omniauth-idcat_mobil 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dbf3f54bf96b95e6be09b01991e5f0cea7c9582c38d62b45c38b559e0e57a289
-  data.tar.gz: 8bef3908b2ea44db626ced6a622e2270358b92249fad23d295ad46de744e7bfd
+  metadata.gz: c8300ff0763d3f698d9554aaea9af39888e587e27ebe5a0932833dccf7540da0
+  data.tar.gz: 17ec09c05d66d34b82ba663b1947d0db218b91bacc47894278eef36bf9b8cf8c
 SHA512:
-  metadata.gz: b1521288cb619e74e7bf7f6b54c5a3fc3781df601e03d13b0eeb96b68666e1c4eef97760508ca7165ce59cadc6101a75419468156d1871c7796c31f6d50f9fe2
-  data.tar.gz: b09d10e923f2c89d65cf872124709e37faba3e14301b9712c37f307328fef80761dd86ad422d0a05987203b917cad1dc42ad907d9a87bad7eccadc27d0782c3b
+  metadata.gz: a96b0fa966251a2ae1e8247e49e811584f6010dce67f7f9931b35d08e9beb31c08ac47c27ee80975e12acc931d6e4e6d3d526fff946c772c81517637c2592743
+  data.tar.gz: a3c684b87be83c364752e7c528e848259003f5a9cd1ab9edaf7e5c93d805e6ef15f78c5a366a8d60b5687eb28c8d2bea16fc65aa8ed7012a1afa7e6d259e8a08

data/.ruby-version

@@ -0,0 +1 @@
+2.7.3

data/CHANGELOG.md

@@ -2,7 +2,11 @@
 
 ## next version:
 
-## Version 0.2.0 (PATCH)
+## Version 0.2.1 (PATCH)
+- Apply security upgrades
+- Add a .ruby-version file
+
+## Version 0.2.0 (MINOR)
 - Remove Gemfile.lock to avoid forcing the versioning of apps using this gem.
 
 ## Version 0.1.1 (PATCH)

data/Gemfile

@@ -6,7 +6,7 @@ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
 gemspec
 
 group :test do
-  gem "rack", ">= 1.6.2"
+  gem "rack", ">= 2.1.4"
   gem "rack-test"
   gem "rspec", "~> 3.0"
 end

data/README.md

@@ -39,6 +39,24 @@ end
 
 `omniauth-idcat_mobil` is a standard OAuth2 strategy. It is based on `omniauth-oauth2` that is just an `omniauth` extension. Thus, you can also integrate it using [`omniauth` integrating guide](https://github.com/omniauth/omniauth).
 
+## Request/callback workflow
+
+This is a quasi standard omniauth Strategy. It is not 100% standard because the standard is to have two phases. A +request_phase+, where our client application delegates the user authentication to the authentication provider (IdCat mòbil in this case), and a +callback_phase+, where the authentication provider invokes our application back with the result of the authentication and we negotiate the final access_token.
+For IdCat mòbil we still need to perform an extra step during the +callback_phase+ to fetch users' data.
+
+### request_phase
+
+`omniauth-idcat_mobil` does not implement this method, instead we rely in the default implementation in `OmniAuth::Strategies::OAuth2`.
+It simply redirects the user to the authentiction provider to authenticate.
+When users finish with the authentication workflow in IdCat mòbil, this authentication provider redirects them to our `callback_phase`.
+
+### callback_phase
+
+This phase starts by checking the result of the authentication in the provider's site.
+When users get authenticated, we still need to negotiate the access_token that we will need to perform extra requests to the provider system.
+The access_token is obtained by performing a POST request to the provider. If this succeeds then we're ready to go and perform te `getUserInfo` request. This request is implemented in the `raw_info` method.
+After a successful `getUserInfo` the superclass of this strategy fills the `info` so that our host application can access it and finishes with its authentication task.
+
 ## Incon assets
 We're including _IdCat mòbil_ icons in lib/decidim/idcat_mobil for the joy of the developer. They can be used to complement the OAuth2 button or alike.
 

data/lib/omniauth/idcat_mobil/version.rb

@@ -1,5 +1,5 @@
 module Omniauth
   module IdCatMobil
-    VERSION = "0.2.0"
+    VERSION = "0.2.1"
   end
 end

data/lib/omniauth/strategies/idcat_mobil.rb

@@ -12,7 +12,7 @@ module OmniAuth
     # IdCat mòbil references:
     # - https://www.aoc.cat/wp-content/uploads/2016/01/di-valid-1.pdf
     class IdCatMobil < OmniAuth::Strategies::OAuth2
-      # constructor arguments after `app` the first argument that should be a RackApp
+      # constructor arguments after `app`, the first argument, that should be a RackApp
       args [:client_id, :client_secret, :site]
 
       option :name, :idcat_mobil
@@ -70,9 +70,37 @@ module OmniAuth
         super
       end
 
+      # The +request_phase+ is the first phase after the setup/initialization phase.
+      #
+      # It is implemented in the OAuth2 superclass, and does the follwing:
+      # redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(options.authorize_params))
+      # 
+      # We're overriding solely to log.
+      def request_phase
+        log("In `request_phase`, with params: redirect_uri=>#{callback_url}, options=>#{options.authorize_params}")
+        log("`request_phase`, redirecting the user to AOC...")
+        super
+      end
+
+      # The +callback_phase+ is the second phase, after the user returns from the authentication provider site.
+      #
+      # The result of the authentication may have ended in error, or success.
+      # In case of success we still have to ask the authentication provider for the access_token.
+      # That's what we do in this callback.
+      def callback_phase
+        log("In `callback_phase` with request params: #{request.params}")
+        log("Both should be equal otherwise a 'CSRF detected' error is raised: params state[#{request.params["state"]}] =? [#{session.delete("omniauth.state")}] session state.")
+        super
+      end
+
       def raw_info
+        log("Access token response was: #{access_token.response}")
+        log("Performing getUserInfo...")
         unless @raw_info
-          @raw_info= access_token.get(options.user_info_path).parsed
+          response= access_token.get(options.user_info_path)
+          result= %i(status headers body).collect  {|m| response.send(m)}
+          log("getUserInfo response status/headers/body: #{result}")
+          @raw_info= response.parsed
           # Logout to avoid problems with IdCat mòbil's cookie session when trying to login again.
           logout_url= URI.join(options.site, "/o/oauth2/logout?token=#{access_token.token}").to_s
           access_token.get(logout_url)
@@ -80,10 +108,19 @@ module OmniAuth
         @raw_info
       end
 
+      # The url where the provider should redirect the users to after authenticating.
       # https://github.com/intridea/omniauth-oauth2/issues/81
       def callback_url
         full_host + script_name + callback_path
       end
+
+      def log(msg)
+        logger.debug(msg)
+      end
+
+      def logger
+        @logger||= defined?(Rails.logger) ? Rails.logger : Logger.new(STDOUT, progname: 'idcat_mobil')
+      end
     end
   end
 end

data/omniauth-idcat_mobil.gemspec

@@ -25,6 +25,6 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "omniauth", "~> 1.5"
   spec.add_dependency "omniauth-oauth2", ">= 1.4.0", "< 2.0"
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", "~> 2.2", ">= 2.2.10"
+  spec.add_development_dependency "rake", "~> 12.3", ">= 12.3.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-idcat_mobil
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Oliver Valls
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-03-29 00:00:00.000000000 Z
+date: 2021-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -50,28 +50,40 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.10
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.3
 description: Authentication method that uses OAuth 2.0 protocol.
 email:
 - oliver.vh@coditramuntana.com
@@ -80,7 +92,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
-- ".travis.yml"
+- ".ruby-version"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -115,8 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: User registration and login through IdCat mòbil.

data/.travis.yml

@@ -1,7 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.5.1
-before_install: gem install bundler -v 1.16.4