omniauth-idcat_mobil 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.ruby-version +1 -0
- data/CHANGELOG.md +5 -1
- data/Gemfile +1 -1
- data/README.md +18 -0
- data/lib/omniauth/idcat_mobil/version.rb +1 -1
- data/lib/omniauth/strategies/idcat_mobil.rb +39 -2
- data/omniauth-idcat_mobil.gemspec +2 -2
- metadata +20 -9
- data/.travis.yml +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c8300ff0763d3f698d9554aaea9af39888e587e27ebe5a0932833dccf7540da0
|
4
|
+
data.tar.gz: 17ec09c05d66d34b82ba663b1947d0db218b91bacc47894278eef36bf9b8cf8c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a96b0fa966251a2ae1e8247e49e811584f6010dce67f7f9931b35d08e9beb31c08ac47c27ee80975e12acc931d6e4e6d3d526fff946c772c81517637c2592743
|
7
|
+
data.tar.gz: a3c684b87be83c364752e7c528e848259003f5a9cd1ab9edaf7e5c93d805e6ef15f78c5a366a8d60b5687eb28c8d2bea16fc65aa8ed7012a1afa7e6d259e8a08
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.7.3
|
data/CHANGELOG.md
CHANGED
@@ -2,7 +2,11 @@
|
|
2
2
|
|
3
3
|
## next version:
|
4
4
|
|
5
|
-
## Version 0.2.
|
5
|
+
## Version 0.2.1 (PATCH)
|
6
|
+
- Apply security upgrades
|
7
|
+
- Add a .ruby-version file
|
8
|
+
|
9
|
+
## Version 0.2.0 (MINOR)
|
6
10
|
- Remove Gemfile.lock to avoid forcing the versioning of apps using this gem.
|
7
11
|
|
8
12
|
## Version 0.1.1 (PATCH)
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -39,6 +39,24 @@ end
|
|
39
39
|
|
40
40
|
`omniauth-idcat_mobil` is a standard OAuth2 strategy. It is based on `omniauth-oauth2` that is just an `omniauth` extension. Thus, you can also integrate it using [`omniauth` integrating guide](https://github.com/omniauth/omniauth).
|
41
41
|
|
42
|
+
## Request/callback workflow
|
43
|
+
|
44
|
+
This is a quasi standard omniauth Strategy. It is not 100% standard because the standard is to have two phases. A +request_phase+, where our client application delegates the user authentication to the authentication provider (IdCat mòbil in this case), and a +callback_phase+, where the authentication provider invokes our application back with the result of the authentication and we negotiate the final access_token.
|
45
|
+
For IdCat mòbil we still need to perform an extra step during the +callback_phase+ to fetch users' data.
|
46
|
+
|
47
|
+
### request_phase
|
48
|
+
|
49
|
+
`omniauth-idcat_mobil` does not implement this method, instead we rely in the default implementation in `OmniAuth::Strategies::OAuth2`.
|
50
|
+
It simply redirects the user to the authentiction provider to authenticate.
|
51
|
+
When users finish with the authentication workflow in IdCat mòbil, this authentication provider redirects them to our `callback_phase`.
|
52
|
+
|
53
|
+
### callback_phase
|
54
|
+
|
55
|
+
This phase starts by checking the result of the authentication in the provider's site.
|
56
|
+
When users get authenticated, we still need to negotiate the access_token that we will need to perform extra requests to the provider system.
|
57
|
+
The access_token is obtained by performing a POST request to the provider. If this succeeds then we're ready to go and perform te `getUserInfo` request. This request is implemented in the `raw_info` method.
|
58
|
+
After a successful `getUserInfo` the superclass of this strategy fills the `info` so that our host application can access it and finishes with its authentication task.
|
59
|
+
|
42
60
|
## Incon assets
|
43
61
|
We're including _IdCat mòbil_ icons in lib/decidim/idcat_mobil for the joy of the developer. They can be used to complement the OAuth2 button or alike.
|
44
62
|
|
@@ -12,7 +12,7 @@ module OmniAuth
|
|
12
12
|
# IdCat mòbil references:
|
13
13
|
# - https://www.aoc.cat/wp-content/uploads/2016/01/di-valid-1.pdf
|
14
14
|
class IdCatMobil < OmniAuth::Strategies::OAuth2
|
15
|
-
# constructor arguments after `app
|
15
|
+
# constructor arguments after `app`, the first argument, that should be a RackApp
|
16
16
|
args [:client_id, :client_secret, :site]
|
17
17
|
|
18
18
|
option :name, :idcat_mobil
|
@@ -70,9 +70,37 @@ module OmniAuth
|
|
70
70
|
super
|
71
71
|
end
|
72
72
|
|
73
|
+
# The +request_phase+ is the first phase after the setup/initialization phase.
|
74
|
+
#
|
75
|
+
# It is implemented in the OAuth2 superclass, and does the follwing:
|
76
|
+
# redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(options.authorize_params))
|
77
|
+
#
|
78
|
+
# We're overriding solely to log.
|
79
|
+
def request_phase
|
80
|
+
log("In `request_phase`, with params: redirect_uri=>#{callback_url}, options=>#{options.authorize_params}")
|
81
|
+
log("`request_phase`, redirecting the user to AOC...")
|
82
|
+
super
|
83
|
+
end
|
84
|
+
|
85
|
+
# The +callback_phase+ is the second phase, after the user returns from the authentication provider site.
|
86
|
+
#
|
87
|
+
# The result of the authentication may have ended in error, or success.
|
88
|
+
# In case of success we still have to ask the authentication provider for the access_token.
|
89
|
+
# That's what we do in this callback.
|
90
|
+
def callback_phase
|
91
|
+
log("In `callback_phase` with request params: #{request.params}")
|
92
|
+
log("Both should be equal otherwise a 'CSRF detected' error is raised: params state[#{request.params["state"]}] =? [#{session.delete("omniauth.state")}] session state.")
|
93
|
+
super
|
94
|
+
end
|
95
|
+
|
73
96
|
def raw_info
|
97
|
+
log("Access token response was: #{access_token.response}")
|
98
|
+
log("Performing getUserInfo...")
|
74
99
|
unless @raw_info
|
75
|
-
|
100
|
+
response= access_token.get(options.user_info_path)
|
101
|
+
result= %i(status headers body).collect {|m| response.send(m)}
|
102
|
+
log("getUserInfo response status/headers/body: #{result}")
|
103
|
+
@raw_info= response.parsed
|
76
104
|
# Logout to avoid problems with IdCat mòbil's cookie session when trying to login again.
|
77
105
|
logout_url= URI.join(options.site, "/o/oauth2/logout?token=#{access_token.token}").to_s
|
78
106
|
access_token.get(logout_url)
|
@@ -80,10 +108,19 @@ module OmniAuth
|
|
80
108
|
@raw_info
|
81
109
|
end
|
82
110
|
|
111
|
+
# The url where the provider should redirect the users to after authenticating.
|
83
112
|
# https://github.com/intridea/omniauth-oauth2/issues/81
|
84
113
|
def callback_url
|
85
114
|
full_host + script_name + callback_path
|
86
115
|
end
|
116
|
+
|
117
|
+
def log(msg)
|
118
|
+
logger.debug(msg)
|
119
|
+
end
|
120
|
+
|
121
|
+
def logger
|
122
|
+
@logger||= defined?(Rails.logger) ? Rails.logger : Logger.new(STDOUT, progname: 'idcat_mobil')
|
123
|
+
end
|
87
124
|
end
|
88
125
|
end
|
89
126
|
end
|
@@ -25,6 +25,6 @@ Gem::Specification.new do |spec|
|
|
25
25
|
|
26
26
|
spec.add_dependency "omniauth", "~> 1.5"
|
27
27
|
spec.add_dependency "omniauth-oauth2", ">= 1.4.0", "< 2.0"
|
28
|
-
spec.add_development_dependency "bundler", "~>
|
29
|
-
spec.add_development_dependency "rake", "~>
|
28
|
+
spec.add_development_dependency "bundler", "~> 2.2", ">= 2.2.10"
|
29
|
+
spec.add_development_dependency "rake", "~> 12.3", ">= 12.3.3"
|
30
30
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-idcat_mobil
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Oliver Valls
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-06-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth
|
@@ -50,28 +50,40 @@ dependencies:
|
|
50
50
|
requirements:
|
51
51
|
- - "~>"
|
52
52
|
- !ruby/object:Gem::Version
|
53
|
-
version: '
|
53
|
+
version: '2.2'
|
54
|
+
- - ">="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: 2.2.10
|
54
57
|
type: :development
|
55
58
|
prerelease: false
|
56
59
|
version_requirements: !ruby/object:Gem::Requirement
|
57
60
|
requirements:
|
58
61
|
- - "~>"
|
59
62
|
- !ruby/object:Gem::Version
|
60
|
-
version: '
|
63
|
+
version: '2.2'
|
64
|
+
- - ">="
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: 2.2.10
|
61
67
|
- !ruby/object:Gem::Dependency
|
62
68
|
name: rake
|
63
69
|
requirement: !ruby/object:Gem::Requirement
|
64
70
|
requirements:
|
65
71
|
- - "~>"
|
66
72
|
- !ruby/object:Gem::Version
|
67
|
-
version: '
|
73
|
+
version: '12.3'
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: 12.3.3
|
68
77
|
type: :development
|
69
78
|
prerelease: false
|
70
79
|
version_requirements: !ruby/object:Gem::Requirement
|
71
80
|
requirements:
|
72
81
|
- - "~>"
|
73
82
|
- !ruby/object:Gem::Version
|
74
|
-
version: '
|
83
|
+
version: '12.3'
|
84
|
+
- - ">="
|
85
|
+
- !ruby/object:Gem::Version
|
86
|
+
version: 12.3.3
|
75
87
|
description: Authentication method that uses OAuth 2.0 protocol.
|
76
88
|
email:
|
77
89
|
- oliver.vh@coditramuntana.com
|
@@ -80,7 +92,7 @@ extensions: []
|
|
80
92
|
extra_rdoc_files: []
|
81
93
|
files:
|
82
94
|
- ".gitignore"
|
83
|
-
- ".
|
95
|
+
- ".ruby-version"
|
84
96
|
- CHANGELOG.md
|
85
97
|
- CODE_OF_CONDUCT.md
|
86
98
|
- Gemfile
|
@@ -115,8 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
115
127
|
- !ruby/object:Gem::Version
|
116
128
|
version: '0'
|
117
129
|
requirements: []
|
118
|
-
|
119
|
-
rubygems_version: 2.7.6
|
130
|
+
rubygems_version: 3.1.6
|
120
131
|
signing_key:
|
121
132
|
specification_version: 4
|
122
133
|
summary: User registration and login through IdCat mòbil.
|