omniauth-identity2 2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: bb5929b5167f886ce7506dab9ce452f408531e223bb7e9725dc62bd8347aaf01
+  data.tar.gz: 0377e7d4165f313242b861522fbc091c0c40cd071494057ed8a19dd83dc356cc
+SHA512:
+  metadata.gz: 3e1b5bfb087f5f8ec49cfb742db648147d2314efe5c0681cddc17145c0d4fa42b7a622da0da75e7326648b8fac6a4875517f9ec665e617f4825ab68413d88d18
+  data.tar.gz: cc5c59485b9c5c19d2d1e7213c90a55776705a3cb10c63d68384bbb5c7924e5e218476ff18af5637d8671d2197d04b4033253107bc5da6d32d5cccfd356bbd9e

data/.gitignore

@@ -0,0 +1,8 @@
+/coverage
+/pkg
+/doc
+
+Gemfile.lock
+
+.ruby-version
+.ruby-gemset

data/.rspec

@@ -0,0 +1,3 @@
+--require spec_helper
+--format=documentation
+--colour

data/CHANGELOG.md

@@ -0,0 +1,27 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+Note: this project forked `omniauth-identity` at v1.1.1. This project's *first* version is v2.0.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [2.0] - 2020-08-31
+
+### Added 
+- CHANGELOG to maintain a history of changes.
+- Include mongoid-rspec gem.
+
+### Changed
+- Updated README to include information about the reasoning and aims of the fork.
+- Updated all references of the gem name to `omniauth-identity2`.
+- Updated copyright information.
+- Updated spec syntax from RSpec v2 -> v3.
+- Updated mongoid_spec.rb to leverage mongoid-rspec features.
+- Fix security warning about missing secret in session cookie.
+
+### Removed
+- Gemfile.lock file
+- Dependency version limits so that the most up-to-date gem dependencies are used.
+- MongoMapper support; unable to satisfy dependencies of both MongoMapper and Mongoig now that MongoMapper is no longer actively maintained.

data/Gemfile

@@ -0,0 +1,13 @@
+source "http://rubygems.org"
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+gemspec
+
+group :development, :test do
+  gem 'mongoid-rspec', github: 'mongoid/mongoid-rspec'
+  gem 'guard'
+  gem 'guard-rspec'
+  gem 'guard-bundler'
+  gem 'growl'
+  gem 'rb-fsevent'
+end

data/Guardfile

@@ -0,0 +1,10 @@
+guard 'rspec', :version => 2 do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end
+
+guard 'bundler' do
+  watch('Gemfile')
+  watch(/^.+\.gemspec/)
+end

data/LICENSE

@@ -0,0 +1,21 @@
+Copyright (c) 2020- Andrew Roberts, and Jellybooks Ltd.
+Copyright (c) 2010-2015 Michael Bleigh and Intridea, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,240 @@
+# OmniAuth Identity2 (fork of omniauth-identity)
+
+The OmniAuth Identity2 gem provides a way for applications to utilize a
+traditional login/password based authentication system without the need
+to give up the simple authentication flow provided by OmniAuth. Identity
+is designed on purpose to be as featureless as possible: it provides the
+basic construct for user management and then gets out of the way.
+
+## Note about this fork
+
+The official `omniauth-identity` gem has gone stale. With no disrespect 
+to the maintainers who have generously volunteered their time and energy, 
+they appear to have moved on and are not responding to issues and pull 
+requests, or offers to add additional maintainers to the main project.
+
+Whilst the original `omniauth-identity` still *works* per se, primiarly 
+because it's relatively small and simple piece of code, there are 
+inevitably small issues that need attending to, especially security updates 
+to dependencies.
+
+Therefore, the goal of this repository is to create a new home for a modern, 
+yet **compatible** version of the identity strategy, where issues can be raised 
+and addressed, and contributions welcome.
+
+The new name of **omniauth-identity2** is to allow for the code to be distributed
+via RubyGems, whilst being familiar enough so that developers will realise
+that it's an up-to-date version of the `omniauth-identity` gem.
+
+
+### Compatibility with omniauth-identity
+
+The goal is to maintain backward compatibility as closely as possible so that 
+developers need only change a single entry in their gemfile to 
+`omniauth-identity2` and existing code will work.
+
+However, the Ruby ecosystem has evolved since 2010 when the upstream repo was 
+created and there instances where it may be necessary to drop support for
+integrations that are no longer maintained. For example, MongoMapper integration
+has been removed from this gem.
+
+If and when new features are added they will be labelled as omniauth-identity2 
+specific.
+
+
+## Usage
+
+This can be a bit hard to understand the first time. Luckily, Ryan Bates made
+a [Railscast](http://railscasts.com/episodes/304-omniauth-identity) about it!
+
+You use `omniauth-identity2` just like you would any other OmniAuth provider: as a
+Rack middleware. The basic setup for a email/password authentication would
+look something like this:
+
+```ruby
+use OmniAuth::Builder do
+  provider :identity, :fields => [:email]
+end
+```
+
+Next, you need to create a model (called `Identity by default`) that will be
+able to persist the information provided by the user. Luckily for you, there
+are pre-built models for popular ORMs that make this dead simple.
+
+**Note:** OmniAuth Identity is different from many other user authentication
+systems in that it is *not* built to store authentication information in your primary
+`User` model. Instead, the `Identity` model should be **associated** with your
+`User` model giving you maximum flexibility to include other authentication
+strategies such as Facebook, Twitter, etc.
+
+### ActiveRecord
+
+Just subclass `OmniAuth::Identity::Models::ActiveRecord` and provide fields
+in the database for all of the fields you are using.
+
+```ruby
+class Identity < OmniAuth::Identity::Models::ActiveRecord
+  # Add whatever you like!
+end
+```
+
+### Mongoid
+
+Include the `OmniAuth::Identity::Models::Mongoid` mixin and specify
+fields that you will need.
+
+```ruby
+class Identity
+  include Mongoid::Document
+  include OmniAuth::Identity::Models::Mongoid
+
+  field :email, type: String
+  field :name, type: String
+  field :password_digest, type: String
+end
+```
+
+### MongoMapper
+
+Unfortunately MongoMapper is **not supported** in `omniauth-identity2` as a result of it 
+not being maintained for several years.
+
+It wasn't possible to include Mongoid *and* MongoMapper due to incompatible gem version 
+requirements. Therefore precedence was given to Mongoid as it is significantly more 
+popular and actively maintained. 
+
+### DataMapper
+
+Include the `OmniAuth::Identity::Models::DataMapper` mixin and specify
+fields that you will need.
+
+```ruby
+class Identity
+  include DataMapper::Resource
+  include OmniAuth::Identity::Models::DataMapper
+
+  property :id,              Serial
+  property :email,           String
+  property :password_digest, Text
+
+  attr_accessor :password_confirmation
+
+end
+```
+
+### CouchPotato
+
+Include the `OmniAuth::Identity::Models::CouchPotatoModule` mixin and specify fields that you will need.
+
+```ruby
+class Identity
+  include CouchPotato::Persistence
+  include OmniAuth::Identity::Models::CouchPotatoModule
+
+  property :email
+  property :password_digest
+
+  def self.where search_hash
+    CouchPotato.database.view Identity.by_email(:key => search_hash)
+  end
+
+  view :by_email, :key => :email
+end
+```
+
+Once you've got an Identity persistence model and the strategy up and
+running, you can point users to `/auth/identity` and it will request
+that they log in or give them the opportunity to sign up for an account.
+Once they have authenticated with their identity, OmniAuth will call
+through to `/auth/identity/callback` with the same kinds of information
+it would had the user authenticated through an external provider.
+Simple!
+
+## Custom Auth Model
+
+To use a class other than the default, specify the <tt>:model</tt> option to a
+different class.
+
+```ruby
+use OmniAuth::Builder do
+  provider :identity, :fields => [:email], :model => MyCustomClass
+end
+```
+
+## Customizing Registration Failure
+
+To use your own custom registration form, create a form that POSTs to
+'/auth/identity/register' with 'password', 'password_confirmation', and your
+other fields.
+
+```erb
+<%= form_tag '/auth/identity/register' do |f| %>
+  <h1>Create an Account</h1>
+  <%= text_field_tag :email %>
+  <%= password_field_tag :password %>
+  <%= password_field_tag :password_confirmation %>
+  <%= submit_tag %>
+<% end %>
+```
+
+Beware not to nest your form parameters within a namespace. This strategy
+looks for the form parameters at the top level of the post params. If you are
+using [simple\_form](https://github.com/plataformatec/simple_form), then you
+can avoid the params nesting by specifying <tt>:input_html</tt>.
+
+```erb
+<%= simple_form_for @identity, :url => '/auth/identity/register' do |f| %>
+  <h1>Create an Account</h1>
+  <%# specify :input_html to avoid params nesting %>
+  <%= f.input :email, :input_html => {:name => 'email'} %>
+  <%= f.input :password, :as => 'password', :input_html => {:name => 'password'} %>
+  <%= f.input :password_confirmation, :label => "Confirm Password", :as => 'password', :input_html => {:name => 'password_confirmation'} %>
+  <button type='submit'>Sign Up</button>
+<% end %>
+```
+
+Next you'll need to let OmniAuth know what action to call when a registration
+fails. In your OmniAuth configuration, specify any valid rack endpoint in the
+<tt>:on_failed_registration</tt> option.
+
+```ruby
+use OmniAuth::Builder do
+  provider :identity,
+    :fields => [:email],
+    :on_failed_registration => UsersController.action(:new)
+end
+```
+
+For more information on rack endpoints, check out [this
+introduction](http://library.edgecase.com/Rails/2011/01/04/rails-routing-and-rack-endpoints.html)
+and
+[ActionController::Metal](http://rubydoc.info/docs/rails/ActionController/Metal)
+
+## Customizing Locate Conditions
+
+You can customize the way that matching records are found when authenticating.
+For example, for a site with multiple domains, you may wish to scope the search
+within a particular subdomain.  To do so, add :locate_conditions to your config.
+The default value is:
+
+```ruby
+:locate_conditions => lambda { |req| { model.auth_key => req['auth_key']} }
+```
+
+locate_conditions takes a Proc object, and must return a hash.  The resulting hash is used
+as a parameter in the locate method for your ORM.  The proc is evaluated in the
+callback context, and has access to the Identity model (using `model`) and receives the request
+object as a parameter.  Note  that model.auth_key defaults to 'email', but is also configurable.
+
+Note: Be careful when customizing locate_conditions.  The best way to modify the conditions is
+to copy the default value, and then add to the hash.  Removing the default condition will almost
+always break things!
+
+## License
+
+MIT License. See LICENSE for details.
+
+## Copyright
+
+Copyright (c) 2020- Andrew Roberts, and Jellybooks Ltd.
+Copyright (c) 2010-2015 Michael Bleigh, and Intridea, Inc.

data/Rakefile

@@ -0,0 +1,9 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core/rake_task'
+desc "Run specs."
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec
+task :test => :spec

data/lib/omniauth-identity.rb

@@ -0,0 +1,2 @@
+require 'omniauth-identity/version'
+require 'omniauth/identity'

data/lib/omniauth-identity/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Identity
+    VERSION = '2.0'
+  end
+end

data/lib/omniauth/identity.rb

@@ -0,0 +1,18 @@
+require 'omniauth'
+
+module OmniAuth
+  module Strategies
+    autoload :Identity, 'omniauth/strategies/identity'
+  end
+
+  module Identity
+    autoload :Model,               'omniauth/identity/model'
+    autoload :SecurePassword,      'omniauth/identity/secure_password'
+    module Models
+      autoload :ActiveRecord,      'omniauth/identity/models/active_record'
+      autoload :Mongoid,           'omniauth/identity/models/mongoid'
+      autoload :DataMapper,        'omniauth/identity/models/data_mapper'
+      autoload :CouchPotatoModule, 'omniauth/identity/models/couch_potato'
+    end
+  end
+end

data/lib/omniauth/identity/model.rb

@@ -0,0 +1,116 @@
+module OmniAuth
+  module Identity
+    # This module provides an includable interface for implementing the
+    # necessary API for OmniAuth Identity to properly locate identities
+    # and provide all necessary information. All methods marked as
+    # abstract must be implemented in the including class for things to
+    # work properly.
+    module Model
+      def self.included(base)
+        base.extend ClassMethods
+      end
+
+      module ClassMethods
+        # Locate an identity given its unique login key.
+        #
+        # @abstract
+        # @param [String] key The unique login key.
+        # @return [Model] An instance of the identity model class.
+        def locate(key)
+          raise NotImplementedError
+        end
+
+        # Authenticate a user with the given key and password.
+        #
+        # @param [String] key The unique login key provided for a given identity.
+        # @param [String] password The presumed password for the identity.
+        # @return [Model] An instance of the identity model class.
+        def authenticate(conditions, password)
+          instance = locate(conditions)
+          return false unless instance
+          instance.authenticate(password)
+        end
+
+        # Used to set or retrieve the method that will be used to get
+        # and set the user-supplied authentication key.
+        # @return [String] The method name.
+        def auth_key(method = false)
+          @auth_key = method.to_s unless method == false
+          @auth_key = nil if @auth_key == ''
+
+          @auth_key || 'email'
+        end
+      end
+
+      # Returns self if the provided password is correct, false
+      # otherwise.
+      #
+      # @abstract
+      # @param [String] password The password to check.
+      # @return [self or false] Self if authenticated, false if not.
+      def authenticate(password)
+        raise NotImplementedError
+      end
+
+      SCHEMA_ATTRIBUTES = %w(name email nickname first_name last_name location description image phone)
+      # A hash of as much of the standard OmniAuth schema as is stored
+      # in this particular model. By default, this will call instance
+      # methods for each of the attributes it needs in turn, ignoring
+      # any for which `#respond_to?` is `false`.
+      #
+      # If `first_name`, `nickname`, and/or `last_name` is provided but 
+      # `name` is not, it will be automatically calculated.
+      #
+      # @return [Hash] A string-keyed hash of user information.
+      def info
+        info = SCHEMA_ATTRIBUTES.inject({}) do |hash,attribute|
+          hash[attribute] = send(attribute) if respond_to?(attribute)
+          hash
+        end
+        info
+      end
+
+      # An identifying string that must be globally unique to the
+      # application. Defaults to stringifying the `id` method.
+      #
+      # @return [String] An identifier string unique to this identity.
+      def uid
+        if respond_to?(:id)
+          return nil if self.id.nil?
+          self.id.to_s
+        else
+          raise NotImplementedError 
+        end
+      end
+
+      # Used to retrieve the user-supplied authentication key (e.g. a
+      # username or email). Determined using the class method of the same name,
+      # defaults to `:email`. 
+      #
+      # @return [String] An identifying string that will be entered by
+      #   users upon sign in.
+      def auth_key
+        if respond_to?(self.class.auth_key.to_sym)
+          send(self.class.auth_key)
+        else
+          raise NotImplementedError
+        end
+      end
+
+      # Used to set the user-supplied authentication key (e.g. a
+      # username or email. Determined using the `.auth_key` class
+      # method.
+      #
+      # @param [String] value The value to which the auth key should be
+      #   set.
+      def auth_key=(value)
+        auth_key_setter = (self.class.auth_key + '=').to_sym
+        if respond_to?(auth_key_setter)
+          send(auth_key_setter, value)
+        else
+          raise NotImplementedError
+        end
+      end
+    end
+  end
+end