omniauth-colorgy-oauth2 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 94da4a452dca3e370d41b977b59e8afb012dd302
+  data.tar.gz: 94012e54bf4185e77dd66a403627fecce3da70ec
+SHA512:
+  metadata.gz: 0abe4493c950009dfd16d859cefa94609563275b9f0b90c831d65c72a6fbcd97147af007c18476c6e996c5658fabd2085c63a720f3fb6bb9adefe65c71ccc6a9
+  data.tar.gz: d25810bfc07fb0790fe550e883f696dc2222e15e27b16920e3ee15ed1ecb35802b24fca8ebfc83762ff303e5e9a02dfcb665a951597bce11d85b644549527f6d

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.2.0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-colorgy-oauth2.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Neson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,206 @@
+# OmniAuth Colorgy Strategy [![Build Status](https://travis-ci.org/colorgy/omniauth-colorgy-oauth2.svg?branch=master)](https://travis-ci.org/colorgy/omniauth-colorgy-oauth2)
+
+Strategy to authenticate with Colorgy via OAuth2 in OmniAuth.
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-colorgy-oauth2'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install omniauth-colorgy-oauth2
+
+
+## Usage
+
+The OmniAuth strategy can be used just like many of the other strategies, like omniauth-facebook, omniauth-google-oauth2... etc. Here are some few examples:
+
+### Rails middleware
+
+An example for adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :colorgy, ENV['APP_ID'], ENV['APP_SECRET'],
+                     scope: 'public email identity offline_access',
+                     fields: [:id, :uuid, :email, :avatar_url, :primary_identity],
+                     includes: [:primary_identity],
+                     client_options: { site: 'https://colorgy.io' }
+end
+```
+
+> The configurations used in the above example are introduced in the `Configuration` section below.
+
+### Devise
+
+First define your **application id** and **secret** in `config/initializers/devise.rb`:
+
+```ruby
+config.omniauth :colorgy, "COLORGY_APP_ID", "COLORGY_APP_SECRET"
+```
+
+Then add the following to `config/routes.rb` so the callback routes are defined:
+
+```ruby
+# This controller will be setup later in `app/controllers/users/omniauth_callbacks_controller.rb`
+devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
+```
+
+Make sure your model is omniauthable. Generally this is `app/models/user.rb`:
+
+```ruby
+devise :omniauthable, :omniauth_providers => [:colorgy]
+```
+
+Then make sure your callbacks controller is setup:
+
+```ruby
+# app/controllers/users/omniauth_callbacks_controller.rb
+
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  def colorgy
+    auth = request.env['omniauth.auth']
+
+    # This method will be implement later in your model (e.g. app/models/user.rb)
+    @user = User.from_colorgy(auth, current_user)
+
+    if @user.persisted?
+      set_flash_message(:notice, :success, kind: 'Colorgy') if is_navigational_format?
+      sign_in_and_redirect @user, event: :authentication
+    else
+      session['devise.colorgy_data'] = auth
+      redirect_to new_user_registration_path
+    end
+  end
+end
+```
+
+Finally, implement the `from_colorgy` method for the User model in `app/models/user.rb`
+
+```ruby
+def self.from_colorgy(auth, signed_in_resource=nil)
+  user = where(:email => auth.info.email).first_or_create! do |user|
+    user.password = Devise.friendly_token[0,20]
+  end
+
+  return user
+end
+```
+
+Now you can add an login link in your view using:
+
+```ruby
+<%= link_to "Sign in with Colorgy", user_omniauth_authorize_path(:colorgy) %>
+```
+
+
+## Configuration
+
+You can configure several options, which you pass into the provider method: `scope`, `fields`, `includes` and `client_options`.
+
+An example using devise in `config/initializers/devise.rb` is like:
+
+```ruby
+config.omniauth :colorgy, ENV['APP_ID'], ENV['APP_SECRET'],
+                          scope: 'public email identity offline_access',
+                          fields: [:id, :uuid, :email, :avatar_url, :primary_identity],
+                          includes: [:primary_identity],
+                          client_options: { site: 'https://colorgy.io' }
+```
+
+- `scope`: A space-separated list of permissions you want to request from the user. defaults to `public`, which only provides the user's `id`, `uuid`, `username`, `name` and profile pictures (`avatar_url` and `cover_photo_url`)
+- `fields`: An array selecting the fields of user's infomation to be returned. This is really useful for making your API calls more efficient and fast.
+- `includes`: An array to select includable related data (e.g. `primary_identity`, `organizations`) to be included with the user's infomation. It will be convenient that you won't have to make another API call to get the data.
+- `client_options`: A hash to specify the client configurations. Set this to `{ site: 'https://server.url' }` to change the API server that you want to use.
+
+
+## Single-Sign On/Off (SSO) Support
+
+_(Optional)_
+
+The Colorgy SSO system is implemented using **OAuth 2.0** as the authorization protocol and **Sign-on Status Tokens (SST)** as credential of the sign-on status of the user, achieving sign in and out seamlessly controlled by a central server.
+
+The **Sign-on Status Token (SST)** is stored in an cross-domain cookie (`_sst`) to represent the sign on status of the current user. SSTs are trully [JSON Web Tokens (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token) containing identification information, signed by a RSA private key. Clients (other services under this SSO system) will be able to decode and verify the infomation using a corresponding RSA public key, and make reasonable reactions according to the infomation it provided.
+
+This gem has implemented some solutions to cover certain use cases.
+
+
+### Using Devise With Rails: `ColorgyDeviseSSOManager`
+
+> Limitations: since this tactic relys on sharing a cookie accross Colorgy core and your app, your app should be running on a subdomain of Colorgy core to make this work.
+
+First, make sure Devise is setup properly to OmniAuth with Colorgy - clicking the 'Sign in with Colorgy' link will sign you in with no doubts.
+
+Then confirm that you have at least copy down the **`uuid`** (and accessable via `User#uuid`) or `id` (accessable via `User#sid` or `User#cid`) property of a user when they are signing in from Colorgy Core. A sample is as below:
+
+```ruby
+# /app/models/user.rb
+
+# ...
+
+  def self.from_colorgy(auth, signed_in_resource=nil)
+    # The uuid is copied down during creation!
+    user = where(:uuid => auth.info.uuid).first_or_create! do |user|
+      user.email = auth.info.email
+    end
+  end
+
+# ...
+```
+
+You might want your local user data to be updated automatically when the core data is. If so, add a **`refreshed_at`** column to your User model and let your application be able to determine whether a refresh is needed (comparing the `update_at` in SST and this column):
+
+```bash
+rails g migration add_refreshed_at_to_users refreshed_at:datetime
+rake db:migrate
+```
+
+Then just include `ColorgyDeviseSSOManager` in your ApplicationController and all the rest is done:
+
+```ruby
+# app/controllers/application_controller.rb
+
+class ApplicationController < ActionController::Base
+  include ColorgyDeviseSSOManager
+  include FlashMessageReporter
+end
+```
+
+_`FlashMessageReporter` is optional, include it if you want to relay flash messages from core to your app ._
+
+One last step: unlike URL of the core SSO server can be guessed by OmniAuth and Devise configurations, the **RSA public key** used to verify SST isn't. So you need to pass it in manually using an environment variable called **`CORE_RSA_PUBLIC_KEY`**. Put it in your `.env` or export it like this: `export CORE_RSA_PUBLIC_KEY='-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3D ... P2QIDAQAB\n-----END PUBLIC KEY-----\n'`. Make sure it's accessible via `ENV['CORE_RSA_PUBLIC_KEY']` in your app.
+
+Now that users on your app will be signing in/out synchronizedly with Colorgy core, and is automatically reauthorized to get user's new data from core when updated.
+
+`ColorgyDeviseSSOManager` also provide two URL helper methods: `sign_out_url`, `logout_url` pointed to the core sign out URL. You can replace your orginal logout link (maybe `destroy_user_session_path`) with these. (Since it's an SSO, signing out of the core server means to sign out of your application too.)
+
+```ruby
+<%= link_to("Log Out", sign_out_url, method: :delete) %>
+```
+
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
+
+The test suite can be run by executing `bundle exec rake`.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+
+## Contributing
+
+1. Fork it.
+2. Create your feature branch (`git checkout -b my-new-feature`).
+3. Commit your changes (`git commit -am 'Add some feature'`).
+4. Push to the branch (`git push origin my-new-feature`).
+5. Create a new Pull Request.

data/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+require File.join('bundler', 'gem_tasks')
+require File.join('rspec', 'core', 'rake_task')
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "omniauth/colorgy_oauth2"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/colorgy_devise_sso_manager.rb

@@ -0,0 +1,114 @@
+module ColorgyDeviseSSOManager
+  extend ActiveSupport::Concern
+
+  @@sst_verification_method = 'RS256'
+
+  included do
+    before_filter :verify_sst
+    helper_method :sign_out_url, :logout_url
+  end
+
+  # Helpers to get the core sign-out URL
+  def sign_out_url
+    "#{core_url}/logout"
+  end
+
+  def logout_url
+    sign_out_url
+  end
+
+  # Override the destroy_user_session_path to logout from core
+  def destroy_user_session_path
+    sign_out_url
+  end
+
+  private
+
+  # Getter of the core domain
+  def core_domain
+    @@core_domain ||= URI.parse(Devise.omniauth_configs[:colorgy].options[:client_options][:site]).host
+  end
+
+  # Getter of the core url
+  def core_url
+    @@core_url ||= Devise.omniauth_configs[:colorgy].options[:client_options][:site]
+  end
+
+  # Getter of the core rsa public key
+  def core_rsa_public_key
+    @@core_rsa_public_key ||= OpenSSL::PKey::RSA.new(ENV['CORE_RSA_PUBLIC_KEY'].gsub(/\\n/, "\n"))
+  end
+
+  # Decode the sign-on status token (sst) string and return a hash
+  def decode_sst(token)
+    data = JWT.decode(token, core_rsa_public_key, @@sst_verification_method)[0]
+
+    data['issued_at'] = Time.at(data['iat'])
+    data['expired_at'] = Time.at(data['exp'])
+    data['updated_at'] = Time.at(data['updated_at'])
+
+    data
+  rescue JWT::DecodeError
+    nil
+  end
+
+  def verify_sst
+    # Skip this on test and auth callbacks
+    return if Rails.env.test?
+    return if controller_name == 'omniauth_callbacks'
+
+    # Get the sst string from cookie
+    sst_string = cookies[:_sst]
+
+    # If the user's session is valid but the sst is blank,
+    # sign out the user
+    if user_signed_in? && sst_string.blank?
+      sign_out current_user and return
+    end
+
+    # Decode the sign-on status token (sst)
+    sst = decode_sst(sst_string)
+
+    # Perform checks if the user is currently signed in
+    if user_signed_in?
+
+      # If the sst is invalid (expired or cannot be verified),
+      # sign out the user
+      sign_out current_user and return if sst.blank?
+
+      # If the sst isn't belongs to the current user, sign out the user and
+      # redirect to authorize path for re-authorization
+      unless current_user.try(:uuid) == sst['uuid'] ||
+             current_user.try(:sid) == sst['id'] ||
+             current_user.try(:cid) == sst['id'] ||
+             current_user.try(:id) == sst['id']
+        sign_out current_user
+        redirect_to user_omniauth_authorize_path(:colorgy)
+        return
+      end
+
+      # If current user's update time is before the token specified time,
+      # re-authentication to refresh the user's data, do this only on
+      # navigational GET requests
+      if sst['updated_at'].present? && request.get? && is_navigational_format?
+        current_user_refreshed_at = current_user.try(:refreshed_at) ||
+                                    current_user.try(:synced_at)
+        if current_user_refreshed_at.is_a?(Time) && sst['updated_at'] > current_user_refreshed_at
+          sign_out current_user
+          redirect_to user_omniauth_authorize_path(:colorgy) and return
+        end
+      end
+
+      # If the token is about to expired then redirect to core to refresh it,
+      # and do this only on navigational GET requests
+      if (sst['expired_at'] - Time.now < 3.days) && request.get? && is_navigational_format?
+        redirect_to "#{core_url}/refresh_sst?redirect_to=#{CGI.escape(request.original_url)}" and return
+      end
+
+    # if the user isn't signed in but the sst isn't blank,
+    # redirect to core authorize path
+    elsif !sst.blank?
+      redirect_to user_omniauth_authorize_path(:colorgy) and return
+    end
+  end
+end

data/lib/flash_message_reporter.rb

@@ -0,0 +1,20 @@
+module FlashMessageReporter
+  extend ActiveSupport::Concern
+
+  included do
+    before_filter :set_flash_message_from_params
+  end
+
+  private
+
+  def set_flash_message_from_params
+    return if request.env["HTTP_REFERER"].blank?
+    referer_uri = URI.parse(request.env["HTTP_REFERER"])
+    return unless referer_uri.host.ends_with?(core_domain)
+
+    flash[:notice] = params[:flash][:notice] if params[:flash][:notice]
+    flash[:alert] = params[:flash][:alert] if params[:flash][:alert]
+  rescue
+    nil
+  end
+end

data/lib/omniauth/colorgy_oauth2/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module ColorgyOauth2
+    VERSION = "0.1.0"
+  end
+end

data/lib/omniauth/colorgy_oauth2.rb

@@ -0,0 +1,8 @@
+require "omniauth/colorgy_oauth2/version"
+require File.join('omniauth', 'strategies', 'colorgy')
+
+module OmniAuth
+  module ColorgyOauth2
+    CORE_URL = 'https://colorgy.io'
+  end
+end

data/lib/omniauth/strategies/colorgy.rb

@@ -0,0 +1,40 @@
+require File.expand_path(File.join('..', '..', 'colorgy_oauth2'), __FILE__)
+require 'omniauth-oauth2'
+
+module OmniAuth
+  module Strategies
+    class Colorgy < OmniAuth::Strategies::OAuth2
+      include OmniAuth::Strategy
+
+      CORE_URL = 'https://colorgy.io'
+
+      option :includes, []
+      option :fields, []
+
+      option :client_options, {
+        :site => CORE_URL,
+        :authorize_url => "/oauth/authorize"
+      }
+
+      uid do
+        raw_info['uuid']
+      end
+
+      info do
+        raw_info
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get("/api/v1/me.json?include=#{includes_url_param}&fields=#{fields_url_param}").parsed
+      end
+
+      def fields_url_param
+        @fields_url_param ||= options[:fields].is_a?(Array) ? options[:fields].join(',') : options[:fields]
+      end
+
+      def includes_url_param
+        @includes_url_param ||= options[:includes].is_a?(Array) ? options[:includes].join(',') : options[:includes]
+      end
+    end
+  end
+end

data/lib/omniauth-colorgy-oauth2.rb

@@ -0,0 +1,3 @@
+require File.join('omniauth', 'colorgy_oauth2')
+require File.join('flash_message_reporter') if defined? ActiveSupport::Concern
+require File.join('colorgy_devise_sso_manager') if defined? Devise && defined? ActiveSupport::Concern

data/omniauth-colorgy-oauth2.gemspec

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'omniauth/colorgy_oauth2/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "omniauth-colorgy-oauth2"
+  spec.version       = OmniAuth::ColorgyOauth2::VERSION
+  spec.authors       = ["Neson"]
+  spec.email         = ["neson@dex.tw"]
+
+  spec.summary       = %q{A Colorgy OAuth2 strategy and SSO client helper for OmniAuth.}
+  spec.description   = %q{A Colorgy OAuth2 strategy and SSO (Single Sign On/Out) client helper for OmniAuth.}
+  spec.homepage      = "https://github.com/colorgy/omniauth-colorgy-oauth2"
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
+  # delete this section to allow pushing this gem to any host.
+  # if spec.respond_to?(:metadata)
+  #   spec.metadata['allowed_push_host'] = "TODO: Set to 'http://mygemserver.com'"
+  # else
+  #   raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+  # end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'omniauth', '>= 1.1.1'
+  spec.add_runtime_dependency 'omniauth-oauth2', '>= 1.1.1'
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+end

metadata

@@ -0,0 +1,131 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-colorgy-oauth2
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Neson
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-05-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A Colorgy OAuth2 strategy and SSO (Single Sign On/Out) client helper
+  for OmniAuth.
+email:
+- neson@dex.tw
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/colorgy_devise_sso_manager.rb
+- lib/flash_message_reporter.rb
+- lib/omniauth-colorgy-oauth2.rb
+- lib/omniauth/colorgy_oauth2.rb
+- lib/omniauth/colorgy_oauth2/version.rb
+- lib/omniauth/strategies/colorgy.rb
+- omniauth-colorgy-oauth2.gemspec
+homepage: https://github.com/colorgy/omniauth-colorgy-oauth2
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: A Colorgy OAuth2 strategy and SSO client helper for OmniAuth.
+test_files: []