omniauth-kaeuferportal 1.1.1 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -0
- data/lib/omniauth-kaeuferportal/version.rb +1 -1
- data/lib/omniauth/strategies/kaeuferportal.rb +16 -149
- data/omniauth-kaeuferportal.gemspec +4 -4
- data/spec/omniauth/strategies/kaeuferportal_spec.rb +9 -41
- metadata +16 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2eec2b5e9cebd38de5040785ba8abf6063063182
|
4
|
+
data.tar.gz: 37c165ae4d8cd0b61e62240f4f4660e445cd85be
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b2355a12cbef27173fa138dd42976c86560df925872d98dc5248003f529fb5f78000350f68530b9bca16476f11229f2015d1bb709e11b937ed5211de4cd8cd72
|
7
|
+
data.tar.gz: b01330608621f32fb507102e0455a108d7ae15eb117c2d89fd8e68128f6d9b191746c0ac131547d8e2120a059fcaa1ca6a510904a48beb093fb5d970bbf69a38
|
data/README.md
CHANGED
@@ -1,169 +1,36 @@
|
|
1
|
-
require '
|
2
|
-
require 'uri'
|
3
|
-
require 'oauth2'
|
4
|
-
require 'omniauth'
|
5
|
-
require 'timeout'
|
6
|
-
require 'securerandom'
|
7
|
-
|
8
|
-
module OAuth2
|
9
|
-
class Client
|
10
|
-
def get_token(params, access_token_opts={})
|
11
|
-
opts = {:raise_errors => true, :parse => params.delete(:parse)}
|
12
|
-
if options[:token_method] == :post
|
13
|
-
opts[:body] = params
|
14
|
-
opts[:headers] = {
|
15
|
-
'Content-Type' => 'application/x-www-form-urlencoded',
|
16
|
-
'Accept-Encoding' => ''
|
17
|
-
}
|
18
|
-
else
|
19
|
-
opts[:params] = params
|
20
|
-
end
|
21
|
-
response = request(options[:token_method], token_url, opts)
|
22
|
-
raise Error.new(response) unless response.body['access_token']
|
23
|
-
opts = {
|
24
|
-
:access_token => response.body.split("=")[1],
|
25
|
-
:param_name => 'token'
|
26
|
-
}
|
27
|
-
AccessToken.from_hash(self, opts.merge(access_token_opts))
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
1
|
+
require 'omniauth/strategies/oauth2'
|
31
2
|
|
32
3
|
module OmniAuth
|
33
4
|
module Strategies
|
34
|
-
|
35
|
-
# the [OAuth 2.0 Specification](http://tools.ietf.org/html/draft-ietf-oauth-v2-10).
|
36
|
-
# You must generally register your application with the provider and
|
37
|
-
# utilize an application id and secret in order to authenticate using
|
38
|
-
# OAuth 2.0.
|
39
|
-
class Kaeuferportal
|
40
|
-
include OmniAuth::Strategy
|
41
|
-
|
42
|
-
args [:client_id, :client_secret]
|
43
|
-
|
5
|
+
class Kaeuferportal < OmniAuth::Strategies::OAuth2
|
44
6
|
option :name, "kaeuferportal"
|
45
|
-
option :client_id, nil
|
46
|
-
option :client_secret, nil
|
47
|
-
option :authorize_params, {}
|
48
|
-
option :authorize_options, [:scope]
|
49
|
-
option :token_params, {}
|
50
|
-
option :token_options, []
|
51
7
|
option :client_options, {
|
52
|
-
:
|
53
|
-
:
|
54
|
-
:
|
8
|
+
site: 'https://auth.kaeuferportal.de',
|
9
|
+
authorize_url: '/oauth/authorize',
|
10
|
+
token_url: '/oauth/token'
|
55
11
|
}
|
56
12
|
|
57
|
-
|
58
|
-
attr_accessor :access_token
|
59
|
-
|
60
|
-
def client
|
61
|
-
::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
|
62
|
-
end
|
63
|
-
|
64
|
-
def callback_url
|
65
|
-
full_host + script_name + callback_path
|
66
|
-
end
|
67
|
-
|
68
|
-
credentials do
|
69
|
-
hash = {'token' => access_token.token}
|
70
|
-
hash.merge!('refresh_token' => access_token.refresh_token) if access_token.expires? && access_token.refresh_token
|
71
|
-
hash.merge!('expires_at' => access_token.expires_at) if access_token.expires?
|
72
|
-
hash.merge!('expires' => access_token.expires?)
|
73
|
-
hash
|
74
|
-
end
|
75
|
-
|
76
|
-
def request_phase
|
77
|
-
redirect client.auth_code.authorize_url({:redirect_url => callback_url}.merge(authorize_params))
|
78
|
-
end
|
79
|
-
|
80
|
-
def authorize_params
|
81
|
-
if options.authorize_params[:state].to_s.empty?
|
82
|
-
options.authorize_params[:state] = SecureRandom.hex(24)
|
83
|
-
end
|
84
|
-
params = options.authorize_params.merge(options.authorize_options.inject({}){|h,k| h[k.to_sym] = options[k] if options[k]; h})
|
85
|
-
if OmniAuth.config.test_mode
|
86
|
-
@env ||= {}
|
87
|
-
@env['rack.session'] ||= {}
|
88
|
-
end
|
89
|
-
session['omniauth.state'] = params[:state]
|
90
|
-
params
|
91
|
-
end
|
92
|
-
|
93
|
-
def token_params
|
94
|
-
options.token_params.merge(options.token_options.inject({}){|h,k| h[k.to_sym] = options[k] if options[k]; h})
|
95
|
-
end
|
96
|
-
|
97
|
-
def callback_phase
|
98
|
-
if request.params['error'] || request.params['error_reason']
|
99
|
-
raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
|
100
|
-
end
|
101
|
-
if request.params['state'].to_s.empty? || request.params['state'] != session.delete('omniauth.state')
|
102
|
-
raise CallbackError.new(nil, :csrf_detected)
|
103
|
-
end
|
104
|
-
|
105
|
-
self.access_token = build_access_token
|
106
|
-
self.access_token = access_token.refresh! if access_token.expired?
|
107
|
-
|
108
|
-
super
|
109
|
-
rescue ::OAuth2::Error, CallbackError => e
|
110
|
-
fail!(:invalid_credentials, e)
|
111
|
-
rescue ::MultiJson::DecodeError => e
|
112
|
-
fail!(:invalid_response, e)
|
113
|
-
rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
|
114
|
-
fail!(:timeout, e)
|
115
|
-
rescue ::SocketError => e
|
116
|
-
fail!(:failed_to_connect, e)
|
117
|
-
end
|
118
|
-
|
119
|
-
# These are called after authentication has succeeded. If
|
120
|
-
# possible, you should try to set the UID without making
|
121
|
-
# additional calls (if the user id is returned with the token
|
122
|
-
# or as a URI parameter). This may not be possible with all
|
123
|
-
# providers.
|
124
|
-
uid { raw_info['uuid'] }
|
13
|
+
uid { user_info['sub'] }
|
125
14
|
|
126
15
|
info do
|
127
16
|
{
|
128
|
-
:
|
129
|
-
:
|
17
|
+
name: user_info['name'],
|
18
|
+
email: user_info['email']
|
130
19
|
}
|
131
20
|
end
|
132
21
|
|
133
|
-
def
|
134
|
-
access_token.
|
135
|
-
access_token.options[:param_name] = 'oauth_token'
|
136
|
-
access_token.client.connection.headers['Accept-Encoding'] = ''
|
137
|
-
@raw_info ||= access_token.get('/oauth/user').parsed
|
22
|
+
def user_info
|
23
|
+
@user_info ||= access_token.get('/api/users/current').parsed
|
138
24
|
end
|
139
25
|
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
end
|
147
|
-
end
|
148
|
-
|
149
|
-
def build_access_token
|
150
|
-
verifier = request.params['code']
|
151
|
-
client.auth_code.get_token(verifier, {:redirect_url => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)))
|
152
|
-
end
|
153
|
-
|
154
|
-
# An error that is indicated in the OAuth 2.0 callback.
|
155
|
-
# This could be a `redirect_uri_mismatch` or other
|
156
|
-
class CallbackError < StandardError
|
157
|
-
attr_accessor :error, :error_reason, :error_uri
|
158
|
-
|
159
|
-
def initialize(error, error_reason=nil, error_uri=nil)
|
160
|
-
self.error = error
|
161
|
-
self.error_reason = error_reason
|
162
|
-
self.error_uri = error_uri
|
163
|
-
end
|
26
|
+
# This method override was once part of omniauth-oauth2, but was removed
|
27
|
+
# in https://github.com/intridea/omniauth-oauth2/pull/70
|
28
|
+
# However, this causes Doorkeeper to reject the redirect_uri, as I explain
|
29
|
+
# here: https://github.com/intridea/omniauth-oauth2/issues/28#issuecomment-199382532
|
30
|
+
def callback_url
|
31
|
+
full_host + script_name + callback_path
|
164
32
|
end
|
165
33
|
end
|
166
34
|
end
|
167
35
|
end
|
168
36
|
OmniAuth.config.add_camelization 'kaeuferportal', 'Kaeuferportal'
|
169
|
-
|
@@ -2,10 +2,10 @@
|
|
2
2
|
require File.expand_path('../lib/omniauth-kaeuferportal/version', __FILE__)
|
3
3
|
|
4
4
|
Gem::Specification.new do |gem|
|
5
|
-
gem.add_dependency 'omniauth', '~> 1.
|
6
|
-
gem.add_dependency 'oauth2', '
|
5
|
+
gem.add_dependency 'omniauth', '~> 1.3'
|
6
|
+
gem.add_dependency 'omniauth-oauth2', '~> 1.4'
|
7
7
|
|
8
|
-
gem.add_development_dependency 'rspec', '~>
|
8
|
+
gem.add_development_dependency 'rspec', '~> 3.0'
|
9
9
|
gem.add_development_dependency 'rack-test'
|
10
10
|
gem.add_development_dependency 'webmock'
|
11
11
|
gem.add_development_dependency 'simplecov'
|
@@ -14,7 +14,7 @@ Gem::Specification.new do |gem|
|
|
14
14
|
gem.email = ["christoph.rahles@kaeuferportal.de"]
|
15
15
|
gem.description = %q{Kaeuferportal-OAuth2 strategy for OmniAuth.}
|
16
16
|
gem.summary = %q{Kaeuferportal-OAuth2 strategy for OmniAuth.}
|
17
|
-
gem.homepage = "https://github.com/
|
17
|
+
gem.homepage = "https://github.com/kaeuferportal/omniauth-kaeuferportal"
|
18
18
|
|
19
19
|
gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
20
20
|
gem.files = `git ls-files`.split("\n")
|
@@ -1,7 +1,10 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe OmniAuth::Strategies::Kaeuferportal do
|
4
|
-
def app
|
4
|
+
def app
|
5
|
+
lambda { |env| [200, {}, ["Hello."]] }
|
6
|
+
end
|
7
|
+
|
5
8
|
let(:fresh_strategy){ Class.new(OmniAuth::Strategies::Kaeuferportal) }
|
6
9
|
|
7
10
|
before do
|
@@ -12,52 +15,17 @@ describe OmniAuth::Strategies::Kaeuferportal do
|
|
12
15
|
OmniAuth.config.test_mode = false
|
13
16
|
end
|
14
17
|
|
15
|
-
describe '#
|
18
|
+
describe '#client_options' do
|
16
19
|
subject{ fresh_strategy }
|
17
20
|
|
18
21
|
it 'should be initialized with symbolized client_options' do
|
19
|
-
instance = subject.new(app, :
|
20
|
-
instance.client.options[:authorize_url].
|
22
|
+
instance = subject.new(app, client_options: { 'authorize_url' => 'https://example.com' })
|
23
|
+
expect(instance.client.options[:authorize_url]).to eql 'https://example.com'
|
21
24
|
end
|
22
25
|
|
23
26
|
it 'should set ssl options as connection options' do
|
24
|
-
instance = subject.new(app, :
|
25
|
-
instance.client.options[:connection_opts][:ssl] =~ {:
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
describe '#authorize_params' do
|
30
|
-
subject { fresh_strategy }
|
31
|
-
|
32
|
-
it 'should include any authorize params passed in the :authorize_params option' do
|
33
|
-
instance = subject.new('abc', 'def', :authorize_params => {:foo => 'bar', :baz => 'zip', :state => '123'})
|
34
|
-
instance.authorize_params.should == {'foo' => 'bar', 'baz' => 'zip', 'state' => '123'}
|
35
|
-
end
|
36
|
-
|
37
|
-
it 'should include top-level options that are marked as :authorize_options' do
|
38
|
-
instance = subject.new('abc', 'def', :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz', :authorize_params => {:state => '123'})
|
39
|
-
instance.authorize_params.should == {'scope' => 'bar', 'foo' => 'baz', 'state' => '123'}
|
40
|
-
end
|
41
|
-
|
42
|
-
it 'should include random state in the authorize params' do
|
43
|
-
instance = subject.new('abc', 'def')
|
44
|
-
instance.authorize_params.keys.should == ['state']
|
45
|
-
instance.session['omniauth.state'].should_not be_empty
|
46
|
-
instance.session['omniauth.state'].should == instance.authorize_params['state']
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
describe '#token_params' do
|
51
|
-
subject { fresh_strategy }
|
52
|
-
|
53
|
-
it 'should include any authorize params passed in the :authorize_params option' do
|
54
|
-
instance = subject.new('abc', 'def', :token_params => {:foo => 'bar', :baz => 'zip'})
|
55
|
-
instance.token_params.should == {'foo' => 'bar', 'baz' => 'zip'}
|
56
|
-
end
|
57
|
-
|
58
|
-
it 'should include top-level options that are marked as :authorize_options' do
|
59
|
-
instance = subject.new('abc', 'def', :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz')
|
60
|
-
instance.token_params.should == {'scope' => 'bar', 'foo' => 'baz'}
|
27
|
+
instance = subject.new(app, client_options: { 'ssl' => { 'ca_path' => 'foo' } })
|
28
|
+
instance.client.options[:connection_opts][:ssl] =~ { ca_path: 'foo' }
|
61
29
|
end
|
62
30
|
end
|
63
31
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-kaeuferportal
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Christoph Rahles
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-04-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth
|
@@ -16,42 +16,42 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1.
|
19
|
+
version: '1.3'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1.
|
26
|
+
version: '1.3'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name: oauth2
|
28
|
+
name: omniauth-oauth2
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: '1.4'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: '1.4'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rspec
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
47
|
+
version: '3.0'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '3.0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rack-test
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -113,7 +113,7 @@ files:
|
|
113
113
|
- omniauth-kaeuferportal.gemspec
|
114
114
|
- spec/omniauth/strategies/kaeuferportal_spec.rb
|
115
115
|
- spec/spec_helper.rb
|
116
|
-
homepage: https://github.com/
|
116
|
+
homepage: https://github.com/kaeuferportal/omniauth-kaeuferportal
|
117
117
|
licenses: []
|
118
118
|
metadata: {}
|
119
119
|
post_install_message:
|
@@ -132,8 +132,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
132
132
|
version: '0'
|
133
133
|
requirements: []
|
134
134
|
rubyforge_project:
|
135
|
-
rubygems_version: 2.
|
135
|
+
rubygems_version: 2.4.8
|
136
136
|
signing_key:
|
137
137
|
specification_version: 4
|
138
138
|
summary: Kaeuferportal-OAuth2 strategy for OmniAuth.
|
139
|
-
test_files:
|
139
|
+
test_files:
|
140
|
+
- spec/omniauth/strategies/kaeuferportal_spec.rb
|
141
|
+
- spec/spec_helper.rb
|