omniauth-gov 0.1.3 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4382955c4f28a771ef8edfbd054972b94f0dbd4158e739c2db9d75c9d16b2752
-  data.tar.gz: e142eddcfbb8cd54009c5c89a4e01d83d17f4c313b396b5251ffb90a101654a7
+  metadata.gz: 9a78473bf035ebd11bccaff000615db2459c9b117a43f206be6c3222ffc5f768
+  data.tar.gz: 280a14547cb019b1adae1dc052992d3fc6db111826449a54fcd34daf6b56ad48
 SHA512:
-  metadata.gz: '097c8c434da9ca2adde612b779846a2866de394e7ea44219c52aababbac2039d4d757dcded9dce6900a91b420f715a6db82d95ffe7a81776542e85a87c4499db'
-  data.tar.gz: f57cd09fb38f19707ea336b6576cde37608bf750a897be5884010df9fddc3ea582156e28ace70ddd452b93ba9d559e6528d28327738bc6a1d886009e58aa4c36
+  metadata.gz: 4920fcdd29bb499c30c921f982be4517268c72d70287a66e8c4ac3a6c0080fc61c2d3865bd3ef5bc029355095cf6b59bdfb7442d3c6410c74358cb24c6b6f815
+  data.tar.gz: 5fd852141ac9740ca2bed96c707f1f98cc287f8ea652cea10a8be1f811071a49705a2460f5766ad20836321b9389b987e6a19ef4d0fa575c123d1440ab53308a

data/README.md

@@ -10,7 +10,7 @@ Estratégia omniauth para integração do Login Único do governo brasileiro ao
 gem 'omniauth', '1.9.1'
 gem "omniauth-rails_csrf_protection", '0.1.2'
 gem 'omniauth-oauth2'
-gem 'omniauth-gov', '~> 0.1.3'
+gem 'omniauth-gov', '~> 0.1.5'
 ```
 
 ## Configuração devise
@@ -126,4 +126,4 @@ Permission is hereby granted, free of charge, to any person obtaining a copy of
 
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/gov_br/params_encoder.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+module GovBr
+  # FlatParamsEncoder manages URI params as a flat hash. Any Array values repeat
+  # the parameter multiple times.
+  module ParamsEncoder
+    class << self
+      extend Forwardable
+      def_delegators :'Faraday::Utils', :escape, :unescape
+    end
+
+    # Encode converts the given param into a URI querystring. Keys and values
+    # will converted to strings and appropriately escaped for the URI.
+    #
+    # @param params [Hash] query arguments to convert.
+    #
+    # @example
+    #
+    #   encode({a: %w[one two three], b: true, c: "C"})
+    #   # => 'a=one&a=two&a=three&b=true&c=C'
+    #
+    # @return [String] the URI querystring (without the leading '?')
+    def self.encode(params)
+      return nil if params.nil?
+      
+      unless params.is_a?(Array)
+        unless params.respond_to?(:to_hash)
+          raise TypeError,
+          "Can't convert #{params.class} into Hash."
+        end
+        params = params.to_hash
+        params = params.map do |key, value|
+          key = key.to_s if key.is_a?(Symbol)
+          [key, value]
+        end
+        
+        # Only to be used for non-Array inputs. Arrays should preserve order.
+        params.sort! if @sort_params
+      end
+      
+      # The params have form [['key1', 'value1'], ['key2', 'value2']].
+      buffer = +''
+      params.each do |key, value|
+        encoded_key = escape(key)
+        if value.nil?
+          buffer << "#{encoded_key}&"
+        elsif value.is_a?(Array)
+          if value.empty?
+            buffer << "#{encoded_key}=&"
+          else
+            value.each do |sub_value|
+              encoded_value = escape(sub_value)
+              buffer << "#{encoded_key}=#{encoded_value}&"
+            end
+          end
+        else
+          encoded_value = (key == 'scope') ? value : escape(value)
+          buffer << "#{encoded_key}=#{encoded_value}&"
+        end
+      end
+      buffer.chop
+    end
+
+    # Decode converts the given URI querystring into a hash.
+    #
+    # @param query [String] query arguments to parse.
+    #
+    # @example
+    #
+    #   decode('a=one&a=two&a=three&b=true&c=C')
+    #   # => {"a"=>["one", "two", "three"], "b"=>"true", "c"=>"C"}
+    #
+    # @return [Hash] parsed keys and value strings from the querystring.
+    def self.decode(query)
+      return nil if query.nil?
+
+      empty_accumulator = {}
+
+      split_query = (query.split('&').map do |pair|
+        pair.split('=', 2) if pair && !pair.empty?
+      end).compact
+      split_query.each_with_object(empty_accumulator.dup) do |pair, accu|
+        pair[0] = unescape(pair[0])
+        pair[1] = true if pair[1].nil?
+        if pair[1].respond_to?(:to_str)
+          pair[1] = unescape(pair[1].to_str.tr('+', ' '))
+        end
+        if accu[pair[0]].is_a?(Array)
+          accu[pair[0]] << pair[1]
+        elsif accu[pair[0]]
+          accu[pair[0]] = [accu[pair[0]], pair[1]]
+        else
+          accu[pair[0]] = pair[1]
+        end
+      end
+    end
+
+    class << self
+      attr_accessor :sort_params
+    end
+
+    # Useful default for OAuth and caching.
+    @sort_params = true
+  end
+end

data/lib/omniauth/strategies/gov.rb

@@ -52,6 +52,11 @@ module Omniauth
         end
       end
 
+      def client
+        options.client_options.merge!({connection_opts: {request: {params_encoder: GovBr::ParamsEncoder}}})
+        ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
+      end
+
       def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
         options.authorize_params[:state] = SecureRandom.hex(24)
         options.authorize_params[:client_id] = options[:client_id]
@@ -70,11 +75,12 @@ module Omniauth
 
       def build_access_token
         verifier = request.params["code"]
+        redirect_uri = "#{OmniAuth.config.full_host}/#{options.callback_path}".gsub!(%r{/+}, '/')
         
         atoken = client.auth_code.get_token(
           verifier, 
-          {"grant_type": "authorization_code", "code": verifier, "redirect_uri": OmniAuth.config.full_host+options.callback_path, "code_verifier": session["omniauth.pkce.verifier"]}, 
-          {"Content-Type"  => "application/x-www-form-urlencoded", "Authorization" => "Basic #{Base64.strict_encode64(Settings.reload!.omniauth.client_id+":"+Settings.reload!.omniauth.client_secret)}" })
+          {"grant_type": "authorization_code", "code": verifier, "redirect_uri": redirect_uri, "code_verifier": session["omniauth.pkce.verifier"]}, 
+          {"Content-Type"  => "application/x-www-form-urlencoded", "Authorization" => "Basic #{Base64.strict_encode64(options.client_id+":"+options.client_secret)}" })
         atoken
       end  
     end

data/lib/omniauth-gov/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Gov
-    VERSION = "0.1.3"
+    VERSION = "0.1.5"
   end
 end

data/lib/omniauth-gov.rb

@@ -1,2 +1,3 @@
 require "omniauth-gov/version"
-require 'omniauth/strategies/gov'
+require 'omniauth/strategies/gov'
+require 'gov_br/params_encoder'

data/omniauth-gov.gemspec

@@ -2,8 +2,8 @@
 require File.expand_path('../lib/omniauth-gov/version', __FILE__)
 
 Gem::Specification.new do |gem|
-  gem.authors       = ["Jonas Ricardo"]
-  gem.email         = ["jonas.campos@yahoo.com.br"]
+  gem.authors       = ["Jonas Ricardo", "Renato de Souza"]
+  gem.email         = ["jonas.campos@yahoo.com.br", "renatocdesouza@gmail.com"]
   gem.description   = %q{Official OmniAuth strategy for GitHub.}
   gem.summary       = %q{Official OmniAuth strategy for GitHub.}
   gem.homepage      = "https://github.com/jonasrscampos/omniauth-gov"
@@ -19,6 +19,7 @@ Gem::Specification.new do |gem|
   gem.add_dependency 'omniauth', '1.9.1' 
   gem.add_dependency 'omniauth-oauth2'
   gem.add_development_dependency 'rspec', '~> 3.5'
+  gem.add_development_dependency 'faraday', '~> 2.9'
   gem.add_development_dependency 'rack-test'
   gem.add_development_dependency 'simplecov'
   gem.add_development_dependency 'webmock'

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-gov
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.5
 platform: ruby
 authors:
 - Jonas Ricardo
-autorequire: 
+- Renato de Souza
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-07 00:00:00.000000000 Z
+date: 2024-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -52,6 +53,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -97,6 +112,7 @@ dependencies:
 description: Official OmniAuth strategy for GitHub.
 email:
 - jonas.campos@yahoo.com.br
+- renatocdesouza@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -109,17 +125,16 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- lib/gov_br/params_encoder.rb
 - lib/omniauth-gov.rb
 - lib/omniauth-gov/version.rb
 - lib/omniauth/strategies/gov.rb
 - omniauth-gov.gemspec
-- spec/omniauth/strategies/github_spec.rb
-- spec/spec_helper.rb
 homepage: https://github.com/jonasrscampos/omniauth-gov
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -134,8 +149,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.5
-signing_key: 
+rubygems_version: 3.4.19
+signing_key:
 specification_version: 4
 summary: Official OmniAuth strategy for GitHub.
 test_files: []

data/spec/omniauth/strategies/github_spec.rb

@@ -1,183 +0,0 @@
-require 'spec_helper'
-
-describe OmniAuth::Strategies::GitHub do
-  let(:access_token) { instance_double('AccessToken', :options => {}, :[] => 'user') }
-  let(:parsed_response) { instance_double('ParsedResponse') }
-  let(:response) { instance_double('Response', :parsed => parsed_response) }
-
-  let(:enterprise_site)          { 'https://some.other.site.com/api/v3' }
-  let(:enterprise_authorize_url) { 'https://some.other.site.com/login/oauth/authorize' }
-  let(:enterprise_token_url)     { 'https://some.other.site.com/login/oauth/access_token' }
-  let(:enterprise) do
-    OmniAuth::Strategies::GitHub.new('GITHUB_KEY', 'GITHUB_SECRET',
-        {
-            :client_options => {
-                :site => enterprise_site,
-                :authorize_url => enterprise_authorize_url,
-                :token_url => enterprise_token_url
-            }
-        }
-    )
-  end
-
-  subject do
-    OmniAuth::Strategies::GitHub.new({})
-  end
-
-  before(:each) do
-    allow(subject).to receive(:access_token).and_return(access_token)
-  end
-
-  context 'client options' do
-    it 'should have correct site' do
-      expect(subject.options.client_options.site).to eq('https://api.github.com')
-    end
-
-    it 'should have correct authorize url' do
-      expect(subject.options.client_options.authorize_url).to eq('https://github.com/login/oauth/authorize')
-    end
-
-    it 'should have correct token url' do
-      expect(subject.options.client_options.token_url).to eq('https://github.com/login/oauth/access_token')
-    end
-
-    describe 'should be overrideable' do
-      it 'for site' do
-        expect(enterprise.options.client_options.site).to eq(enterprise_site)
-      end
-
-      it 'for authorize url' do
-        expect(enterprise.options.client_options.authorize_url).to eq(enterprise_authorize_url)
-      end
-
-      it 'for token url' do
-        expect(enterprise.options.client_options.token_url).to eq(enterprise_token_url)
-      end
-    end
-  end
-
-  context '#email_access_allowed?' do
-    it 'should not allow email if scope is nil' do
-      expect(subject.options['scope']).to be_nil
-      expect(subject).to_not be_email_access_allowed
-    end
-
-    it 'should allow email if scope is user' do
-      subject.options['scope'] = 'user'
-      expect(subject).to be_email_access_allowed
-    end
-
-    it 'should allow email if scope is a bunch of stuff including user' do
-      subject.options['scope'] = 'public_repo,user,repo,delete_repo,gist'
-      expect(subject).to be_email_access_allowed
-    end
-
-    it 'should not allow email if scope does not grant email access' do
-      subject.options['scope'] = 'repo,user:follow'
-      expect(subject).to_not be_email_access_allowed
-    end
-
-    it 'should assume email access not allowed if scope is something currently not documented' do
-      subject.options['scope'] = 'currently_not_documented'
-      expect(subject).to_not be_email_access_allowed
-    end
-  end
-
-  context '#email' do
-    it 'should return email from raw_info if available' do
-      allow(subject).to receive(:raw_info).and_return({ 'email' => 'you@example.com' })
-      expect(subject.email).to eq('you@example.com')
-    end
-
-    it 'should return nil if there is no raw_info and email access is not allowed' do
-      allow(subject).to receive(:raw_info).and_return({})
-      expect(subject.email).to be_nil
-    end
-
-    it 'should not return the primary email if there is no raw_info and email access is allowed' do
-      emails = [
-        { 'email' => 'secondary@example.com', 'primary' => false },
-        { 'email' => 'primary@example.com',   'primary' => true }
-      ]
-      allow(subject).to receive(:raw_info).and_return({})
-      subject.options['scope'] = 'user'
-      allow(subject).to receive(:emails).and_return(emails)
-      expect(subject.email).to be_nil
-    end
-
-    it 'should not return the first email if there is no raw_info and email access is allowed' do
-      emails = [
-        { 'email' => 'first@example.com',   'primary' => false },
-        { 'email' => 'second@example.com',  'primary' => false }
-      ]
-      allow(subject).to receive(:raw_info).and_return({})
-      subject.options['scope'] = 'user'
-      allow(subject).to receive(:emails).and_return(emails)
-      expect(subject.email).to be_nil
-    end
-  end
-
-  context '#raw_info' do
-    it 'should use relative paths' do
-      expect(access_token).to receive(:get).with('user').and_return(response)
-      expect(subject.raw_info).to eq(parsed_response)
-    end
-
-    it 'should use the header auth mode' do
-      expect(access_token).to receive(:get).with('user').and_return(response)
-      subject.raw_info
-      expect(access_token.options[:mode]).to eq(:header)
-    end
-  end
-
-  context '#emails' do
-    it 'should use relative paths' do
-      expect(access_token).to receive(:get).with('user/emails', :headers => {
-        'Accept' => 'application/vnd.github.v3'
-      }).and_return(response)
-
-      subject.options['scope'] = 'user'
-      expect(subject.emails).to eq(parsed_response)
-    end
-
-    it 'should use the header auth mode' do
-      expect(access_token).to receive(:get).with('user/emails', :headers => {
-        'Accept' => 'application/vnd.github.v3'
-      }).and_return(response)
-
-      subject.options['scope'] = 'user'
-      subject.emails
-      expect(access_token.options[:mode]).to eq(:header)
-    end
-  end
-
-  context '#info.email' do
-    it 'should use any available email' do
-      allow(subject).to receive(:raw_info).and_return({})
-      allow(subject).to receive(:email).and_return('you@example.com')
-      expect(subject.info['email']).to eq('you@example.com')
-    end
-  end
-
-  context '#info.urls' do
-    it 'should use html_url from raw_info' do
-      allow(subject).to receive(:raw_info).and_return({ 'login' => 'me', 'html_url' => 'http://enterprise/me' })
-      expect(subject.info['urls']['GitHub']).to eq('http://enterprise/me')
-    end
-  end
-
-  context '#extra.scope' do
-    it 'returns the scope on the returned access_token' do
-      expect(subject.scope).to eq('user')
-    end
-  end
-
-  describe '#callback_url' do
-    it 'is a combination of host, script name, and callback path' do
-      allow(subject).to receive(:full_host).and_return('https://example.com')
-      allow(subject).to receive(:script_name).and_return('/sub_uri')
-
-      expect(subject.callback_url).to eq('https://example.com/sub_uri/auth/github/callback')
-    end
-  end
-end

data/spec/spec_helper.rb

@@ -1,16 +0,0 @@
-$:.unshift File.expand_path('..', __FILE__)
-$:.unshift File.expand_path('../../lib', __FILE__)
-require 'simplecov'
-SimpleCov.start
-require 'rspec'
-require 'rack/test'
-require 'webmock/rspec'
-require 'omniauth'
-require 'omniauth-gov'
-
-RSpec.configure do |config|
-  config.include WebMock::API
-  config.include Rack::Test::Methods
-  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
-end
-