rodauth-omniauth 0.3.3 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 19c3567386c82344beabaf49bfb59614694fd8fecb212e72583cea29ceed613b
-  data.tar.gz: 7a6b4e6cac612f61c07e11163e98be55ff0d4ab0d0a7815f2a156c0a4bc51577
+  metadata.gz: 21b889e9c675d3fd02f65444f581e44965cb84982dd136fb912a5c9e6fb67c8c
+  data.tar.gz: 12a5f50598b671065998b012b9c54997dffa225d5d208d0a25ea90a48bfe3e8b
 SHA512:
-  metadata.gz: bf3cb6c85645361488496d881dc10f35b09ea088a22b340264b7a1b5d42009af0b08f9783e850e04fffcaf2541685755d8cb6fa87ce2c8202016c2478a7e4c61
-  data.tar.gz: ebb120c5a3c61935f8c230f9418f977fafeb693af0180805d1103c22d93308dc763253f476575c5b48b2dee157fef30b500443a8f8becfe23b78e665c92e0984
+  metadata.gz: f54a94233c789532139f2e07173e5162209674cf8f90c441df0e603b49b5840b4edad89a0b2e7f9a48c25856ba2d64c9dfed31ff6e61ad219d1ee2725a0d8c03
+  data.tar.gz: c7d3c6db0088e544890cf7be482038d6c9f52c42a95082a5cc5d5bc1ba2dcf92ec7614d6c23b793f1814ac4ffb1272d280d67c527d023d1d437705a5383b608d

data/README.md

@@ -71,11 +71,18 @@ You can now add authentication links to your login form:
 Assuming you configured the providers correctly, you should now be able to authenticate via an external provider. The `omniauth` feature handles the callback request, automatically creating new identities and verified accounts from those identities as needed.
 
 ```rb
-DB[:accounts].all
-#=> [{ id: 123, status_id: 2, email: "user@example.com" }]
-DB[:account_identities].all
-#=> [{ id: 456, account_id: 123, provider: "facebook", uid: "984346198764" },
-#    { id: 789, account_id: 123, provider: "google", uid: "5871623487134"}]
+Account.all
+#=> [#<Account @values={ id: 123, status_id: 2, email: "user@example.com" }>]
+Account::Identity.all
+#=> [#<Account::Identity @values={ id: 456, account_id: 123, provider: "facebook", uid: "984346198764" }>,
+#    #<Account::Identity @values={ id: 789, account_id: 123, provider: "google", uid: "5871623487134"}>]
+```
+
+The example above assumes you're using [rodauth-model] (automatically setup with [rodauth-rails]), which will define `Account::Identity` model for the `account_identities` table, along with the `identities` association on the `Account` model.
+
+```rb
+account = Account.first
+account.identities #=> [#<Account::Identity ...>, ...]
 ```
 
 Currently, provider login is required to return the user's email address, and account creation is assumed not to require additional fields that need to be entered manually. There is currently also no built-in functionality for connecting/removing external identities when signed in. Both features are planned for future versions.
@@ -100,7 +107,17 @@ end
 account_from_omniauth {} # disable finding existing accounts for new identities
 ```
 
-If the account associated to the external identity exists and is unverified (e.g. it was created through normal registration), the callback phase will return an error response, as only verified accounts can be logged into. You can change the default error flash and redirect location in this case:
+#### Account verification
+
+If the account associated to the external identity exists and is unverified (e.g. it was created through normal registration), the callback phase will automatically verify the account and login, assuming the `verify_account` feature is enabled and external email is the same.
+
+If you wish to disallow OmniAuth login into unverified accounts, set the following:
+
+```rb
+omniauth_verify_account? false
+```
+
+You can change the default error flash and redirect location in this case:
 
 ```rb
 omniauth_login_unverified_account_error_flash "The account matching the external identity is currently awaiting verification"
@@ -166,25 +183,6 @@ omniauth_identities_provider_column :provider
 omniauth_identities_uid_column :uid
 ```
 
-### Model associations
-
-When using the [rodauth-model] gem, an `identities` one-to-many association will be defined on the account model:
-
-```rb
-require "rodauth/model"
-
-class Account < Sequel::Model
-  include Rodauth::Model(RodauthApp.rodauth)
-end
-```
-```rb
-Account.first.identities #=>
-# [
-#   #<Account::Identity id=123 provider="facebook" uid="987434628">,
-#   #<Account::Identity id=456 provider="google" uid="274673644">
-# ]
-```
-
 ## Base
 
 The `omniauth` feature builds on top of the `omniauth_base` feature, which sets up OmniAuth and routes its requests, but has no interaction with the database. So, if you would prefer to handle external logins differently, you can load just the `omniauth_base` feature, and implement your own callback phase.
@@ -422,4 +420,5 @@ Everyone interacting in the rodauth-omniauth project's codebases, issue trackers
 [Rodauth]: https://github.com/jeremyevans/rodauth
 [OmniAuth]: https://github.com/omniauth/omniauth
 [rodauth-model]: https://github.com/janko/rodauth-model
+[rodauth-rails]: https://github.com/janko/rodauth-rails
 [omniauth-oauth2]: https://github.com/omniauth/omniauth-oauth2

data/lib/rodauth/features/omniauth.rb

@@ -20,6 +20,10 @@ module Rodauth
     auth_value_method :omniauth_identities_provider_column, :provider
     auth_value_method :omniauth_identities_uid_column, :uid
 
+    auth_value_methods(
+      :omniauth_verify_account?,
+    )
+
     auth_methods(
       :create_omniauth_identity,
       :omniauth_identity_insert_hash,
@@ -38,7 +42,7 @@ module Rodauth
 
     def route_omniauth!
       result = super
-      handle_omniauth_callback if omniauth_request?
+      handle_omniauth_callback if omniauth_strategy&.on_callback_path?
       result
     end
 
@@ -62,9 +66,13 @@ module Rodauth
       end
 
       if account && !open_account?
-        set_response_error_reason_status(:unverified_account, unopen_account_error_status)
-        set_redirect_error_flash omniauth_login_unverified_account_error_flash
-        redirect omniauth_login_failure_redirect
+        if omniauth_verify_account?
+          omniauth_verify_account
+        else
+          set_response_error_reason_status(:unverified_account, unopen_account_error_status)
+          set_redirect_error_flash omniauth_login_unverified_account_error_flash
+          redirect omniauth_login_failure_redirect
+        end
       end
 
       transaction do
@@ -133,6 +141,17 @@ module Rodauth
 
     attr_reader :omniauth_identity
 
+    def omniauth_verify_account?
+      features.include?(:verify_account) && account[login_column] == omniauth_email
+    end
+
+    def omniauth_verify_account
+      transaction do
+        verify_account
+        remove_verify_account_key
+      end
+    end
+
     def _omniauth_new_account(login)
       acc = { login_column => login }
       unless skip_status_checks?

data/lib/rodauth/features/omniauth_base.rb

@@ -66,19 +66,19 @@ module Rodauth
 
     %w[email name].each do |info_key|
       define_method(:"omniauth_#{info_key}") do
-        omniauth_info[info_key]
+        omniauth_info[info_key] if omniauth_info
       end
     end
 
     %w[provider uid info credentials extra].each do |auth_key|
       define_method(:"omniauth_#{auth_key}") do
-        omniauth_auth.fetch(auth_key)
+        omniauth_auth[auth_key] if omniauth_auth
       end
     end
 
     %w[auth params strategy origin error error_type error_strategy].each do |data|
       define_method(:"omniauth_#{data}") do
-        request.env.fetch("omniauth.#{data.tr("_", ".")}")
+        request.env["omniauth.#{data.tr("_", ".")}"]
       end
     end
 
@@ -166,12 +166,13 @@ module Rodauth
     # Makes OmniAuth strategies use the JWT session hash.
     def set_omniauth_jwt_session
       rack_session = request.env["rack.session"]
-      session.keys.each { |k| session[k.to_s] = session.delete(k) } unless scope.opts[:sessions_convert_symbols]
+      session.transform_keys!(&:to_s) unless scope.opts[:sessions_convert_symbols]
       request.env["rack.session"] = session
       yield
     ensure
-      session.keys.each { |k| session[k.to_sym] = session.delete(k) } unless scope.opts[:sessions_convert_symbols]
-      request.env["rack.session"] = rack_session
+      session.transform_keys!(&:to_sym) unless scope.opts[:sessions_convert_symbols]
+      request.env.delete("rack.session")
+      request.env["rack.session"] = rack_session if rack_session
     end
 
     # Makes the Rodauth instance accessible inside OmniAuth strategies
@@ -193,10 +194,6 @@ module Rodauth
       end
     end
 
-    def omniauth_request?
-      request.env.key?("omniauth.strategy")
-    end
-
     def self.included(auth)
       auth.extend ClassMethods
       auth.instance_variable_set(:@omniauth_providers, [])

data/rodauth-omniauth.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = "rodauth-omniauth"
-  spec.version       = "0.3.3"
+  spec.version       = "0.4.0"
   spec.authors       = ["Janko Marohnić"]
   spec.email         = ["janko@hey.com"]
 
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/janko/rodauth-omniauth"
   spec.license       = "MIT"
 
-  spec.required_ruby_version = ">= 2.3"
+  spec.required_ruby_version = ">= 2.5"
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-omniauth
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.4.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-14 00:00:00.000000000 Z
+date: 2024-09-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rodauth
@@ -205,14 +205,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.7
+rubygems_version: 3.5.11
 signing_key:
 specification_version: 4
 summary: Rodauth extension for logging in and creating account via OmniAuth authentication.