omniauth-oauth 1.0.0.beta1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format=progress

data/Gemfile

@@ -0,0 +1,12 @@
+source 'http://rubygems.org'
+
+gem 'omniauth', :git => 'git://github.com/intridea/omniauth.git'
+gemspec
+
+group :development, :test do
+  gem 'guard'
+  gem 'guard-rspec'
+  gem 'guard-bundler'
+  gem 'growl'
+  gem 'rb-fsevent'
+end

data/Guardfile

@@ -0,0 +1,11 @@
+guard 'rspec', :version => 2 do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end
+
+
+guard 'bundler' do
+  watch('Gemfile')
+  watch(/^.+\.gemspec/)
+end

data/README.md

@@ -0,0 +1,78 @@
+# OmniAuth OAuth
+
+**Note:** This gem is designed to work with the in-beta OmniAuth 1.0
+library. It will not be officially released on RubyGems.org until
+OmniAuth 1.0 is released.
+
+This gem contains a generic OAuth strategy for OmniAuth. It is meant to
+serve as a building block strategy for other strategies and not to be
+used independently (since it has no inherent way to gather uid and user
+info).
+
+## Creating an OAuth Strategy
+
+To create an OmniAuth OAuth strategy using this gem, you can simply
+subclass it and add a few extra methods like so:
+
+    require 'omniauth-oauth'
+
+    module OmniAuth
+      module Strategies
+        class SomeSite < OmniAuth::Strategies::OAuth
+          # Give your strategy a name.
+          option :name, "some_site"
+
+          # This is where you pass the options you would pass when
+          # initializing your consumer from the OAuth gem.
+          option :client_options, {:site => "https://api.somesite.com"}
+
+          # These are called after authentication has succeeded. If
+          # possible, you should try to set the UID without making
+          # additional calls (if the user id is returned with the token
+          # or as a URI parameter). This may not be possible with all
+          # providers.
+          uid{ request.params['user_id'] }
+
+          info do
+            {
+              :name => raw_info['name'],
+              :location => raw_info['city']
+            }
+          end
+
+          extra do
+            {
+              'raw_info' => raw_info
+            }
+          end
+
+          def raw_info
+            @raw_info ||= MultiJson.decode(access_token.get('/me.json')).body
+          end
+        end
+      end
+    end
+
+That's pretty much it!
+
+## License
+
+Copyright (C) 2011 by Michael Bleigh and Intridea, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task :default => :spec
+
+desc "Run specs"
+RSpec::Core::RakeTask.new

data/lib/omniauth-oauth.rb

@@ -0,0 +1,3 @@
+require "omniauth-oauth/version"
+require 'omniauth/strategies/oauth'
+

data/lib/omniauth-oauth/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module OAuth
+    VERSION = "1.0.0.beta1"
+  end
+end

data/lib/omniauth/strategies/oauth.rb

@@ -0,0 +1,81 @@
+require 'multi_json'
+require 'oauth'
+require 'omniauth'
+
+module OmniAuth
+  module Strategies
+    class OAuth
+      include OmniAuth::Strategy
+
+      args [:consumer_key, :consumer_secret]
+      option :consumer_key, nil
+      option :consumer_secret, nil
+      option :client_options, {}
+      option :open_timeout, 30
+      option :read_timeout, 30
+      option :authorize_params, {}
+
+      attr_reader :access_token
+
+      def consumer
+        consumer = ::OAuth::Consumer.new(options.consumer_key, options.consumer_secret, options.client_options)
+        consumer.http.open_timeout = options.open_timeout if options.open_timeout
+        consumer.http.read_timeout = options.read_timeout if options.read_timeout
+        consumer
+      end
+
+      def request_phase
+        request_token = consumer.get_request_token(:oauth_callback => callback_url)
+        session['oauth'] ||= {}
+        session['oauth'][name.to_s] = {'callback_confirmed' => request_token.callback_confirmed?, 'request_token' => request_token.token, 'request_secret' => request_token.secret}
+
+        if request_token.callback_confirmed?
+          redirect request_token.authorize_url(options[:authorize_params])
+        else
+          redirect request_token.authorize_url(options[:authorize_params].merge(:oauth_callback => callback_url))
+        end
+
+      rescue ::Timeout::Error => e
+        fail!(:timeout, e)
+      rescue ::Net::HTTPFatalError, ::OpenSSL::SSL::SSLError => e
+        fail!(:service_unavailable, e)
+      end
+
+      def callback_phase
+        raise OmniAuth::NoSessionError.new("Session Expired") if session['oauth'].nil?
+
+        request_token = ::OAuth::RequestToken.new(consumer, session['oauth'][name.to_s].delete('request_token'), session['oauth'][name.to_s].delete('request_secret'))
+
+        opts = {}
+        if session['oauth'][name.to_s]['callback_confirmed']
+          opts[:oauth_verifier] = request['oauth_verifier']
+        else
+          opts[:oauth_callback] = callback_url
+        end
+
+        @access_token = request_token.get_access_token(opts)
+        super
+      rescue ::Timeout::Error => e
+        fail!(:timeout, e)
+      rescue ::Net::HTTPFatalError, ::OpenSSL::SSL::SSLError => e
+        fail!(:service_unavailable, e)
+      rescue ::OAuth::Unauthorized => e
+        fail!(:invalid_credentials, e)
+      rescue ::NoMethodError, ::MultiJson::DecodeError => e
+        fail!(:invalid_response, e)
+      rescue ::OmniAuth::NoSessionError => e
+        fail!(:session_expired, e)
+      end
+
+      credentials do
+        {'token' => access_token.token, 'secret' => access_token.secret}
+      end
+
+      extra do
+        {'access_token' => access_token}
+      end
+    end
+  end
+end
+
+OmniAuth.config.add_camelization 'oauth', 'OAuth'

data/omniauth-oauth.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/omniauth-oauth/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Michael Bleigh"]
+  gem.email         = ["michael@intridea.com"]
+  gem.description   = %q{A generic OAuth (1.0/1.0a) strategy for OmniAuth.}
+  gem.summary       = %q{A generic OAuth (1.0/1.0a) strategy for OmniAuth.}
+  gem.homepage      = "https://github.com/intridea/omniauth-oauth"
+
+  gem.add_runtime_dependency     'omniauth', '~> 1.0.0.beta1'
+  gem.add_runtime_dependency     'oauth'
+  gem.add_development_dependency 'rspec', '~> 2.6'
+  gem.add_development_dependency 'webmock'
+  gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'rack-test'
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "omniauth-oauth"
+  gem.require_paths = ["lib"]
+  gem.version       = OmniAuth::OAuth::VERSION
+end

data/spec/omniauth/strategies/oauth_spec.rb

@@ -0,0 +1,140 @@
+require 'spec_helper'
+
+describe "OmniAuth::Strategies::OAuth" do
+  class MyOAuthProvider < OmniAuth::Strategies::OAuth
+    uid{ access_token.token }
+    info{ {'name' => access_token.token} }
+  end
+
+  def app
+    Rack::Builder.new {
+      use OmniAuth::Test::PhonySession
+      use OmniAuth::Builder do
+        provider MyOAuthProvider, 'abc', 'def', :client_options => {:site => 'https://api.example.org'}, :name => 'example.org'
+        provider MyOAuthProvider, 'abc', 'def', :client_options => {:site => 'https://api.example.org'}, :authorize_params => {:abc => 'def'}, :name => 'example.org_with_authorize_params'
+      end
+      run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] }
+    }.to_app
+  end
+
+  def session
+    last_request.env['rack.session']
+  end
+
+  before do
+    stub_request(:post, 'https://api.example.org/oauth/request_token').
+       to_return(:body => "oauth_token=yourtoken&oauth_token_secret=yoursecret&oauth_callback_confirmed=true")
+  end
+
+  it 'should add a camelization for itself' do
+    OmniAuth::Utils.camelize('oauth').should == 'OAuth'
+  end
+
+  describe '/auth/{name}' do
+    context 'successful' do
+      before do
+        get '/auth/example.org'
+      end
+
+      it 'should redirect to authorize_url' do
+        last_response.should be_redirect
+        last_response.headers['Location'].should == 'https://api.example.org/oauth/authorize?oauth_token=yourtoken'
+      end
+
+      it 'should redirect to authorize_url with authorize_params when set' do
+        get '/auth/example.org_with_authorize_params'
+        last_response.should be_redirect
+        [
+          'https://api.example.org/oauth/authorize?abc=def&oauth_token=yourtoken',
+          'https://api.example.org/oauth/authorize?oauth_token=yourtoken&abc=def'
+        ].should be_include(last_response.headers['Location'])
+      end
+
+      it 'should set appropriate session variables' do
+        session['oauth'].should == {"example.org" => {'callback_confirmed' => true, 'request_token' => 'yourtoken', 'request_secret' => 'yoursecret'}}
+      end
+    end
+
+    context 'unsuccessful' do
+      before do
+        stub_request(:post, 'https://api.example.org/oauth/request_token').
+           to_raise(::Net::HTTPFatalError.new(%Q{502 "Bad Gateway"}, nil))
+        get '/auth/example.org'
+      end
+
+      it 'should call fail! with :service_unavailable' do
+        last_request.env['omniauth.error'].should be_kind_of(::Net::HTTPFatalError)
+        last_request.env['omniauth.error.type'] = :service_unavailable
+      end
+
+      context "SSL failure" do
+        before do
+          stub_request(:post, 'https://api.example.org/oauth/request_token').
+             to_raise(::OpenSSL::SSL::SSLError.new("SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"))
+          get '/auth/example.org'
+        end
+
+        it 'should call fail! with :service_unavailable' do
+          last_request.env['omniauth.error'].should be_kind_of(::OpenSSL::SSL::SSLError)
+          last_request.env['omniauth.error.type'] = :service_unavailable
+        end
+      end
+    end
+  end
+
+    describe '/auth/{name}/callback' do
+      before do
+        stub_request(:post, 'https://api.example.org/oauth/access_token').
+         to_return(:body => "oauth_token=yourtoken&oauth_token_secret=yoursecret")
+      get '/auth/example.org/callback', {:oauth_verifier => 'dudeman'}, {'rack.session' => {'oauth' => {"example.org" => {'callback_confirmed' => true, 'request_token' => 'yourtoken', 'request_secret' => 'yoursecret'}}}}
+    end
+
+    it 'should exchange the request token for an access token' do
+      last_request.env['omniauth.auth']['provider'].should == 'example.org'
+      last_request.env['omniauth.auth']['extra']['access_token'].should be_kind_of(OAuth::AccessToken)
+    end
+
+    it 'should call through to the master app' do
+      last_response.body.should == 'true'
+    end
+
+    context "bad gateway (or any 5xx) for access_token" do
+      before do
+        stub_request(:post, 'https://api.example.org/oauth/access_token').
+           to_raise(::Net::HTTPFatalError.new(%Q{502 "Bad Gateway"}, nil))
+        get '/auth/example.org/callback', {:oauth_verifier => 'dudeman'}, {'rack.session' => {'oauth' => {"example.org" => {'callback_confirmed' => true, 'request_token' => 'yourtoken', 'request_secret' => 'yoursecret'}}}}
+      end
+
+      it 'should call fail! with :service_unavailable' do
+        last_request.env['omniauth.error'].should be_kind_of(::Net::HTTPFatalError)
+        last_request.env['omniauth.error.type'] = :service_unavailable
+      end
+    end
+
+    context "SSL failure" do
+      before do
+        stub_request(:post, 'https://api.example.org/oauth/access_token').
+           to_raise(::OpenSSL::SSL::SSLError.new("SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"))
+        get '/auth/example.org/callback', {:oauth_verifier => 'dudeman'}, {'rack.session' => {'oauth' => {"example.org" => {'callback_confirmed' => true, 'request_token' => 'yourtoken', 'request_secret' => 'yoursecret'}}}}
+      end
+
+      it 'should call fail! with :service_unavailable' do
+        last_request.env['omniauth.error'].should be_kind_of(::OpenSSL::SSL::SSLError)
+        last_request.env['omniauth.error.type'] = :service_unavailable
+      end
+    end
+  end
+
+  describe '/auth/{name}/callback with expired session' do
+    before do
+      stub_request(:post, 'https://api.example.org/oauth/access_token').
+         to_return(:body => "oauth_token=yourtoken&oauth_token_secret=yoursecret")
+      get '/auth/example.org/callback', {:oauth_verifier => 'dudeman'}, {'rack.session' => {}}
+    end
+
+    it 'should call fail! with :session_expired' do
+      last_request.env['omniauth.error'].should be_kind_of(::OmniAuth::NoSessionError)
+      last_request.env['omniauth.error.type'] = :session_expired
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'simplecov'
+SimpleCov.start
+require 'rspec'
+require 'rack/test'
+require 'webmock/rspec'
+require 'omniauth'
+require 'omniauth-oauth'
+
+RSpec.configure do |config|
+  config.include WebMock::API
+  config.include Rack::Test::Methods
+  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
+end
+

metadata

@@ -0,0 +1,125 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-oauth
+version: !ruby/object:Gem::Version
+  version: 1.0.0.beta1
+  prerelease: 6
+platform: ruby
+authors:
+- Michael Bleigh
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-10-19 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: &70140877791080 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.0.beta1
+  type: :runtime
+  prerelease: false
+  version_requirements: *70140877791080
+- !ruby/object:Gem::Dependency
+  name: oauth
+  requirement: &70140877790660 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70140877790660
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70140877790120 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :development
+  prerelease: false
+  version_requirements: *70140877790120
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: &70140877789700 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70140877789700
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: &70140877789240 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70140877789240
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: &70140877788820 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70140877788820
+description: A generic OAuth (1.0/1.0a) strategy for OmniAuth.
+email:
+- michael@intridea.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- Guardfile
+- README.md
+- Rakefile
+- lib/omniauth-oauth.rb
+- lib/omniauth-oauth/version.rb
+- lib/omniauth/strategies/oauth.rb
+- omniauth-oauth.gemspec
+- spec/omniauth/strategies/oauth_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/intridea/omniauth-oauth
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>'
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: A generic OAuth (1.0/1.0a) strategy for OmniAuth.
+test_files:
+- spec/omniauth/strategies/oauth_spec.rb
+- spec/spec_helper.rb