omniauth-magento 0.0.5 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3326d6c8a78e36e0049b56ea5648f6ad1cca512e
-  data.tar.gz: 6fdfd3459faee5ed7a23e3b221dce1dc2a5dc1ec
+  metadata.gz: 8c3643da08f0db9a83a2b1c1da416bf3cefc1708
+  data.tar.gz: 8376779d6d728544abe3b0246d463e7845a03703
 SHA512:
-  metadata.gz: 608d0b3519e26afdeb28fe305c9d77323f839edf87fbbaf872d0a0fee51a2d4440fb8a38a6c8c1ce000cf7852c03b84547baddcaa53f5de0d9a9bee80577fbdd
-  data.tar.gz: f5fe4b4c66450103698d8831ad423b9a5fd1ea8326415d0b074f009c876892133bcd9944ef2dc57c5c0b15c595a0e893ba540f85520b83b4da1b456f7478d741
+  metadata.gz: cefbe6dce5df520d826ad7a9b8f1c81cd95ae9c9acccad56d7fb7d95d22ec701b88fa4903c6c4ae2cb2750c3b06920e6468903854935f1f777848e3057fed1d3
+  data.tar.gz: 9053792e0e5296bbb26ea39227ccb9d36f882760dfe961f01e8a89e05dbed570e0bfcbab59694c98143e90a0bb358676a87047e6cf6af34e6441161189255dc4

data/README.md

@@ -1,38 +1,65 @@
 # Omniauth::Magento
 
-An Omniauth strategy for Magento. Works only with the newer Magento REST api (not SOAP).
+An Omniauth strategy for Magento with detailed instructions on how to use it with Rails. Works only with the newer Magento REST api (not SOAP).
 
 ## Instructions on how to use with Rails
 
 ### Setting up Magento
 
-* [Set up a consumer in Magento](http://www.magentocommerce.com/api/rest/authentication/oauth_configuration.html) and write down consumer key and consumer secret
-* In the Magento Admin backend, go to `System > Web Services > REST Roles`, select `Customer`, and tick `Retrieve` under `Customer`
-* In the Magento Admin backend, go to `System > Web Services > REST Attributes`, select `Customer`, and tick `Email`, `First name` and `Last name` under `Customer` > `Read`.
+#### Consumer key & secret
+
+[Set up a consumer in Magento](http://www.magentocommerce.com/api/rest/authentication/oauth_configuration.html) and write down consumer key and consumer secret
+
+#### Privileges
+
+For the Customer API: In the Magento Admin backend, go to `System > Web Services > REST Roles`, select `Customer`, and tick `Retrieve` under `Customer`. Add more privileges as needed.
+
+For the Admin API: In the Magento Admin backend, go to `System > Web Services > REST Roles`, select `Admin`, select `Admin API Resources`, select `Custom` in the `Resource Access` dropdown, tick `Retrieve` under `Customer`. Add more privileges as needed.
+
+#### Attributes
+
+For the Customer API: In the Magento Admin backend, go to `System > Web Services > REST Attributes`, select `Customer`, and tick `Email`, `First name` and `Last name` under `Customer` > `Read`. Add more attributes as needed.
+
+For the Admin API: In the Magento Admin backend, go to `System > Web Services > REST Attributes`, select `Admin`, and tick `Email`, `First name` and `Last name` under `Customer` > `Read`. Add more attributes as needed.
+
+#### Attributes
+
+Only for the Admin API: In the Magento Admin backend, go to `System > Permissions > Users`, search for user who will be using this API, click on user, click on `User Role` and make sure `Administrator` is selected, click on `REST Role` and make sure `Admin` is selected.
 
 ### Setting up Rails
 
 Parts of these instructions are based on these [OmniAuth instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview), which you can read in case you get stuck.
 
+#### Devise
+
 * Install [Devise](https://github.com/plataformatec/devise) if you haven't installed it
-* Load this library into your Gemfile: `gem "omniauth-magento", github: "Zookal/omniauth-magento"`
-* Run `bundle install`
+* Add / replace this line in your `routes.rb` `devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }`. This will be called once Magento has successfully authorized and returns to the Rails app.
+
+#### Magento oAuth strategy
+
+* Load this library into your Gemfile `gem "omniauth-magento"` and run `bundle install`
 * Modify `config/initializers/devise.rb`:
 
 ```
 Devise.setup do |config|
   # deactivate SSL on development environment
   OpenSSL::SSL::VERIFY_PEER ||= OpenSSL::SSL::VERIFY_NONE if Rails.env.development? 
-  config.omniauth :magento, ENTER_YOUR_MAGENTO_CONSUMER_KEY, ENTER_YOUR_MAGENTO_CONSUMER_SECRET, { :client_options =>  { :site => ENTER_YOUR_MAGENTO_URL_WITHOUT_TRAILING_SLASH } }
+  config.omniauth :magento,
+    "ENTER_YOUR_MAGENTO_CONSUMER_KEY",
+    "ENTER_YOUR_MAGENTO_CONSUMER_SECRET",
+    { :client_options => { :site => "ENTER_YOUR_MAGENTO_URL_WITHOUT_TRAILING_SLASH" } }
   # example:
   # config.omniauth :magento, "12a3", "45e6", { :client_options =>  { :site => "http://localhost/magento" } }  
 ```
 
-* Make sure you have the columns `first_name`, `last_name`, `magento_id` and `email` in your `User` table
-* Add this line to your view `<%= link_to "Sign in with Magento", user_omniauth_authorize_path(:magento) %>`
-* Add / replace this line in your `routes.rb` `devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }`. This will be called once Magento has successfully authorized and returns to the Rails app.
+* optional: If you want to use the Admin API (as opposed to the Customer API), you need to overwrite the default `authorize_path` like so:
+
+```
+{ :client_options => { :authorize_path => "/admin/oauth_authorize", :site => ENTER_YOUR_MAGENTO_URL_WITHOUT_TRAILING_SLASH } }
+```
+
 * In your folder `controllers`, create a subfolder `users`
-* In that subfolder `app/controllers/users/`, create a file `omniauth_callbacks_controller.rb` with the following code (from Devise wiki linked above):
+* In that subfolder `app/controllers/users/`, create a file `omniauth_callbacks_controller.rb` with the following code:
 
 ```
 class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
@@ -40,7 +67,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
     # You need to implement the method below in your model (e.g. app/models/user.rb)
     @user = User.find_for_magento_oauth(request.env["omniauth.auth"], current_user)
 
-    if @user.persisted?
+    if @user && @user.persisted?
       sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
       set_flash_message(:notice, :success, :kind => "magento") if is_navigational_format?
     else
@@ -51,7 +78,19 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
 end
 ```
 
-* Set up your User model to be omniauthable `:omniauthable, :omniauth_providers => [:magento]` and to contain the `find_for_magento_oauth` method (from Devise wiki linked above)
+#### User model & table
+
+Here's an example of useful Magento information you can store in your `User` table once you have created these columns:
+* `email`
+* `first_name`
+* `last_name`
+* `magento_id`
+* `magento_token`
+* `magento_secret`
+
+Optional: You might want to encrypt `magento_token` and `magento_secret` with the `attr_encrypted` gem for example (requires renaming `magento_token` to `encrypted_magento_token` and `magento_secret` to `encrypted_magento_secret`).
+
+Set up your User model to be omniauthable `:omniauthable, :omniauth_providers => [:magento]` and create a method to save retrieved information after successfully authenticating. The method below can be shortened if only either the Customer API or the Admin API are used.
 
 ```
 class User < ActiveRecord::Base  
@@ -59,22 +98,55 @@ class User < ActiveRecord::Base
          :rememberable, :trackable, :validatable, :timeoutable,
          :omniauthable, :omniauth_providers => [:magento]  
 
-  def self.find_for_magento_oauth(auth, signed_in_resource=nil)
-    user = User.find_by(magento_id: auth.uid)
-    unless user
-      user = User.create!(
-        first_name: auth.info.first_name,                           
-        last_name:  auth.info.last_name,
-        magento_id: auth.uid,
-        email:      auth.info.email,
-        password:   Devise.friendly_token[0,20]
-      )
+  def self.find_for_magento_oauth(auth, signed_in_resource=nil)    
+    # update logged in user
+    if signed_in_resource
+      user = signed_in_resource
+      update_user_with_magento_data(auth, user)
+    # create new user if user details are known (not available through Admin API)
+    elsif authenticated_through_customer_api?(auth)
+      user = User.find_by(email: auth.info.email)
+      create_user_with_magento_data(auth)
+    # log authentication details from Magento if user details are not known (not signed in and authenticated through Admin API)
+    else 
+      puts "MAGENTO_TOKEN: #{magento_token}"
+      puts "MAGENTO_SECRET: #{magento_secret}" 
     end
-    user
-  end         
+    user || nil
+  end
+
+private
+  
+  def self.authenticated_through_customer_api?(auth)
+    auth.info.present?
+  end
+
+  def self.update_user_with_magento_data(auth, user)
+    user.update!(
+      magento_id: auth.try(:uid), # doesn't exist for Admin API
+      magento_token: auth.credentials.token,
+      magento_secret: auth.credentials.secret
+    )
+  end
+
+  def self.create_user_with_magento_data(auth)
+    user = User.create!(
+      first_name: auth.info.first_name,                           
+      last_name:  auth.info.last_name,
+      magento_id: auth.uid,
+      magento_token: auth.credentials.token,
+      magento_secret: auth.credentials.secret,
+      email:      auth.info.email,
+      password:   Devise.friendly_token[0,20]
+    )
+  end          
 end
 ```
 
+#### Link to start authentication
+
+Add this line to your view `<%= link_to "Sign in with Magento", user_omniauth_authorize_path(:magento) %>`
+
 ### Authenticating
 
 * Start your Rails server
@@ -83,4 +155,32 @@ end
 * In your Rails app, go to the view where you pasted this line `<%= link_to "Sign in with Magento", user_omniauth_authorize_path(:magento) %>`
 * Click on the link
 * You now should be directed to a Magento view where you are prompted to authorize access to the Magento user account
-* Once you have confirmed, you should get logged into Rails and redirected to the callback URL specified above. The User model should also create a database entry when the user logs in for the first time.
+* Once you have confirmed, you should get logged into Rails and redirected to the Rails callback URL specified above. The user should now have `magento_id`, `magento_token` and `magento_secret` stored.
+
+### Making API calls
+
+* Create a class that uses `magento_token` and `magento_secret` to do API calls for instance in `lib/magento_inspector.rb`. Example:
+```
+class MagentoInspector
+  require "oauth"
+  require "omniauth"
+  require "multi_json"
+
+  def initialize
+    @access_token = prepare_access_token(current_user) # or pass user in initialize method 
+    @response = MultiJson.decode(@access_token.get("/api/rest/customers").body) # or pass query in initialize method, make sure privileges and attributes are enabled for query (see section at top)
+  end
+
+private
+
+  # from http://behindtechlines.com/2011/08/using-the-tumblr-api-v2-on-rails-with-omniauth/
+  def prepare_access_token(user)
+    consumer = OAuth::Consumer.new("ENTER_YOUR_MAGENTO_CONSUMER_KEY", "ENTER_YOUR_MAGENTO_CONSUMER_SECRET", {:site => "ENTER_YOUR_MAGENTO_URL_WITHOUT_TRAILING_SLASH"})
+    token_hash = {:oauth_token => user.magento_token, :oauth_token_secret => user.magento_secret}
+    access_token = OAuth::AccessToken.from_hash(consumer, token_hash)
+  end
+end
+```
+* Make sure Rails loads files in the folder where this class is placed. For the `lib` folder, put this in `config/application.rb`: `config.autoload_paths += Dir["#{config.root}/lib/**/"]`
+* Perform query `MagentoInspector.new`
+* Extend class to suit your needs

data/lib/omniauth/magento/version.rb

@@ -1,5 +1,5 @@
 module Omniauth
   module Magento
-    VERSION = "0.0.5"
+    VERSION = "0.0.6"
   end
 end

data/lib/omniauth/strategies/magento.rb

@@ -5,29 +5,44 @@ module OmniAuth
   module Strategies
     class Magento < OmniAuth::Strategies::OAuth
       option :name, "magento"
-      
+
       option :client_options, {
-        :access_token_path  => "/oauth/token",
-        :authorize_path     => "/oauth/authorize",
-        :request_token_path => "/oauth/initiate",
+        :request_token_path => "/oauth/initiate",          
+        :authorize_path     => "/oauth/authorize",          
+        :access_token_path  => "/oauth/token"
       }
-      
-      # set uid
-      uid { raw_info.keys.first.to_i }
+            
+      # when colling Customer (not Admin) API, Magento returns user credentials for logged in Magento user
+      # these credentials can then be used to create a new user in the Rails app
+      # won't work with Admin API since /customers will return all customers
+
+      uid do
+        if not options.client_options.authorize_path == "/admin/oauth_authorize"
+          raw_info.keys.first.to_i
+        else
+          {}
+        end
+      end      
 
       # set additional info
       info do
-        {
-          'first_name' => raw_info.values.first["firstname"],
-          'last_name' => raw_info.values.first["lastname"],
-          'email' => raw_info.values.first["email"]
-        }
+        if not options.client_options.authorize_path == "/admin/oauth_authorize"        
+          {
+            'first_name' => raw_info.values.first["firstname"],
+            'last_name' => raw_info.values.first["lastname"],
+            'email' => raw_info.values.first["email"]            
+          }
+        else
+          {}
+        end
       end
 
       # get info about current user
       def raw_info
-        @raw_info ||= MultiJson.decode(access_token.get('/api/rest/customers').body)
-      end    
+        if not options.client_options.authorize_path == "/admin/oauth_authorize"        
+          @raw_info ||= MultiJson.decode(access_token.get('/api/rest/customers').body)
+        end
+      end              
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-magento
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - Michael Imstepf
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-09 00:00:00.000000000 Z
+date: 2014-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -88,7 +88,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.1.11
+rubygems_version: 2.2.1
 signing_key: 
 specification_version: 4
 summary: Omniauth strategy for Magento