omniauth-withings-oauth2 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 790581559a7f50a1b2df09ef40cb2d057ce2d08b
-  data.tar.gz: d1d7214e92ab218e1cd8b658dd28538d0bcd972e
+SHA256:
+  metadata.gz: 919a285f818c60af0dddcb963265cfeace3c6179c098f321590812d445a28015
+  data.tar.gz: a1f63f0a1ad0c1a8fa33a3fe7a5b4b757cb607522fbfb1ffac72588d66ef5fa3
 SHA512:
-  metadata.gz: ab1226627ec664f3b0dace6d7f383b44d58f041788ca96ff7179e8906b0cdd93b23ab5ac05e0f02cab13c8dd433667e6828554b73d5f5177a389caeaad801b5b
-  data.tar.gz: f62bd79b20e383e2114acdb95aeb7f575e2b1027acf821250996c7ee365cf6f467b52b33910a845a047ca95636dc1a05ec7ccd651238980ac49250d03ceddb8b
+  metadata.gz: 117810510a52949a4d9203727d308e4306c74f181cc10a552a35aaeb83e9818237710ade2aa0a2821f81379bf5f977bc0aaeb0f7e1b2c9a6fe1950aa9927a8f1
+  data.tar.gz: cf0e9d103ae7bd31e6603cad397523b2bb5d8f8d5248f3a41c2b6d6f66f6d082580055b351ffd073edae52ba5075a63c0860346e55c641145a884405b1e40c4a

data/.travis.yml

@@ -1,6 +1,8 @@
 language: ruby
 rvm:
-  - 2.2
-  - 2.3
-  - 2.4
-  - 2.5
+  - 2.6
+  - 2.7
+  - 3.0
+  - 3.1
+  - 3.2
+  - 3.3

data/README.md

@@ -1,6 +1,7 @@
 # OmniAuth Withings OAuth2 Strategy
 
 [![Build Status](https://travis-ci.org/bartimaeus/omniauth-withings-oauth2.svg?branch=master)](https://travis-ci.org/bartimaeus/omniauth-withings-oauth2)
+[![Gem Version](https://badge.fury.io/rb/omniauth-withings-oauth2.svg)](https://badge.fury.io/rb/omniauth-withings-oauth2)
 
 A Withings OAuth2 strategy for OmniAuth.
 
@@ -28,7 +29,7 @@ This is an example that you might put into a Rails initializer at `config/initia
 
 ```ruby
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :withings, ENV['WITHINGS_CLIENT_ID'], ENV['WITHINGS_CLIENT_SECRET'], :scope => 'user.info user.metrics'
+  provider :withings, ENV['WITHINGS_CLIENT_ID'], ENV['WITHINGS_CLIENT_SECRET'], :scope => 'user.info,user.metrics'
 end
 ```
 
@@ -42,7 +43,7 @@ For more details, read the withings documentation: http://developer.withings.com
 You can configure the scope option:
 
 ```ruby
-provider :withings, ENV['WITHINGS_CLIENT_ID'], ENV['WITHINGS_CLIENT_SECRET'], :scope => 'user.info user.metrics'
+provider :withings, ENV['WITHINGS_CLIENT_ID'], ENV['WITHINGS_CLIENT_SECRET'], :scope => 'user.info,user.metrics,user.activity'
 ```
 
 ## Contributing

data/lib/omniauth/strategies/withings.rb

@@ -8,7 +8,9 @@ module OmniAuth
       option :client_options, {
         :site => 'https://account.withings.com',
         :authorize_url => 'https://account.withings.com/oauth2_user/authorize2',
-        :token_url => 'https://account.withings.com/oauth2/token'
+        :token_url => 'https://wbsapi.withings.net/v2/oauth2',
+        :auth_scheme => :request_body,
+        :access_token_class => OmniAuth::WithingsOauth2::AccessToken
       }
 
       option :scope, 'user.info'
@@ -27,6 +29,21 @@ module OmniAuth
         full_host + script_name + callback_path
       end
 
+      def build_access_token
+        verifier = request.params["code"]
+        response = client.auth_code.get_token(
+          verifier,
+          {
+            :redirect_uri => callback_url,
+            action: 'requesttoken',
+            client_id: options.client_id,
+            client_secret: options.client_secret,
+            code: verifier,
+            grant_type: 'authorization_code'
+          }.merge(token_params.to_hash(:symbolize_keys => true)),
+          deep_symbolize(options.auth_token_params))
+      end
+
       alias :oauth2_access_token :access_token
 
       def access_token

data/lib/omniauth/withings_oauth2/access_token.rb

@@ -0,0 +1,224 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module WithingsOauth2
+    class AccessToken # rubocop:disable Metrics/ClassLength
+      TOKEN_KEYS_STR = %w[access_token id_token token accessToken idToken].freeze
+      TOKEN_KEYS_SYM = %i[access_token id_token token accessToken idToken].freeze
+      TOKEN_KEY_LOOKUP = TOKEN_KEYS_STR + TOKEN_KEYS_SYM
+
+      attr_reader :client, :token, :expires_in, :expires_at, :expires_latency, :params
+      attr_accessor :options, :refresh_token, :response
+
+      class << self
+        # Initializes an AccessToken from a Hash
+        #
+        # @param [Client] client the OAuth2::Client instance
+        # @param [Hash] hash a hash of AccessToken property values
+        # @option hash [String, Symbol] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token
+        # @return [AccessToken] the initialized AccessToken
+        def from_hash(client, hash)
+          fresh = hash["body"].dup
+          supported_keys = TOKEN_KEY_LOOKUP & fresh.keys
+          key = supported_keys[0]
+          extra_tokens_warning(supported_keys, key)
+          token = fresh.delete(key)
+          new(client, token, fresh)
+        end
+
+        # Initializes an AccessToken from a key/value application/x-www-form-urlencoded string
+        #
+        # @param [Client] client the OAuth2::Client instance
+        # @param [String] kvform the application/x-www-form-urlencoded string
+        # @return [AccessToken] the initialized AccessToken
+        def from_kvform(client, kvform)
+          from_hash(client, Rack::Utils.parse_query(kvform))
+        end
+
+      private
+
+        # Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token).
+        def extra_tokens_warning(supported_keys, key)
+          return if OAuth2.config.silence_extra_tokens_warning
+          return if supported_keys.length <= 1
+
+          warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.")
+        end
+      end
+
+      # Initialize an AccessToken
+      #
+      # @param [Client] client the OAuth2::Client instance
+      # @param [String] token the Access Token value (optional, may not be used in refresh flows)
+      # @param [Hash] opts the options to create the Access Token with
+      # @option opts [String] :refresh_token (nil) the refresh_token value
+      # @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire
+      # @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire
+      # @option opts [FixNum, String] :expires_latency (nil) the number of seconds by which AccessToken validity will be reduced to offset latency, @version 2.0+
+      # @option opts [Symbol] :mode (:header) the transmission mode of the Access Token parameter value
+      #    one of :header, :body or :query
+      # @option opts [String] :header_format ('Bearer %s') the string format to use for the Authorization header
+      # @option opts [String] :param_name ('access_token') the parameter name to use for transmission of the
+      #    Access Token value in :body or :query transmission mode
+      def initialize(client, token, opts = {})
+        @client = client
+        @token = token.to_s
+
+        opts = opts.dup
+        %i[refresh_token expires_in expires_at expires_latency].each do |arg|
+          instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
+        end
+        no_tokens = (@token.nil? || @token.empty?) && (@refresh_token.nil? || @refresh_token.empty?)
+        if no_tokens
+          if @client.options[:raise_errors]
+            error = Error.new(opts)
+            raise(error)
+          else
+            warn('OAuth2::AccessToken has no token')
+          end
+        end
+        # @option opts [Fixnum, String] :expires is deprecated
+        @expires_in ||= opts.delete('expires')
+        @expires_in &&= @expires_in.to_i
+        @expires_at &&= convert_expires_at(@expires_at)
+        @expires_latency &&= @expires_latency.to_i
+        @expires_at ||= Time.now.to_i + @expires_in if @expires_in
+        @expires_at -= @expires_latency if @expires_latency
+        @options = {mode: opts.delete(:mode) || :header,
+                    header_format: opts.delete(:header_format) || 'Bearer %s',
+                    param_name: opts.delete(:param_name) || 'access_token'}
+        @params = opts
+      end
+
+      # Indexer to additional params present in token response
+      #
+      # @param [String] key entry key to Hash
+      def [](key)
+        @params[key]
+      end
+
+      # Whether or not the token expires
+      #
+      # @return [Boolean]
+      def expires?
+        !!@expires_at
+      end
+
+      # Whether or not the token is expired
+      #
+      # @return [Boolean]
+      def expired?
+        expires? && (expires_at <= Time.now.to_i)
+      end
+
+      # Refreshes the current Access Token
+      #
+      # @return [AccessToken] a new AccessToken
+      # @note options should be carried over to the new AccessToken
+      def refresh(params = {}, access_token_opts = {})
+        raise('A refresh_token is not available') unless refresh_token
+
+        params[:grant_type] = 'refresh_token'
+        params[:refresh_token] = refresh_token
+        new_token = @client.get_token(params, access_token_opts)
+        new_token.options = options
+        if new_token.refresh_token
+          # Keep it, if there is one
+        else
+          new_token.refresh_token = refresh_token
+        end
+        new_token
+      end
+      # A compatibility alias
+      # @note does not modify the receiver, so bang is not the default method
+      alias refresh! refresh
+
+      # Convert AccessToken to a hash which can be used to rebuild itself with AccessToken.from_hash
+      #
+      # @return [Hash] a hash of AccessToken property values
+      def to_hash
+        params.merge(access_token: token, refresh_token: refresh_token, expires_at: expires_at)
+      end
+
+      # Make a request with the Access Token
+      #
+      # @param [Symbol] verb the HTTP request method
+      # @param [String] path the HTTP URL path of the request
+      # @param [Hash] opts the options to make the request with
+      #   @see Client#request
+      def request(verb, path, opts = {}, &block)
+        configure_authentication!(opts)
+        @client.request(verb, path, opts, &block)
+      end
+
+      # Make a GET request with the Access Token
+      #
+      # @see AccessToken#request
+      def get(path, opts = {}, &block)
+        request(:get, path, opts, &block)
+      end
+
+      # Make a POST request with the Access Token
+      #
+      # @see AccessToken#request
+      def post(path, opts = {}, &block)
+        request(:post, path, opts, &block)
+      end
+
+      # Make a PUT request with the Access Token
+      #
+      # @see AccessToken#request
+      def put(path, opts = {}, &block)
+        request(:put, path, opts, &block)
+      end
+
+      # Make a PATCH request with the Access Token
+      #
+      # @see AccessToken#request
+      def patch(path, opts = {}, &block)
+        request(:patch, path, opts, &block)
+      end
+
+      # Make a DELETE request with the Access Token
+      #
+      # @see AccessToken#request
+      def delete(path, opts = {}, &block)
+        request(:delete, path, opts, &block)
+      end
+
+      # Get the headers hash (includes Authorization token)
+      def headers
+        {'Authorization' => options[:header_format] % token}
+      end
+
+    private
+
+      def configure_authentication!(opts)
+        case options[:mode]
+        when :header
+          opts[:headers] ||= {}
+          opts[:headers].merge!(headers)
+        when :query
+          opts[:params] ||= {}
+          opts[:params][options[:param_name]] = token
+        when :body
+          opts[:body] ||= {}
+          if opts[:body].is_a?(Hash)
+            opts[:body][options[:param_name]] = token
+          else
+            opts[:body] += "&#{options[:param_name]}=#{token}"
+          end
+          # @todo support for multi-part (file uploads)
+        else
+          raise("invalid :mode option of #{options[:mode]}")
+        end
+      end
+
+      def convert_expires_at(expires_at)
+        Time.iso8601(expires_at.to_s).to_i
+      rescue ArgumentError
+        expires_at.to_i
+      end
+    end
+  end
+end

data/lib/omniauth-withings-oauth2/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module WithingsOauth2
-    VERSION = '1.0.0'
+    VERSION = '1.1.0'
   end
 end

data/lib/omniauth-withings-oauth2.rb

@@ -1,2 +1,3 @@
 require "omniauth-withings-oauth2/version"
+require "omniauth/withings_oauth2/access_token"
 require "omniauth/strategies/withings"

data/omniauth-withings-oauth2.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
 
-  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.2'
+  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8'
 
   gem.add_development_dependency 'bundler', '>= 1.16', '< 3.0'
   gem.add_development_dependency 'rake', '~> 12.3'

data/spec/omniauth/strategies/withings_spec.rb

@@ -18,7 +18,7 @@ describe OmniAuth::Strategies::Withings do
     end
 
     it 'has correct `token_url`' do
-      expect(subject.client.options[:token_url]).to eq('https://account.withings.com/oauth2/token')
+      expect(subject.client.options[:token_url]).to eq('https://wbsapi.withings.net/v2/oauth2')
     end
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-withings-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Eric Shelley
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-04-04 00:00:00.000000000 Z
+date: 2024-02-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -105,6 +105,7 @@ files:
 - lib/omniauth-withings-oauth2.rb
 - lib/omniauth-withings-oauth2/version.rb
 - lib/omniauth/strategies/withings.rb
+- lib/omniauth/withings_oauth2/access_token.rb
 - omniauth-withings-oauth2.gemspec
 - spec/omniauth/strategies/withings_spec.rb
 - spec/spec_helper.rb
@@ -112,7 +113,7 @@ homepage: https://github.com/bartimaeus/omniauth-withings-oauth2
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -127,9 +128,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2.3
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Withings OAuth2 strategy for OmniAuth.
 test_files: