omniauth-sberbank 1.0.4

data/examples/blog/config/spring.rb

@@ -0,0 +1,6 @@
+%w(
+  .ruby-version
+  .rbenv-vars
+  tmp/restart.txt
+  tmp/caching-dev.txt
+).each { |path| Spring.watch(path) }

data/examples/blog/db/seeds.rb

@@ -0,0 +1,7 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the rails db:seed command (or created alongside the database with db:setup).
+#
+# Examples:
+#
+#   movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }])
+#   Character.create(name: 'Luke', movie: movies.first)

data/examples/blog/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "blog",
+  "private": true,
+  "dependencies": {}
+}

data/examples/blog/public/404.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  .rails-default-error-page {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  .rails-default-error-page div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  .rails-default-error-page div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  .rails-default-error-page h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  .rails-default-error-page div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body class="rails-default-error-page">
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <div>
+      <h1>The page you were looking for doesn't exist.</h1>
+      <p>You may have mistyped the address or the page may have moved.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/examples/blog/public/422.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  .rails-default-error-page {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  .rails-default-error-page div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  .rails-default-error-page div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  .rails-default-error-page h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  .rails-default-error-page div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body class="rails-default-error-page">
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <div>
+      <h1>The change you wanted was rejected.</h1>
+      <p>Maybe you tried to change something you didn't have access to.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/examples/blog/public/500.html

@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  .rails-default-error-page {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  .rails-default-error-page div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  .rails-default-error-page div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  .rails-default-error-page h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  .rails-default-error-page div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body class="rails-default-error-page">
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <div>
+      <h1>We're sorry, but something went wrong.</h1>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/examples/blog/public/robots.txt

@@ -0,0 +1 @@
+# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file

data/examples/blog/test/application_system_test_case.rb

@@ -0,0 +1,5 @@
+require "test_helper"
+
+class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
+  driven_by :selenium, using: :chrome, screen_size: [1400, 1400]
+end

data/examples/blog/test/controllers/session_controller_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class SessionControllerTest < ActionDispatch::IntegrationTest
+  test "should get create" do
+    get session_create_url
+    assert_response :success
+  end
+
+end

data/examples/blog/test/controllers/welcome_controller_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class WelcomeControllerTest < ActionDispatch::IntegrationTest
+  test "should get index" do
+    get welcome_index_url
+    assert_response :success
+  end
+
+end

data/examples/blog/test/test_helper.rb

@@ -0,0 +1,9 @@
+require File.expand_path('../../config/environment', __FILE__)
+require 'rails/test_help'
+
+class ActiveSupport::TestCase
+  # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
+  fixtures :all
+
+  # Add more helper methods to be used by all tests here...
+end

data/lib/omniauth-sberbank.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'omniauth/sberbank/version'
+require 'omniauth'
+
+# :nodoc:
+module OmniAuth
+  # :nodoc:
+  module Strategies
+    autoload :Sberbank, 'omniauth/strategies/sberbank'
+  end
+end
+
+OmniAuth.config.add_camelization 'sberbank', 'Sberbank'

data/lib/omniauth/sberbank/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module Sberbank
+    VERSION = '1.0.4'
+  end
+end

data/lib/omniauth/strategies/sberbank.rb

@@ -0,0 +1,193 @@
+# frozen_string_literal: true
+
+require 'omniauth/strategies/oauth2'
+require 'securerandom'
+
+module OmniAuth
+  module Strategies
+    # Authenticate to Sberbank utilizing OAuth 2.0 and retrieve
+    # basic user information.
+    # documentation available here:
+    # https://developer.sberbank.ru/doc/v1/sberbank-id/info
+    #
+    # provider :sberbank,
+    # client_id: '11111111-1111-1111-1111-1111111111111111',
+    # client_secret: 'YOURSECRET',
+    # response_type: 'code',
+    # client_type: 'PRIVATE',
+    # client_options: { ssl: { client_key: client_key, client_cert: client_cert } },
+    # scope: 'openid name email mobile',
+    # callback_path: '/callback',
+    # grant_type: 'client_credentials'
+    #
+    class Sberbank < OmniAuth::Strategies::OAuth2
+      class NoRawData < StandardError; end
+
+      API_VERSION = '1.0'
+
+      DEFAULT_SCOPE = 'openid name'
+
+      option :name, 'sberbank'
+
+      option :client_options,
+             site: 'https://api.sberbank.ru',
+             token_url: 'https://api.sberbank.ru/ru/prod/tokens/v2/oidc',
+             authorize_url: 'https://online.sberbank.ru/CSAFront/oidc/authorize.do'
+
+      option :authorize_options, %i[scope response_type client_type client_id state nonce]
+
+      option :redirect_url, nil
+
+      uid { raw_info['sub'].to_s }
+
+      # https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema
+      info do
+        {
+          name: "#{raw_info['family_name']} #{raw_info['given_name']} #{raw_info['middle_name']}".strip,
+          phone_number: raw_info['phone_number'],
+          email: raw_info['email'],
+          first_name: raw_info['family_name'],
+          last_name: raw_info['given_name'],
+          middle_name: raw_info['middle_name'],
+          id: raw_info['sub'],
+          client_host: raw_info['state'],
+          provider: 'sberbank'
+        }
+      end
+
+      extra do
+        {
+          'raw_info' => raw_info
+        }
+      end
+
+      # https://developer.sberbank.ru/doc/v1/sberbank-id/datareq
+      def raw_info
+        access_token.options[:mode] = :header
+        @raw_info ||= begin
+          state = request.params['state']
+          result = access_token.get('/ru/prod/sberbankid/v2.1/userinfo', headers: info_headers).parsed
+          unless result['aud'] == options.client_id
+            raise ArgumentError, "aud in Sber response not equal clien_id. aud = #{result['aud']}"
+          end
+
+          result['state'] = state
+          result
+        end
+      end
+
+      # https://developer.sberbank.ru/doc/v1/sberbank-id/authcodereq
+      def authorize_params
+        super.tap do |params|
+          %w[state scope response_type client_type client_id nonce].each do |v|
+            next unless request.params[v]
+
+            params[v.to_sym] = request.params[v]
+          end
+          params[:scope] ||= DEFAULT_SCOPE
+          # if you want redirect to other host and save old host
+          state = session['omniauth.origin'] || env['HTTP_REFERER']
+          params[:state] = state
+          session['omniauth.state'] = state
+          params[:nonce] = SecureRandom.hex(16)
+        end
+      end
+
+      def token_params
+        super.tap do |params|
+          params[:scope] ||= DEFAULT_SCOPE
+        end
+      end
+
+      private
+
+      def params
+        {
+          fields: info_options,
+          lang: lang_option,
+          https: https_option,
+          v: API_VERSION
+        }
+      end
+
+      def callback_url
+        options.redirect_url || (full_host + script_name + callback_path)
+      end
+
+      def info_options
+        # https://developer.sberbank.ru/doc/v1/sberbank-id/dataanswerparametrs
+        fields = %w[
+          sub family_name given_name middle_name birthdate email phone_number
+          address_reg identification inn snils gender
+        ]
+        fields.concat(options[:info_fields].split(',')) if options[:info_fields]
+        fields.join(',')
+      end
+
+      def lang_option
+        options[:lang] || ''
+      end
+
+      def https_option
+        options[:https] || 0
+      end
+
+      # https://developer.sberbank.ru/doc/v1/sberbank-id/accessidtokens
+      def build_access_token
+        options.token_params.update(headers: access_token_headers)
+        super
+      end
+
+      def image_url
+        case options[:image_size]
+        when 'mini'
+          raw_info['photo_50']
+        when 'bigger'
+          raw_info['photo_100']
+        when 'bigger_x2'
+          raw_info['photo_200']
+        when 'original'
+          raw_info['photo_200_orig']
+        when 'original_x2'
+          raw_info['photo_400_orig']
+        else
+          raw_info['photo_50']
+        end
+      end
+
+      def location
+        country = raw_info.fetch('country', {})['title']
+        city = raw_info.fetch('city', {})['title']
+        @location ||= [country, city].compact.join(', ')
+      end
+
+      def callback_phase
+        super
+      rescue NoRawData => e
+        fail!(:no_raw_data, e)
+      end
+
+      def access_token_headers
+        OmniAuth.logger.send(:debug, "YOUR RQUID #{rquid}")
+        {
+          'rquid' => rquid,
+          'x-ibm-client-id' => options.client_id,
+          'accept' => 'application/json'
+        }
+      end
+
+      def info_headers
+        {
+          'x-introspect-rquid' => rquid,
+          'x-ibm-client-id' => options.client_id,
+          'accept' => 'application/json',
+          'Authorization' => "Bearer #{access_token.token}"
+        }
+      end
+
+      def rquid
+        @rquid ||= SecureRandom.hex(16)
+      end
+    end
+  end
+end