omniauth-google-oauth2 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +2 -1
- data/CHANGELOG.md +14 -0
- data/README.md +21 -9
- data/examples/auth.js +43 -0
- data/lib/omniauth/google_oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/google_oauth2.rb +22 -9
- data/omniauth-google-oauth2.gemspec +0 -1
- data/spec/omniauth/strategies/google_oauth2_spec.rb +32 -0
- metadata +3 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6b57c40e8b39a0932e633667e017b25c97d3d180
|
4
|
+
data.tar.gz: d6f8aa07b0c1b3ca79aa00a84612952e2f353393
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7c3664503247fc376a4ec1ea968ae68f15ff6020c178fdf57b50c4320858a184fc41b30fca322f021e525e5f62a317a3c568fe02b5ec3934ef63ca26ec0e8163
|
7
|
+
data.tar.gz: ccbda37d179cd87d31f92a60564120d6fca75013c990ec87583155e81bd8a51ee3f163a69d86929e38e3f151970d61327c007a670df532d4c430d67dc43ee82d
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,20 @@
|
|
1
1
|
# Changelog
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
|
4
|
+
## 0.3.1 - 2016-01-28
|
5
|
+
|
6
|
+
### Added
|
7
|
+
- Verify Hosted Domain if hd is set in options.
|
8
|
+
|
9
|
+
### Deprecated
|
10
|
+
- Nothing.
|
11
|
+
|
12
|
+
### Removed
|
13
|
+
- Dependency on addressable.
|
14
|
+
|
15
|
+
### Fixed
|
16
|
+
- Nothing.
|
17
|
+
|
4
18
|
## 0.3.0 - 2016-01-09
|
5
19
|
|
6
20
|
### Added
|
data/README.md
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
[![Gem Version](https://badge.fury.io/rb/omniauth-google-oauth2.svg)](https://badge.fury.io/rb/omniauth-google-oauth2)
|
2
|
+
[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.png)](https://travis-ci.org/zquestz/omniauth-google-oauth2)
|
3
|
+
|
1
4
|
# OmniAuth Google OAuth2 Strategy
|
2
5
|
|
3
6
|
Strategy to authenticate with Google via OAuth2 in OmniAuth.
|
@@ -22,7 +25,7 @@ Then `bundle install`.
|
|
22
25
|
|
23
26
|
* Go to 'https://console.developers.google.com'
|
24
27
|
* Select your project.
|
25
|
-
* Click '
|
28
|
+
* Click 'Enable and manage APIs'.
|
26
29
|
* Make sure "Contacts API" and "Google+ API" are on.
|
27
30
|
* Go to Credentials, then select the "OAuth consent screen" tab on top, and provide an 'EMAIL ADDRESS' and a 'PRODUCT NAME'
|
28
31
|
* Wait 10 minutes for changes to take effect.
|
@@ -225,6 +228,8 @@ This flow is immune to replay attacks, and conveys no useful information to a ma
|
|
225
228
|
The omniauth-google-oauth2 gem supports this mode of operation out of the box. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows.
|
226
229
|
|
227
230
|
```javascript
|
231
|
+
// Basic hybrid auth example following the pattern at:
|
232
|
+
// https://developers.google.com/api-client-library/javascript/features/authentication#Authexample
|
228
233
|
jQuery(function() {
|
229
234
|
return $.ajax({
|
230
235
|
url: 'https://apis.google.com/js/client:plus.js?onload=gpAsyncInit',
|
@@ -234,18 +239,28 @@ jQuery(function() {
|
|
234
239
|
});
|
235
240
|
|
236
241
|
window.gpAsyncInit = function() {
|
242
|
+
gapi.auth.authorize({
|
243
|
+
immediate: true,
|
244
|
+
response_type: 'code',
|
245
|
+
cookie_policy: 'single_host_origin',
|
246
|
+
client_id: 'YOUR_CLIENT_ID',
|
247
|
+
scope: 'email profile'
|
248
|
+
}, function(response) {
|
249
|
+
return;
|
250
|
+
});
|
237
251
|
$('.googleplus-login').click(function(e) {
|
238
252
|
e.preventDefault();
|
239
253
|
gapi.auth.authorize({
|
240
|
-
immediate:
|
254
|
+
immediate: false,
|
241
255
|
response_type: 'code',
|
242
256
|
cookie_policy: 'single_host_origin',
|
243
|
-
client_id: '
|
257
|
+
client_id: 'YOUR_CLIENT_ID',
|
244
258
|
scope: 'email profile'
|
245
259
|
}, function(response) {
|
246
260
|
if (response && !response.error) {
|
247
|
-
// google authentication succeed, now post data to server
|
248
|
-
jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback",
|
261
|
+
// google authentication succeed, now post data to server.
|
262
|
+
jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback",
|
263
|
+
data: response,
|
249
264
|
success: function(data) {
|
250
265
|
// response from server
|
251
266
|
}
|
@@ -256,6 +271,7 @@ window.gpAsyncInit = function() {
|
|
256
271
|
});
|
257
272
|
});
|
258
273
|
};
|
274
|
+
|
259
275
|
```
|
260
276
|
|
261
277
|
### Omniauth state
|
@@ -285,10 +301,6 @@ Just set the `full_host` in OmniAuth based on the Rails.env.
|
|
285
301
|
OmniAuth.config.full_host = Rails.env.production? ? 'https://domain.com' : 'http://localhost:3000'
|
286
302
|
```
|
287
303
|
|
288
|
-
## Build Status
|
289
|
-
[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.png)](https://travis-ci.org/zquestz/omniauth-google-oauth2)
|
290
|
-
|
291
|
-
|
292
304
|
## License
|
293
305
|
|
294
306
|
Copyright (c) 2015 by Josh Ellithorpe
|
data/examples/auth.js
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
// Basic hybrid auth example following the pattern at:
|
2
|
+
// https://developers.google.com/api-client-library/javascript/features/authentication#Authexample
|
3
|
+
jQuery(function() {
|
4
|
+
return $.ajax({
|
5
|
+
url: 'https://apis.google.com/js/client:plus.js?onload=gpAsyncInit',
|
6
|
+
dataType: 'script',
|
7
|
+
cache: true
|
8
|
+
});
|
9
|
+
});
|
10
|
+
|
11
|
+
window.gpAsyncInit = function() {
|
12
|
+
gapi.auth.authorize({
|
13
|
+
immediate: true,
|
14
|
+
response_type: 'code',
|
15
|
+
cookie_policy: 'single_host_origin',
|
16
|
+
client_id: 'YOUR_CLIENT_ID',
|
17
|
+
scope: 'email profile'
|
18
|
+
}, function(response) {
|
19
|
+
return;
|
20
|
+
});
|
21
|
+
$('.googleplus-login').click(function(e) {
|
22
|
+
e.preventDefault();
|
23
|
+
gapi.auth.authorize({
|
24
|
+
immediate: false,
|
25
|
+
response_type: 'code',
|
26
|
+
cookie_policy: 'single_host_origin',
|
27
|
+
client_id: 'YOUR_CLIENT_ID',
|
28
|
+
scope: 'email profile'
|
29
|
+
}, function(response) {
|
30
|
+
if (response && !response.error) {
|
31
|
+
// google authentication succeed, now post data to server.
|
32
|
+
jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback",
|
33
|
+
data: response,
|
34
|
+
success: function(data) {
|
35
|
+
// response from server
|
36
|
+
}
|
37
|
+
});
|
38
|
+
} else {
|
39
|
+
// google authentication failed
|
40
|
+
}
|
41
|
+
});
|
42
|
+
});
|
43
|
+
};
|
@@ -1,7 +1,7 @@
|
|
1
1
|
require 'multi_json'
|
2
2
|
require 'jwt'
|
3
3
|
require 'omniauth/strategies/oauth2'
|
4
|
-
require '
|
4
|
+
require 'uri'
|
5
5
|
|
6
6
|
module OmniAuth
|
7
7
|
module Strategies
|
@@ -90,6 +90,7 @@ module OmniAuth
|
|
90
90
|
end
|
91
91
|
|
92
92
|
def custom_build_access_token
|
93
|
+
access_token =
|
93
94
|
if request.xhr? && request.params['code']
|
94
95
|
verifier = request.params['code']
|
95
96
|
client.auth_code.get_token(verifier, get_token_options('postmessage'), deep_symbolize(options.auth_token_params || {}))
|
@@ -103,6 +104,9 @@ module OmniAuth
|
|
103
104
|
verifier = request.params["code"]
|
104
105
|
client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
|
105
106
|
end
|
107
|
+
|
108
|
+
verify_hd(access_token)
|
109
|
+
access_token
|
106
110
|
end
|
107
111
|
alias_method :build_access_token, :custom_build_access_token
|
108
112
|
|
@@ -130,7 +134,7 @@ module OmniAuth
|
|
130
134
|
def image_url
|
131
135
|
return nil unless raw_info['picture']
|
132
136
|
|
133
|
-
u =
|
137
|
+
u = URI.parse(raw_info['picture'].gsub('https:https', 'https'))
|
134
138
|
|
135
139
|
path_index = u.path.to_s.index('/photo.jpg')
|
136
140
|
|
@@ -139,7 +143,7 @@ module OmniAuth
|
|
139
143
|
u.path = u.path.gsub('//', '/')
|
140
144
|
end
|
141
145
|
|
142
|
-
u.
|
146
|
+
u.query = strip_unnecessary_query_parameters(u.query)
|
143
147
|
|
144
148
|
u.to_s
|
145
149
|
end
|
@@ -161,16 +165,18 @@ module OmniAuth
|
|
161
165
|
'/' + image_params.join('-')
|
162
166
|
end
|
163
167
|
|
164
|
-
def strip_unnecessary_query_parameters(
|
168
|
+
def strip_unnecessary_query_parameters(query_parameters)
|
165
169
|
# strip `sz` parameter (defaults to sz=50) which overrides `image_size` options
|
166
|
-
return nil
|
170
|
+
return nil if query_parameters.nil?
|
167
171
|
|
168
|
-
|
172
|
+
params = CGI.parse(query_parameters)
|
173
|
+
stripped_params = params.delete_if { |key| key == "sz" }
|
169
174
|
|
170
|
-
# an empty Hash
|
171
|
-
|
175
|
+
# don't return an empty Hash since that would result
|
176
|
+
# in URLs with a trailing ? character: http://image.url?
|
177
|
+
return nil if stripped_params.empty?
|
172
178
|
|
173
|
-
|
179
|
+
URI.encode_www_form(stripped_params)
|
174
180
|
end
|
175
181
|
|
176
182
|
def verify_token(access_token)
|
@@ -179,6 +185,13 @@ module OmniAuth
|
|
179
185
|
params: { access_token: access_token }).parsed
|
180
186
|
raw_response['aud'] == options.client_id
|
181
187
|
end
|
188
|
+
|
189
|
+
def verify_hd(access_token)
|
190
|
+
return true unless options.hd
|
191
|
+
@raw_info ||= access_token.get('https://www.googleapis.com/plus/v1/people/me/openIdConnect').parsed
|
192
|
+
raise CallbackError.new(:invalid_hd, "Invalid Hosted Domain") unless @raw_info['hd'] == options.hd
|
193
|
+
true
|
194
|
+
end
|
182
195
|
end
|
183
196
|
end
|
184
197
|
end
|
@@ -18,7 +18,6 @@ Gem::Specification.new do |gem|
|
|
18
18
|
gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.3.1'
|
19
19
|
gem.add_runtime_dependency 'jwt', '~> 1.0'
|
20
20
|
gem.add_runtime_dependency 'multi_json', '~> 1.3'
|
21
|
-
gem.add_runtime_dependency 'addressable', '~> 2.3'
|
22
21
|
|
23
22
|
gem.add_development_dependency 'rspec', '>= 2.14.0'
|
24
23
|
gem.add_development_dependency 'rake'
|
@@ -590,4 +590,36 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
590
590
|
}.to raise_error(OAuth2::Error)
|
591
591
|
end
|
592
592
|
end
|
593
|
+
|
594
|
+
describe 'verify_hd' do
|
595
|
+
let(:client) do
|
596
|
+
OAuth2::Client.new('abc', 'def') do |builder|
|
597
|
+
builder.request :url_encoded
|
598
|
+
builder.adapter :test do |stub|
|
599
|
+
stub.get('/plus/v1/people/me/openIdConnect') do |env|
|
600
|
+
[200, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(
|
601
|
+
:hd => 'example.com',
|
602
|
+
)]
|
603
|
+
end
|
604
|
+
end
|
605
|
+
end
|
606
|
+
end
|
607
|
+
let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
|
608
|
+
|
609
|
+
it 'should verify hd if options hd is not set' do
|
610
|
+
expect(subject.send(:verify_hd, access_token)).to eq(true)
|
611
|
+
end
|
612
|
+
|
613
|
+
it 'should verify hd if options hd is set and correct' do
|
614
|
+
subject.options.hd = 'example.com'
|
615
|
+
expect(subject.send(:verify_hd, access_token)).to eq(true)
|
616
|
+
end
|
617
|
+
|
618
|
+
it 'should raise error if options hd is set and wrong' do
|
619
|
+
subject.options.hd = 'invalid.com'
|
620
|
+
expect {
|
621
|
+
subject.send(:verify_hd, access_token)
|
622
|
+
}.to raise_error(OmniAuth::Strategies::GoogleOauth2::CallbackError)
|
623
|
+
end
|
624
|
+
end
|
593
625
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-google-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Ellithorpe
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2016-01-
|
12
|
+
date: 2016-01-28 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: omniauth
|
@@ -67,20 +67,6 @@ dependencies:
|
|
67
67
|
- - "~>"
|
68
68
|
- !ruby/object:Gem::Version
|
69
69
|
version: '1.3'
|
70
|
-
- !ruby/object:Gem::Dependency
|
71
|
-
name: addressable
|
72
|
-
requirement: !ruby/object:Gem::Requirement
|
73
|
-
requirements:
|
74
|
-
- - "~>"
|
75
|
-
- !ruby/object:Gem::Version
|
76
|
-
version: '2.3'
|
77
|
-
type: :runtime
|
78
|
-
prerelease: false
|
79
|
-
version_requirements: !ruby/object:Gem::Requirement
|
80
|
-
requirements:
|
81
|
-
- - "~>"
|
82
|
-
- !ruby/object:Gem::Version
|
83
|
-
version: '2.3'
|
84
70
|
- !ruby/object:Gem::Dependency
|
85
71
|
name: rspec
|
86
72
|
requirement: !ruby/object:Gem::Requirement
|
@@ -123,6 +109,7 @@ files:
|
|
123
109
|
- README.md
|
124
110
|
- Rakefile
|
125
111
|
- examples/Gemfile
|
112
|
+
- examples/auth.js
|
126
113
|
- examples/config.ru
|
127
114
|
- examples/omni_auth.rb
|
128
115
|
- lib/omniauth-google-oauth2.rb
|