omniauth-granicus 1.1.2 → 1.1.3
Sign up to get free protection for your applications and to get access to all the features.
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'omniauth/strategies/oauth2'
|
2
|
-
require 'base64'
|
3
2
|
require 'openssl'
|
4
3
|
require 'rack/utils'
|
5
4
|
|
@@ -7,6 +6,7 @@ module OmniAuth
|
|
7
6
|
module Strategies
|
8
7
|
class GranicusAdmin < OmniAuth::Strategies::OAuth2
|
9
8
|
class NoAuthorizationCodeError < StandardError; end
|
9
|
+
class InvalidTokenHostError < StandardError; end
|
10
10
|
|
11
11
|
DEFAULT_SCOPE = ''
|
12
12
|
|
@@ -18,35 +18,23 @@ module OmniAuth
|
|
18
18
|
:authorize_url => '/auth/oauth/authorize',
|
19
19
|
:token_method => :get,
|
20
20
|
}
|
21
|
+
|
22
|
+
option :access_token_options, {}
|
21
23
|
|
22
24
|
option :token_params, {
|
23
|
-
:parse => :
|
24
|
-
}
|
25
|
-
|
26
|
-
option :access_token_options, {
|
27
|
-
:header_format => 'OAuth %s',
|
28
|
-
:param_name => 'access_token'
|
25
|
+
:parse => :json
|
29
26
|
}
|
30
27
|
|
31
|
-
option :authorize_options, [:scope, :
|
28
|
+
option :authorize_options, [:scope, :host]
|
32
29
|
|
33
|
-
uid { raw_info['
|
30
|
+
uid { raw_info['userid'] }
|
34
31
|
|
35
32
|
info do
|
36
33
|
prune!({
|
37
|
-
'
|
38
|
-
'email' => raw_info['email'],
|
34
|
+
'email' => raw_info['email'],
|
39
35
|
'name' => raw_info['name'],
|
40
|
-
'
|
41
|
-
'
|
42
|
-
'image' => "#{options[:secure_image_url] ? 'https' : 'http'}://graph.facebook.com/#{uid}/picture?type=square",
|
43
|
-
'description' => raw_info['bio'],
|
44
|
-
'urls' => {
|
45
|
-
'Facebook' => raw_info['link'],
|
46
|
-
'Website' => raw_info['website']
|
47
|
-
},
|
48
|
-
'location' => (raw_info['location'] || {})['name'],
|
49
|
-
'verified' => raw_info['verified']
|
36
|
+
'username' => raw_info['username'],
|
37
|
+
'sessionid' => raw_info['sessionid']
|
50
38
|
})
|
51
39
|
end
|
52
40
|
|
@@ -64,7 +52,11 @@ module OmniAuth
|
|
64
52
|
end
|
65
53
|
|
66
54
|
def raw_info
|
67
|
-
@raw_info ||= access_token.get('/me').parsed
|
55
|
+
@raw_info ||= access_token.get('/auth/identity/me').parsed
|
56
|
+
@raw_info['name'] ||= @raw_info['username']
|
57
|
+
@raw_info['email'] ||= "#{@raw_info['username']}@#{request.params['host']}"
|
58
|
+
|
59
|
+
@raw_info
|
68
60
|
end
|
69
61
|
|
70
62
|
def build_access_token
|
@@ -73,12 +65,27 @@ module OmniAuth
|
|
73
65
|
end
|
74
66
|
end
|
75
67
|
|
76
|
-
|
77
|
-
#
|
78
|
-
#
|
79
|
-
# https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348
|
68
|
+
##
|
69
|
+
# Add the host param to the callback url so that we know where to go for our token
|
70
|
+
#
|
80
71
|
def callback_url
|
81
|
-
|
72
|
+
full_host + script_name + callback_path + "?host=#{request.params['host']}"
|
73
|
+
end
|
74
|
+
|
75
|
+
##
|
76
|
+
# Implement multi-tenancy support in the callback phase with a check to ensure we are still
|
77
|
+
# talking to the right domain to prevent hijacking of the oauth token process
|
78
|
+
#
|
79
|
+
def callback_phase
|
80
|
+
if !request.params['host'].nil? && request.params['host'] =~ /\.granicus\.com$/
|
81
|
+
options.client_options[:site] = "https://#{request.params['host']}"
|
82
|
+
else
|
83
|
+
raise InvalidTokenHostError.new
|
84
|
+
end
|
85
|
+
|
86
|
+
super
|
87
|
+
rescue InvalidTokenHostError => e
|
88
|
+
fail!(:invalid_token_host, e)
|
82
89
|
end
|
83
90
|
|
84
91
|
def access_token_options
|
@@ -86,7 +93,7 @@ module OmniAuth
|
|
86
93
|
end
|
87
94
|
|
88
95
|
##
|
89
|
-
# You can pass +
|
96
|
+
# You can pass +host+ or +scope+ params to the auth request, if
|
90
97
|
# you need to set them dynamically. You can also set these options
|
91
98
|
# in the OmniAuth config :authorize_params option.
|
92
99
|
#
|
@@ -105,9 +112,8 @@ module OmniAuth
|
|
105
112
|
private
|
106
113
|
|
107
114
|
##
|
108
|
-
# Picks the authorization code
|
109
|
-
#
|
110
|
-
# the request 'code' param (manual callback from standard server-side flow)
|
115
|
+
# Picks the authorization code from the request, and raises a noauthcode exception
|
116
|
+
# if the code isn't present
|
111
117
|
#
|
112
118
|
def with_authorization_code!
|
113
119
|
if request.params.key?('code')
|
@@ -117,6 +123,9 @@ module OmniAuth
|
|
117
123
|
end
|
118
124
|
end
|
119
125
|
|
126
|
+
##
|
127
|
+
# Removes nil and empty values from the given hash
|
128
|
+
#
|
120
129
|
def prune!(hash)
|
121
130
|
hash.delete_if do |_, value|
|
122
131
|
prune!(value) if value.is_a?(Hash)
|
@@ -124,14 +133,6 @@ module OmniAuth
|
|
124
133
|
end
|
125
134
|
end
|
126
135
|
|
127
|
-
# def valid_signature?(secret, signature, payload, algorithm = OpenSSL::Digest::SHA256.new)
|
128
|
-
# OpenSSL::HMAC.digest(algorithm, secret, payload) == signature
|
129
|
-
# end
|
130
|
-
|
131
|
-
def base64_decode_url(value)
|
132
|
-
value += '=' * (4 - value.size.modulo(4))
|
133
|
-
Base64.decode64(value.tr('-_', '+/'))
|
134
|
-
end
|
135
136
|
end
|
136
137
|
end
|
137
138
|
end
|
@@ -41,23 +41,20 @@ describe OmniAuth::Strategies::GranicusAdmin do
|
|
41
41
|
it "returns the default callback url" do
|
42
42
|
url_base = 'http://auth.request.com'
|
43
43
|
@request.stub(:url) { "#{url_base}/some/page" }
|
44
|
+
@request.stub(:params) { { 'host' => 'dev.dev.granicus.com' }}
|
44
45
|
subject.stub(:script_name) { '' } # as not to depend on Rack env
|
45
|
-
subject.callback_url.should eq("#{url_base}/auth/granicus_admin/callback")
|
46
|
+
subject.callback_url.should eq("#{url_base}/auth/granicus_admin/callback?host=dev.dev.granicus.com")
|
46
47
|
end
|
47
48
|
|
48
49
|
it "returns path from callback_path option" do
|
49
50
|
@options = { :callback_path => "/auth/FB/done"}
|
50
51
|
url_base = 'http://auth.request.com'
|
51
52
|
@request.stub(:url) { "#{url_base}/page/path" }
|
53
|
+
@request.stub(:params) { { 'host' => 'dev.dev.granicus.com' }}
|
52
54
|
subject.stub(:script_name) { '' } # as not to depend on Rack env
|
53
|
-
subject.callback_url.should eq("#{url_base}/auth/FB/done")
|
55
|
+
subject.callback_url.should eq("#{url_base}/auth/FB/done?host=dev.dev.granicus.com")
|
54
56
|
end
|
55
57
|
|
56
|
-
it "returns url from callback_url option" do
|
57
|
-
url = 'https://auth.myapp.com/auth/fb/callback'
|
58
|
-
@options = { :callback_url => url }
|
59
|
-
subject.callback_url.should eq(url)
|
60
|
-
end
|
61
58
|
end
|
62
59
|
|
63
60
|
describe '#authorize_params' do
|
@@ -82,23 +79,13 @@ describe OmniAuth::Strategies::GranicusAdmin do
|
|
82
79
|
|
83
80
|
describe '#token_params' do
|
84
81
|
it 'has correct parse strategy' do
|
85
|
-
subject.token_params[:parse].should eq(:
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
describe '#access_token_options' do
|
90
|
-
it 'has correct param name by default' do
|
91
|
-
subject.access_token_options[:param_name].should eq('access_token')
|
92
|
-
end
|
93
|
-
|
94
|
-
it 'has correct header format by default' do
|
95
|
-
subject.access_token_options[:header_format].should eq('OAuth %s')
|
82
|
+
subject.token_params[:parse].should eq(:json)
|
96
83
|
end
|
97
84
|
end
|
98
85
|
|
99
86
|
describe '#uid' do
|
100
87
|
before :each do
|
101
|
-
subject.stub(:raw_info) { { '
|
88
|
+
subject.stub(:raw_info) { { 'userid' => '123' } }
|
102
89
|
end
|
103
90
|
|
104
91
|
it 'returns the id from raw_info' do
|
@@ -109,124 +96,22 @@ describe OmniAuth::Strategies::GranicusAdmin do
|
|
109
96
|
describe '#info' do
|
110
97
|
context 'when optional data is not present in raw info' do
|
111
98
|
before :each do
|
112
|
-
@raw_info ||= { '
|
99
|
+
@raw_info ||= { 'sessionid' => 'thisisatestsessionid' }
|
113
100
|
subject.stub(:raw_info) { @raw_info }
|
114
101
|
end
|
115
102
|
|
116
|
-
it 'has no email key' do
|
117
|
-
subject.info.should_not have_key('email')
|
118
|
-
end
|
119
|
-
|
120
|
-
it 'has no nickname key' do
|
121
|
-
subject.info.should_not have_key('nickname')
|
122
|
-
end
|
123
|
-
|
124
|
-
it 'has no first name key' do
|
125
|
-
subject.info.should_not have_key('first_name')
|
126
|
-
end
|
127
|
-
|
128
|
-
it 'has no last name key' do
|
129
|
-
subject.info.should_not have_key('last_name')
|
130
|
-
end
|
131
|
-
|
132
|
-
it 'has no location key' do
|
133
|
-
subject.info.should_not have_key('location')
|
134
|
-
end
|
135
|
-
|
136
|
-
it 'has no description key' do
|
137
|
-
subject.info.should_not have_key('description')
|
138
|
-
end
|
139
|
-
|
140
|
-
it 'has no urls' do
|
141
|
-
subject.info.should_not have_key('urls')
|
142
|
-
end
|
143
|
-
|
144
|
-
it 'has no verified key' do
|
145
|
-
subject.info.should_not have_key('verified')
|
146
|
-
end
|
147
103
|
end
|
148
104
|
|
149
105
|
context 'when optional data is present in raw info' do
|
150
106
|
before :each do
|
151
|
-
@raw_info ||= { '
|
107
|
+
@raw_info ||= { 'sessionid' => 'thisisatestsessionid' }
|
152
108
|
subject.stub(:raw_info) { @raw_info }
|
153
109
|
end
|
154
110
|
|
155
111
|
it 'returns the name' do
|
156
|
-
subject.info['
|
157
|
-
end
|
158
|
-
|
159
|
-
it 'returns the email' do
|
160
|
-
@raw_info['email'] = 'fred@smith.com'
|
161
|
-
subject.info['email'].should eq('fred@smith.com')
|
112
|
+
subject.info['sessionid'].should eq('thisisatestsessionid')
|
162
113
|
end
|
163
114
|
|
164
|
-
it 'returns the username as nickname' do
|
165
|
-
@raw_info['username'] = 'fredsmith'
|
166
|
-
subject.info['nickname'].should eq('fredsmith')
|
167
|
-
end
|
168
|
-
|
169
|
-
it 'returns the first name' do
|
170
|
-
@raw_info['first_name'] = 'Fred'
|
171
|
-
subject.info['first_name'].should eq('Fred')
|
172
|
-
end
|
173
|
-
|
174
|
-
it 'returns the last name' do
|
175
|
-
@raw_info['last_name'] = 'Smith'
|
176
|
-
subject.info['last_name'].should eq('Smith')
|
177
|
-
end
|
178
|
-
|
179
|
-
it 'returns the location name as location' do
|
180
|
-
@raw_info['location'] = { 'id' => '104022926303756', 'name' => 'Palo Alto, California' }
|
181
|
-
subject.info['location'].should eq('Palo Alto, California')
|
182
|
-
end
|
183
|
-
|
184
|
-
it 'returns bio as description' do
|
185
|
-
@raw_info['bio'] = 'I am great'
|
186
|
-
subject.info['description'].should eq('I am great')
|
187
|
-
end
|
188
|
-
|
189
|
-
it 'returns the square format granicus avatar url' do
|
190
|
-
@raw_info['id'] = '321'
|
191
|
-
subject.info['image'].should eq('http://graph.facebook.com/321/picture?type=square')
|
192
|
-
end
|
193
|
-
|
194
|
-
it 'returns the Facebook link as the Facebook url' do
|
195
|
-
@raw_info['link'] = 'http://www.facebook.com/fredsmith'
|
196
|
-
subject.info['urls'].should be_a(Hash)
|
197
|
-
subject.info['urls']['Facebook'].should eq('http://www.facebook.com/fredsmith')
|
198
|
-
end
|
199
|
-
|
200
|
-
it 'returns website url' do
|
201
|
-
@raw_info['website'] = 'https://my-wonderful-site.com'
|
202
|
-
subject.info['urls'].should be_a(Hash)
|
203
|
-
subject.info['urls']['Website'].should eq('https://my-wonderful-site.com')
|
204
|
-
end
|
205
|
-
|
206
|
-
it 'return both Facebook link and website urls' do
|
207
|
-
@raw_info['link'] = 'http://www.facebook.com/fredsmith'
|
208
|
-
@raw_info['website'] = 'https://my-wonderful-site.com'
|
209
|
-
subject.info['urls'].should be_a(Hash)
|
210
|
-
subject.info['urls']['Facebook'].should eq('http://www.facebook.com/fredsmith')
|
211
|
-
subject.info['urls']['Website'].should eq('https://my-wonderful-site.com')
|
212
|
-
end
|
213
|
-
|
214
|
-
it 'returns the positive verified status' do
|
215
|
-
@raw_info['verified'] = true
|
216
|
-
subject.info['verified'].should be_true
|
217
|
-
end
|
218
|
-
|
219
|
-
it 'returns the negative verified status' do
|
220
|
-
@raw_info['verified'] = false
|
221
|
-
subject.info['verified'].should be_false
|
222
|
-
end
|
223
|
-
end
|
224
|
-
|
225
|
-
it 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
|
226
|
-
@options = { :secure_image_url => true }
|
227
|
-
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
|
228
|
-
subject.stub(:raw_info) { raw_info }
|
229
|
-
subject.info['image'].should eq('https://graph.facebook.com/321/picture?type=square')
|
230
115
|
end
|
231
116
|
end
|
232
117
|
|
@@ -238,12 +123,12 @@ describe OmniAuth::Strategies::GranicusAdmin do
|
|
238
123
|
|
239
124
|
it 'performs a GET to https://graph.facebook.com/me' do
|
240
125
|
@access_token.stub(:get) { double('OAuth2::Response').as_null_object }
|
241
|
-
@access_token.should_receive(:get).with('/me')
|
126
|
+
@access_token.should_receive(:get).with('/auth/identity/me')
|
242
127
|
subject.raw_info
|
243
128
|
end
|
244
129
|
|
245
130
|
it 'returns a Hash' do
|
246
|
-
@access_token.stub(:get).with('/me') do
|
131
|
+
@access_token.stub(:get).with('/auth/identity/me') do
|
247
132
|
raw_response = double('Faraday::Response')
|
248
133
|
raw_response.stub(:body) { '{ "ohai": "thar" }' }
|
249
134
|
raw_response.stub(:status) { 200 }
|
@@ -308,7 +193,7 @@ describe OmniAuth::Strategies::GranicusAdmin do
|
|
308
193
|
|
309
194
|
describe '#extra' do
|
310
195
|
before :each do
|
311
|
-
@raw_info = { '
|
196
|
+
@raw_info = { 'sessionid' => 'thisisatestsessionid' }
|
312
197
|
subject.stub(:raw_info) { @raw_info }
|
313
198
|
end
|
314
199
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-granicus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.3
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,11 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-04-
|
12
|
+
date: 2012-04-26 00:00:00.000000000Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: omniauth-oauth2
|
16
|
-
requirement: &
|
16
|
+
requirement: &2152544460 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ~>
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: 1.0.0
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *2152544460
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: rspec
|
27
|
-
requirement: &
|
27
|
+
requirement: &2152543220 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ~>
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: 2.7.0
|
33
33
|
type: :development
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *2152543220
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: rake
|
38
|
-
requirement: &
|
38
|
+
requirement: &2152540540 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ! '>='
|
@@ -43,7 +43,7 @@ dependencies:
|
|
43
43
|
version: '0'
|
44
44
|
type: :development
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *2152540540
|
47
47
|
description:
|
48
48
|
email:
|
49
49
|
- javier@granicus.com
|