omniauth-mydigipass 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +2 -0
- data/Gemfile +1 -2
- data/README.md +159 -50
- data/example/config.ru +38 -10
- data/example/views/index.erb +31 -0
- data/example/views/signin.erb +7 -0
- data/lib/mydigipass.rb +2 -0
- data/lib/mydigipass/connect_api.rb +24 -0
- data/lib/mydigipass/tools.rb +13 -0
- data/lib/omniauth-mydigipass.rb +1 -1
- data/lib/omniauth-mydigipass/version.rb +1 -1
- data/lib/omniauth/strategies/mydigipass.rb +9 -28
- data/omniauth-mydigipass.gemspec +3 -2
- data/spec/mydigipass/connect_api_spec.rb +40 -0
- data/spec/mydigipass/tools_spec.rb +22 -0
- data/spec/omniauth/strategies/mydigipass_spec.rb +14 -7
- data/spec/support/shared_examples.rb +8 -8
- metadata +69 -17
- data/example/views/callback.erb +0 -14
data/.gitignore
CHANGED
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,82 +1,191 @@
|
|
1
|
-
# OmniAuth Mydigipass
|
1
|
+
# OmniAuth Mydigipass
|
2
2
|
|
3
3
|
This is an OmniAuth strategy for authenticating with MYDIGIPASS.COM.
|
4
4
|
|
5
5
|
If you want to integrate your website with MYDIGIPASS.COM, you will need to
|
6
|
-
sign up on http://developer.mydigipass.com and
|
7
|
-
|
6
|
+
sign up on [developer.mydigipass.com](http://developer.mydigipass.com) and
|
7
|
+
connect your site there. Then you will get a `client_id` and `client_secret`
|
8
|
+
you need to fill in here.
|
9
|
+
|
10
|
+
It is recommended to use the OAuth `state` parameter to prevent CSRF
|
11
|
+
attacks. Omniauth actually enables this behaviour by default. Usage of the
|
12
|
+
state parameter is illustrated in the example app.
|
8
13
|
|
9
14
|
|
10
15
|
## Basic Usage
|
11
16
|
|
12
|
-
If you are testing your application in the sandbox environment,
|
17
|
+
If you are testing your application in the sandbox environment, initialize
|
18
|
+
the strategy as follows:
|
13
19
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
20
|
+
```ruby
|
21
|
+
use OmniAuth::Builder do
|
22
|
+
provider :mydigipass, ENV['MYDIGIPASS_CLIENT_ID'], ENV['MYDIGIPASS_CLIENT_SECRET'],
|
23
|
+
:client_options => OmniAuth::Strategies::Mydigipass.default_client_urls(:sandbox => true)
|
24
|
+
end
|
25
|
+
```
|
18
26
|
|
19
27
|
Once your application goes in production, you can just write:
|
20
28
|
|
21
|
-
|
22
|
-
|
23
|
-
|
29
|
+
```ruby
|
30
|
+
use OmniAuth::Builder do
|
31
|
+
provider :mydigipass, ENV['MYDIGIPASS_CLIENT_ID'], ENV['MYDIGIPASS_CLIENT_SECRET']
|
32
|
+
end
|
33
|
+
```
|
24
34
|
|
25
|
-
## Example Application
|
26
35
|
|
27
|
-
|
36
|
+
## Example Integrating with Rails
|
28
37
|
|
29
|
-
|
38
|
+
Add an initializer `mydigipass.rb` containing your application specific configuration:
|
30
39
|
|
31
|
-
|
40
|
+
```ruby
|
41
|
+
# MYDIGIPASS.COM OAuth configuration
|
42
|
+
|
43
|
+
MDP_JS_SRC="https://static.mydigipass.com/en/dp_connect.js"
|
44
|
+
|
45
|
+
if Rails.env.production?
|
46
|
+
MDP_CLIENT_ID="<your-production-client-id>"
|
47
|
+
MDP_CLIENT_SECRET="<your-production-client-secret>"
|
48
|
+
MDP_CALLBACK_URL="<your-production-base-url>/auth/mydigipass/callback"
|
49
|
+
MDP_ORIGIN="https://www.mydigipass.com"
|
50
|
+
else
|
51
|
+
MDP_CLIENT_ID="<your-sandbox-client-id>"
|
52
|
+
MDP_CLIENT_SECRET="<your-sandbox-client-secret>"
|
53
|
+
MDP_CALLBACK_URL="http://localhost:3000/auth/mydigipass/callback"
|
54
|
+
MDP_ORIGIN="https://sandbox.mydigipass.com"
|
55
|
+
end
|
56
|
+
```
|
32
57
|
|
33
58
|
Inside your `config/application.rb` add the following (e.g. at the bottom, inside the configuration block) :
|
34
59
|
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
60
|
+
```ruby
|
61
|
+
# enable omniauth strategies
|
62
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
63
|
+
if Rails.env.production?
|
64
|
+
provider :mydigipass, MDP_CLIENT_ID, MDP_CLIENT_SECRET
|
65
|
+
else
|
66
|
+
provider :mydigipass, MDP_CLIENT_ID, MDP_CLIENT_SECRET,
|
67
|
+
:client_options => OmniAuth::Strategies::Mydigipass.default_client_urls(:sandbox => true)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
```
|
39
71
|
|
40
72
|
And then you just have to make sure you have something listening at `/auth/:provider/callback`.
|
41
73
|
Suppose you add the following routes:
|
42
74
|
|
43
|
-
|
44
|
-
|
75
|
+
```ruby
|
76
|
+
match '/auth/:provider/callback', :to => 'home#auth_create'
|
77
|
+
match '/auth/failure', :to => 'home#auth_failure'
|
78
|
+
```
|
79
|
+
|
80
|
+
|
81
|
+
### Rendering the button
|
82
|
+
|
83
|
+
On the login page and/or signup page, you can show the MYDIGIPASS.COM button
|
84
|
+
as follows:
|
85
|
+
|
86
|
+
```ruby
|
87
|
+
= link_to("connect with mydigipass.com", "#", :class => "dpplus-connect",
|
88
|
+
:"data-origin" => MDP_ORIGIN,
|
89
|
+
:"data-client-id" => MDP_CLIENT_ID,
|
90
|
+
:"data-redirect-uri" => MDP_CALLBACK_URL,
|
91
|
+
:"data-state" => @state)
|
92
|
+
```
|
93
|
+
|
94
|
+
and also include the `dp_connect.js` Javascript file:
|
95
|
+
|
96
|
+
```ruby
|
97
|
+
%script{:type => 'text/javascript', :src => MDP_JS_SRC}
|
98
|
+
```
|
99
|
+
|
100
|
+
Since you can potentially link a MYDIGIPASS.COM account to an
|
101
|
+
existing account on your site, you have to protect against CSRF attacks.
|
102
|
+
For this reason, every time you render a view with the above link,
|
103
|
+
you have to generate a new random CSRF-protection `state` token.
|
104
|
+
This token must be stored in two places:
|
105
|
+
|
106
|
+
1. in the `data-state` attribute of the link itself (see above code),
|
107
|
+
2. in the `omniauth.state` session variable.
|
108
|
+
|
109
|
+
To generate a suitable token, you can put the following code in the
|
110
|
+
controller action or even in the view itself:
|
111
|
+
|
112
|
+
```ruby
|
113
|
+
@state = session['omniauth.state'] = SecureRandom.hex(24)
|
114
|
+
```
|
115
|
+
|
116
|
+
When Omniauth is processing the OAuth call, it will compare the
|
117
|
+
`state` parameter passed back in by MIDIGPASS.COM to the `omniauth.state`
|
118
|
+
parameter stored in the user's session. If the tokens do not match, Omniauth
|
119
|
+
will conclude that the authentication was originally initiated in another
|
120
|
+
browser session and abort the remainder of the flow.
|
121
|
+
|
122
|
+
> Note: If you use the `state` parameter for CSRF protection, you must
|
123
|
+
> register a separate autoconnect URL (which is usually the URL of the
|
124
|
+
> login page of your application) with MYDIGIPASS.COM to enable users to
|
125
|
+
> sign in from our launchpad.
|
126
|
+
|
127
|
+
|
128
|
+
### Handling the callback
|
129
|
+
|
130
|
+
To handle the actual callback, you can use something like the following
|
131
|
+
`auth_create` implementation inside your `HomeController`:
|
132
|
+
|
133
|
+
```ruby
|
134
|
+
def auth_failure
|
135
|
+
set_flash_message(:notice, "OAuth error: #{params[:message]}")
|
136
|
+
redirect_to root_path
|
137
|
+
end
|
138
|
+
|
139
|
+
def auth_create
|
140
|
+
user = User.find_or_create_from_auth_hash(request.env['omniauth.auth'].with_indifferent_access)
|
141
|
+
logger.debug "Found or created user: #{user.email} [#{user.id}]"
|
142
|
+
if user.sign_in_count == 0
|
143
|
+
set_flash_message(:notice, "Welcome #{user.email}, thank you for signing up using your dP+ account!")
|
144
|
+
else
|
145
|
+
set_flash_message(:notice, "Succesfully logged in!")
|
146
|
+
end
|
147
|
+
sign_in(:user, user, :bypass => true)
|
148
|
+
redirect_to dashboard_path
|
149
|
+
end
|
150
|
+
```
|
151
|
+
|
152
|
+
When a user signs in through MYDIGIPASS.COM, it could be a new user
|
153
|
+
(signing up), or an existing user. The function `find_or_create_from_auth_hash`
|
154
|
+
handles that for me:
|
155
|
+
|
156
|
+
```ruby
|
157
|
+
def self.find_or_create_from_auth_hash(auth_hash)
|
158
|
+
logger.debug "User.find_or_create_from_auth_hash: auth_hash = #{auth_hash.inspect} "
|
159
|
+
received_uuid = auth_hash[:extra][:raw_info][:uuid]
|
160
|
+
received_email = auth_hash[:extra][:raw_info][:email]
|
161
|
+
|
162
|
+
user = User.find_by_uuid(received_uuid) || User.find_by_email(received_email)
|
163
|
+
user = user.nil? ? create_from_auth_hash(received_uuid, received_email) : prevent_login_with_normal_password(user, received_uuid)
|
164
|
+
end
|
165
|
+
```
|
166
|
+
|
167
|
+
I try to find the user, by `uuid` or `email`. If I find the user by `uuid`,
|
168
|
+
she has logged on before with MYDIGIPASS.COM If I find a matching mail,
|
169
|
+
link the uuid to that user. If I do not find a user, create one with the
|
170
|
+
given `email` and `uuid`. I also made sure that users can then only login
|
171
|
+
with their MYDIGIPASS.COM and no longer normally, but that is optional
|
172
|
+
of course.
|
45
173
|
|
46
|
-
Then, inside your `HomeController` you could write:
|
47
174
|
|
48
|
-
|
49
|
-
set_flash_message(:notice, "OAuth error: #{params[:message]}")
|
50
|
-
redirect_to root_path
|
51
|
-
end
|
175
|
+
## Example Application
|
52
176
|
|
53
|
-
|
54
|
-
|
55
|
-
logger.debug "Found or created user: #{user.email} [#{user.id}]"
|
56
|
-
if user.sign_in_count == 0
|
57
|
-
set_flash_message(:notice, "Welcome #{user.email}, thank you for signing up using your dP+ account!")
|
58
|
-
else
|
59
|
-
set_flash_message(:notice, "Succesfully logged in!")
|
60
|
-
end
|
61
|
-
sign_in(:user, user, :bypass => true)
|
62
|
-
redirect_to dashboard_path
|
63
|
-
end
|
177
|
+
I have added a small working example application, using Sinatra. Check it out
|
178
|
+
in the `example` folder. To make it work just type `rackup` in the folder.
|
64
179
|
|
65
|
-
|
66
|
-
|
180
|
+
Aside from signing in with MYDIGIPASS.COM, the example application also
|
181
|
+
shows how to use the Connect API through a simple HTTParty wrapper that can
|
182
|
+
be found in `lib/mydigipass/connect_api.rb`.
|
67
183
|
|
68
|
-
|
69
|
-
|
70
|
-
received_uuid = auth_hash[:extra][:raw_info][:uuid]
|
71
|
-
received_email = auth_hash[:extra][:raw_info][:email]
|
184
|
+
The Connect API and its purpose is described in more detail in the
|
185
|
+
[MDP Developer documentation](https://developer.mydigipass.com/).
|
72
186
|
|
73
|
-
|
74
|
-
user = user.nil? ? create_from_auth_hash(received_uuid, received_email) : prevent_login_with_normal_password(user, received_uuid)
|
75
|
-
end
|
187
|
+
Hope this helps.
|
76
188
|
|
77
|
-
I try to find the user, by `uuid` or `email`. If I find the user by `uuid`, she has logged on before with MYDIGIPASS.COM
|
78
|
-
If I find a matching mail, link the uuid to that user. If I do not find a user, create one with the given `email` and `uuid`.
|
79
|
-
I also made sure that users can then only login with their MYDIGIPASS.COM and no longer normally, but that is optional of course.
|
80
189
|
|
81
190
|
## License
|
82
191
|
|
@@ -86,4 +195,4 @@ Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
86
195
|
|
87
196
|
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
88
197
|
|
89
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
198
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/example/config.ru
CHANGED
@@ -2,33 +2,61 @@ require 'bundler/setup'
|
|
2
2
|
require 'sinatra'
|
3
3
|
require 'omniauth'
|
4
4
|
require 'omniauth-mydigipass'
|
5
|
+
require 'mydigipass'
|
5
6
|
|
7
|
+
# Replace these with your own credentials.
|
8
|
+
CLIENT_ID = '5o67b0giz20pttdcjenjtyyj5'
|
9
|
+
CLIENT_SECRET = '39fcfebcwfegu1sqedxq8f8vt'
|
10
|
+
|
11
|
+
OMNIAUTH_CLIENT_OPTIONS = OmniAuth::Strategies::Mydigipass.default_client_urls(:sandbox => true)
|
12
|
+
CONNECT_API_OPTIONS = { :client_id => CLIENT_ID, :client_secret => CLIENT_SECRET, :sandbox => true }
|
6
13
|
|
7
14
|
class App < Sinatra::Base
|
8
15
|
get '/' do
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
16
|
+
@auth = session['auth']
|
17
|
+
if @auth.nil?
|
18
|
+
redirect '/signin'
|
19
|
+
else
|
20
|
+
@users = Mydigipass::ConnectApi.new(CONNECT_API_OPTIONS).all_connected
|
21
|
+
erb :index
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
get '/signin' do
|
26
|
+
@state = session['omniauth.state'] = SecureRandom.hex(24)
|
27
|
+
erb :signin
|
28
|
+
end
|
29
|
+
|
30
|
+
get '/signout' do
|
31
|
+
session['auth'] = nil
|
32
|
+
redirect '/signin'
|
15
33
|
end
|
16
34
|
|
17
35
|
get '/auth/:name/callback' do
|
18
|
-
|
19
|
-
|
36
|
+
session['auth'] = request.env['omniauth.auth']
|
37
|
+
redirect '/'
|
20
38
|
end
|
21
39
|
|
22
40
|
get '/auth/failure' do
|
41
|
+
session['auth'] = nil
|
23
42
|
@request = request
|
24
43
|
erb :failure
|
25
44
|
end
|
45
|
+
|
46
|
+
get '/connect/:uuid' do
|
47
|
+
Mydigipass::ConnectApi.new(CONNECT_API_OPTIONS).connected(params[:uuid])
|
48
|
+
redirect '/'
|
49
|
+
end
|
50
|
+
|
51
|
+
get '/disconnect/:uuid' do
|
52
|
+
Mydigipass::ConnectApi.new(CONNECT_API_OPTIONS).disconnected(params[:uuid])
|
53
|
+
redirect '/'
|
54
|
+
end
|
26
55
|
end
|
27
56
|
|
28
57
|
use Rack::Session::Cookie
|
29
58
|
use OmniAuth::Builder do
|
30
|
-
provider :mydigipass,
|
31
|
-
:client_options => OmniAuth::Strategies::Mydigipass.default_client_urls(:sandbox => true)
|
59
|
+
provider :mydigipass, CLIENT_ID, CLIENT_SECRET, :client_options => OMNIAUTH_CLIENT_OPTIONS
|
32
60
|
end
|
33
61
|
|
34
62
|
run App.new
|
@@ -0,0 +1,31 @@
|
|
1
|
+
<html>
|
2
|
+
<body>
|
3
|
+
<h1>Authenticated via provider '<%= @auth.provider %>'</h1>
|
4
|
+
<h2>Info</h2>
|
5
|
+
<ul>
|
6
|
+
<%- @auth.info.each do |key, value| %>
|
7
|
+
<li><strong><%= key %>:</strong> <%= value.inspect %></li>
|
8
|
+
<% end %>
|
9
|
+
</ul>
|
10
|
+
|
11
|
+
<a href="/signout" class="dpplus-logout" data-origin="<%= OMNIAUTH_CLIENT_OPTIONS[:site] %>" data-client-id="<%= CLIENT_ID %>">Sign out</a>
|
12
|
+
|
13
|
+
<h2>Raw auth information</h2>
|
14
|
+
<pre style="white-space: pre-wrap"><%= Rack::Utils.escape_html @auth.inspect %></pre>
|
15
|
+
|
16
|
+
<h2>Connected users</h2>
|
17
|
+
<p>
|
18
|
+
Users connected to your application:
|
19
|
+
</p>
|
20
|
+
<ul>
|
21
|
+
<% if @users.empty? %>
|
22
|
+
<li>No users connected</li>
|
23
|
+
<% else %>
|
24
|
+
<% @users.each do |user| %>
|
25
|
+
<li><b><%= user %></b> (<a href="/disconnect/<%= user %>">disconnect</a>)</li>
|
26
|
+
<% end %>
|
27
|
+
<% end %>
|
28
|
+
</ul>
|
29
|
+
<a href='/connect/<%= @auth.uid %>'>Connect the current user (<b><%= @auth.uid %></b>)</a>
|
30
|
+
</body>
|
31
|
+
</html>
|
@@ -0,0 +1,7 @@
|
|
1
|
+
<html>
|
2
|
+
<body>
|
3
|
+
<h1>Test OAuth2 with MYDIGIPASS.COM</h1>
|
4
|
+
<script type="text/javascript" src="https://static.mydigipass.com/en/dp_connect.js"></script>
|
5
|
+
<a class="dpplus-connect" data-origin="<%= OMNIAUTH_CLIENT_OPTIONS[:site] %>" data-client-id="<%= CLIENT_ID %>" data-redirect-uri="http://localhost:9292/auth/mydigipass/callback" data-state="<%= @state %>" href="#">connect with mydigipass.com</a>
|
6
|
+
</body>
|
7
|
+
</html>
|
data/lib/mydigipass.rb
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'httparty'
|
2
|
+
require 'mydigipass/tools'
|
3
|
+
|
4
|
+
module Mydigipass
|
5
|
+
class ConnectApi
|
6
|
+
def initialize(options)
|
7
|
+
@base_uri = Mydigipass::Tools.extract_base_uri_from_options(options)
|
8
|
+
@auth = { :username => options[:client_id], :password => options[:client_secret] }
|
9
|
+
end
|
10
|
+
|
11
|
+
def all_connected
|
12
|
+
response = HTTParty.get("#{@base_uri}/api/uuids/connected", { :basic_auth => @auth })
|
13
|
+
response['uuids'] || [ ]
|
14
|
+
end
|
15
|
+
|
16
|
+
def connected(uuid)
|
17
|
+
HTTParty.post("#{@base_uri}/api/uuids/connected", { :body => { :uuids => [ uuid ] }, :basic_auth => @auth })
|
18
|
+
end
|
19
|
+
|
20
|
+
def disconnected(uuid)
|
21
|
+
HTTParty.post("#{@base_uri}/api/uuids/disconnected", { :body => { :uuids => [ uuid ] }, :basic_auth => @auth })
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
module Mydigipass
|
2
|
+
module Tools
|
3
|
+
def self.extract_base_uri_from_options(options = { })
|
4
|
+
if options.has_key? :base_uri
|
5
|
+
options[:base_uri]
|
6
|
+
elsif options.has_key? :sandbox
|
7
|
+
'https://sandbox.mydigipass.com'
|
8
|
+
else
|
9
|
+
'https://www.mydigipass.com'
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
data/lib/omniauth-mydigipass.rb
CHANGED
@@ -1,2 +1,2 @@
|
|
1
|
-
require
|
1
|
+
require 'omniauth-mydigipass/version'
|
2
2
|
require 'omniauth/strategies/mydigipass'
|
@@ -1,34 +1,21 @@
|
|
1
1
|
require 'omniauth-oauth2'
|
2
|
+
require 'mydigipass/tools'
|
2
3
|
|
3
4
|
module OmniAuth
|
4
5
|
module Strategies
|
5
6
|
class Mydigipass < OmniAuth::Strategies::OAuth2
|
6
|
-
|
7
|
-
|
8
|
-
local_base_uri = options[:sandbox] ? 'https://sandbox.mydigipass.com' : 'https://mydigipass.com'
|
7
|
+
def self.default_client_urls(options = { })
|
8
|
+
base_uri = ::Mydigipass::Tools.extract_base_uri_from_options(options)
|
9
9
|
{
|
10
|
-
:site =>
|
11
|
-
:authorize_url =>
|
12
|
-
:token_url =>
|
10
|
+
:site => base_uri,
|
11
|
+
:authorize_url => base_uri + '/oauth/authenticate',
|
12
|
+
:token_url => base_uri + '/oauth/token'
|
13
13
|
}
|
14
14
|
end
|
15
15
|
|
16
|
-
|
17
|
-
# Give your strategy a name.
|
18
|
-
option :name, "mydigipass"
|
19
|
-
|
20
|
-
# for the sandbox environment, use http://sandbox.mydigipass.com
|
21
|
-
option :base_uri, "https://mydigipass.com"
|
22
|
-
|
23
|
-
#option :client_options, {
|
24
|
-
# :site => base_uri,
|
25
|
-
# :authorize_url => base_uri + '/oauth/authenticate',
|
26
|
-
# :token_url => base_uri + '/oauth/token'
|
27
|
-
# }
|
28
|
-
|
16
|
+
option :name, 'mydigipass'
|
29
17
|
option :client_options, default_client_urls
|
30
18
|
|
31
|
-
|
32
19
|
# These are called after authentication has succeeded.
|
33
20
|
uid { raw_info['uuid'] }
|
34
21
|
|
@@ -44,18 +31,12 @@ module OmniAuth
|
|
44
31
|
end
|
45
32
|
|
46
33
|
extra do
|
47
|
-
{'raw_info' => raw_info}
|
34
|
+
{ 'raw_info' => raw_info }
|
48
35
|
end
|
49
36
|
|
50
37
|
def raw_info
|
51
38
|
@raw_info ||= access_token.get('/oauth/user_data').parsed
|
52
39
|
end
|
53
|
-
|
54
|
-
def base_uri
|
55
|
-
default_options[:base_uri]
|
56
|
-
end
|
57
|
-
|
58
|
-
|
59
40
|
end
|
60
41
|
end
|
61
|
-
end
|
42
|
+
end
|
data/omniauth-mydigipass.gemspec
CHANGED
@@ -15,8 +15,9 @@ Gem::Specification.new do |gem|
|
|
15
15
|
gem.require_paths = ["lib"]
|
16
16
|
gem.version = OmniAuth::Mydigipass::VERSION
|
17
17
|
|
18
|
-
gem.add_dependency '
|
19
|
-
gem.add_dependency 'omniauth
|
18
|
+
gem.add_dependency 'httparty'
|
19
|
+
gem.add_dependency 'omniauth', '~> 1.1'
|
20
|
+
gem.add_dependency 'omniauth-oauth2', '~> 1.1'
|
20
21
|
gem.add_development_dependency 'rspec', '~> 2.7'
|
21
22
|
gem.add_development_dependency 'rack-test'
|
22
23
|
gem.add_development_dependency 'simplecov'
|
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'mydigipass/connect_api'
|
3
|
+
|
4
|
+
describe Mydigipass::ConnectApi do
|
5
|
+
let(:client_id) { 'abc' }
|
6
|
+
let(:client_secret) { 'def' }
|
7
|
+
let(:uuid) { 'ghi' }
|
8
|
+
|
9
|
+
let(:basic_auth) { { :username => client_id, :password => client_secret } }
|
10
|
+
|
11
|
+
before :each do
|
12
|
+
@api = Mydigipass::ConnectApi.new(:client_id => client_id, :client_secret => client_secret, :base_uri => 'https://www.foo.com')
|
13
|
+
HTTParty.stub(:get)
|
14
|
+
HTTParty.stub(:post)
|
15
|
+
end
|
16
|
+
|
17
|
+
describe '#all_connected' do
|
18
|
+
it 'performs GET and returns array' do
|
19
|
+
params = { :basic_auth => basic_auth }
|
20
|
+
HTTParty.should_receive(:get).with('https://www.foo.com/api/uuids/connected', params).and_return({ 'uuids' => [ '123', '456' ] })
|
21
|
+
@api.all_connected.should == [ '123', '456' ]
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
describe '#connected' do
|
26
|
+
it 'performs POST' do
|
27
|
+
params = { :body => { :uuids => [ uuid ] }, :basic_auth => basic_auth }
|
28
|
+
HTTParty.should_receive(:post).with('https://www.foo.com/api/uuids/connected', params)
|
29
|
+
@api.connected(uuid)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
describe '#disconnected' do
|
34
|
+
it 'performs POST' do
|
35
|
+
params = { :body => { :uuids => [ uuid ] }, :basic_auth => basic_auth }
|
36
|
+
HTTParty.should_receive(:post).with('https://www.foo.com/api/uuids/disconnected', params)
|
37
|
+
@api.disconnected(uuid)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'mydigipass/tools'
|
3
|
+
|
4
|
+
describe Mydigipass::Tools do
|
5
|
+
describe '.extract_base_uri_from_options' do
|
6
|
+
context 'with no options parameter' do
|
7
|
+
Mydigipass::Tools.extract_base_uri_from_options().should == 'https://www.mydigipass.com'
|
8
|
+
end
|
9
|
+
|
10
|
+
context 'with empty hash' do
|
11
|
+
Mydigipass::Tools.extract_base_uri_from_options({}).should == 'https://www.mydigipass.com'
|
12
|
+
end
|
13
|
+
|
14
|
+
context 'with explicit base_uri' do
|
15
|
+
Mydigipass::Tools.extract_base_uri_from_options({ :base_uri => 'https://www.foo.com', :sandbox => true }).should == 'https://www.foo.com'
|
16
|
+
end
|
17
|
+
|
18
|
+
context 'with sandbox option' do
|
19
|
+
Mydigipass::Tools.extract_base_uri_from_options({ :sandbox => true }).should == 'https://sandbox.mydigipass.com'
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -3,22 +3,30 @@ require 'omniauth-mydigipass'
|
|
3
3
|
|
4
4
|
describe OmniAuth::Strategies::Mydigipass do
|
5
5
|
subject do
|
6
|
-
OmniAuth::Strategies::Mydigipass.new(
|
6
|
+
OmniAuth::Strategies::Mydigipass.new('abc', 'def', @options || {})
|
7
|
+
end
|
8
|
+
|
9
|
+
before do
|
10
|
+
OmniAuth.config.test_mode = true
|
11
|
+
end
|
12
|
+
|
13
|
+
after do
|
14
|
+
OmniAuth.config.test_mode = false
|
7
15
|
end
|
8
16
|
|
9
17
|
it_should_behave_like 'an oauth2 strategy'
|
10
18
|
|
11
19
|
describe '#client' do
|
12
20
|
it 'should have the correct mydigipass.com site' do
|
13
|
-
subject.client.site.should
|
21
|
+
subject.client.site.should == 'https://www.mydigipass.com'
|
14
22
|
end
|
15
23
|
|
16
24
|
it 'should have the correct authorization url' do
|
17
|
-
subject.client.options[:authorize_url].should
|
25
|
+
subject.client.options[:authorize_url].should == 'https://www.mydigipass.com/oauth/authenticate'
|
18
26
|
end
|
19
27
|
|
20
28
|
it 'should have the correct token url' do
|
21
|
-
subject.client.options[:token_url].should
|
29
|
+
subject.client.options[:token_url].should == 'https://www.mydigipass.com/oauth/token'
|
22
30
|
end
|
23
31
|
end
|
24
32
|
|
@@ -28,11 +36,10 @@ describe OmniAuth::Strategies::Mydigipass do
|
|
28
36
|
end
|
29
37
|
end
|
30
38
|
|
31
|
-
context
|
39
|
+
context 'when connecting to the sandbox' do
|
32
40
|
it 'should have the correct mydigipass.com site' do
|
33
41
|
@options = { :client_options => OmniAuth::Strategies::Mydigipass.default_client_urls(:sandbox => true) }
|
34
|
-
subject.client.site.should
|
42
|
+
subject.client.site.should == 'https://sandbox.mydigipass.com'
|
35
43
|
end
|
36
|
-
|
37
44
|
end
|
38
45
|
end
|
@@ -12,28 +12,28 @@ shared_examples 'an oauth2 strategy' do
|
|
12
12
|
describe '#authorize_params' do
|
13
13
|
it 'should include any authorize params passed in the :authorize_params option' do
|
14
14
|
@options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
|
15
|
-
subject.authorize_params['foo'].should
|
16
|
-
subject.authorize_params['baz'].should
|
15
|
+
subject.authorize_params['foo'].should == 'bar'
|
16
|
+
subject.authorize_params['baz'].should == 'zip'
|
17
17
|
end
|
18
18
|
|
19
19
|
it 'should include top-level options that are marked as :authorize_options' do
|
20
20
|
@options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
|
21
|
-
subject.authorize_params['scope'].should
|
22
|
-
subject.authorize_params['foo'].should
|
21
|
+
subject.authorize_params['scope'].should == 'bar'
|
22
|
+
subject.authorize_params['foo'].should == 'baz'
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
26
|
describe '#token_params' do
|
27
27
|
it 'should include any token params passed in the :token_params option' do
|
28
28
|
@options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
|
29
|
-
subject.token_params['foo'].should
|
30
|
-
subject.token_params['baz'].should
|
29
|
+
subject.token_params['foo'].should == 'bar'
|
30
|
+
subject.token_params['baz'].should == 'zip'
|
31
31
|
end
|
32
32
|
|
33
33
|
it 'should include top-level options that are marked as :token_options' do
|
34
34
|
@options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
|
35
|
-
subject.token_params['scope'].should
|
36
|
-
subject.token_params['foo'].should
|
35
|
+
subject.token_params['scope'].should == 'bar'
|
36
|
+
subject.token_params['foo'].should == 'baz'
|
37
37
|
end
|
38
38
|
end
|
39
39
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-mydigipass
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,33 +9,59 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2014-02-10 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: httparty
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ! '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
14
30
|
- !ruby/object:Gem::Dependency
|
15
31
|
name: omniauth
|
16
|
-
requirement:
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
17
33
|
none: false
|
18
34
|
requirements:
|
19
35
|
- - ~>
|
20
36
|
- !ruby/object:Gem::Version
|
21
|
-
version: '1.
|
37
|
+
version: '1.1'
|
22
38
|
type: :runtime
|
23
39
|
prerelease: false
|
24
|
-
version_requirements:
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ~>
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '1.1'
|
25
46
|
- !ruby/object:Gem::Dependency
|
26
47
|
name: omniauth-oauth2
|
27
|
-
requirement:
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
28
49
|
none: false
|
29
50
|
requirements:
|
30
51
|
- - ~>
|
31
52
|
- !ruby/object:Gem::Version
|
32
|
-
version: '1.
|
53
|
+
version: '1.1'
|
33
54
|
type: :runtime
|
34
55
|
prerelease: false
|
35
|
-
version_requirements:
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '1.1'
|
36
62
|
- !ruby/object:Gem::Dependency
|
37
63
|
name: rspec
|
38
|
-
requirement:
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
39
65
|
none: false
|
40
66
|
requirements:
|
41
67
|
- - ~>
|
@@ -43,10 +69,15 @@ dependencies:
|
|
43
69
|
version: '2.7'
|
44
70
|
type: :development
|
45
71
|
prerelease: false
|
46
|
-
version_requirements:
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ~>
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '2.7'
|
47
78
|
- !ruby/object:Gem::Dependency
|
48
79
|
name: rack-test
|
49
|
-
requirement:
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
50
81
|
none: false
|
51
82
|
requirements:
|
52
83
|
- - ! '>='
|
@@ -54,10 +85,15 @@ dependencies:
|
|
54
85
|
version: '0'
|
55
86
|
type: :development
|
56
87
|
prerelease: false
|
57
|
-
version_requirements:
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
89
|
+
none: false
|
90
|
+
requirements:
|
91
|
+
- - ! '>='
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '0'
|
58
94
|
- !ruby/object:Gem::Dependency
|
59
95
|
name: simplecov
|
60
|
-
requirement:
|
96
|
+
requirement: !ruby/object:Gem::Requirement
|
61
97
|
none: false
|
62
98
|
requirements:
|
63
99
|
- - ! '>='
|
@@ -65,7 +101,12 @@ dependencies:
|
|
65
101
|
version: '0'
|
66
102
|
type: :development
|
67
103
|
prerelease: false
|
68
|
-
version_requirements:
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
106
|
+
requirements:
|
107
|
+
- - ! '>='
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: '0'
|
69
110
|
description: OmniAuth strategy for MYDIGIPASS.COM, which can be used for sandbox or
|
70
111
|
production
|
71
112
|
email:
|
@@ -81,12 +122,18 @@ files:
|
|
81
122
|
- Rakefile
|
82
123
|
- example/Gemfile
|
83
124
|
- example/config.ru
|
84
|
-
- example/views/callback.erb
|
85
125
|
- example/views/failure.erb
|
126
|
+
- example/views/index.erb
|
127
|
+
- example/views/signin.erb
|
128
|
+
- lib/mydigipass.rb
|
129
|
+
- lib/mydigipass/connect_api.rb
|
130
|
+
- lib/mydigipass/tools.rb
|
86
131
|
- lib/omniauth-mydigipass.rb
|
87
132
|
- lib/omniauth-mydigipass/version.rb
|
88
133
|
- lib/omniauth/strategies/mydigipass.rb
|
89
134
|
- omniauth-mydigipass.gemspec
|
135
|
+
- spec/mydigipass/connect_api_spec.rb
|
136
|
+
- spec/mydigipass/tools_spec.rb
|
90
137
|
- spec/omniauth/strategies/mydigipass_spec.rb
|
91
138
|
- spec/spec_helper.rb
|
92
139
|
- spec/support/shared_examples.rb
|
@@ -110,8 +157,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
110
157
|
version: '0'
|
111
158
|
requirements: []
|
112
159
|
rubyforge_project:
|
113
|
-
rubygems_version: 1.8.
|
160
|
+
rubygems_version: 1.8.23
|
114
161
|
signing_key:
|
115
162
|
specification_version: 3
|
116
163
|
summary: OmniAuth strategy for MYDIGIPASS.COM
|
117
|
-
test_files:
|
164
|
+
test_files:
|
165
|
+
- spec/mydigipass/connect_api_spec.rb
|
166
|
+
- spec/mydigipass/tools_spec.rb
|
167
|
+
- spec/omniauth/strategies/mydigipass_spec.rb
|
168
|
+
- spec/spec_helper.rb
|
169
|
+
- spec/support/shared_examples.rb
|
data/example/views/callback.erb
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
<html>
|
2
|
-
<body>
|
3
|
-
<h1>Authentication Successfull via <%= @auth.provider %></h1>
|
4
|
-
<h2>info:</h2>
|
5
|
-
<ul>
|
6
|
-
<%- @auth.info.each do |key, value| %>
|
7
|
-
<li><strong><%= key %>:</strong> <%= value.inspect %></li>
|
8
|
-
<% end %>
|
9
|
-
</ul>
|
10
|
-
<a href='/'>Sign out</a>
|
11
|
-
<h2>raw auth:</h2>
|
12
|
-
<pre style="white-space: pre-wrap"><%= Rack::Utils.escape_html @auth.inspect %></pre>
|
13
|
-
</body>
|
14
|
-
</html>
|