omniauth-humanid 0.0.25 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95735723f5a043cb13204fd0645418db55ff1989ba21f2745d1d3102ac92e0bd
-  data.tar.gz: e65bd40067ebc27b9c0b49385232ad1c2edea86f1977a28962fc2d5528b2de71
+  metadata.gz: f4bc9196f2283e4f131635ef4d1aeed7c7870a55a7555e8c546c28fdd0f06eac
+  data.tar.gz: 340de736108b463ce81c404109179b3b44d2972bda377d86df67be776b0bc82a
 SHA512:
-  metadata.gz: 2d7f1b3d143b50d2f09d7d66022ac7b148d3aebea8e9e8bcd550238ae40440074f8bd025d571b0137d968575c0071c6e5dc09ad7bbf8239a9d5652f44695a4b0
-  data.tar.gz: d1b12cb08758174c66a7182201a7a8a85032cb84edd877329e4413fc130e49ff7cdf45fb5da6c3fc884a069b033e0ae4ae990805067d8ae8857379f9f38d9d98
+  metadata.gz: 91677e1ea06063748fac42aa84497786f6c514caa052ae4c68800427ad5487ae66c54009cd4dc534eb415e318fb4debc4b28b2eb35bc5113abd0eb66cc3aa66e
+  data.tar.gz: 1ba5d6c6a5ca2e2d22cc12d89ece24611c8fdd22622791c50b6a09a583b186495d5c5db9e4a6a4edfc3023b88217c07240d8e39adba67331325ff428d07e3a1a

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    omniauth-humanid (0.0.25)
+    omniauth-humanid (1.0.0)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -1,11 +1,13 @@
 # Ruby/Rails OmniAuth for HumanID Alpha
 
+status: working, but will wait a while to make sure before bumping to 1.0.0
+
 Omniauth for humanID, a platform that prevents bots and increases privacy. HumanID is run by Human Internet,
 a non-profit that is currently financed by organizations such as Harvard and the Mozilla Foundation (I love the Mozilla
 Developer Network (MDN) which gives great javascript information).
 
 HumanID works best when used as the only sign-up solution, due to this HumanID has to be highly trusted. This is where their
-non-profit status steps in. HumanID has many benifits:
+non-profit status steps in. HumanID has many benefits:
 
 1. Increased privacy for users through both technical innovations and legal responsibilities.
 2. Making bots inconvienient by requiring phone verification.
@@ -16,6 +18,8 @@ non-profit status steps in. HumanID has many benifits:
 
 ## Installation
 
+This gem relies on the [omniauth gem](https://github.com/omniauth/omniauth). It was also developed along-side [devise](https://github.com/heartcombo/devise), but should work without it, some of the configuration may change though.
+
 Add this line to your application's Gemfile:
 
 ```ruby
@@ -54,9 +58,39 @@ Update as normal.
 	= form_with url: user_humanid_omniauth_authorize_path, method: :post do
 		%input{type: :image, src: image_pack_path("icons/sign_in_logos/humanID.svg"), alt: "Anonymous Login with humanID"}
     ```
-5. Create your callback area (still in development)
-    - This area is generally supposed to be customizable, as you might have a diffrent model name, want to attach some validations, etc, etc. So it is not included in the gem, but is here as a how-to.
-    - TBD
+5. Create your callback area
+    - This area is generally supposed to be customizable, as you might have a different model name, want to attach some validations, etc, etc. So it is not included in the gem, but is here a partial implementation of it.
+	```ruby
+	#in the omnath_callbacks_controller.rb file
+	def accept_country_code?(code)
+		true
+	end
+	def humanid
+		omau = request.env['omniauth.auth']
+		uid = omau.info.appUserId
+		country_code = omau.info.countryCode
+		provider = omau.provider
+		Rails.logger.info("#{provider} - #{country_code} - #{uid}")
+	
+		unless accept_country_code?(country_code)
+			redirect_to root_path, flash: {info: "phone number's country-code not accepted at this time"}
+			return
+		end
+	
+		user = User.find_by(provider: provider, uid: uid)
+		if user
+			#allready have an account, sign them in
+			sign_in_and_redirect user, event: :authentication
+		else
+			request.session['signup'] ||= {}
+			request.session["signup"]["provider"] = provider
+			request.session["signup"]["uid"] = uid
+			request.session["signup"]["country_code"] = country_code
+			#continue the signup process, perhaps with a redirect, or create the user here,
+			#and redirect to the main website. 
+		end
+	end
+	```
 
 ## Additional configuration
 
@@ -67,6 +101,7 @@ additional configuration can be set in your initializer file at the same area an
 - humanid_version: version string that goes in the url. Defaults to 'v0.0.3'. If humanid updates this may need to be updated aswell.
 - priority_country: not sure exactly what this does or how to use it, but it was in the docs so i added it as an option. Defaults to nil.
 - external_signup_url: the web login url. Defaults to: "https://core.human-id.org/[HUMANID_VERSION]/server/users/web-login". [HUMANID_VERSION] gets substituted by humanid_version above.
+- exchange_url: the exchange url. Defaults to: "https://core.human-id.org/[HUMANID_VERSION]/server/users/exchange". [HUMANID_VERSION] gets substituted by humanid_version above.
 
 ### Devise without emails/passwords
 
@@ -82,11 +117,11 @@ Although Devise is easier to deal with without usernames / passwords, it takes a
 2. In your devise.rb initializer file, make sure to set authentication_keys to []
 3. delete or comment out the selections in devise.rb related to number 1.
 4. I had to add back the route below:
-```ruby
-as :user do
-	delete "/users/sign_out" => "users/sessions#destroy"
-end
-```
+	```ruby
+	as :user do
+		delete "/users/sign_out" => "users/sessions#destroy"
+	end
+	```
 5. For development you may have to create a seperate way to login/signup for testing purposes. You can do this by sending a form that implements the method 'sign_in_and_redirect user, event: :authentication', or that sets fake values for signup. MAKE SURE THIS METHOD IS ONLY ACTIVE DURING DEVELOPMENT. I have a version of this below:
 	- in my routes.rb:
 	```ruby
@@ -98,24 +133,22 @@ end
 	```
 	- in my OmniauthCallbacksController override (see devise documentation):
 	```ruby
-	def callback_common(provider, uid)
-		user = User.from_omniauth(provider, uid)
-		if user
-			#allready have an account, sign them in
-			sign_in_and_redirect user, event: :authentication # this will throw if user is not activated
-		else
-			request.session['signup'] ||= {}
-			request.session["signup"]["provider"] = provider
-			request.session["signup"]["uid"] = uid
-			raise StandardError.new("REPLACE THIS ERROR WITH A REDIRECT TO FINISH SIGNUP")
-		end
-	end
 	if Rails.env.development?
 		def callback_override
 			raise StandardError.new("nope") unless Rails.env.development?
 			provider = 'override'
 			uid = params['uid']
-			callback_common provider, uid
+			user = User.find_by(provider: provider, uid: uid)
+			if user
+				#allready have an account, sign them in
+				sign_in_and_redirect user, event: :authentication # this will throw if user is not activated
+			else
+				request.session['signup'] ||= {}
+				request.session["signup"]["provider"] = provider
+				request.session["signup"]["uid"] = uid
+				request.session["signup"]["country_code"] = 'US'
+				#continue your usual sign-up process. Note for the override strategy that the username is the uid.
+			end
 		end
 	end
 	```

data/lib/omniauth-humanid.rb

@@ -4,7 +4,7 @@ module OmniAuth
 	module Strategies
 		class Humanid
 			include OmniAuth::Strategy
-			#Omniauth strategy creation guide be useful
+			#Omniauth strategy creation guide can be useful
 				#- https://github.com/omniauth/omniauth/wiki/Strategy-Contribution-Guide
 				#- note the request_phase and the callback_phase
 
@@ -62,7 +62,7 @@ module OmniAuth
 
 				#get uri
 				uri = get_external_signup_uri
-				Rails.logger.debug "HUMANID_OMNIAUTH URI: #{uri.to_s}"
+				Rails.logger.debug "uri: #{uri.to_s}"
 				#make a post request (but dont send it yet)
 				post_request = Net::HTTP::Post.new(uri)
 				#set the headers as per docs.
@@ -108,9 +108,8 @@ module OmniAuth
 				#this is done in the verify exchange token step in the humanID docs.
 
 				#get the exchange_token from the humanID callback
-				Rails.logger.info("CALLBACK PHASE")
+				Rails.logger.info("humanid callback phase")
 				exchange_token = request.params['et']
-				Rails.logger.info("EXCHANGE TOKEN: #{exchange_token}")
 				
 				#create the request (as per the humanID docs)
 				uri = get_exchange_uri
@@ -121,10 +120,9 @@ module OmniAuth
 				post_request.body = {"exchangeToken" => exchange_token}.to_json
 				#send the request, get the response.
 				res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true){|http| http.request(post_request)}
-				Rails.logger.info("RESPONSE: #{res}")
 				if res.code == "200"
 					self.raw_info = JSON.parse(res.body)
-					Rails.logger.info("raw: #{raw_info}")
+					Rails.logger.info("humanid callback phase: success")
 					super
 				else
 					str = "Issue with the callback_phase of humanid omniauth, response from human id has code: #{res.code}, and body: #{res.body}"
@@ -133,13 +131,11 @@ module OmniAuth
 				end
 			end
 			
-			#not a method? Some DSL magic that is not explained in docs. Just looked at other projects and they did something like this so
+			#not a method? Some DSL magic that is not explained in docs.
+			#tried to do the same with uid but it didn't work. Either way its accessible now
 			info do
 				raw_info['data']
 			end
-			uid do
-				raw_info['data']['userAppId']
-			end
 		end
 	end
 end

data/omniauth-humanid.gemspec

@@ -1,4 +1,4 @@
-version = '0.0.25'
+version = '1.0.0'
 #version must be on the first line for the update script
 
 Gem::Specification.new do |spec|
@@ -29,4 +29,4 @@ Gem::Specification.new do |spec|
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-humanid
 version: !ruby/object:Gem::Version
-  version: 0.0.25
+  version: 1.0.0
 platform: ruby
 authors:
 - Luke Clancy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-08-23 00:00:00.000000000 Z
+date: 2022-09-08 00:00:00.000000000 Z
 dependencies: []
 description: 
 email: