omniauth-idq 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a7320a2a3724a31a365664d927d3e9b16f301abd0383177930a71ff766457422
+  data.tar.gz: 5ca0d27d47cee961c3fcdc4e494f8d410d2ec7b4f22e746d673189a7a5d8a137
+SHA512:
+  metadata.gz: 193ca66b03b0bad55a4f4e7e13bb7107c58f9d8134d5581fa2e8e8830d21a48a52f721c206423251d322e9805bc954d53e36544320c97c0581f8c21c54e941d8
+  data.tar.gz: 6aaea3e2c768e27c56172ac0cd71c53e9bb698f61317cd79c4173bccbc9149e72e1260f7ee5594919a021328e6cc9486a26640b7727b8517df0c81e1a8ba8173

data/Gemfile

@@ -0,0 +1,5 @@
+source "http://rubygems.org"
+
+gem 'rake'
+# Specify your gem's dependencies in omniauth-idq.gemspec
+gemspec

data/LICENSE.md

@@ -0,0 +1,9 @@
+MIT License
+
+Copyright (c) 2016-2017 inBay Technologies Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,146 @@
+OmniAuth IdQ Strategy
+==============
+
+This gem contains the IdQ strategy for OmniAuth.
+
+For more information about the idQ API: http://idquanta.com/
+
+Usage
+-------------
+
+If you are using rails, you need to add the gem to your `Gemfile`:
+
+    gem 'omniauth-idq'
+
+You can pull in the gem directly from GitHub e.g.:
+
+    gem "omniauth-idq", :git => "git://github.com/inbaytech/omniauth-idq.git"
+
+The gem can be configured with your application specific OAuth2 settings via the  `config/initializers/omniauth.rb` initializer as follows:
+
+```ruby
+OmniAuth.config.logger = Rails.logger
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+   # Configure idQ OAuth2 Provider for OmniAuth
+   provider :idq, 'client_id', 'client_secret', client_options: {}
+end
+```
+
+Note: The file `config/initializers/omniauth.rb` may not exit on your system, please create it.
+
+You can obtain your OAuth2 application credentials consisting of `client_id` and `client_secret`, from your account management console at https://idquanta.com.
+
+
+## Authentication
+After the gem is installed and configured, user authentication follows the standard OmniAuth procedure.
+For the idQ provider, the authentication path is `/auth/idq`.
+
+#### Example
+If you are running a local Rails development server, your authentication URL will likely look like this:
+	http://localhost:3000/auth/idq
+
+#### Further Reading
+More information on OmniAuth can be found at https://github.com/intridea/omniauth
+
+
+Delegated Authorization
+-----------------------
+This module also supports idQ Delegated Authorization.
+
+1. In the controller handling the business logic that requires Delegated Authorization, you first need to make a REST call to the idQ Trust as a Service backend to register your Delegated Authorization request.
+
+2. Retrieve the `push_token` from the REST call response JSON.
+
+3. Redirect the user into a standard OmniAuth flow, together with the `push_token` to trigger the Delegated Authorization logic. You can add additional parameters to the request if you need to remember application state, such as the action or context the Delegated Authorization was triggered in. These Parameters are stored in the OmniAuth `auth_params[]` hash and are available to your callback handler.
+
+#### Example
+The following is an example of an imagined `ItemController` that handles a `GET` request to a specific `item` resource by `id`. Before rendering the view associated with the requested `item`, we first kick off a Delegated Authorization request and wait for authorization approval.
+
+```ruby
+require 'rest-client'
+class ItemController < ApplicationController
+    # GET /item/:id
+    def show
+        # Find item in Database
+        @item = Item.find(item_params[:id])
+
+        # Payload to register Delegated Authorization Request
+        payload = {
+          title: "Authorize Access",
+          message: "#{@current_user.name} is attempting to access #{@item.name}. Please approve or deny this access request.",
+          target: @idQ_ID,
+          client_id: ENV['IDQ_CLIENT_ID'],
+          client_secret: ENV['IDQ_CLIENT_SECRET'],
+          push_id: SecureRandom.uuid,
+        }
+
+        # URL to send REST request to
+        url = ENV['IDQ_BASE_URL'] + ENV['IDQ_DA_REGISTER_PATH']
+
+        # Send REST request to idQ Trust as a Service Backend
+        begin
+          response = RestClient.post url, payload, {content_type: "application/x-www-form-urlencoded"}
+
+          # Retrieve response as JSON
+          rjs = JSON.parse(response)
+
+          # Obtain push token from response JSON
+          pt = rjs['push_token']
+
+          # Redirect the user into a standard OAuth2 flow
+          redirect_to "/auth/idq?push_token=#{pt}&action=item_show&item_id=#{@item.id}" and return
+        rescue
+            flash[:danger] = "Error sending delegated authorization request!"
+            render 'show' and return
+        end
+    end
+end
+```
+
+The following is an implementation of an imagined callback handler that processes the answer to the Delegated Authorization request.  Since the callbacks for both Authentication and Authorization are the same under OmniAuth, the first step is to determine what type of callback is being handled (authentication or authorization).
+
+``` ruby
+class CallbackController < ApplicationController
+
+   # General callback URL handler. Either handle Authentication, or Delegated Authorization.
+   def handle_callback
+      if is_authorization_response?
+         handle_authorization
+      else
+         handle_authentication
+      end
+   end
+
+   # Handler for Delegated Authorization Responses
+   def handle_authorization
+      # ItemController::show
+      if auth_params['action'] == 'item_show'
+         item_id = auth_params['item_id']
+         @item = Item.find(item_id)
+         if is_approved?(auth_hash)
+            render 'show_item' and return
+         else
+            render 'access_denied' and return
+         end
+      end
+   end
+
+   protected
+
+   # Helpers
+   def is_approved?(auth_hash)
+      response_code = auth_hash['extra']['raw_info']['response_code']
+      return response_code == '1'
+   end
+
+   def is_authorization_response?
+      if auth_hash['extra']['raw_info']['response_code']
+         true
+      else
+         false
+      end
+   end
+
+end
+```

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+desc "Run specs"
+RSpec::Core::RakeTask.new
+
+desc 'Default: run specs.'
+task :default => :spec

data/lib/omniauth/strategies/idq.rb

@@ -0,0 +1,112 @@
+require 'omniauth-oauth2'
+require 'multi_json'
+
+# Delegated Authorization Strategy for the OAuth2 client
+module OAuth2
+  module Strategy
+    class DelegatedAuthorization < Base
+      # The required query parameters for the authorize URL
+      # is an exact copy of the same method in the AuthCode Strategy
+      # @param [Hash] params additional query parameters
+      def authorize_params(params = {})
+        params.merge('response_type' => 'code', 'client_id' => @client.id)
+      end
+
+      # The authorization URL endpoint of the provider
+      # Similar to the AuthCode Strategy, but in this case call
+      # Client::delegated_authorization_url() to construct the authorization URL
+      # @param [Hash] params additional query parameters for the URL
+      def authorize_url(params = {})
+        @client.delegated_authorization_url(authorize_params.merge(params))
+      end
+    end
+  end
+end
+
+# Extend the OAuth2 Client with support for our Delegated Authorization Strategy
+module OAuth2
+  class Client
+    # The authorize endpoint URL of the OAuth2 provider
+    # we add support for generating a Delegated Authorization URL
+    # @param [Hash] params additional query parameters
+    def delegated_authorization_url(params = {})
+      params = (params || {}).merge(redirection_params)
+      connection.build_url(options[:delegated_authorization_url], params).to_s
+    end
+
+    # Creates a Delegated Authorization OAuth2 Strategy for the OAuth2 client
+    def delegated_authorization
+      @delegated_authorization ||= OAuth2::Strategy::DelegatedAuthorization.new(self)
+    end
+  end
+end
+
+# OmniAuth::Strategy for idQ extends the standard OmniAuth::OAuth2 Strategy
+module OmniAuth
+  module Strategies
+    class Idq < OmniAuth::Strategies::OAuth2
+      alias_method :request_phase_original, :request_phase
+      # Provider Name
+      option :name, 'idq'
+
+      # Defaults can be overwritten upon initialization of the provider
+      # in src/config/initializers/omniauth.rb
+      option :client_options, {
+        :site => "https://taas.idquanta.com",
+        :token_url => "/idqoauth/api/v1/token",
+        :authorize_url => "/idqoauth/api/v1/auth",
+        :delegated_authorization_url => '/idqoauth/api/v1/pauth'
+      }
+
+      uid {
+        raw_info['username']
+      }
+
+      info do
+        {
+          email: raw_info['email']
+        }
+      end
+
+      extra do
+        {
+          raw_info: raw_info
+        }
+      end
+
+      # Patched request_phase
+      def request_phase
+        # If a push_token was passed in, we want to carry out a delegated authorization
+        if request.params['push_token']
+          redirect client.delegated_authorization.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
+        else
+          # Otherwise proceed with the original omniauth-oauth2 request_phase
+          request_phase_original
+        end
+      end
+
+      # Allow push_token param through
+      def authorize_params
+        super.merge(push_token: request.params['push_token'], response_to: 'delegated_authorization')
+      end
+
+      # Need to patch the original callback_url method
+      # the original puts all params from query_string onto the callback url
+      # idQ does not support this behaviour. However, we need the Omniauth
+      # feature to store k-v pairs from query string in the request.env['omniauth.params']
+      # for handling delegated authorization requests in a stateless fashion.
+      def callback_url
+        full_host + script_name + callback_path
+      end
+
+      private
+
+      # Our custom raw_info method which will make idQ user attributes accessible to Omniauth
+      def raw_info
+        @raw_info ||= MultiJson.decode(access_token.get('/idqoauth/api/v1/user').body)
+      rescue ::Errno::ETIMEDOUT
+        raise ::Timeout::Error
+      end
+    end
+  end
+end

data/lib/omniauth-idq/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Idq
+    VERSION = "1.0.0"
+  end
+end

data/lib/omniauth-idq.rb

@@ -0,0 +1,2 @@
+require "omniauth-idq/version"
+require 'omniauth/strategies/idq'

data/omniauth-idq.gemspec

@@ -0,0 +1,35 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "omniauth-idq/version"
+
+# p OmniAuth::Idq::VERSION
+Gem::Specification.new do |s|
+  s.name        = "omniauth-idq"
+  s.version     = OmniAuth::Idq::VERSION
+  s.authors     = ["inBay Technologies Inc."]
+  s.email       = ["support@inbaytech.com"]
+  s.homepage    = "https://github.com/inbaytech/omniauth-idq"
+  s.summary     = %q{OmniAuth strategy for idQ}
+  s.description = %q{OmniAuth strategy for idQ Trust as a Service}
+  s.license     = "GPL-3.0"
+
+  s.rubyforge_project = "omniauth-idq"
+
+  s.files = Dir[
+              'lib/**/*',
+              'spec/**/*',
+              '*.gemspec',
+              '*.md',
+              'Rakefile',
+              'Gemfile',
+              'LICENSE.md',
+              'README.md'
+            ]
+  s.require_paths = ["lib"]
+
+  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.4'
+  s.add_development_dependency 'rspec', '~> 2.7'
+  s.add_development_dependency 'rack-test', '~> 0'
+  s.add_development_dependency 'simplecov', '~> 0'
+  s.add_development_dependency 'webmock', '~> 0'
+end

data/spec/omniauth/strategies/idq-spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::Idq do
+  subject do
+    OmniAuth::Strategies::Idq.new({})
+  end
+
+  context "client options" do
+    it 'should have correct name' do
+      subject.options.name.should eq("idq")
+    end
+
+    it 'should have correct site' do
+      subject.options.client_options.site.should eq('https://taas.idquanta.com')
+    end
+
+    it 'should have correct authorize url' do
+      subject.options.client_options.authorize_path.should eq('/idqoauth/api/v1/auth)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,15 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'simplecov'
+SimpleCov.start
+require 'rspec'
+require 'rack/test'
+require 'webmock/rspec'
+require 'omniauth'
+require 'omniauth-idq'
+
+RSpec.configure do |config|
+  config.include WebMock::API
+  config.include Rack::Test::Methods
+  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
+end

metadata

@@ -0,0 +1,124 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-idq
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- inBay Technologies Inc.
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-02-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OmniAuth strategy for idQ Trust as a Service
+email:
+- support@inbaytech.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- LICENSE.md
+- README.md
+- Rakefile
+- lib/omniauth-idq.rb
+- lib/omniauth-idq/version.rb
+- lib/omniauth/strategies/idq.rb
+- omniauth-idq.gemspec
+- spec/omniauth/strategies/idq-spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/inbaytech/omniauth-idq
+licenses:
+- GPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: omniauth-idq
+rubygems_version: 2.7.4
+signing_key: 
+specification_version: 4
+summary: OmniAuth strategy for idQ
+test_files: []