omniauth-oauth2-oneid 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2b61ad0817150bd052d2e76ebd163ebf48f7e18fa6f90283604a432c1fcf75ef
+  data.tar.gz: 53132f583c695c88a87ba02d774262bfe5a07bb205b9b33e3a5959b3d9537d3e
+SHA512:
+  metadata.gz: ff7e75bced530609cd8e78a082645c27a9447674e5c12925fe000d2788edaef7f1cc10318507d7be6cebf04666432784a534565df3326d38076d7d0db8163cce
+  data.tar.gz: 62d1293cbad8e21dbeda14b1b4e5b1ce76c103d8b5d22d42d9156cf3d314d2ee9b564fd72d60db346199456dc67e00e387f7d0b6da042a8ae4c265dcb7b8b4c6

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.gem

data/Gemfile

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec
+
+gem "omniauth-oauth2", "~> 1.8"
+gem "rake", "~> 13.0"
+gem 'faraday', '~> 2.12', '>= 2.12.2'

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Patcharapong
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1 @@
+# Omniauth::Strategies::OAuth2OneID

data/Rakefile

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+task default: %i[]

data/bin/console

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "omniauth/sso/oneid"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/omniauth/oneid/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module OAuth2OneID
+    VERSION = "0.1.0"
+  end
+end

data/lib/omniauth/strategies/oauth2_oneid.rb

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+
+require 'omniauth-oauth2'
+require 'faraday'
+require 'json'
+
+module OmniAuth
+  module Strategies
+    ConnectionError = Class.new(Faraday::ConnectionFailed)
+    TimeoutError = Class.new(Faraday::TimeoutError)
+  
+    class OAuth2OneID < OmniAuth::Strategies::OAuth2
+      option :name, "oauth2_oneid"
+      option :provider_ignores_state, true
+      option :client_options,
+      {
+        site: "https://one.th",
+        user_info_url: "/go-api/v1/citizen/service/account?q=all",
+        auth_scheme: :request_body,
+        authorize_url: "/api/oauth/getcode",
+        token_url: "/oauth/token",
+        business_url: "/api/v3/business/service/list-business",
+      }
+      option :businesses, []
+      option :auto_block,
+      {
+        enabled: false,
+        gitlab_api: "http://localhost",
+        gitlab_token: ""
+      }
+
+      # Get uid
+      uid do
+        user_path['id'].to_s
+      end
+
+      # Get account info
+      info do
+        hash = {
+          name: "#{user_path['account_title_th']}#{user_path['first_name_th']} #{user_path['last_name_th']}",
+          email: user_path['thai_email'],
+          email_verified: user_path['thai_email'],
+          urls: {
+            oneid: "https://one.th/portal_index"
+          }
+        }
+        if user_path['account_category '] != "Residential"
+          hash['name'] = "#{user_path['account_title_eng']} #{user_path['first_name_eng']} #{user_path['last_name_eng']}"
+        end
+
+        if !check_business
+          gitlab_auto_block
+          raise "Forbidden. Unauthorized access restricted."
+        end
+
+        hash
+      end
+
+      extra do
+        hash = {}
+        hash[:id_info] = user_path
+        hash[:business_info] = business_info
+        if business_info['data'].empty?
+          gitlab_auto_block
+          raise "Forbidden. Unauthorized access restricted."
+        end
+        hash
+      end
+
+      def email
+        user_path['thai_email']
+      end
+  
+      def raw_info
+        @raw_info ||= access_token.get(options.client_options[:user_info_url]).parsed
+      end
+
+      def business_info
+        @business_info ||= access_token.get(options.client_options[:business_url]).parsed
+      end
+  
+      def authorize_params
+        params = super
+        puts params.inspect
+        params.transform_values { |v| v.respond_to?(:call) ? v.call(request) : v }
+      end
+
+      def callback_url
+        options.client_options[:redirect_uri] || (full_host + script_name + callback_path)
+      end
+
+      protected
+        def build_access_token
+          verifier = request.params["code"]
+          client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))
+        end
+
+        def user_path
+          raw_info['data']
+        end
+
+        def check_business
+          return true unless !options.businesses.empty?
+          b_set = options.businesses.to_set
+          business_info['data'].each do |b|
+            id = b[:id]
+            if b_set.include?(id)
+              return true
+            end
+          end
+          false
+        end
+
+        def gitlab_auto_block
+          if !options.auto_block[:enabled]
+            return
+          end
+
+          users = gitlab_api_get_user
+          if users.any?
+            # do nothing if user has blocked
+            if users.first['state'] == "blocked"
+              return
+            end
+            user_id = users.first['id']
+            gitlab_api_block_user(user_id)
+            log :info, "Auto block gitlab id: #{user_id}, account_id #{uid} for #{options.name} successful."
+          end
+        rescue => e
+          log :error, "Auto block account #{uid} for #{options.name} error #{e}"
+        end
+
+        def gitlab_api_get_user
+          execute_request(:get, "/api/v4/users", {params: {provider: options.name, extern_uid: uid}, headers: {'PRIVATE-TOKEN': options.auto_block[:gitlab_token]}})
+        end
+
+        def gitlab_api_block_user(user_id)
+          execute_request(:post, "/api/v4/users/#{user_id}/block", {headers: {'PRIVATE-TOKEN': options.auto_block[:gitlab_token]}})
+        end
+
+        def execute_request(verb, url, opts = {})
+          @connection ||= Faraday.new(options.auto_block[:gitlab_api], {})
+
+          url = @connection.build_url(url).to_s
+          begin
+            response = @connection.run_request(verb, url, opts[:body], opts[:headers]) do |req|
+              req.params.update(opts[:params]) if opts[:params]
+              yield(req) if block_given?
+            end
+          rescue Faraday::ConnectionFailed => e
+            raise ConnectionError, e
+          rescue Faraday::TimeoutError => e
+            raise TimeoutError, e
+          end
+
+          if response.status >= 300
+            raise ConnectionError, "Gitlab api return error #{response.status} #{response.body}"
+          end
+          JSON.parse(response.body)
+        end
+    end
+  end
+end
+
+OmniAuth.config.add_camelization "oauth2_oneid", "OAuth2OneID"

data/lib/omniauth-oauth2-oneid.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require_relative "omniauth/oneid/version"
+require_relative "omniauth/strategies/oauth2_oneid"

data/omniauth-oauth2-oneid.gemspec

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require_relative "lib/omniauth/oneid/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "omniauth-oauth2-oneid"
+  spec.version = OmniAuth::OAuth2OneID::VERSION
+  spec.authors = ["Patcharapong"]
+  spec.email = ["patcharp@live.com"]
+
+  spec.summary = "OAuth2 SSO One ID"
+  spec.description = "Configurable Strategy for One ID OAuth2 provider"
+  spec.homepage = "https://github.com/inet-devhub/omniauth-oauth2-oneid"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.1.0"
+
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'omniauth-oauth2', '~> 1.8'
+  spec.add_dependency 'rake', '~> 13.2'
+  spec.add_dependency 'faraday', '~> 2.12', '>= 2.12.2'
+end

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-oauth2-oneid
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Patcharapong
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2025-03-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.12'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.12.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.12'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.12.2
+description: Configurable Strategy for One ID OAuth2 provider
+email:
+- patcharp@live.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/omniauth-oauth2-oneid.rb
+- lib/omniauth/oneid/version.rb
+- lib/omniauth/strategies/oauth2_oneid.rb
+- omniauth-oauth2-oneid.gemspec
+homepage: https://github.com/inet-devhub/omniauth-oauth2-oneid
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.20
+signing_key:
+specification_version: 4
+summary: OAuth2 SSO One ID
+test_files: []