omniauth-microsoft_graph 2.0.1 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/omniauth/microsoft_graph/domain_verifier.rb +1 -1
- data/lib/omniauth/microsoft_graph/version.rb +1 -1
- data/lib/omniauth/strategies/microsoft_graph.rb +19 -1
- data/omniauth-microsoft_graph.gemspec +2 -2
- data/spec/omniauth/microsoft_graph/domain_verifier_spec.rb +7 -0
- data/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb +78 -0
- metadata +13 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e1ace889e4805d8c7a520ec058b237e48ce6fc69653daa869afb3b2871cff7fe
|
|
4
|
+
data.tar.gz: b515974d6ecf60e4fd6450b89b6de6046db45c7e0523992b76d06165dc489b47
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: eeb19611338cc3034db9cd094e7ca179f6b45da19c5b84991cbce2deb2a5ef2feb71b0445fc051af6c32e0eaa5e1b62b72a05ced3ee57b0cf4880dce6731e6fb
|
|
7
|
+
data.tar.gz: 8903764632bf5de5064d2652f32f6f802b8ab0cdc4c56284f3faf6ba3b2865ed538c3665b3218d9a3be7af7fb50a51a6560f174380905cfdde84e1bac57c2845
|
|
@@ -37,7 +37,7 @@ module OmniAuth
|
|
|
37
37
|
# This means while it's not suitable for consistently identifying a user
|
|
38
38
|
# (the domain might change), it is suitable for verifying membership in
|
|
39
39
|
# a given domain.
|
|
40
|
-
return true if email_domain
|
|
40
|
+
return true if email_domain.casecmp?(upn_domain) ||
|
|
41
41
|
skip_verification == true ||
|
|
42
42
|
(skip_verification.is_a?(Array) && skip_verification.include?(email_domain)) ||
|
|
43
43
|
domain_verified_jwt_claim
|
|
@@ -6,6 +6,8 @@ module OmniAuth
|
|
|
6
6
|
BASE_SCOPE_URL = 'https://graph.microsoft.com/'
|
|
7
7
|
BASE_SCOPES = %w[offline_access openid email profile].freeze
|
|
8
8
|
DEFAULT_SCOPE = 'offline_access openid email profile User.Read'.freeze
|
|
9
|
+
YAMMER_PROFILE_URL = 'https://www.yammer.com/api/v1/users/current.json'
|
|
10
|
+
MICROSOFT_GRAPH_PROFILE_URL = 'https://graph.microsoft.com/v1.0/me'
|
|
9
11
|
|
|
10
12
|
option :name, :microsoft_graph
|
|
11
13
|
|
|
@@ -64,7 +66,7 @@ module OmniAuth
|
|
|
64
66
|
end
|
|
65
67
|
|
|
66
68
|
def raw_info
|
|
67
|
-
@raw_info ||= access_token.get(
|
|
69
|
+
@raw_info ||= access_token.get(profile_endpoint).parsed
|
|
68
70
|
end
|
|
69
71
|
|
|
70
72
|
def callback_url
|
|
@@ -73,11 +75,27 @@ module OmniAuth
|
|
|
73
75
|
|
|
74
76
|
def custom_build_access_token
|
|
75
77
|
access_token = get_access_token(request)
|
|
78
|
+
# Get the profile(microsoft graph / yammer) endpoint choice based on returned bearer token
|
|
79
|
+
@profile_endpoint = determine_profile_endpoint(request)
|
|
76
80
|
access_token
|
|
77
81
|
end
|
|
78
82
|
|
|
79
83
|
alias build_access_token custom_build_access_token
|
|
80
84
|
|
|
85
|
+
def profile_endpoint
|
|
86
|
+
@profile_endpoint ||= MICROSOFT_GRAPH_PROFILE_URL
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def determine_profile_endpoint(request)
|
|
90
|
+
scope = request&.env&.dig('omniauth.params', 'scope')
|
|
91
|
+
|
|
92
|
+
if scope&.include?('yammer')
|
|
93
|
+
YAMMER_PROFILE_URL
|
|
94
|
+
else
|
|
95
|
+
MICROSOFT_GRAPH_PROFILE_URL
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
|
|
81
99
|
private
|
|
82
100
|
|
|
83
101
|
def get_access_token(request)
|
|
@@ -18,10 +18,10 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
19
19
|
spec.require_paths = ["lib"]
|
|
20
20
|
|
|
21
|
-
spec.add_runtime_dependency 'jwt', '
|
|
21
|
+
spec.add_runtime_dependency 'jwt', '>= 2.0', '< 4.0'
|
|
22
22
|
spec.add_runtime_dependency 'omniauth', '~> 2.0'
|
|
23
23
|
spec.add_runtime_dependency 'omniauth-oauth2', '~> 1.8.0'
|
|
24
|
-
spec.add_development_dependency "sinatra", '~>
|
|
24
|
+
spec.add_development_dependency "sinatra", '~> 4.1'
|
|
25
25
|
spec.add_development_dependency "rake", '~> 12.3.3', '>= 12.3.3'
|
|
26
26
|
spec.add_development_dependency 'rspec', '~> 3.6'
|
|
27
27
|
spec.add_development_dependency "mocha", '~> 0'
|
|
@@ -28,6 +28,13 @@ RSpec.describe OmniAuth::MicrosoftGraph::DomainVerifier do
|
|
|
28
28
|
it { is_expected.to be_truthy }
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
context 'when email domain and userPrincipalName domain match but have different casing' do
|
|
32
|
+
let(:email) { 'foo@example.com' }
|
|
33
|
+
let(:upn) { 'bar@EXAMPLE.COM' }
|
|
34
|
+
|
|
35
|
+
it { is_expected.to be_truthy }
|
|
36
|
+
end
|
|
37
|
+
|
|
31
38
|
context 'when domain validation is disabled' do
|
|
32
39
|
let(:options) { super().merge(skip_domain_verification: true) }
|
|
33
40
|
|
|
@@ -457,4 +457,82 @@ describe OmniAuth::Strategies::MicrosoftGraph do
|
|
|
457
457
|
end.to raise_error(OAuth2::Error)
|
|
458
458
|
end
|
|
459
459
|
end
|
|
460
|
+
|
|
461
|
+
describe 'Yammer profile endpoint support' do
|
|
462
|
+
describe '#profile_endpoint' do
|
|
463
|
+
context 'when no profile endpoint is determined' do
|
|
464
|
+
it 'defaults to Microsoft Graph profile URL' do
|
|
465
|
+
expect(subject.profile_endpoint).to eq('https://graph.microsoft.com/v1.0/me')
|
|
466
|
+
end
|
|
467
|
+
end
|
|
468
|
+
|
|
469
|
+
context 'when profile endpoint is already set' do
|
|
470
|
+
before { subject.instance_variable_set(:@profile_endpoint, 'https://custom.endpoint.com') }
|
|
471
|
+
|
|
472
|
+
it 'returns the previously set endpoint' do
|
|
473
|
+
expect(subject.profile_endpoint).to eq('https://custom.endpoint.com')
|
|
474
|
+
end
|
|
475
|
+
end
|
|
476
|
+
end
|
|
477
|
+
|
|
478
|
+
describe '#determine_profile_endpoint' do
|
|
479
|
+
let(:request) { double('Request', env: request_env) }
|
|
480
|
+
|
|
481
|
+
context 'when scope includes Yammer access_as_user scope' do
|
|
482
|
+
let(:request_env) { { 'omniauth.params' => { 'scope' => 'https://api.yammer.com/access_as_user' } } }
|
|
483
|
+
|
|
484
|
+
it 'returns Yammer profile URL' do
|
|
485
|
+
expect(subject.determine_profile_endpoint(request)).to eq('https://www.yammer.com/api/v1/users/current.json')
|
|
486
|
+
end
|
|
487
|
+
end
|
|
488
|
+
|
|
489
|
+
context 'when scope includes Yammer user_impersonation scope' do
|
|
490
|
+
let(:request_env) { { 'omniauth.params' => { 'scope' => 'openid profile https://api.yammer.com/user_impersonation' } } }
|
|
491
|
+
|
|
492
|
+
it 'returns Yammer profile URL' do
|
|
493
|
+
expect(subject.determine_profile_endpoint(request)).to eq('https://www.yammer.com/api/v1/users/current.json')
|
|
494
|
+
end
|
|
495
|
+
end
|
|
496
|
+
|
|
497
|
+
context 'when scope includes Yammer scope among other scopes' do
|
|
498
|
+
let(:request_env) { { 'omniauth.params' => { 'scope' => 'offline_access openid email profile https://api.yammer.com/access_as_user User.Read' } } }
|
|
499
|
+
|
|
500
|
+
it 'returns Yammer profile URL' do
|
|
501
|
+
expect(subject.determine_profile_endpoint(request)).to eq('https://www.yammer.com/api/v1/users/current.json')
|
|
502
|
+
end
|
|
503
|
+
end
|
|
504
|
+
|
|
505
|
+
context 'when scope includes multiple Yammer scopes' do
|
|
506
|
+
let(:request_env) { { 'omniauth.params' => { 'scope' => 'openid profile https://api.yammer.com/access_as_user https://api.yammer.com/user_impersonation' } } }
|
|
507
|
+
|
|
508
|
+
it 'returns Yammer profile URL' do
|
|
509
|
+
expect(subject.determine_profile_endpoint(request)).to eq('https://www.yammer.com/api/v1/users/current.json')
|
|
510
|
+
end
|
|
511
|
+
end
|
|
512
|
+
|
|
513
|
+
context 'when scope does not include any Yammer scopes' do
|
|
514
|
+
let(:request_env) { { 'omniauth.params' => { 'scope' => 'openid profile User.Read' } } }
|
|
515
|
+
|
|
516
|
+
it 'returns Microsoft Graph profile URL' do
|
|
517
|
+
expect(subject.determine_profile_endpoint(request)).to eq('https://graph.microsoft.com/v1.0/me')
|
|
518
|
+
end
|
|
519
|
+
end
|
|
520
|
+
|
|
521
|
+
context 'when scope is nil' do
|
|
522
|
+
let(:request_env) { { 'omniauth.params' => { 'scope' => nil } } }
|
|
523
|
+
|
|
524
|
+
it 'returns Microsoft Graph profile URL' do
|
|
525
|
+
expect(subject.determine_profile_endpoint(request)).to eq('https://graph.microsoft.com/v1.0/me')
|
|
526
|
+
end
|
|
527
|
+
end
|
|
528
|
+
|
|
529
|
+
context 'when omniauth.params is nil' do
|
|
530
|
+
let(:request_env) { { 'omniauth.params' => nil } }
|
|
531
|
+
|
|
532
|
+
it 'returns Microsoft Graph profile URL' do
|
|
533
|
+
expect(subject.determine_profile_endpoint(request)).to eq('https://graph.microsoft.com/v1.0/me')
|
|
534
|
+
end
|
|
535
|
+
end
|
|
536
|
+
end
|
|
537
|
+
end
|
|
460
538
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-microsoft_graph
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter Philips
|
|
@@ -9,22 +9,28 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2026-05-20 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: jwt
|
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
17
|
requirements:
|
|
18
|
-
- - "
|
|
18
|
+
- - ">="
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
20
|
version: '2.0'
|
|
21
|
+
- - "<"
|
|
22
|
+
- !ruby/object:Gem::Version
|
|
23
|
+
version: '4.0'
|
|
21
24
|
type: :runtime
|
|
22
25
|
prerelease: false
|
|
23
26
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
27
|
requirements:
|
|
25
|
-
- - "
|
|
28
|
+
- - ">="
|
|
26
29
|
- !ruby/object:Gem::Version
|
|
27
30
|
version: '2.0'
|
|
31
|
+
- - "<"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '4.0'
|
|
28
34
|
- !ruby/object:Gem::Dependency
|
|
29
35
|
name: omniauth
|
|
30
36
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -59,14 +65,14 @@ dependencies:
|
|
|
59
65
|
requirements:
|
|
60
66
|
- - "~>"
|
|
61
67
|
- !ruby/object:Gem::Version
|
|
62
|
-
version: '
|
|
68
|
+
version: '4.1'
|
|
63
69
|
type: :development
|
|
64
70
|
prerelease: false
|
|
65
71
|
version_requirements: !ruby/object:Gem::Requirement
|
|
66
72
|
requirements:
|
|
67
73
|
- - "~>"
|
|
68
74
|
- !ruby/object:Gem::Version
|
|
69
|
-
version: '
|
|
75
|
+
version: '4.1'
|
|
70
76
|
- !ruby/object:Gem::Dependency
|
|
71
77
|
name: rake
|
|
72
78
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -160,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
160
166
|
- !ruby/object:Gem::Version
|
|
161
167
|
version: '0'
|
|
162
168
|
requirements: []
|
|
163
|
-
rubygems_version: 3.
|
|
169
|
+
rubygems_version: 3.5.22
|
|
164
170
|
signing_key:
|
|
165
171
|
specification_version: 4
|
|
166
172
|
summary: omniauth provider for Microsoft Graph
|