omniauth-sberbusiness 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 937ea6016cb610ed9d296dc0f5f4938198c8b4ca192a1b29c53f5e1d208315af
+  data.tar.gz: ef2882ea928b375ef21196f8d0a6fb628d95a005b385dc2f72e55097173144bc
+SHA512:
+  metadata.gz: cbc8e94db10462e42bffef58a0758eb9dbabf9a681faf56b0db9d782984bbc05974ddc50e64621acba339075e557a80eca1b7115983d4e28a1e375057bf43724
+  data.tar.gz: 647b58e4b718efcbd2fd3f32a45f99ab3cf2a28aa49b4bd8eae7fb29720a5ea13934cf4583b7f8189ffd55a8f621583dee83446cb373e4f5f645bd88f3db1744

data/.gitignore

@@ -0,0 +1,5 @@
+.ruby-version
+.DS_Store
+coverage
+Gemfile.lock
+.idea

data/Gemfile

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gemspec
+
+group :development do
+  gem 'rubocop', require: false
+end
+
+group :pry do
+  gem 'pry'
+  gem 'pry-byebug'
+  gem 'pry-rails'
+end
+
+group :test do
+  gem 'rspec'
+  gem 'simplecov'
+  gem 'webmock'
+end

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021-2021 Sergei Baksheev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# OmniAuth Sberbusiness
+
+This is the unofficial [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating to SberBusiness ID via OAuth.
+To use it, you'll need to sign up for an OAuth2 Application ID and Secret
+on the [Sberbusiness Developers Page](https://developer.sberbusiness.ru/).
+
+## Installing
+
+Add to your `Gemfile`:
+
+```ruby
+gem 'omniauth-sberbusiness'
+```
+
+Then `bundle install`
+
+## Usage
+
+`OmniAuth::Strategies::Sberbusiness` is simply a Rack middleware.
+
+Here's a quick example, adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
+
+```ruby
+provider :sberbusiness,
+  client_id: '11111111-1111-1111-1111-1111111111111111',
+  client_secret: 'YOURSECRET',
+  response_type: 'code',
+  client_type: 'PRIVATE',
+  client_options: { ssl: { client_key: client_key, client_cert: client_cert } },
+  scope: 'openid name email mobile',
+  callback_path: '/callback',
+  grant_type: 'client_credentials'
+```
+
+[See the example Rails app](https://github.com/insales/omniauth-sberbank/blob/master/examples).
+
+## Configuring
+
+You can configure several options, which you pass in to the `provider` method via a `Hash`
+All variants see in [Sber documentation](https://developer.sberbank.ru/doc/v2/sbbol/oauth)
+
+
+## Authentication Hash
+
+Here's an example *Auth Hash* available in `request.env['omniauth.auth']`:
+
+```ruby
+{"provider"=>"sberbusiness",
+ "uid"=>"1",
+ "info"=>
+  { "name": "Ivanov Ivan Ivanovich",
+    "phone_number": "+7 (800) 2223535",
+    "email": "DEMO@DEMO.COM",
+    "accounts": {},
+    "id": "1111-1111111111"},
+ "credentials"=>
+  {"token"=>
+    "187041a618229fdaf16613e96e1caabc1e86e46bbfad228de41520e63fe45873684c365a14417289599f3",
+   "expires_at"=>1381826003,
+   "expires"=>true},
+ "extra"=>
+  {"raw_info"=>
+    {}}
+```
+
+The precise information available may depend on the permissions which you request.
+
+## Supported Rubies
+
+Tested with the following Ruby versions:
+
+- Ruby MRI (2.6.6+)
+
+## Contributing to omniauth-sberbusiness
+
+* Fork, fix, then send me a pull request.
+
+## License
+
+Copyright: 2021-2021 Sergei Baksheev (sergbaksheev825@gmail.com)
+
+This library is distributed under the MIT license. Please see the LICENSE file.

data/examples/README.md

@@ -0,0 +1,3 @@
+It's simply rails app to test oauth authorization - ['sberbank oauth test'](https://github.com/insales/omniauth-sberbank/tree/master/examples)
+
+You can just run it by 'bin/rails s'. And than put it to web by ['ngrok'](https://ngrok.com/) (for example)

data/lib/omniauth-sberbusiness.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'omniauth/sberbusiness/version'
+require 'omniauth'
+
+# :nodoc:
+module OmniAuth
+  # :nodoc:
+  module Strategies
+    autoload :Sberbusiness, 'omniauth/strategies/sberbusiness'
+  end
+end
+
+OmniAuth.config.add_camelization 'sberbusiness', 'Sberbusiness'

data/lib/omniauth/sberbusiness/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module Sberbusiness
+    VERSION = '1.0.0'
+  end
+end

data/lib/omniauth/strategies/sberbusiness.rb

@@ -0,0 +1,143 @@
+# frozen_string_literal: true
+
+require 'omniauth/strategies/oauth2'
+require 'securerandom'
+require 'base64'
+
+module OmniAuth
+  module Strategies
+    class Sberbusiness < OmniAuth::Strategies::OAuth2
+      class NoRawData < StandardError; end
+
+      API_VERSION = '1.0'
+
+      DEFAULT_SCOPE = 'openid inn email'
+
+      option :name, 'sberbusiness'
+
+      option :client_options,
+             site: 'https://edupirfintech.sberbank.ru:9443', # 'https://edupir.testsbi.sberbank.ru:9443', # 'https://sbi.sberbank.ru:9443',
+             token_url: 'https://edupirfintech.sberbank.ru:9443/ic/sso/api/v2/oauth/token', # https://edupirfintech.sberbank.ru:9443 https://sbi.sberbank.ru:9443/ic/sso/api/v2/oauth/token
+             authorize_url: 'https://edupir.testsbi.sberbank.ru:9443/ic/sso/api/v2/oauth/authorize'
+             # 'https://edupir.testsbi.sberbank.ru:9443/ic/sso/api/v2/oauth/authorize' # 'https://sbi.sberbank.ru:9443/ic/sso/api/v2/oauth/authorize'
+
+      option :authorize_options, %i[scope response_type client_type client_id state nonce]
+
+      option :redirect_url, nil
+
+      uid { raw_info['sub'].to_s }
+
+      # https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema
+      info do
+        {
+          name: raw_info['name'],
+          orgFullName: raw_info['orgFullName'],
+          OrgName: raw_info['OrgName'],
+          orgKpp: raw_info['orgKpp'],
+          orgOgrn: raw_info['orgOgrn'],
+          orgActualAddress: raw_info['orgActualAddress'],
+          orgJuridicalAddress: raw_info['orgJuridicalAddress'],
+          phone_number: raw_info['phone_number'],
+          email: raw_info['email'],
+          accounts: raw_info['accounts'],
+          id: raw_info['sub'],
+          inn: raw_info['inn'],
+          client_host: raw_info['state'],
+          provider: 'sberbusiness'
+        }
+      end
+
+      extra do
+        {
+          'raw_info' => raw_info
+        }
+      end
+
+      # https://developer.sberbank.ru/doc/v1/sberbank-id/datareq
+      def raw_info
+        access_token.options[:mode] = :header
+        @raw_info ||= begin
+          state = request.params['state']
+          result = access_token.get('/ic/sso/api/v2/oauth/user-info', headers: info_headers).body
+          # декодируем ответ:
+          decoded_data = result.split('.').map { |code| JSON.parse(Base64.decode64(code)) rescue {}}
+          result = decoded_data.reduce(:merge)
+          result['state'] = state
+          result
+        end
+      end
+
+      # https://developer.sberbank.ru/doc/v1/sberbank-id/authcodereq
+      def authorize_params
+        super.tap do |params|
+          %w[state scope response_type client_type client_id nonce].each do |v|
+            next unless request.params[v]
+
+            params[v.to_sym] = request.params[v]
+          end
+          params[:scope] ||= DEFAULT_SCOPE
+          # if you want redirect to other host and save old host
+          state = session['omniauth.origin'] || env['HTTP_REFERER']
+          params[:state] = state
+          session['omniauth.state'] = state
+          params[:nonce] = SecureRandom.hex(16)
+        end
+      end
+
+      private
+
+      def params
+        {
+          fields: info_options,
+          lang: lang_option,
+          https: https_option,
+          v: API_VERSION
+        }
+      end
+
+      def callback_url
+        options.redirect_url || (full_host + script_name + callback_path)
+      end
+
+      def info_options
+        # https://developer.sberbank.ru/doc/v1/sberbank-id/dataanswerparametrs
+        fields = %w[
+          sub family_name given_name middle_name birthdate email phone_number
+          address_reg identification inn snils gender
+        ]
+        fields.concat(options[:info_fields].split(',')) if options[:info_fields]
+        fields.join(',')
+      end
+
+      def lang_option
+        options[:lang] || ''
+      end
+
+      def https_option
+        options[:https] || 0
+      end
+
+      def location
+        country = raw_info.fetch('country', {})['title']
+        city = raw_info.fetch('city', {})['title']
+        @location ||= [country, city].compact.join(', ')
+      end
+
+      def callback_phase
+        super
+      rescue NoRawData => e
+        fail!(:no_raw_data, e)
+      end
+
+      def info_headers
+        {
+          'Authorization' => "Bearer #{access_token.token}"
+        }
+      end
+
+      def rquid
+        @rquid ||= SecureRandom.hex(16)
+      end
+    end
+  end
+end

data/omniauth-sberbusiness.gemspec

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require File.expand_path('lib/omniauth/sberbusiness/version', __dir__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ['Sergei Baksheev']
+  gem.email         = ['sergbaksheev825@gmail.com']
+  gem.summary       = 'Sberbusiness OAuth2 Strategy for OmniAuth'
+  gem.homepage      = 'https://github.com/insales/omniauth-sberbusiness'
+  gem.licenses      = ['MIT']
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = 'omniauth-sberbusiness'
+  gem.require_paths = ['lib']
+  gem.version       = OmniAuth::Sberbusiness::VERSION
+  gem.required_ruby_version = '>= 2.6.0'
+  gem.add_runtime_dependency 'omniauth-oauth2', ['>= 1.5', '<= 1.7.1']
+end

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-sberbusiness
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Sergei Baksheev
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-07-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 1.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 1.7.1
+description: 
+email:
+- sergbaksheev825@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- examples/README.md
+- lib/omniauth-sberbusiness.rb
+- lib/omniauth/sberbusiness/version.rb
+- lib/omniauth/strategies/sberbusiness.rb
+- omniauth-sberbusiness.gemspec
+homepage: https://github.com/insales/omniauth-sberbusiness
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.19
+signing_key: 
+specification_version: 4
+summary: Sberbusiness OAuth2 Strategy for OmniAuth
+test_files: []