omniauth-myvr 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5f392900cec4ada0165ca53f676df5a69790b042
+  data.tar.gz: c7d1cdd0150d4056511c459a8b106a260bd84056
+SHA512:
+  metadata.gz: 5ab804a5b6ca562c855c4d068b119548041a711780d111f79956a0d36c2eb499aee14521875bc4c5e96b36727497cff0100f94f17d4e30a5b8347194a862c5ef
+  data.tar.gz: 252748d816f1168d377f60d7734ed8e73ec1f77c4f35563dea9e2062fa59deaa8751342b33f5fdab21d7a38ad93c52191c5a5bf47f700ed7e0a9c1b8b572d1f1

data/.gitignore

@@ -0,0 +1,22 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+.ruby-gemset
+.ruby-version
+.rvmrc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.powenv
+.idea/

data/Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+gemspec
+
+gem 'rake'
+
+group :test do
+  gem 'rspec', '~> 3.2'
+end

data/example/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gem 'sinatra'
+gem 'omniauth-myvr', path: '/Users/cjavilla/repos/omniauth-myvr'

data/example/auth.js

@@ -0,0 +1,43 @@
+// Basic hybrid auth example following the pattern at:
+// https://developers.google.com/api-client-library/javascript/features/authentication#Authexample
+jQuery(function() {
+  return $.ajax({
+    url: 'https://apis.google.com/js/client:plus.js?onload=gpAsyncInit',
+    dataType: 'script',
+    cache: true
+  });
+});
+
+window.gpAsyncInit = function() {
+  gapi.auth.authorize({
+    immediate: true,
+    response_type: 'code',
+    cookie_policy: 'single_host_origin',
+    client_id: 'YOUR_CLIENT_ID',
+    scope: 'email profile'
+  }, function(response) {
+    return;
+  });
+  $('.googleplus-login').click(function(e) {
+    e.preventDefault();
+    gapi.auth.authorize({
+      immediate: false,
+      response_type: 'code',
+      cookie_policy: 'single_host_origin',
+      client_id: 'YOUR_CLIENT_ID',
+      scope: 'email profile'
+    }, function(response) {
+      if (response && !response.error) {
+        // google authentication succeed, now post data to server.
+        jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback",
+data: response,
+          success: function(data) {
+            // response from server
+          }
+        });
+      } else {
+        // google authentication failed
+      }
+    });
+  });
+};

data/example/config.ru

@@ -0,0 +1,45 @@
+# Sample app for MyVR OAuth Strategy
+# Make sure to setup the ENV variables MYVR_KEY and MYVR_SECRET
+# Run with "bundle exec rackup"
+
+require 'rubygems'
+require 'bundler'
+require 'sinatra'
+require 'omniauth'
+require 'omniauth-myvr'
+
+# Do not use for production code.
+# This is only to make setup easier when running through the sample.
+#
+# If you do have issues with certs in production code, this could help:
+# http://railsapps.github.io/openssl-certificate-verify-failed.html
+OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
+
+class App < Sinatra::Base
+  get '/' do
+    <<-HTML
+    <ul>
+      <li><a href='/auth/myvr'>Sign in with MyVR</a></li>
+    </ul>
+    HTML
+  end
+
+  get '/auth/:provider/callback' do
+    content_type 'text/plain'
+    request.env['omniauth.auth'].to_hash.inspect rescue "No Data"
+  end
+
+  get '/auth/failure' do
+    content_type 'text/plain'
+    request.env['omniauth.auth'].to_hash.inspect rescue "No Data"
+  end
+end
+
+use Rack::Session::Cookie, :secret => ENV['RACK_COOKIE_SECRET']
+
+use OmniAuth::Builder do
+  # For additional provider examples please look at 'omni_auth.rb'
+  provider :myvr, ENV['MYVR_KEY'], ENV['MYVR_SECRET'], {}
+end
+
+run App.new

data/example/omni_auth.rb

@@ -0,0 +1,45 @@
+# MyVR's OAuth2 docs. Make sure you are familiar with all the options
+# before attempting to configure this gem.
+# https://developers.MyVR.com/accounts/docs/OAuth2Login
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+  # Default usage, this will give you offline access and a refresh token
+  # using default scopes 'email' and 'profile'
+  #
+  provider :myvr, ENV['MYVR_KEY'], ENV['MYVR_SECRET'], {
+    :scope => 'email,profile'
+  }
+
+  # Manual setup for offline access with a refresh token.
+  #
+  # provider :MYVR_oauth2, ENV['MYVR_KEY'], ENV['MYVR_SECRET'], {
+  #   :access_type => 'offline',
+  # }
+
+  # Custom scope supporting youtube. If you are customizing scopes, remember
+  # to include the default scopes 'email' and 'profile'
+  #
+  # provider :myvr, ENV['MYVR_KEY'], ENV['MYVR_SECRET'], {
+  #   :scope => 'http://gdata.youtube.com,email,profile,plus.me'
+  # }
+
+  # Custom scope for users only using MyVR for account creation/auth and do not require a refresh token.
+  #
+  # provider :MYVR_oauth2, ENV['MYVR_KEY'], ENV['MYVR_SECRET'], {
+  #   :access_type => 'online',
+  #   :prompt => ''
+  # }
+
+  # To include information about people in your circles you must include the 'plus.login' scope.
+  #
+  # provider :MYVR_oauth2, ENV['MYVR_KEY'], ENV['MYVR_SECRET'], {
+  #   :skip_friends => false,
+  #   :scope => "email,profile,plus.login"
+  # }
+
+  # If you need to acquire whether user picture is a default one or uploaded by user.
+  #
+  # provider :MYVR_oauth2, ENV['MYVR_KEY'], ENV['MYVR_SECRET'], {
+  #   :skip_image_info => false
+  # }
+end

data/lib/omniauth/strategies/myvr.rb

@@ -0,0 +1,213 @@
+require 'multi_json'
+require 'jwt'
+require 'omniauth/strategies/oauth2'
+require 'uri'
+
+module OmniAuth
+  module Strategies
+    class MyVROAuth < OmniAuth::Strategies::OAuth2
+      BASE_SCOPE_URL = "https://api.myvr.com/auth/"
+      BASE_SCOPES = %w[profile email openid]
+      DEFAULT_SCOPE = "email,profile"
+
+      option :name, 'myvr'
+      option :skip_friends, true
+      option :skip_image_info, true
+      option :skip_jwt, false
+      option :jwt_leeway, 60
+      option :authorize_options, [
+        :access_type,
+        :hd,
+        :login_hint,
+        :prompt,
+        :request_visible_actions,
+        :scope,
+        :state,
+        :redirect_uri,
+        :include_granted_scopes,
+        :openid_realm
+      ]
+      option :authorized_client_ids, []
+
+      option :client_options, {
+        :site          => 'https://accounts.google.com',
+        :authorize_url => '/o/oauth2/auth',
+        :token_url     => '/o/oauth2/token'
+      }
+
+      def authorize_params
+        super.tap do |params|
+          options[:authorize_options].each do |k|
+            params[k] = request.params[k.to_s] unless [nil, ''].include?(request.params[k.to_s])
+          end
+
+          raw_scope = params[:scope] || DEFAULT_SCOPE
+          scope_list = raw_scope.split(" ").map {|item| item.split(",")}.flatten
+          scope_list.map! { |s| s =~ /^https?:\/\// || BASE_SCOPES.include?(s) ? s : "#{BASE_SCOPE_URL}#{s}" }
+          params[:scope] = scope_list.join(" ")
+          params[:access_type] = 'offline' if params[:access_type].nil?
+          params['openid.realm'] = params.delete(:openid_realm) unless params[:openid_realm].nil?
+
+          session['omniauth.state'] = params[:state] if params['state']
+        end
+      end
+
+      uid { raw_info['sub'] || verified_email }
+
+      info do
+        prune!({
+          :name       => raw_info['name'],
+          :email      => verified_email,
+          :first_name => raw_info['given_name'],
+          :last_name  => raw_info['family_name'],
+          :image      => image_url,
+          :urls => {
+            'Google' => raw_info['profile']
+          }
+        })
+      end
+
+      extra do
+        hash = {}
+        hash[:id_token] = access_token['id_token']
+        if !options[:skip_jwt] && !access_token['id_token'].nil?
+          hash[:id_info] = JWT.decode(
+            access_token['id_token'], nil, false, {
+              :verify_iss => true,
+              'iss' => 'accounts.google.com',
+              :verify_aud => true,
+              'aud' => options.client_id,
+              :verify_sub => false,
+              :verify_expiration => true,
+              :verify_not_before => true,
+              :verify_iat => true,
+              :verify_jti => false,
+              :leeway => options[:jwt_leeway]
+            }).first
+        end
+        hash[:raw_info] = raw_info unless skip_info?
+        hash[:raw_friend_info] = raw_friend_info(raw_info['sub']) unless skip_info? || options[:skip_friends]
+        hash[:raw_image_info] = raw_image_info(raw_info['sub']) unless skip_info? || options[:skip_image_info]
+        prune! hash
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get('https://www.googleapis.com/plus/v1/people/me/openIdConnect').parsed
+      end
+
+      def raw_friend_info(id)
+        @raw_friend_info ||= access_token.get("https://www.googleapis.com/plus/v1/people/#{id}/people/visible").parsed
+      end
+
+      def raw_image_info(id)
+        @raw_image_info ||= access_token.get("https://www.googleapis.com/plus/v1/people/#{id}?fields=image").parsed
+      end
+
+      def custom_build_access_token
+        access_token =
+          if request.xhr? && request.params['code']
+            verifier = request.params['code']
+            client.auth_code.get_token(verifier, get_token_options('postmessage'), deep_symbolize(options.auth_token_params || {}))
+          elsif request.params['code'] && request.params['redirect_uri']
+            verifier = request.params['code']
+            redirect_uri = request.params['redirect_uri']
+            client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
+          elsif verify_token(request.params['access_token'])
+            ::OAuth2::AccessToken.from_hash(client, request.params.dup)
+          else
+            verifier = request.params["code"]
+            client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
+          end
+
+        verify_hd(access_token)
+        access_token
+      end
+      alias_method :build_access_token, :custom_build_access_token
+
+      private
+
+      def callback_url
+        options[:redirect_uri] || (full_host + script_name + callback_path)
+      end
+
+      def get_token_options(redirect_uri)
+        { :redirect_uri => redirect_uri }.merge(token_params.to_hash(:symbolize_keys => true))
+      end
+
+      def prune!(hash)
+        hash.delete_if do |_, v|
+          prune!(v) if v.is_a?(Hash)
+          v.nil? || (v.respond_to?(:empty?) && v.empty?)
+        end
+      end
+
+      def verified_email
+        raw_info['email_verified'] ? raw_info['email'] : nil
+      end
+
+      def image_url
+        return nil unless raw_info['picture']
+
+        u = URI.parse(raw_info['picture'].gsub('https:https', 'https'))
+
+        path_index = u.path.to_s.index('/photo.jpg')
+
+        if path_index && image_size_opts_passed?
+          u.path.insert(path_index, image_params)
+          u.path = u.path.gsub('//', '/')
+        end
+
+        u.query = strip_unnecessary_query_parameters(u.query)
+
+        u.to_s
+      end
+
+      def image_size_opts_passed?
+        !!(options[:image_size] || options[:image_aspect_ratio])
+      end
+
+      def image_params
+        image_params = []
+        if options[:image_size].is_a?(Integer)
+          image_params << "s#{options[:image_size]}"
+        elsif options[:image_size].is_a?(Hash)
+          image_params << "w#{options[:image_size][:width]}" if options[:image_size][:width]
+          image_params << "h#{options[:image_size][:height]}" if options[:image_size][:height]
+        end
+        image_params << 'c' if options[:image_aspect_ratio] == 'square'
+
+        '/' + image_params.join('-')
+      end
+
+      def strip_unnecessary_query_parameters(query_parameters)
+        # strip `sz` parameter (defaults to sz=50) which overrides `image_size` options
+        return nil if query_parameters.nil?
+
+        params = CGI.parse(query_parameters)
+        stripped_params = params.delete_if { |key| key == "sz" }
+
+        # don't return an empty Hash since that would result
+        # in URLs with a trailing ? character: http://image.url?
+        return nil if stripped_params.empty?
+
+        URI.encode_www_form(stripped_params)
+      end
+
+      def verify_token(access_token)
+        return false unless access_token
+        raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo',
+                                      params: { access_token: access_token }).parsed
+        raw_response['aud'] == options.client_id || options.authorized_client_ids.include?(raw_response['aud'])
+      end
+
+      def verify_hd(access_token)
+        return true unless options.hd
+        @raw_info ||= access_token.get('https://www.googleapis.com/plus/v1/people/me/openIdConnect').parsed
+        allowed_hosted_domains = Array(options.hd)
+
+        raise CallbackError.new(:invalid_hd, "Invalid Hosted Domain") unless allowed_hosted_domains.include? @raw_info['hd']
+        true
+      end
+    end
+  end
+end

data/lib/omniauth_myvr.rb

@@ -0,0 +1,7 @@
+require File.join('omniauth', 'myvr')
+
+module OmniAuth
+  module MyVROAuth
+    VERSION = '0.0.1'
+  end
+end

data/omniauth-myvr.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = "omniauth-myvr"
+  s.version     = "0.0.1"
+  s.authors     = ["CJ Avilla"]
+  s.email       = ["cjavilla@gmail.com"]
+  s.homepage    = "https://github.com/w1zeman1p/omniauth-myvr"
+  s.description = %q{OmniAuth strategy for MyVR}
+  s.summary     = s.description
+  s.license     = "MIT"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency 'omniauth', '>= 1.1.1'
+  s.add_dependency 'omniauth-oauth2', '>= 1.3.1'
+  s.add_development_dependency 'bundler', '~> 1.0'
+end

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-myvr
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- CJ Avilla
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: OmniAuth strategy for MyVR
+email:
+- cjavilla@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- example/Gemfile
+- example/auth.js
+- example/config.ru
+- example/omni_auth.rb
+- lib/omniauth/strategies/myvr.rb
+- lib/omniauth_myvr.rb
+- omniauth-myvr.gemspec
+homepage: https://github.com/w1zeman1p/omniauth-myvr
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: OmniAuth strategy for MyVR
+test_files: []