omniauth-identity 1.0.0 → 3.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7dcc9a20a3a2b96b6a97f6319eae36df210fed3cea3faa2f2251780e37ac1992
+  data.tar.gz: 1c5644fef5b8e3381063228ef0d9d512db76d4358643d4685f19ea35c7efefe0
+SHA512:
+  metadata.gz: 900adc20c287fd19c5fb1545711a715a5235b51fd5f5cdff9f5e26445efe91e7db7fbdb59035ac64d1621c10b810183ff54beb701e940d6dd8908edb9e15532f
+  data.tar.gz: bb1f0af1551b7f9de8bf3ea602a11780feb2f40390cd752fe201157179d985529ab39df4373803acda4fd1e7927678ed844854ff0493c18d2f527fdc21af3608

data/CHANGELOG.md

@@ -0,0 +1,45 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [3.0] - 2021-02-13
+
+### Added
+- Add option `:enable_login` to bypass OmniAuth disabling of GET method (default `true`)
+  - NOTE: This restores compatibility between this gem and the current, core, omniauth gem!
+- README updates, including a rename to README.md
+- CODE_OF_CONDUCT.md using v2
+- Rubocop
+- Github Actions for Continuous Integration
+- Minimum Ruby version = 2.4
+- Automatically adds "provider" => "identity" when "provider" column is detected
+- Documentation in README.md
+
+### Removed
+- Support for Rubies < 2.4
+- Support for DataMapper, which died long ago.
+- Unwanted git artifacts
+
+## [2.0] - 2020-09-01
+
+### Added
+- CHANGELOG to maintain a history of changes.
+- Include mongoid-rspec gem.
+
+### Changed
+- Fix failing Specs
+- Update Spec syntax to RSpec 3
+- Fix deprecation Warnings
+- Updated mongoid_spec.rb to leverage mongoid-rspec features.
+- Fix security warning about missing secret in session cookie.
+- Dependency version limits so that the most up-to-date gem dependencies are used. (rspec 3+, mongo 2+, mongoid 7+, rake 13+, rack 2+, json 2+)
+- Updated copyright information.
+- Updated MongoMapper section of README to reflect its discontinued support.
+
+### Removed
+- Gemfile.lock file
+- MongoMapper support; unable to satisfy dependencies of both MongoMapper and Mongoig now that MongoMapper is no longer actively maintained.

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,133 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
+at [https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

data/LICENSE

@@ -0,0 +1,21 @@
+Copyright (c) 2020- Andrew Roberts, and Jellybooks Ltd.
+Copyright (c) 2010-2015 Michael Bleigh and Intridea, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,237 @@
+# OmniAuth Identity
+
+The OmniAuth Identity gem provides a way for applications to utilize a
+traditional login/password based authentication system without the need
+to give up the simple authentication flow provided by OmniAuth. Identity
+is designed on purpose to be as featureless as possible: it provides the
+basic construct for user management and then gets out of the way.
+
+## Compatibility
+
+This gem is compatible with, as of Feb 2021:
+• latest released version of omniauth, v2.0.2
+• Ruby 2.4, 2.5, 2.6, 2.7
+
+## Installation
+
+To acquire the latest release from RubyGems add the following to your `Gemfile`:
+
+```ruby
+gem 'omniauth-identity'
+```
+
+If the git repository has new commits not yet in an official release, simply specify the repo instead:
+
+```ruby
+gem 'omniauth-identity', git: 'https://github.com/intridea/omniauth-identity.git'
+```
+
+## Usage
+
+This can be a bit hard to understand the first time. Luckily, Ryan Bates made
+a [Railscast](http://railscasts.com/episodes/304-omniauth-identity) about it!
+
+You use `omniauth-identity` just like you would any other OmniAuth provider: as a
+Rack middleware. In rails, this would be created by an initializer, such as
+`config/initializers/omniauth.rb`. The basic setup for a email/password authentication would look something like this:
+
+```ruby
+use OmniAuth::Builder do
+  provider :identity,                        #mandatory: tells OA that the Identity strategy is being used
+           model: Identity,                  # optional: specifies the name of the "Identity" model. Defaults to "Identity"
+           fields: %i[email custom1 custom2] # optional: list of custom fields that are in the model's table
+end
+```
+
+Next, you need to create a model (called `Identity` by default, or specified
+with `:model` argument above) that will be able to persist the information
+provided by the user. Luckily for you, there are pre-built models for popular
+ORMs that make this dead simple.
+
+**Note:** OmniAuth Identity is different from many other user authentication
+systems in that it is *not* built to store authentication information in your primary
+`User` model. Instead, the `Identity` model should be **associated** with your
+`User` model giving you maximum flexibility to include other authentication
+strategies such as Facebook, Twitter, etc.
+
+### ActiveRecord
+
+Just subclass `OmniAuth::Identity::Models::ActiveRecord` and provide fields
+in the database for all of the fields you are using.
+
+```ruby
+class Identity < OmniAuth::Identity::Models::ActiveRecord
+  auth_key :email    # optional: specifies the field within the model that will be used during the login process
+                     # defaults to email, but may be username, uid, login, etc.
+
+  # Anything else you want!
+end
+```
+
+### Mongoid
+
+Include the `OmniAuth::Identity::Models::Mongoid` mixin and specify
+fields that you will need.
+
+```ruby
+class Identity
+  include Mongoid::Document
+  include OmniAuth::Identity::Models::Mongoid
+
+  field :email, type: String
+  field :name, type: String
+  field :password_digest, type: String
+end
+```
+
+### MongoMapper
+
+Unfortunately MongoMapper is **not supported** in `omniauth-identity` from >= v2.0 as a result of it
+not being maintained for several years.
+
+It wasn't possible to include Mongoid *and* MongoMapper due to incompatible gem version
+requirements. Therefore precedence was given to Mongoid as it is significantly more
+popular and actively maintained.
+
+### DataMapper
+
+Include the `OmniAuth::Identity::Models::DataMapper` mixin and specify
+fields that you will need.
+
+```ruby
+class Identity
+  include DataMapper::Resource
+  include OmniAuth::Identity::Models::DataMapper
+
+  property :id,              Serial
+  property :email,           String
+  property :password_digest, Text
+
+  attr_accessor :password_confirmation
+end
+```
+
+### CouchPotato
+
+Include the `OmniAuth::Identity::Models::CouchPotatoModule` mixin and specify fields that you will need.
+
+```ruby
+class Identity
+  include CouchPotato::Persistence
+  include OmniAuth::Identity::Models::CouchPotatoModule
+
+  property :email
+  property :password_digest
+
+  def self.where(search_hash)
+    CouchPotato.database.view(Identity.by_email(key: search_hash))
+  end
+
+  view :by_email, key: :email
+end
+```
+
+Once you've got an `Identity` persistence model and the strategy up and
+running, you can point users to `/auth/identity` and it will request
+that they log in or give them the opportunity to sign up for an account.
+Once they have authenticated with their identity, OmniAuth will call
+through to `/auth/identity/callback` with the same kinds of information
+it would had the user authenticated through an external provider.
+Simple!
+
+## Custom Auth Model
+
+To use a class other than the default, specify the <tt>:model</tt> option to a
+different class.
+
+```ruby
+use OmniAuth::Builder do
+  provider :identity, fields: [:email], model: MyCustomClass
+end
+```
+
+NOTE: In the above example, `MyCustomClass` must have a class method called `auth_key` that returns
+ the default (`email`) or custom `auth_key` to use.
+
+## Customizing Registration Failure
+
+To use your own custom registration form, create a form that POSTs to
+`/auth/identity/register` with `password`, `password_confirmation`, and your
+other fields.
+
+```erb
+<%= form_tag '/auth/identity/register' do |f| %>
+  <h1>Create an Account</h1>
+  <%= text_field_tag :email %>
+  <%= password_field_tag :password %>
+  <%= password_field_tag :password_confirmation %>
+  <%= submit_tag %>
+<% end %>
+```
+
+Beware not to nest your form parameters within a namespace. This strategy
+looks for the form parameters at the top level of the post params. If you are
+using [simple\_form](https://github.com/plataformatec/simple_form), then you
+can avoid the params nesting by specifying `:input_html`.
+
+```erb
+<%= simple_form_for @identity, :url => '/auth/identity/register' do |f| %>
+  <h1>Create an Account</h1>
+  <%# specify :input_html to avoid params nesting %>
+  <%= f.input :email, :input_html => {:name => 'email'} %>
+  <%= f.input :password, :as => 'password', :input_html => {:name => 'password'} %>
+  <%= f.input :password_confirmation, :label => "Confirm Password", :as => 'password', :input_html => {:name => 'password_confirmation'} %>
+  <button type='submit'>Sign Up</button>
+<% end %>
+```
+
+Next you'll need to let OmniAuth know what action to call when a registration
+fails. In your OmniAuth configuration, specify any valid rack endpoint in the
+`:on_failed_registration` option.
+
+```ruby
+use OmniAuth::Builder do
+  provider :identity,
+           fields: [:email],
+           on_failed_registration: UsersController.action(:new)
+end
+```
+
+For more information on rack endpoints, check out [this
+introduction](http://library.edgecase.com/Rails/2011/01/04/rails-routing-and-rack-endpoints.html)
+and
+[ActionController::Metal](http://rubydoc.info/docs/rails/ActionController/Metal)
+
+## Customizing Locate Conditions
+
+You can customize the way that matching records are found when authenticating.
+For example, for a site with multiple domains, you may wish to scope the search
+within a particular subdomain.  To do so, add :locate_conditions to your config.
+The default value is:
+
+```ruby
+use OmniAuth::Builder do
+  provider :identity,
+           locate_conditions: ->(req) { { model.auth_key => req['auth_key'] } }
+    # ...
+end
+```
+
+`locate_conditions` takes a `Proc` object, and must return a `Hash` object, which will be used
+as the argument to the locate method for your ORM.  The proc is evaluated in the
+callback context, and has access to your `Identity` model (using `model`) and receives the request
+object as a parameter.  Note  that `model.auth_key` defaults to `email`, but is also configurable.
+
+Note: Be careful when customizing `locate_conditions`.  The best way to modify the conditions is
+to copy the default value, and then add to the hash.  Removing the default condition will almost
+always break things!
+
+## License
+
+MIT License. See LICENSE for details.
+
+## Copyright
+
+Copyright (c) 2021 OmniAuth-Identity Maintainers
+Copyright (c) 2020 Peter Boling, Andrew Roberts, and Jellybooks Ltd.
+Copyright (c) 2010-2015 Michael Bleigh, and Intridea, Inc.