omniauth-granicus 1.1.2 → 1.1.3

data/lib/omniauth/granicus/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module GranicusAdmin
-    VERSION = "1.1.2"
+    VERSION = "1.1.3"
   end
 end

data/lib/omniauth/strategies/granicus-admin.rb

@@ -1,5 +1,4 @@
 require 'omniauth/strategies/oauth2'
-require 'base64'
 require 'openssl'
 require 'rack/utils'
 
@@ -7,6 +6,7 @@ module OmniAuth
   module Strategies
     class GranicusAdmin < OmniAuth::Strategies::OAuth2
       class NoAuthorizationCodeError < StandardError; end
+      class InvalidTokenHostError < StandardError; end
 
       DEFAULT_SCOPE = ''
       
@@ -18,35 +18,23 @@ module OmniAuth
         :authorize_url => '/auth/oauth/authorize',
         :token_method => :get,
       }
+      
+      option :access_token_options, {}
 
       option :token_params, {
-        :parse => :query
-      }
-
-      option :access_token_options, {
-        :header_format => 'OAuth %s',
-        :param_name => 'access_token'
+        :parse => :json
       }
 
-      option :authorize_options, [:scope, :display]
+      option :authorize_options, [:scope, :host]
 
-      uid { raw_info['id'] }
+      uid { raw_info['userid'] }
 
       info do
         prune!({
-          'nickname' => raw_info['username'],
-          'email' => raw_info['email'],
+          'email' => raw_info['email'], 
           'name' => raw_info['name'],
-          'first_name' => raw_info['first_name'],
-          'last_name' => raw_info['last_name'],
-          'image' => "#{options[:secure_image_url] ? 'https' : 'http'}://graph.facebook.com/#{uid}/picture?type=square",
-          'description' => raw_info['bio'],
-          'urls' => {
-            'Facebook' => raw_info['link'],
-            'Website' => raw_info['website']
-          },
-          'location' => (raw_info['location'] || {})['name'],
-          'verified' => raw_info['verified']
+          'username' => raw_info['username'],
+          'sessionid' => raw_info['sessionid']
         })
       end
 
@@ -64,7 +52,11 @@ module OmniAuth
       end
 
       def raw_info
-        @raw_info ||= access_token.get('/me').parsed
+        @raw_info ||= access_token.get('/auth/identity/me').parsed
+        @raw_info['name'] ||= @raw_info['username']
+        @raw_info['email'] ||= "#{@raw_info['username']}@#{request.params['host']}"
+      
+        @raw_info
       end
 
       def build_access_token
@@ -73,12 +65,27 @@ module OmniAuth
         end
       end
 
-      # NOTE if we're using code from the signed request
-      # then FB sets the redirect_uri to '' during the authorize
-      # phase + it must match during the access_token phase:
-      # https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348
+      ##
+      # Add the host param to the callback url so that we know where to go for our token
+      #
       def callback_url
-        options[:callback_url] || super
+        full_host + script_name + callback_path + "?host=#{request.params['host']}"
+      end
+      
+      ##
+      # Implement multi-tenancy support in the callback phase with a check to ensure we are still
+      # talking to the right domain to prevent hijacking of the oauth token process
+      #
+      def callback_phase
+        if !request.params['host'].nil? && request.params['host'] =~ /\.granicus\.com$/
+          options.client_options[:site] = "https://#{request.params['host']}"
+        else 
+          raise InvalidTokenHostError.new
+        end
+        
+        super
+      rescue InvalidTokenHostError => e
+          fail!(:invalid_token_host, e)
       end
 
       def access_token_options
@@ -86,7 +93,7 @@ module OmniAuth
       end
 
       ##
-      # You can pass +display+, +state+ or +scope+ params to the auth request, if
+      # You can pass +host+ or +scope+ params to the auth request, if
       # you need to set them dynamically. You can also set these options
       # in the OmniAuth config :authorize_params option.
       #
@@ -105,9 +112,8 @@ module OmniAuth
       private
 
       ##
-      # Picks the authorization code in order, from:
-      #
-      # the request 'code' param (manual callback from standard server-side flow)
+      # Picks the authorization code from the request, and raises a noauthcode exception 
+      # if the code isn't present
       #
       def with_authorization_code!
         if request.params.key?('code')
@@ -117,6 +123,9 @@ module OmniAuth
         end
       end
 
+      ##
+      # Removes nil and empty values from the given hash
+      #
       def prune!(hash)
         hash.delete_if do |_, value|
           prune!(value) if value.is_a?(Hash)
@@ -124,14 +133,6 @@ module OmniAuth
         end
       end
 
-      # def valid_signature?(secret, signature, payload, algorithm = OpenSSL::Digest::SHA256.new)
-      #         OpenSSL::HMAC.digest(algorithm, secret, payload) == signature
-      #       end
-
-      def base64_decode_url(value)
-        value += '=' * (4 - value.size.modulo(4))
-        Base64.decode64(value.tr('-_', '+/'))
-      end
     end
   end
 end

data/spec/omniauth/strategies/granicus_spec.rb

@@ -41,23 +41,20 @@ describe OmniAuth::Strategies::GranicusAdmin do
     it "returns the default callback url" do
       url_base = 'http://auth.request.com'
       @request.stub(:url) { "#{url_base}/some/page" }
+      @request.stub(:params) { { 'host' => 'dev.dev.granicus.com' }}
       subject.stub(:script_name) { '' } # as not to depend on Rack env
-      subject.callback_url.should eq("#{url_base}/auth/granicus_admin/callback")
+      subject.callback_url.should eq("#{url_base}/auth/granicus_admin/callback?host=dev.dev.granicus.com")
     end
 
     it "returns path from callback_path option" do
       @options = { :callback_path => "/auth/FB/done"}
       url_base = 'http://auth.request.com'
       @request.stub(:url) { "#{url_base}/page/path" }
+      @request.stub(:params) { { 'host' => 'dev.dev.granicus.com' }}
       subject.stub(:script_name) { '' } # as not to depend on Rack env
-      subject.callback_url.should eq("#{url_base}/auth/FB/done")
+      subject.callback_url.should eq("#{url_base}/auth/FB/done?host=dev.dev.granicus.com")
     end
 
-    it "returns url from callback_url option" do
-      url = 'https://auth.myapp.com/auth/fb/callback'
-      @options = { :callback_url => url }
-      subject.callback_url.should eq(url)
-    end
   end
 
   describe '#authorize_params' do
@@ -82,23 +79,13 @@ describe OmniAuth::Strategies::GranicusAdmin do
 
   describe '#token_params' do
     it 'has correct parse strategy' do
-      subject.token_params[:parse].should eq(:query)
-    end
-  end
-
-  describe '#access_token_options' do
-    it 'has correct param name by default' do
-      subject.access_token_options[:param_name].should eq('access_token')
-    end
-
-    it 'has correct header format by default' do
-      subject.access_token_options[:header_format].should eq('OAuth %s')
+      subject.token_params[:parse].should eq(:json)
     end
   end
 
   describe '#uid' do
     before :each do
-      subject.stub(:raw_info) { { 'id' => '123' } }
+      subject.stub(:raw_info) { { 'userid' => '123' } }
     end
 
     it 'returns the id from raw_info' do
@@ -109,124 +96,22 @@ describe OmniAuth::Strategies::GranicusAdmin do
   describe '#info' do
     context 'when optional data is not present in raw info' do
       before :each do
-        @raw_info ||= { 'name' => 'Fred Smith' }
+        @raw_info ||= { 'sessionid' => 'thisisatestsessionid' }
         subject.stub(:raw_info) { @raw_info }
       end
 
-      it 'has no email key' do
-        subject.info.should_not have_key('email')
-      end
-
-      it 'has no nickname key' do
-        subject.info.should_not have_key('nickname')
-      end
-
-      it 'has no first name key' do
-        subject.info.should_not have_key('first_name')
-      end
-
-      it 'has no last name key' do
-        subject.info.should_not have_key('last_name')
-      end
-
-      it 'has no location key' do
-        subject.info.should_not have_key('location')
-      end
-
-      it 'has no description key' do
-        subject.info.should_not have_key('description')
-      end
-
-      it 'has no urls' do
-        subject.info.should_not have_key('urls')
-      end
-
-      it 'has no verified key' do
-        subject.info.should_not have_key('verified')
-      end
     end
 
     context 'when optional data is present in raw info' do
       before :each do
-        @raw_info ||= { 'name' => 'Fred Smith' }
+        @raw_info ||= { 'sessionid' => 'thisisatestsessionid' }
         subject.stub(:raw_info) { @raw_info }
       end
 
       it 'returns the name' do
-        subject.info['name'].should eq('Fred Smith')
-      end
-
-      it 'returns the email' do
-        @raw_info['email'] = 'fred@smith.com'
-        subject.info['email'].should eq('fred@smith.com')
+        subject.info['sessionid'].should eq('thisisatestsessionid')
       end
 
-      it 'returns the username as nickname' do
-        @raw_info['username'] = 'fredsmith'
-        subject.info['nickname'].should eq('fredsmith')
-      end
-
-      it 'returns the first name' do
-        @raw_info['first_name'] = 'Fred'
-        subject.info['first_name'].should eq('Fred')
-      end
-
-      it 'returns the last name' do
-        @raw_info['last_name'] = 'Smith'
-        subject.info['last_name'].should eq('Smith')
-      end
-
-      it 'returns the location name as location' do
-        @raw_info['location'] = { 'id' => '104022926303756', 'name' => 'Palo Alto, California' }
-        subject.info['location'].should eq('Palo Alto, California')
-      end
-
-      it 'returns bio as description' do
-        @raw_info['bio'] = 'I am great'
-        subject.info['description'].should eq('I am great')
-      end
-
-      it 'returns the square format granicus avatar url' do
-        @raw_info['id'] = '321'
-        subject.info['image'].should eq('http://graph.facebook.com/321/picture?type=square')
-      end
-
-      it 'returns the Facebook link as the Facebook url' do
-        @raw_info['link'] = 'http://www.facebook.com/fredsmith'
-        subject.info['urls'].should be_a(Hash)
-        subject.info['urls']['Facebook'].should eq('http://www.facebook.com/fredsmith')
-      end
-
-      it 'returns website url' do
-        @raw_info['website'] = 'https://my-wonderful-site.com'
-        subject.info['urls'].should be_a(Hash)
-        subject.info['urls']['Website'].should eq('https://my-wonderful-site.com')
-      end
-
-      it 'return both Facebook link and website urls' do
-        @raw_info['link'] = 'http://www.facebook.com/fredsmith'
-        @raw_info['website'] = 'https://my-wonderful-site.com'
-        subject.info['urls'].should be_a(Hash)
-        subject.info['urls']['Facebook'].should eq('http://www.facebook.com/fredsmith')
-        subject.info['urls']['Website'].should eq('https://my-wonderful-site.com')
-      end
-
-      it 'returns the positive verified status' do
-        @raw_info['verified'] = true
-        subject.info['verified'].should be_true
-      end
-
-      it 'returns the negative verified status' do
-        @raw_info['verified'] = false
-        subject.info['verified'].should be_false
-      end
-    end
-
-    it 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
-      @options = { :secure_image_url => true }
-      raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
-      subject.stub(:raw_info) { raw_info }
-      subject.info['image'].should eq('https://graph.facebook.com/321/picture?type=square')
     end
   end
 
@@ -238,12 +123,12 @@ describe OmniAuth::Strategies::GranicusAdmin do
 
     it 'performs a GET to https://graph.facebook.com/me' do
       @access_token.stub(:get) { double('OAuth2::Response').as_null_object }
-      @access_token.should_receive(:get).with('/me')
+      @access_token.should_receive(:get).with('/auth/identity/me')
       subject.raw_info
     end
 
     it 'returns a Hash' do
-      @access_token.stub(:get).with('/me') do
+      @access_token.stub(:get).with('/auth/identity/me') do
         raw_response = double('Faraday::Response')
         raw_response.stub(:body) { '{ "ohai": "thar" }' }
         raw_response.stub(:status) { 200 }
@@ -308,7 +193,7 @@ describe OmniAuth::Strategies::GranicusAdmin do
 
   describe '#extra' do
     before :each do
-      @raw_info = { 'name' => 'Fred Smith' }
+      @raw_info = { 'sessionid' => 'thisisatestsessionid' }
       subject.stub(:raw_info) { @raw_info }
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-granicus
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.1.3
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-24 00:00:00.000000000Z
+date: 2012-04-26 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
-  requirement: &2164741740 !ruby/object:Gem::Requirement
+  requirement: &2152544460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 1.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *2164741740
+  version_requirements: *2152544460
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2164741220 !ruby/object:Gem::Requirement
+  requirement: &2152543220 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +32,10 @@ dependencies:
         version: 2.7.0
   type: :development
   prerelease: false
-  version_requirements: *2164741220
+  version_requirements: *2152543220
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2164740800 !ruby/object:Gem::Requirement
+  requirement: &2152540540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,7 +43,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2164740800
+  version_requirements: *2152540540
 description: 
 email:
 - javier@granicus.com