omniauth-facebook 9.0.0 → 10.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +7 -10
- data/CHANGELOG.md +6 -0
- data/README.md +8 -6
- data/lib/omniauth/facebook/signed_request.rb +1 -1
- data/lib/omniauth/facebook/version.rb +1 -1
- data/lib/omniauth/strategies/facebook.rb +5 -5
- data/omniauth-facebook.gemspec +2 -1
- data/test/helper.rb +1 -1
- data/test/signed_request_test.rb +1 -1
- data/test/strategy_test.rb +10 -3
- metadata +25 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0a121c1f37d032c1669ec67eb4cd7629f569dfc063e69f054a776a80b68409eb
|
4
|
+
data.tar.gz: 5b38258394e3cac9e7579ccb5bbe2af62034965ab870739fcf7e94800cb614be
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '00297b6593b4a91e1738df9d6af7bb9252ca8404fb0ed0d269580337557f9f777a43fc121abbca9627bb83f085e6f7192eee8e959876c5a158b0bdb925831983'
|
7
|
+
data.tar.gz: e8029bc7178ec6675393f7689de9c531977981e5f5b589be5ad5238d78f01a8a1bec93a539cbcac490ac91d62f3a0270336bfaddc9a5c3cf924fe95711a2abbe
|
data/.github/workflows/ci.yml
CHANGED
@@ -4,25 +4,22 @@ on: [push, pull_request]
|
|
4
4
|
|
5
5
|
jobs:
|
6
6
|
test:
|
7
|
-
runs-on:
|
7
|
+
runs-on: ubuntu-latest
|
8
8
|
strategy:
|
9
9
|
fail-fast: false
|
10
10
|
matrix:
|
11
|
-
os:
|
12
|
-
- ubuntu
|
13
11
|
ruby:
|
14
|
-
- "2.5"
|
15
|
-
- "2.6"
|
16
|
-
- "2.7"
|
17
12
|
- "3.0"
|
13
|
+
- "3.1"
|
14
|
+
- "3.2"
|
15
|
+
- "3.3"
|
16
|
+
- head
|
18
17
|
steps:
|
19
|
-
- uses: actions/checkout@
|
18
|
+
- uses: actions/checkout@v4
|
20
19
|
- name: Set up Ruby
|
21
20
|
uses: ruby/setup-ruby@v1
|
22
21
|
with:
|
23
22
|
ruby-version: ${{ matrix.ruby }}
|
24
|
-
bundler-cache: true
|
25
|
-
- name: Install dependencies
|
26
|
-
run: bundle install
|
23
|
+
bundler-cache: true # 'bundle install' and cache
|
27
24
|
- name: Run tests
|
28
25
|
run: bundle exec rake
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -39,7 +39,9 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
39
39
|
Option name | Default | Explanation
|
40
40
|
--- | --- | ---
|
41
41
|
`scope` | `email` | A comma-separated list of permissions you want to request from the user. See the Facebook docs for a full list of available permissions: https://developers.facebook.com/docs/reference/login/
|
42
|
-
`display` | `page` | The display context to show the authentication page. Options are: `page`, `popup` and
|
42
|
+
`display` | `page` | The display context to show the authentication page. Options are: `page`, `popup` and
|
43
|
+
`config_id` | | The configuration ID to use for a System User access token with Facebook Login for Business. Read the Facebook docs for more details: https://developers.facebook.com/docs/facebook-login/facebook-login-for-business#invoke-a--login-dialog
|
44
|
+
`touch`. Read the Facebook docs for more details: https://developers.facebook.com/docs/reference/dialogs/oauth/
|
43
45
|
`image_size` | `square` | Set the size for the returned image url in the auth hash. Valid options include `square` (50x50), `small` (50 pixels wide, variable height), `normal` (100 pixels wide, variable height), or `large` (about 200 pixels wide, variable height). Additionally, you can request a picture of a specific size by setting this option to a hash with `:width` and `:height` as keys. This will return an available profile picture closest to the requested size and requested aspect ratio. If only `:width` or `:height` is specified, we will return a picture whose width or height is closest to the requested size, respectively.
|
44
46
|
`info_fields` | `name,email` | Specify exactly which fields should be returned when getting the user's info. Value should be a comma-separated string as per https://developers.facebook.com/docs/graph-api/reference/user/ (only `/me` endpoint).
|
45
47
|
`locale` | | Specify locale which should be used when getting the user's info. Value should be locale string as per https://developers.facebook.com/docs/reference/api/locale/.
|
@@ -58,21 +60,21 @@ end
|
|
58
60
|
|
59
61
|
### API Version
|
60
62
|
|
61
|
-
OmniAuth Facebook uses versioned API endpoints by default (current
|
63
|
+
OmniAuth Facebook uses versioned API endpoints by default (current v19.0). You can configure a different version via `client_options` hash passed to `provider`, specifically you should change the version in the `site` and `authorize_url` parameters. For example, to change to v20.0 (assuming that exists):
|
62
64
|
|
63
65
|
```ruby
|
64
66
|
use OmniAuth::Builder do
|
65
67
|
provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'],
|
66
68
|
client_options: {
|
67
|
-
site: 'https://graph.facebook.com/
|
68
|
-
authorize_url: "https://www.facebook.com/
|
69
|
+
site: 'https://graph.facebook.com/v20.0',
|
70
|
+
authorize_url: "https://www.facebook.com/v20.0/dialog/oauth"
|
69
71
|
}
|
70
72
|
end
|
71
73
|
```
|
72
74
|
|
73
75
|
### Per-Request Options
|
74
76
|
|
75
|
-
If you want to set the `display` format, `auth_type`, or `
|
77
|
+
If you want to set the `display` format, `auth_type`, `scope` or `config_id` on a per-request basis, you can just pass it to the OmniAuth request phase URL, for example: `/auth/facebook?display=popup`, `/auth/facebook?scope=email` or `/auth/facebook?config_id=001`.
|
76
78
|
|
77
79
|
## Auth Hash
|
78
80
|
|
@@ -152,7 +154,7 @@ If you use the server-side flow, Facebook will give you back a longer lived acce
|
|
152
154
|
|
153
155
|
## Supported Rubies
|
154
156
|
|
155
|
-
- Ruby MRI (
|
157
|
+
- Ruby MRI (3.0, 3.1, 3.2 and 3.3)
|
156
158
|
|
157
159
|
## License
|
158
160
|
|
@@ -28,7 +28,7 @@ module OmniAuth
|
|
28
28
|
return if signature.nil?
|
29
29
|
|
30
30
|
decoded_hex_signature = base64_decode_url(signature)
|
31
|
-
decoded_payload =
|
31
|
+
decoded_payload = JSON.parse(base64_decode_url(encoded_payload))
|
32
32
|
|
33
33
|
unless decoded_payload['algorithm'] == SUPPORTED_ALGORITHM
|
34
34
|
raise UnknownSignatureAlgorithmError, "unknown algorithm: #{decoded_payload['algorithm']}"
|
@@ -10,7 +10,7 @@ module OmniAuth
|
|
10
10
|
class NoAuthorizationCodeError < StandardError; end
|
11
11
|
|
12
12
|
DEFAULT_SCOPE = 'email'
|
13
|
-
DEFAULT_FACEBOOK_API_VERSION = '
|
13
|
+
DEFAULT_FACEBOOK_API_VERSION = 'v19.0'.freeze
|
14
14
|
|
15
15
|
option :client_options, {
|
16
16
|
site: "https://graph.facebook.com/#{DEFAULT_FACEBOOK_API_VERSION}",
|
@@ -25,7 +25,7 @@ module OmniAuth
|
|
25
25
|
|
26
26
|
option :authorization_code_from_signed_request_in_cookie, nil
|
27
27
|
|
28
|
-
option :authorize_options, [:scope, :display, :auth_type]
|
28
|
+
option :authorize_options, [:scope, :display, :auth_type, :config_id]
|
29
29
|
|
30
30
|
option :secure_image_url, true
|
31
31
|
|
@@ -85,7 +85,7 @@ module OmniAuth
|
|
85
85
|
''
|
86
86
|
else
|
87
87
|
# Fixes regression in omniauth-oauth2 v1.4.0 by https://github.com/intridea/omniauth-oauth2/commit/85fdbe117c2a4400d001a6368cc359d88f40abc7
|
88
|
-
options[:callback_url] || (full_host +
|
88
|
+
options[:callback_url] || (full_host + callback_path)
|
89
89
|
end
|
90
90
|
end
|
91
91
|
|
@@ -93,13 +93,13 @@ module OmniAuth
|
|
93
93
|
options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h }
|
94
94
|
end
|
95
95
|
|
96
|
-
# You can pass +display+, +scope+, or +
|
96
|
+
# You can pass +display+, +scope+, +auth_type+ or +config_id+ params to the auth request, if you need to set them dynamically.
|
97
97
|
# You can also set these options in the OmniAuth config :authorize_params option.
|
98
98
|
#
|
99
99
|
# For example: /auth/facebook?display=popup
|
100
100
|
def authorize_params
|
101
101
|
super.tap do |params|
|
102
|
-
%w[display scope auth_type].each do |v|
|
102
|
+
%w[display scope auth_type config_id].each do |v|
|
103
103
|
if request.params[v]
|
104
104
|
params[v.to_sym] = request.params[v]
|
105
105
|
end
|
data/omniauth-facebook.gemspec
CHANGED
@@ -16,7 +16,8 @@ Gem::Specification.new do |s|
|
|
16
16
|
s.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
|
17
17
|
s.require_paths = ['lib']
|
18
18
|
|
19
|
-
s.add_runtime_dependency 'omniauth-oauth2', '
|
19
|
+
s.add_runtime_dependency 'omniauth-oauth2', '>= 1.2', '< 3'
|
20
|
+
s.add_runtime_dependency 'bigdecimal'
|
20
21
|
|
21
22
|
s.add_development_dependency 'minitest'
|
22
23
|
s.add_development_dependency 'mocha'
|
data/test/helper.rb
CHANGED
data/test/signed_request_test.rb
CHANGED
@@ -5,7 +5,7 @@ class SignedRequestTest < Minitest::Test
|
|
5
5
|
def setup
|
6
6
|
@value = fixture('signed_request.txt').strip
|
7
7
|
@secret = "897z956a2z7zzzzz5783z458zz3z7556"
|
8
|
-
@expected_payload =
|
8
|
+
@expected_payload = JSON.parse(fixture('payload.json'))
|
9
9
|
end
|
10
10
|
|
11
11
|
def test_signed_request_payload
|
data/test/strategy_test.rb
CHANGED
@@ -26,10 +26,11 @@ end
|
|
26
26
|
class CallbackUrlTest < StrategyTestCase
|
27
27
|
test "returns the default callback url (omitting querystring)" do
|
28
28
|
url_base = 'http://auth.request.com'
|
29
|
+
script_name = '/script_name'
|
29
30
|
@request.stubs(:url).returns("#{url_base}/some/page")
|
30
|
-
strategy.stubs(:script_name).returns(
|
31
|
+
strategy.stubs(:script_name).returns(script_name) # as not to depend on Rack env
|
31
32
|
strategy.stubs(:query_string).returns('?foo=bar')
|
32
|
-
assert_equal "#{url_base}/auth/facebook/callback", strategy.callback_url
|
33
|
+
assert_equal "#{url_base}#{script_name}/auth/facebook/callback", strategy.callback_url
|
33
34
|
end
|
34
35
|
|
35
36
|
test "returns path from callback_path option (omitting querystring)" do
|
@@ -60,6 +61,12 @@ class AuthorizeParamsTest < StrategyTestCase
|
|
60
61
|
assert_equal 'touch', strategy.authorize_params[:display]
|
61
62
|
end
|
62
63
|
|
64
|
+
test 'includes config_id parameter from request when present' do
|
65
|
+
@request.stubs(:params).returns({ 'config_id' => '000111222' })
|
66
|
+
assert strategy.authorize_params.is_a?(Hash)
|
67
|
+
assert_equal '000111222', strategy.authorize_params[:config_id]
|
68
|
+
end
|
69
|
+
|
63
70
|
test 'includes auth_type parameter from request when present' do
|
64
71
|
@request.stubs(:params).returns({ 'auth_type' => 'reauthenticate' })
|
65
72
|
assert strategy.authorize_params.is_a?(Hash)
|
@@ -427,7 +434,7 @@ end
|
|
427
434
|
|
428
435
|
module SignedRequestHelpers
|
429
436
|
def signed_request(payload, secret)
|
430
|
-
encoded_payload = base64_encode_url(
|
437
|
+
encoded_payload = base64_encode_url(JSON.dump(payload))
|
431
438
|
encoded_signature = base64_encode_url(signature(encoded_payload, secret))
|
432
439
|
[encoded_signature, encoded_payload].join('.')
|
433
440
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-facebook
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 10.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mark Dodwell
|
@@ -9,22 +9,42 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2024-05-22 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: omniauth-oauth2
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
requirements:
|
18
|
-
- - "
|
18
|
+
- - ">="
|
19
19
|
- !ruby/object:Gem::Version
|
20
20
|
version: '1.2'
|
21
|
+
- - "<"
|
22
|
+
- !ruby/object:Gem::Version
|
23
|
+
version: '3'
|
21
24
|
type: :runtime
|
22
25
|
prerelease: false
|
23
26
|
version_requirements: !ruby/object:Gem::Requirement
|
24
27
|
requirements:
|
25
|
-
- - "
|
28
|
+
- - ">="
|
26
29
|
- !ruby/object:Gem::Version
|
27
30
|
version: '1.2'
|
31
|
+
- - "<"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '3'
|
34
|
+
- !ruby/object:Gem::Dependency
|
35
|
+
name: bigdecimal
|
36
|
+
requirement: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
type: :runtime
|
42
|
+
prerelease: false
|
43
|
+
version_requirements: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
28
48
|
- !ruby/object:Gem::Dependency
|
29
49
|
name: minitest
|
30
50
|
requirement: !ruby/object:Gem::Requirement
|
@@ -117,7 +137,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
117
137
|
- !ruby/object:Gem::Version
|
118
138
|
version: '0'
|
119
139
|
requirements: []
|
120
|
-
rubygems_version: 3.
|
140
|
+
rubygems_version: 3.4.0.dev
|
121
141
|
signing_key:
|
122
142
|
specification_version: 4
|
123
143
|
summary: Facebook OAuth2 Strategy for OmniAuth
|