omniauth 1.2.2 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0ccca6a859c1cf14b111691d6447c4fda9e6a392
-  data.tar.gz: 9b5e43d88cdc536a6e2e31111ea81f547d18abe9
+SHA256:
+  metadata.gz: df50309ac3b4098a460e7a52f233798a3246cffdfeb2c6f6f60d373b8af8af2c
+  data.tar.gz: bf5c53ceadb04c431b88aa17dfe6a11b46475b38bc9d4fa74865e1eb21d27772
 SHA512:
-  metadata.gz: cae2202a6cfd9bbd4f0f5bc5b68d613e4890458ac14cdd6e919e1e53db3cb5835b17c3b0d426a4cce305b4508943534e7ebde9b2638fa1864cf3e929b3393603
-  data.tar.gz: 4ea31502c6e79c25aa73e39340becc0302d4001fad09b0921ad08f211e6467a9b2a9982be5cadf63975b6f0e8af85291500492de52913af240d38da9a6de7e99
+  metadata.gz: dfd0bb2add456a51a393e672cba45d310f6ab7d2b5aa37c058a7242b8b0dc9b644877596c0a47c9e1c462d1e593516d1474379f103cae0988cced76c37260d4a
+  data.tar.gz: 6a0c4302b25339ca10e304ef1fb968e5dd36cb5e6d686499c1b9d5185f9165fef864f54603f385076bf81160980ca532285a00ebdf23de82f3a1bacf95655856

data/.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: bobbymcwho
+tidelift: rubygems/omniauth

data/.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,20 @@
+Please complete all sections.
+
+### Configuration
+
+- Provider Gem: `omniauth-*`
+- Ruby Version: ``
+- Framework: ``
+- Platform: ``
+
+### Expected Behavior
+
+Tell us what should happen.
+
+### Actual Behavior
+
+Tell us what happens instead.
+
+### Steps to Reproduce
+
+Please list all steps to reproduce the issue.

data/.github/workflows/main.yml

@@ -0,0 +1,89 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+    runs-on: ubuntu-18.04
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu, macos]
+        ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug, truffleruby, truffleruby-head]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake
+  test-jruby:
+    runs-on: ubuntu-18.04
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu, macos]
+        jruby: [jruby] # TODO: Add back jruby-head once we figure out why there's a bundler mismatch
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.jruby }}
+        bundler-cache: true
+    - name: Install dependencies
+      env:
+        JRUBY_OPTS: --debug
+      run: bundle install
+    - name: Run tests
+      env:
+        JRUBY_OPTS: --debug
+      run: bundle exec rake
+  frozen-string-compat:
+    runs-on: ubuntu-18.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+        bundler-cache: true
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      env:
+        RUBYOPT: "--enable-frozen-string-literal"
+      run: bundle exec rake
+  coveralls:
+    runs-on: ubuntu-18.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+        bundler-cache: true
+    - name: Install dependencies
+      run: bundle install
+    - name: Run tests
+      run: bundle exec rake
+    - name: Coveralls GitHub Action
+      uses: coverallsapp/github-action@v1.1.2
+      with:
+        github-token: ${{ secrets.github_token }}
+        path-to-lcov: './coverage/lcov/omniauth.lcov'

data/.gitignore

@@ -4,8 +4,11 @@
 .rvmrc
 .yardoc
 Gemfile.lock
+Gemfile.*.lock
 coverage/*
 doc/*
 log/*
 measurement/*
 pkg/*
+.DS_Store
+.tool-versions

data/.rubocop.yml

@@ -1,81 +1,69 @@
 AllCops:
-  Include:
-    - 'Gemfile'
-    - 'Rakefile'
-    - 'omniauth.gemspec'
+  TargetRubyVersion: 2.2
 
-# Avoid long parameter lists
-ParameterLists:
-  Max: 4
-  CountKeywordArgs: true
+Layout/AccessModifierIndentation:
+  EnforcedStyle: outdent
 
-MethodLength:
-  CountComments: false
-  Max: 15
+Layout/AlignHash:
+  Enabled: false
 
-# Avoid more than `Max` levels of nesting.
-BlockNesting:
-  Max: 2
+Layout/DotPosition:
+  EnforcedStyle: trailing
 
-# Align with the style guide.
-CollectionMethods:
-  PreferredMethods:
-    map:      'collect'
-    reduce:   'inject'
-    find:     'detect'
-    find_all: 'select'
+Layout/SpaceInsideHashLiteralBraces:
+  EnforcedStyle: no_space
 
-# Limit line length
-LineLength:
+Lint/HandleExceptions:
   Enabled: false
 
-# Disable documentation checking until a class needs to be documented once
-Documentation:
+Metrics/BlockLength:
   Enabled: false
 
-# Enforce Ruby 1.8-compatible hash syntax
-HashSyntax:
-  EnforcedStyle: hash_rockets
-
-# No spaces inside hash literals
-SpaceInsideHashLiteralBraces:
-  EnforcedStyle: no_space
+Metrics/BlockNesting:
+  Max: 2
 
-# Allow dots at the end of lines
-DotPosition:
+Metrics/LineLength:
+  AllowURI: true
   Enabled: false
 
-# Don't require magic comment at the top of every file
-Encoding:
-  Enabled: false
+Metrics/MethodLength:
+  CountComments: false
+  Max: 15
 
-# Enforce outdenting of access modifiers (i.e. public, private, protected)
-AccessModifierIndentation:
-  EnforcedStyle: outdent
+Metrics/ParameterLists:
+  Max: 4
+  CountKeywordArgs: true
 
-EmptyLinesAroundAccessModifier:
-  Enabled: true
+Metrics/AbcSize:
+  Enabled: false
 
-# Align ends correctly
-EndAlignment:
-  AlignWith: variable
+Style/CollectionMethods:
+  PreferredMethods:
+    map:      'collect'
+    reduce:   'inject'
+    find:     'detect'
+    find_all: 'select'
 
-# Indentation of when/else
-CaseIndentation:
-  IndentWhenRelativeTo: end
-  IndentOneStep: false
+Style/Documentation:
+  Enabled: false
 
-Lambda:
+Style/DoubleNegation:
   Enabled: false
 
-HandleExceptions:
+Style/EachWithObject:
   Enabled: false
 
-RaiseArgs:
-  EnforcedStyle: compact
+Style/Encoding:
+  Enabled: false
 
-TrailingComma:
+Style/ExpandPathArguments:
   Enabled: false
 
-EachWithObject:
+Style/HashSyntax:
+  EnforcedStyle: hash_rockets
+
+Style/Lambda:
   Enabled: false
+
+Style/RaiseArgs:
+  EnforcedStyle: compact

data/Gemfile

@@ -1,33 +1,28 @@
 source 'https://rubygems.org'
 
-gem 'jruby-openssl', :platforms => :jruby
-gem 'rake'
-gem 'yard'
+gem 'jruby-openssl', '~> 0.10.5', platforms: :jruby
+gem 'rake', '>= 12.0'
+gem 'yard', '>= 0.9.11'
 
 group :development do
-  gem 'growl'
-  platforms :ruby_19, :ruby_20 do
-    gem 'guard'
-    gem 'guard-bundler'
-    gem 'guard-rspec'
-  end
+  gem 'benchmark-ips'
   gem 'kramdown'
-  gem 'plymouth', :platforms => [:ruby_19, :ruby_20, :ruby_21]
+  gem 'memory_profiler'
   gem 'pry'
-  gem 'pry-debugger', :platforms => [:mri_19, :mri_20]
-  gem 'pry-byebug', :platforms => [:mri_21]
-  gem 'rb-fsevent'
 end
 
 group :test do
-  gem 'coveralls', :require => false
-  gem 'json', '>= 1.8.1', :platforms => [:jruby, :ruby_18, :ruby_19]
-  gem 'mime-types', '~> 1.25', :platforms => [:jruby, :ruby_18]
+  gem 'coveralls_reborn', '~> 0.19.0', require: false
+  gem 'hashie', '>= 3.4.6', '~> 4.0.0', platforms: [:jruby_18]
+  gem 'json', '~> 2.3.0', platforms: %i[jruby_18 jruby_19 ruby_19]
+  gem 'mime-types', '~> 3.1', platforms: [:jruby_18]
   gem 'rack-test'
-  gem 'rest-client', '~> 1.6.0', :platforms => [:jruby, :ruby_18]
-  gem 'rspec', '~> 3.0'
-  gem 'rubocop', '>= 0.23', :platforms => [:ruby_19, :ruby_20, :ruby_21]
-  gem 'simplecov', :require => false
+  gem 'rest-client', '~> 2.0.0', platforms: [:jruby_18]
+  gem 'rspec', '~> 3.5'
+  gem 'rack-freeze'
+  gem 'rubocop', '>= 0.58.2', '< 0.69.0', platforms: %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
+  gem 'simplecov-lcov'
+  gem 'tins', '~> 1.13', platforms: %i[jruby_18 jruby_19 ruby_19]
 end
 
 gemspec

data/LICENSE.md

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2013 Michael Bleigh and Intridea, Inc.
+Copyright (c) 2010-2017 Michael Bleigh and Intridea, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -1,22 +1,16 @@
 # OmniAuth: Standardized Multi-Provider Authentication
 
 [![Gem Version](http://img.shields.io/gem/v/omniauth.svg)][gem]
-[![Build Status](http://img.shields.io/travis/intridea/omniauth.svg)][travis]
-[![Dependency Status](http://img.shields.io/gemnasium/intridea/omniauth.svg)][gemnasium]
-[![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth.svg)][codeclimate]
-[![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth.svg)][coveralls]
-[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/intridea/omniauth/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
+[![Build Status](http://img.shields.io/travis/omniauth/omniauth.svg)][travis]
+[![Code Climate](https://api.codeclimate.com/v1/badges/ffd33970723587806744/maintainability)][codeclimate]
+[![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth.svg)][coveralls]
 
 [gem]: https://rubygems.org/gems/omniauth
-[travis]: http://travis-ci.org/intridea/omniauth
-[gemnasium]: https://gemnasium.com/intridea/omniauth
-[codeclimate]: https://codeclimate.com/github/intridea/omniauth
-[coveralls]: https://coveralls.io/r/intridea/omniauth
+[travis]: http://travis-ci.org/omniauth/omniauth
+[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
+[coveralls]: https://coveralls.io/r/omniauth/omniauth
 
-**OmniAuth 1.0 has several breaking changes from version 0.x. You can set
-the dependency to `~> 0.3.2` if you do not wish to make the more difficult
-upgrade. See [the wiki](https://github.com/intridea/omniauth/wiki/Upgrading-to-1.0)
-for more information.**
+This is the documentation for our latest release [v2.1.0](https://github.com/omniauth/omniauth/releases/tag/v2.1.0). 
 
 ## An Introduction
 OmniAuth is a library that standardizes multi-provider authentication for
@@ -27,7 +21,7 @@ have been created for everything from Facebook to LDAP.
 
 In order to use OmniAuth in your applications, you will need to leverage
 one or more strategies. These strategies are generally released
-individually as RubyGems, and you can see a [community maintained list](https://github.com/intridea/omniauth/wiki/List-of-Strategies)
+individually as RubyGems, and you can see a [community maintained list](https://github.com/omniauth/omniauth/wiki/List-of-Strategies)
 on the wiki for this project.
 
 One strategy, called `Developer`, is included with OmniAuth and provides
@@ -39,8 +33,8 @@ development and easily swap in other strategies later.
 ## Getting Started
 Each OmniAuth strategy is a Rack Middleware. That means that you can use
 it the same way that you use any other Rack middleware. For example, to
-use the built-in Developer strategy in a Sinatra application I might do
-this:
+use the built-in Developer strategy in a Sinatra application you might
+do this:
 
 ```ruby
 require 'sinatra'
@@ -52,7 +46,7 @@ class MyApplication < Sinatra::Base
 end
 ```
 
-Because OmniAuth is built for *multi-provider* authentication, I may
+Because OmniAuth is built for *multi-provider* authentication, you may
 want to leave room to run multiple strategies. For this, the built-in
 `OmniAuth::Builder` class gives you an easy way to specify multiple
 strategies. Note that there is **no difference** between the following
@@ -89,43 +83,109 @@ environment of a request to `/auth/:provider/callback`. This hash
 contains as much information about the user as OmniAuth was able to
 glean from the utilized strategy. You should set up an endpoint in your
 application that matches to the callback URL and then performs whatever
-steps are necessary for your application. For example, in a Rails app I
-would add a line in my `routes.rb` file like this:
+steps are necessary for your application. 
 
+The `omniauth.auth` key in the environment hash provides an
+Authentication Hash which will contain information about the just
+authenticated user including a unique id, the strategy they just used
+for authentication, and personal details such as name and email address
+as available. For an in-depth description of what the authentication
+hash might contain, see the [Auth Hash Schema wiki page](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema).
+
+Note that OmniAuth does not perform any actions beyond setting some
+environment information on the callback request. It is entirely up to
+you how you want to implement the particulars of your application's
+authentication flow.
+
+
+## Rails (without Devise)
+To get started, add the following gems
+
+**Gemfile**:
 ```ruby
-get '/auth/:provider/callback', to: 'sessions#create'
+gem 'omniauth'
+gem "omniauth-rails_csrf_protection"
 ```
 
-And I might then have a `SessionsController` with code that looks
-something like this:
+Then insert OmniAuth as a middleware
 
+**config/initializers/omniauth.rb**:
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :developer if Rails.env.development?
+end
+```
+
+Additional providers can be added here in the future. Next we wire it
+all up using routes, a controller and a login view.
+
+**config/routes.rb**:
+
+```ruby
+  get 'auth/:provider/callback', to: 'sessions#create'
+  get '/login', to: 'sessions#new'
+```
+
+**app/controllers/sessions_controller.rb**:
 ```ruby
 class SessionsController < ApplicationController
-  def create
-    @user = User.find_or_create_from_auth_hash(auth_hash)
-    self.current_user = @user
-    redirect_to '/'
+  def new
+    render :new
   end
 
-  protected
-
-  def auth_hash
-    request.env['omniauth.auth']
+  def create
+    user_info = request.env['omniauth.auth']
+    raise user_info # Your own session management should be placed here.
   end
 end
 ```
 
-The `omniauth.auth` key in the environment hash gives me my
-Authentication Hash which will contain information about the just
-authenticated user including a unique id, the strategy they just used
-for authentication, and personal details such as name and email address
-as available. For an in-depth description of what the authentication
-hash might contain, see the [Auth Hash Schema wiki page](https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema).
+**app/views/sessions/new.html.erb**:
+```erb
+<%= form_tag('/auth/developer', method: 'post', data: {turbo: false}) do %>
+  <button type='submit'>Login with Developer</button>
+<% end %>
+```
 
-Note that OmniAuth does not perform any actions beyond setting some
-environment information on the callback request. It is entirely up to
-you how you want to implement the particulars of your application's
-authentication flow.
+Now if you visit `/login` and click the Login button, you should see the
+OmniAuth developer login screen. After submitting it, you are returned to your
+application at `Sessions#create`. The raise should now display all the Omniauth
+details you have available to integrate it into your own user management.
+
+If you want out of the box usermanagement, you should consider using Omniauth
+through Devise. Please visit the [Devise Github page](https://github.com/heartcombo/devise#omniauth)
+for more information.
+
+
+## Rails API
+The following middleware are (by default) included for session management in
+Rails applications. When using OmniAuth with a Rails API, you'll need to add
+one of these required middleware back in:
+
+- `ActionDispatch::Session::CacheStore`
+- `ActionDispatch::Session::CookieStore`
+- `ActionDispatch::Session::MemCacheStore`
+
+The trick to adding these back in is that, by default, they are passed
+`session_options` when added (including the session key), so you can't just add
+a `session_store.rb` initializer, add `use ActionDispatch::Session::CookieStore`
+and have sessions functioning as normal.
+
+To be clear: sessions may work, but your session options will be ignored
+(i.e. the session key will default to `_session_id`).  Instead of the
+initializer, you'll have to set the relevant options somewhere
+before your middleware is built (like `application.rb`) and pass them to your
+preferred middleware, like this:
+
+**application.rb:**
+
+```ruby
+config.session_store :cookie_store, key: '_interslice_session'
+config.middleware.use ActionDispatch::Cookies # Required for all session management
+config.middleware.use ActionDispatch::Session::CookieStore, config.session_options
+```
+
+(Thanks @mltsy)
 
 ## Logging
 OmniAuth supports a configurable logger. By default, OmniAuth will log
@@ -136,14 +196,51 @@ to `STDOUT` but you can configure this using `OmniAuth.config.logger`:
 OmniAuth.config.logger = Rails.logger
 ```
 
+## Origin Param
+The `origin` url parameter is typically used to inform where a user came from
+and where, should you choose to use it, they'd want to return to.
+Omniauth supports the following settings which can be configured on a provider level:
+
+**Default**:
+```ruby
+provider :twitter, ENV['KEY'], ENV['SECRET']
+POST /auth/twitter/?origin=[URL]
+# If the `origin` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
+```
+
+**Using a differently named origin parameter**:
+```ruby
+provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
+POST /auth/twitter/?return_to=[URL]
+# If the `return_to` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
+```
+
+**Disabled**:
+```ruby
+provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
+POST /auth/twitter
+# This means the origin should be handled by your own application. 
+# Note that `omniauth.origin` will always be blank.
+```
+
 ## Resources
-The [OmniAuth Wiki](https://github.com/intridea/omniauth/wiki) has
+The [OmniAuth Wiki](https://github.com/omniauth/omniauth/wiki) has
 actively maintained in-depth documentation for OmniAuth. It should be
 your first stop if you are wondering about a more in-depth look at
 OmniAuth, how it works, and how to use it.
 
+## OmniAuth for Enterprise
+
+Available as part of the Tidelift Subscription.
+
+The maintainers of OmniAuth and thousands of other packages are working with
+Tidelift to deliver commercial support and maintenance for the open source
+packages you use to build your applications. Save time, reduce risk, and
+improve code health, while paying the maintainers of the exact packages you use.
+[Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
+
 ## Supported Ruby Versions
-OmniAuth is tested under 1.8.7, 1.9.2, 1.9.3, 2.0.0, 2.1.0, JRuby, and Rubinius.
+OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
 
 ## Versioning
 This library aims to adhere to [Semantic Versioning 2.0.0][semver]. Violations
@@ -158,10 +255,10 @@ Constraint][pvc] with two digits of precision. For example:
     spec.add_dependency 'omniauth', '~> 1.0'
 
 [semver]: http://semver.org/
-[pvc]: http://docs.rubygems.org/read/chapter/16#page74
+[pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
 
 ## License
-Copyright (c) 2010-2013 Michael Bleigh and Intridea, Inc. See [LICENSE][] for
+Copyright (c) 2010-2017 Michael Bleigh and Intridea, Inc. See [LICENSE][] for
 details.
 
 [license]: LICENSE.md

data/Rakefile

@@ -10,8 +10,44 @@ begin
   RuboCop::RakeTask.new
 rescue LoadError
   task :rubocop do
-    $stderr.puts 'RuboCop is disabled'
+    warn 'RuboCop is disabled'
   end
 end
 
-task :default => [:spec, :rubocop]
+task :default => %i[spec rubocop]
+
+namespace :perf do
+  task :setup do
+    require 'omniauth'
+    require 'rack/test'
+    app = Rack::Builder.new do |b|
+      b.use Rack::Session::Cookie, :secret => 'abc123'
+      b.use OmniAuth::Strategies::Developer
+      b.run lambda { |_env| [200, {}, ['Not Found']] }
+    end.to_app
+    @app = Rack::MockRequest.new(app)
+
+    def call_app(path = ENV['GET_PATH'] || '/')
+      result = @app.get(path)
+      raise "Did not succeed #{result.body}" unless result.status == 200
+
+      result
+    end
+  end
+
+  task :ips => :setup do
+    require 'benchmark/ips'
+    Benchmark.ips do |x|
+      x.report('ips') { call_app }
+    end
+  end
+
+  task :mem => :setup do
+    require 'memory_profiler'
+    num = Integer(ENV['CNT'] || 1)
+    report = MemoryProfiler.report do
+      num.times { call_app }
+    end
+    report.pretty_print
+  end
+end

data/SECURITY.md

@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version  | Supported          |
+| -------  | ------------------ |
+| 2.0.x    | :white_check_mark: |
+| <= 1.9.1 | :x:                |
+
+## Security contact information
+
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.