omniauth-kaeuferportal 1.1.1 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -0
- data/lib/omniauth-kaeuferportal/version.rb +1 -1
- data/lib/omniauth/strategies/kaeuferportal.rb +16 -149
- data/omniauth-kaeuferportal.gemspec +4 -4
- data/spec/omniauth/strategies/kaeuferportal_spec.rb +9 -41
- metadata +16 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2eec2b5e9cebd38de5040785ba8abf6063063182
|
|
4
|
+
data.tar.gz: 37c165ae4d8cd0b61e62240f4f4660e445cd85be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b2355a12cbef27173fa138dd42976c86560df925872d98dc5248003f529fb5f78000350f68530b9bca16476f11229f2015d1bb709e11b937ed5211de4cd8cd72
|
|
7
|
+
data.tar.gz: b01330608621f32fb507102e0455a108d7ae15eb117c2d89fd8e68128f6d9b191746c0ac131547d8e2120a059fcaa1ca6a510904a48beb093fb5d970bbf69a38
|
data/README.md
CHANGED
|
@@ -1,169 +1,36 @@
|
|
|
1
|
-
require '
|
|
2
|
-
require 'uri'
|
|
3
|
-
require 'oauth2'
|
|
4
|
-
require 'omniauth'
|
|
5
|
-
require 'timeout'
|
|
6
|
-
require 'securerandom'
|
|
7
|
-
|
|
8
|
-
module OAuth2
|
|
9
|
-
class Client
|
|
10
|
-
def get_token(params, access_token_opts={})
|
|
11
|
-
opts = {:raise_errors => true, :parse => params.delete(:parse)}
|
|
12
|
-
if options[:token_method] == :post
|
|
13
|
-
opts[:body] = params
|
|
14
|
-
opts[:headers] = {
|
|
15
|
-
'Content-Type' => 'application/x-www-form-urlencoded',
|
|
16
|
-
'Accept-Encoding' => ''
|
|
17
|
-
}
|
|
18
|
-
else
|
|
19
|
-
opts[:params] = params
|
|
20
|
-
end
|
|
21
|
-
response = request(options[:token_method], token_url, opts)
|
|
22
|
-
raise Error.new(response) unless response.body['access_token']
|
|
23
|
-
opts = {
|
|
24
|
-
:access_token => response.body.split("=")[1],
|
|
25
|
-
:param_name => 'token'
|
|
26
|
-
}
|
|
27
|
-
AccessToken.from_hash(self, opts.merge(access_token_opts))
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
end
|
|
1
|
+
require 'omniauth/strategies/oauth2'
|
|
31
2
|
|
|
32
3
|
module OmniAuth
|
|
33
4
|
module Strategies
|
|
34
|
-
|
|
35
|
-
# the [OAuth 2.0 Specification](http://tools.ietf.org/html/draft-ietf-oauth-v2-10).
|
|
36
|
-
# You must generally register your application with the provider and
|
|
37
|
-
# utilize an application id and secret in order to authenticate using
|
|
38
|
-
# OAuth 2.0.
|
|
39
|
-
class Kaeuferportal
|
|
40
|
-
include OmniAuth::Strategy
|
|
41
|
-
|
|
42
|
-
args [:client_id, :client_secret]
|
|
43
|
-
|
|
5
|
+
class Kaeuferportal < OmniAuth::Strategies::OAuth2
|
|
44
6
|
option :name, "kaeuferportal"
|
|
45
|
-
option :client_id, nil
|
|
46
|
-
option :client_secret, nil
|
|
47
|
-
option :authorize_params, {}
|
|
48
|
-
option :authorize_options, [:scope]
|
|
49
|
-
option :token_params, {}
|
|
50
|
-
option :token_options, []
|
|
51
7
|
option :client_options, {
|
|
52
|
-
:
|
|
53
|
-
:
|
|
54
|
-
:
|
|
8
|
+
site: 'https://auth.kaeuferportal.de',
|
|
9
|
+
authorize_url: '/oauth/authorize',
|
|
10
|
+
token_url: '/oauth/token'
|
|
55
11
|
}
|
|
56
12
|
|
|
57
|
-
|
|
58
|
-
attr_accessor :access_token
|
|
59
|
-
|
|
60
|
-
def client
|
|
61
|
-
::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
def callback_url
|
|
65
|
-
full_host + script_name + callback_path
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
credentials do
|
|
69
|
-
hash = {'token' => access_token.token}
|
|
70
|
-
hash.merge!('refresh_token' => access_token.refresh_token) if access_token.expires? && access_token.refresh_token
|
|
71
|
-
hash.merge!('expires_at' => access_token.expires_at) if access_token.expires?
|
|
72
|
-
hash.merge!('expires' => access_token.expires?)
|
|
73
|
-
hash
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
def request_phase
|
|
77
|
-
redirect client.auth_code.authorize_url({:redirect_url => callback_url}.merge(authorize_params))
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
def authorize_params
|
|
81
|
-
if options.authorize_params[:state].to_s.empty?
|
|
82
|
-
options.authorize_params[:state] = SecureRandom.hex(24)
|
|
83
|
-
end
|
|
84
|
-
params = options.authorize_params.merge(options.authorize_options.inject({}){|h,k| h[k.to_sym] = options[k] if options[k]; h})
|
|
85
|
-
if OmniAuth.config.test_mode
|
|
86
|
-
@env ||= {}
|
|
87
|
-
@env['rack.session'] ||= {}
|
|
88
|
-
end
|
|
89
|
-
session['omniauth.state'] = params[:state]
|
|
90
|
-
params
|
|
91
|
-
end
|
|
92
|
-
|
|
93
|
-
def token_params
|
|
94
|
-
options.token_params.merge(options.token_options.inject({}){|h,k| h[k.to_sym] = options[k] if options[k]; h})
|
|
95
|
-
end
|
|
96
|
-
|
|
97
|
-
def callback_phase
|
|
98
|
-
if request.params['error'] || request.params['error_reason']
|
|
99
|
-
raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
|
|
100
|
-
end
|
|
101
|
-
if request.params['state'].to_s.empty? || request.params['state'] != session.delete('omniauth.state')
|
|
102
|
-
raise CallbackError.new(nil, :csrf_detected)
|
|
103
|
-
end
|
|
104
|
-
|
|
105
|
-
self.access_token = build_access_token
|
|
106
|
-
self.access_token = access_token.refresh! if access_token.expired?
|
|
107
|
-
|
|
108
|
-
super
|
|
109
|
-
rescue ::OAuth2::Error, CallbackError => e
|
|
110
|
-
fail!(:invalid_credentials, e)
|
|
111
|
-
rescue ::MultiJson::DecodeError => e
|
|
112
|
-
fail!(:invalid_response, e)
|
|
113
|
-
rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
|
|
114
|
-
fail!(:timeout, e)
|
|
115
|
-
rescue ::SocketError => e
|
|
116
|
-
fail!(:failed_to_connect, e)
|
|
117
|
-
end
|
|
118
|
-
|
|
119
|
-
# These are called after authentication has succeeded. If
|
|
120
|
-
# possible, you should try to set the UID without making
|
|
121
|
-
# additional calls (if the user id is returned with the token
|
|
122
|
-
# or as a URI parameter). This may not be possible with all
|
|
123
|
-
# providers.
|
|
124
|
-
uid { raw_info['uuid'] }
|
|
13
|
+
uid { user_info['sub'] }
|
|
125
14
|
|
|
126
15
|
info do
|
|
127
16
|
{
|
|
128
|
-
:
|
|
129
|
-
:
|
|
17
|
+
name: user_info['name'],
|
|
18
|
+
email: user_info['email']
|
|
130
19
|
}
|
|
131
20
|
end
|
|
132
21
|
|
|
133
|
-
def
|
|
134
|
-
access_token.
|
|
135
|
-
access_token.options[:param_name] = 'oauth_token'
|
|
136
|
-
access_token.client.connection.headers['Accept-Encoding'] = ''
|
|
137
|
-
@raw_info ||= access_token.get('/oauth/user').parsed
|
|
22
|
+
def user_info
|
|
23
|
+
@user_info ||= access_token.get('/api/users/current').parsed
|
|
138
24
|
end
|
|
139
25
|
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
end
|
|
147
|
-
end
|
|
148
|
-
|
|
149
|
-
def build_access_token
|
|
150
|
-
verifier = request.params['code']
|
|
151
|
-
client.auth_code.get_token(verifier, {:redirect_url => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)))
|
|
152
|
-
end
|
|
153
|
-
|
|
154
|
-
# An error that is indicated in the OAuth 2.0 callback.
|
|
155
|
-
# This could be a `redirect_uri_mismatch` or other
|
|
156
|
-
class CallbackError < StandardError
|
|
157
|
-
attr_accessor :error, :error_reason, :error_uri
|
|
158
|
-
|
|
159
|
-
def initialize(error, error_reason=nil, error_uri=nil)
|
|
160
|
-
self.error = error
|
|
161
|
-
self.error_reason = error_reason
|
|
162
|
-
self.error_uri = error_uri
|
|
163
|
-
end
|
|
26
|
+
# This method override was once part of omniauth-oauth2, but was removed
|
|
27
|
+
# in https://github.com/intridea/omniauth-oauth2/pull/70
|
|
28
|
+
# However, this causes Doorkeeper to reject the redirect_uri, as I explain
|
|
29
|
+
# here: https://github.com/intridea/omniauth-oauth2/issues/28#issuecomment-199382532
|
|
30
|
+
def callback_url
|
|
31
|
+
full_host + script_name + callback_path
|
|
164
32
|
end
|
|
165
33
|
end
|
|
166
34
|
end
|
|
167
35
|
end
|
|
168
36
|
OmniAuth.config.add_camelization 'kaeuferportal', 'Kaeuferportal'
|
|
169
|
-
|
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
require File.expand_path('../lib/omniauth-kaeuferportal/version', __FILE__)
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |gem|
|
|
5
|
-
gem.add_dependency 'omniauth', '~> 1.
|
|
6
|
-
gem.add_dependency 'oauth2', '
|
|
5
|
+
gem.add_dependency 'omniauth', '~> 1.3'
|
|
6
|
+
gem.add_dependency 'omniauth-oauth2', '~> 1.4'
|
|
7
7
|
|
|
8
|
-
gem.add_development_dependency 'rspec', '~>
|
|
8
|
+
gem.add_development_dependency 'rspec', '~> 3.0'
|
|
9
9
|
gem.add_development_dependency 'rack-test'
|
|
10
10
|
gem.add_development_dependency 'webmock'
|
|
11
11
|
gem.add_development_dependency 'simplecov'
|
|
@@ -14,7 +14,7 @@ Gem::Specification.new do |gem|
|
|
|
14
14
|
gem.email = ["christoph.rahles@kaeuferportal.de"]
|
|
15
15
|
gem.description = %q{Kaeuferportal-OAuth2 strategy for OmniAuth.}
|
|
16
16
|
gem.summary = %q{Kaeuferportal-OAuth2 strategy for OmniAuth.}
|
|
17
|
-
gem.homepage = "https://github.com/
|
|
17
|
+
gem.homepage = "https://github.com/kaeuferportal/omniauth-kaeuferportal"
|
|
18
18
|
|
|
19
19
|
gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
|
20
20
|
gem.files = `git ls-files`.split("\n")
|
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe OmniAuth::Strategies::Kaeuferportal do
|
|
4
|
-
def app
|
|
4
|
+
def app
|
|
5
|
+
lambda { |env| [200, {}, ["Hello."]] }
|
|
6
|
+
end
|
|
7
|
+
|
|
5
8
|
let(:fresh_strategy){ Class.new(OmniAuth::Strategies::Kaeuferportal) }
|
|
6
9
|
|
|
7
10
|
before do
|
|
@@ -12,52 +15,17 @@ describe OmniAuth::Strategies::Kaeuferportal do
|
|
|
12
15
|
OmniAuth.config.test_mode = false
|
|
13
16
|
end
|
|
14
17
|
|
|
15
|
-
describe '#
|
|
18
|
+
describe '#client_options' do
|
|
16
19
|
subject{ fresh_strategy }
|
|
17
20
|
|
|
18
21
|
it 'should be initialized with symbolized client_options' do
|
|
19
|
-
instance = subject.new(app, :
|
|
20
|
-
instance.client.options[:authorize_url].
|
|
22
|
+
instance = subject.new(app, client_options: { 'authorize_url' => 'https://example.com' })
|
|
23
|
+
expect(instance.client.options[:authorize_url]).to eql 'https://example.com'
|
|
21
24
|
end
|
|
22
25
|
|
|
23
26
|
it 'should set ssl options as connection options' do
|
|
24
|
-
instance = subject.new(app, :
|
|
25
|
-
instance.client.options[:connection_opts][:ssl] =~ {:
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
describe '#authorize_params' do
|
|
30
|
-
subject { fresh_strategy }
|
|
31
|
-
|
|
32
|
-
it 'should include any authorize params passed in the :authorize_params option' do
|
|
33
|
-
instance = subject.new('abc', 'def', :authorize_params => {:foo => 'bar', :baz => 'zip', :state => '123'})
|
|
34
|
-
instance.authorize_params.should == {'foo' => 'bar', 'baz' => 'zip', 'state' => '123'}
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
it 'should include top-level options that are marked as :authorize_options' do
|
|
38
|
-
instance = subject.new('abc', 'def', :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz', :authorize_params => {:state => '123'})
|
|
39
|
-
instance.authorize_params.should == {'scope' => 'bar', 'foo' => 'baz', 'state' => '123'}
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
it 'should include random state in the authorize params' do
|
|
43
|
-
instance = subject.new('abc', 'def')
|
|
44
|
-
instance.authorize_params.keys.should == ['state']
|
|
45
|
-
instance.session['omniauth.state'].should_not be_empty
|
|
46
|
-
instance.session['omniauth.state'].should == instance.authorize_params['state']
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
describe '#token_params' do
|
|
51
|
-
subject { fresh_strategy }
|
|
52
|
-
|
|
53
|
-
it 'should include any authorize params passed in the :authorize_params option' do
|
|
54
|
-
instance = subject.new('abc', 'def', :token_params => {:foo => 'bar', :baz => 'zip'})
|
|
55
|
-
instance.token_params.should == {'foo' => 'bar', 'baz' => 'zip'}
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
it 'should include top-level options that are marked as :authorize_options' do
|
|
59
|
-
instance = subject.new('abc', 'def', :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz')
|
|
60
|
-
instance.token_params.should == {'scope' => 'bar', 'foo' => 'baz'}
|
|
27
|
+
instance = subject.new(app, client_options: { 'ssl' => { 'ca_path' => 'foo' } })
|
|
28
|
+
instance.client.options[:connection_opts][:ssl] =~ { ca_path: 'foo' }
|
|
61
29
|
end
|
|
62
30
|
end
|
|
63
31
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-kaeuferportal
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Christoph Rahles
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-04-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth
|
|
@@ -16,42 +16,42 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '1.
|
|
19
|
+
version: '1.3'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '1.
|
|
26
|
+
version: '1.3'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: oauth2
|
|
28
|
+
name: omniauth-oauth2
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: '1.4'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: '1.4'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rspec
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '
|
|
47
|
+
version: '3.0'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
54
|
+
version: '3.0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rack-test
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -113,7 +113,7 @@ files:
|
|
|
113
113
|
- omniauth-kaeuferportal.gemspec
|
|
114
114
|
- spec/omniauth/strategies/kaeuferportal_spec.rb
|
|
115
115
|
- spec/spec_helper.rb
|
|
116
|
-
homepage: https://github.com/
|
|
116
|
+
homepage: https://github.com/kaeuferportal/omniauth-kaeuferportal
|
|
117
117
|
licenses: []
|
|
118
118
|
metadata: {}
|
|
119
119
|
post_install_message:
|
|
@@ -132,8 +132,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
132
132
|
version: '0'
|
|
133
133
|
requirements: []
|
|
134
134
|
rubyforge_project:
|
|
135
|
-
rubygems_version: 2.
|
|
135
|
+
rubygems_version: 2.4.8
|
|
136
136
|
signing_key:
|
|
137
137
|
specification_version: 4
|
|
138
138
|
summary: Kaeuferportal-OAuth2 strategy for OmniAuth.
|
|
139
|
-
test_files:
|
|
139
|
+
test_files:
|
|
140
|
+
- spec/omniauth/strategies/kaeuferportal_spec.rb
|
|
141
|
+
- spec/spec_helper.rb
|