fb793f33afa6eb9a9a9d0fa46ece7bac407d5d01accef8f00d22f9ae8049
7
+ data.tar.gz: 0aa20f2e688be841911850a15a4dd032bd418c7e58e356cb1a5f41a01345772d1b29806adfe5c2deee8929cdfab9a185267c6b80f463050802259c8a14d11309
data/README.md CHANGED
@@ -6,7 +6,7 @@ Unofficial OmniAuth strategy for [Clever SSO OAuth2](https://dev.clever.com/sso)
6
6
 
7
7
  Add the gem to your application's Gemfile:
8
8
 
9
- gem 'omniauth-clever', '~> 1.2.0'
9
+ gem 'omniauth-clever', '~> 1.2.1'
10
10
 
11
11
  And then execute:
12
12
 
@@ -28,6 +28,11 @@ Rails.application.config.middleware.use OmniAuth::Builder do
28
28
  end
29
29
  ```
30
30
 
31
+ Clever is a unique OAuth 2.0 service provider in that login sequences
32
+ are often initiated by Clever, not the client. When Clever initiates
33
+ login, a state parameter is not relevant nor sent.
34
+
35
+
31
36
  ## Configuring
32
37
 
33
38
  To be able to set the optional `district_id` parameter on a
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Clever
3
- VERSION = "1.2.0"
3
+ VERSION = "1.2.1"
4
4
  end
5
5
  end
@@ -4,21 +4,43 @@ require 'base64'
4
4
  module OmniAuth
5
5
  module Strategies
6
6
  class Clever < OmniAuth::Strategies::OAuth2
7
- option :name, "clever"
7
+ # Clever is a unique OAuth 2.0 service provider in that login sequences
8
+ # are often initiated by Clever, not the client. When Clever initiates
9
+ # login, a state parameter is not relevant nor sent.
8
10
 
11
+ option :name, "clever"
9
12
  option :client_options, {
10
13
  :site => 'https://api.clever.com',
11
14
  :authorize_url => 'https://clever.com/oauth/authorize',
12
15
  :token_url => 'https://clever.com/oauth/tokens'
13
16
  }
14
17
 
18
+ # This option bubbles up to the OmniAuth::Strategies::OAuth2
19
+ # when we call super in the callback_phase below.
20
+ # **State will still be verified** when login is initiated by the client.
21
+ option :provider_ignores_state, true
22
+
15
23
  def token_params
16
24
  super.tap do |params|
17
25
  params[:headers] = {'Authorization' => "Basic #{Base64.strict_encode64("#{options.client_id}:#{options.client_secret}")}"}
18
26
  end
19
27
  end
20
28
 
21
-
29
+ def callback_phase
30
+ error = request.params["error_reason"] || request.params["error"]
31
+ stored_state = session.delete("omniauth.state")
32
+ if error
33
+ fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
34
+ else
35
+ # Only verify state if we've initiated login and have stored a state
36
+ # to compare to.
37
+ if stored_state && (!request.params["state"] || request.params["state"] != stored_state)
38
+ fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
39
+ else
40
+ super
41
+ end
42
+ end
43
+ end
22
44
 
23
45
  uid{ raw_info['data']['id'] }
24
46
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-clever
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Carol Nichols
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain:
12
12
  - gem-public_cert.pem
13
- date: 2015-05-20 00:00:00.000000000 Z
13
+ date: 2015-08-07 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: omniauth-oauth2
@@ -71,3 +71,4 @@ specification_version: 4
71
71
  summary: The unofficial strategy for authenticating people using clever.com to your
72
72
  application using Clever's OAuth2 provider
73
73
  test_files: []
74
+ has_rdoc: