RubyGems - omniauth-telegram - Versions diffs - 0.2.0 → 0.2.1 - Mend

omniauth-telegram 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.github/workflows/build.yaml +21 -0
data/.gitignore +1 -0
data/.ruby-version +1 -0
data/CHANGELOG.md +5 -0
data/Gemfile +2 -0
data/Gemfile.lock +4 -2
data/lib/omniauth/strategies/telegram.rb +30 -24
data/lib/omniauth/telegram/version.rb +1 -1
metadata +8 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5334ef6176df287ae46257dedef283bf73ba261faf09a549244cd46b0e0afd92
-  data.tar.gz: f3765a5e3a66641eb832ac2bce0499c43e356c3130a4100dec9cb1d583bffa69
+  metadata.gz: e7a6840649262f7c541cb7d5874c0fdc6903a7bff13cedae8677f0199babc247
+  data.tar.gz: 3235f56261bf529536361492fbc614764467a9a4a4eae6cf14763916a867b425
 SHA512:
-  metadata.gz: c1618087b3cb265fafa1d3e0bd9ef5884600ee81753169750ac5872baee5512171d5dca98c0cea77d5b174d100daa934283fe38818a5aaf8d61125e33c2f87fe
-  data.tar.gz: f251ca92368438e15e2c8a6479e9b8d5137d278fec64a09587819f591270991a0fd97cdf4ec3d26ad19928a6aa62fb1d8d026d5420d4a83e7ba0ca4767cf2c38
+  metadata.gz: d9b0a49b715999609a482c7df16c9b26d1c6ef1bbda0a4f605627c08b020ee0a3e88143035755be7db32106001e1b9cfd13230041a9445bfffa50462db59cfb1
+  data.tar.gz: a40fce3cb58c390be9d0d8d3e89cdc46514461a86f28b06bf585ef7715c016d0b3dda4871323acff954fe39396c5743451d219704b588c5507c46706fe6710e5

data/.github/workflows/build.yaml ADDED Viewed

@@ -0,0 +1,21 @@
+name: build
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+      - name: Run Tests
+        run: bundle exec rake

data/.gitignore CHANGED Viewed

@@ -9,3 +9,4 @@
 # rspec failure tracking
 .rspec_status
+*.gem

data/.ruby-version ADDED Viewed

	@@ -0,0 +1 @@
1	+ 2.7.3

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,8 @@
+## 0.2.1
+* fix 'missing-field' param issue @phoet https://github.com/yurijmi/omniauth-telegram/pull/7
+* fix 'invalid_signature' with missing username issue @phoet https://github.com/yurijmi/omniauth-telegram/pull/7
 ## 0.2.0
 * update gem requirements for compatibility with OmniAuth 2.0 @phoet https://github.com/yurijmi/omniauth-telegram/pull/7

data/Gemfile CHANGED Viewed

@@ -4,3 +4,5 @@ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
 # Specify your gem's dependencies in omniauth-telegram.gemspec
 gemspec
+gem "byebug"

data/Gemfile.lock CHANGED Viewed

@@ -1,15 +1,16 @@
 PATH
   remote: .
   specs:
-    omniauth-telegram (0.2.0)
+    omniauth-telegram (0.2.1)
       omniauth (>= 1.0)
 GEM
   remote: https://rubygems.org/
   specs:
+    byebug (11.1.3)
     diff-lcs (1.4.4)
     hashie (4.1.0)
-    omniauth (2.0.3)
+    omniauth (2.0.4)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
       rack-protection
@@ -36,6 +37,7 @@ PLATFORMS
 DEPENDENCIES
   bundler (>= 1.16)
+  byebug
   omniauth-telegram!
   rake (>= 10.0)
   rspec (>= 3.0)

data/lib/omniauth/strategies/telegram.rb CHANGED Viewed

@@ -6,17 +6,17 @@ module OmniAuth
   module Strategies
     class Telegram
       include OmniAuth::Strategy
       args [:bot_name, :bot_secret]
       option :name, 'telegram'
       option :bot_name, nil
       option :bot_secret, nil
       option :button_config, {}
-      FIELDS      = %w[id first_name last_name username photo_url auth_date hash]
-      HASH_FIELDS = %w[auth_date first_name id last_name photo_url username]
+      REQUIRED_FIELDS = %w[id hash]
+      HASH_FIELDS     = %w[auth_date first_name id last_name photo_url username]
       def request_phase
         html = <<-HTML
           <!DOCTYPE html>
@@ -27,23 +27,23 @@ module OmniAuth
           </head>
           <body>
         HTML
         data_attrs = options.button_config.map { |k,v| "data-#{k}=\"#{v}\"" }.join(" ")
         html << "<script async
               src=\"https://telegram.org/js/telegram-widget.js?4\"
               data-telegram-login=\"#{options.bot_name}\"
               data-auth-url=\"#{callback_url}\"
         #{data_attrs}></script>"
         html << <<-HTML
           </body>
           </html>
         HTML
         Rack::Response.new(html, 200, 'content-type' => 'text/html').finish
       end
       def callback_phase
         if error = check_errors
           fail!(error)
@@ -51,11 +51,11 @@ module OmniAuth
           super
         end
       end
       uid do
         request.params["id"]
       end
       info do
         {
             name:       "#{request.params["first_name"]} #{request.params["last_name"]}",
@@ -65,36 +65,42 @@ module OmniAuth
             image:      request.params["photo_url"]
         }
       end
       extra do
         {
             auth_date: Time.at(request.params["auth_date"].to_i)
         }
       end
       private
       def check_errors
-        return :field_missing unless check_fields
+        return :field_missing unless check_required_fields
         return :signature_mismatch unless check_signature
         return :session_expired unless check_session
       end
-      def check_fields
-        FIELDS.all? { |f| request.params.include?(f) }
+      def check_required_fields
+        REQUIRED_FIELDS.all? { |f| request.params.include?(f) }
       end
       def check_signature
-        secret = OpenSSL::Digest::SHA256.digest(options[:bot_secret])
-        signature = HASH_FIELDS.map { |f| "%s=%s" % [f, request.params[f]] }.join("\n")
-        hashed_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, signature)
-        request.params["hash"] == hashed_signature
+        request.params["hash"] == self.class.calculate_signature(options[:bot_secret], request.params)
       end
       def check_session
         Time.now.to_i - request.params["auth_date"].to_i <= 86400
       end
+      def self.calculate_signature(secret, params)
+        secret = OpenSSL::Digest::SHA256.digest(secret)
+        signature = generate_comparison_string(params)
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, signature)
+      end
+      def self.generate_comparison_string(params)
+        (params.keys & HASH_FIELDS).sort.map { |field| "%s=%s" % [field, params[field]] }.join("\n")
+      end
     end
   end
 end

data/lib/omniauth/telegram/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Omniauth
   module Telegram
-    VERSION = "0.2.0"
+    VERSION = "0.2.1"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-telegram
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Yuri Mikhaylov
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-15 00:00:00.000000000 Z
+date: 2021-04-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -73,8 +73,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build.yaml"
 - ".gitignore"
 - ".rspec"
+- ".ruby-version"
 - ".travis.yml"
 - CHANGELOG.md
 - Gemfile
@@ -90,7 +92,7 @@ files:
 homepage: https://github.com/yurijmi/omniauth-telegram
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -105,8 +107,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: An OmniAuth strategy for Telegram
 test_files: []