omniauth-google-oauth2 0.8.2 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +21 -0
- data/.travis.yml +6 -3
- data/CHANGELOG.md +46 -2
- data/README.md +8 -2
- data/examples/Gemfile +1 -0
- data/lib/omniauth/google_oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/google_oauth2.rb +31 -10
- data/omniauth-google-oauth2.gemspec +3 -3
- data/spec/omniauth/strategies/google_oauth2_spec.rb +122 -18
- metadata +12 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f1ed28b1b51bd66946f8a20796e451090685c868c6923e18e38fd2476f398989
|
4
|
+
data.tar.gz: ee9023b2fd1e74bea632aa12d50d411be6d5738bf91da56293470db5cc339720
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0cf127deee1596814c94521433300e88f965ee762a93f085a07dcf38307a48bdb803f40b6f35bb3611b29aa3349ac0f209ac6da64facb6733620ad820f4f1911
|
7
|
+
data.tar.gz: 72ce107f30e80fc5564e0fcdea2de7a813f4962ea202aa5076b364cc561d9890e91f2dd1f25736df2238709910cefe800fba6854200e2320a149d596aaec8ef0
|
@@ -0,0 +1,21 @@
|
|
1
|
+
name: CI
|
2
|
+
|
3
|
+
on: [push, pull_request]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
test:
|
7
|
+
runs-on: ubuntu-latest
|
8
|
+
strategy:
|
9
|
+
matrix:
|
10
|
+
ruby-version: ['2.3', '2.4', '2.5', '2.6', '2.7', '3.0', '3.1']
|
11
|
+
|
12
|
+
steps:
|
13
|
+
- uses: actions/checkout@v2
|
14
|
+
- name: Set up Ruby ${{ matrix.ruby-version }}
|
15
|
+
uses: ruby/setup-ruby@v1
|
16
|
+
with:
|
17
|
+
ruby-version: ${{ matrix.ruby-version }}
|
18
|
+
bundler-cache: true # 'bundle install' and cache
|
19
|
+
- name: Run specs
|
20
|
+
run: |
|
21
|
+
bundle exec rake
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,50 @@
|
|
1
1
|
# Changelog
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
|
4
|
+
## 1.1.0 - 2022-09-03
|
5
|
+
|
6
|
+
### Added
|
7
|
+
- `overridable_authorize_options` has been added to restrict overriding authorize_options by request params. [#423](https://github.com/zquestz/omniauth-google-oauth2/pull/423)
|
8
|
+
- Support for oauth2 2.0.x. [#429](https://github.com/zquestz/omniauth-google-oauth2/pull/429)
|
9
|
+
|
10
|
+
### Deprecated
|
11
|
+
- Nothing.
|
12
|
+
|
13
|
+
### Removed
|
14
|
+
- Nothing.
|
15
|
+
|
16
|
+
### Fixed
|
17
|
+
- Nothing.
|
18
|
+
|
19
|
+
## 1.0.1 - 2022-03-10
|
20
|
+
|
21
|
+
### Added
|
22
|
+
- Output granted scopes in credentials block of the auth hash.
|
23
|
+
- Migrated to GitHub actions.
|
24
|
+
|
25
|
+
### Deprecated
|
26
|
+
- Nothing.
|
27
|
+
|
28
|
+
### Removed
|
29
|
+
- Nothing.
|
30
|
+
|
31
|
+
### Fixed
|
32
|
+
- Overriding the `redirect_uri` via params or JSON request body.
|
33
|
+
|
34
|
+
## 1.0.0 - 2021-03-14
|
35
|
+
|
36
|
+
### Added
|
37
|
+
- Support for Omniauth 2.x!
|
38
|
+
|
39
|
+
### Deprecated
|
40
|
+
- Nothing.
|
41
|
+
|
42
|
+
### Removed
|
43
|
+
- Support for Omniauth 1.x.
|
44
|
+
|
45
|
+
### Fixed
|
46
|
+
- Nothing.
|
47
|
+
|
4
48
|
## 0.8.2 - 2021-03-14
|
5
49
|
|
6
50
|
### Added
|
@@ -10,10 +54,10 @@ All notable changes to this project will be documented in this file.
|
|
10
54
|
- Nothing.
|
11
55
|
|
12
56
|
### Removed
|
13
|
-
- Nothing
|
57
|
+
- Nothing.
|
14
58
|
|
15
59
|
### Fixed
|
16
|
-
- Nothing
|
60
|
+
- Nothing.
|
17
61
|
|
18
62
|
## 0.8.1 - 2020-12-12
|
19
63
|
|
data/README.md
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
[![Gem Version](https://badge.fury.io/rb/omniauth-google-oauth2.svg)](https://badge.fury.io/rb/omniauth-google-oauth2)
|
2
|
-
[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.svg)](https://travis-ci.org/zquestz/omniauth-google-oauth2)
|
3
2
|
|
4
3
|
# OmniAuth Google OAuth2 Strategy
|
5
4
|
|
@@ -34,6 +33,7 @@ Here's an example for adding the middleware to a Rails app in `config/initialize
|
|
34
33
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
35
34
|
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
|
36
35
|
end
|
36
|
+
OmniAuth.config.allowed_request_methods = %i[get]
|
37
37
|
```
|
38
38
|
|
39
39
|
You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
|
@@ -85,13 +85,15 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
85
85
|
|
86
86
|
* `provider_ignores_state`: You will need to set this to `true` when using the `One-time Code Flow` below. In this flow there is no server side redirect that would set the state.
|
87
87
|
|
88
|
+
* `overridable_authorize_options`: By default, all `authorize_options` can be overridden with request parameters. You can restrict the behavior by using this option.
|
89
|
+
|
88
90
|
Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select their account when logging in and the user's profile picture is returned as a thumbnail:
|
89
91
|
|
90
92
|
```ruby
|
91
93
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
92
94
|
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'],
|
93
95
|
{
|
94
|
-
scope: '
|
96
|
+
scope: 'email, profile, http://gdata.youtube.com',
|
95
97
|
prompt: 'select_account',
|
96
98
|
image_aspect_ratio: 'square',
|
97
99
|
image_size: 50
|
@@ -217,6 +219,10 @@ end
|
|
217
219
|
For your views you can login using:
|
218
220
|
|
219
221
|
```erb
|
222
|
+
<%# omniauth-google-oauth2 1.0.x uses OmniAuth 2 and requires using HTTP Post to initiate authentication: %>
|
223
|
+
<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path, method: :post %>
|
224
|
+
|
225
|
+
<%# omniauth-google-oauth2 prior 1.0.0: %>
|
220
226
|
<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path %>
|
221
227
|
|
222
228
|
<%# Devise prior 4.1.0: %>
|
data/examples/Gemfile
CHANGED
@@ -15,13 +15,15 @@ module OmniAuth
|
|
15
15
|
DEFAULT_SCOPE = 'email,profile'
|
16
16
|
USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
|
17
17
|
IMAGE_SIZE_REGEXP = /(s\d+(-c)?)|(w\d+-h\d+(-c)?)|(w\d+(-c)?)|(h\d+(-c)?)|c/
|
18
|
+
AUTHORIZE_OPTIONS = %i[access_type hd login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes openid_realm device_id device_name]
|
18
19
|
|
19
20
|
option :name, 'google_oauth2'
|
20
21
|
option :skip_friends, true
|
21
22
|
option :skip_image_info, true
|
22
23
|
option :skip_jwt, false
|
23
24
|
option :jwt_leeway, 60
|
24
|
-
option :authorize_options,
|
25
|
+
option :authorize_options, AUTHORIZE_OPTIONS
|
26
|
+
option :overridable_authorize_options, AUTHORIZE_OPTIONS
|
25
27
|
option :authorized_client_ids, []
|
26
28
|
|
27
29
|
option :client_options,
|
@@ -31,7 +33,7 @@ module OmniAuth
|
|
31
33
|
|
32
34
|
def authorize_params
|
33
35
|
super.tap do |params|
|
34
|
-
options[:authorize_options].each do |k|
|
36
|
+
(options[:authorize_options] & options[:overridable_authorize_options]).each do |k|
|
35
37
|
params[k] = request.params[k.to_s] unless [nil, ''].include?(request.params[k.to_s])
|
36
38
|
end
|
37
39
|
|
@@ -60,11 +62,16 @@ module OmniAuth
|
|
60
62
|
)
|
61
63
|
end
|
62
64
|
|
65
|
+
credentials do
|
66
|
+
# Tokens and expiration will be used from OAuth2 strategy credentials block
|
67
|
+
prune!({ 'scope' => token_info(access_token.token)['scope'] })
|
68
|
+
end
|
69
|
+
|
63
70
|
extra do
|
64
71
|
hash = {}
|
65
|
-
hash[:id_token] = access_token
|
66
|
-
if !options[:skip_jwt] && !access_token
|
67
|
-
decoded = ::JWT.decode(access_token
|
72
|
+
hash[:id_token] = access_token.token
|
73
|
+
if !options[:skip_jwt] && !nil_or_empty(access_token.token)
|
74
|
+
decoded = ::JWT.decode(access_token.token, nil, false).first
|
68
75
|
|
69
76
|
# We have to manually verify the claims because the third parameter to
|
70
77
|
# JWT.decode is false since no verification key is provided.
|
@@ -101,8 +108,12 @@ module OmniAuth
|
|
101
108
|
|
102
109
|
private
|
103
110
|
|
111
|
+
def nil_or_empty(obj)
|
112
|
+
obj.is_a?(String) ? obj.empty? : obj.nil?
|
113
|
+
end
|
114
|
+
|
104
115
|
def callback_url
|
105
|
-
options[:redirect_uri] || (full_host +
|
116
|
+
options[:redirect_uri] || (full_host + callback_path)
|
106
117
|
end
|
107
118
|
|
108
119
|
def get_access_token(request)
|
@@ -121,8 +132,9 @@ module OmniAuth
|
|
121
132
|
request.body.rewind # rewind request body for downstream middlewares
|
122
133
|
verifier = body && body['code']
|
123
134
|
access_token = body && body['access_token']
|
135
|
+
redirect_uri ||= body && body['redirect_uri']
|
124
136
|
if verifier
|
125
|
-
client_get_token(verifier, 'postmessage')
|
137
|
+
client_get_token(verifier, redirect_uri || 'postmessage')
|
126
138
|
elsif verify_token(access_token)
|
127
139
|
::OAuth2::AccessToken.from_hash(client, body.dup)
|
128
140
|
end
|
@@ -214,12 +226,21 @@ module OmniAuth
|
|
214
226
|
URI.encode_www_form(stripped_params)
|
215
227
|
end
|
216
228
|
|
229
|
+
def token_info(access_token)
|
230
|
+
return nil unless access_token
|
231
|
+
|
232
|
+
@token_info ||= Hash.new do |h, k|
|
233
|
+
h[k] = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo', params: { access_token: access_token }).parsed
|
234
|
+
end
|
235
|
+
|
236
|
+
@token_info[access_token]
|
237
|
+
end
|
238
|
+
|
217
239
|
def verify_token(access_token)
|
218
240
|
return false unless access_token
|
219
241
|
|
220
|
-
|
221
|
-
|
222
|
-
raw_response['aud'] == options.client_id || options.authorized_client_ids.include?(raw_response['aud'])
|
242
|
+
token_info = token_info(access_token)
|
243
|
+
token_info['aud'] == options.client_id || options.authorized_client_ids.include?(token_info['aud'])
|
223
244
|
end
|
224
245
|
|
225
246
|
def verify_hd(access_token)
|
@@ -21,9 +21,9 @@ Gem::Specification.new do |gem|
|
|
21
21
|
gem.required_ruby_version = '>= 2.2'
|
22
22
|
|
23
23
|
gem.add_runtime_dependency 'jwt', '>= 2.0'
|
24
|
-
gem.add_runtime_dependency 'oauth2', '~>
|
25
|
-
gem.add_runtime_dependency 'omniauth', '~>
|
26
|
-
gem.add_runtime_dependency 'omniauth-oauth2', '
|
24
|
+
gem.add_runtime_dependency 'oauth2', '~> 2.0.6'
|
25
|
+
gem.add_runtime_dependency 'omniauth', '~> 2.0'
|
26
|
+
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8.0'
|
27
27
|
|
28
28
|
gem.add_development_dependency 'rake', '~> 12.0'
|
29
29
|
gem.add_development_dependency 'rspec', '~> 3.6'
|
@@ -242,9 +242,18 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
242
242
|
context "authorize option #{k}" do
|
243
243
|
let(:request) { double('Request', params: { k.to_s => 'http://example.com' }, cookies: {}, env: {}) }
|
244
244
|
|
245
|
-
|
246
|
-
|
247
|
-
|
245
|
+
context 'when overridable_authorize_options is default' do
|
246
|
+
it "should set the #{k} authorize option dynamically in the request" do
|
247
|
+
@options = { k: '' }
|
248
|
+
expect(subject.authorize_params[k.to_s]).to eq('http://example.com')
|
249
|
+
end
|
250
|
+
end
|
251
|
+
|
252
|
+
context 'when overridable_authorize_options is empty' do
|
253
|
+
it "should not set the #{k} authorize option dynamically in the request" do
|
254
|
+
@options = { k: '', overridable_authorize_options: [] }
|
255
|
+
expect(subject.authorize_params[k.to_s]).not_to eq('http://example.com')
|
256
|
+
end
|
248
257
|
end
|
249
258
|
end
|
250
259
|
end
|
@@ -252,9 +261,18 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
252
261
|
describe 'custom authorize_options' do
|
253
262
|
let(:request) { double('Request', params: { 'foo' => 'something' }, cookies: {}, env: {}) }
|
254
263
|
|
255
|
-
|
256
|
-
|
257
|
-
|
264
|
+
context 'when overridable_authorize_options is default' do
|
265
|
+
it 'should not support request overrides from custom authorize_options' do
|
266
|
+
@options = { authorize_options: [:foo], foo: '' }
|
267
|
+
expect(subject.authorize_params['foo']).not_to eq('something')
|
268
|
+
end
|
269
|
+
end
|
270
|
+
|
271
|
+
context 'when overridable_authorize_options is customized' do
|
272
|
+
it 'should support request overrides from custom authorize_options' do
|
273
|
+
@options = { authorize_options: [:foo], overridable_authorize_options: [:foo], foo: '' }
|
274
|
+
expect(subject.authorize_params['foo']).to eq('something')
|
275
|
+
end
|
258
276
|
end
|
259
277
|
end
|
260
278
|
end
|
@@ -289,14 +307,26 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
289
307
|
end
|
290
308
|
end
|
291
309
|
|
292
|
-
describe '#
|
310
|
+
describe '#callback_url' do
|
311
|
+
let(:base_url) { 'https://example.com' }
|
312
|
+
|
293
313
|
it 'has the correct default callback path' do
|
294
|
-
|
314
|
+
allow(subject).to receive(:full_host) { base_url }
|
315
|
+
allow(subject).to receive(:script_name) { '' }
|
316
|
+
expect(subject.send(:callback_url)).to eq(base_url + '/auth/google_oauth2/callback')
|
317
|
+
end
|
318
|
+
|
319
|
+
it 'should set the callback path with script_name if present' do
|
320
|
+
allow(subject).to receive(:full_host) { base_url }
|
321
|
+
allow(subject).to receive(:script_name) { '/v1' }
|
322
|
+
expect(subject.send(:callback_url)).to eq(base_url + '/v1/auth/google_oauth2/callback')
|
295
323
|
end
|
296
324
|
|
297
325
|
it 'should set the callback_path parameter if present' do
|
298
326
|
@options = { callback_path: '/auth/foo/callback' }
|
299
|
-
|
327
|
+
allow(subject).to receive(:full_host) { base_url }
|
328
|
+
allow(subject).to receive(:script_name) { '' }
|
329
|
+
expect(subject.send(:callback_url)).to eq(base_url + '/auth/foo/callback')
|
300
330
|
end
|
301
331
|
end
|
302
332
|
|
@@ -309,7 +339,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
309
339
|
end
|
310
340
|
end
|
311
341
|
end
|
312
|
-
let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
|
342
|
+
let(:access_token) { OAuth2::AccessToken.from_hash(client, { 'access_token' => 'a' }) }
|
313
343
|
before { allow(subject).to receive(:access_token).and_return(access_token) }
|
314
344
|
|
315
345
|
context 'with verified email' do
|
@@ -335,6 +365,37 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
335
365
|
end
|
336
366
|
end
|
337
367
|
|
368
|
+
describe '#credentials' do
|
369
|
+
let(:client) { OAuth2::Client.new('abc', 'def') }
|
370
|
+
let(:access_token) { OAuth2::AccessToken.from_hash(client, access_token: 'valid_access_token', expires_at: 123_456_789, refresh_token: 'valid_refresh_token') }
|
371
|
+
before(:each) do
|
372
|
+
allow(subject).to receive(:access_token).and_return(access_token)
|
373
|
+
subject.options.client_options[:connection_build] = proc do |builder|
|
374
|
+
builder.request :url_encoded
|
375
|
+
builder.adapter :test do |stub|
|
376
|
+
stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do
|
377
|
+
[200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
|
378
|
+
aud: '000000000000.apps.googleusercontent.com',
|
379
|
+
sub: '123456789',
|
380
|
+
scope: 'profile email'
|
381
|
+
)]
|
382
|
+
end
|
383
|
+
end
|
384
|
+
end
|
385
|
+
end
|
386
|
+
|
387
|
+
it 'should return access token and (optionally) refresh token' do
|
388
|
+
expect(subject.credentials.to_h).to \
|
389
|
+
match(hash_including(
|
390
|
+
'token' => 'valid_access_token',
|
391
|
+
'refresh_token' => 'valid_refresh_token',
|
392
|
+
'scope' => 'profile email',
|
393
|
+
'expires_at' => 123_456_789,
|
394
|
+
'expires' => true
|
395
|
+
))
|
396
|
+
end
|
397
|
+
end
|
398
|
+
|
338
399
|
describe '#extra' do
|
339
400
|
let(:client) do
|
340
401
|
OAuth2::Client.new('abc', 'def') do |builder|
|
@@ -344,8 +405,6 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
344
405
|
end
|
345
406
|
end
|
346
407
|
end
|
347
|
-
let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
|
348
|
-
|
349
408
|
before { allow(subject).to receive(:access_token).and_return(access_token) }
|
350
409
|
|
351
410
|
describe 'id_token' do
|
@@ -406,7 +465,10 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
406
465
|
end
|
407
466
|
end
|
408
467
|
|
409
|
-
context 'when the
|
468
|
+
context 'when the access token is empty or nil' do
|
469
|
+
let(:access_token) { OAuth2::AccessToken.new(client, nil, { 'refresh_token' => 'foo' }) }
|
470
|
+
before { allow(subject.extra).to receive(:access_token).and_return(access_token) }
|
471
|
+
|
410
472
|
it 'should not include id_token' do
|
411
473
|
expect(subject.extra).not_to have_key(:id_token)
|
412
474
|
end
|
@@ -418,6 +480,19 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
418
480
|
end
|
419
481
|
|
420
482
|
describe 'raw_info' do
|
483
|
+
let(:token_info) do
|
484
|
+
{
|
485
|
+
'abc' => 'xyz',
|
486
|
+
'exp' => Time.now.to_i + 3600,
|
487
|
+
'nbf' => Time.now.to_i - 60,
|
488
|
+
'iat' => Time.now.to_i,
|
489
|
+
'aud' => 'appid',
|
490
|
+
'iss' => 'accounts.google.com'
|
491
|
+
}
|
492
|
+
end
|
493
|
+
let(:id_token) { JWT.encode(token_info, 'secret') }
|
494
|
+
let(:access_token) { OAuth2::AccessToken.from_hash(client, 'id_token' => id_token) }
|
495
|
+
|
421
496
|
context 'when skip_info is true' do
|
422
497
|
before { subject.options[:skip_info] = true }
|
423
498
|
|
@@ -602,15 +677,22 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
602
677
|
end
|
603
678
|
|
604
679
|
it 'should read access_token from hash if this is not an AJAX request with a code parameter' do
|
680
|
+
client = OAuth2::Client.new('abc', 'def') do |builder|
|
681
|
+
builder.request :url_encoded
|
682
|
+
builder.adapter :test do |stub|
|
683
|
+
stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, '{"sub": "12345"}'] }
|
684
|
+
end
|
685
|
+
end
|
686
|
+
|
605
687
|
allow(request).to receive(:xhr?).and_return(false)
|
606
688
|
allow(request).to receive(:params).and_return('access_token' => 'valid_access_token')
|
607
689
|
expect(subject).to receive(:verify_token).with('valid_access_token').and_return true
|
608
|
-
expect(subject).to receive(:client).and_return(
|
690
|
+
expect(subject).to receive(:client).and_return(client)
|
609
691
|
|
610
692
|
token = subject.build_access_token
|
611
693
|
expect(token).to be_instance_of(::OAuth2::AccessToken)
|
612
694
|
expect(token.token).to eq('valid_access_token')
|
613
|
-
expect(token.client).to eq(
|
695
|
+
expect(token.client).to eq(client)
|
614
696
|
end
|
615
697
|
|
616
698
|
it 'reads the code from a json request body' do
|
@@ -629,20 +711,42 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
629
711
|
subject.build_access_token
|
630
712
|
end
|
631
713
|
|
714
|
+
it 'reads the redirect uri from a json request body' do
|
715
|
+
body = StringIO.new(%({"code":"json_access_token", "redirect_uri":"sample"}))
|
716
|
+
client = double(:client)
|
717
|
+
auth_code = double(:auth_code)
|
718
|
+
|
719
|
+
allow(request).to receive(:xhr?).and_return(false)
|
720
|
+
allow(request).to receive(:content_type).and_return('application/json')
|
721
|
+
allow(request).to receive(:body).and_return(body)
|
722
|
+
allow(client).to receive(:auth_code).and_return(auth_code)
|
723
|
+
expect(subject).to receive(:client).and_return(client)
|
724
|
+
|
725
|
+
expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'sample' }, {})
|
726
|
+
|
727
|
+
subject.build_access_token
|
728
|
+
end
|
729
|
+
|
632
730
|
it 'reads the access token from a json request body' do
|
633
731
|
body = StringIO.new(%({"access_token":"valid_access_token"}))
|
732
|
+
client = OAuth2::Client.new('abc', 'def') do |builder|
|
733
|
+
builder.request :url_encoded
|
734
|
+
builder.adapter :test do |stub|
|
735
|
+
stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, '{"sub": "12345"}'] }
|
736
|
+
end
|
737
|
+
end
|
634
738
|
|
635
739
|
allow(request).to receive(:xhr?).and_return(false)
|
636
740
|
allow(request).to receive(:content_type).and_return('application/json')
|
637
741
|
allow(request).to receive(:body).and_return(body)
|
638
|
-
expect(subject).to receive(:client).and_return(
|
742
|
+
expect(subject).to receive(:client).and_return(client)
|
639
743
|
|
640
744
|
expect(subject).to receive(:verify_token).with('valid_access_token').and_return true
|
641
745
|
|
642
746
|
token = subject.build_access_token
|
643
747
|
expect(token).to be_instance_of(::OAuth2::AccessToken)
|
644
748
|
expect(token.token).to eq('valid_access_token')
|
645
|
-
expect(token.client).to eq(
|
749
|
+
expect(token.client).to eq(client)
|
646
750
|
end
|
647
751
|
|
648
752
|
it 'should use callback_url without query_string if this is not an AJAX request' do
|
@@ -718,7 +822,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
718
822
|
end
|
719
823
|
end
|
720
824
|
end
|
721
|
-
let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
|
825
|
+
let(:access_token) { OAuth2::AccessToken.from_hash(client, { 'access_token' => 'foo' }) }
|
722
826
|
|
723
827
|
context 'when domain is nil' do
|
724
828
|
let(:client) do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-google-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Josh Ellithorpe
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2022-09-04 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: jwt
|
@@ -31,42 +31,42 @@ dependencies:
|
|
31
31
|
requirements:
|
32
32
|
- - "~>"
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version:
|
34
|
+
version: 2.0.6
|
35
35
|
type: :runtime
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
39
|
- - "~>"
|
40
40
|
- !ruby/object:Gem::Version
|
41
|
-
version:
|
41
|
+
version: 2.0.6
|
42
42
|
- !ruby/object:Gem::Dependency
|
43
43
|
name: omniauth
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
45
45
|
requirements:
|
46
46
|
- - "~>"
|
47
47
|
- !ruby/object:Gem::Version
|
48
|
-
version: '
|
48
|
+
version: '2.0'
|
49
49
|
type: :runtime
|
50
50
|
prerelease: false
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
53
|
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version: '
|
55
|
+
version: '2.0'
|
56
56
|
- !ruby/object:Gem::Dependency
|
57
57
|
name: omniauth-oauth2
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
59
59
|
requirements:
|
60
|
-
- - "
|
60
|
+
- - "~>"
|
61
61
|
- !ruby/object:Gem::Version
|
62
|
-
version:
|
62
|
+
version: 1.8.0
|
63
63
|
type: :runtime
|
64
64
|
prerelease: false
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
66
66
|
requirements:
|
67
|
-
- - "
|
67
|
+
- - "~>"
|
68
68
|
- !ruby/object:Gem::Version
|
69
|
-
version:
|
69
|
+
version: 1.8.0
|
70
70
|
- !ruby/object:Gem::Dependency
|
71
71
|
name: rake
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
@@ -117,6 +117,7 @@ executables: []
|
|
117
117
|
extensions: []
|
118
118
|
extra_rdoc_files: []
|
119
119
|
files:
|
120
|
+
- ".github/workflows/ci.yml"
|
120
121
|
- ".gitignore"
|
121
122
|
- ".rubocop.yml"
|
122
123
|
- ".travis.yml"
|
@@ -154,8 +155,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
154
155
|
- !ruby/object:Gem::Version
|
155
156
|
version: '0'
|
156
157
|
requirements: []
|
157
|
-
|
158
|
-
rubygems_version: 2.7.9
|
158
|
+
rubygems_version: 3.0.9
|
159
159
|
signing_key:
|
160
160
|
specification_version: 4
|
161
161
|
summary: A Google OAuth2 strategy for OmniAuth 1.x
|