omniauth-osso 0.1.1 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/hooks/environment +9 -0
- data/.buildkite/hooks/pre-command +7 -0
- data/.buildkite/pipeline.yml +17 -0
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/automerge.yml +19 -0
- data/.rubocop.yml +3 -0
- data/CODE_OF_CONDUCT.md +130 -0
- data/Gemfile.lock +6 -4
- data/LICENSE +109 -0
- data/bin/publish +18 -0
- data/lib/omniauth-osso/version.rb +1 -1
- data/lib/omniauth/strategies/osso.rb +50 -28
- data/omniauth-osso.gemspec +2 -1
- data/spec/omniauth/strategies/osso_spec.rb +70 -8
- data/spec/spec_helper.rb +0 -3
- metadata +16 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ef269453ed0ad4abbd20a3b0fef2798314458a191e8328ab324cb2d901756bf8
|
4
|
+
data.tar.gz: ff3b08d2e09711b81e9200e274c323f01da0b84e0b6006197383cb2a96a30cd8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bebba8a9c1fa6cbf764cd8d524c474095f954c9349fe0f471e8746bb3f72f6f2adba774d32a96fbb29a3c28b7960b8d1770fb8f0967955e4b455ffb92fe7afa1
|
7
|
+
data.tar.gz: d8efb2480199d7ea9d48ad5b296dc10df47f2e001ddad06b01664e4f416e7c82222163ce3845ee1b3aed2920077d4d15ed088789844aa3e692e4e775dbc958d1
|
@@ -0,0 +1,17 @@
|
|
1
|
+
steps:
|
2
|
+
- name: ":rspec:"
|
3
|
+
commands:
|
4
|
+
- bundle install
|
5
|
+
- bundle exec rspec
|
6
|
+
|
7
|
+
- name: "rubocop :male-police-officer:"
|
8
|
+
commands:
|
9
|
+
- bundle install
|
10
|
+
- bundle exec rubocop
|
11
|
+
|
12
|
+
- block: ":rubygems: Publish :red_button:"
|
13
|
+
if: build.tag != null
|
14
|
+
|
15
|
+
- name: "Push :rubygems:"
|
16
|
+
commands: "./bin/publish"
|
17
|
+
if: build.tag != null
|
@@ -0,0 +1,19 @@
|
|
1
|
+
name: auto-merge
|
2
|
+
|
3
|
+
on:
|
4
|
+
pull_request:
|
5
|
+
|
6
|
+
jobs:
|
7
|
+
auto-approve:
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
steps:
|
10
|
+
- uses: actions/checkout@v2
|
11
|
+
- uses: ahmadnassri/action-dependabot-auto-merge@v2
|
12
|
+
with:
|
13
|
+
target: minor
|
14
|
+
github-token: ${{ secrets.TOKEN }}
|
15
|
+
- uses: hmarr/auto-approve-action@v2.0.0
|
16
|
+
if: github.actor == 'dependabot[bot]'
|
17
|
+
with:
|
18
|
+
github-token: "${{ secrets.TOKEN }}"
|
19
|
+
|
data/.rubocop.yml
CHANGED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,130 @@
|
|
1
|
+
|
2
|
+
# Contributor Covenant Code of Conduct
|
3
|
+
|
4
|
+
## Our Pledge
|
5
|
+
|
6
|
+
We as members, contributors, and leaders pledge to make participation in our
|
7
|
+
community a harassment-free experience for everyone, regardless of age, body
|
8
|
+
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
9
|
+
identity and expression, level of experience, education, socio-economic status,
|
10
|
+
nationality, personal appearance, race, religion, or sexual identity
|
11
|
+
and orientation.
|
12
|
+
|
13
|
+
We pledge to act and interact in ways that contribute to an open, welcoming,
|
14
|
+
diverse, inclusive, and healthy community.
|
15
|
+
|
16
|
+
## Our Standards
|
17
|
+
|
18
|
+
Examples of behavior that contributes to a positive environment for our
|
19
|
+
community include:
|
20
|
+
|
21
|
+
* Demonstrating empathy and kindness toward other people
|
22
|
+
* Being respectful of differing opinions, viewpoints, and experiences
|
23
|
+
* Giving and gracefully accepting constructive feedback
|
24
|
+
* Accepting responsibility and apologizing to those affected by our mistakes,
|
25
|
+
and learning from the experience
|
26
|
+
* Focusing on what is best not just for us as individuals, but for the
|
27
|
+
overall community
|
28
|
+
|
29
|
+
Examples of unacceptable behavior include:
|
30
|
+
|
31
|
+
* The use of sexualized language or imagery, and sexual attention or
|
32
|
+
advances of any kind
|
33
|
+
* Trolling, insulting or derogatory comments, and personal or political attacks
|
34
|
+
* Public or private harassment
|
35
|
+
* Publishing others' private information, such as a physical or email
|
36
|
+
address, without their explicit permission
|
37
|
+
* Other conduct which could reasonably be considered inappropriate in a
|
38
|
+
professional setting
|
39
|
+
|
40
|
+
## Enforcement Responsibilities
|
41
|
+
|
42
|
+
Community leaders are responsible for clarifying and enforcing our standards of
|
43
|
+
acceptable behavior and will take appropriate and fair corrective action in
|
44
|
+
response to any behavior that they deem inappropriate, threatening, offensive,
|
45
|
+
or harmful.
|
46
|
+
|
47
|
+
Community leaders have the right and responsibility to remove, edit, or reject
|
48
|
+
comments, commits, code, wiki edits, issues, and other contributions that are
|
49
|
+
not aligned to this Code of Conduct, and will communicate reasons for moderation
|
50
|
+
decisions when appropriate.
|
51
|
+
|
52
|
+
## Scope
|
53
|
+
|
54
|
+
This Code of Conduct applies within all community spaces, and also applies when
|
55
|
+
an individual is officially representing the community in public spaces.
|
56
|
+
Examples of representing our community include using an official e-mail address,
|
57
|
+
posting via an official social media account, or acting as an appointed
|
58
|
+
representative at an online or offline event.
|
59
|
+
|
60
|
+
## Enforcement
|
61
|
+
|
62
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
63
|
+
reported to the community leaders responsible for enforcement at
|
64
|
+
sbauch@gmail.com.
|
65
|
+
All complaints will be reviewed and investigated promptly and fairly.
|
66
|
+
|
67
|
+
All community leaders are obligated to respect the privacy and security of the
|
68
|
+
reporter of any incident.
|
69
|
+
|
70
|
+
## Enforcement Guidelines
|
71
|
+
|
72
|
+
Community leaders will follow these Community Impact Guidelines in determining
|
73
|
+
the consequences for any action they deem in violation of this Code of Conduct:
|
74
|
+
|
75
|
+
### 1. Correction
|
76
|
+
|
77
|
+
**Community Impact**: Use of inappropriate language or other behavior deemed
|
78
|
+
unprofessional or unwelcome in the community.
|
79
|
+
|
80
|
+
**Consequence**: A private, written warning from community leaders, providing
|
81
|
+
clarity around the nature of the violation and an explanation of why the
|
82
|
+
behavior was inappropriate. A public apology may be requested.
|
83
|
+
|
84
|
+
### 2. Warning
|
85
|
+
|
86
|
+
**Community Impact**: A violation through a single incident or series
|
87
|
+
of actions.
|
88
|
+
|
89
|
+
**Consequence**: A warning with consequences for continued behavior. No
|
90
|
+
interaction with the people involved, including unsolicited interaction with
|
91
|
+
those enforcing the Code of Conduct, for a specified period of time. This
|
92
|
+
includes avoiding interactions in community spaces as well as external channels
|
93
|
+
like social media. Violating these terms may lead to a temporary or
|
94
|
+
permanent ban.
|
95
|
+
|
96
|
+
### 3. Temporary Ban
|
97
|
+
|
98
|
+
**Community Impact**: A serious violation of community standards, including
|
99
|
+
sustained inappropriate behavior.
|
100
|
+
|
101
|
+
**Consequence**: A temporary ban from any sort of interaction or public
|
102
|
+
communication with the community for a specified period of time. No public or
|
103
|
+
private interaction with the people involved, including unsolicited interaction
|
104
|
+
with those enforcing the Code of Conduct, is allowed during this period.
|
105
|
+
Violating these terms may lead to a permanent ban.
|
106
|
+
|
107
|
+
### 4. Permanent Ban
|
108
|
+
|
109
|
+
**Community Impact**: Demonstrating a pattern of violation of community
|
110
|
+
standards, including sustained inappropriate behavior, harassment of an
|
111
|
+
individual, or aggression toward or disparagement of classes of individuals.
|
112
|
+
|
113
|
+
**Consequence**: A permanent ban from any sort of public interaction within
|
114
|
+
the community.
|
115
|
+
|
116
|
+
## Attribution
|
117
|
+
|
118
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
119
|
+
version 2.0, available at
|
120
|
+
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
|
121
|
+
|
122
|
+
Community Impact Guidelines were inspired by [Mozilla's code of conduct
|
123
|
+
enforcement ladder](https://github.com/mozilla/diversity).
|
124
|
+
|
125
|
+
[homepage]: https://www.contributor-covenant.org
|
126
|
+
|
127
|
+
For answers to common questions about this code of conduct, see the FAQ at
|
128
|
+
https://www.contributor-covenant.org/faq. Translations are available at
|
129
|
+
https://www.contributor-covenant.org/translations.
|
130
|
+
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
omniauth-osso (0.1.
|
4
|
+
omniauth-osso (0.1.6)
|
5
5
|
omniauth-oauth2 (~> 1.6.0)
|
6
6
|
|
7
7
|
GEM
|
@@ -14,14 +14,15 @@ GEM
|
|
14
14
|
crack (0.4.3)
|
15
15
|
safe_yaml (~> 1.0.0)
|
16
16
|
diff-lcs (1.3)
|
17
|
-
faraday (1.0
|
17
|
+
faraday (1.1.0)
|
18
18
|
multipart-post (>= 1.2, < 3)
|
19
|
+
ruby2_keywords
|
19
20
|
hashdiff (1.0.1)
|
20
21
|
hashie (4.1.0)
|
21
22
|
jaro_winkler (1.5.4)
|
22
|
-
jwt (2.2.
|
23
|
+
jwt (2.2.2)
|
23
24
|
method_source (1.0.0)
|
24
|
-
multi_json (1.
|
25
|
+
multi_json (1.15.0)
|
25
26
|
multi_xml (0.6.0)
|
26
27
|
multipart-post (2.1.1)
|
27
28
|
oauth2 (1.4.4)
|
@@ -70,6 +71,7 @@ GEM
|
|
70
71
|
ruby-progressbar (~> 1.7)
|
71
72
|
unicode-display_width (>= 1.4.0, < 2.0)
|
72
73
|
ruby-progressbar (1.10.1)
|
74
|
+
ruby2_keywords (0.0.2)
|
73
75
|
safe_yaml (1.0.5)
|
74
76
|
unicode-display_width (1.7.0)
|
75
77
|
webmock (3.8.3)
|
data/LICENSE
ADDED
@@ -0,0 +1,109 @@
|
|
1
|
+
Business Source License 1.1
|
2
|
+
|
3
|
+
Parameters
|
4
|
+
|
5
|
+
Licensor: EnterpriseOSS, Inc.
|
6
|
+
Licensed Work: omniauth-osso
|
7
|
+
The Licensed Work is (c) 2020 EnterpriseOSS, Inc.
|
8
|
+
|
9
|
+
Additional Use Grant: You and your Authorized Users may make use of the
|
10
|
+
Licensed Work for your internal business purposes,
|
11
|
+
provided that you do not (i) rent, lease, copy, transfer,
|
12
|
+
resell, sublicense, lease, time-share, or otherwise provide
|
13
|
+
access to the Licensed Work to a third party (except
|
14
|
+
Authorized Users) or (ii) incorporate the Licensed Work
|
15
|
+
(or any portion of such) with, or use it with or to provide,
|
16
|
+
any site, product, or service, other than on sites/applications
|
17
|
+
owned and operated by you.
|
18
|
+
|
19
|
+
An “Authorized User” is defined as an individual person
|
20
|
+
(e.g. your employee, contractor, agent) who is registered and
|
21
|
+
permitted by you to use the Licensed Work subject to these
|
22
|
+
restrictions.
|
23
|
+
|
24
|
+
Change Date: 2025-10-01
|
25
|
+
|
26
|
+
Change License: Apache License, Version 2.0
|
27
|
+
|
28
|
+
For information about alternative licensing arrangements for the Software,
|
29
|
+
contact: hello@enterpriseoss.dev
|
30
|
+
|
31
|
+
Notice
|
32
|
+
|
33
|
+
The Business Source License (this document, or the "License") is not an Open
|
34
|
+
Source license. However, the Licensed Work will eventually be made available
|
35
|
+
under an Open Source License, as stated in this License.
|
36
|
+
|
37
|
+
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
|
38
|
+
"Business Source License" is a trademark of MariaDB Corporation Ab.
|
39
|
+
|
40
|
+
-----------------------------------------------------------------------------
|
41
|
+
|
42
|
+
Business Source License 1.1
|
43
|
+
|
44
|
+
Terms
|
45
|
+
|
46
|
+
The Licensor hereby grants you the right to copy, modify, create derivative
|
47
|
+
works, redistribute, and make non-production use of the Licensed Work. The
|
48
|
+
Licensor may make an Additional Use Grant, above, permitting limited
|
49
|
+
production use.
|
50
|
+
|
51
|
+
Effective on the Change Date, or the fourth anniversary of the first publicly
|
52
|
+
available distribution of a specific version of the Licensed Work under this
|
53
|
+
License, whichever comes first, the Licensor hereby grants you rights under
|
54
|
+
the terms of the Change License, and the rights granted in the paragraph
|
55
|
+
above terminate.
|
56
|
+
|
57
|
+
If your use of the Licensed Work does not comply with the requirements
|
58
|
+
currently in effect as described in this License, you must purchase a
|
59
|
+
commercial license from the Licensor, its affiliated entities, or authorized
|
60
|
+
resellers, or you must refrain from using the Licensed Work.
|
61
|
+
|
62
|
+
All copies of the original and modified Licensed Work, and derivative works
|
63
|
+
of the Licensed Work, are subject to this License. This License applies
|
64
|
+
separately for each version of the Licensed Work and the Change Date may vary
|
65
|
+
for each version of the Licensed Work released by Licensor.
|
66
|
+
|
67
|
+
You must conspicuously display this License on each original or modified copy
|
68
|
+
of the Licensed Work. If you receive the Licensed Work in original or
|
69
|
+
modified form from a third party, the terms and conditions set forth in this
|
70
|
+
License apply to your use of that work.
|
71
|
+
|
72
|
+
Any use of the Licensed Work in violation of this License will automatically
|
73
|
+
terminate your rights under this License for the current and all other
|
74
|
+
versions of the Licensed Work.
|
75
|
+
|
76
|
+
This License does not grant you any right in any trademark or logo of
|
77
|
+
Licensor or its affiliates (provided that you may use a trademark or logo of
|
78
|
+
Licensor as expressly required by this License).
|
79
|
+
|
80
|
+
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
|
81
|
+
AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
|
82
|
+
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
|
83
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
|
84
|
+
TITLE.
|
85
|
+
|
86
|
+
MariaDB hereby grants you permission to use this License’s text to license
|
87
|
+
your works, and to refer to it using the trademark "Business Source License",
|
88
|
+
as long as you comply with the Covenants of Licensor below.
|
89
|
+
|
90
|
+
Covenants of Licensor
|
91
|
+
|
92
|
+
In consideration of the right to use this License’s text and the "Business
|
93
|
+
Source License" name and trademark, Licensor covenants to MariaDB, and to all
|
94
|
+
other recipients of the licensed work to be provided by Licensor:
|
95
|
+
|
96
|
+
1. To specify as the Change License the GPL Version 2.0 or any later version,
|
97
|
+
or a license that is compatible with GPL Version 2.0 or a later version,
|
98
|
+
where "compatible" means that software provided under the Change License can
|
99
|
+
be included in a program with software provided under GPL Version 2.0 or a
|
100
|
+
later version. Licensor may specify additional Change Licenses without
|
101
|
+
limitation.
|
102
|
+
|
103
|
+
2. To either: (a) specify an additional grant of rights to use that does not
|
104
|
+
impose any additional restriction on the right granted in this License, as
|
105
|
+
the Additional Use Grant; or (b) insert the text "None".
|
106
|
+
|
107
|
+
3. To specify a Change Date.
|
108
|
+
|
109
|
+
4. Not to modify this License in any other way.
|
data/bin/publish
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
# Scriptacular - gemify.sh
|
3
|
+
# Create a Ruby gem and push it to rubygems.org
|
4
|
+
# Copyright 2013 Christopher Simpkins
|
5
|
+
# MIT License
|
6
|
+
|
7
|
+
GEM_NAME="omniauth-osso"
|
8
|
+
GEMSPEC_SUFFIX=".gemspec"
|
9
|
+
|
10
|
+
# run the gem build and parse for the gem release filename
|
11
|
+
GEM_BUILD_NAME=$(gem build "$GEM_NAME$GEMSPEC_SUFFIX" | awk '/File/ {print $2}' -)
|
12
|
+
|
13
|
+
if [ -z "$GEM_BUILD_NAME" ]; then
|
14
|
+
echo "The gem build failed." >&2
|
15
|
+
exit 1
|
16
|
+
fi
|
17
|
+
|
18
|
+
gem push $GEM_BUILD_NAME
|
@@ -1,23 +1,17 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'omniauth-oauth2'
|
4
|
-
require 'pry'
|
5
4
|
|
6
5
|
module OmniAuth
|
7
6
|
module Strategies
|
8
7
|
# The main source for the Osso Omniauth Strategy
|
9
8
|
class Osso < OmniAuth::Strategies::OAuth2
|
10
|
-
|
9
|
+
attr_accessor :env
|
11
10
|
|
12
11
|
option :name, 'osso'
|
13
12
|
option :client_id, nil
|
14
13
|
option :client_secret, nil
|
15
|
-
option :client_options, { site: ENV['OSSO_BASE_URL'] }
|
16
|
-
option :authorize_params, { state: SecureRandom.hex(24) }
|
17
14
|
option :authorize_options, %i[state]
|
18
|
-
option :token_params, {}
|
19
|
-
option :token_options, []
|
20
|
-
option :auth_token_params, {}
|
21
15
|
option :provider_ignores_state, false
|
22
16
|
|
23
17
|
def request_phase
|
@@ -25,25 +19,16 @@ module OmniAuth
|
|
25
19
|
client
|
26
20
|
.auth_code
|
27
21
|
.authorize_url(
|
28
|
-
|
29
|
-
|
30
|
-
domain: request_domain
|
31
|
-
}.merge(authorize_params)
|
22
|
+
request_params
|
23
|
+
.merge(authorize_params)
|
32
24
|
)
|
33
25
|
)
|
34
26
|
end
|
35
27
|
|
36
|
-
def
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
@env ||= {}
|
41
|
-
@env['rack.session'] ||= {}
|
42
|
-
end
|
43
|
-
|
44
|
-
session['omniauth.state'] = params[:state]
|
45
|
-
|
46
|
-
params
|
28
|
+
def request_params
|
29
|
+
{
|
30
|
+
redirect_uri: callback_url
|
31
|
+
}.merge(user_param)
|
47
32
|
end
|
48
33
|
|
49
34
|
uid { raw_info['id'] }
|
@@ -56,7 +41,8 @@ module OmniAuth
|
|
56
41
|
|
57
42
|
extra do
|
58
43
|
{
|
59
|
-
idp: raw_info['idp']
|
44
|
+
idp: raw_info['idp'],
|
45
|
+
requested: raw_info['requested']
|
60
46
|
}
|
61
47
|
end
|
62
48
|
|
@@ -64,16 +50,52 @@ module OmniAuth
|
|
64
50
|
@raw_info ||= access_token.get("/oauth/me?access_token=#{access_token.token}").parsed
|
65
51
|
end
|
66
52
|
|
53
|
+
def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
|
54
|
+
error = request.params['error_reason'] || request.params['error']
|
55
|
+
|
56
|
+
if error
|
57
|
+
fail!(
|
58
|
+
error,
|
59
|
+
CallbackError.new(
|
60
|
+
request.params['error'], request.params['error_description'] ||
|
61
|
+
request.params['error_reason'], request.params['error_uri']
|
62
|
+
)
|
63
|
+
)
|
64
|
+
elsif request.params['state'] != 'IDP_INITIATED' &&
|
65
|
+
request.params['state'] != session.delete('omniauth.state')
|
66
|
+
|
67
|
+
fail!(:csrf_detected, CallbackError.new(:csrf_detected, 'CSRF detected'))
|
68
|
+
else
|
69
|
+
self.access_token = build_access_token
|
70
|
+
self.access_token = access_token.refresh! if access_token.expired?
|
71
|
+
env['omniauth.auth'] = auth_hash
|
72
|
+
call_app!
|
73
|
+
end
|
74
|
+
rescue ::OAuth2::Error, CallbackError => e
|
75
|
+
fail!(:invalid_credentials, e)
|
76
|
+
rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
|
77
|
+
fail!(:timeout, e)
|
78
|
+
rescue ::SocketError => e
|
79
|
+
fail!(:failed_to_connect, e)
|
80
|
+
end
|
81
|
+
|
67
82
|
protected
|
68
83
|
|
69
|
-
def
|
70
|
-
|
84
|
+
def callback_url
|
85
|
+
ENV['OSSO_REDIRECT_URI'] || super
|
86
|
+
end
|
87
|
+
|
88
|
+
def user_param
|
89
|
+
return @user_param if defined?(@user_param)
|
71
90
|
|
72
|
-
@
|
91
|
+
@user_param = {
|
92
|
+
domain: request.params['domain'],
|
93
|
+
email: request.params['email']
|
94
|
+
}.compact
|
73
95
|
|
74
|
-
raise StandardError if @
|
96
|
+
raise StandardError if @user_param.nil?
|
75
97
|
|
76
|
-
@
|
98
|
+
@user_param
|
77
99
|
end
|
78
100
|
end
|
79
101
|
end
|
data/omniauth-osso.gemspec
CHANGED
@@ -8,7 +8,7 @@ Gem::Specification.new do |gem|
|
|
8
8
|
gem.description = 'An OAuth 2.0 OmniAuth provider for Osso SSO.'
|
9
9
|
gem.summary = gem.description
|
10
10
|
gem.homepage = 'https://github.com/enterprise-oss/omniauth-osso'
|
11
|
-
gem.license = '
|
11
|
+
gem.license = 'BSL'
|
12
12
|
|
13
13
|
gem.add_dependency 'omniauth-oauth2', '~> 1.6.0'
|
14
14
|
gem.add_development_dependency 'bundler', '~> 2.1'
|
@@ -19,4 +19,5 @@ Gem::Specification.new do |gem|
|
|
19
19
|
gem.name = 'omniauth-osso'
|
20
20
|
gem.require_paths = ['lib']
|
21
21
|
gem.version = OmniAuth::Osso::VERSION
|
22
|
+
gem.required_ruby_version = '~> 2.4'
|
22
23
|
end
|
@@ -46,28 +46,90 @@ describe OmniAuth::Strategies::Osso do
|
|
46
46
|
end
|
47
47
|
|
48
48
|
it 'includes custom state in the authorize params' do
|
49
|
-
instance = subject.new('abc', 'def',
|
49
|
+
instance = subject.new('abc', 'def', state: 'qux')
|
50
50
|
expect(instance.authorize_params.keys).to include('state')
|
51
51
|
expect(instance.session['omniauth.state']).to eq('qux')
|
52
52
|
end
|
53
53
|
end
|
54
54
|
|
55
|
-
describe '#
|
55
|
+
describe '#request_params' do
|
56
|
+
let(:url) { 'https://example.com/auth/osso' }
|
56
57
|
subject { fresh_strategy }
|
57
58
|
|
58
|
-
|
59
|
-
|
60
|
-
|
59
|
+
before do
|
60
|
+
ENV['OSSO_REDIRECT_URI'] = url
|
61
|
+
ENV['OSSO_BASE_URL'] = 'https://osso-base.com'
|
61
62
|
end
|
62
63
|
|
63
|
-
it 'includes
|
64
|
-
instance = subject.new('abc', 'def'
|
65
|
-
|
64
|
+
it 'includes domain passed as a request param' do
|
65
|
+
instance = subject.new('abc', 'def')
|
66
|
+
allow(instance).to receive(:request) do
|
67
|
+
double('Request', params: { 'domain' => 'example.com' }, scheme: 'https', url: url)
|
68
|
+
end
|
69
|
+
|
70
|
+
expect(instance.request_params[:domain]).to eq('example.com')
|
71
|
+
end
|
72
|
+
|
73
|
+
it 'includes email when an email address is passed as an authorize option' do
|
74
|
+
instance = subject.new('abc', 'def')
|
75
|
+
|
76
|
+
allow(instance).to receive(:request) do
|
77
|
+
double('Request', params: { 'email' => 'user@example.com' }, scheme: 'https', url: url)
|
78
|
+
end
|
79
|
+
|
80
|
+
expect(instance.request_params[:email]).to eq('user@example.com')
|
66
81
|
end
|
67
82
|
end
|
68
83
|
|
84
|
+
# We need to get a little hacky with testing the callback phase
|
85
|
+
# in order to cover IDP initiated flows. When a user opens
|
86
|
+
# an SP app by clicking a tile on their IDP, then the OAuth flow
|
87
|
+
# skips the first leg, and we have to ignore CSRF protection.
|
88
|
+
# Osso will send `state=IDP_INITIATED_FLOW` when this is the case,
|
89
|
+
# and here we ensure that our strategy completes the callback phase
|
90
|
+
# with this state param.
|
91
|
+
|
69
92
|
describe '#callback_phase' do
|
70
93
|
subject { fresh_strategy }
|
94
|
+
let(:url) { 'https://example.com/auth/osso/callback' }
|
95
|
+
let(:instance) { subject.new(app, 'abc', 'def') }
|
96
|
+
|
97
|
+
before do
|
98
|
+
OmniAuth.config.test_mode = true
|
99
|
+
ENV['OSSO_REDIRECT_URI'] = url
|
100
|
+
ENV['OSSO_BASE_URL'] = 'https://osso-base.com'
|
101
|
+
allow(instance).to receive(:auth_hash) { auth_hash }
|
102
|
+
instance.env = {}
|
103
|
+
end
|
104
|
+
|
105
|
+
let :auth_hash do
|
106
|
+
{
|
107
|
+
provider: 'osso',
|
108
|
+
uid: 'uuid',
|
109
|
+
info: {
|
110
|
+
email: 'user@enterprise.com',
|
111
|
+
name: 'user@enterprise.com'
|
112
|
+
},
|
113
|
+
credentials: {
|
114
|
+
},
|
115
|
+
extra: {
|
116
|
+
}
|
117
|
+
}
|
118
|
+
end
|
119
|
+
|
120
|
+
it 'allows callbacks with IDP_INITIATED state param' do
|
121
|
+
allow(instance).to receive(:request) do
|
122
|
+
double('Request', params: { 'state' => 'IDP_INITIATED' }, scheme: 'https', url: url)
|
123
|
+
end
|
124
|
+
|
125
|
+
allow(instance).to receive(:build_access_token) do
|
126
|
+
double('AccessToken', expired?: false, token: 'token')
|
127
|
+
end
|
128
|
+
|
129
|
+
expect(instance).to_not receive(:fail!)
|
130
|
+
instance.callback_phase
|
131
|
+
end
|
132
|
+
|
71
133
|
it 'calls fail with the client error received' do
|
72
134
|
instance = subject.new('abc', 'def')
|
73
135
|
allow(instance).to receive(:request) do
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-osso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Bauch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-11-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth-oauth2
|
@@ -43,18 +43,27 @@ email:
|
|
43
43
|
- sbauch@gmail.com
|
44
44
|
executables:
|
45
45
|
- console
|
46
|
+
- publish
|
46
47
|
- setup
|
47
48
|
extensions: []
|
48
49
|
extra_rdoc_files: []
|
49
50
|
files:
|
51
|
+
- ".buildkite/hooks/environment"
|
52
|
+
- ".buildkite/hooks/pre-command"
|
53
|
+
- ".buildkite/pipeline.yml"
|
54
|
+
- ".github/dependabot.yml"
|
55
|
+
- ".github/workflows/automerge.yml"
|
50
56
|
- ".gitignore"
|
51
57
|
- ".rspec"
|
52
58
|
- ".rubocop.yml"
|
59
|
+
- CODE_OF_CONDUCT.md
|
53
60
|
- Gemfile
|
54
61
|
- Gemfile.lock
|
62
|
+
- LICENSE
|
55
63
|
- README.md
|
56
64
|
- Rakefile
|
57
65
|
- bin/console
|
66
|
+
- bin/publish
|
58
67
|
- bin/setup
|
59
68
|
- lib/omniauth-osso.rb
|
60
69
|
- lib/omniauth-osso/version.rb
|
@@ -64,7 +73,7 @@ files:
|
|
64
73
|
- spec/spec_helper.rb
|
65
74
|
homepage: https://github.com/enterprise-oss/omniauth-osso
|
66
75
|
licenses:
|
67
|
-
-
|
76
|
+
- BSL
|
68
77
|
metadata: {}
|
69
78
|
post_install_message:
|
70
79
|
rdoc_options: []
|
@@ -72,20 +81,17 @@ require_paths:
|
|
72
81
|
- lib
|
73
82
|
required_ruby_version: !ruby/object:Gem::Requirement
|
74
83
|
requirements:
|
75
|
-
- - "
|
84
|
+
- - "~>"
|
76
85
|
- !ruby/object:Gem::Version
|
77
|
-
version: '
|
86
|
+
version: '2.4'
|
78
87
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
79
88
|
requirements:
|
80
89
|
- - ">="
|
81
90
|
- !ruby/object:Gem::Version
|
82
91
|
version: '0'
|
83
92
|
requirements: []
|
84
|
-
|
85
|
-
rubygems_version: 2.7.6.2
|
93
|
+
rubygems_version: 3.0.3
|
86
94
|
signing_key:
|
87
95
|
specification_version: 4
|
88
96
|
summary: An OAuth 2.0 OmniAuth provider for Osso SSO.
|
89
|
-
test_files:
|
90
|
-
- spec/omniauth/strategies/osso_spec.rb
|
91
|
-
- spec/spec_helper.rb
|
97
|
+
test_files: []
|