omniauth-google-oauth2 0.6.1 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/README.md +3 -3
- data/examples/Gemfile +1 -1
- data/lib/omniauth/google_oauth2/version.rb +1 -1
- data/lib/omniauth/strategies/google_oauth2.rb +18 -1
- data/spec/omniauth/strategies/google_oauth2_spec.rb +53 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3e6a13824c53382f0ba9ef0738e26744d1881dc83726c57cf576ff208423a3a3
|
|
4
|
+
data.tar.gz: 5c0c037b8c85418901d4ce360d5f4efb125f5c825ffec83ab71e50cf1b413e81
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a62de5fa4553b5ae6c89811458cf8887017834a1790f4df4348ffae9c09a8172b407c04ea86f8c5030273b5586286580b0d2eae7d6857f62aee6729abf1549ff
|
|
7
|
+
data.tar.gz: d74ef22fa65b892268a779e3e426610bea245db91519964bf03eadc5a5b5951bc42b29dcc2ab2a11c228610ea7dcf5173a2cc07d83569dcce6178e21dc6a160d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,20 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
All notable changes to this project will be documented in this file.
|
|
3
3
|
|
|
4
|
+
## 0.7.0 - 2019-06-03
|
|
5
|
+
|
|
6
|
+
### Added
|
|
7
|
+
- Ensure `info[:email]` is always verified, and include `unverified_email`
|
|
8
|
+
|
|
9
|
+
### Deprecated
|
|
10
|
+
- Nothing.
|
|
11
|
+
|
|
12
|
+
### Removed
|
|
13
|
+
- Nothing.
|
|
14
|
+
|
|
15
|
+
### Fixed
|
|
16
|
+
- Nothing.
|
|
17
|
+
|
|
4
18
|
## 0.6.1 - 2019-03-07
|
|
5
19
|
|
|
6
20
|
### Added
|
data/README.md
CHANGED
|
@@ -54,10 +54,10 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
|
54
54
|
|
|
55
55
|
* `prompt`: A space-delimited list of string values that determines whether the user is re-prompted for authentication and/or consent. Possible values are:
|
|
56
56
|
* `none`: No authentication or consent pages will be displayed; it will return an error if the user is not already authenticated and has not pre-configured consent for the requested scopes. This can be used as a method to check for existing authentication and/or consent.
|
|
57
|
-
* `consent`: The user will always be prompted for consent, even if
|
|
57
|
+
* `consent`: The user will always be prompted for consent, even if they have previously allowed access a given set of scopes.
|
|
58
58
|
* `select_account`: The user will always be prompted to select a user account. This allows a user who has multiple current account sessions to select one amongst them.
|
|
59
59
|
|
|
60
|
-
If no value is specified, the user only sees the authentication page if
|
|
60
|
+
If no value is specified, the user only sees the authentication page if they are not logged in and only sees the consent page the first time they authorize a given set of scopes.
|
|
61
61
|
|
|
62
62
|
* `image_aspect_ratio`: The shape of the user's profile picture. Possible values are:
|
|
63
63
|
* `original`: Picture maintains its original aspect ratio.
|
|
@@ -83,7 +83,7 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
|
83
83
|
|
|
84
84
|
* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `[:extra][:id_info]` in the authentication hash with the value of the user's OpenID ID URL.
|
|
85
85
|
|
|
86
|
-
Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select
|
|
86
|
+
Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select their account when logging in and the user's profile picture is returned as a thumbnail:
|
|
87
87
|
|
|
88
88
|
```ruby
|
|
89
89
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
data/examples/Gemfile
CHANGED
|
@@ -46,7 +46,8 @@ module OmniAuth
|
|
|
46
46
|
info do
|
|
47
47
|
prune!(
|
|
48
48
|
name: raw_info['name'],
|
|
49
|
-
email:
|
|
49
|
+
email: verified_email,
|
|
50
|
+
unverified_email: raw_info['email'],
|
|
50
51
|
email_verified: raw_info['email_verified'],
|
|
51
52
|
first_name: raw_info['given_name'],
|
|
52
53
|
last_name: raw_info['family_name'],
|
|
@@ -112,6 +113,18 @@ module OmniAuth
|
|
|
112
113
|
client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
|
|
113
114
|
elsif verify_token(request.params['access_token'])
|
|
114
115
|
::OAuth2::AccessToken.from_hash(client, request.params.dup)
|
|
116
|
+
elsif request.content_type =~ /json/i
|
|
117
|
+
begin
|
|
118
|
+
body = JSON.parse(request.body.read)
|
|
119
|
+
request.body.rewind # rewind request body for downstream middlewares
|
|
120
|
+
verifier = body && body['code']
|
|
121
|
+
if verifier
|
|
122
|
+
redirect_uri = 'postmessage'
|
|
123
|
+
client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
|
|
124
|
+
end
|
|
125
|
+
rescue JSON::ParserError => e
|
|
126
|
+
warn "[omniauth google-oauth2] JSON parse error=#{e}"
|
|
127
|
+
end
|
|
115
128
|
else
|
|
116
129
|
verifier = request.params['code']
|
|
117
130
|
client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
|
|
@@ -125,6 +138,10 @@ module OmniAuth
|
|
|
125
138
|
scope_list.join(' ')
|
|
126
139
|
end
|
|
127
140
|
|
|
141
|
+
def verified_email
|
|
142
|
+
raw_info['email_verified'] ? raw_info['email'] : nil
|
|
143
|
+
end
|
|
144
|
+
|
|
128
145
|
def get_token_options(redirect_uri)
|
|
129
146
|
{ redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
|
|
130
147
|
end
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require 'spec_helper'
|
|
4
4
|
require 'json'
|
|
5
5
|
require 'omniauth-google-oauth2'
|
|
6
|
+
require 'stringio'
|
|
6
7
|
|
|
7
8
|
describe OmniAuth::Strategies::GoogleOauth2 do
|
|
8
9
|
let(:request) { double('Request', params: {}, cookies: {}, env: {}) }
|
|
@@ -299,6 +300,41 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
299
300
|
end
|
|
300
301
|
end
|
|
301
302
|
|
|
303
|
+
describe '#info' do
|
|
304
|
+
let(:client) do
|
|
305
|
+
OAuth2::Client.new('abc', 'def') do |builder|
|
|
306
|
+
builder.request :url_encoded
|
|
307
|
+
builder.adapter :test do |stub|
|
|
308
|
+
stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, response_hash.to_json] }
|
|
309
|
+
end
|
|
310
|
+
end
|
|
311
|
+
end
|
|
312
|
+
let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
|
|
313
|
+
before { allow(subject).to receive(:access_token).and_return(access_token) }
|
|
314
|
+
|
|
315
|
+
context 'with verified email' do
|
|
316
|
+
let(:response_hash) do
|
|
317
|
+
{ email: 'something@domain.invalid', email_verified: true }
|
|
318
|
+
end
|
|
319
|
+
|
|
320
|
+
it 'should return equal email and unverified_email' do
|
|
321
|
+
expect(subject.info[:email]).to eq('something@domain.invalid')
|
|
322
|
+
expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
|
|
323
|
+
end
|
|
324
|
+
end
|
|
325
|
+
|
|
326
|
+
context 'with unverified email' do
|
|
327
|
+
let(:response_hash) do
|
|
328
|
+
{ email: 'something@domain.invalid', email_verified: false }
|
|
329
|
+
end
|
|
330
|
+
|
|
331
|
+
it 'should return nil email, and correct unverified email' do
|
|
332
|
+
expect(subject.info[:email]).to eq(nil)
|
|
333
|
+
expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
|
|
334
|
+
end
|
|
335
|
+
end
|
|
336
|
+
end
|
|
337
|
+
|
|
302
338
|
describe '#extra' do
|
|
303
339
|
let(:client) do
|
|
304
340
|
OAuth2::Client.new('abc', 'def') do |builder|
|
|
@@ -547,9 +583,26 @@ describe OmniAuth::Strategies::GoogleOauth2 do
|
|
|
547
583
|
expect(token.client).to eq(:client)
|
|
548
584
|
end
|
|
549
585
|
|
|
586
|
+
it 'reads the code from a json request body' do
|
|
587
|
+
body = StringIO.new(%({"code":"json_access_token"}))
|
|
588
|
+
client = double(:client)
|
|
589
|
+
auth_code = double(:auth_code)
|
|
590
|
+
|
|
591
|
+
allow(request).to receive(:xhr?).and_return(false)
|
|
592
|
+
allow(request).to receive(:content_type).and_return('application/json')
|
|
593
|
+
allow(request).to receive(:body).and_return(body)
|
|
594
|
+
allow(client).to receive(:auth_code).and_return(auth_code)
|
|
595
|
+
expect(subject).to receive(:client).and_return(client)
|
|
596
|
+
|
|
597
|
+
expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'postmessage' }, {})
|
|
598
|
+
|
|
599
|
+
subject.build_access_token
|
|
600
|
+
end
|
|
601
|
+
|
|
550
602
|
it 'should use callback_url without query_string if this is not an AJAX request' do
|
|
551
603
|
allow(request).to receive(:xhr?).and_return(false)
|
|
552
604
|
allow(request).to receive(:params).and_return('code' => 'valid_code')
|
|
605
|
+
allow(request).to receive(:content_type).and_return('application/x-www-form-urlencoded')
|
|
553
606
|
|
|
554
607
|
client = double(:client)
|
|
555
608
|
auth_code = double(:auth_code)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-google-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Ellithorpe
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2019-03
|
|
12
|
+
date: 2019-06-03 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: jwt
|