omniauth-google-oauth2 0.3.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +0 -1
- data/CHANGELOG.md +16 -0
- data/README.md +5 -3
- data/lib/omniauth/google_oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/google_oauth2.rb +6 -2
- data/omniauth-google-oauth2.gemspec +3 -1
- data/spec/omniauth/strategies/google_oauth2_spec.rb +12 -0
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d95dd15d4421affbdbb9e1b1d42c1f58052f28ac
|
4
|
+
data.tar.gz: a524b2d381c0a30db4e4a8e606be5b6e95e9ea0e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 589d9c83dd9d3cff125d7e76e29a6dd4f99737418473eb73ebd95a55711aceb7c32ca4c63ebf8a6aa1736241119bd498f494f95d3aaa5ec0aa3199fcb21001be
|
7
|
+
data.tar.gz: 706f8c2c4f95f1d7575f0ebe7dea5eb08ea49bec4c86481fc075f0bfd4175e97cb1ef33cbf75b3bea8cd8cd35c101bdd4a8bb8a6c7dbde2c422523b6a927b50f
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,22 @@
|
|
1
1
|
# Changelog
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
|
4
|
+
## 0.4.0 - 2016-03-11
|
5
|
+
|
6
|
+
### Added
|
7
|
+
- Addedd ability to specify multiple hosted domains.
|
8
|
+
- Added a default leeway of 1 minute to JWT token validation.
|
9
|
+
- Now requires ruby-jwt 1.5.x.
|
10
|
+
|
11
|
+
### Deprecated
|
12
|
+
- Nothing.
|
13
|
+
|
14
|
+
### Removed
|
15
|
+
- Removed support for ruby 1.9.3 as ruby-jwt 1.5.x does not support it.
|
16
|
+
|
17
|
+
### Fixed
|
18
|
+
- Nothing.
|
19
|
+
|
4
20
|
## 0.3.1 - 2016-01-28
|
5
21
|
|
6
22
|
### Added
|
data/README.md
CHANGED
@@ -72,9 +72,11 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
72
72
|
|
73
73
|
* `access_type`: Defaults to `offline`, so a refresh token is sent to be used when the user is not present at the browser. Can be set to `online`. More about [offline access](https://developers.google.com/identity/protocols/OAuth2WebServer#offline)
|
74
74
|
|
75
|
-
* `hd`: (Optional) Limit sign-in to a particular Google Apps hosted domain.
|
75
|
+
* `hd`: (Optional) Limit sign-in to a particular Google Apps hosted domain. This can be simply string `'domain.com'` or an array `%w(domain.com domain.co)`. More information at: https://developers.google.com/accounts/docs/OpenIDConnect#hd-param
|
76
76
|
|
77
|
-
* `
|
77
|
+
* `jwt_leeway`: Number of seconds passed to the JWT library as leeway. Defaults to 60 seconds.
|
78
|
+
|
79
|
+
* `skip_jwt`: Skip JWT processing. This is for users who are seeing JWT decoding errors with the `iat` field. Always try adjusting the leeway before disabling JWT processing.
|
78
80
|
|
79
81
|
* `login_hint`: When your app knows which user it is trying to authenticate, it can provide this parameter as a hint to the authentication server. Passing this hint suppresses the account chooser and either pre-fill the email box on the sign-in form, or select the proper session (if the user is using multiple sign-in), which can help you avoid problems that occur if your app logs in the wrong user account. The value can be either an email address or the sub string, which is equivalent to the user's Google+ ID.
|
80
82
|
|
@@ -303,7 +305,7 @@ OmniAuth.config.full_host = Rails.env.production? ? 'https://domain.com' : 'http
|
|
303
305
|
|
304
306
|
## License
|
305
307
|
|
306
|
-
Copyright (c)
|
308
|
+
Copyright (c) 2016 by Josh Ellithorpe
|
307
309
|
|
308
310
|
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
309
311
|
|
@@ -14,6 +14,7 @@ module OmniAuth
|
|
14
14
|
option :skip_friends, true
|
15
15
|
option :skip_image_info, true
|
16
16
|
option :skip_jwt, false
|
17
|
+
option :jwt_leeway, 60
|
17
18
|
option :authorize_options, [:access_type, :hd, :login_hint, :prompt, :request_visible_actions, :scope, :state, :redirect_uri, :include_granted_scopes, :openid_realm]
|
18
19
|
|
19
20
|
option :client_options, {
|
@@ -68,7 +69,8 @@ module OmniAuth
|
|
68
69
|
:verify_expiration => true,
|
69
70
|
:verify_not_before => true,
|
70
71
|
:verify_iat => true,
|
71
|
-
:verify_jti => false
|
72
|
+
:verify_jti => false,
|
73
|
+
:leeway => options[:jwt_leeway]
|
72
74
|
}).first
|
73
75
|
end
|
74
76
|
hash[:raw_info] = raw_info unless skip_info?
|
@@ -189,7 +191,9 @@ module OmniAuth
|
|
189
191
|
def verify_hd(access_token)
|
190
192
|
return true unless options.hd
|
191
193
|
@raw_info ||= access_token.get('https://www.googleapis.com/plus/v1/people/me/openIdConnect').parsed
|
192
|
-
|
194
|
+
allowed_hosted_domains = Array(options.hd)
|
195
|
+
|
196
|
+
raise CallbackError.new(:invalid_hd, "Invalid Hosted Domain") unless allowed_hosted_domains.include? @raw_info['hd']
|
193
197
|
true
|
194
198
|
end
|
195
199
|
end
|
@@ -14,9 +14,11 @@ Gem::Specification.new do |gem|
|
|
14
14
|
gem.files = `git ls-files`.split("\n")
|
15
15
|
gem.require_paths = ["lib"]
|
16
16
|
|
17
|
+
gem.required_ruby_version = '>= 2.0'
|
18
|
+
|
17
19
|
gem.add_runtime_dependency 'omniauth', '>= 1.1.1'
|
18
20
|
gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.3.1'
|
19
|
-
gem.add_runtime_dependency 'jwt', '~> 1.0'
|
21
|
+
gem.add_runtime_dependency 'jwt', '~> 1.5.0'
|
20
22
|
gem.add_runtime_dependency 'multi_json', '~> 1.3'
|
21
23
|
|
22
24
|
gem.add_development_dependency 'rspec', '>= 2.14.0'
|
@@ -615,11 +615,23 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
615
615
|
expect(subject.send(:verify_hd, access_token)).to eq(true)
|
616
616
|
end
|
617
617
|
|
618
|
+
it 'should verify hd if options hd is set as an array and is correct' do
|
619
|
+
subject.options.hd = ['example.com', 'example.co']
|
620
|
+
expect(subject.send(:verify_hd, access_token)).to eq(true)
|
621
|
+
end
|
622
|
+
|
618
623
|
it 'should raise error if options hd is set and wrong' do
|
619
624
|
subject.options.hd = 'invalid.com'
|
620
625
|
expect {
|
621
626
|
subject.send(:verify_hd, access_token)
|
622
627
|
}.to raise_error(OmniAuth::Strategies::GoogleOauth2::CallbackError)
|
623
628
|
end
|
629
|
+
|
630
|
+
it 'should raise error if options hd is set as an array and is not correct' do
|
631
|
+
subject.options.hd = ['invalid.com', 'invalid.co']
|
632
|
+
expect {
|
633
|
+
subject.send(:verify_hd, access_token)
|
634
|
+
}.to raise_error(OmniAuth::Strategies::GoogleOauth2::CallbackError)
|
635
|
+
end
|
624
636
|
end
|
625
637
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-google-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Ellithorpe
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2016-
|
12
|
+
date: 2016-03-11 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: omniauth
|
@@ -45,14 +45,14 @@ dependencies:
|
|
45
45
|
requirements:
|
46
46
|
- - "~>"
|
47
47
|
- !ruby/object:Gem::Version
|
48
|
-
version:
|
48
|
+
version: 1.5.0
|
49
49
|
type: :runtime
|
50
50
|
prerelease: false
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
53
|
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version:
|
55
|
+
version: 1.5.0
|
56
56
|
- !ruby/object:Gem::Dependency
|
57
57
|
name: multi_json
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
@@ -131,7 +131,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
131
131
|
requirements:
|
132
132
|
- - ">="
|
133
133
|
- !ruby/object:Gem::Version
|
134
|
-
version: '0'
|
134
|
+
version: '2.0'
|
135
135
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
136
136
|
requirements:
|
137
137
|
- - ">="
|