omniauth 2.0.4 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +1 -1
- data/.gitignore +1 -0
- data/Gemfile +7 -8
- data/README.md +83 -47
- data/lib/omniauth/builder.rb +2 -3
- data/lib/omniauth/version.rb +1 -1
- data/omniauth.gemspec +1 -1
- metadata +8 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: df50309ac3b4098a460e7a52f233798a3246cffdfeb2c6f6f60d373b8af8af2c
|
|
4
|
+
data.tar.gz: bf5c53ceadb04c431b88aa17dfe6a11b46475b38bc9d4fa74865e1eb21d27772
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dfd0bb2add456a51a393e672cba45d310f6ab7d2b5aa37c058a7242b8b0dc9b644877596c0a47c9e1c462d1e593516d1474379f103cae0988cced76c37260d4a
|
|
7
|
+
data.tar.gz: 6a0c4302b25339ca10e304ef1fb968e5dd36cb5e6d686499c1b9d5185f9165fef864f54603f385076bf81160980ca532285a00ebdf23de82f3a1bacf95655856
|
data/.github/workflows/main.yml
CHANGED
|
@@ -20,7 +20,7 @@ jobs:
|
|
|
20
20
|
fail-fast: false
|
|
21
21
|
matrix:
|
|
22
22
|
os: [ubuntu, macos]
|
|
23
|
-
ruby: [2.5, 2.6, 2.7, head, debug, truffleruby, truffleruby-head]
|
|
23
|
+
ruby: [2.5, 2.6, 2.7, '3.0', 3.1, head, debug, truffleruby, truffleruby-head]
|
|
24
24
|
steps:
|
|
25
25
|
- uses: actions/checkout@v2
|
|
26
26
|
- name: Set up Ruby
|
data/.gitignore
CHANGED
data/Gemfile
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
source 'https://rubygems.org'
|
|
2
2
|
|
|
3
|
-
gem 'jruby-openssl', '~> 0.10.5', :
|
|
3
|
+
gem 'jruby-openssl', '~> 0.10.5', platforms: :jruby
|
|
4
4
|
gem 'rake', '>= 12.0'
|
|
5
5
|
gem 'yard', '>= 0.9.11'
|
|
6
6
|
|
|
@@ -13,17 +13,16 @@ end
|
|
|
13
13
|
|
|
14
14
|
group :test do
|
|
15
15
|
gem 'coveralls_reborn', '~> 0.19.0', require: false
|
|
16
|
-
gem 'hashie', '>= 3.4.6', '~> 4.0.0', :
|
|
17
|
-
gem 'json', '~> 2.3.0', :
|
|
18
|
-
gem 'mime-types', '~> 3.1', :
|
|
19
|
-
gem 'rack', '>= 2.0.6', :platforms => %i[jruby_18 jruby_19 ruby_19 ruby_20 ruby_21]
|
|
16
|
+
gem 'hashie', '>= 3.4.6', '~> 4.0.0', platforms: [:jruby_18]
|
|
17
|
+
gem 'json', '~> 2.3.0', platforms: %i[jruby_18 jruby_19 ruby_19]
|
|
18
|
+
gem 'mime-types', '~> 3.1', platforms: [:jruby_18]
|
|
20
19
|
gem 'rack-test'
|
|
21
|
-
gem 'rest-client', '~> 2.0.0', :
|
|
20
|
+
gem 'rest-client', '~> 2.0.0', platforms: [:jruby_18]
|
|
22
21
|
gem 'rspec', '~> 3.5'
|
|
23
22
|
gem 'rack-freeze'
|
|
24
|
-
gem 'rubocop', '>= 0.58.2', '< 0.69.0', :
|
|
23
|
+
gem 'rubocop', '>= 0.58.2', '< 0.69.0', platforms: %i[ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]
|
|
25
24
|
gem 'simplecov-lcov'
|
|
26
|
-
gem 'tins', '~> 1.13', :
|
|
25
|
+
gem 'tins', '~> 1.13', platforms: %i[jruby_18 jruby_19 ruby_19]
|
|
27
26
|
end
|
|
28
27
|
|
|
29
28
|
gemspec
|
data/README.md
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
[codeclimate]: https://codeclimate.com/github/omniauth/omniauth
|
|
11
11
|
[coveralls]: https://coveralls.io/r/omniauth/omniauth
|
|
12
12
|
|
|
13
|
-
This is the documentation for
|
|
13
|
+
This is the documentation for our latest release [v2.1.0](https://github.com/omniauth/omniauth/releases/tag/v2.1.0).
|
|
14
14
|
|
|
15
15
|
## An Introduction
|
|
16
16
|
OmniAuth is a library that standardizes multi-provider authentication for
|
|
@@ -83,34 +83,7 @@ environment of a request to `/auth/:provider/callback`. This hash
|
|
|
83
83
|
contains as much information about the user as OmniAuth was able to
|
|
84
84
|
glean from the utilized strategy. You should set up an endpoint in your
|
|
85
85
|
application that matches to the callback URL and then performs whatever
|
|
86
|
-
steps are necessary for your application.
|
|
87
|
-
you would add a line in your `routes.rb` file like this:
|
|
88
|
-
|
|
89
|
-
```ruby
|
|
90
|
-
post '/auth/:provider/callback', to: 'sessions#create'
|
|
91
|
-
```
|
|
92
|
-
|
|
93
|
-
And you might then have a `SessionsController` with code that looks
|
|
94
|
-
something like this:
|
|
95
|
-
|
|
96
|
-
```ruby
|
|
97
|
-
class SessionsController < ApplicationController
|
|
98
|
-
# If you're using a strategy that POSTs during callback, you'll need to skip the authenticity token check for the callback action only.
|
|
99
|
-
skip_before_action :verify_authenticity_token, only: :create
|
|
100
|
-
|
|
101
|
-
def create
|
|
102
|
-
@user = User.find_or_create_from_auth_hash(auth_hash)
|
|
103
|
-
self.current_user = @user
|
|
104
|
-
redirect_to '/'
|
|
105
|
-
end
|
|
106
|
-
|
|
107
|
-
protected
|
|
108
|
-
|
|
109
|
-
def auth_hash
|
|
110
|
-
request.env['omniauth.auth']
|
|
111
|
-
end
|
|
112
|
-
end
|
|
113
|
-
```
|
|
86
|
+
steps are necessary for your application.
|
|
114
87
|
|
|
115
88
|
The `omniauth.auth` key in the environment hash provides an
|
|
116
89
|
Authentication Hash which will contain information about the just
|
|
@@ -124,35 +97,67 @@ environment information on the callback request. It is entirely up to
|
|
|
124
97
|
you how you want to implement the particulars of your application's
|
|
125
98
|
authentication flow.
|
|
126
99
|
|
|
127
|
-
**Please note:** there is currently a CSRF vulnerability which affects OmniAuth (designated [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284)) that requires mitigation at the application level. More details on how to do this can be found on the [Wiki](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284).
|
|
128
100
|
|
|
129
|
-
##
|
|
130
|
-
|
|
101
|
+
## Rails (without Devise)
|
|
102
|
+
To get started, add the following gems
|
|
103
|
+
|
|
104
|
+
**Gemfile**:
|
|
105
|
+
```ruby
|
|
106
|
+
gem 'omniauth'
|
|
107
|
+
gem "omniauth-rails_csrf_protection"
|
|
108
|
+
```
|
|
131
109
|
|
|
132
|
-
|
|
110
|
+
Then insert OmniAuth as a middleware
|
|
133
111
|
|
|
134
|
-
|
|
112
|
+
**config/initializers/omniauth.rb**:
|
|
135
113
|
```ruby
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
114
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
115
|
+
provider :developer if Rails.env.development?
|
|
116
|
+
end
|
|
139
117
|
```
|
|
140
118
|
|
|
141
|
-
|
|
119
|
+
Additional providers can be added here in the future. Next we wire it
|
|
120
|
+
all up using routes, a controller and a login view.
|
|
121
|
+
|
|
122
|
+
**config/routes.rb**:
|
|
123
|
+
|
|
142
124
|
```ruby
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
|
|
125
|
+
get 'auth/:provider/callback', to: 'sessions#create'
|
|
126
|
+
get '/login', to: 'sessions#new'
|
|
146
127
|
```
|
|
147
128
|
|
|
148
|
-
|
|
129
|
+
**app/controllers/sessions_controller.rb**:
|
|
149
130
|
```ruby
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
131
|
+
class SessionsController < ApplicationController
|
|
132
|
+
def new
|
|
133
|
+
render :new
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
def create
|
|
137
|
+
user_info = request.env['omniauth.auth']
|
|
138
|
+
raise user_info # Your own session management should be placed here.
|
|
139
|
+
end
|
|
140
|
+
end
|
|
153
141
|
```
|
|
154
142
|
|
|
155
|
-
|
|
143
|
+
**app/views/sessions/new.html.erb**:
|
|
144
|
+
```erb
|
|
145
|
+
<%= form_tag('/auth/developer', method: 'post', data: {turbo: false}) do %>
|
|
146
|
+
<button type='submit'>Login with Developer</button>
|
|
147
|
+
<% end %>
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
Now if you visit `/login` and click the Login button, you should see the
|
|
151
|
+
OmniAuth developer login screen. After submitting it, you are returned to your
|
|
152
|
+
application at `Sessions#create`. The raise should now display all the Omniauth
|
|
153
|
+
details you have available to integrate it into your own user management.
|
|
154
|
+
|
|
155
|
+
If you want out of the box usermanagement, you should consider using Omniauth
|
|
156
|
+
through Devise. Please visit the [Devise Github page](https://github.com/heartcombo/devise#omniauth)
|
|
157
|
+
for more information.
|
|
158
|
+
|
|
159
|
+
|
|
160
|
+
## Rails API
|
|
156
161
|
The following middleware are (by default) included for session management in
|
|
157
162
|
Rails applications. When using OmniAuth with a Rails API, you'll need to add
|
|
158
163
|
one of these required middleware back in:
|
|
@@ -191,6 +196,33 @@ to `STDOUT` but you can configure this using `OmniAuth.config.logger`:
|
|
|
191
196
|
OmniAuth.config.logger = Rails.logger
|
|
192
197
|
```
|
|
193
198
|
|
|
199
|
+
## Origin Param
|
|
200
|
+
The `origin` url parameter is typically used to inform where a user came from
|
|
201
|
+
and where, should you choose to use it, they'd want to return to.
|
|
202
|
+
Omniauth supports the following settings which can be configured on a provider level:
|
|
203
|
+
|
|
204
|
+
**Default**:
|
|
205
|
+
```ruby
|
|
206
|
+
provider :twitter, ENV['KEY'], ENV['SECRET']
|
|
207
|
+
POST /auth/twitter/?origin=[URL]
|
|
208
|
+
# If the `origin` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
|
|
209
|
+
```
|
|
210
|
+
|
|
211
|
+
**Using a differently named origin parameter**:
|
|
212
|
+
```ruby
|
|
213
|
+
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
|
|
214
|
+
POST /auth/twitter/?return_to=[URL]
|
|
215
|
+
# If the `return_to` parameter is blank, `omniauth.origin` is set to HTTP_REFERER
|
|
216
|
+
```
|
|
217
|
+
|
|
218
|
+
**Disabled**:
|
|
219
|
+
```ruby
|
|
220
|
+
provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
|
|
221
|
+
POST /auth/twitter
|
|
222
|
+
# This means the origin should be handled by your own application.
|
|
223
|
+
# Note that `omniauth.origin` will always be blank.
|
|
224
|
+
```
|
|
225
|
+
|
|
194
226
|
## Resources
|
|
195
227
|
The [OmniAuth Wiki](https://github.com/omniauth/omniauth/wiki) has
|
|
196
228
|
actively maintained in-depth documentation for OmniAuth. It should be
|
|
@@ -201,7 +233,11 @@ OmniAuth, how it works, and how to use it.
|
|
|
201
233
|
|
|
202
234
|
Available as part of the Tidelift Subscription.
|
|
203
235
|
|
|
204
|
-
The maintainers of OmniAuth and thousands of other packages are working with
|
|
236
|
+
The maintainers of OmniAuth and thousands of other packages are working with
|
|
237
|
+
Tidelift to deliver commercial support and maintenance for the open source
|
|
238
|
+
packages you use to build your applications. Save time, reduce risk, and
|
|
239
|
+
improve code health, while paying the maintainers of the exact packages you use.
|
|
240
|
+
[Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
|
|
205
241
|
|
|
206
242
|
## Supported Ruby Versions
|
|
207
243
|
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
|
data/lib/omniauth/builder.rb
CHANGED
|
@@ -26,7 +26,7 @@ module OmniAuth
|
|
|
26
26
|
@options = options
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
def provider(klass, *args, &block)
|
|
29
|
+
def provider(klass, *args, **opts, &block)
|
|
30
30
|
if klass.is_a?(Class)
|
|
31
31
|
middleware = klass
|
|
32
32
|
else
|
|
@@ -37,8 +37,7 @@ module OmniAuth
|
|
|
37
37
|
end
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
-
|
|
41
|
-
use middleware, *args, &block
|
|
40
|
+
use middleware, *args, **options.merge(opts), &block
|
|
42
41
|
end
|
|
43
42
|
|
|
44
43
|
def call(env)
|
data/lib/omniauth/version.rb
CHANGED
data/omniauth.gemspec
CHANGED
|
@@ -6,7 +6,7 @@ require 'omniauth/version'
|
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |spec|
|
|
8
8
|
spec.add_dependency 'hashie', ['>= 3.4.6']
|
|
9
|
-
spec.add_dependency 'rack',
|
|
9
|
+
spec.add_dependency 'rack', '>= 2.2.3'
|
|
10
10
|
spec.add_development_dependency 'bundler', '~> 2.0'
|
|
11
11
|
spec.add_dependency 'rack-protection'
|
|
12
12
|
spec.add_development_dependency 'rake', '~> 12.0'
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Bleigh
|
|
8
8
|
- Erik Michaels-Ober
|
|
9
9
|
- Tom Milewski
|
|
10
|
-
autorequire:
|
|
10
|
+
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2022-04-13 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: hashie
|
|
@@ -32,20 +32,14 @@ dependencies:
|
|
|
32
32
|
requirements:
|
|
33
33
|
- - ">="
|
|
34
34
|
- !ruby/object:Gem::Version
|
|
35
|
-
version:
|
|
36
|
-
- - "<"
|
|
37
|
-
- !ruby/object:Gem::Version
|
|
38
|
-
version: '3'
|
|
35
|
+
version: 2.2.3
|
|
39
36
|
type: :runtime
|
|
40
37
|
prerelease: false
|
|
41
38
|
version_requirements: !ruby/object:Gem::Requirement
|
|
42
39
|
requirements:
|
|
43
40
|
- - ">="
|
|
44
41
|
- !ruby/object:Gem::Version
|
|
45
|
-
version:
|
|
46
|
-
- - "<"
|
|
47
|
-
- !ruby/object:Gem::Version
|
|
48
|
-
version: '3'
|
|
42
|
+
version: 2.2.3
|
|
49
43
|
- !ruby/object:Gem::Dependency
|
|
50
44
|
name: bundler
|
|
51
45
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -129,7 +123,7 @@ homepage: https://github.com/omniauth/omniauth
|
|
|
129
123
|
licenses:
|
|
130
124
|
- MIT
|
|
131
125
|
metadata: {}
|
|
132
|
-
post_install_message:
|
|
126
|
+
post_install_message:
|
|
133
127
|
rdoc_options: []
|
|
134
128
|
require_paths:
|
|
135
129
|
- lib
|
|
@@ -144,8 +138,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
144
138
|
- !ruby/object:Gem::Version
|
|
145
139
|
version: 1.3.5
|
|
146
140
|
requirements: []
|
|
147
|
-
rubygems_version: 3.
|
|
148
|
-
signing_key:
|
|
141
|
+
rubygems_version: 3.2.32
|
|
142
|
+
signing_key:
|
|
149
143
|
specification_version: 4
|
|
150
144
|
summary: A generalized Rack framework for multiple-provider authentication.
|
|
151
145
|
test_files: []
|