omniauth-google-oauth2 0.8.1 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fcec58e2424446306a5ff766699234f2d6c171da2b709112769b99e72a203eaf
-  data.tar.gz: fcf68a4790a7309cd50d7c0b0e13bb53f0229fcc051fad60166d8d14b927d9f6
+  metadata.gz: 3b1fdc81978e86a4a1b0c493bc1d83f9e6fa1e613bfb69b2feee8af2a6869b99
+  data.tar.gz: 02efca2850b5e053630aa7da102a9162aca87d16d6ab9fb6408654fd98c145c1
 SHA512:
-  metadata.gz: 99cd674b184a20ee2ff2c5da1a98e4a692aad4c0e739882da60338c9519d72828d440c0a375fd6c248651b7dd365f35800dabe3be28282e8e11ea425274dc0d1
-  data.tar.gz: d06b35c2f70c7680a9963edff13cc9e3e417ffca216dc7b46d6074ff01ec4207f41ae59b9251e5f91213ad39c0065b1f049450688b8cabdbc709acabc405090c
+  metadata.gz: 6f2c99c806cc6d08dadcc472474418cfbace26481e1d828aa90571d5bbf77e3e26c9b600fd6fd1d97c8a71d4e349d230f87a5e11a9106874d106a240f3cad9ec
+  data.tar.gz: a66acdde9fdda8ec2f00f861a0a1a2ca89f8faeae84388f44dca938db0e9f55ca6d166de2633c4e27ffe7cf44bcfcc5ef0c5f0a4bfbcc3990d13c89ff7ac322c

data/.github/workflows/ci.yml

@@ -0,0 +1,21 @@
+name: CI 
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.3', '2.4', '2.5', '2.6', '2.7', '3.0', '3.1']
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby ${{ matrix.ruby-version }}
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # 'bundle install' and cache
+    - name: Run specs 
+      run: |
+        bundle exec rake

data/.travis.yml

@@ -1,5 +1,9 @@
 language: ruby
+cache: bundler
 rvm:
-  - '2.3.4'
-  - '2.4.1'
-  - '2.5.0'
+  - '2.3.8'
+  - '2.4.10'
+  - '2.5.8'
+  - '2.6.6'
+  - '2.7.2'
+  - '3.0.0'

data/CHANGELOG.md

@@ -1,6 +1,49 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## 1.0.1 - 2022-03-10
+
+### Added
+- Output granted scopes in credentials block of the auth hash.
+- Migrated to GitHub actions.
+
+### Deprecated
+- Nothing.
+
+### Removed
+- Nothing.
+
+### Fixed
+- Overriding the `redirect_uri` via params or JSON request body.
+
+## 1.0.0 - 2021-03-14
+
+### Added
+- Support for Omniauth 2.x!
+
+### Deprecated
+- Nothing.
+
+### Removed
+- Support for Omniauth 1.x.
+
+### Fixed
+- Nothing.
+
+## 0.8.2 - 2021-03-14
+
+### Added
+- Constrains the version to Omniauth 1.x.
+
+### Deprecated
+- Nothing.
+
+### Removed
+- Nothing.
+
+### Fixed
+- Nothing.
+
 ## 0.8.1 - 2020-12-12
 
 ### Added
@@ -14,6 +57,7 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 - A few minor issues with .rubocop.yml.
+- Issues with image resizing code when the image came with size information from Google.
 
 ## 0.8.0 - 2019-08-21
 

data/README.md

@@ -1,5 +1,4 @@
 [![Gem Version](https://badge.fury.io/rb/omniauth-google-oauth2.svg)](https://badge.fury.io/rb/omniauth-google-oauth2)
-[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.svg)](https://travis-ci.org/zquestz/omniauth-google-oauth2)
 
 # OmniAuth Google OAuth2 Strategy
 
@@ -34,6 +33,7 @@ Here's an example for adding the middleware to a Rails app in `config/initialize
 Rails.application.config.middleware.use OmniAuth::Builder do
   provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
 end
+OmniAuth.config.allowed_request_methods = %i[get]
 ```
 
 You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
@@ -217,6 +217,10 @@ end
 For your views you can login using:
 
 ```erb
+<%# omniauth-google-oauth2 1.0.x uses OmniAuth 2 and requires using HTTP Post to initiate authentication: %>
+<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path, method: :post %>
+
+<%# omniauth-google-oauth2 prior 1.0.0: %>
 <%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path %>
 
 <%# Devise prior 4.1.0: %>

data/examples/Gemfile

@@ -5,3 +5,4 @@ source 'https://rubygems.org'
 gem 'omniauth-google-oauth2', '~> 0.8.1'
 gem 'rubocop'
 gem 'sinatra', '~> 1.4'
+gem 'webrick'

data/lib/omniauth/google_oauth2/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module GoogleOauth2
-    VERSION = '0.8.1'
+    VERSION = '1.0.1'
   end
 end

data/lib/omniauth/strategies/google_oauth2.rb

@@ -60,6 +60,11 @@ module OmniAuth
         )
       end
 
+      credentials do
+        # Tokens and expiration will be used from OAuth2 strategy credentials block
+        prune!({ 'scope' => token_info(access_token.token)['scope'] })
+      end
+
       extra do
         hash = {}
         hash[:id_token] = access_token['id_token']
@@ -102,7 +107,7 @@ module OmniAuth
       private
 
       def callback_url
-        options[:redirect_uri] || (full_host + script_name + callback_path)
+        options[:redirect_uri] || (full_host + callback_path)
       end
 
       def get_access_token(request)
@@ -121,8 +126,9 @@ module OmniAuth
             request.body.rewind # rewind request body for downstream middlewares
             verifier = body && body['code']
             access_token = body && body['access_token']
+            redirect_uri ||= body && body['redirect_uri']
             if verifier
-              client_get_token(verifier, 'postmessage')
+              client_get_token(verifier, redirect_uri || 'postmessage')
             elsif verify_token(access_token)
               ::OAuth2::AccessToken.from_hash(client, body.dup)
             end
@@ -214,12 +220,21 @@ module OmniAuth
         URI.encode_www_form(stripped_params)
       end
 
+      def token_info(access_token)
+        return nil unless access_token
+
+        @token_info ||= Hash.new do |h, k|
+          h[k] = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo', params: { access_token: access_token }).parsed
+        end
+
+        @token_info[access_token]
+      end
+
       def verify_token(access_token)
         return false unless access_token
 
-        raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo',
-                                      params: { access_token: access_token }).parsed
-        raw_response['aud'] == options.client_id || options.authorized_client_ids.include?(raw_response['aud'])
+        token_info = token_info(access_token)
+        token_info['aud'] == options.client_id || options.authorized_client_ids.include?(token_info['aud'])
       end
 
       def verify_hd(access_token)

data/omniauth-google-oauth2.gemspec

@@ -22,8 +22,8 @@ Gem::Specification.new do |gem|
 
   gem.add_runtime_dependency 'jwt', '>= 2.0'
   gem.add_runtime_dependency 'oauth2', '~> 1.1'
-  gem.add_runtime_dependency 'omniauth', '>= 1.1.1'
-  gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.6'
+  gem.add_runtime_dependency 'omniauth', '~> 2.0'
+  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.7.1'
 
   gem.add_development_dependency 'rake', '~> 12.0'
   gem.add_development_dependency 'rspec', '~> 3.6'

data/spec/omniauth/strategies/google_oauth2_spec.rb

@@ -289,14 +289,26 @@ describe OmniAuth::Strategies::GoogleOauth2 do
     end
   end
 
-  describe '#callback_path' do
+  describe '#callback_url' do
+    let(:base_url) { 'https://example.com' }
+
     it 'has the correct default callback path' do
-      expect(subject.callback_path).to eq('/auth/google_oauth2/callback')
+      allow(subject).to receive(:full_host) { base_url }
+      allow(subject).to receive(:script_name) { '' }
+      expect(subject.send(:callback_url)).to eq(base_url + '/auth/google_oauth2/callback')
+    end
+
+    it 'should set the callback path with script_name if present' do
+      allow(subject).to receive(:full_host) { base_url }
+      allow(subject).to receive(:script_name) { '/v1' }
+      expect(subject.send(:callback_url)).to eq(base_url + '/v1/auth/google_oauth2/callback')
     end
 
     it 'should set the callback_path parameter if present' do
       @options = { callback_path: '/auth/foo/callback' }
-      expect(subject.callback_path).to eq('/auth/foo/callback')
+      allow(subject).to receive(:full_host) { base_url }
+      allow(subject).to receive(:script_name) { '' }
+      expect(subject.send(:callback_url)).to eq(base_url + '/auth/foo/callback')
     end
   end
 
@@ -335,6 +347,37 @@ describe OmniAuth::Strategies::GoogleOauth2 do
     end
   end
 
+  describe '#credentials' do
+    let(:client) { OAuth2::Client.new('abc', 'def') }
+    let(:access_token) { OAuth2::AccessToken.from_hash(client, access_token: 'valid_access_token', expires_at: 123_456_789, refresh_token: 'valid_refresh_token') }
+    before(:each) do
+      allow(subject).to receive(:access_token).and_return(access_token)
+      subject.options.client_options[:connection_build] = proc do |builder|
+        builder.request :url_encoded
+        builder.adapter :test do |stub|
+          stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do
+            [200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
+              aud: '000000000000.apps.googleusercontent.com',
+              sub: '123456789',
+              scope: 'profile email'
+            )]
+          end
+        end
+      end
+    end
+
+    it 'should return access token and (optionally) refresh token' do
+      expect(subject.credentials.to_h).to \
+        match(hash_including(
+                'token' => 'valid_access_token',
+                'refresh_token' => 'valid_refresh_token',
+                'scope' => 'profile email',
+                'expires_at' => 123_456_789,
+                'expires' => true
+              ))
+    end
+  end
+
   describe '#extra' do
     let(:client) do
       OAuth2::Client.new('abc', 'def') do |builder|
@@ -629,6 +672,22 @@ describe OmniAuth::Strategies::GoogleOauth2 do
       subject.build_access_token
     end
 
+    it 'reads the redirect uri from a json request body' do
+      body = StringIO.new(%({"code":"json_access_token", "redirect_uri":"sample"}))
+      client = double(:client)
+      auth_code = double(:auth_code)
+
+      allow(request).to receive(:xhr?).and_return(false)
+      allow(request).to receive(:content_type).and_return('application/json')
+      allow(request).to receive(:body).and_return(body)
+      allow(client).to receive(:auth_code).and_return(auth_code)
+      expect(subject).to receive(:client).and_return(client)
+
+      expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'sample' }, {})
+
+      subject.build_access_token
+    end
+
     it 'reads the access token from a json request body' do
       body = StringIO.new(%({"access_token":"valid_access_token"}))
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-google-oauth2
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 1.0.1
 platform: ruby
 authors:
 - Josh Ellithorpe
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-13 00:00:00.000000000 Z
+date: 2022-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -43,30 +43,30 @@ dependencies:
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 1.7.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 1.7.1
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -117,6 +117,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rubocop.yml"
 - ".travis.yml"