omniauth-idcat_mobil 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -0
- data/CHANGELOG.md +5 -1
- data/Gemfile +1 -1
- data/README.md +18 -0
- data/lib/omniauth/idcat_mobil/version.rb +1 -1
- data/lib/omniauth/strategies/idcat_mobil.rb +39 -2
- data/omniauth-idcat_mobil.gemspec +2 -2
- metadata +20 -9
- data/.travis.yml +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c8300ff0763d3f698d9554aaea9af39888e587e27ebe5a0932833dccf7540da0
|
|
4
|
+
data.tar.gz: 17ec09c05d66d34b82ba663b1947d0db218b91bacc47894278eef36bf9b8cf8c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a96b0fa966251a2ae1e8247e49e811584f6010dce67f7f9931b35d08e9beb31c08ac47c27ee80975e12acc931d6e4e6d3d526fff946c772c81517637c2592743
|
|
7
|
+
data.tar.gz: a3c684b87be83c364752e7c528e848259003f5a9cd1ab9edaf7e5c93d805e6ef15f78c5a366a8d60b5687eb28c8d2bea16fc65aa8ed7012a1afa7e6d259e8a08
|
data/.ruby-version
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
2.7.3
|
data/CHANGELOG.md
CHANGED
|
@@ -2,7 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
## next version:
|
|
4
4
|
|
|
5
|
-
## Version 0.2.
|
|
5
|
+
## Version 0.2.1 (PATCH)
|
|
6
|
+
- Apply security upgrades
|
|
7
|
+
- Add a .ruby-version file
|
|
8
|
+
|
|
9
|
+
## Version 0.2.0 (MINOR)
|
|
6
10
|
- Remove Gemfile.lock to avoid forcing the versioning of apps using this gem.
|
|
7
11
|
|
|
8
12
|
## Version 0.1.1 (PATCH)
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -39,6 +39,24 @@ end
|
|
|
39
39
|
|
|
40
40
|
`omniauth-idcat_mobil` is a standard OAuth2 strategy. It is based on `omniauth-oauth2` that is just an `omniauth` extension. Thus, you can also integrate it using [`omniauth` integrating guide](https://github.com/omniauth/omniauth).
|
|
41
41
|
|
|
42
|
+
## Request/callback workflow
|
|
43
|
+
|
|
44
|
+
This is a quasi standard omniauth Strategy. It is not 100% standard because the standard is to have two phases. A +request_phase+, where our client application delegates the user authentication to the authentication provider (IdCat mòbil in this case), and a +callback_phase+, where the authentication provider invokes our application back with the result of the authentication and we negotiate the final access_token.
|
|
45
|
+
For IdCat mòbil we still need to perform an extra step during the +callback_phase+ to fetch users' data.
|
|
46
|
+
|
|
47
|
+
### request_phase
|
|
48
|
+
|
|
49
|
+
`omniauth-idcat_mobil` does not implement this method, instead we rely in the default implementation in `OmniAuth::Strategies::OAuth2`.
|
|
50
|
+
It simply redirects the user to the authentiction provider to authenticate.
|
|
51
|
+
When users finish with the authentication workflow in IdCat mòbil, this authentication provider redirects them to our `callback_phase`.
|
|
52
|
+
|
|
53
|
+
### callback_phase
|
|
54
|
+
|
|
55
|
+
This phase starts by checking the result of the authentication in the provider's site.
|
|
56
|
+
When users get authenticated, we still need to negotiate the access_token that we will need to perform extra requests to the provider system.
|
|
57
|
+
The access_token is obtained by performing a POST request to the provider. If this succeeds then we're ready to go and perform te `getUserInfo` request. This request is implemented in the `raw_info` method.
|
|
58
|
+
After a successful `getUserInfo` the superclass of this strategy fills the `info` so that our host application can access it and finishes with its authentication task.
|
|
59
|
+
|
|
42
60
|
## Incon assets
|
|
43
61
|
We're including _IdCat mòbil_ icons in lib/decidim/idcat_mobil for the joy of the developer. They can be used to complement the OAuth2 button or alike.
|
|
44
62
|
|
|
@@ -12,7 +12,7 @@ module OmniAuth
|
|
|
12
12
|
# IdCat mòbil references:
|
|
13
13
|
# - https://www.aoc.cat/wp-content/uploads/2016/01/di-valid-1.pdf
|
|
14
14
|
class IdCatMobil < OmniAuth::Strategies::OAuth2
|
|
15
|
-
# constructor arguments after `app
|
|
15
|
+
# constructor arguments after `app`, the first argument, that should be a RackApp
|
|
16
16
|
args [:client_id, :client_secret, :site]
|
|
17
17
|
|
|
18
18
|
option :name, :idcat_mobil
|
|
@@ -70,9 +70,37 @@ module OmniAuth
|
|
|
70
70
|
super
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
+
# The +request_phase+ is the first phase after the setup/initialization phase.
|
|
74
|
+
#
|
|
75
|
+
# It is implemented in the OAuth2 superclass, and does the follwing:
|
|
76
|
+
# redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(options.authorize_params))
|
|
77
|
+
#
|
|
78
|
+
# We're overriding solely to log.
|
|
79
|
+
def request_phase
|
|
80
|
+
log("In `request_phase`, with params: redirect_uri=>#{callback_url}, options=>#{options.authorize_params}")
|
|
81
|
+
log("`request_phase`, redirecting the user to AOC...")
|
|
82
|
+
super
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
# The +callback_phase+ is the second phase, after the user returns from the authentication provider site.
|
|
86
|
+
#
|
|
87
|
+
# The result of the authentication may have ended in error, or success.
|
|
88
|
+
# In case of success we still have to ask the authentication provider for the access_token.
|
|
89
|
+
# That's what we do in this callback.
|
|
90
|
+
def callback_phase
|
|
91
|
+
log("In `callback_phase` with request params: #{request.params}")
|
|
92
|
+
log("Both should be equal otherwise a 'CSRF detected' error is raised: params state[#{request.params["state"]}] =? [#{session.delete("omniauth.state")}] session state.")
|
|
93
|
+
super
|
|
94
|
+
end
|
|
95
|
+
|
|
73
96
|
def raw_info
|
|
97
|
+
log("Access token response was: #{access_token.response}")
|
|
98
|
+
log("Performing getUserInfo...")
|
|
74
99
|
unless @raw_info
|
|
75
|
-
|
|
100
|
+
response= access_token.get(options.user_info_path)
|
|
101
|
+
result= %i(status headers body).collect {|m| response.send(m)}
|
|
102
|
+
log("getUserInfo response status/headers/body: #{result}")
|
|
103
|
+
@raw_info= response.parsed
|
|
76
104
|
# Logout to avoid problems with IdCat mòbil's cookie session when trying to login again.
|
|
77
105
|
logout_url= URI.join(options.site, "/o/oauth2/logout?token=#{access_token.token}").to_s
|
|
78
106
|
access_token.get(logout_url)
|
|
@@ -80,10 +108,19 @@ module OmniAuth
|
|
|
80
108
|
@raw_info
|
|
81
109
|
end
|
|
82
110
|
|
|
111
|
+
# The url where the provider should redirect the users to after authenticating.
|
|
83
112
|
# https://github.com/intridea/omniauth-oauth2/issues/81
|
|
84
113
|
def callback_url
|
|
85
114
|
full_host + script_name + callback_path
|
|
86
115
|
end
|
|
116
|
+
|
|
117
|
+
def log(msg)
|
|
118
|
+
logger.debug(msg)
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
def logger
|
|
122
|
+
@logger||= defined?(Rails.logger) ? Rails.logger : Logger.new(STDOUT, progname: 'idcat_mobil')
|
|
123
|
+
end
|
|
87
124
|
end
|
|
88
125
|
end
|
|
89
126
|
end
|
|
@@ -25,6 +25,6 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
|
|
26
26
|
spec.add_dependency "omniauth", "~> 1.5"
|
|
27
27
|
spec.add_dependency "omniauth-oauth2", ">= 1.4.0", "< 2.0"
|
|
28
|
-
spec.add_development_dependency "bundler", "~>
|
|
29
|
-
spec.add_development_dependency "rake", "~>
|
|
28
|
+
spec.add_development_dependency "bundler", "~> 2.2", ">= 2.2.10"
|
|
29
|
+
spec.add_development_dependency "rake", "~> 12.3", ">= 12.3.3"
|
|
30
30
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-idcat_mobil
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oliver Valls
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-06-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth
|
|
@@ -50,28 +50,40 @@ dependencies:
|
|
|
50
50
|
requirements:
|
|
51
51
|
- - "~>"
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
|
-
version: '
|
|
53
|
+
version: '2.2'
|
|
54
|
+
- - ">="
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: 2.2.10
|
|
54
57
|
type: :development
|
|
55
58
|
prerelease: false
|
|
56
59
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
60
|
requirements:
|
|
58
61
|
- - "~>"
|
|
59
62
|
- !ruby/object:Gem::Version
|
|
60
|
-
version: '
|
|
63
|
+
version: '2.2'
|
|
64
|
+
- - ">="
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: 2.2.10
|
|
61
67
|
- !ruby/object:Gem::Dependency
|
|
62
68
|
name: rake
|
|
63
69
|
requirement: !ruby/object:Gem::Requirement
|
|
64
70
|
requirements:
|
|
65
71
|
- - "~>"
|
|
66
72
|
- !ruby/object:Gem::Version
|
|
67
|
-
version: '
|
|
73
|
+
version: '12.3'
|
|
74
|
+
- - ">="
|
|
75
|
+
- !ruby/object:Gem::Version
|
|
76
|
+
version: 12.3.3
|
|
68
77
|
type: :development
|
|
69
78
|
prerelease: false
|
|
70
79
|
version_requirements: !ruby/object:Gem::Requirement
|
|
71
80
|
requirements:
|
|
72
81
|
- - "~>"
|
|
73
82
|
- !ruby/object:Gem::Version
|
|
74
|
-
version: '
|
|
83
|
+
version: '12.3'
|
|
84
|
+
- - ">="
|
|
85
|
+
- !ruby/object:Gem::Version
|
|
86
|
+
version: 12.3.3
|
|
75
87
|
description: Authentication method that uses OAuth 2.0 protocol.
|
|
76
88
|
email:
|
|
77
89
|
- oliver.vh@coditramuntana.com
|
|
@@ -80,7 +92,7 @@ extensions: []
|
|
|
80
92
|
extra_rdoc_files: []
|
|
81
93
|
files:
|
|
82
94
|
- ".gitignore"
|
|
83
|
-
- ".
|
|
95
|
+
- ".ruby-version"
|
|
84
96
|
- CHANGELOG.md
|
|
85
97
|
- CODE_OF_CONDUCT.md
|
|
86
98
|
- Gemfile
|
|
@@ -115,8 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
115
127
|
- !ruby/object:Gem::Version
|
|
116
128
|
version: '0'
|
|
117
129
|
requirements: []
|
|
118
|
-
|
|
119
|
-
rubygems_version: 2.7.6
|
|
130
|
+
rubygems_version: 3.1.6
|
|
120
131
|
signing_key:
|
|
121
132
|
specification_version: 4
|
|
122
133
|
summary: User registration and login through IdCat mòbil.
|