omniauth-oauthio 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8d37a4503efe522eb66a84b32a32711757aae4d2
-  data.tar.gz: e8befcc5493e673f02ab3284d74c489357206e29
+  metadata.gz: 70606edfa2af2716b721133a36072b165f60c210
+  data.tar.gz: 4be6085639515da6d8d873369b6af0b6f838a55a
 SHA512:
-  metadata.gz: 72832698e7031e680ba868d66958034abafd4c202b72ff7d41c55edc5f91540baa65c7089d11bca36be7e363557c42367a786d900955c095b4333a894b416e37
-  data.tar.gz: aa6173e79c1fcf85ea5abb981bd068e3db13ad7a2d6f62ec32ba0e28b732db93463e60e9e85ff40276d28300f75a5d95913555c924ef204cd5eaa48d7fd4ee0f
+  metadata.gz: 321dd9cb4655504e3c663bef40d2858aba636f6b61e9b67223e836795191fe2c8ba28f9f75a0734a65071e65532efc53acea399eaea1b479e112287c5f61a911
+  data.tar.gz: 6b44d837670e892a6e89e854e1f6433f98145a3ead21250af3c61972aedbb581cad8cad0f97f97d41db77ef16bc9139f2d3e68559d95ffa4a5e4dece865fc8a4

data/.gitignore

@@ -1,6 +1,5 @@
 *.gem
 .bundle
-.rspec
 /Gemfile.lock
 example/Gemfile.lock
 pkg/*
@@ -9,3 +8,5 @@ tmp
 bin
 .idea
 *.iml
+example/app.log
+/coverage

data/.rspec

@@ -0,0 +1,3 @@
+--color
+--require spec_helper
+--format doc

data/README.md

@@ -1,129 +1,149 @@
 omniauth-oauthio
 =================
 
-OAuth.io Strategy for OmniAuth
+[OAuth.io](https://oauth.io/) Strategy for OmniAuth
 
 ## Installing
 
 Add to your `Gemfile`:
 
 ```ruby
-gem 'omniauth-oauthio', path: 'https://github.com/jgrowl/omniauth-oauthio.git'
+gem 'omniauth-oauthio', '~> 0.2.1'
 ```
 
 Then `bundle install`.
 
 ## Usage
 
-`OmniAuth::Strategies::Oauthio` is simply a Rack middleware. Read the OmniAuth docs for detailed instructions: https://github.com/intridea/omniauth.
-
-Here's a quick example, adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
-
-```ruby
-Rails.application.config.middleware.use OmniAuth::Builder do
-  configure do |config|
-    config.path_prefix = '/users/auth'
-  end
-end
-```
-
 The following steps on the front-end need to occur:
 
 1. Initialize the OAuth public key.
 
-2. Perform get request to initiate the request_phase, using the .json option for SPA (This is to get a state string from the server).
-
-3. Use OAuth.io's javascript api to initiate a popup (Passing along the state from step 2).
-
-4. Perform get request to initiate callback_phase (Passing along the state and code received in step 3).
-
-For example:  (NOTE: I need to update this. I am currently using dart in my test app)
-
-```coffeescript
-OAuth.initialize('YOUR_PUBLIC_KEY')
-
-$.get "http://localhost:3000/users/auth/oauthio.json", (data) ->
-    @options = data
-
-OAuth.popup provider, @options, (err, res) ->
-    if (err)
-      console.log err
-    else
-      $.get "http://localhost:3000/users/auth/oauthio/twitter/callback.json?state=@options.state&code=@options.code", (data) ->
-        console.log(data)
-        # Perform additional login steps
+2. Perform a request to initiate the request_phase `/auth/oauthio/:provider`, using the .json option for a single-page application (this is to get a state string from the server).
+
+3. Optionally, use OAuth.io's JavaScript API to initiate a popup or a redirect, passing along the state from step 2.
+
+4. Perform a request to initiate callback_phase `/auth/oauthio/:provider/callback`, passing along the state and code received in step 3.
+
+For example:
+
+```javascript
+OAuth.initialize('YOUR_PUBLIC_KEY');
+
+var selectedProvider = $('#provider').val();
+var type = $('#type').val();
+
+$.get("/auth/oauthio/" + selectedProvider + ".json").done(function(data){
+  var state = data.state
+  if (type == 'popup') {
+    OAuth.popup(selectedProvider, {'state': state})
+        .done(function(result) {
+          //use result.access_token in your API request
+          //or use result.get|post|put|del|patch|me methods (see below)
+          result.me().done(function(me){
+            $('#me').html(JSON.stringify(me));
+            $.post("/auth/oauthio/" + selectedProvider + "/callback.json", {'state': state, 'code': result.code})
+              .done(function(r){
+                $('#results').html(JSON.stringify(r));
+              });
+          });
+        })
+        .fail(function (err) {
+          //handle error with err
+          console.log(err);
+          $('#results').html(err.message)
+        });
+  } else if (type == 'redirect') {
+    OAuth.redirect(selectedProvider, {'state': state}, '/client-side?provider=' + selectedProvider + '&state=' + state);
+  }
 ```
 
 ## Configuring
 
-### OAuth.io
+### Rails
 
-Be sure to enable the Server-side (code) option on any providers you want to use with this strategy.
+Set `path_prefix` in `config/initializers/omniauth.rb`:
 
-### Custom Callback URL/Path
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  configure do |config|
+    config.path_prefix = '/users/auth'
+  end
+end
+```
 
-You can set a custom `callback_url` or `callback_path` option to override the default value. See [OmniAuth::Strategy#callback_url](https://github.com/intridea/omniauth/blob/master/lib/omniauth/strategy.rb#L411) for more details on the default.
+#### Devise
 
-### Devise
-To use with devise, in `config/initializers/devise.rb`
+To use with [Devise](https://github.com/plataformatec/devise), in `config/initializers/devise.rb`
 
 ```ruby
 config.omniauth :oauthio, ENV['OAUTHIO_PUBLIC_KEY'], ENV['OAUTHIO_SECRET_KEY']
 ```
 
-Add your devise routes in `config/routes.rb`
+Add your Devise routes in `config/routes.rb`:
 
 ```ruby
 devise_for :users, :skip => [:omniauth_callbacks]
 devise_scope :user do
-  match "/users/auth/:provider(/:sub_provider)",
-        constraints: { provider: /oauthio/ },
-        to: "users/omniauth_callbacks#passthru",
-        as: :omniauth_authorize,
-        via: [:get, :post]
-
-  match "/users/auth/:action(/:sub_provider)/callback",
-        constraints: { action: /oauthio/, sub_provider: /twitter|google/ },
-        to: "users/omniauth_callbacks",
-        as: :omniauth_callback,
-        via: [:get, :post]
+  match '/users/auth/:action(/:sub_action)',
+        constraints: {:action => /oauthio/},
+        to: 'users/omniauth_callbacks#passthru',
+        as: :omniauth_authorize, via: [:get, :post]
+
+  match '/users/auth/:action(/:sub_action)/callback',
+        constraints: {:action => /oauthio/},
+        to: 'users/omniauth_callbacks',
+        as: :omniauth_callback, via: [:get, :post]
 end
 ```
 
+`sub_action` options are available if you would like to limit the actual providers allowed on the Rails side:
+
+```ruby
+constraints: {:action => /oauthio/, :sub_action => /twitter|google/}
+```
+
+### OAuth.io
+
+Be sure to enable the server-side (code) option on any providers you want to use with this strategy.
+
 ### Omniauth
 
-Add an oauthio callback in `app/controllers/users/omniauth_callbacks_controller.rb`
+Add an `oauthio` callback in `app/controllers/users/omniauth_callbacks_controller.rb`:
 
 ```ruby
-
 class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
   def oauthio
-
-    # TODO: Do your login logic here! ie. look up the user by the uid or create one if it does not already exist!
+    # TODO: Do your login logic here!
+    # e.g., look up the user by the uid or create one if it does not already
+    # exist!
 
     respond_to do |format|
-      format.json  { render json: auth_hash}
+      format.json  { render json: request.env['omniauth.auth'] }
     end
   end
-
-  def auth_hash
-    request.env['omniauth.auth']
-  end
-
 end
 ```
 
-Create the method used in your callback in your `user.rb`
-
-# Understanding server side flow
+## Understanding server-side flow
 
-oauth.io describes how everything works in their [security](https://oauth.io/docs/security) section.
+OAuth.io describes how everything works in [their security section](https://oauth.io/docs/security):
 
 ![alt text](https://oauth.io/img/server-side-flow.png "Server side flow")
 
+## Running Sample Application
 
-## Credit
+In `example/` there is a simple Sinatra app that uses this gem. You can test Facebook, Twitter, and Google authentication with it. For these providers to work, you'll have to set them up on the provider website, e.g., [Facebook Developers](https://developers.facebook.com), as well as in OAuth.io.
+
+To start the sample app:
+
+    cd example
+    bundle
+    OAUTHIO_PUBLIC_KEY=yourkey OAUTHIO_PRIVATE_KEY=yourprivatekey rackup
 
-https://oauth.io/
+Then visit [http://localhost:9292](http://localhost:9292) in your browser.
+
+## Credit
 
-https://github.com/mkdynamic/omniauth-facebook
+- [OAuth.io](https://oauth.io/)
+- [omniauth-facebook](https://github.com/mkdynamic/omniauth-facebook)

data/Rakefile

@@ -1,8 +1,6 @@
 require 'bundler/gem_tasks'
-require 'rake/testtask'
+require 'rspec/core/rake_task'
 
-Rake::TestTask.new do |task|
-  task.libs << 'test'
-end
+RSpec::Core::RakeTask.new(:spec)
 
-task :default => :test
+task :default => :spec

data/example/Gemfile

@@ -1,5 +1,5 @@
 source 'https://rubygems.org'
 
 gem 'sinatra'
-gem 'sinatra-reloader'
+gem 'sinatra-contrib'
 gem 'omniauth-oauthio', :path => '../'

data/example/app.rb

@@ -1,5 +1,6 @@
+require 'bundler/setup'
 require 'sinatra'
-require "sinatra/reloader"
+require 'sinatra/reloader'
 require 'yaml'
 
 # configure sinatra
@@ -7,7 +8,7 @@ set :run, false
 set :raise_errors, true
 
 # setup logging to file
-log = File.new("app.log", "a+")
+log = File.new('app.log', 'a+')
 $stdout.reopen(log)
 $stderr.reopen(log)
 $stderr.sync = true
@@ -15,15 +16,15 @@ $stdout.sync = true
 
 # server-side flow
 get '/server-side/:provider' do
-  # NOTE: You would just hit this endpoint directly from the browser in a real app. The redirect is just here to
-  #       explicit declare this server-side flow.
+  # NOTE: You would just hit this endpoint directly from the browser in a real
+  # app. The redirect is just here to explicitly declare this server-side flow.
   redirect "/auth/oauthio/#{params[:provider]}"
 end
 
 # client-side flow
 get '/client-side' do
   content_type 'text/html'
-  <<-END
+  <<-END.gsub(/^\s{4}/, '')
     <html>
     <head>
       <title>Client-side Flow Example</title>
@@ -136,9 +137,9 @@ get '/client-side' do
   END
 end
 
-def self.get_or_post(url,&block)
-  get(url,&block)
-  post(url,&block)
+def self.get_or_post(url, &block)
+  get(url, &block)
+  post(url, &block)
 end
 
 get_or_post '/auth/:provider/:sub_provider/callback.?:format?' do
@@ -149,4 +150,8 @@ end
 get '/auth/failure' do
   content_type 'application/json'
   MultiJson.encode(request.env)
-end
+end
+
+get '/' do
+  redirect '/client-side'
+end

data/example/config.ru

@@ -1,6 +1,7 @@
 require 'bundler/setup'
 require 'omniauth-oauthio'
-require './app.rb'
+require 'sinatra'
+require_relative 'app.rb'
 
 use Rack::Session::Cookie, :secret => 'abc123'
 
@@ -8,4 +9,4 @@ use OmniAuth::Builder do
   provider :oauthio, ENV['OAUTHIO_PUBLIC_KEY'], ENV['OAUTHIO_PRIVATE_KEY']
 end
 
-run Sinatra::Application
+run Sinatra::Application

data/lib/oauthio/access_token.rb

@@ -9,23 +9,24 @@ module Oauthio
       # @param [Hash] a hash of AccessToken property values
       # @return [AccessToken] the initalized AccessToken
       def from_hash(client, hash)
-        new(client,
-            hash.delete('provider') || hash.delete(:provider),
-            hash.delete('access_token') || hash.delete(:access_token),
-            hash.delete('oauth_token') || hash.delete(:oauth_token),
-            hash.delete('oauth_token_secret') || hash.delete(:oauth_token_secret),
+        provider = hash.delete('provider') || hash.delete(:provider)
+        access_token = hash.delete('access_token') || hash.delete(:access_token)
+        oauth_token = hash.delete('oauth_token') || hash.delete(:oauth_token)
+        oauth_token_secret = hash.delete('oauth_token_secret') ||
+                             hash.delete(:oauth_token_secret)
+        new(client, provider, access_token, oauth_token, oauth_token_secret,
             hash)
       end
     end
 
-    def initialize(client, provider, token, oauth_token, oauth_token_secret, opts = {})
+    def initialize(client, provider, token, oauth_token, oauth_secret, opts={})
       super client, token, opts
       @provider = provider
       @oauth_token = oauth_token.to_s
-      @oauth_token_secret = oauth_token_secret.to_s
+      @oauth_token_secret = oauth_secret.to_s
     end
 
-    def me()
+    def me
       k = @client.id
       # oauthv = 1  # TODO: Update this
 
@@ -34,13 +35,14 @@ module Oauthio
         oauthio_header = "k=#{k}&access_token=#{@token}"
       elsif !@oauth_token.empty? && !@oauth_token_secret.empty?
         # oauthv=#{oauthv}
-        oauthio_header = "k=#{k}&oauth_token=#{@oauth_token}&oauth_token_secret=#{@oauth_token_secret}"
+        oauthio_header = "k=#{k}&oauth_token=#{@oauth_token}&" +
+                         "oauth_token_secret=#{@oauth_token_secret}"
       else
         # TODO: Throw error if no tokens found
       end
-      opts = {headers: {oauthio: oauthio_header}}
+      opts = {:headers => {:oauthio => oauthio_header}}
       me_url = client.me_url(provider)
       request(:get, me_url, opts)
     end
   end
-end
+end

data/lib/oauthio/client.rb

@@ -17,7 +17,7 @@ module Oauthio
     # @option opts [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error
     #  on responses with 400+ status codes
     # @yield [builder] The Faraday connection builder
-    def initialize(client_id, client_secret, opts = {}, &block)
+    def initialize(client_id, client_secret, opts={}, &block)
       _opts = opts.dup
       @id = client_id
       @secret = client_secret
@@ -35,15 +35,17 @@ module Oauthio
       @options[:connection_opts][:ssl] = ssl if ssl
     end
 
-    def me_url(provider, params = nil)
-      connection.build_url(options[:me_url].sub(/:provider/, provider), params).to_s
+    def me_url(provider, params=nil)
+      connection.build_url(options[:me_url].sub(/:provider/, provider), params).
+                 to_s
     end
 
     # The authorize endpoint URL of the OAuth2 provider
     #
     # @param [Hash] params additional query parameters
-    def authorize_url(provider, params = nil)
-      connection.build_url(options[:authorize_url].sub(/:provider/, provider), params).to_s
+    def authorize_url(provider, params=nil)
+      connection.build_url(options[:authorize_url].sub(/:provider/, provider),
+                           params).to_s
     end
 
     # Makes a request relative to the specified site root.
@@ -58,12 +60,13 @@ module Oauthio
     #   code response for this request.  Will default to client option
     # @option opts [Symbol] :parse @see Response::initialize
     # @yield [req] The Faraday request
-    def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, MethodLength
+    def request(verb, url, opts={}) # rubocop:disable CyclomaticComplexity, MethodLength
       url = connection.build_url(url, opts[:params]).to_s
 
-      response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req|
-        yield(req) if block_given?
-      end
+      response =
+        connection.run_request(verb, url, opts[:body], opts[:headers]) do |req|
+          yield(req) if block_given?
+        end
 
       # Only really care about the status and the actual return body.
       # Oauth2 strategy wraps the response in a Response object that handles parsing and whatnot. That is great when
@@ -74,29 +77,29 @@ module Oauthio
       response = JSON.parse(response.body)
       response['status'] = status
       response['headers'] = headers
-      response = Hashie::Mash.new response
+      response = Hashie::Mash.new(response)
 
       case response.status
-        when 301, 302, 303, 307
-          opts[:redirect_count] ||= 0
-          opts[:redirect_count] += 1
-          return response if opts[:redirect_count] > options[:max_redirects]
-          if response.status == 303
-            verb = :get
-            opts.delete(:body)
-          end
-          request(verb, response.headers['location'], opts)
-        when 200..299, 300..399
-          # on non-redirecting 3xx statuses, just return the response
-          response
-        when 400..599
-          error = OAuth2::Error.new(response)
-          fail(error) if opts.fetch(:raise_errors, options[:raise_errors])
-          response.error = error
-          response
-        else
-          error = OAuth2::Error.new(response)
-          fail(error, "Unhandled status code value of #{response.status}")
+      when 301, 302, 303, 307
+        opts[:redirect_count] ||= 0
+        opts[:redirect_count] += 1
+        return response if opts[:redirect_count] > options[:max_redirects]
+        if response.status == 303
+          verb = :get
+          opts.delete(:body)
+        end
+        request(verb, response.headers['location'], opts)
+      when 200..299, 300..399
+        # on non-redirecting 3xx statuses, just return the response
+        response
+      when 400..599
+        error = OAuth2::Error.new(response)
+        fail(error) if opts.fetch(:raise_errors, options[:raise_errors])
+        response.error = error
+        response
+      else
+        error = OAuth2::Error.new(response)
+        fail(error, "Unhandled status code value of #{response.status}")
       end
     end
 
@@ -106,12 +109,13 @@ module Oauthio
     # @param [Hash] access token options, to pass to the AccessToken object
     # @param [Class] class of access token for easier subclassing OAuth2::AccessToken
     # @return [AccessToken] the initalized AccessToken
-    def get_token(params, access_token_opts = {}, access_token_class = AccessToken)
-      opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)}
+    def get_token(params, access_token_opts={}, access_token_class=AccessToken)
+      opts = {:raise_errors => options[:raise_errors],
+              :parse => params.delete(:parse)}
       if options[:token_method] == :post
         headers = params.delete(:headers)
         opts[:body] = params
-        opts[:headers] =  {'Content-Type' => 'application/x-www-form-urlencoded'}
+        opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}
         opts[:headers].merge!(headers) if headers
       else
         opts[:params] = params
@@ -120,14 +124,16 @@ module Oauthio
 
       # Verify state in the response matches the one in the session
       if response.state != @state
-        raise ::OmniAuth::Strategies::OAuth2::CallbackError.new(nil, :csrf_detected);
+        raise ::OmniAuth::Strategies::OAuth2::CallbackError.new(nil,
+                                                                :csrf_detected)
       end
 
       # error = Error.new(response)
       # fail(error) if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token'])
 
-      provider_client = ::Oauthio::Client.new(@id, @secret, { :site => @site })
-      access_token_class.from_hash(provider_client, response.merge(access_token_opts))
+      provider_client = ::Oauthio::Client.new(@id, @secret, {:site => @site})
+      access_token_class.from_hash(provider_client,
+                                   response.merge(access_token_opts))
     end
 
     # The Authorization Code strategy
@@ -162,4 +168,4 @@ module Oauthio
       @assertion ||= OAuth2::Strategy::Assertion.new(self)
     end
   end
-end
+end

data/lib/oauthio/providers/oauthio.rb

@@ -18,21 +18,19 @@ module Oauthio
       end
 
       def info
-        prune!({
-                   'name' => _raw_info['name'],
-                   'alias' => _raw_info['alias'],
-                   'bio' => _raw_info['bio'],
-                   'avatar' => _raw_info['avatar'],
-                   'firstname' => _raw_info['firstname'],
-                   'lastname' => _raw_info['lastname'],
-                   'gender' => _raw_info['gender'],
-                   'location' => _raw_info['location'],
-                   'local' => _raw_info['local'],
-                   'company' => _raw_info['company'],
-                   'occupation' => _raw_info['occupation'],
-                   'language' => _raw_info['language'],
-                   'birthdate' => _raw_info['birthdate'],
-               })
+        # Map OAuth.io info to standard OmniAuth keys, e.g., OAuth.io's alias
+        # becomes nickname.
+        # See https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema
+        prune!({'nickname' => _raw_info['alias'],
+                'description' => _raw_info['bio'],
+                'image' => _raw_info['avatar'],
+                'first_name' => _raw_info['firstname'],
+                'last_name' => _raw_info['lastname'],
+                'phone' => _raw_info['phones'],
+                'email' => _raw_info['email'],
+                'name' => _raw_info['name'],
+                'location' => _raw_info['location'],
+                'urls' => _raw_info['urls']})
       end
 
       def extra
@@ -47,7 +45,7 @@ module Oauthio
       end
 
       def raw_info
-        @raw_info ||= _raw_info['raw']  || {}
+        @raw_info ||= _raw_info['raw'] || {}
       end
 
       def info_options
@@ -64,11 +62,21 @@ module Oauthio
 
       def credentials
         hash = {}
-        hash.merge!('token' => @access_token.token) if !@access_token.token.empty?
-        hash.merge!('oauth_token' => @access_token.oauth_token,
-                    'oauth_token_secret' => @access_token.oauth_token_secret) if !@access_token.oauth_token.empty? && !@access_token.oauth_token_secret.empty?
-        hash.merge!('refresh_token' => @access_token.refresh_token) if @access_token.expires? && @access_token.refresh_token
-        hash.merge!('expires_at' => @access_token.expires_at) if @access_token.expires?
+        unless @access_token.token.empty?
+          hash.merge!('token' => @access_token.token)
+        end
+        has_oauth_token = !@access_token.oauth_token.empty?
+        has_oauth_token_secret = !@access_token.oauth_token_secret.empty?
+        if has_oauth_token && has_oauth_token_secret
+          hash.merge!('oauth_token' => @access_token.oauth_token,
+                      'oauth_token_secret' => @access_token.oauth_token_secret)
+        end
+        if @access_token.expires? && @access_token.refresh_token
+          hash.merge!('refresh_token' => @access_token.refresh_token)
+        end
+        if @access_token.expires?
+          hash.merge!('expires_at' => @access_token.expires_at)
+        end
         hash.merge!('expires' => @access_token.expires?)
         hash
       end

data/lib/oauthio/strategy/auth_code.rb

@@ -37,7 +37,6 @@ module Oauthio
         params = {'code' => code}.merge(client_params).merge(params)
         @client.get_token(params, opts)
       end
-
     end
   end
-end
+end

data/lib/omniauth/oauthio.rb

@@ -5,5 +5,3 @@ require 'oauthio/access_token'
 require 'oauthio/client'
 require 'oauthio/strategy/auth_code'
 require 'oauthio/providers/oauthio'
-
-

data/lib/omniauth/oauthio/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Oauthio
-    VERSION = '0.2.0'
+    VERSION = '0.2.1'
   end
 end

data/lib/omniauth/strategies/oauthio.rb

@@ -13,36 +13,44 @@ module OmniAuth
       args [:client_id, :client_secret]
 
       # Give your strategy a name.
-      option :name, "oauthio"
+      option :name, 'oauthio'
 
       # This is where you pass the options you would pass when
       # initializing your consumer from the OAuth gem.
-      option :client_options, {
-          :site => 'https://oauth.io',
-      }
+      option :client_options, {:site => 'https://oauth.io'}
 
       option :client_id, nil
       option :client_secret, nil
 
       def current_path
-        # This might not be completely safe. I want to ensure that the current_path does not have a format at the end
-        # so the .json should be removed.
-        super.sub(/(\.json)$/, '');
+        # This might not be completely safe. I want to ensure that the
+        # current_path does not have a format at the end so the .json should be
+        # removed.
+        super.sub(/(\.json)$/, '')
       end
 
       def sub_provider
+        # e.g., /auth/oauthio/twitter
         after_base = request.path.split("#{path_prefix}/#{name}/").last
         slashes = after_base.split('/')
-        slashes.length > 1 ? slashes.first.split('.').first : after_base.split('.').first
+        str = slashes.length > 1 ? slashes.first : after_base
+        str.split('.').first
       end
 
       def request_path
-        options[:request_path].is_a?(String) ? options[:request_path] : "#{path_prefix}/#{name}/#{sub_provider}"
+        if (path=options[:request_path]).is_a?(String)
+          path
+        else
+          "#{path_prefix}/#{name}/#{sub_provider}"
+        end
       end
 
       def callback_path
-        path = options[:callback_path] if options[:callback_path].is_a?(String)
-        path ||= current_path if options[:callback_path].respond_to?(:call) && options[:callback_path].call(env)
+        callback_option = options[:callback_path]
+        path = callback_option if callback_option.is_a?(String)
+        if callback_option.respond_to?(:call) && callback_option.call(env)
+          path ||= current_path
+        end
         path ||= custom_path(:request_path)
         path ||= "#{path_prefix}/#{name}/#{sub_provider}/callback"
         path
@@ -52,25 +60,20 @@ module OmniAuth
         params = authorize_params
         provider = sub_provider
 
-        opts = {
-            state: params.state
-        }.to_json
+        opts = {:state => params.state}.to_json
 
-        # We may want to skip redirecting the user if calling from a SPA that does not want to reload the page.
+        # We may want to skip redirecting the user if calling from a
+        # single-page application that does not want to reload the page.
         if request.path_info =~ /\.json$/
-          return Rack::Response.new(opts, 200, 'content-type' => 'application/json').finish
+          return Rack::Response.new(opts, 200,
+                                    'content-type' => 'application/json').finish
         end
 
-        redirect client.auth_code.authorize_url(provider, {:redirect_uri => callback_url_with_state(params.state)}.merge({opts: opts}))
+        defaults = {:redirect_uri => callback_url_with_state(params.state)}
+        options = defaults.merge({opts: opts})
+        redirect client.auth_code.authorize_url(provider, options)
       end
 
-
-      # note: the callback phase should be the same regardless!
-      #
-      # The request phase though needs to have multiple options
-      # 1. take care of everything the js-sdk does.
-      # 2. partial control where we can get the state to pass to the js-sdk.
-
       def callback_url_with_state(state)
         uri = URI.parse(callback_url)
         new_query_ar = URI.decode_www_form(uri.query || '') << ['state', state]
@@ -79,43 +82,64 @@ module OmniAuth
       end
 
       def auth_hash
-        provider_info = ::Oauthio::Providers::Oauthio.new(access_token, client.secret, options)
+        provider_info = ::Oauthio::Providers::Oauthio.new(access_token,
+                                                          client.secret,
+                                                          options)
         provider = access_token.provider
         hash = AuthHash.new(:provider => provider, :uid => provider_info.uid)
         hash.info = provider_info.info unless provider_info.skip_info?
-        hash.credentials = provider_info.credentials if provider_info.credentials
+        if provider_info.credentials
+          hash.credentials = provider_info.credentials
+        end
         hash.extra = provider_info.extra if provider_info.extra
         hash
       end
 
       def callback_phase
-        if !request.params['code']
-          # TODO: Is there an option we can pass to OAuth.io to prevent it from putting the code in the hash part of the url?
-          # Currently we to parse the hash to get the code and then do an additional redirect.
-          html = '<!DOCTYPE html>
-                    <html><head><script>(function() {
-            "use strict";
-            var hash = document.location.hash;
-            var data = JSON.parse(decodeURIComponent(hash.split("=")[1]));
-            var code = data.data.code
-            document.location.href = document.location.origin + document.location.pathname + document.location.search + "&code=" + code
-            //document.location.href = document.location.href + "&code=" + code
-          })();</script></head><body></body></html>'
+        unless request.params['code']
+          # TODO: Is there an option we can pass to OAuth.io to prevent it from
+          # putting the code in the hash part of the url? Currently we have to
+          # parse the hash to get the code and then do an additional redirect.
+          html = <<-END.gsub(/^\s{10}/, '')
+          <!DOCTYPE html>
+          <html>
+          <head>
+            <script>
+            (function() {
+              "use strict";
+              var hash = document.location.hash;
+              var data = JSON.parse(decodeURIComponent(hash.split("=")[1]));
+              var code = data.data.code;
+              document.location.href = document.location.origin + document.location.pathname + document.location.search + "&code=" + code;
+            })();
+            </script>
+          </head>
+          <body></body>
+          </html>
+          END
           return Rack::Response.new(html, 200).finish
         end
 
-        error = request.params['error_reason'] || request.params['error']
-        if error
-          fail!(error, CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri']))
+        error_message = request.params['error_reason'] ||
+                        request.params['error']
+        if error_message
+          error_description = request.params['error_description'] ||
+                              request.params['error_reason']
+          error = CallbackError.new(request.params['error'],
+                                    error_description,
+                                    request.params['error_uri'])
+          fail!(error_message, error)
         elsif !options.provider_ignores_state && !verified_state?
-          fail!(:csrf_detected, CallbackError.new(:csrf_detected, 'CSRF detected'))
+          error = CallbackError.new(:csrf_detected, 'CSRF detected')
+          fail!(:csrf_detected, error)
         else
           self.access_token = build_access_token
           self.access_token = access_token.refresh! if access_token.expired?
-
           env['omniauth.auth'] = auth_hash
+
           # Delete the omniauth.state after we have verified all requests
           session.delete('omniauth.state')
+
           call_app!
         end
       rescue CallbackError => e
@@ -129,10 +153,12 @@ module OmniAuth
       end
 
       protected
+
       def client
         state = session['omniauth.state']
         options.client_options[:state] = state
-        ::Oauthio::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
+        ::Oauthio::Client.new(options.client_id, options.client_secret,
+                              deep_symbolize(options.client_options))
       end
 
       def verified_state?

data/omniauth-oauthio.gemspec

@@ -17,7 +17,8 @@ Gem::Specification.new do |s|
 
   s.add_runtime_dependency 'omniauth-oauth2', '~> 1.2'
 
-  s.add_development_dependency 'minitest'
   s.add_development_dependency 'mocha'
   s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'simplecov'
 end

data/spec/client_spec.rb

@@ -0,0 +1,102 @@
+RSpec.describe Oauthio::Client do
+  let(:site) { 'https://oauth.io' }
+  let(:client_id) { '123' }
+  let(:client_secret) { '53cr37' }
+  let(:client) { Oauthio::Client.new(client_id, client_secret, options) }
+
+  describe 'me_url' do
+    let(:provider) { 'google' }
+    subject { client.me_url(provider, params) }
+
+    context 'when me_url option is not specified' do
+      let(:options) { {:site => site} }
+
+      context 'without URL parameters' do
+        let(:params) { {} }
+
+        it 'replaces provider in URL' do
+          expect(subject).to eq("#{site}/auth/#{provider}/me")
+        end
+      end
+
+      context 'with URL parameters' do
+        let(:params) { {'foo' => 'bar', 'cat' => 'dog'} }
+
+        it 'includes given URL parameters' do
+          expect(subject).to eq("#{site}/auth/#{provider}/me?cat=dog&foo=bar")
+        end
+      end
+    end
+
+    context 'when me_url option is specified' do
+      let(:options) {
+        {:site => site, :me_url => '/big-cats/catch-mice/:provider'}
+      }
+
+      context 'without URL parameters' do
+        let(:params) { {} }
+
+        it 'replaces provider in URL' do
+          expect(subject).to eq("#{site}/big-cats/catch-mice/#{provider}")
+        end
+      end
+
+      context 'with URL parameters' do
+        let(:params) { {'foo' => 'bar', 'cat' => 'dog'} }
+
+        it 'includes given URL parameters' do
+          expect(subject).
+              to eq("#{site}/big-cats/catch-mice/#{provider}?cat=dog&foo=bar")
+        end
+      end
+    end
+  end
+
+  describe 'authorize_url' do
+    let(:provider) { 'twitter' }
+    subject { client.authorize_url(provider, params) }
+
+    context 'when authorize_url option is not specified' do
+      let(:options) { {:site => site} }
+
+      context 'without URL parameters' do
+        let(:params) { {} }
+
+        it 'replaces provider in URL' do
+          expect(subject).to eq("#{site}/auth/#{provider}")
+        end
+      end
+
+      context 'with URL parameters' do
+        let(:params) { {'foo' => 'bar', 'cat' => 'dog'} }
+
+        it 'includes given URL parameters' do
+          expect(subject).to eq("#{site}/auth/#{provider}?cat=dog&foo=bar")
+        end
+      end
+    end
+
+    context 'when authorize_url option is specified' do
+      let(:options) {
+        {:site => site, :authorize_url => '/:provider/FABULOUS-URL'}
+      }
+
+      context 'without URL parameters' do
+        let(:params) { {} }
+
+        it 'replaces provider in URL' do
+          expect(subject).to eq("#{site}/#{provider}/FABULOUS-URL")
+        end
+      end
+
+      context 'with URL parameters' do
+        let(:params) { {'foo1' => 'bar', 'cat' => 'dog2'} }
+
+        it 'includes given URL parameters' do
+          expect(subject).
+              to eq("#{site}/#{provider}/FABULOUS-URL?cat=dog2&foo1=bar")
+        end
+      end
+    end
+  end
+end

data/spec/oauthio_spec.rb

@@ -0,0 +1,144 @@
+RSpec.describe OmniAuth::Strategies::Oauthio do
+  let(:provider) { 'facebook' }
+  let(:scheme) { 'https' }
+  let(:path) { "/auth/oauthio/#{provider}" }
+  let(:url) { "#{scheme}://example.com#{path}" }
+  let(:client_id) { '123' }
+  let(:client_secret) { '53cr37' }
+  let(:options) { {} }
+  let(:raw_info) {
+    {'id' => '1234567', 'email' => 'j.doe@example.com', 'name' => 'Jane Doe',
+     'gender' => 'female'}
+  }
+  let(:env) {
+    OmniAuth::AuthHash.new({
+      'omniauth.auth' => {
+        'provider' => provider,
+        'uid' => '1234',
+        'credentials' => {'token' => 'abcdefg'},
+        'extra' => {'raw_info' => raw_info}
+      },
+      'REQUEST_METHOD' => 'GET',
+      'PATH_INFO' => path,
+      'rack.session' => {},
+      'rack.input' => StringIO.new('test=true')
+    })
+  }
+  let(:request) {
+    mock = double('Request', :params => {}, :cookies => {}, :env => env)
+    allow(mock).to receive(:path).and_return(path)
+    allow(mock).to receive(:path_info).and_return(path)
+    allow(mock).to receive(:scheme).and_return(scheme)
+    allow(mock).to receive(:url).and_return(url)
+    mock
+  }
+  let(:app) { ->(env) { [200, {}, ['Hello.']] } }
+  subject {
+    args = [app, client_id, client_secret, options]
+    OmniAuth::Strategies::Oauthio.new(*args).tap do |strategy|
+      allow(strategy).to receive(:request) { request }
+    end
+  }
+
+  before { OmniAuth.config.test_mode = true }
+  after { OmniAuth.config.test_mode = false }
+
+  describe 'sub_provider' do
+    it 'extracts the OAuth provider from the request path' do
+      expect(subject.sub_provider).to eq(provider)
+    end
+  end
+
+  describe 'request_path' do
+    context 'without request_path option' do
+      it 'returns path for provider' do
+        expect(subject.request_path).to eq("/auth/oauthio/#{provider}")
+      end
+    end
+
+    context 'with request_path option' do
+      let(:options) { {:request_path => '/authentication/oauthio'} }
+
+      it 'returns specified request_path' do
+        expect(subject.request_path).to eq(options[:request_path])
+      end
+    end
+  end
+
+  describe 'callback_path' do
+    context 'without callback_path or request_path options' do
+      it 'returns a callback URL for the provider' do
+        expect(subject.callback_path).
+            to eq("/auth/oauthio/#{provider}/callback")
+      end
+    end
+
+    context 'with string request_path option' do
+      let(:options) { {:request_path => '/some/neat/url'} }
+
+      it 'returns specified request_path' do
+        expect(subject.callback_path).to eq(options[:request_path])
+      end
+    end
+
+    context 'with lambda request_path option' do
+      let(:options) { {:request_path => ->(env) { '/really/cool' }} }
+
+      it 'returns result of specified request_path function' do
+        expect(subject.callback_path).to eq('/really/cool')
+      end
+    end
+
+    context 'with lambda callback_path option' do
+      let(:options) { {:callback_path => ->(env) { 'something truthy' }} }
+
+      it 'returns current path' do
+        expect(subject.callback_path).to eq(path)
+      end
+    end
+
+    context 'with string callback_path option' do
+      let(:options) { {:callback_path => "/users/auth/#{provider}/callback"} }
+
+      it 'returns specified callback_path' do
+        expect(subject.callback_path).to eq(options[:callback_path])
+      end
+    end
+  end
+
+  describe 'callback_url_with_state' do
+    let(:state) { 'cool' }
+    before { subject.call!(env) }
+
+    it 'returns full URL with specified state' do
+      expect(subject.callback_url_with_state(state)).
+          to eq("#{url}/callback?state=#{state}")
+    end
+  end
+
+  describe 'auth_hash' do
+    let(:client) { Oauthio::Client.new(client_id, client_secret, {}) }
+    let(:access_token) {
+      token = Oauthio::AccessToken.from_hash(client, {:provider => provider})
+      allow(token).to receive(:request).and_return({'data' => raw_info})
+      token
+    }
+    before do
+      subject.call!(env)
+      allow(subject).to receive(:access_token).and_return(access_token)
+    end
+
+    it 'returns a hash' do
+      expect(subject.auth_hash).to be_an_instance_of(OmniAuth::AuthHash)
+    end
+
+    it 'includes specified provider' do
+      expect(subject.auth_hash['provider']).to eq(provider)
+    end
+
+    it 'has user info from provider' do
+      expect(subject.auth_hash.info['name']).to eq(raw_info['name'])
+      expect(subject.auth_hash.info['email']).to eq(raw_info['email'])
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,30 @@
+ENV['RACK_ENV'] = 'test'
+
+require 'simplecov'
+SimpleCov.start
+
+require 'omniauth-oauthio'
+
+Dir[File.expand_path('../support/**/*', __FILE__)].each {|f| require f }
+
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  if config.files_to_run.one?
+    config.default_formatter = 'doc'
+  end
+
+  config.order = :random
+  Kernel.srand config.seed
+
+  config.expect_with :rspec do |expectations|
+    expectations.syntax = :expect
+  end
+
+  config.mock_with :rspec do |mocks|
+    mocks.syntax = :expect
+    mocks.verify_partial_doubles = true
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-oauthio
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Jonathan Rowlands
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-15 00:00:00.000000000 Z
+date: 2014-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
@@ -25,7 +25,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: mocha
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +53,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -74,12 +88,12 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rspec"
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
 - example/Gemfile
-- example/Gemfile.lock
 - example/app.rb
 - example/config.ru
 - lib/oauthio/access_token.rb
@@ -91,6 +105,9 @@ files:
 - lib/omniauth/oauthio/version.rb
 - lib/omniauth/strategies/oauthio.rb
 - omniauth-oauthio.gemspec
+- spec/client_spec.rb
+- spec/oauthio_spec.rb
+- spec/spec_helper.rb
 - test/helper.rb
 - test/support/shared_examples.rb
 - test/test.rb
@@ -119,6 +136,9 @@ signing_key:
 specification_version: 4
 summary: OAuth.io Strategy for OmniAuth
 test_files:
+- spec/client_spec.rb
+- spec/oauthio_spec.rb
+- spec/spec_helper.rb
 - test/helper.rb
 - test/support/shared_examples.rb
 - test/test.rb