omniauth-magento 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +126 -26
- data/lib/omniauth/magento/version.rb +1 -1
- data/lib/omniauth/strategies/magento.rb +29 -14
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8c3643da08f0db9a83a2b1c1da416bf3cefc1708
|
4
|
+
data.tar.gz: 8376779d6d728544abe3b0246d463e7845a03703
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cefbe6dce5df520d826ad7a9b8f1c81cd95ae9c9acccad56d7fb7d95d22ec701b88fa4903c6c4ae2cb2750c3b06920e6468903854935f1f777848e3057fed1d3
|
7
|
+
data.tar.gz: 9053792e0e5296bbb26ea39227ccb9d36f882760dfe961f01e8a89e05dbed570e0bfcbab59694c98143e90a0bb358676a87047e6cf6af34e6441161189255dc4
|
data/README.md
CHANGED
@@ -1,38 +1,65 @@
|
|
1
1
|
# Omniauth::Magento
|
2
2
|
|
3
|
-
An Omniauth strategy for Magento. Works only with the newer Magento REST api (not SOAP).
|
3
|
+
An Omniauth strategy for Magento with detailed instructions on how to use it with Rails. Works only with the newer Magento REST api (not SOAP).
|
4
4
|
|
5
5
|
## Instructions on how to use with Rails
|
6
6
|
|
7
7
|
### Setting up Magento
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
#### Consumer key & secret
|
10
|
+
|
11
|
+
[Set up a consumer in Magento](http://www.magentocommerce.com/api/rest/authentication/oauth_configuration.html) and write down consumer key and consumer secret
|
12
|
+
|
13
|
+
#### Privileges
|
14
|
+
|
15
|
+
For the Customer API: In the Magento Admin backend, go to `System > Web Services > REST Roles`, select `Customer`, and tick `Retrieve` under `Customer`. Add more privileges as needed.
|
16
|
+
|
17
|
+
For the Admin API: In the Magento Admin backend, go to `System > Web Services > REST Roles`, select `Admin`, select `Admin API Resources`, select `Custom` in the `Resource Access` dropdown, tick `Retrieve` under `Customer`. Add more privileges as needed.
|
18
|
+
|
19
|
+
#### Attributes
|
20
|
+
|
21
|
+
For the Customer API: In the Magento Admin backend, go to `System > Web Services > REST Attributes`, select `Customer`, and tick `Email`, `First name` and `Last name` under `Customer` > `Read`. Add more attributes as needed.
|
22
|
+
|
23
|
+
For the Admin API: In the Magento Admin backend, go to `System > Web Services > REST Attributes`, select `Admin`, and tick `Email`, `First name` and `Last name` under `Customer` > `Read`. Add more attributes as needed.
|
24
|
+
|
25
|
+
#### Attributes
|
26
|
+
|
27
|
+
Only for the Admin API: In the Magento Admin backend, go to `System > Permissions > Users`, search for user who will be using this API, click on user, click on `User Role` and make sure `Administrator` is selected, click on `REST Role` and make sure `Admin` is selected.
|
12
28
|
|
13
29
|
### Setting up Rails
|
14
30
|
|
15
31
|
Parts of these instructions are based on these [OmniAuth instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview), which you can read in case you get stuck.
|
16
32
|
|
33
|
+
#### Devise
|
34
|
+
|
17
35
|
* Install [Devise](https://github.com/plataformatec/devise) if you haven't installed it
|
18
|
-
*
|
19
|
-
|
36
|
+
* Add / replace this line in your `routes.rb` `devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }`. This will be called once Magento has successfully authorized and returns to the Rails app.
|
37
|
+
|
38
|
+
#### Magento oAuth strategy
|
39
|
+
|
40
|
+
* Load this library into your Gemfile `gem "omniauth-magento"` and run `bundle install`
|
20
41
|
* Modify `config/initializers/devise.rb`:
|
21
42
|
|
22
43
|
```
|
23
44
|
Devise.setup do |config|
|
24
45
|
# deactivate SSL on development environment
|
25
46
|
OpenSSL::SSL::VERIFY_PEER ||= OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
|
26
|
-
config.omniauth :magento,
|
47
|
+
config.omniauth :magento,
|
48
|
+
"ENTER_YOUR_MAGENTO_CONSUMER_KEY",
|
49
|
+
"ENTER_YOUR_MAGENTO_CONSUMER_SECRET",
|
50
|
+
{ :client_options => { :site => "ENTER_YOUR_MAGENTO_URL_WITHOUT_TRAILING_SLASH" } }
|
27
51
|
# example:
|
28
52
|
# config.omniauth :magento, "12a3", "45e6", { :client_options => { :site => "http://localhost/magento" } }
|
29
53
|
```
|
30
54
|
|
31
|
-
*
|
32
|
-
|
33
|
-
|
55
|
+
* optional: If you want to use the Admin API (as opposed to the Customer API), you need to overwrite the default `authorize_path` like so:
|
56
|
+
|
57
|
+
```
|
58
|
+
{ :client_options => { :authorize_path => "/admin/oauth_authorize", :site => ENTER_YOUR_MAGENTO_URL_WITHOUT_TRAILING_SLASH } }
|
59
|
+
```
|
60
|
+
|
34
61
|
* In your folder `controllers`, create a subfolder `users`
|
35
|
-
* In that subfolder `app/controllers/users/`, create a file `omniauth_callbacks_controller.rb` with the following code
|
62
|
+
* In that subfolder `app/controllers/users/`, create a file `omniauth_callbacks_controller.rb` with the following code:
|
36
63
|
|
37
64
|
```
|
38
65
|
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
@@ -40,7 +67,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
40
67
|
# You need to implement the method below in your model (e.g. app/models/user.rb)
|
41
68
|
@user = User.find_for_magento_oauth(request.env["omniauth.auth"], current_user)
|
42
69
|
|
43
|
-
if @user.persisted?
|
70
|
+
if @user && @user.persisted?
|
44
71
|
sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
|
45
72
|
set_flash_message(:notice, :success, :kind => "magento") if is_navigational_format?
|
46
73
|
else
|
@@ -51,7 +78,19 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
|
51
78
|
end
|
52
79
|
```
|
53
80
|
|
54
|
-
|
81
|
+
#### User model & table
|
82
|
+
|
83
|
+
Here's an example of useful Magento information you can store in your `User` table once you have created these columns:
|
84
|
+
* `email`
|
85
|
+
* `first_name`
|
86
|
+
* `last_name`
|
87
|
+
* `magento_id`
|
88
|
+
* `magento_token`
|
89
|
+
* `magento_secret`
|
90
|
+
|
91
|
+
Optional: You might want to encrypt `magento_token` and `magento_secret` with the `attr_encrypted` gem for example (requires renaming `magento_token` to `encrypted_magento_token` and `magento_secret` to `encrypted_magento_secret`).
|
92
|
+
|
93
|
+
Set up your User model to be omniauthable `:omniauthable, :omniauth_providers => [:magento]` and create a method to save retrieved information after successfully authenticating. The method below can be shortened if only either the Customer API or the Admin API are used.
|
55
94
|
|
56
95
|
```
|
57
96
|
class User < ActiveRecord::Base
|
@@ -59,22 +98,55 @@ class User < ActiveRecord::Base
|
|
59
98
|
:rememberable, :trackable, :validatable, :timeoutable,
|
60
99
|
:omniauthable, :omniauth_providers => [:magento]
|
61
100
|
|
62
|
-
def self.find_for_magento_oauth(auth, signed_in_resource=nil)
|
63
|
-
|
64
|
-
|
65
|
-
user =
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
101
|
+
def self.find_for_magento_oauth(auth, signed_in_resource=nil)
|
102
|
+
# update logged in user
|
103
|
+
if signed_in_resource
|
104
|
+
user = signed_in_resource
|
105
|
+
update_user_with_magento_data(auth, user)
|
106
|
+
# create new user if user details are known (not available through Admin API)
|
107
|
+
elsif authenticated_through_customer_api?(auth)
|
108
|
+
user = User.find_by(email: auth.info.email)
|
109
|
+
create_user_with_magento_data(auth)
|
110
|
+
# log authentication details from Magento if user details are not known (not signed in and authenticated through Admin API)
|
111
|
+
else
|
112
|
+
puts "MAGENTO_TOKEN: #{magento_token}"
|
113
|
+
puts "MAGENTO_SECRET: #{magento_secret}"
|
72
114
|
end
|
73
|
-
user
|
74
|
-
end
|
115
|
+
user || nil
|
116
|
+
end
|
117
|
+
|
118
|
+
private
|
119
|
+
|
120
|
+
def self.authenticated_through_customer_api?(auth)
|
121
|
+
auth.info.present?
|
122
|
+
end
|
123
|
+
|
124
|
+
def self.update_user_with_magento_data(auth, user)
|
125
|
+
user.update!(
|
126
|
+
magento_id: auth.try(:uid), # doesn't exist for Admin API
|
127
|
+
magento_token: auth.credentials.token,
|
128
|
+
magento_secret: auth.credentials.secret
|
129
|
+
)
|
130
|
+
end
|
131
|
+
|
132
|
+
def self.create_user_with_magento_data(auth)
|
133
|
+
user = User.create!(
|
134
|
+
first_name: auth.info.first_name,
|
135
|
+
last_name: auth.info.last_name,
|
136
|
+
magento_id: auth.uid,
|
137
|
+
magento_token: auth.credentials.token,
|
138
|
+
magento_secret: auth.credentials.secret,
|
139
|
+
email: auth.info.email,
|
140
|
+
password: Devise.friendly_token[0,20]
|
141
|
+
)
|
142
|
+
end
|
75
143
|
end
|
76
144
|
```
|
77
145
|
|
146
|
+
#### Link to start authentication
|
147
|
+
|
148
|
+
Add this line to your view `<%= link_to "Sign in with Magento", user_omniauth_authorize_path(:magento) %>`
|
149
|
+
|
78
150
|
### Authenticating
|
79
151
|
|
80
152
|
* Start your Rails server
|
@@ -83,4 +155,32 @@ end
|
|
83
155
|
* In your Rails app, go to the view where you pasted this line `<%= link_to "Sign in with Magento", user_omniauth_authorize_path(:magento) %>`
|
84
156
|
* Click on the link
|
85
157
|
* You now should be directed to a Magento view where you are prompted to authorize access to the Magento user account
|
86
|
-
* Once you have confirmed, you should get logged into Rails and redirected to the callback URL specified above. The
|
158
|
+
* Once you have confirmed, you should get logged into Rails and redirected to the Rails callback URL specified above. The user should now have `magento_id`, `magento_token` and `magento_secret` stored.
|
159
|
+
|
160
|
+
### Making API calls
|
161
|
+
|
162
|
+
* Create a class that uses `magento_token` and `magento_secret` to do API calls for instance in `lib/magento_inspector.rb`. Example:
|
163
|
+
```
|
164
|
+
class MagentoInspector
|
165
|
+
require "oauth"
|
166
|
+
require "omniauth"
|
167
|
+
require "multi_json"
|
168
|
+
|
169
|
+
def initialize
|
170
|
+
@access_token = prepare_access_token(current_user) # or pass user in initialize method
|
171
|
+
@response = MultiJson.decode(@access_token.get("/api/rest/customers").body) # or pass query in initialize method, make sure privileges and attributes are enabled for query (see section at top)
|
172
|
+
end
|
173
|
+
|
174
|
+
private
|
175
|
+
|
176
|
+
# from http://behindtechlines.com/2011/08/using-the-tumblr-api-v2-on-rails-with-omniauth/
|
177
|
+
def prepare_access_token(user)
|
178
|
+
consumer = OAuth::Consumer.new("ENTER_YOUR_MAGENTO_CONSUMER_KEY", "ENTER_YOUR_MAGENTO_CONSUMER_SECRET", {:site => "ENTER_YOUR_MAGENTO_URL_WITHOUT_TRAILING_SLASH"})
|
179
|
+
token_hash = {:oauth_token => user.magento_token, :oauth_token_secret => user.magento_secret}
|
180
|
+
access_token = OAuth::AccessToken.from_hash(consumer, token_hash)
|
181
|
+
end
|
182
|
+
end
|
183
|
+
```
|
184
|
+
* Make sure Rails loads files in the folder where this class is placed. For the `lib` folder, put this in `config/application.rb`: `config.autoload_paths += Dir["#{config.root}/lib/**/"]`
|
185
|
+
* Perform query `MagentoInspector.new`
|
186
|
+
* Extend class to suit your needs
|
@@ -5,29 +5,44 @@ module OmniAuth
|
|
5
5
|
module Strategies
|
6
6
|
class Magento < OmniAuth::Strategies::OAuth
|
7
7
|
option :name, "magento"
|
8
|
-
|
8
|
+
|
9
9
|
option :client_options, {
|
10
|
-
:
|
11
|
-
:authorize_path => "/oauth/authorize",
|
12
|
-
:
|
10
|
+
:request_token_path => "/oauth/initiate",
|
11
|
+
:authorize_path => "/oauth/authorize",
|
12
|
+
:access_token_path => "/oauth/token"
|
13
13
|
}
|
14
|
-
|
15
|
-
#
|
16
|
-
|
14
|
+
|
15
|
+
# when colling Customer (not Admin) API, Magento returns user credentials for logged in Magento user
|
16
|
+
# these credentials can then be used to create a new user in the Rails app
|
17
|
+
# won't work with Admin API since /customers will return all customers
|
18
|
+
|
19
|
+
uid do
|
20
|
+
if not options.client_options.authorize_path == "/admin/oauth_authorize"
|
21
|
+
raw_info.keys.first.to_i
|
22
|
+
else
|
23
|
+
{}
|
24
|
+
end
|
25
|
+
end
|
17
26
|
|
18
27
|
# set additional info
|
19
28
|
info do
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
29
|
+
if not options.client_options.authorize_path == "/admin/oauth_authorize"
|
30
|
+
{
|
31
|
+
'first_name' => raw_info.values.first["firstname"],
|
32
|
+
'last_name' => raw_info.values.first["lastname"],
|
33
|
+
'email' => raw_info.values.first["email"]
|
34
|
+
}
|
35
|
+
else
|
36
|
+
{}
|
37
|
+
end
|
25
38
|
end
|
26
39
|
|
27
40
|
# get info about current user
|
28
41
|
def raw_info
|
29
|
-
|
30
|
-
|
42
|
+
if not options.client_options.authorize_path == "/admin/oauth_authorize"
|
43
|
+
@raw_info ||= MultiJson.decode(access_token.get('/api/rest/customers').body)
|
44
|
+
end
|
45
|
+
end
|
31
46
|
end
|
32
47
|
end
|
33
48
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-magento
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Imstepf
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2014-02-05 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: bundler
|
@@ -88,7 +88,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
88
88
|
version: '0'
|
89
89
|
requirements: []
|
90
90
|
rubyforge_project:
|
91
|
-
rubygems_version: 2.1
|
91
|
+
rubygems_version: 2.2.1
|
92
92
|
signing_key:
|
93
93
|
specification_version: 4
|
94
94
|
summary: Omniauth strategy for Magento
|