omniauth 0.3.2 → 1.0.0.beta1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of omniauth might be problematic. Click here for more details.

data/Gemfile ADDED
@@ -0,0 +1,11 @@
1
+ source 'http://rubygems.org'
2
+
3
+ gemspec
4
+
5
+ group :development do
6
+ gem 'guard'
7
+ gem 'guard-rspec'
8
+ gem 'guard-bundler'
9
+ gem 'growl'
10
+ gem 'rb-fsevent'
11
+ end
data/Guardfile ADDED
@@ -0,0 +1,10 @@
1
+ guard 'rspec', :version => 2 do
2
+ watch(%r{^spec/.+_spec\.rb$})
3
+ watch(%r{^lib/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
4
+ watch('spec/spec_helper.rb') { "spec/" }
5
+ end
6
+
7
+ guard 'bundler' do
8
+ watch('Gemfile')
9
+ watch(/^.+\.gemspec/)
10
+ end
@@ -1,4 +1,4 @@
1
- Copyright (c) 2010-2011 Michael Bleigh, Erik Michaels-Ober, and Intridea, Inc.
1
+ Copyright (c) 2010-2011 Michael Bleigh and Intridea, Inc.
2
2
 
3
3
  Permission is hereby granted, free of charge, to any person obtaining a copy
4
4
  of this software and associated documentation files (the "Software"), to deal
data/README.md CHANGED
@@ -1,155 +1,139 @@
1
1
  # OmniAuth: Standardized Multi-Provider Authentication
2
- OmniAuth is a new Rack-based authentication system for multi-provider external
3
- authentcation. OmniAuth is built from the ground up on the philosophy that
4
- **authentication is not the same as identity**, and is based on two
5
- observations:
6
-
7
- 1. The traditional 'sign up using a login and password' model is becoming the
8
- exception, not the rule. Modern web applications offer external
9
- authentication via OpenID, Facebook, and/or OAuth.
10
- 2. The interconnectable web is no longer a dream, it is a necessity. It is not
11
- unreasonable to expect that one application may need to be able to connect
12
- to one, three, or twelve other services. Modern authentication systems
13
- should allow a user's identity to be associated with many authentications.
14
-
15
- ## <a name="installation">Installation</a>
16
- To install OmniAuth, simply install the gem:
17
-
18
- gem install omniauth
19
-
20
- ## <a name="ci">Continuous Integration</a>
21
- [![Build Status](https://travis-ci.org/intridea/omniauth.png)](http://travis-ci.org/intridea/omniauth)
22
-
23
- ## <a name="providers">Providers</a>
24
- OmniAuth currently supports the following external providers:
25
-
26
- * via OAuth (OAuth 1.0, OAuth 2, and xAuth)
27
- * 37signals ID (credit: [mbleigh](https://github.com/mbleigh))
28
- * AngelList (credit: [joshuaxls](https://github.com/joshuaxls))
29
- * Bit.ly (credit: [philnash](https://github.com/philnash))
30
- * Blogger (credit: [dsueiro-backing](https://github.com/dsueiro-backing))
31
- * Cobot (credit: [kamal](https://github.com/kamal))
32
- * DailyMile (credit: [cdmwebs](https://github.com/cdmwebs))
33
- * Doit.im (credit: [chouti](https://github.com/chouti))
34
- * Dopplr (credit: [flextrip](https://github.com/flextrip))
35
- * Douban (credit: [quake](https://github.com/quake))
36
- * Evernote (credit: [szimek](https://github.com/szimek))
37
- * Facebook (credit: [mbleigh](https://github.com/mbleigh))
38
- * Foursquare (credit: [mbleigh](https://github.com/mbleigh))
39
- * GitHub (credit: [mbleigh](https://github.com/mbleigh))
40
- * Glitch (credit: [harrylove](https://github.com/harrylove))
41
- * GoodReads (credit: [cristoffer](https://github.com/christoffer))
42
- * Google Health (credit: [jaigouk](https://github.com/jaigouk))
43
- * Gowalla (credit: [kvnsmth](https://github.com/kvnsmth))
44
- * Hyves (credit: [mrdg](https://github.com/mrdg))
45
- * Identi.ca (credit: [dcu](https://github.com/dcu))
46
- * Flattr (credit: [dcu](https://github.com/dcu))
47
- * Instagram (credit: [kiyoshi](https://github.com/kiyoshi))
48
- * Instapaper (credit: [micpringle](https://github.com/micpringle))
49
- * LastFM (credit: [tictoc](https://github.com/tictoc))
50
- * LinkedIn (credit: [mbleigh](https://github.com/mbleigh))
51
- * Mailchimp (via [srbiv](http://github.com/srbiv))
52
- * Mailru (credit: [lexer](https://github.com/lexer))
53
- * Meetup (credit [coderoshi](https://github.com/coderoshi))
54
- * Miso (credit: [rickenharp](https://github.com/rickenharp))
55
- * Mixi (credit: [kiyoshi](https://github.com/kiyoshi))
56
- * Netflix (credit: [caged](https://github.com/caged))
57
- * Orkut (credit: [andersonleite](https://github.com/andersonleite))
58
- * Plurk (credit: [albb0920](http://github.com/albb0920))
59
- * Qzone (credit: [quake](https://github.com/quake))
60
- * Rdio (via [brandonweiss](https://github.com/brandonweiss))
61
- * Renren (credit: [quake](https://github.com/quake))
62
- * Salesforce (via [CloudSpokes](http://www.cloudspokes.com))
63
- * SmugMug (credit: [pchilton](https://github.com/pchilton))
64
- * SoundCloud (credit: [leemartin](https://github.com/leemartin))
65
- * T163 (credit: [quake](https://github.com/quake))
66
- * Taobao (credit: [l4u](https://github.com/l4u))
67
- * TeamBox (credit [jrom](https://github.com/jrom))
68
- * Tqq (credit: [quake](https://github.com/quake))
69
- * TradeMe (credit: [pchilton](https://github.com/pchilton))
70
- * TripIt (credit: [flextrip](https://github.com/flextrip))
71
- * Tsina (credit: [quake](https://github.com/quake))
72
- * Tsohu (credit: [quake](https://github.com/quake))
73
- * Tumblr (credit: [jamiew](https://github.com/jamiew))
74
- * Twitter (credit: [mbleigh](https://github.com/mbleigh))
75
- * Viadeo (credit: [guillaug](https://github.com/guillaug))
76
- * Vimeo (credit: [jamiew](https://github.com/jamiew))
77
- * Vkontakte (credit: [german](https://github.com/german))
78
- * WePay (credit: [ryanwood](https://github.com/ryanwood))
79
- * Yahoo (credit: [mpd](https://github.com/mpd))
80
- * Yammer (credit: [kltcalamay](https://github.com/kltcalamay))
81
- * YouTube (credit: [jamiew](https://github.com/jamiew))
82
- * CAS (Central Authentication Service) (credit: [jamesarosen](https://github.com/jamesarosen))
83
- * Flickr (credit: [pchilton](https://github.com/pchilton))
84
- * Google Apps (via OpenID) (credit: [mbleigh](https://github.com/mbleigh))
85
- * Google OpenID+OAuth (via Hybrid Protocol) (credit: [boyvanamstel](https://github.com/boyvanamstel))
86
- * LDAP (credit: [pyu10055](https://github.com/pyu10055))
87
- * OpenID (credit: [mbleigh](https://github.com/mbleigh))
88
- * Yupoo (credit: [chouti](https://github.com/chouti))
89
-
90
- ## <a name="usage">Usage</a>
91
- OmniAuth is a collection of Rack middleware. To use a single strategy, you simply need to add the middleware:
92
-
93
- require 'oa-oauth'
94
- use OmniAuth::Strategies::Twitter, 'CONSUMER_KEY', 'CONSUMER_SECRET'
95
-
96
- Now to initiate authentication you merely need to redirect the user to `/auth/twitter` via a link or other means. Once the user has authenticated to Twitter, they will be redirected to `/auth/twitter/callback`. You should build an endpoint that handles this URL, at which point you will have access to the authentication information through the `omniauth.auth` parameter of the Rack environment. For example, in Sinatra you would do something like this:
97
-
98
- get '/auth/twitter/callback' do
99
- auth_hash = request.env['omniauth.auth']
2
+
3
+ **NOTICE:** This documentation and code is for OmniAuth 1.0 in which
4
+ each provider will become its own separate gem. If you're looking for
5
+ the current released version, please visit [OmniAuth 0.3 Stable
6
+ Branch](https://github.com/intridea/omniauth/tree/0-3-stable).
7
+
8
+ ## An Introduction
9
+
10
+ OmniAuth is a libary that standardizes multi-provider authentication for
11
+ web applications. It was created to be powerful, flexible, and do as
12
+ little as possible. Any developer can create **strategies** for OmniAuth
13
+ that can authenticate users via disparate systems. OmniAuth strategies
14
+ have been created for everything from Facebook to LDAP.
15
+
16
+ In order to use OmniAuth in your applications, you will need to leverage
17
+ one or more strategies. These strategies are generally released
18
+ individually as RubyGems, and you can see a [community maintained list](https://github.com/intridea/omniauth/wiki/List-of-Strategies)
19
+ on the wiki for this project.
20
+
21
+ One strategy, called `Developer`, is included with OmniAuth and provides
22
+ a completely unsecure, non-production-usable strategy that directly
23
+ prompts a user for authentication information and then passes it
24
+ straight through. You can use it as a placeholder when you start
25
+ development and easily swap in other strategies later.
26
+
27
+ ## Getting Started
28
+
29
+ Each OmniAuth strategy is a Rack Middleware. That means that you can use
30
+ it the same way that you use any other Rack middleware. For example, to
31
+ use the built-in Developer strategy in a Sinatra application I might do
32
+ this:
33
+
34
+ require 'sinatra'
35
+ require 'omniauth'
36
+
37
+ class MyApplication < Sinatra::Base
38
+ use Rack::Session
39
+ use OmniAuth::Strategies::Developer
40
+ end
41
+
42
+ Because OmniAuth is built for *multi-provider* authentication, I may
43
+ want to leave room to run multiple strategies. For this, the built-in
44
+ `OmniAuth::Builder` class gives you an easy way to specify multiple
45
+ strategies. Note that there is **no difference** between the following
46
+ code and using each strategy individually as middleware. This is an
47
+ example that you might put into a Rails initializer at
48
+ `config/initializers/omniauth.rb`:
49
+
50
+ Rails.application.config.middleware.use OmniAuth::Builder do
51
+ provider :developer unless Rails.env.production?
52
+ provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET']
53
+ end
54
+
55
+ You should look to the documentation for each provider you use for
56
+ specific initialization requirements.
57
+
58
+ ## Integrating OmniAuth Into Your Application
59
+
60
+ OmniAuth is an extremely low-touch library. It is designed to be a
61
+ black box that you can send your application's users into when you need
62
+ authentication and then get information back. OmniAuth was intentionally
63
+ built not to automatically associate with a User model or make
64
+ assumptions about how many authentication methods you might want to use
65
+ or what you might want to do with the data once a user has
66
+ authenticated. This makes OmniAuth incredibly flexible. To use OmniAuth,
67
+ you need only to redirect users to `/auth/:provider`, where `:provider`
68
+ is the name of the strategy (for example, `developer` or `twitter`).
69
+ From there, OmniAuth will take over and take the user through the
70
+ necessary steps to authenticate them with the chosen strategy.
71
+
72
+ Once the user has authenticated, what do you do next? OmniAuth simply
73
+ sets a special hash called the Authentication Hash on the Rack
74
+ environment of a request to `/auth/:provider/callback`. This hash
75
+ contains as much information about the user as OmniAuth was able to
76
+ glean from the utilized strategy. You should set up an endpoint in your
77
+ application that matches to the callback URL and then performs whatever
78
+ steps are necessary for your application. For example, in a Rails app I
79
+ would add a line in my `routes.rb` file like this:
80
+
81
+ match '/auth/:provider/callback', to: 'sessions#create'
82
+
83
+ And I might then have a `SessionsController` with code that looks
84
+ something like this:
85
+
86
+ class SessionsController < ApplicationController
87
+ def create
88
+ @user = User.find_or_create_from_auth_hash(auth_hash)
89
+ self.current_user = @user
90
+ redirect_to '/'
91
+ end
92
+
93
+ protected
94
+
95
+ def auth_hash
96
+ request.env['omniauth.auth']
97
+ end
100
98
  end
101
99
 
102
- The hash in question will look something like this:
103
-
104
- {
105
- 'uid' => '12356',
106
- 'provider' => 'twitter',
107
- 'user_info' => {
108
- 'name' => 'User Name',
109
- 'nickname' => 'username',
110
- # ...
111
- }
112
- }
113
-
114
- The `user_info` hash will automatically be populated with as much information about the user as OmniAuth was able to pull from the given API or authentication provider.
115
-
116
- ## <a name="resources">Resources</a>
117
- The best place to find more information is the [OmniAuth Wiki](https://github.com/intridea/omniauth/wiki). Some specific information you might be interested in:
118
-
119
- * [CI Build Status](http://travis-ci.org/intridea/omniauth)
120
- * [Roadmap](https://github.com/intridea/omniauth/wiki/Roadmap)
121
- * [Changelog](https://github.com/intridea/omniauth/wiki/Changelog)
122
- * [Report Issues](https://github.com/intridea/omniauth/issues)
123
- * [Mailing List](http://groups.google.com/group/omniauth)
124
-
125
- ## <a name="core">Core Team</a>
126
- * **Michael Bleigh** ([mbleigh](https://github.com/mbleigh))
127
- * **Erik Michaels-Ober** ([sferik](https://github.com/sferik))
128
-
129
- ## <a name="rubies">Supported Rubies</a>
130
- This library aims to support and is [tested
131
- against](http://travis-ci.org/intridea/omniauth) the following Ruby
132
- implementations:
133
-
134
- * Ruby 1.8.7
135
- * Ruby 1.9.2
136
- * [JRuby](http://www.jruby.org/)
137
- * [Rubinius](http://rubini.us/)
138
- * [Ruby Enterprise Edition](http://www.rubyenterpriseedition.com/)
139
-
140
- If something doesn't work on one of these interpreters, it should be considered
141
- a bug.
142
-
143
- This library may inadvertently work (or seem to work) on other Ruby
144
- implementations, however support will only be provided for the versions listed
145
- above.
146
-
147
- If you would like this library to support another Ruby version, you may
148
- volunteer to be a maintainer. Being a maintainer entails making sure all tests
149
- run and pass on that implementation. When something breaks on your
150
- implementation, you will be personally responsible for providing patches in a
151
- timely fashion. If critical issues for a particular implementation exist at the
152
- time of a major release, support for that Ruby version may be dropped.
153
-
154
- ## <a name="license">License</a>
155
- OmniAuth is released under the MIT License.
100
+ The `omniauth.auth` key in the environment hash gives me my
101
+ Authentication Hash which will contain information about the just
102
+ authenticated user including a unique id, the strategy they just used
103
+ for authentication, and personal details such as name and email address
104
+ as available. For an in-depth description of what the authentication
105
+ hash might contain, see the [Auth Hash Schema wiki page](https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema).
106
+
107
+ Note that OmniAuth does not perform any actions beyond setting some
108
+ environment information on the callback request. It is entirely up to
109
+ you how you want to implement the particulars of your application's
110
+ authentication flow.
111
+
112
+ ## Resources
113
+
114
+ The [OmniAuth Wiki](https://github.com/intridea/omniauth/wiki) has
115
+ actively maintained in-depth documentation for OmniAuth. It should be
116
+ your first stop if you are wondering about a more in-depth look at
117
+ OmniAuth, how it works, and how to use it.
118
+
119
+ ## License
120
+
121
+ Copyright (c) 2011 Intridea, Inc.
122
+
123
+ Permission is hereby granted, free of charge, to any person obtaining a
124
+ copy of this software and associated documentation files (the "Software"),
125
+ to deal in the Software without restriction, including without limitation
126
+ the rights to use, copy, modify, merge, publish, distribute, sublicense,
127
+ and/or sell copies of the Software, and to permit persons to whom the
128
+ Software is furnished to do so, subject to the following conditions:
129
+
130
+ The above copyright notice and this permission notice shall be included
131
+ in all copies or substantial portions of the Software.
132
+
133
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
134
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
135
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
136
+ THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
137
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
138
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
139
+ DEALINGS IN THE SOFTWARE.
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require 'bundler'
2
+ Bundler::GemHelper.install_tasks
3
+ require 'rspec/core/rake_task'
4
+ RSpec::Core::RakeTask.new(:spec)
5
+ task :default => :spec
6
+ task :test => :spec
data/lib/omniauth.rb CHANGED
@@ -1,6 +1,137 @@
1
- require 'omniauth/core'
2
- require 'omniauth/basic'
3
- require 'omniauth/oauth'
4
- require 'omniauth/openid'
5
- require 'omniauth/enterprise'
6
- require 'omniauth/more'
1
+ require 'rack'
2
+ require 'singleton'
3
+
4
+ module OmniAuth
5
+ module Strategies
6
+ autoload :Developer, 'omniauth/strategies/developer'
7
+ end
8
+
9
+ autoload :Builder, 'omniauth/builder'
10
+ autoload :Strategy, 'omniauth/strategy'
11
+ autoload :Test, 'omniauth/test'
12
+ autoload :Form, 'omniauth/form'
13
+ autoload :AuthHash, 'omniauth/auth_hash'
14
+
15
+ def self.strategies
16
+ @@strategies ||= []
17
+ end
18
+
19
+ class Configuration
20
+ include Singleton
21
+
22
+ @@defaults = {
23
+ :camelizations => {},
24
+ :path_prefix => '/auth',
25
+ :on_failure => Proc.new do |env|
26
+ message_key = env['omniauth.error.type']
27
+ new_path = "#{OmniAuth.config.path_prefix}/failure?message=#{message_key}"
28
+ [302, {'Location' => new_path, 'Content-Type'=> 'text/html'}, []]
29
+ end,
30
+ :form_css => Form::DEFAULT_CSS,
31
+ :test_mode => false,
32
+ :allowed_request_methods => [:get, :post],
33
+ :mock_auth => {
34
+ :default => {
35
+ 'provider' => 'default',
36
+ 'uid' => '1234',
37
+ 'name' => 'Bob Example'
38
+ }
39
+ }
40
+ }
41
+
42
+ def self.defaults
43
+ @@defaults
44
+ end
45
+
46
+ def initialize
47
+ @@defaults.each_pair{|k,v| self.send("#{k}=",v)}
48
+ end
49
+
50
+ def on_failure(&block)
51
+ if block_given?
52
+ @on_failure = block
53
+ else
54
+ @on_failure
55
+ end
56
+ end
57
+
58
+ def add_mock(provider, mock={})
59
+ # Stringify keys recursively one level.
60
+ mock.keys.each do |key|
61
+ mock[key.to_s] = mock.delete(key)
62
+ end
63
+ mock.each_pair do |key, val|
64
+ if val.is_a? Hash
65
+ val.keys.each do |subkey|
66
+ val[subkey.to_s] = val.delete(subkey)
67
+ end
68
+ end
69
+ end
70
+
71
+ # Merge with the default mock and ensure provider is correct.
72
+ mock = self.mock_auth[:default].dup.merge(mock)
73
+ mock["provider"] = provider.to_s
74
+
75
+ # Add it to the mocks.
76
+ self.mock_auth[provider.to_sym] = mock
77
+ end
78
+
79
+ # This is a convenience method to be used by strategy authors
80
+ # so that they can add special cases to the camelization utility
81
+ # method that allows OmniAuth::Builder to work.
82
+ #
83
+ # @param name [String] The underscored name, e.g. `oauth`
84
+ # @param camelized [String] The properly camelized name, e.g. 'OAuth'
85
+ def add_camelization(name, camelized)
86
+ self.camelizations[name.to_s] = camelized.to_s
87
+ end
88
+
89
+ attr_writer :on_failure
90
+ attr_accessor :path_prefix, :allowed_request_methods, :form_css, :test_mode, :mock_auth, :full_host, :camelizations
91
+ end
92
+
93
+ def self.config
94
+ Configuration.instance
95
+ end
96
+
97
+ def self.configure
98
+ yield config
99
+ end
100
+
101
+ def self.mock_auth_for(provider)
102
+ config.mock_auth[provider.to_sym] || config.mock_auth[:default]
103
+ end
104
+
105
+ module Utils
106
+ module_function
107
+
108
+ def form_css
109
+ "<style type='text/css'>#{OmniAuth.config.form_css}</style>"
110
+ end
111
+
112
+ def deep_merge(hash, other_hash)
113
+ target = hash.dup
114
+
115
+ other_hash.keys.each do |key|
116
+ if other_hash[key].is_a? ::Hash and hash[key].is_a? ::Hash
117
+ target[key] = deep_merge(target[key],other_hash[key])
118
+ next
119
+ end
120
+
121
+ target[key] = other_hash[key]
122
+ end
123
+
124
+ target
125
+ end
126
+
127
+ def camelize(word, first_letter_in_uppercase = true)
128
+ return OmniAuth.config.camelizations[word.to_s] if OmniAuth.config.camelizations[word.to_s]
129
+
130
+ if first_letter_in_uppercase
131
+ word.to_s.gsub(/\/(.?)/) { "::" + $1.upcase }.gsub(/(^|_)(.)/) { $2.upcase }
132
+ else
133
+ word.first + camelize(word)[1..-1]
134
+ end
135
+ end
136
+ end
137
+ end