omniauth-google-oauth2 1.0.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 278efb11e955abf864c2d163e1f1631a271ba34660fa166a4f65b56691ccab0d
4
- data.tar.gz: 574e6d6b5f3dacfa271ba24a8999e104c74db64482860b6ba095938a6dc7c1b0
3
+ metadata.gz: 3b1fdc81978e86a4a1b0c493bc1d83f9e6fa1e613bfb69b2feee8af2a6869b99
4
+ data.tar.gz: 02efca2850b5e053630aa7da102a9162aca87d16d6ab9fb6408654fd98c145c1
5
5
  SHA512:
6
- metadata.gz: 22006de20bc8355329cdca2c9e41a15959e192dcd4c970d1ca6acc8dd149f0fb1eedc313351cc39072e51ea5b219ebb6968b2e178995397d14f58b5117b18c53
7
- data.tar.gz: b54fe6ca226e39f05705837eb8a390247df3a4fc615c7aab798009b63fd830ad7c21df7536ffa9fefffc4ff6c3586c6067ba5d15ac4d192b88892b3080c753f6
6
+ metadata.gz: 6f2c99c806cc6d08dadcc472474418cfbace26481e1d828aa90571d5bbf77e3e26c9b600fd6fd1d97c8a71d4e349d230f87a5e11a9106874d106a240f3cad9ec
7
+ data.tar.gz: a66acdde9fdda8ec2f00f861a0a1a2ca89f8faeae84388f44dca938db0e9f55ca6d166de2633c4e27ffe7cf44bcfcc5ef0c5f0a4bfbcc3990d13c89ff7ac322c
@@ -0,0 +1,21 @@
1
+ name: CI
2
+
3
+ on: [push, pull_request]
4
+
5
+ jobs:
6
+ test:
7
+ runs-on: ubuntu-latest
8
+ strategy:
9
+ matrix:
10
+ ruby-version: ['2.3', '2.4', '2.5', '2.6', '2.7', '3.0', '3.1']
11
+
12
+ steps:
13
+ - uses: actions/checkout@v2
14
+ - name: Set up Ruby ${{ matrix.ruby-version }}
15
+ uses: ruby/setup-ruby@v1
16
+ with:
17
+ ruby-version: ${{ matrix.ruby-version }}
18
+ bundler-cache: true # 'bundle install' and cache
19
+ - name: Run specs
20
+ run: |
21
+ bundle exec rake
data/.travis.yml CHANGED
@@ -1,6 +1,9 @@
1
1
  language: ruby
2
2
  cache: bundler
3
3
  rvm:
4
- - '2.3.4'
5
- - '2.4.1'
6
- - '2.5.0'
4
+ - '2.3.8'
5
+ - '2.4.10'
6
+ - '2.5.8'
7
+ - '2.6.6'
8
+ - '2.7.2'
9
+ - '3.0.0'
data/CHANGELOG.md CHANGED
@@ -1,6 +1,21 @@
1
1
  # Changelog
2
2
  All notable changes to this project will be documented in this file.
3
3
 
4
+ ## 1.0.1 - 2022-03-10
5
+
6
+ ### Added
7
+ - Output granted scopes in credentials block of the auth hash.
8
+ - Migrated to GitHub actions.
9
+
10
+ ### Deprecated
11
+ - Nothing.
12
+
13
+ ### Removed
14
+ - Nothing.
15
+
16
+ ### Fixed
17
+ - Overriding the `redirect_uri` via params or JSON request body.
18
+
4
19
  ## 1.0.0 - 2021-03-14
5
20
 
6
21
  ### Added
@@ -10,7 +25,7 @@ All notable changes to this project will be documented in this file.
10
25
  - Nothing.
11
26
 
12
27
  ### Removed
13
- - Support for Omniauth 1.x
28
+ - Support for Omniauth 1.x.
14
29
 
15
30
  ### Fixed
16
31
  - Nothing.
data/README.md CHANGED
@@ -1,5 +1,4 @@
1
1
  [![Gem Version](https://badge.fury.io/rb/omniauth-google-oauth2.svg)](https://badge.fury.io/rb/omniauth-google-oauth2)
2
- [![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.svg)](https://travis-ci.org/zquestz/omniauth-google-oauth2)
3
2
 
4
3
  # OmniAuth Google OAuth2 Strategy
5
4
 
@@ -34,6 +33,7 @@ Here's an example for adding the middleware to a Rails app in `config/initialize
34
33
  Rails.application.config.middleware.use OmniAuth::Builder do
35
34
  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
36
35
  end
36
+ OmniAuth.config.allowed_request_methods = %i[get]
37
37
  ```
38
38
 
39
39
  You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
@@ -217,6 +217,10 @@ end
217
217
  For your views you can login using:
218
218
 
219
219
  ```erb
220
+ <%# omniauth-google-oauth2 1.0.x uses OmniAuth 2 and requires using HTTP Post to initiate authentication: %>
221
+ <%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path, method: :post %>
222
+
223
+ <%# omniauth-google-oauth2 prior 1.0.0: %>
220
224
  <%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path %>
221
225
 
222
226
  <%# Devise prior 4.1.0: %>
data/examples/Gemfile CHANGED
@@ -5,3 +5,4 @@ source 'https://rubygems.org'
5
5
  gem 'omniauth-google-oauth2', '~> 0.8.1'
6
6
  gem 'rubocop'
7
7
  gem 'sinatra', '~> 1.4'
8
+ gem 'webrick'
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module GoogleOauth2
5
- VERSION = '1.0.0'
5
+ VERSION = '1.0.1'
6
6
  end
7
7
  end
@@ -60,6 +60,11 @@ module OmniAuth
60
60
  )
61
61
  end
62
62
 
63
+ credentials do
64
+ # Tokens and expiration will be used from OAuth2 strategy credentials block
65
+ prune!({ 'scope' => token_info(access_token.token)['scope'] })
66
+ end
67
+
63
68
  extra do
64
69
  hash = {}
65
70
  hash[:id_token] = access_token['id_token']
@@ -121,8 +126,9 @@ module OmniAuth
121
126
  request.body.rewind # rewind request body for downstream middlewares
122
127
  verifier = body && body['code']
123
128
  access_token = body && body['access_token']
129
+ redirect_uri ||= body && body['redirect_uri']
124
130
  if verifier
125
- client_get_token(verifier, 'postmessage')
131
+ client_get_token(verifier, redirect_uri || 'postmessage')
126
132
  elsif verify_token(access_token)
127
133
  ::OAuth2::AccessToken.from_hash(client, body.dup)
128
134
  end
@@ -214,12 +220,21 @@ module OmniAuth
214
220
  URI.encode_www_form(stripped_params)
215
221
  end
216
222
 
223
+ def token_info(access_token)
224
+ return nil unless access_token
225
+
226
+ @token_info ||= Hash.new do |h, k|
227
+ h[k] = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo', params: { access_token: access_token }).parsed
228
+ end
229
+
230
+ @token_info[access_token]
231
+ end
232
+
217
233
  def verify_token(access_token)
218
234
  return false unless access_token
219
235
 
220
- raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo',
221
- params: { access_token: access_token }).parsed
222
- raw_response['aud'] == options.client_id || options.authorized_client_ids.include?(raw_response['aud'])
236
+ token_info = token_info(access_token)
237
+ token_info['aud'] == options.client_id || options.authorized_client_ids.include?(token_info['aud'])
223
238
  end
224
239
 
225
240
  def verify_hd(access_token)
@@ -347,6 +347,37 @@ describe OmniAuth::Strategies::GoogleOauth2 do
347
347
  end
348
348
  end
349
349
 
350
+ describe '#credentials' do
351
+ let(:client) { OAuth2::Client.new('abc', 'def') }
352
+ let(:access_token) { OAuth2::AccessToken.from_hash(client, access_token: 'valid_access_token', expires_at: 123_456_789, refresh_token: 'valid_refresh_token') }
353
+ before(:each) do
354
+ allow(subject).to receive(:access_token).and_return(access_token)
355
+ subject.options.client_options[:connection_build] = proc do |builder|
356
+ builder.request :url_encoded
357
+ builder.adapter :test do |stub|
358
+ stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do
359
+ [200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
360
+ aud: '000000000000.apps.googleusercontent.com',
361
+ sub: '123456789',
362
+ scope: 'profile email'
363
+ )]
364
+ end
365
+ end
366
+ end
367
+ end
368
+
369
+ it 'should return access token and (optionally) refresh token' do
370
+ expect(subject.credentials.to_h).to \
371
+ match(hash_including(
372
+ 'token' => 'valid_access_token',
373
+ 'refresh_token' => 'valid_refresh_token',
374
+ 'scope' => 'profile email',
375
+ 'expires_at' => 123_456_789,
376
+ 'expires' => true
377
+ ))
378
+ end
379
+ end
380
+
350
381
  describe '#extra' do
351
382
  let(:client) do
352
383
  OAuth2::Client.new('abc', 'def') do |builder|
@@ -641,6 +672,22 @@ describe OmniAuth::Strategies::GoogleOauth2 do
641
672
  subject.build_access_token
642
673
  end
643
674
 
675
+ it 'reads the redirect uri from a json request body' do
676
+ body = StringIO.new(%({"code":"json_access_token", "redirect_uri":"sample"}))
677
+ client = double(:client)
678
+ auth_code = double(:auth_code)
679
+
680
+ allow(request).to receive(:xhr?).and_return(false)
681
+ allow(request).to receive(:content_type).and_return('application/json')
682
+ allow(request).to receive(:body).and_return(body)
683
+ allow(client).to receive(:auth_code).and_return(auth_code)
684
+ expect(subject).to receive(:client).and_return(client)
685
+
686
+ expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'sample' }, {})
687
+
688
+ subject.build_access_token
689
+ end
690
+
644
691
  it 'reads the access token from a json request body' do
645
692
  body = StringIO.new(%({"access_token":"valid_access_token"}))
646
693
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-google-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Ellithorpe
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-03-15 00:00:00.000000000 Z
12
+ date: 2022-03-11 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: jwt
@@ -117,6 +117,7 @@ executables: []
117
117
  extensions: []
118
118
  extra_rdoc_files: []
119
119
  files:
120
+ - ".github/workflows/ci.yml"
120
121
  - ".gitignore"
121
122
  - ".rubocop.yml"
122
123
  - ".travis.yml"