omniauth 1.3.2 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -13
- data/.github/ISSUE_TEMPLATE.md +20 -0
- data/.github/workflows/main.yml +89 -0
- data/.gitignore +1 -0
- data/.rubocop.yml +18 -9
- data/Gemfile +16 -12
- data/LICENSE.md +1 -1
- data/README.md +73 -19
- data/Rakefile +38 -2
- data/lib/omniauth/auth_hash.rb +5 -6
- data/lib/omniauth/authenticity_token_protection.rb +30 -0
- data/lib/omniauth/builder.rb +3 -21
- data/lib/omniauth/failure_endpoint.rb +12 -1
- data/lib/omniauth/form.css +1 -1
- data/lib/omniauth/form.rb +2 -1
- data/lib/omniauth/key_store.rb +22 -0
- data/lib/omniauth/strategies/developer.rb +1 -1
- data/lib/omniauth/strategy.rb +105 -47
- data/lib/omniauth/test/strategy_test_case.rb +1 -1
- data/lib/omniauth/version.rb +1 -1
- data/lib/omniauth.rb +20 -8
- data/omniauth.gemspec +9 -6
- metadata +46 -38
- data/.travis.yml +0 -25
checksums.yaml
CHANGED
@@ -1,15 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
NjY4NjQ5MjJlMzIzY2Q0ZTRhNmNhNDc5ODdiN2Y0ZDM2NDdiZTNjMQ==
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 8f836310822161a3a49ac1a691b348917ab7f3de1ec1171e078e1f50dc304142
|
4
|
+
data.tar.gz: a06ee34aa1f4da5fd3785e1237fd457adbf032cf7fe2a8dfb22c1272ca001fb3
|
7
5
|
SHA512:
|
8
|
-
metadata.gz:
|
9
|
-
|
10
|
-
NDY2MmJjMDJlNGQwNjg5ZmQ5OTIxYjlmMDZjMjI5YzgzZDRlZjQzOGFmMDcz
|
11
|
-
MmFmNGRlOTU3Mzg5ZmUyNWE2ZDlhZTA0MWNiMzUyYjhjNTg4ZDM=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
MWU5OGY4Mzc0NmVmMTJiNmNhNjg1N2U0NTU3MTgyY2JmZmViZTUyOGQ3NzAy
|
14
|
-
M2ZjZGJhYjFmNmEzZjNkMDlmOGY3MDc0ZDFkY2U0OTVmYzY2YWQxMDg2MDM3
|
15
|
-
NTg3MzY2NzQyNWJmMTI4NGIxZjdiZmZiZGNhZmZlNjE2YTFkMzM=
|
6
|
+
metadata.gz: c880817de032bda44bc8a7fab28efcf2df943af0bed17a10529d44e45c270ea2968abd0629b7f2ed017527f7b169e0349fe2fc3638b7971da4a2dc536f16ba44
|
7
|
+
data.tar.gz: 856b44834bdb2cab3eb7faa1ac2ae58411694a885a4e3cc14ec3eff2d05616ef667c43b2ab87d39132e5662d5b022f45c0ca0c11ae4bc5057e725d65c6aafa18
|
@@ -0,0 +1,20 @@
|
|
1
|
+
Please complete all sections.
|
2
|
+
|
3
|
+
### Configuration
|
4
|
+
|
5
|
+
- Provider Gem: `omniauth-*`
|
6
|
+
- Ruby Version: ``
|
7
|
+
- Framework: ``
|
8
|
+
- Platform: ``
|
9
|
+
|
10
|
+
### Expected Behavior
|
11
|
+
|
12
|
+
Tell us what should happen.
|
13
|
+
|
14
|
+
### Actual Behavior
|
15
|
+
|
16
|
+
Tell us what happens instead.
|
17
|
+
|
18
|
+
### Steps to Reproduce
|
19
|
+
|
20
|
+
Please list all steps to reproduce the issue.
|
@@ -0,0 +1,89 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ master, 2_0-indev ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ master, 2_0-indev ]
|
15
|
+
|
16
|
+
jobs:
|
17
|
+
test:
|
18
|
+
runs-on: ubuntu-18.04
|
19
|
+
strategy:
|
20
|
+
fail-fast: false
|
21
|
+
matrix:
|
22
|
+
os: [ubuntu, macos]
|
23
|
+
ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
|
24
|
+
steps:
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
- name: Set up Ruby
|
27
|
+
uses: ruby/setup-ruby@v1
|
28
|
+
with:
|
29
|
+
ruby-version: ${{ matrix.ruby }}
|
30
|
+
bundler-cache: true
|
31
|
+
- name: Install dependencies
|
32
|
+
run: bundle install
|
33
|
+
- name: Run tests
|
34
|
+
run: bundle exec rake
|
35
|
+
test-jruby:
|
36
|
+
runs-on: ubuntu-18.04
|
37
|
+
strategy:
|
38
|
+
fail-fast: false
|
39
|
+
matrix:
|
40
|
+
os: [ubuntu, macos]
|
41
|
+
jruby: [jruby, jruby-head]
|
42
|
+
steps:
|
43
|
+
- uses: actions/checkout@v2
|
44
|
+
- name: Set up Ruby
|
45
|
+
uses: ruby/setup-ruby@v1
|
46
|
+
with:
|
47
|
+
ruby-version: ${{ matrix.jruby }}
|
48
|
+
bundler-cache: true
|
49
|
+
- name: Install dependencies
|
50
|
+
env:
|
51
|
+
JRUBY_OPTS: --debug
|
52
|
+
run: bundle install
|
53
|
+
- name: Run tests
|
54
|
+
env:
|
55
|
+
JRUBY_OPTS: --debug
|
56
|
+
run: bundle exec rake
|
57
|
+
frozen-string-compat:
|
58
|
+
runs-on: ubuntu-18.04
|
59
|
+
steps:
|
60
|
+
- uses: actions/checkout@v2
|
61
|
+
- name: Set up Ruby
|
62
|
+
uses: ruby/setup-ruby@v1
|
63
|
+
with:
|
64
|
+
ruby-version: 2.6
|
65
|
+
bundler-cache: true
|
66
|
+
- name: Install dependencies
|
67
|
+
run: bundle install
|
68
|
+
- name: Run tests
|
69
|
+
env:
|
70
|
+
RUBYOPT: "--enable-frozen-string-literal"
|
71
|
+
run: bundle exec rake
|
72
|
+
coveralls:
|
73
|
+
runs-on: ubuntu-18.04
|
74
|
+
steps:
|
75
|
+
- uses: actions/checkout@v2
|
76
|
+
- name: Set up Ruby
|
77
|
+
uses: ruby/setup-ruby@v1
|
78
|
+
with:
|
79
|
+
ruby-version: 2.6
|
80
|
+
bundler-cache: true
|
81
|
+
- name: Install dependencies
|
82
|
+
run: bundle install
|
83
|
+
- name: Run tests
|
84
|
+
run: bundle exec rake
|
85
|
+
- name: Coveralls GitHub Action
|
86
|
+
uses: coverallsapp/github-action@v1.1.2
|
87
|
+
with:
|
88
|
+
github-token: ${{ secrets.github_token }}
|
89
|
+
path-to-lcov: './coverage/lcov/omniauth.lcov'
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -1,3 +1,18 @@
|
|
1
|
+
AllCops:
|
2
|
+
TargetRubyVersion: 2.2
|
3
|
+
|
4
|
+
Layout/AccessModifierIndentation:
|
5
|
+
EnforcedStyle: outdent
|
6
|
+
|
7
|
+
Layout/AlignHash:
|
8
|
+
Enabled: false
|
9
|
+
|
10
|
+
Layout/DotPosition:
|
11
|
+
EnforcedStyle: trailing
|
12
|
+
|
13
|
+
Layout/SpaceInsideHashLiteralBraces:
|
14
|
+
EnforcedStyle: no_space
|
15
|
+
|
1
16
|
Lint/HandleExceptions:
|
2
17
|
Enabled: false
|
3
18
|
|
@@ -22,9 +37,6 @@ Metrics/ParameterLists:
|
|
22
37
|
Metrics/AbcSize:
|
23
38
|
Enabled: false
|
24
39
|
|
25
|
-
Style/AccessModifierIndentation:
|
26
|
-
EnforcedStyle: outdent
|
27
|
-
|
28
40
|
Style/CollectionMethods:
|
29
41
|
PreferredMethods:
|
30
42
|
map: 'collect'
|
@@ -35,9 +47,6 @@ Style/CollectionMethods:
|
|
35
47
|
Style/Documentation:
|
36
48
|
Enabled: false
|
37
49
|
|
38
|
-
Style/DotPosition:
|
39
|
-
EnforcedStyle: trailing
|
40
|
-
|
41
50
|
Style/DoubleNegation:
|
42
51
|
Enabled: false
|
43
52
|
|
@@ -47,6 +56,9 @@ Style/EachWithObject:
|
|
47
56
|
Style/Encoding:
|
48
57
|
Enabled: false
|
49
58
|
|
59
|
+
Style/ExpandPathArguments:
|
60
|
+
Enabled: false
|
61
|
+
|
50
62
|
Style/HashSyntax:
|
51
63
|
EnforcedStyle: hash_rockets
|
52
64
|
|
@@ -55,6 +67,3 @@ Style/Lambda:
|
|
55
67
|
|
56
68
|
Style/RaiseArgs:
|
57
69
|
EnforcedStyle: compact
|
58
|
-
|
59
|
-
Style/SpaceInsideHashLiteralBraces:
|
60
|
-
EnforcedStyle: no_space
|
data/Gemfile
CHANGED
@@ -1,25 +1,29 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gem 'jruby-openssl', :platforms => :jruby
|
4
|
-
gem 'rake', '
|
5
|
-
gem 'yard'
|
3
|
+
gem 'jruby-openssl', '~> 0.10.5', :platforms => :jruby
|
4
|
+
gem 'rake', '>= 12.0'
|
5
|
+
gem 'yard', '>= 0.9.11'
|
6
6
|
|
7
7
|
group :development do
|
8
|
+
gem 'benchmark-ips'
|
8
9
|
gem 'kramdown'
|
10
|
+
gem 'memory_profiler'
|
9
11
|
gem 'pry'
|
10
12
|
end
|
11
13
|
|
12
14
|
group :test do
|
13
|
-
gem '
|
14
|
-
gem '
|
15
|
-
gem '
|
16
|
-
gem '
|
15
|
+
gem 'coveralls_reborn', '~> 0.19.0', require: false
|
16
|
+
gem 'hashie', '>= 3.4.6', '~> 4.0.0', :platforms => [:jruby_18]
|
17
|
+
gem 'json', '~> 2.3.0', :platforms => %i[jruby_18 jruby_19 ruby_19]
|
18
|
+
gem 'mime-types', '~> 3.1', :platforms => [:jruby_18]
|
19
|
+
gem 'rack', '>= 2.0.6', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20 ruby_21]
|
17
20
|
gem 'rack-test'
|
18
|
-
gem 'rest-client', '~>
|
19
|
-
gem 'rspec', '~> 3.
|
20
|
-
gem '
|
21
|
-
gem '
|
22
|
-
gem '
|
21
|
+
gem 'rest-client', '~> 2.0.0', :platforms => [:jruby_18]
|
22
|
+
gem 'rspec', '~> 3.5'
|
23
|
+
gem 'rack-freeze'
|
24
|
+
gem 'rubocop', '>= 0.58.2', '< 0.69.0', :platforms => %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
|
25
|
+
gem 'simplecov-lcov'
|
26
|
+
gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]
|
23
27
|
end
|
24
28
|
|
25
29
|
gemspec
|
data/LICENSE.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Copyright (c) 2010-
|
1
|
+
Copyright (c) 2010-2017 Michael Bleigh and Intridea, Inc.
|
2
2
|
|
3
3
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
of this software and associated documentation files (the "Software"), to deal
|
data/README.md
CHANGED
@@ -2,22 +2,15 @@
|
|
2
2
|
|
3
3
|
[][gem]
|
4
4
|
[][travis]
|
5
|
-
[][codeclimate]
|
5
|
+
[][codeclimate]
|
7
6
|
[][coveralls]
|
8
|
-
[](https://hakiri.io/github/omniauth/omniauth/master)
|
9
7
|
|
10
8
|
[gem]: https://rubygems.org/gems/omniauth
|
11
9
|
[travis]: http://travis-ci.org/omniauth/omniauth
|
12
|
-
[gemnasium]: https://gemnasium.com/omniauth/omniauth
|
13
10
|
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
|
14
11
|
[coveralls]: https://coveralls.io/r/omniauth/omniauth
|
15
12
|
|
16
|
-
|
17
|
-
the dependency to `~> 0.3.2` if you do not wish to make the more difficult
|
18
|
-
upgrade. See [the wiki](https://github.com/omniauth/omniauth/wiki/Upgrading-to-1.0)
|
19
|
-
for more information.**
|
20
|
-
|
13
|
+
This is the documentation for v1.9.1. If you are looking for the documentation for the in-development v2.0.0 version, it can be found [here](https://github.com/omniauth/omniauth/tree/2_0-indev).
|
21
14
|
## An Introduction
|
22
15
|
OmniAuth is a library that standardizes multi-provider authentication for
|
23
16
|
web applications. It was created to be powerful, flexible, and do as
|
@@ -39,8 +32,8 @@ development and easily swap in other strategies later.
|
|
39
32
|
## Getting Started
|
40
33
|
Each OmniAuth strategy is a Rack Middleware. That means that you can use
|
41
34
|
it the same way that you use any other Rack middleware. For example, to
|
42
|
-
use the built-in Developer strategy in a Sinatra application
|
43
|
-
this:
|
35
|
+
use the built-in Developer strategy in a Sinatra application you might
|
36
|
+
do this:
|
44
37
|
|
45
38
|
```ruby
|
46
39
|
require 'sinatra'
|
@@ -52,7 +45,7 @@ class MyApplication < Sinatra::Base
|
|
52
45
|
end
|
53
46
|
```
|
54
47
|
|
55
|
-
Because OmniAuth is built for *multi-provider* authentication,
|
48
|
+
Because OmniAuth is built for *multi-provider* authentication, you may
|
56
49
|
want to leave room to run multiple strategies. For this, the built-in
|
57
50
|
`OmniAuth::Builder` class gives you an easy way to specify multiple
|
58
51
|
strategies. Note that there is **no difference** between the following
|
@@ -89,18 +82,21 @@ environment of a request to `/auth/:provider/callback`. This hash
|
|
89
82
|
contains as much information about the user as OmniAuth was able to
|
90
83
|
glean from the utilized strategy. You should set up an endpoint in your
|
91
84
|
application that matches to the callback URL and then performs whatever
|
92
|
-
steps are necessary for your application. For example, in a Rails app
|
93
|
-
would add a line in
|
85
|
+
steps are necessary for your application. For example, in a Rails app
|
86
|
+
you would add a line in your `routes.rb` file like this:
|
94
87
|
|
95
88
|
```ruby
|
96
|
-
|
89
|
+
post '/auth/:provider/callback', to: 'sessions#create'
|
97
90
|
```
|
98
91
|
|
99
|
-
And
|
92
|
+
And you might then have a `SessionsController` with code that looks
|
100
93
|
something like this:
|
101
94
|
|
102
95
|
```ruby
|
103
96
|
class SessionsController < ApplicationController
|
97
|
+
# If you're using a strategy that POSTs during callback, you'll need to skip the authenticity token check for the callback action only.
|
98
|
+
skip_before_action :verify_authenticity_token, only: :create
|
99
|
+
|
104
100
|
def create
|
105
101
|
@user = User.find_or_create_from_auth_hash(auth_hash)
|
106
102
|
self.current_user = @user
|
@@ -115,7 +111,7 @@ class SessionsController < ApplicationController
|
|
115
111
|
end
|
116
112
|
```
|
117
113
|
|
118
|
-
The `omniauth.auth` key in the environment hash
|
114
|
+
The `omniauth.auth` key in the environment hash provides an
|
119
115
|
Authentication Hash which will contain information about the just
|
120
116
|
authenticated user including a unique id, the strategy they just used
|
121
117
|
for authentication, and personal details such as name and email address
|
@@ -127,6 +123,64 @@ environment information on the callback request. It is entirely up to
|
|
127
123
|
you how you want to implement the particulars of your application's
|
128
124
|
authentication flow.
|
129
125
|
|
126
|
+
**Please note:** there is currently a CSRF vulnerability which affects OmniAuth (designated [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284)) that requires mitigation at the application level. More details on how to do this can be found on the [Wiki](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284).
|
127
|
+
|
128
|
+
## Configuring The `origin` Param
|
129
|
+
The `origin` url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to.
|
130
|
+
|
131
|
+
There are three possible options:
|
132
|
+
|
133
|
+
Default Flow:
|
134
|
+
```ruby
|
135
|
+
# /auth/twitter/?origin=[URL]
|
136
|
+
# No change
|
137
|
+
# If blank, `omniauth.origin` is set to HTTP_REFERER
|
138
|
+
```
|
139
|
+
|
140
|
+
Renaming Origin Param:
|
141
|
+
```ruby
|
142
|
+
# /auth/twitter/?return_to=[URL]
|
143
|
+
# If blank, `omniauth.origin` is set to HTTP_REFERER
|
144
|
+
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
|
145
|
+
```
|
146
|
+
|
147
|
+
Disabling Origin Param:
|
148
|
+
```ruby
|
149
|
+
# /auth/twitter
|
150
|
+
# Origin handled externally, if need be. `omniauth.origin` is not set
|
151
|
+
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
|
152
|
+
```
|
153
|
+
|
154
|
+
## Integrating OmniAuth Into Your Rails API
|
155
|
+
The following middleware are (by default) included for session management in
|
156
|
+
Rails applications. When using OmniAuth with a Rails API, you'll need to add
|
157
|
+
one of these required middleware back in:
|
158
|
+
|
159
|
+
- `ActionDispatch::Session::CacheStore`
|
160
|
+
- `ActionDispatch::Session::CookieStore`
|
161
|
+
- `ActionDispatch::Session::MemCacheStore`
|
162
|
+
|
163
|
+
The trick to adding these back in is that, by default, they are passed
|
164
|
+
`session_options` when added (including the session key), so you can't just add
|
165
|
+
a `session_store.rb` initializer, add `use ActionDispatch::Session::CookieStore`
|
166
|
+
and have sessions functioning as normal.
|
167
|
+
|
168
|
+
To be clear: sessions may work, but your session options will be ignored
|
169
|
+
(i.e. the session key will default to `_session_id`). Instead of the
|
170
|
+
initializer, you'll have to set the relevant options somewhere
|
171
|
+
before your middleware is built (like `application.rb`) and pass them to your
|
172
|
+
preferred middleware, like this:
|
173
|
+
|
174
|
+
**application.rb:**
|
175
|
+
|
176
|
+
```ruby
|
177
|
+
config.session_store :cookie_store, key: '_interslice_session'
|
178
|
+
config.middleware.use ActionDispatch::Cookies # Required for all session management
|
179
|
+
config.middleware.use ActionDispatch::Session::CookieStore, config.session_options
|
180
|
+
```
|
181
|
+
|
182
|
+
(Thanks @mltsy)
|
183
|
+
|
130
184
|
## Logging
|
131
185
|
OmniAuth supports a configurable logger. By default, OmniAuth will log
|
132
186
|
to `STDOUT` but you can configure this using `OmniAuth.config.logger`:
|
@@ -143,7 +197,7 @@ your first stop if you are wondering about a more in-depth look at
|
|
143
197
|
OmniAuth, how it works, and how to use it.
|
144
198
|
|
145
199
|
## Supported Ruby Versions
|
146
|
-
OmniAuth is tested under
|
200
|
+
OmniAuth is tested under 2.1.10, 2.2.6, 2.3.3, 2.4.0, 2.5.0, and JRuby.
|
147
201
|
|
148
202
|
## Versioning
|
149
203
|
This library aims to adhere to [Semantic Versioning 2.0.0][semver]. Violations
|
@@ -161,7 +215,7 @@ Constraint][pvc] with two digits of precision. For example:
|
|
161
215
|
[pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
|
162
216
|
|
163
217
|
## License
|
164
|
-
Copyright (c) 2010-
|
218
|
+
Copyright (c) 2010-2017 Michael Bleigh and Intridea, Inc. See [LICENSE][] for
|
165
219
|
details.
|
166
220
|
|
167
221
|
[license]: LICENSE.md
|
data/Rakefile
CHANGED
@@ -10,8 +10,44 @@ begin
|
|
10
10
|
RuboCop::RakeTask.new
|
11
11
|
rescue LoadError
|
12
12
|
task :rubocop do
|
13
|
-
|
13
|
+
warn 'RuboCop is disabled'
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
17
|
-
task :default => [
|
17
|
+
task :default => %i[spec rubocop]
|
18
|
+
|
19
|
+
namespace :perf do
|
20
|
+
task :setup do
|
21
|
+
require 'omniauth'
|
22
|
+
require 'rack/test'
|
23
|
+
app = Rack::Builder.new do |b|
|
24
|
+
b.use Rack::Session::Cookie, :secret => 'abc123'
|
25
|
+
b.use OmniAuth::Strategies::Developer
|
26
|
+
b.run lambda { |_env| [200, {}, ['Not Found']] }
|
27
|
+
end.to_app
|
28
|
+
@app = Rack::MockRequest.new(app)
|
29
|
+
|
30
|
+
def call_app(path = ENV['GET_PATH'] || '/')
|
31
|
+
result = @app.get(path)
|
32
|
+
raise "Did not succeed #{result.body}" unless result.status == 200
|
33
|
+
|
34
|
+
result
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
task :ips => :setup do
|
39
|
+
require 'benchmark/ips'
|
40
|
+
Benchmark.ips do |x|
|
41
|
+
x.report('ips') { call_app }
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
task :mem => :setup do
|
46
|
+
require 'memory_profiler'
|
47
|
+
num = Integer(ENV['CNT'] || 1)
|
48
|
+
report = MemoryProfiler.report do
|
49
|
+
num.times { call_app }
|
50
|
+
end
|
51
|
+
report.pretty_print
|
52
|
+
end
|
53
|
+
end
|
data/lib/omniauth/auth_hash.rb
CHANGED
@@ -1,11 +1,11 @@
|
|
1
|
-
require '
|
1
|
+
require 'omniauth/key_store'
|
2
2
|
|
3
3
|
module OmniAuth
|
4
4
|
# The AuthHash is a normalized schema returned by all OmniAuth
|
5
5
|
# strategies. It maps as much user information as the provider
|
6
6
|
# is able to provide into the InfoHash (stored as the `'info'`
|
7
7
|
# key).
|
8
|
-
class AuthHash <
|
8
|
+
class AuthHash < OmniAuth::KeyStore
|
9
9
|
def self.subkey_class
|
10
10
|
Hashie::Mash
|
11
11
|
end
|
@@ -20,13 +20,11 @@ module OmniAuth
|
|
20
20
|
end
|
21
21
|
|
22
22
|
def regular_writer(key, value)
|
23
|
-
if key.to_s == 'info' && !value.is_a?(InfoHash)
|
24
|
-
value = InfoHash.new(value)
|
25
|
-
end
|
23
|
+
value = InfoHash.new(value) if key.to_s == 'info' && value.is_a?(::Hash) && !value.is_a?(InfoHash)
|
26
24
|
super
|
27
25
|
end
|
28
26
|
|
29
|
-
class InfoHash <
|
27
|
+
class InfoHash < OmniAuth::KeyStore
|
30
28
|
def self.subkey_class
|
31
29
|
Hashie::Mash
|
32
30
|
end
|
@@ -36,6 +34,7 @@ module OmniAuth
|
|
36
34
|
return "#{first_name} #{last_name}".strip if first_name? || last_name?
|
37
35
|
return nickname if nickname?
|
38
36
|
return email if email?
|
37
|
+
|
39
38
|
nil
|
40
39
|
end
|
41
40
|
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'rack-protection'
|
2
|
+
|
3
|
+
module OmniAuth
|
4
|
+
class AuthenticityError < StandardError; end
|
5
|
+
class AuthenticityTokenProtection < Rack::Protection::AuthenticityToken
|
6
|
+
def initialize(options = {})
|
7
|
+
@options = default_options.merge(options)
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.call(env)
|
11
|
+
new.call!(env)
|
12
|
+
end
|
13
|
+
|
14
|
+
def call!(env)
|
15
|
+
return if accepts?(env)
|
16
|
+
|
17
|
+
instrument env
|
18
|
+
react env
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def deny(_env)
|
24
|
+
OmniAuth.logger.send(:warn, "Attack prevented by #{self.class}")
|
25
|
+
raise AuthenticityError.new(options[:message])
|
26
|
+
end
|
27
|
+
|
28
|
+
alias default_reaction deny
|
29
|
+
end
|
30
|
+
end
|
data/lib/omniauth/builder.rb
CHANGED
@@ -1,24 +1,5 @@
|
|
1
1
|
module OmniAuth
|
2
2
|
class Builder < ::Rack::Builder
|
3
|
-
def initialize(app, &block)
|
4
|
-
@options = nil
|
5
|
-
if rack14? || rack2?
|
6
|
-
super
|
7
|
-
else
|
8
|
-
@app = app
|
9
|
-
super(&block)
|
10
|
-
@ins << @app
|
11
|
-
end
|
12
|
-
end
|
13
|
-
|
14
|
-
def rack14?
|
15
|
-
Rack.release.start_with?('1.') && (Rack.release.split('.')[1].to_i >= 4)
|
16
|
-
end
|
17
|
-
|
18
|
-
def rack2?
|
19
|
-
Rack.release.start_with? '2.'
|
20
|
-
end
|
21
|
-
|
22
3
|
def on_failure(&block)
|
23
4
|
OmniAuth.config.on_failure = block
|
24
5
|
end
|
@@ -40,7 +21,8 @@ module OmniAuth
|
|
40
21
|
end
|
41
22
|
|
42
23
|
def options(options = false)
|
43
|
-
return @options
|
24
|
+
return @options ||= {} if options == false
|
25
|
+
|
44
26
|
@options = options
|
45
27
|
end
|
46
28
|
|
@@ -49,7 +31,7 @@ module OmniAuth
|
|
49
31
|
middleware = klass
|
50
32
|
else
|
51
33
|
begin
|
52
|
-
middleware = OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(klass.to_s).to_s)
|
34
|
+
middleware = OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(klass.to_s).to_s, false)
|
53
35
|
rescue NameError
|
54
36
|
raise(LoadError.new("Could not find matching strategy for #{klass.inspect}. You may need to install an additional gem (such as omniauth-#{klass})."))
|
55
37
|
end
|
@@ -27,17 +27,28 @@ module OmniAuth
|
|
27
27
|
|
28
28
|
def redirect_to_failure
|
29
29
|
message_key = env['omniauth.error.type']
|
30
|
-
|
30
|
+
|
31
|
+
new_path = "#{env['SCRIPT_NAME']}#{strategy_path_prefix}/failure?message=#{Rack::Utils.escape(message_key)}#{origin_query_param}#{strategy_name_query_param}"
|
31
32
|
Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
|
32
33
|
end
|
33
34
|
|
35
|
+
def strategy_path_prefix
|
36
|
+
if env['omniauth.error.strategy']
|
37
|
+
env['omniauth.error.strategy'].path_prefix
|
38
|
+
else
|
39
|
+
OmniAuth.config.path_prefix
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
34
43
|
def strategy_name_query_param
|
35
44
|
return '' unless env['omniauth.error.strategy']
|
45
|
+
|
36
46
|
"&strategy=#{env['omniauth.error.strategy'].name}"
|
37
47
|
end
|
38
48
|
|
39
49
|
def origin_query_param
|
40
50
|
return '' unless env['omniauth.origin']
|
51
|
+
|
41
52
|
"&origin=#{Rack::Utils.escape(env['omniauth.origin'])}"
|
42
53
|
end
|
43
54
|
end
|
data/lib/omniauth/form.css
CHANGED
data/lib/omniauth/form.rb
CHANGED
@@ -9,7 +9,7 @@ module OmniAuth
|
|
9
9
|
options[:header_info] ||= ''
|
10
10
|
self.options = options
|
11
11
|
|
12
|
-
@html = ''
|
12
|
+
@html = +'' # unary + string allows it to be mutable if strings are frozen
|
13
13
|
@with_custom_button = false
|
14
14
|
@footer = nil
|
15
15
|
header(options[:title], options[:header_info])
|
@@ -82,6 +82,7 @@ module OmniAuth
|
|
82
82
|
|
83
83
|
def footer
|
84
84
|
return self if @footer
|
85
|
+
|
85
86
|
@html << "\n<button type='submit'>Connect</button>" unless @with_custom_button
|
86
87
|
@html << <<-HTML
|
87
88
|
</form>
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'hashie/mash'
|
2
|
+
|
3
|
+
module OmniAuth
|
4
|
+
# Generic helper hash that allows method access on deeply nested keys.
|
5
|
+
class KeyStore < ::Hashie::Mash
|
6
|
+
# Disables warnings on Hashie 3.5.0+ for overwritten keys
|
7
|
+
def self.override_logging
|
8
|
+
require 'hashie/version'
|
9
|
+
return unless Gem::Version.new(Hashie::VERSION) >= Gem::Version.new('3.5.0')
|
10
|
+
|
11
|
+
if respond_to?(:disable_warnings)
|
12
|
+
disable_warnings
|
13
|
+
else
|
14
|
+
define_method(:log_built_in_message) { |*| }
|
15
|
+
private :log_built_in_message
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
# Disable on loading of the class
|
20
|
+
override_logging
|
21
|
+
end
|
22
|
+
end
|
data/lib/omniauth/strategy.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
require '
|
1
|
+
require 'omniauth/key_store'
|
2
2
|
|
3
3
|
module OmniAuth
|
4
4
|
class NoSessionError < StandardError; end
|
@@ -14,6 +14,7 @@ module OmniAuth
|
|
14
14
|
base.class_eval do
|
15
15
|
option :setup, false
|
16
16
|
option :skip_info, false
|
17
|
+
option :origin_param, 'origin'
|
17
18
|
end
|
18
19
|
end
|
19
20
|
|
@@ -21,9 +22,9 @@ module OmniAuth
|
|
21
22
|
# Returns an inherited set of default options set at the class-level
|
22
23
|
# for each strategy.
|
23
24
|
def default_options
|
24
|
-
|
25
|
+
# existing = superclass.default_options if superclass.respond_to?(:default_options)
|
25
26
|
existing = superclass.respond_to?(:default_options) ? superclass.default_options : {}
|
26
|
-
@default_options
|
27
|
+
@default_options ||= OmniAuth::Strategy::Options.new(existing)
|
27
28
|
end
|
28
29
|
|
29
30
|
# This allows for more declarative subclassing of strategies by allowing
|
@@ -87,10 +88,13 @@ module OmniAuth
|
|
87
88
|
(instance_variable_defined?(:@args) && @args) || existing
|
88
89
|
end
|
89
90
|
|
90
|
-
%w
|
91
|
-
class_eval <<-RUBY
|
91
|
+
%w[uid info extra credentials].each do |fetcher|
|
92
|
+
class_eval <<-RUBY, __FILE__, __LINE__ + 1
|
93
|
+
attr_reader :#{fetcher}_proc
|
94
|
+
private :#{fetcher}_proc
|
95
|
+
|
92
96
|
def #{fetcher}(&block)
|
93
|
-
return
|
97
|
+
return #{fetcher}_proc unless block_given?
|
94
98
|
@#{fetcher}_proc = block
|
95
99
|
end
|
96
100
|
|
@@ -132,10 +136,11 @@ module OmniAuth
|
|
132
136
|
@options = self.class.default_options.dup
|
133
137
|
|
134
138
|
options.deep_merge!(args.pop) if args.last.is_a?(Hash)
|
135
|
-
options
|
139
|
+
options[:name] ||= self.class.to_s.split('::').last.downcase
|
136
140
|
|
137
141
|
self.class.args.each do |arg|
|
138
142
|
break if args.empty?
|
143
|
+
|
139
144
|
options[arg] = args.shift
|
140
145
|
end
|
141
146
|
|
@@ -175,17 +180,44 @@ module OmniAuth
|
|
175
180
|
raise(error)
|
176
181
|
end
|
177
182
|
|
183
|
+
warn_if_using_get
|
184
|
+
|
178
185
|
@env = env
|
179
186
|
@env['omniauth.strategy'] = self if on_auth_path?
|
180
187
|
|
181
188
|
return mock_call!(env) if OmniAuth.config.test_mode
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
189
|
+
|
190
|
+
begin
|
191
|
+
return options_call if on_auth_path? && options_request?
|
192
|
+
return request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
|
193
|
+
return callback_call if on_callback_path?
|
194
|
+
return other_phase if respond_to?(:other_phase)
|
195
|
+
rescue StandardError => e
|
196
|
+
return fail!(e.message, e)
|
197
|
+
end
|
198
|
+
|
186
199
|
@app.call(env)
|
187
200
|
end
|
188
201
|
|
202
|
+
def warn_if_using_get
|
203
|
+
return unless OmniAuth.config.allowed_request_methods.include?(:get)
|
204
|
+
return if OmniAuth.config.silence_get_warning
|
205
|
+
|
206
|
+
log :warn, <<-WARN
|
207
|
+
You are using GET as an allowed request method for OmniAuth. This may leave
|
208
|
+
you open to CSRF attacks. As of v2.0.0, OmniAuth by default allows only POST
|
209
|
+
to its own routes. You should review the following resources to guide your
|
210
|
+
mitigation:
|
211
|
+
https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
|
212
|
+
https://github.com/omniauth/omniauth/issues/960
|
213
|
+
https://nvd.nist.gov/vuln/detail/CVE-2015-9284
|
214
|
+
https://github.com/omniauth/omniauth/pull/809
|
215
|
+
|
216
|
+
You can ignore this warning by setting:
|
217
|
+
OmniAuth.config.silence_get_warning = true
|
218
|
+
WARN
|
219
|
+
end
|
220
|
+
|
189
221
|
# Responds to an OPTIONS request.
|
190
222
|
def options_call
|
191
223
|
OmniAuth.config.before_options_phase.call(env) if OmniAuth.config.before_options_phase
|
@@ -196,30 +228,39 @@ module OmniAuth
|
|
196
228
|
# Performs the steps necessary to run the request phase of a strategy.
|
197
229
|
def request_call # rubocop:disable CyclomaticComplexity, MethodLength, PerceivedComplexity
|
198
230
|
setup_phase
|
199
|
-
log :
|
231
|
+
log :debug, 'Request phase initiated.'
|
232
|
+
|
200
233
|
# store query params from the request url, extracted in the callback_phase
|
201
234
|
session['omniauth.params'] = request.GET
|
235
|
+
|
236
|
+
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
202
237
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
238
|
+
|
203
239
|
if options.form.respond_to?(:call)
|
204
|
-
log :
|
240
|
+
log :debug, 'Rendering form from supplied Rack endpoint.'
|
205
241
|
options.form.call(env)
|
206
242
|
elsif options.form
|
207
|
-
log :
|
243
|
+
log :debug, 'Rendering form from underlying application.'
|
208
244
|
call_app!
|
245
|
+
elsif !options.origin_param
|
246
|
+
request_phase
|
209
247
|
else
|
210
|
-
if request.params[
|
211
|
-
env['rack.session']['omniauth.origin'] = request.params[
|
248
|
+
if request.params[options.origin_param]
|
249
|
+
env['rack.session']['omniauth.origin'] = request.params[options.origin_param]
|
212
250
|
elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
|
213
251
|
env['rack.session']['omniauth.origin'] = env['HTTP_REFERER']
|
214
252
|
end
|
253
|
+
|
215
254
|
request_phase
|
216
255
|
end
|
256
|
+
rescue OmniAuth::AuthenticityError => e
|
257
|
+
fail!(:authenticity_error, e)
|
217
258
|
end
|
218
259
|
|
219
260
|
# Performs the steps necessary to run the callback phase of a strategy.
|
220
261
|
def callback_call
|
221
262
|
setup_phase
|
222
|
-
log :
|
263
|
+
log :debug, 'Callback phase initiated.'
|
223
264
|
@env['omniauth.origin'] = session.delete('omniauth.origin')
|
224
265
|
@env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
|
225
266
|
@env['omniauth.params'] = session.delete('omniauth.params') || {}
|
@@ -234,8 +275,8 @@ module OmniAuth
|
|
234
275
|
end
|
235
276
|
|
236
277
|
def on_request_path?
|
237
|
-
if options
|
238
|
-
options
|
278
|
+
if options[:request_path].respond_to?(:call)
|
279
|
+
options[:request_path].call(env)
|
239
280
|
else
|
240
281
|
on_path?(request_path)
|
241
282
|
end
|
@@ -257,8 +298,14 @@ module OmniAuth
|
|
257
298
|
# in the event that OmniAuth has been configured to be
|
258
299
|
# in test mode.
|
259
300
|
def mock_call!(*)
|
260
|
-
|
261
|
-
|
301
|
+
begin
|
302
|
+
OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase
|
303
|
+
return mock_request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym)
|
304
|
+
return mock_callback_call if on_callback_path?
|
305
|
+
rescue StandardError => e
|
306
|
+
return fail!(e.message, e)
|
307
|
+
end
|
308
|
+
|
262
309
|
call_app!
|
263
310
|
end
|
264
311
|
|
@@ -267,10 +314,12 @@ module OmniAuth
|
|
267
314
|
|
268
315
|
session['omniauth.params'] = request.GET
|
269
316
|
OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase
|
270
|
-
if
|
271
|
-
|
272
|
-
|
273
|
-
|
317
|
+
if options.origin_param
|
318
|
+
if request.params[options.origin_param]
|
319
|
+
session['omniauth.origin'] = request.params[options.origin_param]
|
320
|
+
elsif env['HTTP_REFERER'] && !env['HTTP_REFERER'].match(/#{request_path}$/)
|
321
|
+
session['omniauth.origin'] = env['HTTP_REFERER']
|
322
|
+
end
|
274
323
|
end
|
275
324
|
|
276
325
|
redirect(callback_url)
|
@@ -280,12 +329,13 @@ module OmniAuth
|
|
280
329
|
setup_phase
|
281
330
|
@env['omniauth.origin'] = session.delete('omniauth.origin')
|
282
331
|
@env['omniauth.origin'] = nil if env['omniauth.origin'] == ''
|
332
|
+
@env['omniauth.params'] = session.delete('omniauth.params') || {}
|
333
|
+
|
283
334
|
mocked_auth = OmniAuth.mock_auth_for(name.to_s)
|
284
335
|
if mocked_auth.is_a?(Symbol)
|
285
336
|
fail!(mocked_auth)
|
286
337
|
else
|
287
338
|
@env['omniauth.auth'] = mocked_auth
|
288
|
-
@env['omniauth.params'] = session.delete('omniauth.params') || {}
|
289
339
|
OmniAuth.config.before_callback_phase.call(@env) if OmniAuth.config.before_callback_phase
|
290
340
|
call_app!
|
291
341
|
end
|
@@ -297,10 +347,10 @@ module OmniAuth
|
|
297
347
|
# underlying application. This will default to `/auth/:provider/setup`.
|
298
348
|
def setup_phase
|
299
349
|
if options[:setup].respond_to?(:call)
|
300
|
-
log :
|
350
|
+
log :debug, 'Setup endpoint detected, running now.'
|
301
351
|
options[:setup].call(env)
|
302
|
-
elsif options
|
303
|
-
log :
|
352
|
+
elsif options[:setup]
|
353
|
+
log :debug, 'Calling through to underlying application for setup.'
|
304
354
|
setup_env = env.merge('PATH_INFO' => setup_path, 'REQUEST_METHOD' => 'GET')
|
305
355
|
call_app!(setup_env)
|
306
356
|
end
|
@@ -330,11 +380,13 @@ module OmniAuth
|
|
330
380
|
end
|
331
381
|
|
332
382
|
def auth_hash
|
333
|
-
|
334
|
-
|
335
|
-
|
336
|
-
|
337
|
-
|
383
|
+
credentials_data = credentials
|
384
|
+
extra_data = extra
|
385
|
+
AuthHash.new(:provider => name, :uid => uid).tap do |auth|
|
386
|
+
auth.info = info unless skip_info?
|
387
|
+
auth.credentials = credentials_data if credentials_data
|
388
|
+
auth.extra = extra_data if extra_data
|
389
|
+
end
|
338
390
|
end
|
339
391
|
|
340
392
|
# Determines whether or not user info should be retrieved. This
|
@@ -349,6 +401,7 @@ module OmniAuth
|
|
349
401
|
def skip_info?
|
350
402
|
return false unless options.skip_info?
|
351
403
|
return true unless options.skip_info.respond_to?(:call)
|
404
|
+
|
352
405
|
options.skip_info.call(uid)
|
353
406
|
end
|
354
407
|
|
@@ -365,6 +418,7 @@ module OmniAuth
|
|
365
418
|
if options[kind].respond_to?(:call)
|
366
419
|
result = options[kind].call(env)
|
367
420
|
return nil unless result.is_a?(String)
|
421
|
+
|
368
422
|
result
|
369
423
|
else
|
370
424
|
options[kind]
|
@@ -372,7 +426,12 @@ module OmniAuth
|
|
372
426
|
end
|
373
427
|
|
374
428
|
def request_path
|
375
|
-
@request_path ||=
|
429
|
+
@request_path ||=
|
430
|
+
if options[:request_path].is_a?(String)
|
431
|
+
options[:request_path]
|
432
|
+
else
|
433
|
+
"#{script_name}#{path_prefix}/#{name}"
|
434
|
+
end
|
376
435
|
end
|
377
436
|
|
378
437
|
def callback_path
|
@@ -380,7 +439,7 @@ module OmniAuth
|
|
380
439
|
path = options[:callback_path] if options[:callback_path].is_a?(String)
|
381
440
|
path ||= current_path if options[:callback_path].respond_to?(:call) && options[:callback_path].call(env)
|
382
441
|
path ||= custom_path(:request_path)
|
383
|
-
path ||= "#{path_prefix}/#{name}/callback"
|
442
|
+
path ||= "#{script_name}#{path_prefix}/#{name}/callback"
|
384
443
|
path
|
385
444
|
end
|
386
445
|
end
|
@@ -389,10 +448,10 @@ module OmniAuth
|
|
389
448
|
options[:setup_path] || "#{path_prefix}/#{name}/setup"
|
390
449
|
end
|
391
450
|
|
392
|
-
CURRENT_PATH_REGEX = %r{/$}
|
451
|
+
CURRENT_PATH_REGEX = %r{/$}.freeze
|
393
452
|
EMPTY_STRING = ''.freeze
|
394
453
|
def current_path
|
395
|
-
@current_path ||= request.
|
454
|
+
@current_path ||= request.path.downcase.sub(CURRENT_PATH_REGEX, EMPTY_STRING)
|
396
455
|
end
|
397
456
|
|
398
457
|
def query_string
|
@@ -424,7 +483,7 @@ module OmniAuth
|
|
424
483
|
end
|
425
484
|
|
426
485
|
def callback_url
|
427
|
-
full_host +
|
486
|
+
full_host + callback_path + query_string
|
428
487
|
end
|
429
488
|
|
430
489
|
def script_name
|
@@ -440,7 +499,7 @@ module OmniAuth
|
|
440
499
|
end
|
441
500
|
|
442
501
|
def name
|
443
|
-
options
|
502
|
+
options[:name]
|
444
503
|
end
|
445
504
|
|
446
505
|
def redirect(uri)
|
@@ -474,16 +533,15 @@ module OmniAuth
|
|
474
533
|
OmniAuth.config.on_failure.call(env)
|
475
534
|
end
|
476
535
|
|
477
|
-
|
478
|
-
super.tap do
|
479
|
-
@options = @options.dup
|
480
|
-
end
|
481
|
-
end
|
482
|
-
|
483
|
-
class Options < Hashie::Mash; end
|
536
|
+
class Options < OmniAuth::KeyStore; end
|
484
537
|
|
485
538
|
protected
|
486
539
|
|
540
|
+
def initialize_copy(*args)
|
541
|
+
super
|
542
|
+
@options = @options.dup
|
543
|
+
end
|
544
|
+
|
487
545
|
def merge_stack(stack)
|
488
546
|
stack.inject({}) do |a, e|
|
489
547
|
a.merge!(e)
|
@@ -10,7 +10,7 @@ module OmniAuth
|
|
10
10
|
# include OmniAuth::Test::StrategyTestCase
|
11
11
|
# def strategy
|
12
12
|
# # return the parameters to a Rack::Builder map call:
|
13
|
-
# [MyStrategy
|
13
|
+
# [MyStrategy, :some, :configuration, :options => 'here']
|
14
14
|
# end
|
15
15
|
# setup do
|
16
16
|
# post '/auth/my_strategy/callback', :user => { 'name' => 'Dylan', 'id' => '445' }
|
data/lib/omniauth/version.rb
CHANGED
data/lib/omniauth.rb
CHANGED
@@ -15,6 +15,7 @@ module OmniAuth
|
|
15
15
|
autoload :Form, 'omniauth/form'
|
16
16
|
autoload :AuthHash, 'omniauth/auth_hash'
|
17
17
|
autoload :FailureEndpoint, 'omniauth/failure_endpoint'
|
18
|
+
autoload :AuthenticityTokenProtection, 'omniauth/authenticity_token_protection'
|
18
19
|
|
19
20
|
def self.strategies
|
20
21
|
@strategies ||= []
|
@@ -29,20 +30,22 @@ module OmniAuth
|
|
29
30
|
logger
|
30
31
|
end
|
31
32
|
|
32
|
-
def self.defaults
|
33
|
+
def self.defaults # rubocop:disable MethodLength
|
33
34
|
@defaults ||= {
|
34
35
|
:camelizations => {},
|
35
36
|
:path_prefix => '/auth',
|
36
37
|
:on_failure => OmniAuth::FailureEndpoint,
|
37
38
|
:failure_raise_out_environments => ['development'],
|
39
|
+
:request_validation_phase => OmniAuth::AuthenticityTokenProtection,
|
38
40
|
:before_request_phase => nil,
|
39
41
|
:before_callback_phase => nil,
|
40
42
|
:before_options_phase => nil,
|
41
43
|
:form_css => Form::DEFAULT_CSS,
|
42
44
|
:test_mode => false,
|
43
45
|
:logger => default_logger,
|
44
|
-
:allowed_request_methods => [
|
45
|
-
:mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})}
|
46
|
+
:allowed_request_methods => %i[post],
|
47
|
+
:mock_auth => {:default => AuthHash.new('provider' => 'default', 'uid' => '1234', 'info' => {'name' => 'Example User'})},
|
48
|
+
:silence_get_warning => false
|
46
49
|
}
|
47
50
|
end
|
48
51
|
|
@@ -74,6 +77,14 @@ module OmniAuth
|
|
74
77
|
end
|
75
78
|
end
|
76
79
|
|
80
|
+
def request_validation_phase(&block)
|
81
|
+
if block_given?
|
82
|
+
@request_validation_phase = block
|
83
|
+
else
|
84
|
+
@request_validation_phase
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
77
88
|
def before_request_phase(&block)
|
78
89
|
if block_given?
|
79
90
|
@before_request_phase = block
|
@@ -111,8 +122,9 @@ module OmniAuth
|
|
111
122
|
camelizations[name.to_s] = camelized.to_s
|
112
123
|
end
|
113
124
|
|
114
|
-
attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase
|
115
|
-
attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css,
|
125
|
+
attr_writer :on_failure, :before_callback_phase, :before_options_phase, :before_request_phase, :request_validation_phase
|
126
|
+
attr_accessor :failure_raise_out_environments, :path_prefix, :allowed_request_methods, :form_css,
|
127
|
+
:test_mode, :mock_auth, :full_host, :camelizations, :logger, :silence_get_warning
|
116
128
|
end
|
117
129
|
|
118
130
|
def self.config
|
@@ -132,7 +144,7 @@ module OmniAuth
|
|
132
144
|
end
|
133
145
|
|
134
146
|
module Utils
|
135
|
-
module_function
|
147
|
+
module_function # rubocop:disable Layout/IndentationWidth
|
136
148
|
|
137
149
|
def form_css
|
138
150
|
"<style type='text/css'>#{OmniAuth.config.form_css}</style>"
|
@@ -141,7 +153,7 @@ module OmniAuth
|
|
141
153
|
def deep_merge(hash, other_hash)
|
142
154
|
target = hash.dup
|
143
155
|
|
144
|
-
other_hash.
|
156
|
+
other_hash.each_key do |key|
|
145
157
|
if other_hash[key].is_a?(::Hash) && hash[key].is_a?(::Hash)
|
146
158
|
target[key] = deep_merge(target[key], other_hash[key])
|
147
159
|
next
|
@@ -159,7 +171,7 @@ module OmniAuth
|
|
159
171
|
if first_letter_in_uppercase
|
160
172
|
word.to_s.gsub(%r{/(.?)}) { '::' + Regexp.last_match[1].upcase }.gsub(/(^|_)(.)/) { Regexp.last_match[2].upcase }
|
161
173
|
else
|
162
|
-
word.
|
174
|
+
camelize(word).tap { |w| w[0] = w[0].downcase }
|
163
175
|
end
|
164
176
|
end
|
165
177
|
end
|
data/omniauth.gemspec
CHANGED
@@ -1,22 +1,25 @@
|
|
1
1
|
# coding: utf-8
|
2
|
+
|
2
3
|
lib = File.expand_path('../lib', __FILE__)
|
3
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
5
|
require 'omniauth/version'
|
5
6
|
|
6
7
|
Gem::Specification.new do |spec|
|
7
|
-
spec.add_dependency 'hashie', ['>=
|
8
|
-
spec.add_dependency 'rack', ['>= 1.
|
9
|
-
spec.add_development_dependency 'bundler', '~>
|
10
|
-
spec.
|
8
|
+
spec.add_dependency 'hashie', ['>= 3.4.6']
|
9
|
+
spec.add_dependency 'rack', ['>= 1.6.2', '< 3']
|
10
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
11
|
+
spec.add_dependency 'rack-protection'
|
12
|
+
spec.add_development_dependency 'rake', '~> 12.0'
|
11
13
|
spec.authors = ['Michael Bleigh', 'Erik Michaels-Ober', 'Tom Milewski']
|
12
14
|
spec.description = 'A generalized Rack framework for multiple-provider authentication.'
|
13
15
|
spec.email = ['michael@intridea.com', 'sferik@gmail.com', 'tmilewski@gmail.com']
|
14
16
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.start_with?('spec/') }
|
15
17
|
spec.homepage = 'https://github.com/omniauth/omniauth'
|
16
|
-
spec.licenses = %w
|
18
|
+
spec.licenses = %w[MIT]
|
17
19
|
spec.name = 'omniauth'
|
18
|
-
spec.require_paths = %w
|
20
|
+
spec.require_paths = %w[lib]
|
19
21
|
spec.required_rubygems_version = '>= 1.3.5'
|
22
|
+
spec.required_ruby_version = '>= 2.2'
|
20
23
|
spec.summary = spec.description
|
21
24
|
spec.version = OmniAuth::VERSION
|
22
25
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Bleigh
|
@@ -10,78 +10,84 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2021-01-11 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: hashie
|
17
17
|
requirement: !ruby/object:Gem::Requirement
|
18
18
|
requirements:
|
19
|
-
- -
|
19
|
+
- - ">="
|
20
20
|
- !ruby/object:Gem::Version
|
21
|
-
version:
|
22
|
-
- - <
|
23
|
-
- !ruby/object:Gem::Version
|
24
|
-
version: '4'
|
21
|
+
version: 3.4.6
|
25
22
|
type: :runtime
|
26
23
|
prerelease: false
|
27
24
|
version_requirements: !ruby/object:Gem::Requirement
|
28
25
|
requirements:
|
29
|
-
- -
|
30
|
-
- !ruby/object:Gem::Version
|
31
|
-
version: '1.2'
|
32
|
-
- - <
|
26
|
+
- - ">="
|
33
27
|
- !ruby/object:Gem::Version
|
34
|
-
version:
|
28
|
+
version: 3.4.6
|
35
29
|
- !ruby/object:Gem::Dependency
|
36
30
|
name: rack
|
37
31
|
requirement: !ruby/object:Gem::Requirement
|
38
32
|
requirements:
|
39
|
-
- -
|
33
|
+
- - ">="
|
40
34
|
- !ruby/object:Gem::Version
|
41
|
-
version:
|
42
|
-
- - <
|
35
|
+
version: 1.6.2
|
36
|
+
- - "<"
|
43
37
|
- !ruby/object:Gem::Version
|
44
38
|
version: '3'
|
45
39
|
type: :runtime
|
46
40
|
prerelease: false
|
47
41
|
version_requirements: !ruby/object:Gem::Requirement
|
48
42
|
requirements:
|
49
|
-
- -
|
43
|
+
- - ">="
|
50
44
|
- !ruby/object:Gem::Version
|
51
|
-
version:
|
52
|
-
- - <
|
45
|
+
version: 1.6.2
|
46
|
+
- - "<"
|
53
47
|
- !ruby/object:Gem::Version
|
54
48
|
version: '3'
|
55
49
|
- !ruby/object:Gem::Dependency
|
56
50
|
name: bundler
|
57
51
|
requirement: !ruby/object:Gem::Requirement
|
58
52
|
requirements:
|
59
|
-
- - ~>
|
53
|
+
- - "~>"
|
60
54
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
55
|
+
version: '2.0'
|
62
56
|
type: :development
|
63
57
|
prerelease: false
|
64
58
|
version_requirements: !ruby/object:Gem::Requirement
|
65
59
|
requirements:
|
66
|
-
- - ~>
|
60
|
+
- - "~>"
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: '2.0'
|
63
|
+
- !ruby/object:Gem::Dependency
|
64
|
+
name: rack-protection
|
65
|
+
requirement: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - ">="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
type: :runtime
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
67
75
|
- !ruby/object:Gem::Version
|
68
|
-
version: '
|
76
|
+
version: '0'
|
69
77
|
- !ruby/object:Gem::Dependency
|
70
78
|
name: rake
|
71
79
|
requirement: !ruby/object:Gem::Requirement
|
72
80
|
requirements:
|
73
|
-
- -
|
81
|
+
- - "~>"
|
74
82
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
76
|
-
MTAuNQ==
|
83
|
+
version: '12.0'
|
77
84
|
type: :development
|
78
85
|
prerelease: false
|
79
86
|
version_requirements: !ruby/object:Gem::Requirement
|
80
87
|
requirements:
|
81
|
-
- -
|
88
|
+
- - "~>"
|
82
89
|
- !ruby/object:Gem::Version
|
83
|
-
version:
|
84
|
-
MTAuNQ==
|
90
|
+
version: '12.0'
|
85
91
|
description: A generalized Rack framework for multiple-provider authentication.
|
86
92
|
email:
|
87
93
|
- michael@intridea.com
|
@@ -91,21 +97,24 @@ executables: []
|
|
91
97
|
extensions: []
|
92
98
|
extra_rdoc_files: []
|
93
99
|
files:
|
94
|
-
- .
|
95
|
-
- .
|
96
|
-
- .
|
97
|
-
- .
|
98
|
-
- .
|
100
|
+
- ".github/ISSUE_TEMPLATE.md"
|
101
|
+
- ".github/workflows/main.yml"
|
102
|
+
- ".gitignore"
|
103
|
+
- ".rspec"
|
104
|
+
- ".rubocop.yml"
|
105
|
+
- ".yardopts"
|
99
106
|
- Gemfile
|
100
107
|
- LICENSE.md
|
101
108
|
- README.md
|
102
109
|
- Rakefile
|
103
110
|
- lib/omniauth.rb
|
104
111
|
- lib/omniauth/auth_hash.rb
|
112
|
+
- lib/omniauth/authenticity_token_protection.rb
|
105
113
|
- lib/omniauth/builder.rb
|
106
114
|
- lib/omniauth/failure_endpoint.rb
|
107
115
|
- lib/omniauth/form.css
|
108
116
|
- lib/omniauth/form.rb
|
117
|
+
- lib/omniauth/key_store.rb
|
109
118
|
- lib/omniauth/strategies/developer.rb
|
110
119
|
- lib/omniauth/strategy.rb
|
111
120
|
- lib/omniauth/test.rb
|
@@ -124,17 +133,16 @@ require_paths:
|
|
124
133
|
- lib
|
125
134
|
required_ruby_version: !ruby/object:Gem::Requirement
|
126
135
|
requirements:
|
127
|
-
- -
|
136
|
+
- - ">="
|
128
137
|
- !ruby/object:Gem::Version
|
129
|
-
version: '
|
138
|
+
version: '2.2'
|
130
139
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
131
140
|
requirements:
|
132
|
-
- -
|
141
|
+
- - ">="
|
133
142
|
- !ruby/object:Gem::Version
|
134
143
|
version: 1.3.5
|
135
144
|
requirements: []
|
136
|
-
|
137
|
-
rubygems_version: 2.5.1
|
145
|
+
rubygems_version: 3.0.0
|
138
146
|
signing_key:
|
139
147
|
specification_version: 4
|
140
148
|
summary: A generalized Rack framework for multiple-provider authentication.
|
data/.travis.yml
DELETED
@@ -1,25 +0,0 @@
|
|
1
|
-
bundler_args: --without development
|
2
|
-
before_install: gem update bundler
|
3
|
-
cache: bundler
|
4
|
-
env:
|
5
|
-
global:
|
6
|
-
- JRUBY_OPTS="$JRUBY_OPTS --debug"
|
7
|
-
language: ruby
|
8
|
-
rvm:
|
9
|
-
- jruby-19mode
|
10
|
-
- jruby-9000
|
11
|
-
- 1.8.7
|
12
|
-
- 1.9.3
|
13
|
-
- 2.0.0
|
14
|
-
- 2.1.10
|
15
|
-
- 2.2.5
|
16
|
-
- 2.3.3
|
17
|
-
- 2.4.0
|
18
|
-
- jruby-head
|
19
|
-
- ruby-head
|
20
|
-
matrix:
|
21
|
-
allow_failures:
|
22
|
-
- rvm: jruby-head
|
23
|
-
- rvm: ruby-head
|
24
|
-
fast_finish: true
|
25
|
-
sudo: false
|