omniauth-idcat_mobil 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dbf3f54bf96b95e6be09b01991e5f0cea7c9582c38d62b45c38b559e0e57a289
4
- data.tar.gz: 8bef3908b2ea44db626ced6a622e2270358b92249fad23d295ad46de744e7bfd
3
+ metadata.gz: c8300ff0763d3f698d9554aaea9af39888e587e27ebe5a0932833dccf7540da0
4
+ data.tar.gz: 17ec09c05d66d34b82ba663b1947d0db218b91bacc47894278eef36bf9b8cf8c
5
5
  SHA512:
6
- metadata.gz: b1521288cb619e74e7bf7f6b54c5a3fc3781df601e03d13b0eeb96b68666e1c4eef97760508ca7165ce59cadc6101a75419468156d1871c7796c31f6d50f9fe2
7
- data.tar.gz: b09d10e923f2c89d65cf872124709e37faba3e14301b9712c37f307328fef80761dd86ad422d0a05987203b917cad1dc42ad907d9a87bad7eccadc27d0782c3b
6
+ metadata.gz: a96b0fa966251a2ae1e8247e49e811584f6010dce67f7f9931b35d08e9beb31c08ac47c27ee80975e12acc931d6e4e6d3d526fff946c772c81517637c2592743
7
+ data.tar.gz: a3c684b87be83c364752e7c528e848259003f5a9cd1ab9edaf7e5c93d805e6ef15f78c5a366a8d60b5687eb28c8d2bea16fc65aa8ed7012a1afa7e6d259e8a08
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 2.7.3
data/CHANGELOG.md CHANGED
@@ -2,7 +2,11 @@
2
2
 
3
3
  ## next version:
4
4
 
5
- ## Version 0.2.0 (PATCH)
5
+ ## Version 0.2.1 (PATCH)
6
+ - Apply security upgrades
7
+ - Add a .ruby-version file
8
+
9
+ ## Version 0.2.0 (MINOR)
6
10
  - Remove Gemfile.lock to avoid forcing the versioning of apps using this gem.
7
11
 
8
12
  ## Version 0.1.1 (PATCH)
data/Gemfile CHANGED
@@ -6,7 +6,7 @@ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
6
6
  gemspec
7
7
 
8
8
  group :test do
9
- gem "rack", ">= 1.6.2"
9
+ gem "rack", ">= 2.1.4"
10
10
  gem "rack-test"
11
11
  gem "rspec", "~> 3.0"
12
12
  end
data/README.md CHANGED
@@ -39,6 +39,24 @@ end
39
39
 
40
40
  `omniauth-idcat_mobil` is a standard OAuth2 strategy. It is based on `omniauth-oauth2` that is just an `omniauth` extension. Thus, you can also integrate it using [`omniauth` integrating guide](https://github.com/omniauth/omniauth).
41
41
 
42
+ ## Request/callback workflow
43
+
44
+ This is a quasi standard omniauth Strategy. It is not 100% standard because the standard is to have two phases. A +request_phase+, where our client application delegates the user authentication to the authentication provider (IdCat mòbil in this case), and a +callback_phase+, where the authentication provider invokes our application back with the result of the authentication and we negotiate the final access_token.
45
+ For IdCat mòbil we still need to perform an extra step during the +callback_phase+ to fetch users' data.
46
+
47
+ ### request_phase
48
+
49
+ `omniauth-idcat_mobil` does not implement this method, instead we rely in the default implementation in `OmniAuth::Strategies::OAuth2`.
50
+ It simply redirects the user to the authentiction provider to authenticate.
51
+ When users finish with the authentication workflow in IdCat mòbil, this authentication provider redirects them to our `callback_phase`.
52
+
53
+ ### callback_phase
54
+
55
+ This phase starts by checking the result of the authentication in the provider's site.
56
+ When users get authenticated, we still need to negotiate the access_token that we will need to perform extra requests to the provider system.
57
+ The access_token is obtained by performing a POST request to the provider. If this succeeds then we're ready to go and perform te `getUserInfo` request. This request is implemented in the `raw_info` method.
58
+ After a successful `getUserInfo` the superclass of this strategy fills the `info` so that our host application can access it and finishes with its authentication task.
59
+
42
60
  ## Incon assets
43
61
  We're including _IdCat mòbil_ icons in lib/decidim/idcat_mobil for the joy of the developer. They can be used to complement the OAuth2 button or alike.
44
62
 
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module IdCatMobil
3
- VERSION = "0.2.0"
3
+ VERSION = "0.2.1"
4
4
  end
5
5
  end
@@ -12,7 +12,7 @@ module OmniAuth
12
12
  # IdCat mòbil references:
13
13
  # - https://www.aoc.cat/wp-content/uploads/2016/01/di-valid-1.pdf
14
14
  class IdCatMobil < OmniAuth::Strategies::OAuth2
15
- # constructor arguments after `app` the first argument that should be a RackApp
15
+ # constructor arguments after `app`, the first argument, that should be a RackApp
16
16
  args [:client_id, :client_secret, :site]
17
17
 
18
18
  option :name, :idcat_mobil
@@ -70,9 +70,37 @@ module OmniAuth
70
70
  super
71
71
  end
72
72
 
73
+ # The +request_phase+ is the first phase after the setup/initialization phase.
74
+ #
75
+ # It is implemented in the OAuth2 superclass, and does the follwing:
76
+ # redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(options.authorize_params))
77
+ #
78
+ # We're overriding solely to log.
79
+ def request_phase
80
+ log("In `request_phase`, with params: redirect_uri=>#{callback_url}, options=>#{options.authorize_params}")
81
+ log("`request_phase`, redirecting the user to AOC...")
82
+ super
83
+ end
84
+
85
+ # The +callback_phase+ is the second phase, after the user returns from the authentication provider site.
86
+ #
87
+ # The result of the authentication may have ended in error, or success.
88
+ # In case of success we still have to ask the authentication provider for the access_token.
89
+ # That's what we do in this callback.
90
+ def callback_phase
91
+ log("In `callback_phase` with request params: #{request.params}")
92
+ log("Both should be equal otherwise a 'CSRF detected' error is raised: params state[#{request.params["state"]}] =? [#{session.delete("omniauth.state")}] session state.")
93
+ super
94
+ end
95
+
73
96
  def raw_info
97
+ log("Access token response was: #{access_token.response}")
98
+ log("Performing getUserInfo...")
74
99
  unless @raw_info
75
- @raw_info= access_token.get(options.user_info_path).parsed
100
+ response= access_token.get(options.user_info_path)
101
+ result= %i(status headers body).collect {|m| response.send(m)}
102
+ log("getUserInfo response status/headers/body: #{result}")
103
+ @raw_info= response.parsed
76
104
  # Logout to avoid problems with IdCat mòbil's cookie session when trying to login again.
77
105
  logout_url= URI.join(options.site, "/o/oauth2/logout?token=#{access_token.token}").to_s
78
106
  access_token.get(logout_url)
@@ -80,10 +108,19 @@ module OmniAuth
80
108
  @raw_info
81
109
  end
82
110
 
111
+ # The url where the provider should redirect the users to after authenticating.
83
112
  # https://github.com/intridea/omniauth-oauth2/issues/81
84
113
  def callback_url
85
114
  full_host + script_name + callback_path
86
115
  end
116
+
117
+ def log(msg)
118
+ logger.debug(msg)
119
+ end
120
+
121
+ def logger
122
+ @logger||= defined?(Rails.logger) ? Rails.logger : Logger.new(STDOUT, progname: 'idcat_mobil')
123
+ end
87
124
  end
88
125
  end
89
126
  end
@@ -25,6 +25,6 @@ Gem::Specification.new do |spec|
25
25
 
26
26
  spec.add_dependency "omniauth", "~> 1.5"
27
27
  spec.add_dependency "omniauth-oauth2", ">= 1.4.0", "< 2.0"
28
- spec.add_development_dependency "bundler", "~> 1.16"
29
- spec.add_development_dependency "rake", "~> 10.0"
28
+ spec.add_development_dependency "bundler", "~> 2.2", ">= 2.2.10"
29
+ spec.add_development_dependency "rake", "~> 12.3", ">= 12.3.3"
30
30
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-idcat_mobil
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oliver Valls
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-03-29 00:00:00.000000000 Z
11
+ date: 2021-06-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -50,28 +50,40 @@ dependencies:
50
50
  requirements:
51
51
  - - "~>"
52
52
  - !ruby/object:Gem::Version
53
- version: '1.16'
53
+ version: '2.2'
54
+ - - ">="
55
+ - !ruby/object:Gem::Version
56
+ version: 2.2.10
54
57
  type: :development
55
58
  prerelease: false
56
59
  version_requirements: !ruby/object:Gem::Requirement
57
60
  requirements:
58
61
  - - "~>"
59
62
  - !ruby/object:Gem::Version
60
- version: '1.16'
63
+ version: '2.2'
64
+ - - ">="
65
+ - !ruby/object:Gem::Version
66
+ version: 2.2.10
61
67
  - !ruby/object:Gem::Dependency
62
68
  name: rake
63
69
  requirement: !ruby/object:Gem::Requirement
64
70
  requirements:
65
71
  - - "~>"
66
72
  - !ruby/object:Gem::Version
67
- version: '10.0'
73
+ version: '12.3'
74
+ - - ">="
75
+ - !ruby/object:Gem::Version
76
+ version: 12.3.3
68
77
  type: :development
69
78
  prerelease: false
70
79
  version_requirements: !ruby/object:Gem::Requirement
71
80
  requirements:
72
81
  - - "~>"
73
82
  - !ruby/object:Gem::Version
74
- version: '10.0'
83
+ version: '12.3'
84
+ - - ">="
85
+ - !ruby/object:Gem::Version
86
+ version: 12.3.3
75
87
  description: Authentication method that uses OAuth 2.0 protocol.
76
88
  email:
77
89
  - oliver.vh@coditramuntana.com
@@ -80,7 +92,7 @@ extensions: []
80
92
  extra_rdoc_files: []
81
93
  files:
82
94
  - ".gitignore"
83
- - ".travis.yml"
95
+ - ".ruby-version"
84
96
  - CHANGELOG.md
85
97
  - CODE_OF_CONDUCT.md
86
98
  - Gemfile
@@ -115,8 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
115
127
  - !ruby/object:Gem::Version
116
128
  version: '0'
117
129
  requirements: []
118
- rubyforge_project:
119
- rubygems_version: 2.7.6
130
+ rubygems_version: 3.1.6
120
131
  signing_key:
121
132
  specification_version: 4
122
133
  summary: User registration and login through IdCat mòbil.
data/.travis.yml DELETED
@@ -1,7 +0,0 @@
1
- ---
2
- sudo: false
3
- language: ruby
4
- cache: bundler
5
- rvm:
6
- - 2.5.1
7
- before_install: gem install bundler -v 1.16.4