omniauth-oauthio 0.1.0

data/lib/omniauth/strategies/oauthio.rb

@@ -0,0 +1,158 @@
+require 'omniauth/strategies/oauth2'
+require 'base64'
+require 'openssl'
+require 'rack/utils'
+require 'uri'
+
+module OmniAuth
+  module Strategies
+    class Oauthio < OmniAuth::Strategies::OAuth2
+      include OmniAuth::Strategy
+
+      args [:client_id, :client_secret]
+
+      # Give your strategy a name.
+      option :name, "oauthio"
+
+      # This is where you pass the options you would pass when
+      # initializing your consumer from the OAuth gem.
+      option :client_options, {
+          :site => 'https://oauth.io',
+      }
+
+      option :client_id, nil
+      option :client_secret, nil
+
+      # Returns true if the environment recognizes either the
+      # request or callback path.
+      def on_auth_path?
+        on_request_path? || on_callback_path?
+      end
+
+      def client_with_provider(provider)
+        options.client_options.merge!({authorize_url: "#{options.client_options.authorization_url}/#{provider}"})
+        client
+      end
+
+      def current_path
+        # This might not be completely safe. I want to ensure that the current_path does not have a format at the end
+        # so the .json should be removed.
+        super.split('.').first
+      end
+
+      def on_request_path?
+        if options.request_path.respond_to?(:call)
+          options.request_path.call(env)
+        else
+          on_path?(request_path)
+        end
+      end
+
+      def on_path?(path)
+        current_path.casecmp(path) == 0
+      end
+
+      def on_callback_path?
+        on_path?(callback_path)
+      end
+
+      def sub_provider
+        test = request.path.split("#{path_prefix}/#{name}/").last
+        slashes = test.split('/')
+        if slashes.length > 1
+          # return ''
+          return slashes.first.split('.').first
+        end
+
+        test.split('.').first
+      end
+
+      def request_path
+        options[:request_path].is_a?(String) ? options[:request_path] : "#{path_prefix}/#{name}/#{sub_provider}"
+      end
+
+      def callback_path
+        path = options[:callback_path] if options[:callback_path].is_a?(String)
+        path ||= current_path if options[:callback_path].respond_to?(:call) && options[:callback_path].call(env)
+        path ||= custom_path(:request_path)
+        path ||= "#{path_prefix}/#{name}/#{sub_provider}/callback"
+        path
+      end
+
+      def path_prefix
+        options[:path_prefix] || OmniAuth.config.path_prefix
+      end
+
+      def request_phase
+        params = authorize_params
+        # We may want to skip redirecting the user if calling from a SPA that does not want to reload the page.
+        # The json option will return a json response instead of redirecting.
+        if request.path_info.include?('.json')
+          json = {state: session['omniauth.state']}.to_json
+          return Rack::Response.new(json, 200, 'content-type' => 'application/json').finish
+        end
+
+        # TODO: Check the redirect url.
+        provider = params[:provider]
+        params = params.except(:provider)
+        redirect_url = client_with_provider(provider).auth_code.authorize_url({:redirect_uri => callback_url}.merge(params))
+        redirect redirect_url
+      end
+
+      def auth_hash
+        provider_info = ::Oauthio::Providers::Oauthio.new(access_token, client.secret, options)
+        provider = access_token.provider
+        hash = AuthHash.new(:provider => provider, :uid => provider_info.uid)
+        hash.info = provider_info.info unless provider_info.skip_info?
+        hash.credentials = provider_info.credentials if provider_info.credentials
+        hash.extra = provider_info.extra if provider_info.extra
+        hash
+      end
+
+      def callback_phase
+        #if request.params['error'] || request.params['error_reason']
+        #  raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
+        #end
+        if !options.provider_ignores_state && !verified_state?
+          raise CallbackError.new(nil, :csrf_detected)
+        end
+
+        self.access_token = build_access_token
+        self.access_token = access_token.refresh! if access_token.expired?
+
+        env['omniauth.auth'] = auth_hash
+        # Delete the omniauth.state after we have verified all requests
+        session.delete('omniauth.state')
+        call_app!
+
+      #rescue ::Oauthio::Error, CallbackError => e
+      rescue CallbackError => e
+        fail!(:invalid_credentials, e)
+      rescue ::MultiJson::DecodeError => e
+        fail!(:invalid_response, e)
+      rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
+        fail!(:timeout, e)
+      rescue ::SocketError => e
+        fail!(:failed_to_connect, e)
+      end
+
+      protected
+      # Client should only be access via client_with_provider
+      def client
+        state = session['omniauth.state']
+        options.client_options[:state] = state
+        ::Oauthio::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
+      end
+
+      def verified_state?
+        state = request.params['state']
+        return false if state.to_s.empty?
+        state == session['omniauth.state']
+      end
+    end
+  end
+end
+
+
+
+

data/lib/omniauth-oauthio.rb

@@ -0,0 +1 @@
+require 'omniauth/oauthio'

data/omniauth-oauthio.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path('../lib', __FILE__)
+require 'omniauth/oauthio/version'
+
+Gem::Specification.new do |s|
+  s.name     = 'omniauth-oauthio'
+  s.version  = OmniAuth::Oauthio::VERSION
+  s.authors  = ['Jonathan Rowlands']
+  s.email    = ['jonrowlands83@gmail.com']
+  s.summary  = 'OAuth.io Strategy for OmniAuth'
+  s.homepage = 'https://github.com/jgrowl/omniauth-oauthio'
+  s.license  = 'MIT'
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.require_paths = ['lib']
+
+  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.1'
+
+  s.add_development_dependency 'minitest'
+  s.add_development_dependency 'mocha'
+  s.add_development_dependency 'rake'
+end

data/test/helper.rb

@@ -0,0 +1,56 @@
+#require 'bundler/setup'
+#require 'minitest/autorun'
+#require 'mocha/setup'
+#require 'omniauth/strategies/facebook'
+#
+#OmniAuth.config.test_mode = true
+#
+#module BlockTestHelper
+#  def test(name, &blk)
+#    method_name = "test_#{name.gsub(/\s+/, '_')}"
+#    raise "Method already defined: #{method_name}" if instance_methods.include?(method_name.to_sym)
+#    define_method method_name, &blk
+#  end
+#end
+#
+#module CustomAssertions
+#  def assert_has_key(key, hash, msg = nil)
+#    msg = message(msg) { "Expected #{hash.inspect} to have key #{key.inspect}" }
+#    assert hash.has_key?(key), msg
+#  end
+#
+#  def refute_has_key(key, hash, msg = nil)
+#    msg = message(msg) { "Expected #{hash.inspect} not to have key #{key.inspect}" }
+#    refute hash.has_key?(key), msg
+#  end
+#end
+#
+#class TestCase < Minitest::Test
+#  extend BlockTestHelper
+#  include CustomAssertions
+#end
+#
+#class StrategyTestCase < TestCase
+#  def setup
+#    @request = stub('Request')
+#    @request.stubs(:params).returns({})
+#    @request.stubs(:cookies).returns({})
+#    @request.stubs(:env).returns({})
+#    @request.stubs(:scheme).returns({})
+#    @request.stubs(:ssl?).returns(false)
+#
+#    @client_id = '123'
+#    @client_secret = '53cr3tz'
+#  end
+#
+#  def strategy
+#    @strategy ||= begin
+#      args = [@client_id, @client_secret, @options].compact
+#      OmniAuth::Strategies::Facebook.new(nil, *args).tap do |strategy|
+#        strategy.stubs(:request).returns(@request)
+#      end
+#    end
+#  end
+#end
+#
+#Dir[File.expand_path('../support/**/*', __FILE__)].each &method(:require)

data/test/support/shared_examples.rb

@@ -0,0 +1,85 @@
+## NOTE it would be useful if this lived in omniauth-Oauthio eventually
+#module OauthioStrategyTests
+#  def self.included(base)
+#    base.class_eval do
+#      include ClientTests
+#      include AuthorizeParamsTests
+#      include CSRFAuthorizeParamsTests
+#      include TokenParamsTests
+#    end
+#  end
+#
+#  module ClientTests
+#    extend BlockTestHelper
+#
+#    test 'should be initialized with symbolized client_options' do
+#      @options = { :client_options => { 'authorize_url' => 'https://example.com' } }
+#      assert_equal 'https://example.com', strategy.client.options[:authorize_url]
+#    end
+#  end
+#
+#  module AuthorizeParamsTests
+#    extend BlockTestHelper
+#
+#    test 'should include any authorize params passed in the :authorize_params option' do
+#      @options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
+#      assert_equal 'bar', strategy.authorize_params['foo']
+#      assert_equal 'zip', strategy.authorize_params['baz']
+#    end
+#
+#    test 'should include top-level options that are marked as :authorize_options' do
+#      @options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+#      assert_equal 'bar', strategy.authorize_params['scope']
+#      assert_equal 'baz', strategy.authorize_params['foo']
+#    end
+#
+#    test 'should exclude top-level options that are not passed' do
+#      @options = { :authorize_options => [:bar] }
+#      refute_has_key :bar, strategy.authorize_params
+#      refute_has_key 'bar', strategy.authorize_params
+#    end
+#  end
+#
+#  module CSRFAuthorizeParamsTests
+#    extend BlockTestHelper
+#
+#    test 'should store random state in the session when none is present in authorize or request params' do
+#      assert_includes strategy.authorize_params.keys, 'state'
+#      refute_empty strategy.authorize_params['state']
+#      refute_empty strategy.session['omniauth.state']
+#      assert_equal strategy.authorize_params['state'], strategy.session['omniauth.state']
+#    end
+#
+#    test 'should not store state in the session when present in authorize params vs. a random one' do
+#      @options = { :authorize_params => { :state => 'bar' } }
+#      refute_empty strategy.authorize_params['state']
+#      refute_equal 'bar', strategy.authorize_params[:state]
+#      refute_empty strategy.session['omniauth.state']
+#      refute_equal 'bar', strategy.session['omniauth.state']
+#    end
+#
+#    test 'should not store state in the session when present in request params vs. a random one' do
+#      @request.stubs(:params).returns({ 'state' => 'foo' })
+#      refute_empty strategy.authorize_params['state']
+#      refute_equal 'foo', strategy.authorize_params[:state]
+#      refute_empty strategy.session['omniauth.state']
+#      refute_equal 'foo', strategy.session['omniauth.state']
+#    end
+#  end
+#
+#  module TokenParamsTests
+#    extend BlockTestHelper
+#
+#    test 'should include any authorize params passed in the :token_params option' do
+#      @options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
+#      assert_equal 'bar', strategy.token_params['foo']
+#      assert_equal 'zip', strategy.token_params['baz']
+#    end
+#
+#    test 'should include top-level options that are marked as :token_options' do
+#      @options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+#      assert_equal 'bar', strategy.token_params['scope']
+#      assert_equal 'baz', strategy.token_params['foo']
+#    end
+#  end
+#end