omniauth-google-oauth2 0.3.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c7d06ea95829577b987b0c3f38361bbf0d53ac9c
4
- data.tar.gz: ddade281a6be78eb43318effaee6fe1eb0c748ca
3
+ metadata.gz: 6b57c40e8b39a0932e633667e017b25c97d3d180
4
+ data.tar.gz: d6f8aa07b0c1b3ca79aa00a84612952e2f353393
5
5
  SHA512:
6
- metadata.gz: 8515c0e13e3eeb43fb96b53ffd989126044dddf06c3f6e510b903eee69edc49cde9915e82d547fe77004124c5dbd6eec1166a3cbe78b1e9795a56228df540c9e
7
- data.tar.gz: 41c8b9757efade6cf94c50f29d564c94286f2debb2bb8ed9983923d964b3a6076debb238a02cb92488cd590d6937a8c8b583305076d88be59aa7146c86f8132f
6
+ metadata.gz: 7c3664503247fc376a4ec1ea968ae68f15ff6020c178fdf57b50c4320858a184fc41b30fca322f021e525e5f62a317a3c568fe02b5ec3934ef63ca26ec0e8163
7
+ data.tar.gz: ccbda37d179cd87d31f92a60564120d6fca75013c990ec87583155e81bd8a51ee3f163a69d86929e38e3f151970d61327c007a670df532d4c430d67dc43ee82d
@@ -2,10 +2,11 @@ before_install:
2
2
  - gem update --system 2.1.11
3
3
  language: ruby
4
4
  rvm:
5
- - "1.9.2"
6
5
  - "1.9.3"
7
6
  - "2.0.0"
8
7
  - "2.1.0"
8
+ - "2.2.0"
9
+ - "2.3.0"
9
10
  - "rbx"
10
11
  - "jruby"
11
12
  matrix:
@@ -1,6 +1,20 @@
1
1
  # Changelog
2
2
  All notable changes to this project will be documented in this file.
3
3
 
4
+ ## 0.3.1 - 2016-01-28
5
+
6
+ ### Added
7
+ - Verify Hosted Domain if hd is set in options.
8
+
9
+ ### Deprecated
10
+ - Nothing.
11
+
12
+ ### Removed
13
+ - Dependency on addressable.
14
+
15
+ ### Fixed
16
+ - Nothing.
17
+
4
18
  ## 0.3.0 - 2016-01-09
5
19
 
6
20
  ### Added
data/README.md CHANGED
@@ -1,3 +1,6 @@
1
+ [![Gem Version](https://badge.fury.io/rb/omniauth-google-oauth2.svg)](https://badge.fury.io/rb/omniauth-google-oauth2)
2
+ [![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.png)](https://travis-ci.org/zquestz/omniauth-google-oauth2)
3
+
1
4
  # OmniAuth Google OAuth2 Strategy
2
5
 
3
6
  Strategy to authenticate with Google via OAuth2 in OmniAuth.
@@ -22,7 +25,7 @@ Then `bundle install`.
22
25
 
23
26
  * Go to 'https://console.developers.google.com'
24
27
  * Select your project.
25
- * Click 'APIs & auth'
28
+ * Click 'Enable and manage APIs'.
26
29
  * Make sure "Contacts API" and "Google+ API" are on.
27
30
  * Go to Credentials, then select the "OAuth consent screen" tab on top, and provide an 'EMAIL ADDRESS' and a 'PRODUCT NAME'
28
31
  * Wait 10 minutes for changes to take effect.
@@ -225,6 +228,8 @@ This flow is immune to replay attacks, and conveys no useful information to a ma
225
228
  The omniauth-google-oauth2 gem supports this mode of operation out of the box. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows.
226
229
 
227
230
  ```javascript
231
+ // Basic hybrid auth example following the pattern at:
232
+ // https://developers.google.com/api-client-library/javascript/features/authentication#Authexample
228
233
  jQuery(function() {
229
234
  return $.ajax({
230
235
  url: 'https://apis.google.com/js/client:plus.js?onload=gpAsyncInit',
@@ -234,18 +239,28 @@ jQuery(function() {
234
239
  });
235
240
 
236
241
  window.gpAsyncInit = function() {
242
+ gapi.auth.authorize({
243
+ immediate: true,
244
+ response_type: 'code',
245
+ cookie_policy: 'single_host_origin',
246
+ client_id: 'YOUR_CLIENT_ID',
247
+ scope: 'email profile'
248
+ }, function(response) {
249
+ return;
250
+ });
237
251
  $('.googleplus-login').click(function(e) {
238
252
  e.preventDefault();
239
253
  gapi.auth.authorize({
240
- immediate: true,
254
+ immediate: false,
241
255
  response_type: 'code',
242
256
  cookie_policy: 'single_host_origin',
243
- client_id: '000000000000.apps.googleusercontent.com',
257
+ client_id: 'YOUR_CLIENT_ID',
244
258
  scope: 'email profile'
245
259
  }, function(response) {
246
260
  if (response && !response.error) {
247
- // google authentication succeed, now post data to server and handle data securely
248
- jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback", data: response,
261
+ // google authentication succeed, now post data to server.
262
+ jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback",
263
+ data: response,
249
264
  success: function(data) {
250
265
  // response from server
251
266
  }
@@ -256,6 +271,7 @@ window.gpAsyncInit = function() {
256
271
  });
257
272
  });
258
273
  };
274
+
259
275
  ```
260
276
 
261
277
  ### Omniauth state
@@ -285,10 +301,6 @@ Just set the `full_host` in OmniAuth based on the Rails.env.
285
301
  OmniAuth.config.full_host = Rails.env.production? ? 'https://domain.com' : 'http://localhost:3000'
286
302
  ```
287
303
 
288
- ## Build Status
289
- [![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.png)](https://travis-ci.org/zquestz/omniauth-google-oauth2)
290
-
291
-
292
304
  ## License
293
305
 
294
306
  Copyright (c) 2015 by Josh Ellithorpe
@@ -0,0 +1,43 @@
1
+ // Basic hybrid auth example following the pattern at:
2
+ // https://developers.google.com/api-client-library/javascript/features/authentication#Authexample
3
+ jQuery(function() {
4
+ return $.ajax({
5
+ url: 'https://apis.google.com/js/client:plus.js?onload=gpAsyncInit',
6
+ dataType: 'script',
7
+ cache: true
8
+ });
9
+ });
10
+
11
+ window.gpAsyncInit = function() {
12
+ gapi.auth.authorize({
13
+ immediate: true,
14
+ response_type: 'code',
15
+ cookie_policy: 'single_host_origin',
16
+ client_id: 'YOUR_CLIENT_ID',
17
+ scope: 'email profile'
18
+ }, function(response) {
19
+ return;
20
+ });
21
+ $('.googleplus-login').click(function(e) {
22
+ e.preventDefault();
23
+ gapi.auth.authorize({
24
+ immediate: false,
25
+ response_type: 'code',
26
+ cookie_policy: 'single_host_origin',
27
+ client_id: 'YOUR_CLIENT_ID',
28
+ scope: 'email profile'
29
+ }, function(response) {
30
+ if (response && !response.error) {
31
+ // google authentication succeed, now post data to server.
32
+ jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback",
33
+ data: response,
34
+ success: function(data) {
35
+ // response from server
36
+ }
37
+ });
38
+ } else {
39
+ // google authentication failed
40
+ }
41
+ });
42
+ });
43
+ };
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module GoogleOauth2
3
- VERSION = "0.3.0"
3
+ VERSION = "0.3.1"
4
4
  end
5
5
  end
@@ -1,7 +1,7 @@
1
1
  require 'multi_json'
2
2
  require 'jwt'
3
3
  require 'omniauth/strategies/oauth2'
4
- require 'addressable/uri'
4
+ require 'uri'
5
5
 
6
6
  module OmniAuth
7
7
  module Strategies
@@ -90,6 +90,7 @@ module OmniAuth
90
90
  end
91
91
 
92
92
  def custom_build_access_token
93
+ access_token =
93
94
  if request.xhr? && request.params['code']
94
95
  verifier = request.params['code']
95
96
  client.auth_code.get_token(verifier, get_token_options('postmessage'), deep_symbolize(options.auth_token_params || {}))
@@ -103,6 +104,9 @@ module OmniAuth
103
104
  verifier = request.params["code"]
104
105
  client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
105
106
  end
107
+
108
+ verify_hd(access_token)
109
+ access_token
106
110
  end
107
111
  alias_method :build_access_token, :custom_build_access_token
108
112
 
@@ -130,7 +134,7 @@ module OmniAuth
130
134
  def image_url
131
135
  return nil unless raw_info['picture']
132
136
 
133
- u = Addressable::URI.parse(raw_info['picture'].gsub('https:https', 'https'))
137
+ u = URI.parse(raw_info['picture'].gsub('https:https', 'https'))
134
138
 
135
139
  path_index = u.path.to_s.index('/photo.jpg')
136
140
 
@@ -139,7 +143,7 @@ module OmniAuth
139
143
  u.path = u.path.gsub('//', '/')
140
144
  end
141
145
 
142
- u.query_values = strip_unnecessary_query_parameters(u.query_values)
146
+ u.query = strip_unnecessary_query_parameters(u.query)
143
147
 
144
148
  u.to_s
145
149
  end
@@ -161,16 +165,18 @@ module OmniAuth
161
165
  '/' + image_params.join('-')
162
166
  end
163
167
 
164
- def strip_unnecessary_query_parameters(query_values)
168
+ def strip_unnecessary_query_parameters(query_parameters)
165
169
  # strip `sz` parameter (defaults to sz=50) which overrides `image_size` options
166
- return nil unless query_values
170
+ return nil if query_parameters.nil?
167
171
 
168
- query_hash = query_values.delete_if { |key, value| key == "sz" }
172
+ params = CGI.parse(query_parameters)
173
+ stripped_params = params.delete_if { |key| key == "sz" }
169
174
 
170
- # an empty Hash would cause a ? character in the URL: http://image.url?
171
- return nil if query_hash.empty?
175
+ # don't return an empty Hash since that would result
176
+ # in URLs with a trailing ? character: http://image.url?
177
+ return nil if stripped_params.empty?
172
178
 
173
- query_hash
179
+ URI.encode_www_form(stripped_params)
174
180
  end
175
181
 
176
182
  def verify_token(access_token)
@@ -179,6 +185,13 @@ module OmniAuth
179
185
  params: { access_token: access_token }).parsed
180
186
  raw_response['aud'] == options.client_id
181
187
  end
188
+
189
+ def verify_hd(access_token)
190
+ return true unless options.hd
191
+ @raw_info ||= access_token.get('https://www.googleapis.com/plus/v1/people/me/openIdConnect').parsed
192
+ raise CallbackError.new(:invalid_hd, "Invalid Hosted Domain") unless @raw_info['hd'] == options.hd
193
+ true
194
+ end
182
195
  end
183
196
  end
184
197
  end
@@ -18,7 +18,6 @@ Gem::Specification.new do |gem|
18
18
  gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.3.1'
19
19
  gem.add_runtime_dependency 'jwt', '~> 1.0'
20
20
  gem.add_runtime_dependency 'multi_json', '~> 1.3'
21
- gem.add_runtime_dependency 'addressable', '~> 2.3'
22
21
 
23
22
  gem.add_development_dependency 'rspec', '>= 2.14.0'
24
23
  gem.add_development_dependency 'rake'
@@ -590,4 +590,36 @@ describe OmniAuth::Strategies::GoogleOauth2 do
590
590
  }.to raise_error(OAuth2::Error)
591
591
  end
592
592
  end
593
+
594
+ describe 'verify_hd' do
595
+ let(:client) do
596
+ OAuth2::Client.new('abc', 'def') do |builder|
597
+ builder.request :url_encoded
598
+ builder.adapter :test do |stub|
599
+ stub.get('/plus/v1/people/me/openIdConnect') do |env|
600
+ [200, {'Content-Type' => 'application/json; charset=UTF-8'}, MultiJson.encode(
601
+ :hd => 'example.com',
602
+ )]
603
+ end
604
+ end
605
+ end
606
+ end
607
+ let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
608
+
609
+ it 'should verify hd if options hd is not set' do
610
+ expect(subject.send(:verify_hd, access_token)).to eq(true)
611
+ end
612
+
613
+ it 'should verify hd if options hd is set and correct' do
614
+ subject.options.hd = 'example.com'
615
+ expect(subject.send(:verify_hd, access_token)).to eq(true)
616
+ end
617
+
618
+ it 'should raise error if options hd is set and wrong' do
619
+ subject.options.hd = 'invalid.com'
620
+ expect {
621
+ subject.send(:verify_hd, access_token)
622
+ }.to raise_error(OmniAuth::Strategies::GoogleOauth2::CallbackError)
623
+ end
624
+ end
593
625
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-google-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Ellithorpe
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-01-09 00:00:00.000000000 Z
12
+ date: 2016-01-28 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth
@@ -67,20 +67,6 @@ dependencies:
67
67
  - - "~>"
68
68
  - !ruby/object:Gem::Version
69
69
  version: '1.3'
70
- - !ruby/object:Gem::Dependency
71
- name: addressable
72
- requirement: !ruby/object:Gem::Requirement
73
- requirements:
74
- - - "~>"
75
- - !ruby/object:Gem::Version
76
- version: '2.3'
77
- type: :runtime
78
- prerelease: false
79
- version_requirements: !ruby/object:Gem::Requirement
80
- requirements:
81
- - - "~>"
82
- - !ruby/object:Gem::Version
83
- version: '2.3'
84
70
  - !ruby/object:Gem::Dependency
85
71
  name: rspec
86
72
  requirement: !ruby/object:Gem::Requirement
@@ -123,6 +109,7 @@ files:
123
109
  - README.md
124
110
  - Rakefile
125
111
  - examples/Gemfile
112
+ - examples/auth.js
126
113
  - examples/config.ru
127
114
  - examples/omni_auth.rb
128
115
  - lib/omniauth-google-oauth2.rb