RubyGems - omniauth-microsoft_graph - Versions diffs - 0.2.1 → 0.3.0 - Mend

omniauth-microsoft_graph 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of omniauth-microsoft_graph might be problematic. Click here for more details.

Files changed (11) hide show

checksums.yaml +4 -4
data/.travis.yml +2 -1
data/Rakefile +5 -7
data/lib/omniauth/microsoft_graph/version.rb +1 -1
data/lib/omniauth/strategies/microsoft_graph.rb +87 -28
data/omniauth-microsoft_graph.gemspec +6 -6
data/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb +443 -0
data/spec/spec_helper.rb +4 -0
metadata +41 -21
data/test/strategy_test.rb +0 -26
data/test/test_helper.rb +0 -31

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bc7fe638d8adc7a7d35f5c16bdee73b203ac1692
-  data.tar.gz: 61003e06a1329c5da156f151293af05d9b55c34c
+  metadata.gz: d5fb7e4f89d46058d18c857dbe0935cbf720c802
+  data.tar.gz: 29291329512d0d36bad6e0ff1a3917f842a4b83c
 SHA512:
-  metadata.gz: 2a3d808f2b673c8400650aebf3e8ac942b34f378b4419f358ddbeaee3c2780081447118dc18555d9761c6d5e4ed34da687b79da685dc04deb4d9967549041bd4
-  data.tar.gz: ffe7af4f24659f74743360a51b8f67bb4e4f367c9bf1f4fe32b29bd9ca5781b24e10f0046c3ba3073d68595f071d5360840ace5f377eec3c088f8f9053a57dd8
+  metadata.gz: 339872f74676b8269b0a92c46f56bdb8b350a6fe64df495bd23a8580ed45645b258bd181bbb82ab68faa362de0a9b1823bd25e71a0ba60a629d4e517fe33cbf5
+  data.tar.gz: b562fde6e3529990b1caa343c7044f7ae3dd02d66c41065aa6332c8282290397f21a310080f109581784dbd58b91f3ea2a5662518326705e47fac38727de4ef4

data/.travis.yml CHANGED

@@ -1,4 +1,5 @@
 language: ruby
 rvm:
-  - 2.2
+  - 2.3
+  - 2.6
   - jruby

data/Rakefile CHANGED

@@ -1,10 +1,8 @@
-require "bundler/gem_tasks"
-require "rake/testtask"
+# frozen_string_literal: true
-Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.test_files = FileList['test/*_test.rb']
-end
+require File.join('bundler', 'gem_tasks')
+require File.join('rspec', 'core', 'rake_task')
-task :default => :test
+RSpec::Core::RakeTask.new(:spec)
+task default: :spec

data/lib/omniauth/microsoft_graph/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Omniauth
   module MicrosoftGraph
-    VERSION = "0.2.1"
+    VERSION = "0.3.0"
   end
 end

data/lib/omniauth/strategies/microsoft_graph.rb CHANGED

@@ -3,64 +3,123 @@ require 'omniauth-oauth2'
 module OmniAuth
   module Strategies
     class MicrosoftGraph < OmniAuth::Strategies::OAuth2
+      BASE_SCOPE_URL = 'https://graph.microsoft.com/'
+      BASE_SCOPES = %w[offline_access openid email profile].freeze
+      DEFAULT_SCOPE = 'openid email profile User.Read'.freeze
       option :name, :microsoft_graph
       option :client_options, {
-        site:          'https://login.microsoftonline.com',
-        token_url:     '/common/oauth2/v2.0/token',
-        authorize_url: '/common/oauth2/v2.0/authorize'
+        site:          'https://login.microsoftonline.com/',
+        token_url:     'common/oauth2/v2.0/token',
+        authorize_url: 'common/oauth2/v2.0/authorize'
+      }
+      option :authorize_options, %i[state callback_url access_type display score auth_type scope prompt login_hint domain_hint response_mode]
+      option :token_params, {
       }
-      option :authorize_options, %i[display score auth_type scope prompt login_hint domain_hint response_mode]
+      option :scope, DEFAULT_SCOPE
+      option :authorized_client_ids, []
       uid { raw_info["id"] }
       info do
         {
-          email:      raw_info["mail"] || raw_info["userPrincipalName"],
-          first_name: raw_info["givenName"],
-          last_name:  raw_info["surname"],
-          name:       full_name,
-          nickname:   raw_info["userPrincipalName"],
+          'email' => raw_info["mail"],
+          'first_name' => raw_info["givenName"],
+          'last_name' => raw_info["surname"],
+          'name' => [raw_info["givenName"], raw_info["surname"]].join(' '),
+          'nickname' => raw_info["displayName"],
         }
       end
       extra do
         {
           'raw_info' => raw_info,
-          'params' => access_token.params
+          'params' => access_token.params,
+          'aud' => options.client_id
         }
       end
-      def callback_url
-        options[:redirect_uri] || (full_host + script_name + callback_path)
-      end
-      def raw_info
-        @raw_info ||= access_token.get('https://graph.microsoft.com/v1.0/me').parsed
-      end
       def authorize_params
         super.tap do |params|
-          %w[display score auth_type].each do |v|
-            if request.params[v]
-              params[v.to_sym] = request.params[v]
-            end
+          options[:authorize_options].each do |k|
+            params[k] = request.params[k.to_s] unless [nil, ''].include?(request.params[k.to_s])
           end
+          params[:scope] = get_scope(params)
+          params[:access_type] = 'offline' if params[:access_type].nil?
+          session['omniauth.state'] = params[:state] if params[:state]
         end
+      end
+      def raw_info
+        @raw_info ||= access_token.get('https://graph.microsoft.com/v1.0/me').parsed
       end
-      def full_name
-        raw_info["displayName"].presence || raw_info.values_at("givenName", "surname").compact.join(' ')
+      def callback_url
+        options[:callback_url] || full_host + script_name + callback_path
+      end
+      def custom_build_access_token
+        access_token = get_access_token(request)
+        access_token
       end
-      def build_access_token
-        if request.params['access_token']
+      alias build_access_token custom_build_access_token
+      private
+      def get_access_token(request)
+        verifier = request.params['code']
+        redirect_uri = request.params['redirect_uri'] || request.params['callback_url']
+        if verifier && request.xhr?
+          client_get_token(verifier, redirect_uri || '/auth/microsoft_graph/callback')
+        elsif verifier
+          client_get_token(verifier, redirect_uri || callback_url)
+        elsif verify_token(request.params['access_token'])
           ::OAuth2::AccessToken.from_hash(client, request.params.dup)
-        else
-          super
+        elsif request.content_type =~ /json/i
+          begin
+            body = JSON.parse(request.body.read)
+            request.body.rewind # rewind request body for downstream middlewares
+            verifier = body && body['code']
+            client_get_token(verifier, '/auth/microsoft_graph/callback') if verifier
+          rescue JSON::ParserError => e
+            warn "[omniauth google-oauth2] JSON parse error=#{e}"
+          end
         end
       end
+      def client_get_token(verifier, redirect_uri)
+        client.auth_code.get_token(verifier, get_token_options(redirect_uri), get_token_params)
+      end
+      def get_token_params
+        deep_symbolize(options.auth_token_params || {})
+      end
+      def get_token_options(redirect_uri = '')
+        { redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
+      end
+      def get_scope(params)
+        raw_scope = params[:scope] || DEFAULT_SCOPE
+        scope_list = raw_scope.split(' ').map { |item| item.split(',') }.flatten
+        scope_list.map! { |s| s =~ %r{^https?://} || BASE_SCOPES.include?(s) ? s : "#{BASE_SCOPE_URL}#{s}" }
+        scope_list.join(' ')
+      end
+      def verify_token(access_token)
+        return false unless access_token
+        # access_token.get('https://graph.microsoft.com/v1.0/me').parsed
+        raw_response = client.request(:get, 'https://graph.microsoft.com/v1.0/me',
+                                      params: { access_token: access_token }).parsed
+        (raw_response['aud'] == options.client_id) || options.authorized_client_ids.include?(raw_response['aud'])
+      end
     end
   end
 end

data/omniauth-microsoft_graph.gemspec CHANGED

@@ -18,10 +18,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  spec.add_runtime_dependency "omniauth-oauth2"
-  spec.add_development_dependency "sinatra"
-  spec.add_development_dependency "rake"
-  spec.add_development_dependency "minitest"
-  spec.add_development_dependency "mocha"
+  spec.add_runtime_dependency 'omniauth', '~> 1.1', '>= 1.1.1'
+  spec.add_runtime_dependency 'omniauth-oauth2', '~> 1.6'
+  spec.add_development_dependency "sinatra", '~> 0'
+  spec.add_development_dependency "rake", '~> 0'
+  spec.add_development_dependency 'rspec', '~> 3.6'
+  spec.add_development_dependency "mocha", '~> 0'
 end

data/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb ADDED

@@ -0,0 +1,443 @@
+# frozen_string_literal: true
+require 'spec_helper'
+require 'json'
+require 'omniauth_microsoft_graph'
+require 'stringio'
+describe OmniAuth::Strategies::MicrosoftGraph do
+  let(:request) { double('Request', params: {}, cookies: {}, env: {}) }
+  let(:app) do
+    lambda do
+      [200, {}, ['Hello.']]
+    end
+  end
+  subject do
+    OmniAuth::Strategies::MicrosoftGraph.new(app, 'appid', 'secret', @options || {}).tap do |strategy|
+      allow(strategy).to receive(:request) do
+        request
+      end
+    end
+  end
+  before do
+    OmniAuth.config.test_mode = true
+  end
+  after do
+    OmniAuth.config.test_mode = false
+  end
+  describe '#client_options' do
+    it 'has correct site' do
+      expect(subject.client.site).to eq('https://login.microsoftonline.com/')
+    end
+    it 'has correct authorize_url' do
+      expect(subject.client.options[:authorize_url]).to eq('common/oauth2/v2.0/authorize')
+    end
+    it 'has correct token_url' do
+      expect(subject.client.options[:token_url]).to eq('common/oauth2/v2.0/token')
+    end
+    describe 'overrides' do
+      context 'as strings' do
+        it 'should allow overriding the site' do
+          @options = { client_options: { 'site' => 'https://example.com' } }
+          expect(subject.client.site).to eq('https://example.com')
+        end
+        it 'should allow overriding the authorize_url' do
+          @options = { client_options: { 'authorize_url' => 'https://example.com' } }
+          expect(subject.client.options[:authorize_url]).to eq('https://example.com')
+        end
+        it 'should allow overriding the token_url' do
+          @options = { client_options: { 'token_url' => 'https://example.com' } }
+          expect(subject.client.options[:token_url]).to eq('https://example.com')
+        end
+      end
+      context 'as symbols' do
+        it 'should allow overriding the site' do
+          @options = { client_options: { site: 'https://example.com' } }
+          expect(subject.client.site).to eq('https://example.com')
+        end
+        it 'should allow overriding the authorize_url' do
+          @options = { client_options: { authorize_url: 'https://example.com' } }
+          expect(subject.client.options[:authorize_url]).to eq('https://example.com')
+        end
+        it 'should allow overriding the token_url' do
+          @options = { client_options: { token_url: 'https://example.com' } }
+          expect(subject.client.options[:token_url]).to eq('https://example.com')
+        end
+      end
+    end
+  end
+  describe '#authorize_options' do
+    %i[display score auth_type scope prompt login_hint domain_hint response_mode].each do |k|
+      it "should support #{k}" do
+        @options = { k => 'http://someval' }
+        expect(subject.authorize_params[k.to_s]).to eq('http://someval')
+      end
+    end
+    describe 'callback_url' do
+      it 'should default to nil' do
+        @options = {}
+        expect(subject.authorize_params['callback_url']).to eq(nil)
+      end
+      it 'should set the callback_url parameter if present' do
+        @options = { callback_url: 'https://example.com' }
+        expect(subject.authorize_params['callback_url']).to eq('https://example.com')
+      end
+    end
+    describe 'access_type' do
+      it 'should default to "offline"' do
+        @options = {}
+        expect(subject.authorize_params['access_type']).to eq('offline')
+      end
+      it 'should set the access_type parameter if present' do
+        @options = { access_type: 'online' }
+        expect(subject.authorize_params['access_type']).to eq('online')
+      end
+    end
+    describe 'login_hint' do
+      it 'should default to nil' do
+        expect(subject.authorize_params['login_hint']).to eq(nil)
+      end
+      it 'should set the login_hint parameter if present' do
+        @options = { login_hint: 'john@example.com' }
+        expect(subject.authorize_params['login_hint']).to eq('john@example.com')
+      end
+    end
+    describe 'prompt' do
+      it 'should default to nil' do
+        expect(subject.authorize_params['prompt']).to eq(nil)
+      end
+      it 'should set the prompt parameter if present' do
+        @options = { prompt: 'consent select_account' }
+        expect(subject.authorize_params['prompt']).to eq('consent select_account')
+      end
+    end
+    describe 'scope' do
+      it 'should leave base scopes as is' do
+        @options = { scope: 'profile' }
+        expect(subject.authorize_params['scope']).to eq('profile')
+      end
+      it 'should join scopes' do
+        @options = { scope: 'profile,email' }
+        expect(subject.authorize_params['scope']).to eq('profile email')
+      end
+      it 'should deal with whitespace when joining scopes' do
+        @options = { scope: 'profile, email' }
+        expect(subject.authorize_params['scope']).to eq('profile email')
+      end
+      it 'should set default scope to email,profile' do
+        expect(subject.authorize_params['scope']).to eq('openid email profile https://graph.microsoft.com/User.Read')
+      end
+      it 'should support space delimited scopes' do
+        @options = { scope: 'profile email' }
+        expect(subject.authorize_params['scope']).to eq('profile email')
+      end
+      it 'should support extremely badly formed scopes' do
+        @options = { scope: 'profile email,foo,steve yeah http://example.com' }
+        expect(subject.authorize_params['scope']).to eq('profile email https://graph.microsoft.com/foo https://graph.microsoft.com/steve https://graph.microsoft.com/yeah http://example.com')
+      end
+    end
+    describe 'state' do
+      it 'should set the state parameter' do
+        @options = { state: 'some_state' }
+        expect(subject.authorize_params['state']).to eq('some_state')
+        expect(subject.authorize_params[:state]).to eq('some_state')
+        expect(subject.session['omniauth.state']).to eq('some_state')
+      end
+      it 'should set the omniauth.state dynamically' do
+        allow(subject).to receive(:request) { double('Request', params: { 'state' => 'some_state' }, env: {}) }
+        expect(subject.authorize_params['state']).to eq('some_state')
+        expect(subject.authorize_params[:state]).to eq('some_state')
+        expect(subject.session['omniauth.state']).to eq('some_state')
+      end
+    end
+    describe 'overrides' do
+      it 'should include top-level options that are marked as :authorize_options' do
+        @options = { authorize_options: %i[scope foo request_visible_actions], scope: 'http://bar', foo: 'baz', hd: 'wow', request_visible_actions: 'something' }
+        expect(subject.authorize_params['scope']).to eq('http://bar')
+        expect(subject.authorize_params['foo']).to eq('baz')
+        expect(subject.authorize_params['hd']).to eq(nil)
+        expect(subject.authorize_params['request_visible_actions']).to eq('something')
+      end
+      describe 'request overrides' do
+        %i[access_type login_hint prompt scope state].each do |k|
+          context "authorize option #{k}" do
+            let(:request) { double('Request', params: { k.to_s => 'http://example.com' }, cookies: {}, env: {}) }
+            it "should set the #{k} authorize option dynamically in the request" do
+              @options = { k: '' }
+              expect(subject.authorize_params[k.to_s]).to eq('http://example.com')
+            end
+          end
+        end
+        describe 'custom authorize_options' do
+          let(:request) { double('Request', params: { 'foo' => 'something' }, cookies: {}, env: {}) }
+          it 'should support request overrides from custom authorize_options' do
+            @options = { authorize_options: [:foo], foo: '' }
+            expect(subject.authorize_params['foo']).to eq('something')
+          end
+        end
+      end
+    end
+  end
+  describe '#authorize_params' do
+    it 'should include any authorize params passed in the :authorize_params option' do
+      @options = { authorize_params: { request_visible_actions: 'something', foo: 'bar', baz: 'zip' }, hd: 'wow', bad: 'not_included' }
+      expect(subject.authorize_params['request_visible_actions']).to eq('something')
+      expect(subject.authorize_params['foo']).to eq('bar')
+      expect(subject.authorize_params['baz']).to eq('zip')
+      expect(subject.authorize_params['bad']).to eq(nil)
+    end
+  end
+  describe '#token_params' do
+    it 'should include any token params passed in the :token_params option' do
+      @options = { token_params: { foo: 'bar', baz: 'zip' } }
+      expect(subject.token_params['foo']).to eq('bar')
+      expect(subject.token_params['baz']).to eq('zip')
+    end
+  end
+  describe '#token_options' do
+    it 'should include top-level options that are marked as :token_options' do
+      @options = { token_options: %i[scope foo], scope: 'bar', foo: 'baz', bad: 'not_included' }
+      expect(subject.token_params['scope']).to eq('bar')
+      expect(subject.token_params['foo']).to eq('baz')
+      expect(subject.token_params['bad']).to eq(nil)
+    end
+  end
+  describe '#callback_path' do
+    it 'has the correct default callback path' do
+      expect(subject.callback_path).to eq('/auth/microsoft_graph/callback')
+    end
+    it 'should set the callback_path parameter if present' do
+      @options = { callback_path: '/auth/foo/callback' }
+      expect(subject.callback_path).to eq('/auth/foo/callback')
+    end
+  end
+  describe '#info' do
+    let(:client) do
+      OAuth2::Client.new('abc', 'def') do |builder|
+        builder.request :url_encoded
+        builder.adapter :test do |stub|
+          stub.get('/v1.0/me') { [200, { 'content-type' => 'application/json' }, response_hash.to_json] }
+        end
+      end
+    end
+    let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
+    before { allow(subject).to receive(:access_token).and_return(access_token) }
+    context 'with verified email' do
+      let(:response_hash) do
+        { mail: 'something@domain.invalid' }
+      end
+      it 'should return equal email ' do
+        expect(subject.info['email']).to eq('something@domain.invalid')
+      end
+    end
+  end
+  describe '#extra' do
+    let(:client) do
+      OAuth2::Client.new('abc', 'def') do |builder|
+        builder.request :url_encoded
+        builder.adapter :test do |stub|
+          stub.get('/v1.0/me') { [200, { 'content-type' => 'application/json' }, '{"id": "12345"}'] }
+        end
+      end
+    end
+    let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
+    before { allow(subject).to receive(:access_token).and_return(access_token) }
+    describe 'raw_info' do
+      it 'should include raw_info' do
+        expect(subject.extra['raw_info']).to eq('id' => '12345')
+      end
+    end
+  end
+  describe 'build_access_token' do
+    it 'should use a hybrid authorization request_uri if this is an AJAX request with a code parameter' do
+      allow(request).to receive(:scheme).and_return('https')
+      allow(request).to receive(:url).and_return('https://example.com')
+      allow(request).to receive(:xhr?).and_return(true)
+      allow(request).to receive(:params).and_return('code' => 'valid_code')
+      client = double(:client)
+      auth_code = double(:auth_code)
+      allow(client).to receive(:auth_code).and_return(auth_code)
+      expect(subject).to receive(:client).and_return(client)
+      expect(auth_code).to receive(:get_token).with('valid_code', { redirect_uri: '/auth/microsoft_graph/callback' }, {})
+      expect(subject).not_to receive(:orig_build_access_token)
+      subject.instance_variable_set("@env", {})
+      subject.send(:build_access_token)
+    end
+    it 'should use a hybrid authorization request_uri if this is an AJAX request (mobile) with a code parameter' do
+      allow(request).to receive(:scheme).and_return('https')
+      allow(request).to receive(:url).and_return('https://example.com')
+      allow(request).to receive(:xhr?).and_return(true)
+      allow(request).to receive(:params).and_return('code' => 'valid_code', 'callback_url' => 'localhost')
+      client = double(:client)
+      auth_code = double(:auth_code)
+      allow(client).to receive(:auth_code).and_return(auth_code)
+      expect(subject).to receive(:client).and_return(client)
+      expect(auth_code).to receive(:get_token).with('valid_code', { redirect_uri: 'localhost' }, {})
+      expect(subject).not_to receive(:orig_build_access_token)
+      subject.instance_variable_set("@env", {})
+      subject.send(:build_access_token)
+    end
+    it 'should use the request_uri from params if this not an AJAX request (request from installed app) with a code parameter' do
+      allow(request).to receive(:scheme).and_return('https')
+      allow(request).to receive(:url).and_return('https://example.com')
+      allow(request).to receive(:xhr?).and_return(false)
+      allow(request).to receive(:params).and_return('code' => 'valid_code', 'callback_url' => 'callback_url')
+      client = double(:client)
+      auth_code = double(:auth_code)
+      allow(client).to receive(:auth_code).and_return(auth_code)
+      expect(subject).to receive(:client).and_return(client)
+      expect(auth_code).to receive(:get_token).with('valid_code', { redirect_uri: 'callback_url' }, {})
+      expect(subject).not_to receive(:orig_build_access_token)
+      subject.send(:build_access_token)
+    end
+    it 'should read access_token from hash if this is not an AJAX request with a code parameter' do
+      allow(request).to receive(:scheme).and_return('https')
+      allow(request).to receive(:url).and_return('https://example.com')
+      allow(request).to receive(:xhr?).and_return(false)
+      allow(request).to receive(:params).and_return('access_token' => 'valid_access_token')
+      expect(subject).to receive(:verify_token).with('valid_access_token').and_return true
+      expect(subject).to receive(:client).and_return(:client)
+      token = subject.send(:build_access_token)
+      expect(token).to be_instance_of(::OAuth2::AccessToken)
+      expect(token.token).to eq('valid_access_token')
+      expect(token.client).to eq(:client)
+    end
+    it 'reads the code from a json request body' do
+      body = StringIO.new(%({"code":"json_access_token"}))
+      client = double(:client)
+      auth_code = double(:auth_code)
+      allow(request).to receive(:scheme).and_return('https')
+      allow(request).to receive(:url).and_return('https://example.com')
+      allow(request).to receive(:xhr?).and_return(false)
+      allow(request).to receive(:content_type).and_return('application/json')
+      allow(request).to receive(:body).and_return(body)
+      allow(client).to receive(:auth_code).and_return(auth_code)
+      expect(subject).to receive(:client).and_return(client)
+      expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: '/auth/microsoft_graph/callback' }, {})
+      subject.send(:build_access_token)
+    end
+    it 'should use callback_url without query_string if this is not an AJAX request' do
+      allow(request).to receive(:scheme).and_return('https')
+      allow(request).to receive(:url).and_return('https://example.com')
+      allow(request).to receive(:xhr?).and_return(false)
+      allow(request).to receive(:params).and_return('code' => 'valid_code')
+      allow(request).to receive(:content_type).and_return('application/x-www-form-urlencoded')
+      client = double(:client)
+      auth_code = double(:auth_code)
+      allow(client).to receive(:auth_code).and_return(auth_code)
+      allow(subject).to receive(:callback_url).and_return('callback_url_without_query_string')
+      expect(subject).to receive(:client).and_return(client)
+      expect(auth_code).to receive(:get_token).with('valid_code', { redirect_uri: 'callback_url_without_query_string' }, {})
+      subject.send(:build_access_token)
+    end
+  end
+  describe 'verify_token' do
+    before(:each) do
+      subject.options.client_options[:connection_build] = proc do |builder|
+        builder.request :url_encoded
+        builder.adapter :test do |stub|
+          stub.get('/v1.0/me?access_token=valid_access_token') do
+            [200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
+              aud: '000000000000.apps.googleusercontent.com',
+              id: '123456789',
+              email: 'example@example.com',
+              access_type: 'offline',
+              scope: 'profile email',
+              expires_in: 436
+            )]
+          end
+          stub.get('/v1.0/me?access_token=invalid_access_token') do
+            [400, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(error_description: 'Invalid Value')]
+          end
+        end
+      end
+    end
+    it 'should verify token if access_token is valid and app_id equals' do
+      subject.options.client_id = '000000000000.apps.googleusercontent.com'
+      expect(subject.send(:verify_token, 'valid_access_token')).to eq(true)
+    end
+    it 'should verify token if access_token is valid and app_id authorized' do
+      subject.options.authorized_client_ids = ['000000000000.apps.googleusercontent.com']
+      expect(subject.send(:verify_token, 'valid_access_token')).to eq(true)
+    end
+    it 'should not verify token if access_token is valid but app_id is false' do
+      expect(subject.send(:verify_token, 'valid_access_token')).to eq(false)
+    end
+    it 'should raise error if access_token is invalid' do
+      expect do
+        subject.send(:verify_token, 'invalid_access_token')
+      end.to raise_error(OAuth2::Error)
+    end
+  end
+end

data/spec/spec_helper.rb ADDED

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+require File.join('bundler', 'setup')
+require 'rspec'

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-microsoft_graph
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Peter Philips
@@ -9,76 +9,96 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-03-09 00:00:00.000000000 Z
+date: 2020-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: omniauth-oauth2
+  name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.1.1
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.6'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
 description: omniauth provider for new Microsoft Graph API
@@ -101,8 +121,8 @@ files:
 - lib/omniauth/strategies/microsoft_graph.rb
 - lib/omniauth_microsoft_graph.rb
 - omniauth-microsoft_graph.gemspec
-- test/strategy_test.rb
-- test/test_helper.rb
+- spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/synth/omniauth-microsoft_graph
 licenses:
 - MIT
@@ -123,10 +143,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.2.3
+rubygems_version: 2.5.2
 signing_key:
 specification_version: 4
 summary: omniauth provider for Microsoft Graph
 test_files:
-- test/strategy_test.rb
-- test/test_helper.rb
+- spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb
+- spec/spec_helper.rb

data/test/strategy_test.rb DELETED

@@ -1,26 +0,0 @@
-require 'test_helper'
-class UidTest < StrategyTestCase
-  def setup
-    super
-    strategy.stubs(:raw_info).returns({ 'id' => '123' })
-  end
-  def test_return_id_from_raw_info
-    assert_equal '123', strategy.uid
-  end
-end
-class AccessTokenTest < StrategyTestCase
-  def setup
-    super
-    @request.stubs(:params).returns({ 'access_token' => 'valid_access_token' })
-    strategy.stubs(:client).returns(:client)
-  end
-  def test_build_access_token
-    token = strategy.build_access_token
-    assert_equal token.token, 'valid_access_token'
-    assert_equal token.client, :client
-  end
-end

data/test/test_helper.rb DELETED

@@ -1,31 +0,0 @@
-require 'bundler/setup'
-require 'minitest/autorun'
-require 'mocha/setup'
-require 'omniauth/strategies/microsoft_graph'
-OmniAuth.config.test_mode = true
-class StrategyTestCase < Minitest::Test
-  def setup
-    @request = stub('Request')
-    @request.stubs(:params).returns({})
-    @request.stubs(:cookies).returns({})
-    @request.stubs(:env).returns({})
-    @request.stubs(:scheme).returns({})
-    @request.stubs(:ssl?).returns(false)
-    @client_id = '123'
-    @client_secret = '53cr3tz'
-    @options = {}
-  end
-  def strategy
-    @strategy ||= begin
-      args = [@client_id, @client_secret, @options].compact
-      OmniAuth::Strategies::MicrosoftGraph.new(nil, *args).tap do |strategy|
-        strategy.stubs(:request).returns(@request)
-      end
-    end
-  end
-end