omniauth-idcat_mobil 0.1.1 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9691f8a5ce128b45dbd3cc8b48e979dd6a2e25d6d331b858a03cc46011f05aa2
-  data.tar.gz: cd7b6247e1a629290a7474a655f1611b82e439fc156bc8e4571fa43376dcc581
+  metadata.gz: b2c510f98cc25863f8f7d1e8c4fa698993a71438f948d6f1cd039c3535ce735f
+  data.tar.gz: b743977b94da58395d324f3df3c8ed6b82ea14f3098836d162c9d0b42cec366b
 SHA512:
-  metadata.gz: 7e436a5c9f6c65dde4a01fdf73e298c86dd42c1b41fe0155d15559cc8f8a8a97eed6e5ee9c029636585b1888e881183b43ffaaa3f321a0ec8a73ad8869caee66
-  data.tar.gz: 05be1b35950d897ba8da644b973dbcf1652af4c4f3a64f5f123bced185a8433b2059ff5bedd956db69649760d4985037bb22d9bbec8dfe8ba76911cc333a3617
+  metadata.gz: ddc16470b5a9b7f4298d773568dbbbae3584d85aec130fe9728883da4ef9c8b36eb239aafcd3b841d8d428a200896fcaee1b5e73447ac6a5325d89bac94718dd
+  data.tar.gz: 15b24d49ae852316ea14be9d5c546035e2943b9b1cf87d3f1127f7b81f16f8976aa31bef02c03b9f6ab9019d7bc36bf41de31a93a1a888d5fcbf7c69fbe83307

data/.gitignore

@@ -6,3 +6,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+Gemfile.lock

data/.ruby-version

@@ -0,0 +1 @@
+2.7.5

data/CHANGELOG.md

@@ -2,5 +2,20 @@
 
 ## next version:
 
+## Version 0.2.3 (PATCH)
+- FIX: do not delete the session state before checking it.
+- DOC: Correct mispelling in README
+
+## Version 0.2.2 (PATCH)
+- FIX: Fix internal `log` method is wrongly invoked from `omniauth`.
+- Bump Ruby version to 2.7.5
+
+## Version 0.2.1 (PATCH)
+- Apply security upgrades
+- Add a .ruby-version file
+
+## Version 0.2.0 (MINOR)
+- Remove Gemfile.lock to avoid forcing the versioning of apps using this gem.
+
 ## Version 0.1.1 (PATCH)
 - [REFACTOR] Remove one declaration of info email field which was setted twice. \#[3](https://github.com/gencat/omniauth-idcat_mobil/pull/3)

data/Gemfile

@@ -6,7 +6,7 @@ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
 gemspec
 
 group :test do
-  gem "rack", ">= 1.6.2"
+  gem "rack", ">= 2.1.4"
   gem "rack-test"
   gem "rspec", "~> 3.0"
 end

data/README.md

@@ -39,7 +39,25 @@ end
 
 `omniauth-idcat_mobil` is a standard OAuth2 strategy. It is based on `omniauth-oauth2` that is just an `omniauth` extension. Thus, you can also integrate it using [`omniauth` integrating guide](https://github.com/omniauth/omniauth).
 
-## Incon assets
+## Request/callback workflow
+
+This is a quasi standard omniauth Strategy. It is not 100% standard because the standard is to have two phases. A +request_phase+, where our client application delegates the user authentication to the authentication provider (IdCat mòbil in this case), and a +callback_phase+, where the authentication provider invokes our application back with the result of the authentication and we negotiate the final access_token.
+For IdCat mòbil we still need to perform an extra step during the +callback_phase+ to fetch users' data.
+
+### request_phase
+
+`omniauth-idcat_mobil` does not implement this method, instead we rely in the default implementation in `OmniAuth::Strategies::OAuth2`.
+It simply redirects the user to the authentiction provider to authenticate.
+When users finish with the authentication workflow in IdCat mòbil, this authentication provider redirects them to our `callback_phase`.
+
+### callback_phase
+
+This phase starts by checking the result of the authentication in the provider's site.
+When users get authenticated, we still need to negotiate the access_token that we will need to perform extra requests to the provider system.
+The access_token is obtained by performing a POST request to the provider. If this succeeds then we're ready to go and perform te `getUserInfo` request. This request is implemented in the `raw_info` method.
+After a successful `getUserInfo` the superclass of this strategy fills the `info` so that our host application can access it and finishes with its authentication task.
+
+## Icon assets
 We're including _IdCat mòbil_ icons in lib/decidim/idcat_mobil for the joy of the developer. They can be used to complement the OAuth2 button or alike.
 
 ## Development

data/lib/omniauth/idcat_mobil/version.rb

@@ -1,5 +1,5 @@
 module Omniauth
   module IdCatMobil
-    VERSION = "0.1.1"
+    VERSION = "0.2.3"
   end
 end

data/lib/omniauth/strategies/idcat_mobil.rb

@@ -12,7 +12,7 @@ module OmniAuth
     # IdCat mòbil references:
     # - https://www.aoc.cat/wp-content/uploads/2016/01/di-valid-1.pdf
     class IdCatMobil < OmniAuth::Strategies::OAuth2
-      # constructor arguments after `app` the first argument that should be a RackApp
+      # constructor arguments after `app`, the first argument, that should be a RackApp
       args [:client_id, :client_secret, :site]
 
       option :name, :idcat_mobil
@@ -70,9 +70,37 @@ module OmniAuth
         super
       end
 
+      # The +request_phase+ is the first phase after the setup/initialization phase.
+      #
+      # It is implemented in the OAuth2 superclass, and does the follwing:
+      # redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(options.authorize_params))
+      # 
+      # We're overriding solely to log.
+      def request_phase
+        idcat_log("In `request_phase`, with params: redirect_uri=>#{callback_url}, options=>#{options.authorize_params}")
+        idcat_log("`request_phase`, redirecting the user to AOC...")
+        super
+      end
+
+      # The +callback_phase+ is the second phase, after the user returns from the authentication provider site.
+      #
+      # The result of the authentication may have ended in error, or success.
+      # In case of success we still have to ask the authentication provider for the access_token.
+      # That's what we do in this callback.
+      def callback_phase
+        idcat_log("In `callback_phase` with request params: #{request.params}")
+        idcat_log("Both should be equal otherwise a 'CSRF detected' error is raised: params state[#{request.params["state"]}] =? [#{session["omniauth.state"]}] session state.")
+        super
+      end
+
       def raw_info
+        idcat_log("Access token response was: #{access_token.response}")
+        idcat_log("Performing getUserInfo...")
         unless @raw_info
-          @raw_info= access_token.get(options.user_info_path).parsed
+          response= access_token.get(options.user_info_path)
+          result= %i(status headers body).collect  {|m| response.send(m)}
+          idcat_log("getUserInfo response status/headers/body: #{result}")
+          @raw_info= response.parsed
           # Logout to avoid problems with IdCat mòbil's cookie session when trying to login again.
           logout_url= URI.join(options.site, "/o/oauth2/logout?token=#{access_token.token}").to_s
           access_token.get(logout_url)
@@ -80,10 +108,23 @@ module OmniAuth
         @raw_info
       end
 
+      # The url where the provider should redirect the users to after authenticating.
       # https://github.com/intridea/omniauth-oauth2/issues/81
       def callback_url
         full_host + script_name + callback_path
       end
+
+      # --------------------------------------------------
+      private
+      # --------------------------------------------------
+
+      def idcat_log(msg)
+        idcat_logger.debug(msg)
+      end
+
+      def idcat_logger
+        @idcat_logger||= defined?(Rails.logger) ? Rails.logger : Logger.new(STDOUT, progname: 'idcat_mobil')
+      end
     end
   end
 end

data/omniauth-idcat_mobil.gemspec

@@ -25,6 +25,6 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "omniauth", "~> 1.5"
   spec.add_dependency "omniauth-oauth2", ">= 1.4.0", "< 2.0"
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", "~> 2.2", ">= 2.2.10"
+  spec.add_development_dependency "rake", "~> 12.3", ">= 12.3.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-idcat_mobil
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.3
 platform: ruby
 authors:
 - Oliver Valls
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-01-28 00:00:00.000000000 Z
+date: 2022-01-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -50,28 +50,40 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.3
 description: Authentication method that uses OAuth 2.0 protocol.
 email:
 - oliver.vh@coditramuntana.com
@@ -80,11 +92,10 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
-- ".travis.yml"
+- ".ruby-version"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
-- Gemfile.lock
 - LICENSE
 - LICENSE.txt
 - README.md
@@ -116,8 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: User registration and login through IdCat mòbil.

data/.travis.yml

@@ -1,7 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.5.1
-before_install: gem install bundler -v 1.16.4

data/Gemfile.lock

@@ -1,61 +0,0 @@
-PATH
-  remote: .
-  specs:
-    omniauth-idcat_mobil (0.1.1)
-      omniauth (~> 1.5)
-      omniauth-oauth2 (>= 1.4.0, < 2.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    diff-lcs (1.3)
-    faraday (0.15.4)
-      multipart-post (>= 1.2, < 3)
-    hashie (3.5.7)
-    jwt (2.1.0)
-    multi_json (1.13.1)
-    multi_xml (0.6.0)
-    multipart-post (2.0.0)
-    oauth2 (1.4.1)
-      faraday (>= 0.8, < 0.16.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.8.1)
-      hashie (>= 3.4.6, < 3.6.0)
-      rack (>= 1.6.2, < 3)
-    omniauth-oauth2 (1.5.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.2)
-    rack (2.0.6)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rake (10.4.2)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.16)
-  omniauth-idcat_mobil!
-  rack (>= 1.6.2)
-  rack-test
-  rake (~> 10.0)
-  rspec (~> 3.0)
-
-BUNDLED WITH
-   1.16.4