omniauth-identity 1.1.0 → 3.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +68 -0
- data/CODE_OF_CONDUCT.md +133 -0
- data/LICENSE +22 -0
- data/README.md +245 -0
- data/lib/omniauth-identity.rb +2 -0
- data/lib/omniauth-identity/version.rb +3 -1
- data/lib/omniauth/identity.rb +7 -6
- data/lib/omniauth/identity/model.rb +20 -17
- data/lib/omniauth/identity/models/active_record.rb +7 -4
- data/lib/omniauth/identity/models/{mongo_mapper.rb → couch_potato.rb} +8 -6
- data/lib/omniauth/identity/models/mongoid.rb +5 -9
- data/lib/omniauth/identity/secure_password.rb +5 -5
- data/lib/omniauth/strategies/identity.rb +64 -28
- data/spec/omniauth/identity/model_spec.rb +62 -55
- data/spec/omniauth/identity/models/active_record_spec.rb +25 -11
- data/spec/omniauth/identity/models/couch_potato_spec.rb +19 -0
- data/spec/omniauth/identity/models/mongoid_spec.rb +17 -9
- data/spec/omniauth/identity/secure_password_spec.rb +12 -12
- data/spec/omniauth/strategies/identity_spec.rb +184 -57
- data/spec/spec_helper.rb +20 -6
- metadata +70 -149
- data/.gitignore +0 -4
- data/.rspec +0 -2
- data/Gemfile +0 -11
- data/Gemfile.lock +0 -143
- data/Guardfile +0 -10
- data/README.markdown +0 -162
- data/Rakefile +0 -9
- data/lib/omniauth/identity/models/data_mapper.rb +0 -32
- data/omniauth-identity.gemspec +0 -31
- data/spec/omniauth/identity/models/data_mapper_spec.rb +0 -22
- data/spec/omniauth/identity/models/mongo_mapper_spec.rb +0 -14
@@ -1,16 +1,30 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
|
-
describe(OmniAuth::Identity::Models::ActiveRecord, :
|
4
|
-
|
5
|
-
|
6
|
-
|
3
|
+
RSpec.describe(OmniAuth::Identity::Models::ActiveRecord, db: true) do
|
4
|
+
describe 'model', type: :model do
|
5
|
+
subject(:model_klass) do
|
6
|
+
AnonymousActiveRecord.generate(
|
7
|
+
parent_klass: 'OmniAuth::Identity::Models::ActiveRecord',
|
8
|
+
columns: %w[name provider],
|
9
|
+
connection_params: { adapter: 'sqlite3', encoding: 'utf8', database: ':memory:' }
|
10
|
+
) do
|
11
|
+
def flower
|
12
|
+
'🌸'
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
7
16
|
|
8
|
-
|
9
|
-
|
10
|
-
|
17
|
+
it 'delegates locate to the where query method' do
|
18
|
+
allow(model_klass).to receive(:where).with('ham_sandwich' => 'open faced', 'category' => 'sandwiches',
|
19
|
+
'provider' => 'identity').and_return(['wakka'])
|
20
|
+
expect(model_klass.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
|
21
|
+
end
|
11
22
|
end
|
12
|
-
|
13
|
-
|
14
|
-
TestIdentity
|
23
|
+
|
24
|
+
describe '#table_name' do
|
25
|
+
class TestIdentity < OmniAuth::Identity::Models::ActiveRecord; end
|
26
|
+
it 'does not use STI rules for its table name' do
|
27
|
+
expect(TestIdentity.table_name).to eq('test_identities')
|
28
|
+
end
|
15
29
|
end
|
16
30
|
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
RSpec.describe(OmniAuth::Identity::Models::CouchPotatoModule, db: true) do
|
4
|
+
class CouchPotatoTestIdentity
|
5
|
+
include CouchPotato::Persistence
|
6
|
+
include OmniAuth::Identity::Models::CouchPotatoModule
|
7
|
+
auth_key :ham_sandwich
|
8
|
+
end
|
9
|
+
|
10
|
+
describe 'model', type: :model do
|
11
|
+
subject { CouchPotatoTestIdentity }
|
12
|
+
|
13
|
+
it 'delegates locate to the where query method' do
|
14
|
+
allow(subject).to receive(:where).with('ham_sandwich' => 'open faced',
|
15
|
+
'category' => 'sandwiches').and_return(['wakka'])
|
16
|
+
expect(subject.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -1,18 +1,26 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
|
-
describe(OmniAuth::Identity::Models::Mongoid, :
|
3
|
+
RSpec.describe(OmniAuth::Identity::Models::Mongoid, db: true) do
|
4
4
|
class MongoidTestIdentity
|
5
5
|
include Mongoid::Document
|
6
6
|
include OmniAuth::Identity::Models::Mongoid
|
7
7
|
auth_key :ham_sandwich
|
8
|
+
store_in database: 'db1', collection: 'mongoid_test_identities', client: 'secondary'
|
8
9
|
end
|
9
10
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
11
|
+
describe 'model', type: :model do
|
12
|
+
subject { MongoidTestIdentity }
|
13
|
+
|
14
|
+
it { is_expected.to be_mongoid_document }
|
15
|
+
|
16
|
+
it 'does not munge collection name' do
|
17
|
+
expect(subject).to be_stored_in(database: 'db1', collection: 'mongoid_test_identities', client: 'secondary')
|
18
|
+
end
|
19
|
+
|
20
|
+
it 'delegates locate to the where query method' do
|
21
|
+
allow(subject).to receive(:where).with('ham_sandwich' => 'open faced',
|
22
|
+
'category' => 'sandwiches').and_return(['wakka'])
|
23
|
+
expect(subject.locate('ham_sandwich' => 'open faced', 'category' => 'sandwiches')).to eq('wakka')
|
24
|
+
end
|
17
25
|
end
|
18
26
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
class HasTheMethod
|
4
4
|
def self.has_secure_password; end
|
@@ -7,21 +7,21 @@ end
|
|
7
7
|
class DoesNotHaveTheMethod
|
8
8
|
end
|
9
9
|
|
10
|
-
describe OmniAuth::Identity::SecurePassword do
|
11
|
-
it '
|
12
|
-
DoesNotHaveTheMethod.
|
13
|
-
DoesNotHaveTheMethod.
|
10
|
+
RSpec.describe OmniAuth::Identity::SecurePassword do
|
11
|
+
it 'extends with the class methods if it does not have the method' do
|
12
|
+
expect(DoesNotHaveTheMethod).to receive(:extend).with(OmniAuth::Identity::SecurePassword::ClassMethods)
|
13
|
+
DoesNotHaveTheMethod.include described_class
|
14
14
|
end
|
15
15
|
|
16
|
-
it '
|
17
|
-
HasTheMethod.
|
18
|
-
HasTheMethod.
|
16
|
+
it 'does not extend if the method is already defined' do
|
17
|
+
expect(HasTheMethod).not_to receive(:extend)
|
18
|
+
HasTheMethod.include described_class
|
19
19
|
end
|
20
20
|
|
21
|
-
it '
|
22
|
-
[HasTheMethod,DoesNotHaveTheMethod].each do |klass|
|
23
|
-
klass.send(:include,
|
24
|
-
klass.
|
21
|
+
it 'responds to has_secure_password afterwards' do
|
22
|
+
[HasTheMethod, DoesNotHaveTheMethod].each do |klass|
|
23
|
+
klass.send(:include, described_class)
|
24
|
+
expect(klass).to be_respond_to(:has_secure_password)
|
25
25
|
end
|
26
26
|
end
|
27
27
|
end
|
@@ -1,128 +1,255 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
describe OmniAuth::Strategies::Identity do
|
3
|
+
RSpec.describe OmniAuth::Strategies::Identity do
|
6
4
|
attr_accessor :app
|
7
5
|
|
8
|
-
let(:auth_hash){ last_response.headers['env']['omniauth.auth'] }
|
9
|
-
let(:identity_hash){ last_response.headers['env']['omniauth.identity'] }
|
6
|
+
let(:auth_hash) { last_response.headers['env']['omniauth.auth'] }
|
7
|
+
let(:identity_hash) { last_response.headers['env']['omniauth.identity'] }
|
8
|
+
let(:identity_options) { {} }
|
9
|
+
let(:anon_ar) do
|
10
|
+
AnonymousActiveRecord.generate(
|
11
|
+
columns: %w[name provider],
|
12
|
+
connection_params: { adapter: 'sqlite3', encoding: 'utf8', database: ':memory:' }
|
13
|
+
) do
|
14
|
+
def balloon
|
15
|
+
'🎈'
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
10
19
|
|
11
20
|
# customize rack app for testing, if block is given, reverts to default
|
12
21
|
# rack app after testing is done
|
13
22
|
def set_app!(identity_options = {})
|
14
|
-
|
15
|
-
old_app = self.app
|
23
|
+
old_app = app
|
16
24
|
self.app = Rack::Builder.app do
|
17
|
-
use Rack::Session::Cookie
|
25
|
+
use Rack::Session::Cookie, secret: '1234567890qwertyuiop'
|
18
26
|
use OmniAuth::Strategies::Identity, identity_options
|
19
|
-
run
|
27
|
+
run ->(env) { [404, { 'env' => env }, ['HELLO!']] }
|
20
28
|
end
|
21
29
|
if block_given?
|
22
30
|
yield
|
23
31
|
self.app = old_app
|
24
32
|
end
|
25
|
-
|
33
|
+
app
|
26
34
|
end
|
27
35
|
|
28
|
-
before
|
29
|
-
|
36
|
+
before do
|
37
|
+
opts = identity_options.reverse_merge({ model: anon_ar })
|
38
|
+
set_app!(opts)
|
30
39
|
end
|
31
40
|
|
32
41
|
describe '#request_phase' do
|
33
|
-
|
34
|
-
|
35
|
-
|
42
|
+
context 'with default settings' do
|
43
|
+
let(:identity_options) { { model: anon_ar } }
|
44
|
+
|
45
|
+
it 'displays a form' do
|
46
|
+
get '/auth/identity'
|
47
|
+
|
48
|
+
expect(last_response.body).not_to eq('HELLO!')
|
49
|
+
expect(last_response.body).to be_include('<form')
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
context 'when login is enabled' do
|
54
|
+
context 'when registration is enabled' do
|
55
|
+
let(:identity_options) { { model: anon_ar, enable_registration: true, enable_login: true } }
|
56
|
+
|
57
|
+
it 'displays a form with a link to register' do
|
58
|
+
get '/auth/identity'
|
59
|
+
|
60
|
+
expect(last_response.body).not_to eq('HELLO!')
|
61
|
+
expect(last_response.body).to be_include('<form')
|
62
|
+
expect(last_response.body).to be_include('<a')
|
63
|
+
expect(last_response.body).to be_include('Create an Identity')
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
context 'when registration is disabled' do
|
68
|
+
let(:identity_options) { { model: anon_ar, enable_registration: false, enable_login: true } }
|
69
|
+
|
70
|
+
it 'displays a form without a link to register' do
|
71
|
+
get '/auth/identity'
|
72
|
+
|
73
|
+
expect(last_response.body).not_to eq('HELLO!')
|
74
|
+
expect(last_response.body).to be_include('<form')
|
75
|
+
expect(last_response.body).not_to be_include('<a')
|
76
|
+
expect(last_response.body).not_to be_include('Create an Identity')
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
context 'when login is disabled' do
|
82
|
+
context 'when registration is enabled' do
|
83
|
+
let(:identity_options) { { model: anon_ar, enable_registration: true, enable_login: false } }
|
84
|
+
|
85
|
+
it 'bypasses registration form' do
|
86
|
+
get '/auth/identity'
|
87
|
+
|
88
|
+
expect(last_response.body).to eq('HELLO!')
|
89
|
+
expect(last_response.body).not_to be_include('<form')
|
90
|
+
expect(last_response.body).not_to be_include('<a')
|
91
|
+
expect(last_response.body).not_to be_include('Create an Identity')
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
context 'when registration is disabled' do
|
96
|
+
let(:identity_options) { { model: anon_ar, enable_registration: false, enable_login: false } }
|
97
|
+
|
98
|
+
it 'displays a form without a link to register' do
|
99
|
+
get '/auth/identity'
|
100
|
+
|
101
|
+
expect(last_response.body).to eq('HELLO!')
|
102
|
+
expect(last_response.body).not_to be_include('<form')
|
103
|
+
expect(last_response.body).not_to be_include('<a')
|
104
|
+
expect(last_response.body).not_to be_include('Create an Identity')
|
105
|
+
end
|
106
|
+
end
|
36
107
|
end
|
37
108
|
end
|
38
109
|
|
39
110
|
describe '#callback_phase' do
|
40
|
-
let(:user){
|
111
|
+
let(:user) { double(uid: 'user1', info: { 'name' => 'Rockefeller' }) }
|
41
112
|
|
42
113
|
context 'with valid credentials' do
|
43
114
|
before do
|
44
|
-
|
45
|
-
|
115
|
+
allow(anon_ar).to receive('auth_key').and_return('email')
|
116
|
+
expect(anon_ar).to receive('authenticate').with({ 'email' => 'john' }, 'awesome').and_return(user)
|
117
|
+
post '/auth/identity/callback', auth_key: 'john', password: 'awesome'
|
46
118
|
end
|
47
119
|
|
48
|
-
it '
|
49
|
-
auth_hash.
|
120
|
+
it 'populates the auth hash' do
|
121
|
+
expect(auth_hash).to be_kind_of(Hash)
|
50
122
|
end
|
51
123
|
|
52
|
-
it '
|
53
|
-
auth_hash['uid'].
|
124
|
+
it 'populates the uid' do
|
125
|
+
expect(auth_hash['uid']).to eq('user1')
|
54
126
|
end
|
55
127
|
|
56
|
-
it '
|
57
|
-
auth_hash['info'].
|
128
|
+
it 'populates the info hash' do
|
129
|
+
expect(auth_hash['info']).to eq({ 'name' => 'Rockefeller' })
|
58
130
|
end
|
59
131
|
end
|
60
132
|
|
61
133
|
context 'with invalid credentials' do
|
62
134
|
before do
|
63
|
-
|
64
|
-
|
65
|
-
|
135
|
+
allow(anon_ar).to receive('auth_key').and_return('email')
|
136
|
+
OmniAuth.config.on_failure = ->(env) { [401, {}, [env['omniauth.error.type'].inspect]] }
|
137
|
+
expect(anon_ar).to receive(:authenticate).with({ 'email' => 'wrong' }, 'login').and_return(false)
|
138
|
+
post '/auth/identity/callback', auth_key: 'wrong', password: 'login'
|
66
139
|
end
|
67
140
|
|
68
|
-
it '
|
69
|
-
last_response.body.
|
141
|
+
it 'fails with :invalid_credentials' do
|
142
|
+
expect(last_response.body).to eq(':invalid_credentials')
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
context 'with auth scopes' do
|
147
|
+
let(:identity_options) do
|
148
|
+
{ model: anon_ar, locate_conditions: lambda { |req|
|
149
|
+
{ model.auth_key => req['auth_key'], 'user_type' => 'admin' }
|
150
|
+
} }
|
151
|
+
end
|
152
|
+
|
153
|
+
it 'evaluates and pass through conditions proc' do
|
154
|
+
allow(anon_ar).to receive('auth_key').and_return('email')
|
155
|
+
expect(anon_ar).to receive('authenticate').with({ 'email' => 'john', 'user_type' => 'admin' },
|
156
|
+
'awesome').and_return(user)
|
157
|
+
post '/auth/identity/callback', auth_key: 'john', password: 'awesome'
|
70
158
|
end
|
71
159
|
end
|
72
160
|
end
|
73
161
|
|
74
162
|
describe '#registration_form' do
|
75
|
-
|
76
|
-
|
77
|
-
|
163
|
+
context 'registration is enabled' do
|
164
|
+
it 'triggers from /auth/identity/register by default' do
|
165
|
+
get '/auth/identity/register'
|
166
|
+
expect(last_response.body).to be_include('Register Identity')
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
context 'registration is disabled' do
|
171
|
+
let(:identity_options) { { model: anon_ar, enable_registration: false } }
|
172
|
+
|
173
|
+
it 'calls app' do
|
174
|
+
get '/auth/identity/register'
|
175
|
+
expect(last_response.body).to be_include('HELLO!')
|
176
|
+
end
|
177
|
+
end
|
178
|
+
|
179
|
+
it 'supports methods other than GET and POST' do
|
180
|
+
head '/auth/identity/register'
|
181
|
+
expect(last_response.status).to eq(404)
|
78
182
|
end
|
79
183
|
end
|
80
184
|
|
81
185
|
describe '#registration_phase' do
|
186
|
+
context 'registration is disabled' do
|
187
|
+
let(:identity_options) { { model: anon_ar, enable_registration: false } }
|
188
|
+
|
189
|
+
it 'calls app' do
|
190
|
+
post '/auth/identity/register'
|
191
|
+
expect(last_response.body).to eq('HELLO!')
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
82
195
|
context 'with successful creation' do
|
83
|
-
let(:properties)
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
196
|
+
let(:properties) do
|
197
|
+
{
|
198
|
+
name: 'Awesome Dude',
|
199
|
+
email: 'awesome@example.com',
|
200
|
+
password: 'face',
|
201
|
+
password_confirmation: 'face',
|
202
|
+
provider: 'identity'
|
203
|
+
}
|
204
|
+
end
|
89
205
|
|
90
206
|
before do
|
91
|
-
|
92
|
-
|
207
|
+
allow(anon_ar).to receive('auth_key').and_return('email')
|
208
|
+
m = double(uid: 'abc', name: 'Awesome Dude', email: 'awesome@example.com',
|
209
|
+
info: { name: 'DUUUUDE!' }, persisted?: true)
|
210
|
+
expect(anon_ar).to receive(:create).with(properties).and_return(m)
|
93
211
|
end
|
94
212
|
|
95
|
-
it '
|
213
|
+
it 'sets the auth hash' do
|
96
214
|
post '/auth/identity/register', properties
|
97
|
-
auth_hash['uid'].
|
215
|
+
expect(auth_hash['uid']).to eq('abc')
|
98
216
|
end
|
99
217
|
end
|
100
218
|
|
101
219
|
context 'with invalid identity' do
|
102
|
-
let(:properties)
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
220
|
+
let(:properties) do
|
221
|
+
{
|
222
|
+
name: 'Awesome Dude',
|
223
|
+
email: 'awesome@example.com',
|
224
|
+
password: 'NOT',
|
225
|
+
password_confirmation: 'MATCHING',
|
226
|
+
provider: 'identity'
|
227
|
+
}
|
228
|
+
end
|
229
|
+
let(:invalid_identity) { double(persisted?: false) }
|
108
230
|
|
109
231
|
before do
|
110
|
-
|
232
|
+
expect(anon_ar).to receive(:create).with(properties).and_return(invalid_identity)
|
111
233
|
end
|
112
234
|
|
113
235
|
context 'default' do
|
114
|
-
it '
|
236
|
+
it 'shows registration form' do
|
115
237
|
post '/auth/identity/register', properties
|
116
|
-
last_response.body.
|
238
|
+
expect(last_response.body).to be_include('Register Identity')
|
117
239
|
end
|
118
240
|
end
|
119
241
|
|
120
242
|
context 'custom on_failed_registration endpoint' do
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
243
|
+
let(:identity_options) do
|
244
|
+
{ model: anon_ar, on_failed_registration: lambda { |env|
|
245
|
+
[404, { 'env' => env }, ["FAIL'DOH!"]]
|
246
|
+
} }
|
247
|
+
end
|
248
|
+
|
249
|
+
it 'sets the identity hash' do
|
250
|
+
post '/auth/identity/register', properties
|
251
|
+
expect(identity_hash).to eq(invalid_identity)
|
252
|
+
expect(last_response.body).to be_include("FAIL'DOH!")
|
126
253
|
end
|
127
254
|
end
|
128
255
|
end
|