omniauth-gov 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a35d8b3dad929e14a1d45db69e92fad22a501148b1c6d76ba45f11d56ab9a2a7
-  data.tar.gz: 64cd57c77a5e0fcbb565f84c1fa83c11596fd3bc2ca92f4b10db115bc54336ff
+  metadata.gz: 2c9a9ae0696ab3fb7d9222da4661a679b1bc42066249a45b6afc6a1afde776bc
+  data.tar.gz: bbf1941d7543a850a32ca0866123b72d458a5a9219cba7111b4b867d6772a14d
 SHA512:
-  metadata.gz: 50b73332b1cad7b4e1f59ed0fcb75abc31785978cbceea68c31c37e14ab2fc4f73b3d6f4f8ae3a35e9674d3b3dabb609ab4d9216c67fa6b759934cca1b10ca30
-  data.tar.gz: c43269d0df9ffce5f99d65eee2a63df14bc1d53b6de5931561ad8af88cfb8076f0fc41787e72b54c682fc6919cfe8d0699d5b778439b6947753d6054b5bc452b
+  metadata.gz: f6b50defa7d35e5a31a071e4a01a3ef57d739757d87a261b3a6b00a77a62c2b9816cad787b54de8f1b5c60b640c873b22734b5e54b7c0e940a2c6bb4fd5991c7
+  data.tar.gz: 672a6a0cdaeaa2c1274a698918f667f65816a3db2f0382e8d0d0e1ef50e96c9d5cd8ffcc4a5703a9b964b1d49cc1b9c59deb4f34b4bd532c3f4c8456d0ac1ac3

data/.github/workflows/ruby.yml

@@ -0,0 +1,24 @@
+name: Ruby
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.4', '2.5', '2.6', '2.7', '3.0', '3.1', '3.2', 'truffleruby-head']
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby ${{ matrix.ruby-version }}
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: Build and test with Rake
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+/pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1 @@
+--colour

data/Gemfile

@@ -0,0 +1,13 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-gov.gemspec
+gemspec
+
+group :development, :test do
+  gem 'guard'
+  gem 'guard-rspec'
+  gem 'guard-bundler'
+  gem 'rb-fsevent'
+  gem 'growl'
+  gem 'rake'
+end

data/Guardfile

@@ -0,0 +1,10 @@
+guard 'rspec', :version => 2 do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end
+
+guard 'bundler' do
+  watch('Gemfile')
+  watch('omniauth-gov.gemspec')
+end

data/LICENSE.txt

@@ -0,0 +1,7 @@
+Copyright (c) 2011 Michael Bleigh and Intridea, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,73 @@
+![Ruby](https://github.com/omniauth/omniauth-gov/workflows/Ruby/badge.svg?branch=main)
+
+# OmniAuth Gov
+
+This is the official OmniAuth strategy for authenticating to GitHub. To
+use it, you'll need to sign up for an OAuth2 Application ID and Secret
+on the [GitHub OAuth Apps Page](https://github.com/settings/developers).
+
+## Installation
+
+```ruby
+gem 'omniauth-gov', '~> 0.1.0'
+```
+
+## Basic Usage
+
+```ruby
+use OmniAuth::Builder do
+  provider :gov, ENV['GOV_KEY'], ENV['GOV_SECRET']
+end
+```
+
+
+## Basic Usage Rails
+
+In `config/initializers/gov.rb`
+
+```ruby
+  Rails.application.config.middleware.use OmniAuth::Builder do
+    provider :gov, ENV['GOV_KEY'], ENV['GOV_SECRET']
+  end
+```
+
+
+## Gov Enterprise Usage
+
+```ruby
+provider :gov, ENV['GOV_KEY'], ENV['GOV_SECRET'],
+    {
+      :client_options => {
+        :site => 'https://YOURDOMAIN.com/api/v3',
+        :authorize_url => 'https://YOURDOMAIN.com/login/oauth/authorize',
+        :token_url => 'https://YOURDOMAIN.com/login/oauth/access_token',
+      }
+    }
+```
+
+## Scopes
+
+GitHub API v3 lets you set scopes to provide granular access to different types of data: 
+
+```ruby
+use OmniAuth::Builder do
+  provider :gov, ENV['GOV_KEY'], ENV['GOV_SECRET'], scope: "openid+email+profile+govbr_confiabilidades"
+end
+```
+
+More info on [Scopes](https://docs.github.com/en/developers/apps/scopes-for-oauth-apps).
+
+
+## Semver
+This project adheres to Semantic Versioning 2.0.0. Any violations of this scheme are considered to be bugs. 
+All changes will be tracked [here](https://github.com/omniauth/omniauth-gov/releases).
+
+## License
+
+Copyright (c) 2011 Michael Bleigh and Intridea, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,8 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new
+
+desc 'Run specs'
+task :default => :spec

data/lib/omniauth/strategies/gov.rb

@@ -0,0 +1,52 @@
+require 'omniauth-oauth2'
+
+module OmniAuth
+  module Strategies
+    class Gov < OmniAuth::Strategies::OAuth2
+      option :client_options, {
+        site: 'https://sso.staging.acesso.gov.br',
+        authorize_url: 'https://sso.staging.acesso.gov.br/authorize',
+        token_url: 'https://sso.staging.acesso.gov.br/token'
+      }
+      
+      option :pkce, true
+
+      option :pkce_options, {
+        :code_challenge => proc { |verifier|
+          Base64.urlsafe_encode64(
+            Digest::SHA2.digest(verifier),
+            :padding => false,
+          )
+        },
+        :code_challenge_method => "S256",
+      }
+
+      uid{ raw_info['id'] }
+
+      info do
+        {
+          :name => raw_info['name'],
+          :email => raw_info['email'],
+          :cpf => raw_info['sub']
+        }
+      end
+
+      extra do
+        {
+          'raw_info' => raw_info, 'uid' => uid
+        }
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get('id_token').parsed
+      end
+
+      def uid
+        @uid ||= access_token.get('access_token/jti').parsed
+      end
+
+    end
+  end
+end
+
+OmniAuth.config.add_camelization 'gov', 'Gov'

data/lib/omniauth-gov/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Gov
+    VERSION = "0.1.1"
+  end
+end

data/lib/omniauth-gov.rb

@@ -0,0 +1,2 @@
+require "omniauth-gov/version"
+require 'omniauth/strategies/gov'

data/omniauth-gov.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/omniauth-gov/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Jonas Ricardo"]
+  gem.email         = ["jonas.campos@yahoo.com.br"]
+  gem.description   = %q{Official OmniAuth strategy for GitHub.}
+  gem.summary       = %q{Official OmniAuth strategy for GitHub.}
+  gem.homepage      = "https://github.com/jonasrscampos/omniauth-gov"
+  gem.license       = "MIT"
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "omniauth-gov"
+  gem.require_paths = ["lib"]
+  gem.version       = OmniAuth::Gov::VERSION
+
+  gem.add_dependency 'omniauth', '1.9.1' 
+  gem.add_dependency 'omniauth-oauth2'
+  gem.add_development_dependency 'rspec', '~> 3.5'
+  gem.add_development_dependency 'rack-test'
+  gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'webmock'
+end

data/spec/omniauth/strategies/github_spec.rb

@@ -0,0 +1,183 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::GitHub do
+  let(:access_token) { instance_double('AccessToken', :options => {}, :[] => 'user') }
+  let(:parsed_response) { instance_double('ParsedResponse') }
+  let(:response) { instance_double('Response', :parsed => parsed_response) }
+
+  let(:enterprise_site)          { 'https://some.other.site.com/api/v3' }
+  let(:enterprise_authorize_url) { 'https://some.other.site.com/login/oauth/authorize' }
+  let(:enterprise_token_url)     { 'https://some.other.site.com/login/oauth/access_token' }
+  let(:enterprise) do
+    OmniAuth::Strategies::GitHub.new('GITHUB_KEY', 'GITHUB_SECRET',
+        {
+            :client_options => {
+                :site => enterprise_site,
+                :authorize_url => enterprise_authorize_url,
+                :token_url => enterprise_token_url
+            }
+        }
+    )
+  end
+
+  subject do
+    OmniAuth::Strategies::GitHub.new({})
+  end
+
+  before(:each) do
+    allow(subject).to receive(:access_token).and_return(access_token)
+  end
+
+  context 'client options' do
+    it 'should have correct site' do
+      expect(subject.options.client_options.site).to eq('https://api.github.com')
+    end
+
+    it 'should have correct authorize url' do
+      expect(subject.options.client_options.authorize_url).to eq('https://github.com/login/oauth/authorize')
+    end
+
+    it 'should have correct token url' do
+      expect(subject.options.client_options.token_url).to eq('https://github.com/login/oauth/access_token')
+    end
+
+    describe 'should be overrideable' do
+      it 'for site' do
+        expect(enterprise.options.client_options.site).to eq(enterprise_site)
+      end
+
+      it 'for authorize url' do
+        expect(enterprise.options.client_options.authorize_url).to eq(enterprise_authorize_url)
+      end
+
+      it 'for token url' do
+        expect(enterprise.options.client_options.token_url).to eq(enterprise_token_url)
+      end
+    end
+  end
+
+  context '#email_access_allowed?' do
+    it 'should not allow email if scope is nil' do
+      expect(subject.options['scope']).to be_nil
+      expect(subject).to_not be_email_access_allowed
+    end
+
+    it 'should allow email if scope is user' do
+      subject.options['scope'] = 'user'
+      expect(subject).to be_email_access_allowed
+    end
+
+    it 'should allow email if scope is a bunch of stuff including user' do
+      subject.options['scope'] = 'public_repo,user,repo,delete_repo,gist'
+      expect(subject).to be_email_access_allowed
+    end
+
+    it 'should not allow email if scope does not grant email access' do
+      subject.options['scope'] = 'repo,user:follow'
+      expect(subject).to_not be_email_access_allowed
+    end
+
+    it 'should assume email access not allowed if scope is something currently not documented' do
+      subject.options['scope'] = 'currently_not_documented'
+      expect(subject).to_not be_email_access_allowed
+    end
+  end
+
+  context '#email' do
+    it 'should return email from raw_info if available' do
+      allow(subject).to receive(:raw_info).and_return({ 'email' => 'you@example.com' })
+      expect(subject.email).to eq('you@example.com')
+    end
+
+    it 'should return nil if there is no raw_info and email access is not allowed' do
+      allow(subject).to receive(:raw_info).and_return({})
+      expect(subject.email).to be_nil
+    end
+
+    it 'should not return the primary email if there is no raw_info and email access is allowed' do
+      emails = [
+        { 'email' => 'secondary@example.com', 'primary' => false },
+        { 'email' => 'primary@example.com',   'primary' => true }
+      ]
+      allow(subject).to receive(:raw_info).and_return({})
+      subject.options['scope'] = 'user'
+      allow(subject).to receive(:emails).and_return(emails)
+      expect(subject.email).to be_nil
+    end
+
+    it 'should not return the first email if there is no raw_info and email access is allowed' do
+      emails = [
+        { 'email' => 'first@example.com',   'primary' => false },
+        { 'email' => 'second@example.com',  'primary' => false }
+      ]
+      allow(subject).to receive(:raw_info).and_return({})
+      subject.options['scope'] = 'user'
+      allow(subject).to receive(:emails).and_return(emails)
+      expect(subject.email).to be_nil
+    end
+  end
+
+  context '#raw_info' do
+    it 'should use relative paths' do
+      expect(access_token).to receive(:get).with('user').and_return(response)
+      expect(subject.raw_info).to eq(parsed_response)
+    end
+
+    it 'should use the header auth mode' do
+      expect(access_token).to receive(:get).with('user').and_return(response)
+      subject.raw_info
+      expect(access_token.options[:mode]).to eq(:header)
+    end
+  end
+
+  context '#emails' do
+    it 'should use relative paths' do
+      expect(access_token).to receive(:get).with('user/emails', :headers => {
+        'Accept' => 'application/vnd.github.v3'
+      }).and_return(response)
+
+      subject.options['scope'] = 'user'
+      expect(subject.emails).to eq(parsed_response)
+    end
+
+    it 'should use the header auth mode' do
+      expect(access_token).to receive(:get).with('user/emails', :headers => {
+        'Accept' => 'application/vnd.github.v3'
+      }).and_return(response)
+
+      subject.options['scope'] = 'user'
+      subject.emails
+      expect(access_token.options[:mode]).to eq(:header)
+    end
+  end
+
+  context '#info.email' do
+    it 'should use any available email' do
+      allow(subject).to receive(:raw_info).and_return({})
+      allow(subject).to receive(:email).and_return('you@example.com')
+      expect(subject.info['email']).to eq('you@example.com')
+    end
+  end
+
+  context '#info.urls' do
+    it 'should use html_url from raw_info' do
+      allow(subject).to receive(:raw_info).and_return({ 'login' => 'me', 'html_url' => 'http://enterprise/me' })
+      expect(subject.info['urls']['GitHub']).to eq('http://enterprise/me')
+    end
+  end
+
+  context '#extra.scope' do
+    it 'returns the scope on the returned access_token' do
+      expect(subject.scope).to eq('user')
+    end
+  end
+
+  describe '#callback_url' do
+    it 'is a combination of host, script name, and callback path' do
+      allow(subject).to receive(:full_host).and_return('https://example.com')
+      allow(subject).to receive(:script_name).and_return('/sub_uri')
+
+      expect(subject.callback_url).to eq('https://example.com/sub_uri/auth/github/callback')
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'simplecov'
+SimpleCov.start
+require 'rspec'
+require 'rack/test'
+require 'webmock/rspec'
+require 'omniauth'
+require 'omniauth-gov'
+
+RSpec.configure do |config|
+  config.include WebMock::API
+  config.include Rack::Test::Methods
+  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
+end
+

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-gov
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Jonas Ricardo
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-12-07 00:00:00.000000000 Z
+date: 2023-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -100,7 +100,21 @@ email:
 executables: []
 extensions: []
 extra_rdoc_files: []
-files: []
+files:
+- ".github/workflows/ruby.yml"
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/omniauth-gov.rb
+- lib/omniauth-gov/version.rb
+- lib/omniauth/strategies/gov.rb
+- omniauth-gov.gemspec
+- spec/omniauth/strategies/github_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/jonasrscampos/omniauth-gov
 licenses:
 - MIT
@@ -120,7 +134,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: Official OmniAuth strategy for GitHub.