omniauth-stackoverflow 1.0.0

data/.gitignore

@@ -0,0 +1,8 @@
+*.gem
+.bundle
+.rspec
+/Gemfile.lock
+pkg/*
+.powenv
+tmp
+bin

data/.travis.yml

@@ -0,0 +1,8 @@
+rvm:
+  - 1.8.7
+  - 1.9.2
+  - 1.9.3
+  - jruby
+branches:
+  only:
+    - master

data/Gemfile

@@ -0,0 +1,5 @@
+source :rubygems
+
+gemspec
+
+gem 'jruby-openssl', :platform => :jruby

data/README.md

@@ -0,0 +1,9 @@
+# OmniAuth StackOverflow 
+
+StackOverflow OAuth2 Strategy for OmniAuth 1.0.
+
+All credit due to [Mark Dodwell](https://github.com/mkdynamic), this repository is a hacked up copy of his [Facebook OAuth2 Strategy](https://github.com/mkdynamic/omniauth-facebook). When I get a chance I will put all the specs back in and everything, promise!
+
+Configuration is a little different to other Omniauth strategies, Stack Exchange use an app id as well, configure it like this (in the Devise initialiser); 
+
+    config.omniauth :stackoverflow, '<client_id>', '<oauth secret>', :scope => 'no_expiry', :oauth_key => '<oauth key>'

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/omniauth/stackoverflow/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Stackoverflow
+    VERSION = "1.0.0"
+  end
+end

data/lib/omniauth/stackoverflow.rb

@@ -0,0 +1,2 @@
+require 'omniauth/stackoverflow/version'
+require 'omniauth/strategies/stackoverflow'

data/lib/omniauth/strategies/stackoverflow.rb

@@ -0,0 +1,211 @@
+require 'omniauth/strategies/oauth2'
+require 'base64'
+require 'openssl'
+require 'rack/utils'
+
+module OmniAuth
+  module Strategies
+    class Stackoverflow < OmniAuth::Strategies::OAuth2
+      class NoAuthorizationCodeError < StandardError; end
+
+      attr_accessor :oauth_key
+
+      DEFAULT_SCOPE = 'email'
+
+      option :client_options, {
+        :site => 'https://stackexchange.com',
+        :token_url => '/oauth/access_token'
+      }
+
+      option :token_params, {
+        :parse => :query
+      }
+
+      option :access_token_options, {
+        :header_format => 'OAuth %s',
+        :param_name => 'access_token'
+      }
+
+      option :authorize_options, [:scope, :display, :oauth_key]
+
+      uid { raw_info['user_id'] }
+
+      info do
+        prune!({
+          'id' => raw_info['user_id'],
+          'display_name' => raw_info['display_name'],
+          'email' => "#{raw_info['user_id']}@stackoverflow.com",
+          'image' => raw_info['profile_image']
+        })
+      end
+
+      extra do
+        hash = {}
+        hash['raw_info'] = raw_info unless skip_info?
+        prune! hash
+      end
+
+      def raw_info
+        access_token.client.site = "https://api.stackexchange.com"
+        @raw_info ||= access_token.get('/2.0/me', :params => { 'site' => 'stackoverflow', 'access_token' => access_token.token, 'key' => @oauth_key }).parsed["items"].first || {}
+      end
+
+      def build_access_token
+
+        if signed_request_contains_access_token?
+
+          hash = signed_request.clone
+          ::OAuth2::AccessToken.new(
+            client,
+            hash.delete('oauth_token'),
+            hash.merge!(access_token_options.merge(:expires_at => hash.delete('expires')))
+          )
+        else
+          with_authorization_code! { super }.tap do |token|
+            token.options.merge!(access_token_options)
+          end
+        end
+      end
+
+      def request_phase
+        if signed_request_contains_access_token?
+
+          # if we already have an access token, we can just hit the
+          # callback URL directly and pass the signed request along
+          params = { :signed_request => raw_signed_request }
+          params[:state] = request.params['state'] if request.params['state']
+          
+          query = Rack::Utils.build_query(params)
+
+          url = callback_url
+          url << "?" unless url.match(/\?/)
+          url << "&" unless url.match(/[\&\?]$/)
+          url << query
+
+          redirect url
+        else
+          super
+        end
+      end
+
+      def callback_phase
+        @oauth_key = authorize_params[:oauth_key]
+
+        super
+      end
+      # NOTE if we're using code from the signed request
+      # then FB sets the redirect_uri to '' during the authorize
+      # phase + it must match during the access_token phase:
+      # https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348
+      def callback_url
+        if @authorization_code_from_signed_request
+          ''
+        else
+          options[:callback_url] || super
+        end
+      end
+
+      def access_token_options
+        options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h }
+      end
+
+      ##
+      # You can pass +display+, +state+ or +scope+ params to the auth request, if
+      # you need to set them dynamically. You can also set these options
+      # in the OmniAuth config :authorize_params option.
+      #
+      # /auth/facebook?display=popup&state=ABC  
+      #
+      def authorize_params
+        super.tap do |params|
+          %w[display state scope].each { |v| params[v.to_sym] = request.params[v] if request.params[v] }
+          params[:scope] ||= DEFAULT_SCOPE
+        end
+      end
+
+      ##
+      # Parse signed request in order, from:
+      #
+      # 1. the request 'signed_request' param (server-side flow from canvas pages) or
+      # 2. a cookie (client-side flow via JS SDK)
+      #
+      def signed_request
+        @signed_request ||= raw_signed_request &&
+          parse_signed_request(raw_signed_request)
+      end
+
+      private
+
+      def raw_signed_request
+        request.params['signed_request'] ||
+        request.cookies["fbsr_#{client.id}"]
+      end
+
+      ##
+      # If the signed_request comes from a FB canvas page and the user
+      # has already authorized your application, the JSON object will be
+      # contain the access token.
+      #
+      # https://developers.facebook.com/docs/authentication/canvas/
+      #
+      def signed_request_contains_access_token?
+        signed_request &&
+        signed_request['oauth_token']
+      end
+
+      ##
+      # Picks the authorization code in order, from:
+      #
+      # 1. the request 'code' param (manual callback from standard server-side flow)
+      # 2. a signed request (see #signed_request for more)
+      #
+      def with_authorization_code!
+        if request.params.key?('code')
+          yield
+        elsif code_from_signed_request = signed_request && signed_request['code']
+          request.params['code'] = code_from_signed_request
+          @authorization_code_from_signed_request = true
+          begin
+            yield
+          ensure
+            request.params.delete('code')
+            @authorization_code_from_signed_request = false
+          end
+        else
+          raise NoAuthorizationCodeError, 'must pass either a `code` parameter or a signed request (via `signed_request` parameter or a `fbsr_XXX` cookie)'
+        end
+      end
+
+      def prune!(hash)
+        hash.delete_if do |_, value|
+          prune!(value) if value.is_a?(Hash)
+          value.nil? || (value.respond_to?(:empty?) && value.empty?)
+        end
+      end
+
+      def parse_signed_request(value)
+        signature, encoded_payload = value.split('.')
+
+        decoded_hex_signature = base64_decode_url(signature)
+        decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
+
+        unless decoded_payload['algorithm'] == 'HMAC-SHA256'
+          raise NotImplementedError, "unkown algorithm: #{decoded_payload['algorithm']}"
+        end
+
+        if valid_signature?(client.secret, decoded_hex_signature, encoded_payload)
+          decoded_payload
+        end
+      end
+
+      def valid_signature?(secret, signature, payload, algorithm = OpenSSL::Digest::SHA256.new)
+        OpenSSL::HMAC.digest(algorithm, secret, payload) == signature
+      end
+
+      def base64_decode_url(value)
+        value += '=' * (4 - value.size.modulo(4))
+        Base64.decode64(value.tr('-_', '+/'))
+      end
+    end
+  end
+end

data/lib/omniauth-stackoverflow.rb

@@ -0,0 +1 @@
+require 'omniauth/stackoverflow'

data/omniauth-stackoverflow.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path('../lib', __FILE__)
+require 'omniauth/stackoverflow/version'
+
+Gem::Specification.new do |s|
+  s.name     = 'omniauth-stackoverflow'
+  s.version  = OmniAuth::Stackoverflow::VERSION
+  s.authors  = ['Mark Dodwell', 'Dan Higham']
+  s.email    = ['mark@mkdynamic.co.uk', 'dhigham@vmware.com']
+  s.summary  = 'StackOverflow strategy for OmniAuth'
+  s.homepage = 'https://github.com/danhigham/omniauth-stackoverflow'
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.require_paths = ['lib']
+
+  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.0.2'
+  
+  s.add_development_dependency 'rspec', '~> 2'
+  s.add_development_dependency 'rake'
+
+end

metadata

@@ -0,0 +1,105 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-stackoverflow
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- Mark Dodwell
+- Dan Higham
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-06-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- mark@mkdynamic.co.uk
+- dhigham@vmware.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- README.md
+- Rakefile
+- lib/omniauth-stackoverflow.rb
+- lib/omniauth/stackoverflow.rb
+- lib/omniauth/stackoverflow/version.rb
+- lib/omniauth/strategies/stackoverflow.rb
+- omniauth-stackoverflow.gemspec
+homepage: https://github.com/danhigham/omniauth-stackoverflow
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: StackOverflow strategy for OmniAuth
+test_files: []