omniauth 1.2.2 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/FUNDING.yml +2 -0
- data/.github/ISSUE_TEMPLATE.md +20 -0
- data/.github/workflows/main.yml +89 -0
- data/.gitignore +3 -0
- data/.rubocop.yml +43 -55
- data/Gemfile +15 -20
- data/LICENSE.md +1 -1
- data/README.md +141 -44
- data/Rakefile +38 -2
- data/SECURITY.md +17 -0
- data/lib/omniauth/auth_hash.rb +7 -8
- data/lib/omniauth/authenticity_token_protection.rb +32 -0
- data/lib/omniauth/builder.rb +5 -20
- data/lib/omniauth/failure_endpoint.rb +13 -2
- data/lib/omniauth/form.css +1 -1
- data/lib/omniauth/form.rb +3 -2
- data/lib/omniauth/key_store.rb +22 -0
- data/lib/omniauth/strategies/developer.rb +2 -2
- data/lib/omniauth/strategy.rb +141 -67
- data/lib/omniauth/test/strategy_test_case.rb +2 -2
- data/lib/omniauth/version.rb +1 -1
- data/lib/omniauth.rb +30 -22
- data/omniauth.gemspec +11 -8
- metadata +51 -45
- data/.gemtest +0 -0
- data/.travis.yml +0 -37
- data/Gemfile.rack-1.3.x +0 -25
- data/Guardfile +0 -10
- data/spec/helper.rb +0 -55
- data/spec/omniauth/auth_hash_spec.rb +0 -111
- data/spec/omniauth/builder_spec.rb +0 -50
- data/spec/omniauth/failure_endpoint_spec.rb +0 -58
- data/spec/omniauth/form_spec.rb +0 -23
- data/spec/omniauth/strategies/developer_spec.rb +0 -73
- data/spec/omniauth/strategy_spec.rb +0 -768
- data/spec/omniauth_spec.rb +0 -145
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: df50309ac3b4098a460e7a52f233798a3246cffdfeb2c6f6f60d373b8af8af2c
|
4
|
+
data.tar.gz: bf5c53ceadb04c431b88aa17dfe6a11b46475b38bc9d4fa74865e1eb21d27772
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dfd0bb2add456a51a393e672cba45d310f6ab7d2b5aa37c058a7242b8b0dc9b644877596c0a47c9e1c462d1e593516d1474379f103cae0988cced76c37260d4a
|
7
|
+
data.tar.gz: 6a0c4302b25339ca10e304ef1fb968e5dd36cb5e6d686499c1b9d5185f9165fef864f54603f385076bf81160980ca532285a00ebdf23de82f3a1bacf95655856
|
data/.github/FUNDING.yml
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Please complete all sections.
|
2
|
+
|
3
|
+
### Configuration
|
4
|
+
|
5
|
+
- Provider Gem: `omniauth-*`
|
6
|
+
- Ruby Version: ``
|
7
|
+
- Framework: ``
|
8
|
+
- Platform: ``
|
9
|
+
|
10
|
+
### Expected Behavior
|
11
|
+
|
12
|
+
Tell us what should happen.
|
13
|
+
|
14
|
+
### Actual Behavior
|
15
|
+
|
16
|
+
Tell us what happens instead.
|
17
|
+
|
18
|
+
### Steps to Reproduce
|
19
|
+
|
20
|
+
Please list all steps to reproduce the issue.
|
@@ -0,0 +1,89 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ master ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ master ]
|
15
|
+
|
16
|
+
jobs:
|
17
|
+
test:
|
18
|
+
runs-on: ubuntu-18.04
|
19
|
+
strategy:
|
20
|
+
fail-fast: false
|
21
|
+
matrix:
|
22
|
+
os: [ubuntu, macos]
|
23
|
+
ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug, truffleruby, truffleruby-head]
|
24
|
+
steps:
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
- name: Set up Ruby
|
27
|
+
uses: ruby/setup-ruby@v1
|
28
|
+
with:
|
29
|
+
ruby-version: ${{ matrix.ruby }}
|
30
|
+
bundler-cache: true
|
31
|
+
- name: Install dependencies
|
32
|
+
run: bundle install
|
33
|
+
- name: Run tests
|
34
|
+
run: bundle exec rake
|
35
|
+
test-jruby:
|
36
|
+
runs-on: ubuntu-18.04
|
37
|
+
strategy:
|
38
|
+
fail-fast: false
|
39
|
+
matrix:
|
40
|
+
os: [ubuntu, macos]
|
41
|
+
jruby: [jruby] # TODO: Add back jruby-head once we figure out why there's a bundler mismatch
|
42
|
+
steps:
|
43
|
+
- uses: actions/checkout@v2
|
44
|
+
- name: Set up Ruby
|
45
|
+
uses: ruby/setup-ruby@v1
|
46
|
+
with:
|
47
|
+
ruby-version: ${{ matrix.jruby }}
|
48
|
+
bundler-cache: true
|
49
|
+
- name: Install dependencies
|
50
|
+
env:
|
51
|
+
JRUBY_OPTS: --debug
|
52
|
+
run: bundle install
|
53
|
+
- name: Run tests
|
54
|
+
env:
|
55
|
+
JRUBY_OPTS: --debug
|
56
|
+
run: bundle exec rake
|
57
|
+
frozen-string-compat:
|
58
|
+
runs-on: ubuntu-18.04
|
59
|
+
steps:
|
60
|
+
- uses: actions/checkout@v2
|
61
|
+
- name: Set up Ruby
|
62
|
+
uses: ruby/setup-ruby@v1
|
63
|
+
with:
|
64
|
+
ruby-version: 2.6
|
65
|
+
bundler-cache: true
|
66
|
+
- name: Install dependencies
|
67
|
+
run: bundle install
|
68
|
+
- name: Run tests
|
69
|
+
env:
|
70
|
+
RUBYOPT: "--enable-frozen-string-literal"
|
71
|
+
run: bundle exec rake
|
72
|
+
coveralls:
|
73
|
+
runs-on: ubuntu-18.04
|
74
|
+
steps:
|
75
|
+
- uses: actions/checkout@v2
|
76
|
+
- name: Set up Ruby
|
77
|
+
uses: ruby/setup-ruby@v1
|
78
|
+
with:
|
79
|
+
ruby-version: 2.6
|
80
|
+
bundler-cache: true
|
81
|
+
- name: Install dependencies
|
82
|
+
run: bundle install
|
83
|
+
- name: Run tests
|
84
|
+
run: bundle exec rake
|
85
|
+
- name: Coveralls GitHub Action
|
86
|
+
uses: coverallsapp/github-action@v1.1.2
|
87
|
+
with:
|
88
|
+
github-token: ${{ secrets.github_token }}
|
89
|
+
path-to-lcov: './coverage/lcov/omniauth.lcov'
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -1,81 +1,69 @@
|
|
1
1
|
AllCops:
|
2
|
-
|
3
|
-
- 'Gemfile'
|
4
|
-
- 'Rakefile'
|
5
|
-
- 'omniauth.gemspec'
|
2
|
+
TargetRubyVersion: 2.2
|
6
3
|
|
7
|
-
|
8
|
-
|
9
|
-
Max: 4
|
10
|
-
CountKeywordArgs: true
|
4
|
+
Layout/AccessModifierIndentation:
|
5
|
+
EnforcedStyle: outdent
|
11
6
|
|
12
|
-
|
13
|
-
|
14
|
-
Max: 15
|
7
|
+
Layout/AlignHash:
|
8
|
+
Enabled: false
|
15
9
|
|
16
|
-
|
17
|
-
|
18
|
-
Max: 2
|
10
|
+
Layout/DotPosition:
|
11
|
+
EnforcedStyle: trailing
|
19
12
|
|
20
|
-
|
21
|
-
|
22
|
-
PreferredMethods:
|
23
|
-
map: 'collect'
|
24
|
-
reduce: 'inject'
|
25
|
-
find: 'detect'
|
26
|
-
find_all: 'select'
|
13
|
+
Layout/SpaceInsideHashLiteralBraces:
|
14
|
+
EnforcedStyle: no_space
|
27
15
|
|
28
|
-
|
29
|
-
LineLength:
|
16
|
+
Lint/HandleExceptions:
|
30
17
|
Enabled: false
|
31
18
|
|
32
|
-
|
33
|
-
Documentation:
|
19
|
+
Metrics/BlockLength:
|
34
20
|
Enabled: false
|
35
21
|
|
36
|
-
|
37
|
-
|
38
|
-
EnforcedStyle: hash_rockets
|
39
|
-
|
40
|
-
# No spaces inside hash literals
|
41
|
-
SpaceInsideHashLiteralBraces:
|
42
|
-
EnforcedStyle: no_space
|
22
|
+
Metrics/BlockNesting:
|
23
|
+
Max: 2
|
43
24
|
|
44
|
-
|
45
|
-
|
25
|
+
Metrics/LineLength:
|
26
|
+
AllowURI: true
|
46
27
|
Enabled: false
|
47
28
|
|
48
|
-
|
49
|
-
|
50
|
-
|
29
|
+
Metrics/MethodLength:
|
30
|
+
CountComments: false
|
31
|
+
Max: 15
|
51
32
|
|
52
|
-
|
53
|
-
|
54
|
-
|
33
|
+
Metrics/ParameterLists:
|
34
|
+
Max: 4
|
35
|
+
CountKeywordArgs: true
|
55
36
|
|
56
|
-
|
57
|
-
Enabled:
|
37
|
+
Metrics/AbcSize:
|
38
|
+
Enabled: false
|
58
39
|
|
59
|
-
|
60
|
-
|
61
|
-
|
40
|
+
Style/CollectionMethods:
|
41
|
+
PreferredMethods:
|
42
|
+
map: 'collect'
|
43
|
+
reduce: 'inject'
|
44
|
+
find: 'detect'
|
45
|
+
find_all: 'select'
|
62
46
|
|
63
|
-
|
64
|
-
|
65
|
-
IndentWhenRelativeTo: end
|
66
|
-
IndentOneStep: false
|
47
|
+
Style/Documentation:
|
48
|
+
Enabled: false
|
67
49
|
|
68
|
-
|
50
|
+
Style/DoubleNegation:
|
69
51
|
Enabled: false
|
70
52
|
|
71
|
-
|
53
|
+
Style/EachWithObject:
|
72
54
|
Enabled: false
|
73
55
|
|
74
|
-
|
75
|
-
|
56
|
+
Style/Encoding:
|
57
|
+
Enabled: false
|
76
58
|
|
77
|
-
|
59
|
+
Style/ExpandPathArguments:
|
78
60
|
Enabled: false
|
79
61
|
|
80
|
-
|
62
|
+
Style/HashSyntax:
|
63
|
+
EnforcedStyle: hash_rockets
|
64
|
+
|
65
|
+
Style/Lambda:
|
81
66
|
Enabled: false
|
67
|
+
|
68
|
+
Style/RaiseArgs:
|
69
|
+
EnforcedStyle: compact
|
data/Gemfile
CHANGED
@@ -1,33 +1,28 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gem 'jruby-openssl',
|
4
|
-
gem 'rake'
|
5
|
-
gem 'yard'
|
3
|
+
gem 'jruby-openssl', '~> 0.10.5', platforms: :jruby
|
4
|
+
gem 'rake', '>= 12.0'
|
5
|
+
gem 'yard', '>= 0.9.11'
|
6
6
|
|
7
7
|
group :development do
|
8
|
-
gem '
|
9
|
-
platforms :ruby_19, :ruby_20 do
|
10
|
-
gem 'guard'
|
11
|
-
gem 'guard-bundler'
|
12
|
-
gem 'guard-rspec'
|
13
|
-
end
|
8
|
+
gem 'benchmark-ips'
|
14
9
|
gem 'kramdown'
|
15
|
-
gem '
|
10
|
+
gem 'memory_profiler'
|
16
11
|
gem 'pry'
|
17
|
-
gem 'pry-debugger', :platforms => [:mri_19, :mri_20]
|
18
|
-
gem 'pry-byebug', :platforms => [:mri_21]
|
19
|
-
gem 'rb-fsevent'
|
20
12
|
end
|
21
13
|
|
22
14
|
group :test do
|
23
|
-
gem '
|
24
|
-
gem '
|
25
|
-
gem '
|
15
|
+
gem 'coveralls_reborn', '~> 0.19.0', require: false
|
16
|
+
gem 'hashie', '>= 3.4.6', '~> 4.0.0', platforms: [:jruby_18]
|
17
|
+
gem 'json', '~> 2.3.0', platforms: %i[jruby_18 jruby_19 ruby_19]
|
18
|
+
gem 'mime-types', '~> 3.1', platforms: [:jruby_18]
|
26
19
|
gem 'rack-test'
|
27
|
-
gem 'rest-client', '~>
|
28
|
-
gem 'rspec', '~> 3.
|
29
|
-
gem '
|
30
|
-
gem '
|
20
|
+
gem 'rest-client', '~> 2.0.0', platforms: [:jruby_18]
|
21
|
+
gem 'rspec', '~> 3.5'
|
22
|
+
gem 'rack-freeze'
|
23
|
+
gem 'rubocop', '>= 0.58.2', '< 0.69.0', platforms: %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
|
24
|
+
gem 'simplecov-lcov'
|
25
|
+
gem 'tins', '~> 1.13', platforms: %i[jruby_18 jruby_19 ruby_19]
|
31
26
|
end
|
32
27
|
|
33
28
|
gemspec
|
data/LICENSE.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Copyright (c) 2010-
|
1
|
+
Copyright (c) 2010-2017 Michael Bleigh and Intridea, Inc.
|
2
2
|
|
3
3
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
of this software and associated documentation files (the "Software"), to deal
|
data/README.md
CHANGED
@@ -1,22 +1,16 @@
|
|
1
1
|
# OmniAuth: Standardized Multi-Provider Authentication
|
2
2
|
|
3
3
|
[![Gem Version](http://img.shields.io/gem/v/omniauth.svg)][gem]
|
4
|
-
[![Build Status](http://img.shields.io/travis/
|
5
|
-
[![
|
6
|
-
[![
|
7
|
-
[![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth.svg)][coveralls]
|
8
|
-
[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/intridea/omniauth/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
|
4
|
+
[![Build Status](http://img.shields.io/travis/omniauth/omniauth.svg)][travis]
|
5
|
+
[![Code Climate](https://api.codeclimate.com/v1/badges/ffd33970723587806744/maintainability)][codeclimate]
|
6
|
+
[![Coverage Status](http://img.shields.io/coveralls/omniauth/omniauth.svg)][coveralls]
|
9
7
|
|
10
8
|
[gem]: https://rubygems.org/gems/omniauth
|
11
|
-
[travis]: http://travis-ci.org/
|
12
|
-
[
|
13
|
-
[
|
14
|
-
[coveralls]: https://coveralls.io/r/intridea/omniauth
|
9
|
+
[travis]: http://travis-ci.org/omniauth/omniauth
|
10
|
+
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
|
11
|
+
[coveralls]: https://coveralls.io/r/omniauth/omniauth
|
15
12
|
|
16
|
-
|
17
|
-
the dependency to `~> 0.3.2` if you do not wish to make the more difficult
|
18
|
-
upgrade. See [the wiki](https://github.com/intridea/omniauth/wiki/Upgrading-to-1.0)
|
19
|
-
for more information.**
|
13
|
+
This is the documentation for our latest release [v2.1.0](https://github.com/omniauth/omniauth/releases/tag/v2.1.0).
|
20
14
|
|
21
15
|
## An Introduction
|
22
16
|
OmniAuth is a library that standardizes multi-provider authentication for
|
@@ -27,7 +21,7 @@ have been created for everything from Facebook to LDAP.
|
|
27
21
|
|
28
22
|
In order to use OmniAuth in your applications, you will need to leverage
|
29
23
|
one or more strategies. These strategies are generally released
|
30
|
-
individually as RubyGems, and you can see a [community maintained list](https://github.com/
|
24
|
+
individually as RubyGems, and you can see a [community maintained list](https://github.com/omniauth/omniauth/wiki/List-of-Strategies)
|
31
25
|
on the wiki for this project.
|
32
26
|
|
33
27
|
One strategy, called `Developer`, is included with OmniAuth and provides
|
@@ -39,8 +33,8 @@ development and easily swap in other strategies later.
|
|
39
33
|
## Getting Started
|
40
34
|
Each OmniAuth strategy is a Rack Middleware. That means that you can use
|
41
35
|
it the same way that you use any other Rack middleware. For example, to
|
42
|
-
use the built-in Developer strategy in a Sinatra application
|
43
|
-
this:
|
36
|
+
use the built-in Developer strategy in a Sinatra application you might
|
37
|
+
do this:
|
44
38
|
|
45
39
|
```ruby
|
46
40
|
require 'sinatra'
|
@@ -52,7 +46,7 @@ class MyApplication < Sinatra::Base
|
|
52
46
|
end
|
53
47
|
```
|
54
48
|
|
55
|
-
Because OmniAuth is built for *multi-provider* authentication,
|
49
|
+
Because OmniAuth is built for *multi-provider* authentication, you may
|
56
50
|
want to leave room to run multiple strategies. For this, the built-in
|
57
51
|
`OmniAuth::Builder` class gives you an easy way to specify multiple
|
58
52
|
strategies. Note that there is **no difference** between the following
|
@@ -89,43 +83,109 @@ environment of a request to `/auth/:provider/callback`. This hash
|
|
89
83
|
contains as much information about the user as OmniAuth was able to
|
90
84
|
glean from the utilized strategy. You should set up an endpoint in your
|
91
85
|
application that matches to the callback URL and then performs whatever
|
92
|
-
steps are necessary for your application.
|
93
|
-
would add a line in my `routes.rb` file like this:
|
86
|
+
steps are necessary for your application.
|
94
87
|
|
88
|
+
The `omniauth.auth` key in the environment hash provides an
|
89
|
+
Authentication Hash which will contain information about the just
|
90
|
+
authenticated user including a unique id, the strategy they just used
|
91
|
+
for authentication, and personal details such as name and email address
|
92
|
+
as available. For an in-depth description of what the authentication
|
93
|
+
hash might contain, see the [Auth Hash Schema wiki page](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema).
|
94
|
+
|
95
|
+
Note that OmniAuth does not perform any actions beyond setting some
|
96
|
+
environment information on the callback request. It is entirely up to
|
97
|
+
you how you want to implement the particulars of your application's
|
98
|
+
authentication flow.
|
99
|
+
|
100
|
+
|
101
|
+
## Rails (without Devise)
|
102
|
+
To get started, add the following gems
|
103
|
+
|
104
|
+
**Gemfile**:
|
95
105
|
```ruby
|
96
|
-
|
106
|
+
gem 'omniauth'
|
107
|
+
gem "omniauth-rails_csrf_protection"
|
97
108
|
```
|
98
109
|
|
99
|
-
|
100
|
-
something like this:
|
110
|
+
Then insert OmniAuth as a middleware
|
101
111
|
|
112
|
+
**config/initializers/omniauth.rb**:
|
113
|
+
```ruby
|
114
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
115
|
+
provider :developer if Rails.env.development?
|
116
|
+
end
|
117
|
+
```
|
118
|
+
|
119
|
+
Additional providers can be added here in the future. Next we wire it
|
120
|
+
all up using routes, a controller and a login view.
|
121
|
+
|
122
|
+
**config/routes.rb**:
|
123
|
+
|
124
|
+
```ruby
|
125
|
+
get 'auth/:provider/callback', to: 'sessions#create'
|
126
|
+
get '/login', to: 'sessions#new'
|
127
|
+
```
|
128
|
+
|
129
|
+
**app/controllers/sessions_controller.rb**:
|
102
130
|
```ruby
|
103
131
|
class SessionsController < ApplicationController
|
104
|
-
def
|
105
|
-
|
106
|
-
self.current_user = @user
|
107
|
-
redirect_to '/'
|
132
|
+
def new
|
133
|
+
render :new
|
108
134
|
end
|
109
135
|
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
request.env['omniauth.auth']
|
136
|
+
def create
|
137
|
+
user_info = request.env['omniauth.auth']
|
138
|
+
raise user_info # Your own session management should be placed here.
|
114
139
|
end
|
115
140
|
end
|
116
141
|
```
|
117
142
|
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
143
|
+
**app/views/sessions/new.html.erb**:
|
144
|
+
```erb
|
145
|
+
<%= form_tag('/auth/developer', method: 'post', data: {turbo: false}) do %>
|
146
|
+
<button type='submit'>Login with Developer</button>
|
147
|
+
<% end %>
|
148
|
+
```
|
124
149
|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
150
|
+
Now if you visit `/login` and click the Login button, you should see the
|
151
|
+
OmniAuth developer login screen. After submitting it, you are returned to your
|
152
|
+
application at `Sessions#create`. The raise should now display all the Omniauth
|
153
|
+
details you have available to integrate it into your own user management.
|
154
|
+
|
155
|
+
If you want out of the box usermanagement, you should consider using Omniauth
|
156
|
+
through Devise. Please visit the [Devise Github page](https://github.com/heartcombo/devise#omniauth)
|
157
|
+
for more information.
|
158
|
+
|
159
|
+
|
160
|
+
## Rails API
|
161
|
+
The following middleware are (by default) included for session management in
|
162
|
+
Rails applications. When using OmniAuth with a Rails API, you'll need to add
|
163
|
+
one of these required middleware back in:
|
164
|
+
|
165
|
+
- `ActionDispatch::Session::CacheStore`
|
166
|
+
- `ActionDispatch::Session::CookieStore`
|
167
|
+
- `ActionDispatch::Session::MemCacheStore`
|
168
|
+
|
169
|
+
The trick to adding these back in is that, by default, they are passed
|
170
|
+
`session_options` when added (including the session key), so you can't just add
|
171
|
+
a `session_store.rb` initializer, add `use ActionDispatch::Session::CookieStore`
|
172
|
+
and have sessions functioning as normal.
|
173
|
+
|
174
|
+
To be clear: sessions may work, but your session options will be ignored
|
175
|
+
(i.e. the session key will default to `_session_id`). Instead of the
|
176
|
+
initializer, you'll have to set the relevant options somewhere
|
177
|
+
before your middleware is built (like `application.rb`) and pass them to your
|
178
|
+
preferred middleware, like this:
|
179
|
+
|
180
|
+
**application.rb:**
|
181
|
+
|
182
|
+
```ruby
|
183
|
+
config.session_store :cookie_store, key: '_interslice_session'
|
184
|
+
config.middleware.use ActionDispatch::Cookies # Required for all session management
|
185
|
+
config.middleware.use ActionDispatch::Session::CookieStore, config.session_options
|
186
|
+
```
|
187
|
+
|
188
|
+
(Thanks @mltsy)
|
129
189
|
|
130
190
|
## Logging
|
131
191
|
OmniAuth supports a configurable logger. By default, OmniAuth will log
|
@@ -136,14 +196,51 @@ to `STDOUT` but you can configure this using `OmniAuth.config.logger`:
|
|
136
196
|
OmniAuth.config.logger = Rails.logger
|
137
197
|
```
|
138
198
|
|
199
|
+
## Origin Param
|
200
|
+
The `origin` url parameter is typically used to inform where a user came from
|
201
|
+
and where, should you choose to use it, they'd want to return to.
|
202
|
+
Omniauth supports the following settings which can be configured on a provider level:
|
203
|
+
|
204
|
+
**Default**:
|
205
|
+
```ruby
|
206
|
+
provider :twitter, ENV['KEY'], ENV['SECRET']
|
207
|
+
POST /auth/twitter/?origin=[URL]
|
208
|
+
# If the `origin` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
|
209
|
+
```
|
210
|
+
|
211
|
+
**Using a differently named origin parameter**:
|
212
|
+
```ruby
|
213
|
+
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
|
214
|
+
POST /auth/twitter/?return_to=[URL]
|
215
|
+
# If the `return_to` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
|
216
|
+
```
|
217
|
+
|
218
|
+
**Disabled**:
|
219
|
+
```ruby
|
220
|
+
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
|
221
|
+
POST /auth/twitter
|
222
|
+
# This means the origin should be handled by your own application.
|
223
|
+
# Note that `omniauth.origin` will always be blank.
|
224
|
+
```
|
225
|
+
|
139
226
|
## Resources
|
140
|
-
The [OmniAuth Wiki](https://github.com/
|
227
|
+
The [OmniAuth Wiki](https://github.com/omniauth/omniauth/wiki) has
|
141
228
|
actively maintained in-depth documentation for OmniAuth. It should be
|
142
229
|
your first stop if you are wondering about a more in-depth look at
|
143
230
|
OmniAuth, how it works, and how to use it.
|
144
231
|
|
232
|
+
## OmniAuth for Enterprise
|
233
|
+
|
234
|
+
Available as part of the Tidelift Subscription.
|
235
|
+
|
236
|
+
The maintainers of OmniAuth and thousands of other packages are working with
|
237
|
+
Tidelift to deliver commercial support and maintenance for the open source
|
238
|
+
packages you use to build your applications. Save time, reduce risk, and
|
239
|
+
improve code health, while paying the maintainers of the exact packages you use.
|
240
|
+
[Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
|
241
|
+
|
145
242
|
## Supported Ruby Versions
|
146
|
-
OmniAuth is tested under
|
243
|
+
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
|
147
244
|
|
148
245
|
## Versioning
|
149
246
|
This library aims to adhere to [Semantic Versioning 2.0.0][semver]. Violations
|
@@ -158,10 +255,10 @@ Constraint][pvc] with two digits of precision. For example:
|
|
158
255
|
spec.add_dependency 'omniauth', '~> 1.0'
|
159
256
|
|
160
257
|
[semver]: http://semver.org/
|
161
|
-
[pvc]: http://
|
258
|
+
[pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
|
162
259
|
|
163
260
|
## License
|
164
|
-
Copyright (c) 2010-
|
261
|
+
Copyright (c) 2010-2017 Michael Bleigh and Intridea, Inc. See [LICENSE][] for
|
165
262
|
details.
|
166
263
|
|
167
264
|
[license]: LICENSE.md
|
data/Rakefile
CHANGED
@@ -10,8 +10,44 @@ begin
|
|
10
10
|
RuboCop::RakeTask.new
|
11
11
|
rescue LoadError
|
12
12
|
task :rubocop do
|
13
|
-
|
13
|
+
warn 'RuboCop is disabled'
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
17
|
-
task :default => [
|
17
|
+
task :default => %i[spec rubocop]
|
18
|
+
|
19
|
+
namespace :perf do
|
20
|
+
task :setup do
|
21
|
+
require 'omniauth'
|
22
|
+
require 'rack/test'
|
23
|
+
app = Rack::Builder.new do |b|
|
24
|
+
b.use Rack::Session::Cookie, :secret => 'abc123'
|
25
|
+
b.use OmniAuth::Strategies::Developer
|
26
|
+
b.run lambda { |_env| [200, {}, ['Not Found']] }
|
27
|
+
end.to_app
|
28
|
+
@app = Rack::MockRequest.new(app)
|
29
|
+
|
30
|
+
def call_app(path = ENV['GET_PATH'] || '/')
|
31
|
+
result = @app.get(path)
|
32
|
+
raise "Did not succeed #{result.body}" unless result.status == 200
|
33
|
+
|
34
|
+
result
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
task :ips => :setup do
|
39
|
+
require 'benchmark/ips'
|
40
|
+
Benchmark.ips do |x|
|
41
|
+
x.report('ips') { call_app }
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
task :mem => :setup do
|
46
|
+
require 'memory_profiler'
|
47
|
+
num = Integer(ENV['CNT'] || 1)
|
48
|
+
report = MemoryProfiler.report do
|
49
|
+
num.times { call_app }
|
50
|
+
end
|
51
|
+
report.pretty_print
|
52
|
+
end
|
53
|
+
end
|
data/SECURITY.md
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
Use this section to tell people about which versions of your project are
|
6
|
+
currently being supported with security updates.
|
7
|
+
|
8
|
+
| Version | Supported |
|
9
|
+
| ------- | ------------------ |
|
10
|
+
| 2.0.x | :white_check_mark: |
|
11
|
+
| <= 1.9.1 | :x: |
|
12
|
+
|
13
|
+
## Security contact information
|
14
|
+
|
15
|
+
To report a security vulnerability, please use the
|
16
|
+
[Tidelift security contact](https://tidelift.com/security).
|
17
|
+
Tidelift will coordinate the fix and disclosure.
|