omniauth-heroku 0.2.0.pre → 0.2.0

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    M2ZlY2IwZjQ5NmNhN2QyMjRhODI0MGE4MmQ5ODFkNzIxZDZiNThlYg==
+    NzQ0NTZiYTZlYTcxNDc0MzYzNDBmM2Y0NmM4M2Q1OTYwYWM2ZjM4NQ==
   data.tar.gz: !binary |-
-    MDEyNDQ1MjUzMThjMzQzYjU4NDFmMjQzNjYxYzBkZDVlOTE0OGU4Mw==
-!binary "U0hBNTEy":
+    YmNiZTI4ZTkzZGMyMTI3YTIxMmE2MTJlNWIxMDZhOGRlY2MyOGY3MQ==
+SHA512:
   metadata.gz: !binary |-
-    MDJkMTc0MTBiNTIzZGU4ZDI4Y2YwYWRkOGEwNDJkNWFlYTczNzJiNzJmODRk
-    YjJjNmNiZTk5NjU0MTNhNWE4ZDcyNTAyZGQwNWJjMGU5NTIzNjI0ZDIwYjVk
-    YmRjODNlZGZlZDY5YjU1OGQ0ZTAzYWMxMTk2NGNlMGM3Njg4MTU=
+    NWFhMDBmNDQwZDZmOTgzNTY2OTIwZjdhNmU5NWYxN2ZiN2YyZDliM2MyMWMx
+    Zjg1NzE2ZTI2OGIzZDE0OTRmODQwZTRkMjZmODg3MWRjZTY0YTAyN2UyNzQx
+    Zjg0YTQ0Njg4MzJmYjJmNGJmYjdiMDg3ZTk5NTc3YjdkMTgxMmQ=
   data.tar.gz: !binary |-
-    NDFiYjc5NzNmMzE0MWZhYWFjYTdlZWE5MDdlM2ViOGU5MDNkNGFiZThjYmQz
-    NTQ1NjczYzg2MDQ1MjMxNzU0OGIzNGNkMDUzMTMyZDI0ZWI0NGViOWFlNzJi
-    YzI2NWNiNTViMTAwYzU1ZDBmMzRiYTE3YTc2MzNlMWYyNTQ4MzE=
+    NTJhOTBjOTE5ZGQxYjhkMzM4Y2FhNDJiOTgwYzQ3OTIzMTU5MzBhYzk5Y2Q2
+    YzVkNDJiNGI0MzVmOWJhY2Q0ZmIwOGMwMGU0MmJmY2FhMjdjOTA5YTNlN2Rm
+    NGFiZjk5MDg3OTRmYTNlZDc2OThkMjQzYTFiNDJhYThlODViNDE=

data/.travis.yml

@@ -1,7 +1,7 @@
 language: ruby
 rvm:
-  - 2.1.2
-  - 2.1.0
+  - 2.1.4
+  - 2.0.0
   - 1.9.3
 cache: bundler
 notifications:

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Pedro Belo
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/omniauth/strategies/heroku.rb

@@ -44,6 +44,18 @@ module OmniAuth
         end
       end
 
+      # override method in OmniAuth::Strategies::OAuth2 to error
+      # when we don't have a client_id or secret:
+      def request_phase
+        if missing_client_id?
+          fail!(:missing_client_id)
+        elsif missing_client_secret?
+          fail!(:missing_client_secret)
+        else
+          super
+        end
+      end
+
       def account_info
         @account_info ||= MultiJson.decode(heroku_api.get("/account").body)
       end
@@ -56,6 +68,14 @@ module OmniAuth
             "Authorization" => "Bearer #{access_token.token}",
           })
       end
+
+      def missing_client_id?
+        [nil, ""].include?(options.client_id)
+      end
+
+      def missing_client_secret?
+        [nil, ""].include?(options.client_secret)
+      end
     end
   end
 end

data/omniauth-heroku.gemspec

@@ -4,12 +4,13 @@ Gem::Specification.new do |gem|
   gem.description   = %q{OmniAuth strategy for Heroku.}
   gem.summary       = %q{OmniAuth strategy for Heroku.}
   gem.homepage      = "https://github.com/heroku/omniauth-heroku"
+  gem.license       = "MIT"
 
   gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   gem.files         = `git ls-files`.split("\n")
   gem.name          = "omniauth-heroku"
   gem.require_paths = ["lib"]
-  gem.version       = "0.2.0.pre"
+  gem.version       = "0.2.0"
 
   gem.add_dependency 'omniauth', '~> 1.2'
   gem.add_dependency 'omniauth-oauth2', '~> 1.2'

data/spec/omniauth_heroku_spec.rb

@@ -29,12 +29,8 @@ describe OmniAuth::Strategies::Heroku do
   end
 
   it "receives the callback" do
-    # start the callback, get the session state
-    get "/auth/heroku"
-    assert_equal 302, last_response.status
-    state = last_response.headers["Location"].match(/state=([\w\d]+)/)[1]
-
     # trigger the callback setting the state as a param and in the session
+    state = SecureRandom.hex(8)
     get "/auth/heroku/callback", { "state" => state },
       { "rack.session" => { "omniauth.state" => state }}
     assert_equal 200, last_response.status
@@ -58,11 +54,8 @@ describe OmniAuth::Strategies::Heroku do
       with(headers: { "Authorization" => "Bearer #{@token}" }).
       to_return(body: MultiJson.encode(account_info))
 
-    # do the oauth dance
-    get "/auth/heroku"
-    assert_equal 302, last_response.status
-    state = last_response.headers["Location"].match(/state=([\w\d]+)/)[1]
-
+    # hit the OAuth callback
+    state = SecureRandom.hex(8)
     get "/auth/heroku/callback", { "state" => state },
       { "rack.session" => { "omniauth.state" => state }}
     assert_equal 200, last_response.status
@@ -75,4 +68,22 @@ describe OmniAuth::Strategies::Heroku do
     assert_equal "John", omniauth_env["info"]["name"]
     assert_equal account_info, omniauth_env["extra"]
   end
+
+  describe "error handling" do
+    it "renders an error when client_id is not informed" do
+      @app = make_app(client_id: nil)
+      get "/auth/heroku"
+      assert_equal 302, last_response.status
+      redirect = URI.parse(last_response.headers["Location"])
+      assert_equal "/auth/failure", redirect.path
+    end
+
+    it "renders an error when client_secret is not informed" do
+      @app = make_app(client_secret: "") # should also handle empty strings
+      get "/auth/heroku"
+      assert_equal 302, last_response.status
+      redirect = URI.parse(last_response.headers["Location"])
+      assert_equal "/auth/failure", redirect.path
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -28,6 +28,15 @@ RSpec.configure do |config|
   end
 
   def make_app(omniauth_heroku_options={})
+    client_id     = ENV["HEROKU_OAUTH_ID"]
+    client_secret = ENV["HEROKU_OAUTH_SECRET"]
+    if omniauth_heroku_options.has_key?(:client_id)
+      client_id = omniauth_heroku_options.delete(:client_id)
+    end
+    if omniauth_heroku_options.has_key?(:client_secret)
+      client_secret = omniauth_heroku_options.delete(:client_secret)
+    end
+
     Sinatra.new do
       configure do
         enable :sessions
@@ -36,8 +45,7 @@ RSpec.configure do |config|
       end
 
       use OmniAuth::Builder do
-        provider :heroku, ENV["HEROKU_OAUTH_ID"], ENV["HEROKU_OAUTH_SECRET"],
-          omniauth_heroku_options
+        provider :heroku, client_id, client_secret, omniauth_heroku_options
       end
 
       get "/auth/heroku/callback" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-heroku
 version: !ruby/object:Gem::Version
-  version: 0.2.0.pre
+  version: 0.2.0
 platform: ruby
 authors:
 - Pedro Belo
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-11 00:00:00.000000000 Z
+date: 2014-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -49,6 +49,7 @@ files:
 - .rspec
 - .travis.yml
 - Gemfile
+- LICENSE
 - README.md
 - Rakefile
 - lib/omniauth-heroku.rb
@@ -57,7 +58,8 @@ files:
 - spec/omniauth_heroku_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/heroku/omniauth-heroku
-licenses: []
+licenses:
+- MIT
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -70,12 +72,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>'
+  - - ! '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.7
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: OmniAuth strategy for Heroku.