ruby_native 0.10.2 → 0.10.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 11134b359aea27fdb4c56dcb1be88afcf67f559c93a20aca5981e8334a3f846a
|
|
4
|
+
data.tar.gz: cf256c05608448a70d7dee2a17a34fe86969092661987f9aac66b2c490836978
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 73e486bafbd03240d4d0afc6f9dc95d255d9e0a10c60318dc2e2dcb7f9cbdb3f8c9f05f518e6cc0efce7828ff61c7fd29443d997a84a28a0cce4cdce0dbe2f3a
|
|
7
|
+
data.tar.gz: 4fca6ff54256e1c6debcd38490471f248cac3b626122727972fc0cb7435c9691d97488c0a8ccdb60805faa3ee04ae83f77744474c5f44c445f5e5eb620ab602e
|
|
@@ -12,7 +12,7 @@ module RubyNative
|
|
|
12
12
|
render json: {
|
|
13
13
|
applinks: {
|
|
14
14
|
details: [
|
|
15
|
-
{ appIDs: [ app_id ], components: [ { "/": "*" } ] }
|
|
15
|
+
{ appIDs: [ app_id ], components: oauth_exclusions + [ { "/": "*" } ] }
|
|
16
16
|
]
|
|
17
17
|
},
|
|
18
18
|
webcredentials: {
|
|
@@ -20,5 +20,22 @@ module RubyNative
|
|
|
20
20
|
}
|
|
21
21
|
}
|
|
22
22
|
end
|
|
23
|
+
|
|
24
|
+
private
|
|
25
|
+
|
|
26
|
+
# OAuth redirects must stay inside ASWebAuthenticationSession. With the
|
|
27
|
+
# catch-all component alone, iOS treats the provider's redirect back to
|
|
28
|
+
# the app's domain (e.g. /users/auth/google_oauth2/callback) as a
|
|
29
|
+
# universal link, breaks out of the auth session, and native sign-in
|
|
30
|
+
# fails. Excluding the configured OAuth paths keeps the OAuth round-trip
|
|
31
|
+
# inside the session. The trailing `*` matches across `/`, so a start
|
|
32
|
+
# path also covers its `/callback` child. Components are evaluated in
|
|
33
|
+
# order and the first match wins, so exclusions go before the catch-all.
|
|
34
|
+
# See https://github.com/ruby-native/gem/issues/59.
|
|
35
|
+
def oauth_exclusions
|
|
36
|
+
Array(RubyNative.config&.dig(:auth, :oauth_paths)).map do |path|
|
|
37
|
+
{ "/": "#{path}*", exclude: true }
|
|
38
|
+
end
|
|
39
|
+
end
|
|
23
40
|
end
|
|
24
41
|
end
|
|
@@ -74,7 +74,8 @@ tabs:
|
|
|
74
74
|
# team_id: ABCD123456
|
|
75
75
|
|
|
76
76
|
# Enable OAuth. Each path triggers a native ASWebAuthenticationSession
|
|
77
|
-
# on iOS instead of an in-app web view.
|
|
77
|
+
# on iOS instead of an in-app web view. List only the authorize path for each
|
|
78
|
+
# provider, not its callback; the callback is handled automatically.
|
|
78
79
|
# https://rubynative.com/docs/oauth
|
|
79
80
|
# auth:
|
|
80
81
|
# oauth_paths:
|
data/lib/ruby_native/version.rb
CHANGED
data/lib/ruby_native.rb
CHANGED
|
@@ -41,6 +41,7 @@ module RubyNative
|
|
|
41
41
|
self.config[:app] ||= {}
|
|
42
42
|
self.config[:app][:entry_path] ||= self.config.dig(:tabs, 0, :path) || "/"
|
|
43
43
|
self.config[:auth] ||= {}
|
|
44
|
+
normalize_oauth_paths
|
|
44
45
|
backfill_tab_icons
|
|
45
46
|
end
|
|
46
47
|
|
|
@@ -57,4 +58,24 @@ module RubyNative
|
|
|
57
58
|
tab[:icon] ||= icons[:ios] || icons[:android]
|
|
58
59
|
end
|
|
59
60
|
end
|
|
61
|
+
|
|
62
|
+
# `auth.oauth_paths` must list only OAuth authorize paths, never their
|
|
63
|
+
# callbacks. The native app treats every listed path as a sign-in trigger and
|
|
64
|
+
# derives the provider from the last path segment, so a callback entry like
|
|
65
|
+
# "/auth/google/callback" would launch a bogus flow for a provider named
|
|
66
|
+
# "callback" and send sign-in into a loop. The callback round-trip is handled
|
|
67
|
+
# automatically by OAuthMiddleware's tracking cookie, so it never needs
|
|
68
|
+
# listing. Drop any entry that is the "/callback" child of another listed
|
|
69
|
+
# path and warn, so a copied-in callback can't break native sign-in.
|
|
70
|
+
def self.normalize_oauth_paths
|
|
71
|
+
paths = Array(self.config.dig(:auth, :oauth_paths))
|
|
72
|
+
callbacks = paths.select { |path| paths.any? { |start| path == "#{start}/callback" } }
|
|
73
|
+
return if callbacks.empty?
|
|
74
|
+
|
|
75
|
+
Rails.logger.warn(
|
|
76
|
+
"[RubyNative] Ignoring OAuth callback path(s) in config/ruby_native.yml " \
|
|
77
|
+
"(#{callbacks.join(", ")}). List only the authorize path; callbacks are handled automatically."
|
|
78
|
+
)
|
|
79
|
+
self.config[:auth][:oauth_paths] = paths - callbacks
|
|
80
|
+
end
|
|
60
81
|
end
|