scavin-weibo-oauth2 0.5.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: '083f92de3768df8a8d555578e960323c4d9703eb3b4fcbd8de6305de8c701269'
+  data.tar.gz: 5260aa704d6ace7722c2332cf8912a61926528c80064ffc3ab834d532d0d95a7
+SHA512:
+  metadata.gz: 6aeebccf9159930199f3168c301499e8889433f5ffd0ba6b7b826a6cbd4d3c277154d9c61c9235245ca63354ee776fe781913a44f5d4fc651515595aea86c853
+  data.tar.gz: 22c81db39c2d89f43ac2e3f6e0b231df40c817a2f5cd3b4d0c4eb2b15fe1a10fc17c47e6867617d9326cf8677cc8e35a46f624143f8c68d8ddb6db848640eb82

data/.gitignore

@@ -0,0 +1,4 @@
+.bundle
+*.swp
+.gem
+Gemfile.lock

data/.travis.yml

@@ -0,0 +1,5 @@
+before_install:
+  - gem update --system 2.1.11
+language: ruby
+rvm:
+  - "2.4.1"

data/Gemfile

@@ -0,0 +1,13 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-weibo-oauth2.gemspec
+gemspec
+
+group :development, :test do
+  gem 'guard'
+  gem 'guard-rspec'
+  gem 'guard-bundler'
+  gem 'rb-fsevent'
+  gem 'growl'
+  gem 'rake'
+end

data/LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2012-2017 Bin He
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,121 @@
+# Status
+[![Gem Version](https://img.shields.io/gem/v/omniauth-weibo-oauth2.svg)][gem]
+[![Security Check](https://hakiri.io/github/beenhero/omniauth-weibo-oauth2/master.svg)][security]
+[![Percentage of issues still open](https://isitmaintained.com/badge/open/beenhero/omniauth-weibo-oauth2.svg)][OpenIssues]
+[![Average time to resolve an issue](https://isitmaintained.com/badge/resolution/beenhero/omniauth-weibo-oauth2.svg)][IssueResolution]
+[![Build Status](https://travis-ci.org/NeverMin/omniauth-weibo-oauth2.svg?branch=master)][travis]
+
+[gem]: https://rubygems.org/gems/omniauth-weibo-oauth2
+[security]: https://hakiri.io/github/beenhero/omniauth-weibo-oauth2/master
+[OpenIssues]: https://isitmaintained.com/project/beenhero/omniauth-weibo-oauth2
+[IssueResolution]: https://isitmaintained.com/project/beenhero/omniauth-weibo-oauth2
+[travis]: https://travis-ci.org/NeverMin/omniauth-weibo-oauth2
+
+
+
+# OmniAuth Weibo OAuth2
+
+Weibo OAuth2 Strategy for OmniAuth 1.0.
+
+Read Weibo OAuth2 docs for more details: https://open.weibo.com/wiki/授权机制
+
+## Security
+
+- CVE-2019-17268 [Issue #36](https://github.com/beenhero/omniauth-weibo-oauth2/issues/36)
+
+## Installing
+
+Add to your `Gemfile`:
+
+```ruby
+gem 'omniauth-weibo-oauth2'
+```
+
+Then `bundle install`.
+
+Or install it yourself as:
+
+    $ gem install omniauth-weibo-oauth2
+
+## Usage
+
+`OmniAuth::Strategies::Weibo` is simply a Rack middleware. Read the OmniAuth 1.0 docs for detailed instructions: https://github.com/intridea/omniauth.
+
+Here's a quick example, adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :weibo, ENV['WEIBO_KEY'], ENV['WEIBO_SECRET']
+end
+```
+## Configuration
+
+you can set up redirect_uri in `omniauth.rb` as following:
+
+```ruby
+provider :weibo, ENV['WEIBO_KEY'], ENV['WEIBO_SECRET'],
+         token_params: {redirect_uri: "http://127.0.0.1:3000/auth/weibo/callback" }
+```
+
+## Authentication Option
+* **image_size**: This option defines the size of the user's image in *Authentication Hash* (info['image']). Valid options include `small` (30x30), `middle` (50x50), `large` (180x180) and `original` (the size of the image originally uploaded). Default is `middle`.
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :weibo, ENV['WEIBO_KEY'], ENV['WEIBO_SECRET'], :image_size => 'original'
+end
+```
+
+## Authentication Hash
+
+Here's an example *Authentication Hash* available in `request.env['omniauth.auth']`:
+
+```ruby
+{
+  :provider => 'weibo',
+  :uid => '1234567890',
+  :info => {
+    :nickname => 'beenhero',
+    :name => 'beenhero',
+    :location => '浙江 杭州',
+    :image => 'http://tp4.sinaimg.cn/1640099215/50/1287016234/1',
+    :description => '移步twitter@beenhero',
+    :urls => {  :Blog => 'http://beenhero.com'
+                :Weibo => 'http://weibo.com/beenhero'
+    },
+  },
+  :credentials => {
+    :token => '2.00JjgzmBd7F...', # OAuth 2.0 access_token, which you may wish to store
+    :expires_at => 1331780640, # when the access token expires (if it expires)
+    :expires => true # if you request `offline_access` this will be false
+  },
+  :extra => {
+    :raw_info => {
+      ... # data from /2/users/show.json, check by yourself
+    }
+  }
+}
+```
+*PS.* Built and tested on MRI Ruby 2.4.2
+
+## Build&pulish gem
+```
+gem build omniauth-weibo-oauth2.gemspec
+```
+
+```
+gem push omniauth-weibo-oauth2-VERSION.gem
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## License
+Copyright (c) 2012-2017 by Bin He, See [LICENSE][] for details.
+
+[license]: LICENSE.md

data/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+require File.join('bundler', 'gem_tasks')
+require File.join('rspec', 'core', 'rake_task')
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/omniauth/strategies/weibo.rb

@@ -0,0 +1,136 @@
+require "omniauth-oauth2"
+
+module OmniAuth
+  module Strategies
+    class Weibo < OmniAuth::Strategies::OAuth2
+      option :client_options, {
+        :site           => "https://api.weibo.com",
+        :authorize_url  => "/oauth2/authorize",
+        :token_url      => "/oauth2/access_token",
+        :token_method => :post
+      }
+      option :token_params, {
+        :parse          => :json
+      }
+
+      uid do
+        raw_info['id']
+      end
+
+      info do
+        {
+          :nickname     => raw_info['screen_name'],
+          :name         => raw_info['name'],
+          :location     => raw_info['location'],
+          :image        => image_url,
+          :description  => raw_info['description'],
+          :urls => {
+            'Blog'      => raw_info['url'],
+            'Weibo'     => raw_info['domain'].empty? ? "https://weibo.com/u/#{raw_info['id']}" : "https://weibo.com/#{raw_info['domain']}",
+          }
+        }
+      end
+
+      extra do
+        {
+          :raw_info => raw_info
+        }
+      end
+
+      def callback_url
+        token_params_redirect || (full_host + script_name + callback_path)
+      end
+
+      def token_params_redirect
+        token_params['redirect_uri'] || token_params[:redirect_uri]
+      end
+
+      def raw_info
+        access_token.options[:mode] = :query
+        access_token.options[:param_name] = 'access_token'
+        @uid ||= access_token.get('/2/account/get_uid.json').parsed["uid"]
+        @raw_info ||= access_token.get("/2/users/show.json", :params => {:uid => @uid}).parsed
+      end
+
+      def find_image
+        raw_info[%w(avatar_hd avatar_large profile_image_url).find { |e| raw_info[e].present? }]
+      end
+
+      #url:                 option:   size:
+      #avatar_hd            original  original_size
+      #avatar_large         large     180x180
+      #profile_image_url    middle    50x50
+      #                     small     30x30
+      #default is middle
+      def image_url
+        image_size = options[:image_size] || :middle
+        case image_size.to_sym
+        when :original
+          url = raw_info['avatar_hd']
+        when :large
+          url = raw_info['avatar_large']
+        when :small
+          url = raw_info['avatar_large'].sub('/180/','/30/')
+        else
+          url = raw_info['profile_image_url']
+        end
+      end
+
+      ##
+      # You can pass +display+, +with_offical_account+ or +state+ params to the auth request, if
+      # you need to set them dynamically. You can also set these options
+      # in the OmniAuth config :authorize_params option.
+      #
+      # /auth/weibo?display=mobile&with_offical_account=1
+      #
+      def authorize_params
+        super.tap do |params|
+          %w[display with_offical_account forcelogin].each do |v|
+            if request.params[v]
+              params[v.to_sym] = request.params[v]
+            end
+          end
+          # Ensure state parameter is properly set for CSRF protection
+          session['omniauth.state'] = params[:state] = SecureRandom.hex(24)
+        end
+      end
+
+      def request_phase
+        if request.request_method != 'POST' && !OmniAuth.config.silence_get_warning
+          raise OmniAuth::NoSessionError.new("HTTP GET is not allowed for OmniAuth requests. See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284")
+        end
+        super
+      end
+
+      protected
+      def build_access_token
+        params = {
+          'client_id'     => client.id,
+          'client_secret' => client.secret,
+          'code'          => request.params['code'],
+          'grant_type'    => 'authorization_code',
+          'redirect_uri'  => callback_url
+          }.merge(token_params.to_hash(symbolize_keys: true))
+        begin
+          client.get_token(params, deep_symbolize(options.token_params))
+        rescue ::OAuth2::Error => e
+          raise OmniAuth::Strategies::OAuth2::Error.new(e)
+        rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
+          raise OmniAuth::Strategies::OAuth2::Error.new(e)
+        end
+      end
+
+      def callback_phase
+        super
+      rescue ::OAuth2::Error => e
+        fail!(:invalid_credentials, e)
+      rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
+        fail!(:timeout, e)
+      rescue ::SocketError => e
+        fail!(:failed_to_connect, e)
+      end
+    end
+  end
+end
+
+OmniAuth.config.add_camelization "weibo", "Weibo"

data/lib/omniauth/strategies/weibo_post_middleware.rb

@@ -0,0 +1,21 @@
+module OmniAuth
+  module Strategies
+    class WeiboPostMiddleware
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        # 检查是否是认证请求
+        if env['PATH_INFO'] =~ /\/auth\/weibo(\/callback)?/
+          # 如果是 GET 请求，将其转换为 POST 请求
+          if env['REQUEST_METHOD'] == 'GET'
+            env['REQUEST_METHOD'] = 'POST'
+          end
+        end
+
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/omniauth-weibo-oauth2/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module WeiboOauth2
+    VERSION = "0.5.3"
+  end
+end

data/lib/omniauth-weibo-oauth2.rb

@@ -0,0 +1,2 @@
+require "omniauth-weibo-oauth2/version"
+require 'omniauth/strategies/weibo'

data/scavin-weibo-oauth2.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/omniauth-weibo-oauth2/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = "Scavin"
+  gem.email         = "contact@appinn.com"
+  gem.description   = %q{OmniAuth Oauth2 strategy for weibo.com.2025}
+  gem.summary       = %q{OmniAuth Oauth2 strategy for weibo.com.}
+  gem.homepage      = "https://github.com/scavin/omniauth-weibo-oauth2"
+  gem.license       = "MIT"
+  
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "scavin-weibo-oauth2"
+  gem.require_paths = ["lib"]
+  gem.version       = OmniAuth::WeiboOauth2::VERSION
+
+  gem.add_dependency 'omniauth', '~> 2.0'
+  gem.add_dependency 'omniauth-oauth2', '~> 1.4', '>= 1.4.0'
+end

metadata

@@ -0,0 +1,88 @@
+--- !ruby/object:Gem::Specification
+name: scavin-weibo-oauth2
+version: !ruby/object:Gem::Version
+  version: 0.5.3
+platform: ruby
+authors:
+- Scavin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2025-02-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+description: OmniAuth Oauth2 strategy for weibo.com.2025
+email: contact@appinn.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.md
+- README.md
+- Rakefile
+- lib/omniauth-weibo-oauth2.rb
+- lib/omniauth-weibo-oauth2/version.rb
+- lib/omniauth/.DS_Store
+- lib/omniauth/strategies/weibo.rb
+- lib/omniauth/strategies/weibo_post_middleware.rb
+- scavin-weibo-oauth2.gemspec
+homepage: https://github.com/scavin/omniauth-weibo-oauth2
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key: 
+specification_version: 4
+summary: OmniAuth Oauth2 strategy for weibo.com.
+test_files: []