omniauth-pixelpin 1.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f4ac8e3dfdcf06437d1cc683672babbc3b591bbf
+  data.tar.gz: a430367cf8071233ff603b81ba35f0f48fd29a98
+SHA512:
+  metadata.gz: 74cbbf4ad91e2d8db6bfd8f60230db03df5b975ce3ebf532b523a8635b599d161f614c14ef4df23ba58e62e4baedb4daec1a8a7764c0abc59c82664d70eb0082
+  data.tar.gz: 856a1c350414f00011688e0be0b4e08890a90b2a7f53a7a290400de6052dda4e1b672be36f469b31b3d1c2a8b5759d0f716d84d4766204c20a9226d2e35ef199

data/lib/omniauth-pixelpin.rb

@@ -0,0 +1 @@
+require "omniauth/pixelpin"

data/lib/omniauth/pixelpin.rb

@@ -0,0 +1,3 @@
+require "omniauth/pixelpin/errors"
+require "omniauth/pixelpin/version"
+require "omniauth/strategies/pixelpin"

data/lib/omniauth/pixelpin/errors.rb

@@ -0,0 +1,6 @@
+module OmniAuth
+  module OpenIDConnect
+    class Error < RuntimeError; end
+    class MissingCodeError < Error; end
+  end
+end

data/lib/omniauth/pixelpin/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module OpenIDConnect
+    VERSION = "1.1.1"
+  end
+end

data/lib/omniauth/strategies/pixelpin.rb

@@ -0,0 +1,284 @@
+require 'addressable/uri'
+require 'timeout'
+require 'net/http'
+require 'open-uri'
+require 'omniauth'
+require 'openid_connect'
+require 'json'
+
+module OmniAuth
+  module Strategies
+    class OpenIDConnect
+      include OmniAuth::Strategy
+
+      option :client_options, {
+        identifier: nil,
+        secret: nil,
+        redirect_uri: nil,
+        scheme: "https",
+        host: "login.pixelpin.io",
+        port: 443,
+        authorization_endpoint: "https://login.pixelpin.io/connect/authorize",
+        token_endpoint: "https://login.pixelpin.io/connect/token",
+        userinfo_endpoint: "https://login.pixelpin.io/connect/userinfo",
+        jwks_uri: 'https://login.pixelpin.io/.well-known/jwks'
+      }
+      option :issuer, "https://login.pixelpin.io/"
+      option :discovery, true
+      option :client_signing_alg
+      option :client_jwk_signing_key
+      option :client_x509_signing_key
+      option :scope, [:openid]
+      option :response_type, "code"
+      option :state
+      option :response_mode
+      option :display, nil #, [:page, :popup, :touch, :wap]
+      option :prompt, nil #, [:none, :login, :consent, :select_account]
+      option :hd, nil
+      option :max_age
+      option :ui_locales
+      option :id_token_hint
+      option :login_hint
+      option :acr_values
+      option :send_nonce, true
+      option :send_scope_to_token_endpoint, true
+      option :client_auth_method
+
+      uid { user_info.sub }
+
+      def formatted_address
+        formatted_address = HashWithIndifferentAccess.new(user_info.raw_attributes)
+      end
+
+      def address
+        if formatted_address["address"].nil?
+          address = JSON.parse('{
+            "street_address": "",
+            "country": "",
+            "region": "",
+            "locality": "",
+            "postal_code": ""
+            }')
+        else
+          address = ActiveSupport::JSON.decode(formatted_address["address"])
+        end
+      end
+
+      info do
+        {
+          name: user_info.name,
+          email: user_info.email,
+          nickname: user_info.preferred_username,
+          first_name: user_info.given_name,
+          last_name: user_info.family_name,
+          gender: user_info.gender,
+          phone: user_info.phone_number,
+          birthdate: user_info.birthdate,
+          street_address: address["street_address"],
+          country: address["country"],
+          region: address["region"],
+          city: address["locality"],
+          zip: address["postal_code"],
+          urls: { website: user_info.website }
+        }
+      end
+
+      def user_info
+        address = JSON.parse(user_info.address)
+
+      end
+
+      extra do
+        {raw_info: user_info.raw_attributes}
+      end
+
+      credentials do
+        {
+            id_token: access_token.id_token,
+            token: access_token.access_token,
+            refresh_token: access_token.refresh_token,
+            expires_in: access_token.expires_in,
+            scope: access_token.scope
+        }
+      end
+
+      def client
+        @client ||= ::OpenIDConnect::Client.new(client_options)
+      end
+
+      def config
+        cache_options = {
+          host:client_options.host,
+          port:client_options.port
+        }
+        @config ||= ::OpenIDConnect::Discovery::Provider::Config.discover!(options.issuer, cache_options = [client_options.host, client_options.port])
+      end
+
+      def request_phase
+        options.issuer = issuer if options.issuer.blank?
+        discover! if options.discovery
+        redirect authorize_uri
+      end
+
+      def callback_phase
+        error = request.params['error_reason'] || request.params['error']
+        if error
+          raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
+        elsif request.params['state'].to_s.empty? || request.params['state'] != stored_state
+          return Rack::Response.new(['401 Unauthorized'], 401).finish
+        elsif !request.params["code"]
+          return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(request.params["error"]))
+        else
+          options.issuer = issuer if options.issuer.blank?
+          discover! if options.discovery
+          client.redirect_uri = client_options.redirect_uri
+          client.authorization_code = authorization_code
+          access_token
+          super
+        end
+      rescue CallbackError => e
+        fail!(:invalid_credentials, e)
+      rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
+        fail!(:timeout, e)
+      rescue ::SocketError => e
+        fail!(:failed_to_connect, e)
+      end
+
+
+      def authorization_code
+        request.params["code"]
+      end
+
+      def authorize_uri
+        client.redirect_uri = client_options.redirect_uri
+        opts = {
+            response_type: options.response_type,
+            scope: options.scope,
+            state: new_state,
+            nonce: (new_nonce if options.send_nonce),
+            hd: options.hd,
+        }
+        client.authorization_uri(opts.reject{|k,v| v.nil?})
+      end
+
+      def public_key
+        if options.discovery
+          config.jwks
+        else
+          key_or_secret
+        end
+      end
+
+      private
+
+      def issuer
+        resource = "#{client_options.scheme}://#{client_options.host}" + ((client_options.port) ? ":#{client_options.port.to_s}" : '')
+        ::OpenIDConnect::Discovery::Provider.discover!(resource).issuer
+      end
+
+      def discover!
+        client_options.authorization_endpoint = config.authorization_endpoint
+        client_options.token_endpoint = config.token_endpoint
+        client_options.userinfo_endpoint = config.userinfo_endpoint
+        client_options.jwks_uri = config.jwks_uri
+      end
+
+      def user_info
+        @user_info ||= access_token.userinfo!
+      end
+
+      def access_token
+        @access_token ||= lambda {
+          _access_token = client.access_token!(
+          scope: (options.scope if options.send_scope_to_token_endpoint),
+          client_auth_method: options.client_auth_method
+          )
+          _id_token = decode_id_token _access_token.id_token
+          _id_token.verify!(
+              issuer: options.issuer,
+              client_id: client_options.identifier,
+              nonce: stored_nonce
+          )
+          _access_token
+        }.call()
+      end
+
+      def decode_id_token(id_token)
+        ::OpenIDConnect::ResponseObject::IdToken.decode(id_token, public_key)
+      end
+
+
+      def client_options
+        options.client_options
+      end
+
+      def new_state
+        state = options.state.call if options.state.respond_to? :call
+        session['omniauth.state'] = state || SecureRandom.hex(16)
+      end
+
+      def stored_state
+        session.delete('omniauth.state')
+      end
+
+      def new_nonce
+        session['omniauth.nonce'] = SecureRandom.hex(16)
+      end
+
+      def stored_nonce
+        session.delete('omniauth.nonce')
+      end
+
+      def session
+        @env.nil? ? {} : super
+      end
+
+      def key_or_secret
+        case options.client_signing_alg
+          when :HS256, :HS384, :HS512
+            return client_options.secret
+          when :RS256, :RS384, :RS512
+            if options.client_jwk_signing_key
+              return parse_jwk_key(options.client_jwk_signing_key)
+            elsif options.client_x509_signing_key
+              return parse_x509_key(options.client_x509_signing_key)
+            end
+          else
+        end
+      end
+
+      def parse_x509_key(key)
+        OpenSSL::X509::Certificate.new(key).public_key
+      end
+
+      def parse_jwk_key(key)
+        json = JSON.parse(key)
+        if json.has_key?('keys')
+          JSON::JWK::Set.new json['keys']
+        else
+          JSON::JWK.new json
+        end
+      end
+
+      def decode(str)
+        UrlSafeBase64.decode64(str).unpack('B*').first.to_i(2).to_s
+      end
+
+      class CallbackError < StandardError
+        attr_accessor :error, :error_reason, :error_uri
+
+        def initialize(error, error_reason=nil, error_uri=nil)
+          self.error = error
+          self.error_reason = error_reason
+          self.error_uri = error_uri
+        end
+
+        def message
+          [error, error_reason, error_uri].compact.join(' | ')
+        end
+      end
+    end
+  end
+end
+
+OmniAuth.config.add_camelization 'pixelpin', 'OpenIDConnect'

metadata

@@ -0,0 +1,251 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-pixelpin
+version: !ruby/object:Gem::Version
+  version: 1.1.1
+platform: ruby
+authors:
+- Callum Brankin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: openid_connect
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.3
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: PixelPin OpenID Connect Strategy for OmniAuth
+email:
+- callum@pixelpin.co.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/omniauth-pixelpin.rb
+- lib/omniauth/pixelpin.rb
+- lib/omniauth/pixelpin/errors.rb
+- lib/omniauth/pixelpin/version.rb
+- lib/omniauth/strategies/pixelpin.rb
+homepage: https://github.com/PixelPinPlugins/omniauth-pixelpin
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: PixelPin OpenID Connect Strategy for OmniAuth
+test_files: []