omniauth-tinkoff-id 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b125035b7aea156e1dc2532c92789093df39b6e16ddbc66fae2cdc5a1ccc5df7
+  data.tar.gz: 01a6b3a46d6b732edfd6566960489f613cc1ca2ee26697db8dc8990aecd1073b
+SHA512:
+  metadata.gz: 83002b1b26616bd8d4df706b10bc279016f1fe1dab65dc7f6ccb980a35f4c0ccceca7ab79b94ce029ac0c8e9fd45e725009f95fb0192e49767398a6eebb795bc
+  data.tar.gz: 3b059ad6add9f4f628a55bd97cbff1dea21853bb07d17c89bc8e8a687da78d26b9f21d0d056a29ee0e22e93fd5db1062b150c6acdb85209dad311ff7fbab82cb

data/.github/workflows/gem-push.yml

@@ -0,0 +1,20 @@
+name: Publish Gem
+
+on:
+  push:
+    tags:
+      - v*
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Release Gem
+        if: contains(github.ref, 'refs/tags/v')
+        uses: cadwallion/publish-rubygems-action@master
+        env:
+          GITHUB_TOKEN: ${{secrets._GITHUB_TOKEN}}
+          RUBYGEMS_API_KEY: ${{secrets.RUBYGEMS_API_KEY}}
+          RELEASE_COMMAND: rake release

data/.github/workflows/main.yml

@@ -0,0 +1,26 @@
+name: Ruby
+
+on:
+  push:
+    branches:
+      - master
+
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: Ruby ${{ matrix.ruby }}
+    strategy:
+      matrix:
+        ruby: ['2.7', '3.0', '3.1', '3.2']
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Run the default task
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+.DS_Store
+Gemfile.lock
+.idea

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,15 @@
+AllCops:
+  NewCops: enable
+  TargetRubyVersion: 2.7
+  SuggestExtensions: false
+
+Layout/LineLength:
+  Max: 120
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/omniauth/strategies/tinkoff_id_spec.rb
+
+Naming/FileName:
+  Exclude:
+    - lib/omniauth-tinkoff-id.rb

data/Gemfile

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-tinkoff-id.gemspec
+gemspec
+
+group :development do
+  gem 'rake'
+  gem 'rubocop', require: false
+end
+
+group :test do
+  gem 'rspec'
+  gem 'simplecov'
+  gem 'webmock'
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Yury Druzhkov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,77 @@
+# TinkoffId OAuth strategy for OmniAuth
+
+[![Ruby](https://github.com/foxford/omniauth-tinkoff-id/actions/workflows/main.yml/badge.svg)](https://github.com/foxford/omniauth-tinkoff-id/actions/workflows/main.yml)
+
+[![sponsored by foxford](https://user-images.githubusercontent.com/1637293/224282750-6131144c-fdee-4943-9387-35641cedd99c.svg)](https://foxford.ru?utm_source=github)
+
+## Getting Started
+
+### Prerequisites
+
+This gem require [OmniAuth](http://github.com/intridea/omniauth)
+
+But you no need add `gem 'omniauth'`.
+
+This gem already added.
+
+### Installation
+
+    gem "omniauth-tinkoff-id"
+
+[Join](https://tinkoff.github.io/tinkoff-id/join/) to TinkoffId
+
+### Usage
+
+1. Add to omniauth.rb tinkoff_id provider:
+
+        Rails.application.config.middleware.use OmniAuth::Builder do
+            provider :tinkoff_id, ENV['TINKOFF_CLIENT_ID'], ENV['TINKOFF_CLIENT_SECRET']
+        end
+
+2. Add route
+
+        get '/auth/:provider/callback', to: 'sessions#create'
+
+3. Create SessionController
+###### note: This controller only as example how to create user by callback
+
+        class SessionsController < ApplicationController
+          def create
+            @user = User.find_or_create_from_auth_hash(auth_hash)
+            redirect_to '/'
+          end
+
+          protected
+
+          def auth_hash
+            request.env['omniauth.auth']
+          end
+        end
+
+
+## Contributing
+
+1. Fork it (<https://github.com/foxford/omniauth-tinkoff-id/fork>)
+2. Create your feature branch (git checkout -b my-new-feature)
+3. Commit your changes (git commit -am 'Add some feature')
+4. Push to the branch (git push origin my-new-feature)
+5. Create a new Pull Request
+
+## Versioning
+
+We use [SemVer](http://semver.org/) for versioning. For the versions available,
+see the [tags on this repository](ttps://github.com/foxford/omniauth-tinkoff-id/tags).
+
+## Authors
+
+* [ Yury Druzhkov ](https://github.com/badlamer) - Initial work
+
+See also the list of [contributors](https://github.com/foxford/omniauth-tinkoff-id/contributors) who participated in this project.
+
+## License
+
+This project is licensed under the [MIT License](LICENSE.txt).
+
+## Acknowledgments
+
+* https://tinkoff.github.io/tinkoff-id/

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/lib/omniauth/strategies/tinkoff_id.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'omniauth/strategies/oauth2'
+
+module OmniAuth
+  module Strategies
+    # Authenticate to Tinkoff ID utilizing OAuth 2.0
+    # https://tinkoff.github.io/tinkoff-id/
+    class TinkoffId < OmniAuth::Strategies::OAuth2
+      option :name, 'tinkoff_id'
+
+      option :client_options, {
+        site: 'https://id.tinkoff.ru',
+        token_url: '/auth/token',
+        authorize_url: '/auth/authorize',
+        auth_scheme: :basic_auth
+      }
+
+      uid { raw_info['sub'] }
+
+      extra do
+        prune!({ raw_info: raw_info })
+      end
+
+      info do
+        prune!(
+          name: raw_info['name'],
+          email: verified_email,
+          unverified_email: raw_info['email'],
+          email_verified: raw_info['email_verified'],
+          first_name: raw_info['given_name'],
+          last_name: raw_info['family_name'],
+          phone_number: verified_phone_number,
+          unverified_phone_number: raw_info['phone_number'],
+          phone_number_verified: raw_info['phone_number_verified']
+        )
+      end
+
+      def callback_url
+        options[:redirect_uri] || (full_host + callback_path)
+      end
+
+      private
+
+      def prune!(hash)
+        hash.delete_if do |_, value|
+          prune!(value) if value.is_a?(Hash)
+          value.nil? || (value.respond_to?(:empty?) && value.empty?)
+        end
+      end
+
+      def raw_info
+        @raw_info ||= connection.post(
+          'userinfo/userinfo', client_id: options[:client_id], client_secret: options[:client_secret]
+        ).body
+      end
+
+      def verified_phone_number
+        raw_info['phone_number'] if raw_info['phone_number_verified']
+      end
+
+      def verified_email
+        raw_info['email'] if raw_info['email_verified']
+      end
+
+      def connection
+        @connection ||= Faraday.new('https://id.tinkoff.ru') do |conn|
+          conn.request :url_encoded
+          conn.request :authorization, 'Bearer', access_token.token
+          conn.response :json
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/tinkoff_id/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Omniauth
+  module TinkoffId
+    VERSION = '0.1.0'
+  end
+end

data/lib/omniauth/tinkoff_id.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'omniauth/strategies/tinkoff_id'

data/lib/omniauth-tinkoff-id.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'omniauth/tinkoff_id'

data/omniauth-tinkoff-id.gemspec

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require_relative 'lib/omniauth/tinkoff_id/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'omniauth-tinkoff-id'
+  spec.version = Omniauth::TinkoffId::VERSION
+  spec.authors = ['Yury Druzhkov']
+  spec.email = ['bad1lamer@gmail.com']
+
+  spec.summary = 'TinkoffId OAuth2 Strategy for OmniAuth'
+  spec.homepage = 'https://github.com/foxford/omniauth-tinkoff-id'
+  spec.license = 'MIT'
+  spec.required_ruby_version = '>= 2.7.0'
+
+  spec.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  spec.files         = `git ls-files`.split("\n")
+  spec.require_paths = ['lib']
+  spec.add_runtime_dependency 'omniauth-oauth2', '>= 1.5', '<= 1.8.0'
+end

data/spec/omniauth/strategies/tinkoff_id_spec.rb

@@ -0,0 +1,213 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe OmniAuth::Strategies::TinkoffId do
+  subject do
+    described_class.new(app, 'client_id', 'client_secret', @options || {}).tap do |strategy|
+      allow(strategy).to receive(:request) do
+        request
+      end
+    end
+  end
+
+  let(:request) { double('Request', params: {}, cookies: {}, env: {}, query_string: {}) }
+  let(:app) do
+    lambda do
+      [200, {}, ['Hello.']]
+    end
+  end
+
+  before do
+    OmniAuth.config.test_mode = true
+  end
+
+  after do
+    OmniAuth.config.test_mode = false
+  end
+
+  describe '#client_options' do
+    it 'has correct site' do
+      expect(subject.client.site).to eq('https://id.tinkoff.ru')
+    end
+
+    it 'has correct authorize_url' do
+      expect(subject.client.options[:authorize_url]).to eq('/auth/authorize')
+    end
+
+    it 'has correct token_url' do
+      expect(subject.client.options[:token_url]).to eq('/auth/token')
+    end
+
+    describe 'overrides' do
+      context 'as strings' do
+        it 'allows overriding the site' do
+          @options = { client_options: { 'site' => 'https://example.com' } }
+          expect(subject.client.site).to eq('https://example.com')
+        end
+
+        it 'allows overriding the authorize_url' do
+          @options = { client_options: { 'authorize_url' => 'https://example.com' } }
+          expect(subject.client.options[:authorize_url]).to eq('https://example.com')
+        end
+
+        it 'allows overriding the token_url' do
+          @options = { client_options: { 'token_url' => 'https://example.com' } }
+          expect(subject.client.options[:token_url]).to eq('https://example.com')
+        end
+      end
+
+      context 'as symbols' do
+        it 'allows overriding the site' do
+          @options = { client_options: { site: 'https://example.com' } }
+          expect(subject.client.site).to eq('https://example.com')
+        end
+
+        it 'allows overriding the authorize_url' do
+          @options = { client_options: { authorize_url: 'https://example.com' } }
+          expect(subject.client.options[:authorize_url]).to eq('https://example.com')
+        end
+
+        it 'allows overriding the token_url' do
+          @options = { client_options: { token_url: 'https://example.com' } }
+          expect(subject.client.options[:token_url]).to eq('https://example.com')
+        end
+      end
+    end
+  end
+
+  describe '#callback_url' do
+    let(:base_url) { 'https://example.com' }
+
+    it 'returns correct default callback path' do
+      allow(subject).to receive(:full_host) { base_url }
+      allow(subject).to receive(:script_name).and_return('')
+      expect(subject.send(:callback_url)).to eq("#{base_url}/auth/tinkoff_id/callback")
+    end
+
+    it 'sets the callback path with script_name if present' do
+      allow(subject).to receive(:full_host) { base_url }
+      allow(subject).to receive(:script_name).and_return('/v1')
+      expect(subject.send(:callback_url)).to eq("#{base_url}/v1/auth/tinkoff_id/callback")
+    end
+
+    it 'sets the callback_path parameter if present' do
+      @options = { callback_path: '/auth/foo/callback' }
+      allow(subject).to receive(:full_host) { base_url }
+      allow(subject).to receive(:script_name).and_return('')
+      expect(subject.send(:callback_url)).to eq("#{base_url}/auth/foo/callback")
+    end
+  end
+
+  describe '#info' do
+    let(:client) { OAuth2::Client.new('abc', 'def') }
+    let(:access_token) do
+      OAuth2::AccessToken.from_hash(client, access_token: 'valid_access_token',
+                                            token_type: 'Bearer',
+                                            expires_at: 1791,
+                                            refresh_token: 'valid_refresh_token')
+    end
+
+    before do
+      allow(subject).to receive(:access_token).and_return(access_token)
+    end
+
+    let(:response_hash) do
+      {
+        email: 'tinkoff@mail.ru',
+        family_name: 'Иванов',
+        birthdate: '2000-01-01',
+        sub: '923d4812-148c-45v4-a56b-eed15cdd2857',
+        name: 'Иванов Олег',
+        gender: 'male',
+        phone_number: '+79998887766',
+        middle_name: 'Юрьевич',
+        given_name: 'Олег',
+        email_verified: false,
+        phone_number_verified: false
+      }
+    end
+
+    before do
+      stub_request(:post, 'https://id.tinkoff.ru/userinfo/userinfo')
+        .with(
+          body: { 'client_id' => 'client_id', 'client_secret' => 'client_secret' },
+          headers: {
+            'Accept' => '*/*',
+            'Authorization' => "Bearer #{access_token.token}",
+            'Content-Type' => 'application/x-www-form-urlencoded'
+          }
+        )
+        .to_return(status: 200, body: response_hash.to_json, headers: { 'Content-Type': 'application/json' })
+    end
+
+    it 'retunrs info hash' do
+      expect(subject.info).to eq(
+        name: 'Иванов Олег',
+        unverified_email: 'tinkoff@mail.ru',
+        email_verified: false,
+        first_name: 'Олег',
+        last_name: 'Иванов',
+        phone_number_verified: false,
+        unverified_phone_number: '+79998887766'
+      )
+    end
+
+    context 'with verified email' do
+      let(:response_hash) do
+        { email_verified: true, email: 'tinkoff@mail.ru' }
+      end
+
+      it 'returns info with email' do
+        expect(subject.info[:email]).to eq('tinkoff@mail.ru')
+      end
+    end
+
+    context 'when verified phone number' do
+      let(:response_hash) do
+        { phone_number_verified: true, phone_number: '+79998887766' }
+      end
+
+      it 'returns info with email' do
+        expect(subject.info[:phone_number]).to eq('+79998887766')
+      end
+    end
+  end
+
+  describe '#credentials' do
+    let(:client) { OAuth2::Client.new('abc', 'def') }
+    let(:access_token) do
+      OAuth2::AccessToken.from_hash(client, access_token: 'valid_access_token',
+                                            token_type: 'Bearer',
+                                            expires_at: 1791,
+                                            refresh_token: 'valid_refresh_token')
+    end
+
+    before do
+      allow(subject).to receive(:access_token).and_return(access_token)
+      subject.options.client_options[:connection_build] = proc do |builder|
+        builder.request :url_encoded
+        builder.request :basic_auth, :basic, subject.client.options[:client_id], subject.client.options[:client_secrect]
+        builder.adapter :test do |stub|
+          stub.post('/auth/token') do
+            [200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
+              sub: '2xxxxxxc-8xx6-4xxd-9xx5-bxxxxxxxxxxa'
+            )]
+          end
+        end
+      end
+    end
+
+    it 'returns access token and (optionally) refresh token' do
+      expect(subject.credentials.to_h)
+        .to match(hash_including(
+                    {
+                      'expires' => true,
+                      'expires_at' => 1791,
+                      'refresh_token' => 'valid_refresh_token',
+                      'token' => 'valid_access_token'
+                    }
+                  ))
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'rspec'
+require 'webmock/rspec'
+require 'omniauth'
+require 'omniauth/strategies/tinkoff_id'
+
+RSpec.configure do |config|
+  config.include WebMock::API
+  config.extend  OmniAuth::Test::StrategyMacros, type: :strategy
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-tinkoff-id
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Yury Druzhkov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-03-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+description: 
+email:
+- bad1lamer@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/gem-push.yml"
+- ".github/workflows/main.yml"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/omniauth-tinkoff-id.rb
+- lib/omniauth/strategies/tinkoff_id.rb
+- lib/omniauth/tinkoff_id.rb
+- lib/omniauth/tinkoff_id/version.rb
+- omniauth-tinkoff-id.gemspec
+- spec/omniauth/strategies/tinkoff_id_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/foxford/omniauth-tinkoff-id
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.6
+signing_key: 
+specification_version: 4
+summary: TinkoffId OAuth2 Strategy for OmniAuth
+test_files: []