omniauth-forge 0.1.0

data/Gemfile

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in omniauth-forge.gemspec
+gemspec
+
+gem "rake", "~> 12.0"
+gem "rspec", "~> 3.0"

data/Gemfile.lock

@@ -0,0 +1,206 @@
+PATH
+  remote: .
+  specs:
+    omniauth-forge (0.1.0)
+      omniauth
+      omniauth-oauth2
+      omniauth-rails_csrf_protection (~> 0.1)
+      zeitwerk (~> 2)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (6.1.0)
+      actionview (= 6.1.0)
+      activesupport (= 6.1.0)
+      rack (~> 2.0, >= 2.0.9)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (6.1.0)
+      activesupport (= 6.1.0)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activesupport (6.1.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    ast (2.4.1)
+    builder (3.2.4)
+    bundler-audit (0.7.0.1)
+      bundler (>= 1.2.0, < 3)
+      thor (>= 0.18, < 2)
+    byebug (11.1.3)
+    childprocess (4.0.0)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.7)
+    crack (0.4.4)
+    crass (1.0.6)
+    diff-lcs (1.4.4)
+    dip (6.1.0)
+      thor (>= 0.20, < 1.1)
+    docile (1.3.2)
+    dotenv (2.7.6)
+    erubi (1.10.0)
+    faker (2.15.1)
+      i18n (>= 1.6, < 2)
+    faraday (1.1.0)
+      multipart-post (>= 1.2, < 3)
+      ruby2_keywords
+    hashdiff (1.0.1)
+    hashie (4.1.0)
+    i18n (1.8.5)
+      concurrent-ruby (~> 1.0)
+    iniparse (1.5.0)
+    jwt (2.2.2)
+    loofah (2.8.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    method_source (1.0.0)
+    mini_portile2 (2.4.0)
+    minitest (5.14.2)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    nio4r (2.5.4)
+    nokogiri (1.10.10)
+      mini_portile2 (~> 2.4.0)
+    oauth2 (1.4.4)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.9.1)
+      hashie (>= 3.4.6)
+      rack (>= 1.6.2, < 3)
+    omniauth-oauth2 (1.7.0)
+      oauth2 (~> 1.4)
+      omniauth (~> 1.9)
+    omniauth-rails_csrf_protection (0.1.2)
+      actionpack (>= 4.2)
+      omniauth (>= 1.3.1)
+    overcommit (0.57.0)
+      childprocess (>= 0.6.3, < 5)
+      iniparse (~> 1.4)
+    parallel (1.20.1)
+    parser (2.7.2.0)
+      ast (~> 2.4.1)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
+      byebug (~> 11.0)
+      pry (~> 0.13.0)
+    public_suffix (4.0.6)
+    puma (5.1.1)
+      nio4r (~> 2.0)
+    rack (2.2.3)
+    rack-protection (2.1.0)
+      rack
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    rainbow (3.0.0)
+    rake (12.3.3)
+    regexp_parser (2.0.0)
+    rexml (3.2.4)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.0)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.0)
+    rubocop (1.6.1)
+      parallel (~> 1.10)
+      parser (>= 2.7.1.5)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (1.3.0)
+      parser (>= 2.7.1.5)
+    rubocop-faker (1.1.0)
+      faker (>= 2.12.0)
+      rubocop (>= 0.82.0)
+    rubocop-performance (1.9.1)
+      rubocop (>= 0.90.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    ruby-progressbar (1.10.1)
+    ruby2_keywords (0.0.2)
+    simplecov (0.20.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov-rcov (0.2.3)
+      simplecov (>= 0.4.1)
+    simplecov_json_formatter (0.1.2)
+    sinatra (2.1.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
+      tilt (~> 2.0)
+    thor (1.0.1)
+    tilt (2.0.10)
+    timecop (0.9.2)
+    tzinfo (2.0.3)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (1.7.0)
+    vcr (6.0.0)
+    webmock (3.10.0)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    yard (0.9.25)
+    zeitwerk (2.4.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler
+  bundler-audit
+  dip
+  dotenv
+  faker
+  omniauth-forge!
+  overcommit
+  pry-byebug
+  puma
+  rake (~> 12.0)
+  rspec (~> 3.0)
+  rubocop
+  rubocop-faker
+  rubocop-performance
+  simplecov
+  simplecov-rcov
+  sinatra
+  timecop
+  vcr
+  webmock
+  yard
+
+BUNDLED WITH
+   2.1.4

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Denis <Zaratan> Pasin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,57 @@
+# Omniauth::Forge
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/omniauth/forge`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-forge'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install omniauth-forge
+
+## CVE
+
+See [Omniauth Wiki][https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284]. 
+There's an existing unfixed CVE on omniauth. This CVE is mitigated in Rails by using the gem [omniauth-rails_csrf_protection](https://github.com/cookpad/omniauth-rails_csrf_protection).
+This gem will depend on that gem in order to protect as many people as possible.
+
+### Using bundle audit
+
+Since the gem will be used by default you can ignore bundle audit warnings this way:
+```sh
+bundle audit check --ignore CVE-2015-9284
+```
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/denispasin/omniauth-forge. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/denispasin/omniauth-forge/blob/master/CODE_OF_CONDUCT.md).
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Omniauth::Forge project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/denispasin/omniauth-forge/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "omniauth/forge"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/examples/sinatra.rb

@@ -0,0 +1,23 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'sinatra'
+require 'dotenv/load'
+require "bundler/setup"
+require "omniauth-forge"
+
+use Rack::Session::Cookie
+
+use OmniAuth::Builder do
+  provider :forge,
+           ENV['FORGE_CLIENT_ID'],
+           ENV['FORGE_CLIENT_SECRET'],
+           {
+             client_options: { site: ENV['FORGE_API_BASE_URL'] },
+             root_uri: ENV['ROOT_URI'],
+           }
+end
+
+get '/forge/callback' do
+  request.env["omniauth.auth"]["info"].to_json
+end

data/lib/omniauth-forge.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require "zeitwerk"
+
+require 'omniauth'
+require 'omniauth-oauth2'
+
+# module OmniAuth
+#   module Forge
+#   end
+# end
+
+loader = Zeitwerk::Loader.for_gem
+
+loader.inflector.inflect(
+  "omniauth" => "OmniAuth",
+  "omniauth-forge" => "OmniAuthForge"
+)
+
+loader.setup # ready!

data/lib/omniauth/strategies/forge.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module Strategies
+    class Forge < OmniAuth::Strategies::OAuth2
+      option :name, 'forge'
+
+      option(
+        :client_options,
+        {
+          site: 'https://developer.api.autodesk.com',
+          authorize_url: '/authentication/v1/authorize',
+          token_url: '/authentication/v1/gettoken',
+        }
+      )
+
+      option :callback_path, '/forge/callback'
+      option :root_uri, 'https://localhost'
+
+      uid do
+        raw_info['userId']
+      end
+
+      info do
+        {
+          user_name: raw_info['userName'],
+          email: raw_info['emailId'],
+          first_name: raw_info['firstName'],
+          last_name: raw_info['lastName'],
+        }
+      end
+
+      extra do
+        {
+          'raw_info' => raw_info,
+        }
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get('/userprofile/v1/users/@me').parsed
+      end
+
+      def initialize(app, *args, &block)
+        super
+        if @options&.[](:client_options)&.[](:redirect_uri) &&
+           @options[:client_options][:redirect_uri] != self.class.default_options[:client_options][:redirect_uri]
+          return
+        end
+
+        @options[:client_options][:redirect_uri] =
+          "#{@options[:root_uri].to_s.gsub(%r{/+$}, '')}/#{options[:callback_path].to_s.gsub(%r{^/+}, '')}"
+      end
+    end
+  end
+end

data/lib/omniauth_forge/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module Forge
+    VERSION = "0.1.0"
+  end
+end

data/omniauth_forge.gemspec

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require_relative 'lib/omniauth_forge/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'omniauth-forge'
+  spec.version       = OmniAuth::Forge::VERSION
+  spec.authors       = ['Denis <Zaratan> Pasin']
+  spec.email         = ['denis.pasin@autodesk.com']
+
+  spec.summary       = "Connect to Autodesk's forge with omniauth strategy"
+  spec.description   = 'Omniauth oauth2 strategy to connect to https://forge.autodesk.com'
+  spec.homepage      = "https://github.com/shotgunsoftware/omniauth-forge"
+  spec.license       = 'MIT'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.5.0')
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = spec.homepage
+  spec.metadata['changelog_uri'] = "https://github.com/shotgunsoftware/omniauth-forge/blob/main/CHANGELOG.md"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files =
+    Dir.chdir(File.expand_path(__dir__)) do
+      `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+    end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'omniauth'
+  spec.add_dependency 'omniauth-oauth2'
+  spec.add_dependency 'omniauth-rails_csrf_protection', '~> 0.1' # No CVE-2015-9284
+  spec.add_dependency 'zeitwerk', '~> 2'
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'bundler-audit'
+  spec.add_development_dependency 'dip'
+  spec.add_development_dependency 'dotenv'
+  spec.add_development_dependency 'faker'
+  spec.add_development_dependency 'overcommit'
+  spec.add_development_dependency 'pry-byebug'
+  spec.add_development_dependency 'puma'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'rubocop-faker'
+  spec.add_development_dependency 'rubocop-performance'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'simplecov-rcov'
+  spec.add_development_dependency 'sinatra'
+  spec.add_development_dependency 'timecop'
+  spec.add_development_dependency 'vcr'
+  spec.add_development_dependency 'webmock'
+  spec.add_development_dependency 'yard'
+end