RubyGems - omniauth-proconnect - Versions diffs - 0.2.0 → 0.4 - Mend

omniauth-proconnect 0.2.0 → 0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/.rubocop.yml +2 -0
data/.rubocop_todo.yml +20 -0
data/README.md +64 -0
data/lib/omniauth/proconnect/version.rb +1 -1
data/lib/omniauth/proconnect.rb +127 -115
metadata +6 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 65c3097417b5ba5fc2e4a794a05c278377ec3c377dafe26b9f0ec4a9432a1c09
-  data.tar.gz: 5a6777dabb9bc4243fa3ec392654e16791eeb5af2c9ee50dbae828e299c2c7b6
+  metadata.gz: d7f69d22759a84bda39c5b20a6d631c116ddecf85ad9e0f64039a11f3e4fbf98
+  data.tar.gz: 625c7d42937c3cdb64c1dd1b85b61f72ddf606ee1ebedea30253b3979b5cf2e5
 SHA512:
-  metadata.gz: 3acfe7bb5f8ba66bd845462bbfdfbd42f877c0acecdd80a9611efe0d9ddcbb129d7f7842ea1a0970ce83e7a566c2eb0b5c697cd5046015a41434d810786b7690
-  data.tar.gz: c50de51e6dc16a754d75e8acfa58ac8439c7323962154612108edf3fcd8a025b8e14f6411834961d3838afff3ef161fa828a9c26f5916a41f4838c9164fe3fbe
+  metadata.gz: 7730f981481a35c7987dc1f1756715ddf773182fc3f7f0ee502237899e46aa9c05d3219a8bb63ef951728711cd9f334e5a79ba0ec603d1f891e1c93ef7ec3f19
+  data.tar.gz: ffeab52d87c2ec7043de16c4dadcf66c4bbb534b4b02b79818772345b96807a7da1d2f703d50c98ff98d64535f73d9696067d834550a404092afdac395705654

data/.rubocop.yml CHANGED Viewed

@@ -1,3 +1,5 @@
+inherit_from: .rubocop_todo.yml
 AllCops:
   TargetRubyVersion: 3.1

data/.rubocop_todo.yml ADDED Viewed

@@ -0,0 +1,20 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2025-05-23 15:10:03 UTC using RuboCop version 1.75.4.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+# Offense count: 1
+# Configuration parameters: CountComments, CountAsOne.
+Metrics/ClassLength:
+  Max: 123
+# Offense count: 1
+# Configuration parameters: AllowedConstants.
+Style/Documentation:
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'
+    - 'lib/omniauth/proconnect.rb'

data/README.md CHANGED Viewed

@@ -17,6 +17,13 @@ qui malgré son degré de maturité supérieure semble à l'abandon aussi.
 ## Utilisation
+Une fois que vous avez créé votre application sur [l'espace
+partenaires de
+ProConnect](https://partenaires.proconnect.gouv.fr/apps) et identifié
+vos endpoints grâce à leur [documentation
+technique](https://partenaires.proconnect.gouv.fr/docs/fournisseur-service/implementation_technique)
+:
 1. installer la gem `bundle add omniauth-proconnect` ;
 2. configurer une nouvelle stratégie pour OmniAuth :
@@ -52,6 +59,63 @@ end
 redirect_to "/auth/proconnect/logout"
 ```
+## Informations retournées
+Les [informations retournées par
+ProConnect](https://partenaires.proconnect.gouv.fr/docs/fournisseur-service/scope-claims)
+sont mises à diposition dans le hash OmniAuth
+(`request.env["omniauth.auth"]`) :
+* la partie `info` contient tout ce qui peut être standardisé [selon
+  le Auth Hash Schema d'Omniauth](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema)
+* le reste/l'intégralité est disponible dans `extra`.
+Exemple :
+```json
+{
+  "provider": "proconnect",
+  "uid": "e7a41249-123d-46b7-b362-5f00d3166ea1",
+  "info": {
+    "email": "test@gouv.fr",
+    "first_name": null,
+    "last_name": null,
+    "name": "",
+    "phone": null,
+    "provider": "proconnect",
+    "uid": "e7a41249-123d-46b7-b362-5f00d3166ea1"
+  },
+  "credentials": {},
+  "extra": {
+    "raw_info": {
+      "sub": "e7a41249-123d-46b7-b362-5f00d3166ea1",
+      "email": "test@gouv.fr",
+      "siret": "13002526500013",
+      "aud": "f90c1231117ec6f731af9f93a07c54ff372130c17a3bbad43488699865d85c64",
+      "exp": 1748010049,
+      "iat": 1748009989,
+      "iss": "https://issuer-oidc.gouv.fr/api/v42"
+    }
+  }
+}
+```
+```ruby
+class SessionsController < ApplicationController
+  def create
+    data = request.env["omniauth.auth"]
+    email = data.info.email
+    siret = data.extra.raw_info.siret
+    # or, if you're feeling fancy
+    data => { info: { email: }, extra: { raw_info: { siret: } } }
+    # [...]
+  end
+end
+```
 ## Contribution
 La stratégie est loin d'être complète ; n'hésitez pas à contribuer des

data/lib/omniauth/proconnect/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Omniauth
   class Proconnect
-    VERSION = "0.2.0"
+    VERSION = "0.4"
   end
 end

data/lib/omniauth/proconnect.rb CHANGED Viewed

@@ -6,149 +6,161 @@ require "json/jwt"
 require_relative "proconnect/version"
-module Omniauth
-  class Proconnect
-    class Error < StandardError; end
-    include OmniAuth::Strategy
-    option :name, "proconnect"
-    option :client_id
-    option :client_secret
-    option :proconnect_domain
-    option :redirect_uri
-    option :post_logout_redirect_uri
-    option :scope, "openid email given_name usual_name"
-    def setup_phase
-      discover_endpoint!
-    end
+module OmniAuth
+  module Strategies
+    class Proconnect
+      class Error < StandardError; end
+      include OmniAuth::Strategy
+      option :name, "proconnect"
+      option :client_id
+      option :client_secret
+      option :proconnect_domain
+      option :redirect_uri
+      option :post_logout_redirect_uri
+      option :scope, "openid email given_name usual_name"
+      def setup_phase
+        discover_endpoint!
+      end
-    def request_phase
-      redirect(authorization_uri)
-    end
+      def request_phase
+        redirect(authorization_uri)
+      end
-    def callback_phase
-      verify_state!(request.params["state"])
+      def callback_phase
+        verify_state!(request.params["state"])
-      exchange_authorization_code!(request.params["code"])
-        .then { |response| store_tokens!(response) }
-        .then { get_userinfo! }
-        .then { |response| @userinfo = JSON::JWT.decode(response.body, :skip_verification) }
-        .then { super }
-    end
+        exchange_authorization_code!(request.params["code"])
+          .then { |response| store_tokens!(response) }
+          .then { get_userinfo! }
+          .then { |response| @userinfo = JSON::JWT.decode(response.body, :skip_verification) }
+          .then { super }
+      end
-    def other_phase
-      if on_logout_path?
-        engage_logout!
-      else
-        @app.call(env)
+      def other_phase
+        if on_logout_path?
+          engage_logout!
+        else
+          call_app!
+        end
       end
-    end
-    def uid
-      session["omniauth.pc.id_token"]["sub"]
-    end
+      # userinfo-operating DSL from OmniAuth
+      uid do
+        @userinfo["sub"]
+      end
-    def info
-      {
-        email: @userinfo["email"]
-      }
-    end
+      info do
+        {
+          email: @userinfo["email"],
+          first_name: @userinfo["given_name"],
+          last_name: @userinfo["usual_name"],
+          name: [@userinfo["given_name"], @userinfo["usual_name"]].compact.join(" "),
+          phone: @userinfo["phone_number"],
+          provider: "proconnect",
+          uid: @userinfo["sub"]
+        }
+      end
-    private
+      extra do
+        { raw_info: @userinfo }
+      end
-    def connection
-      @connection ||= Faraday.new(url: options[:proconnect_domain]) do |c|
-        c.response :json
-        c.response :raise_error
+      private
+      def connection
+        @connection ||= Faraday.new(url: options[:proconnect_domain]) do |c|
+          c.response :json
+          c.response :raise_error
+        end
       end
-    end
-    def discovered_configuration
-      @discovered_configuration ||= discover_endpoint!
-    end
+      def discovered_configuration
+        @discovered_configuration ||= discover_endpoint!
+      end
-    def discover_endpoint!
-      connection
-        .get(".well-known/openid-configuration")
-        .body
-    end
+      def discover_endpoint!
+        connection.get(".well-known/openid-configuration").body
+      end
-    def authorization_uri
-      URI(discovered_configuration["authorization_endpoint"]).tap do |endpoint|
-        endpoint.query = URI.encode_www_form(
-          response_type: "code",
-          client_id: options[:client_id],
-          redirect_uri: options[:redirect_uri],
-          scope: options[:scope],
-          state: store_new_state!,
-          nonce: store_new_nonce!
-        )
+      def authorization_uri
+        URI(discovered_configuration["authorization_endpoint"]).tap do |endpoint|
+          endpoint.query = URI.encode_www_form(
+            response_type: "code",
+            client_id: options[:client_id],
+            redirect_uri: options[:redirect_uri],
+            scope: options[:scope],
+            state: store_new_state!,
+            nonce: store_new_nonce!
+          )
+        end
       end
-    end
-    def end_session_uri
-      URI(discovered_configuration["end_session_endpoint"]).tap do |endpoint|
-        endpoint.query = URI.encode_www_form(
-          id_token_hint: session["omniauth.pc.id_token"],
-          state: current_state,
-          post_logout_redirect_uri: options[:post_logout_redirect_uri]
-        )
+      def end_session_uri
+        URI(discovered_configuration["end_session_endpoint"]).tap do |endpoint|
+          endpoint.query = URI.encode_www_form(
+            id_token_hint: session["omniauth.pc.id_token"],
+            state: current_state,
+            post_logout_redirect_uri: options[:post_logout_redirect_uri]
+          )
+        end
       end
-    end
-    def exchange_authorization_code!(code)
-      connection.post(URI(discovered_configuration["token_endpoint"]),
-                      URI.encode_www_form(
-                        grant_type: "authorization_code",
-                        client_id: options[:client_id],
-                        client_secret: options[:client_secret],
-                        redirect_uri: options[:redirect_uri],
-                        code: code,
-                        scope: options[:scope]
-                      ))
-    end
+      def exchange_authorization_code!(code)
+        connection.post(URI(discovered_configuration["token_endpoint"]),
+                        URI.encode_www_form(
+                          grant_type: "authorization_code",
+                          client_id: options[:client_id],
+                          client_secret: options[:client_secret],
+                          redirect_uri: options[:redirect_uri],
+                          code: code
+                        ))
+      end
-    def store_tokens!(response)
-      response.tap do |res|
-        %w[access id refresh].each do |name|
-          session["omniauth.pc.#{name}_token"] = res.body["#{name}_token"]
+      def store_tokens!(response)
+        response.tap do |res|
+          %w[access id refresh].each do |name|
+            session["omniauth.pc.#{name}_token"] = res.body["#{name}_token"]
+          end
         end
       end
-    end
-    def get_userinfo!
-      endpoint = URI(discovered_configuration["userinfo_endpoint"])
-      token = session["omniauth.pc.access_token"]
+      def get_userinfo!
+        endpoint = URI(discovered_configuration["userinfo_endpoint"])
+        token = session["omniauth.pc.access_token"]
-      connection.get(endpoint, {}, "Authorization" => "Bearer #{token}")
-    end
+        connection.get(endpoint, {}, "Authorization" => "Bearer #{token}")
+      end
-    def engage_logout!
-      redirect end_session_uri
-    end
+      def engage_logout!
+        redirect end_session_uri
+      end
-    def on_logout_path?
-      # FIXME: maybe don't hardcode this
-      request.path.end_with?("#{request_path}/logout")
-    end
+      def on_logout_path?
+        # FIXME: maybe don't hardcode this
+        request.path.end_with?("#{request_path}/logout")
+      end
-    def store_new_state!
-      session["omniauth.state"] = SecureRandom.hex(16)
-    end
+      def store_new_state!
+        session["omniauth.state"] = SecureRandom.hex(16)
+      end
-    def current_state
-      session["omniauth.state"]
-    end
+      def current_state
+        session["omniauth.state"]
+      end
-    def store_new_nonce!
-      session["omniauth.nonce"] = SecureRandom.hex(16)
-    end
+      def store_new_nonce!
+        session["omniauth.nonce"] = SecureRandom.hex(16)
+      end
-    def verify_state!(other_state)
-      if other_state != current_state
-        raise "a request came back with a different 'state' parameter than what we had last stored."
+      def verify_state!(other_state)
+        # rubocop:disable Style/GuardClause
+        if other_state != current_state
+          raise "a request came back with a different 'state' parameter than what we had last stored."
+        end
+        # rubocop:enable Style/GuardClause
       end
     end
   end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-proconnect
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: '0.4'
 platform: ruby
 authors:
 - Stéphane Maniaci
 bindir: exe
 cert_chain: []
-date: 2025-04-30 00:00:00.000000000 Z
+date: 2025-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -51,8 +51,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: An OmniAuth strategy for ProConnect, an official OIDC solution for French
-  professionnals to login.
+description: |
+  An OmniAuth strategy for ProConnect, an official
+  OIDC solution for French professionnals to login.
 email:
 - stephane.maniaci@gmail.com
 executables: []
@@ -61,6 +62,7 @@ extra_rdoc_files: []
 files:
 - ".rspec"
 - ".rubocop.yml"
+- ".rubocop_todo.yml"
 - LICENSE.txt
 - README.md
 - Rakefile