simple_google_auth 0.0.5 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 17bdbddcd052da79050cd43d146b6ba3070a808d
-  data.tar.gz: 565fffa60eaef47bb69710a1830ee4315e73bf59
+  metadata.gz: b07e9d444f3a69575224aae7742706c4e857fd6b
+  data.tar.gz: 03baf12262054337668111cd951ea4b8e259faa1
 SHA512:
-  metadata.gz: a83902d120549033da2bd08cd155e4f419dd9e512ef9a3a9240a654c3238119b36d9818feacdcdc8fcdd85ed8d2cb22a08e5df4a2fa0d7102c493e2360c85730
-  data.tar.gz: 08e7e440d0c2c27142c7229e1cc88d9a26df65d4ce3ff7d45f3e2195e495a4cef5136c81b08d42cd2acf4517b8cda8b02d73e749c3f04dbf30ff8a3606ae7b23
+  metadata.gz: 2fa8cf9287ed2bff1db2be4b8f347b65bc5ca6031f0b754758d886a8a9439c9ed0e6aa776d3c19f400982134a1b11d761ba97a2ec574386f0331b62125e6617f
+  data.tar.gz: e8f0d7c17256ec5ac1b7dca2a75adb48e9a4a767702044cc2b283ea11a58b9295abbb7d222b2510965b7adfd7af3a0eec2cdbdf4c5b4239d4f926e3c8e68075c

data/README.md

@@ -60,7 +60,6 @@ a different redirect URI.  Just pop them on the end of the file.
       config.redirect_uri = "https://mysite.com/google-callback"
     end
 
-
 ## How do I tell who is logged in?
 
 Call `#google_auth_data` from your controller or view and you'll get the identification hash that Google sends back.
@@ -69,6 +68,39 @@ Call `#google_auth_data` from your controller or view and you'll get the identif
 
 Take a look at https://developers.google.com/accounts/docs/OAuth2Login#obtainuserinfo to find out more about the fields in the hash.
 
+## Refreshing tokens and offline mode
+
+By default simple_google_auth doesn't check the expiry time
+on the credentials after they've been loaded from google the first time.
+This is less hassle if all you want is simple authentication for your site,
+but prevents you from using the credentials for other uses (eg. GCal integration)
+because the oauth tokens will expire and google won't accept them anymore.
+
+If you want the tokens to be refreshed when they expire then you need to
+add an extra line to your config. Doing so will ensure that your
+google auth tokens never get stale and allow you to use offline mode.
+
+    SimpleGoogleAuth.configure do |config|
+      config.refresh_stale_tokens = true
+    end
+
+Whenever the google_auth_data is requested in a controller it will first
+be checked to make sure it's not stale. If it is stale the tokens will be
+refreshed before being returned.
+
+If your users have already allowed your site access to a certain set of scopes
+google won't re-issue you a refresh_token automatically. You'll need to set an
+extra param in the request_parameters configuration hash to force google to
+send you the refresh token every time your users authenticate.
+
+    SimpleGoogleAuth.configure do |config|
+      config.refresh_stale_tokens = true
+      config.request_parameters.merge!({ approval_prompt: "force" })
+    end
+
+For more details on offline mode and approval_prompt refer to the google OAuth docs, as of
+writing you can find them #[here](https://developers.google.com/accounts/docs/OAuth2WebServer).
+
 ## Configuring
 
 There are a few configuration options that can be set using `SimpleGoogleAuth.configure` as in the example above.

data/lib/simple_google_auth.rb

@@ -13,7 +13,8 @@ module SimpleGoogleAuth
     :google_token_url,
     :state_session_key_name,
     :data_session_key_name,
-    :request_parameters
+    :request_parameters,
+    :refresh_stale_tokens
   ) do
     def get_or_call(attribute)
       value = send(attribute)
@@ -26,6 +27,10 @@ module SimpleGoogleAuth
 
   def self.configure
     yield config
+
+    if config.refresh_stale_tokens
+      config.request_parameters.merge!({ access_type: "offline" })
+    end
   end
 
   def self.uri(state)
@@ -51,6 +56,8 @@ SimpleGoogleAuth.configure do |config|
   config.authenticate = lambda { raise "You must define an authenticate lambda that sets the session" }
 end
 
+require 'simple_google_auth/http_client'
+require 'simple_google_auth/oauth'
 require 'simple_google_auth/engine'
 require 'simple_google_auth/controller'
 require 'simple_google_auth/receiver'

data/lib/simple_google_auth/controller.rb

@@ -11,7 +11,36 @@ module SimpleGoogleAuth
     end
 
     def google_auth_data
+      return unless google_auth_data_from_session
+
+      if should_refresh_google_auth_data?
+        refresh_google_auth_data
+      end
+      google_auth_data_from_session
+    end
+
+    private
+
+    def refresh_google_auth_data
+      api = SimpleGoogleAuth::OAuth.new(SimpleGoogleAuth.config)
+
+      auth_data = api.refresh_auth_token!(google_auth_data_from_session["refresh_token"])
+
+      session[SimpleGoogleAuth.config.data_session_key_name] = auth_data
+    end
+
+    def google_auth_data_from_session
       session[SimpleGoogleAuth.config.data_session_key_name]
     end
+
+    def should_refresh_google_auth_data?
+      SimpleGoogleAuth.config.refresh_stale_tokens && google_auth_data_stale?
+    end
+
+    def google_auth_data_stale?
+      expiry_time = google_auth_data_from_session["expires_at"]
+
+      expiry_time.nil? || Time.parse(expiry_time).past?
+    end
   end
 end

data/lib/simple_google_auth/http_client.rb

@@ -0,0 +1,30 @@
+module SimpleGoogleAuth
+  class HttpClient
+    def initialize(url, ca_path)
+      @uri = URI(url)
+      @http = Net::HTTP.new(@uri.host, @uri.port)
+      setup_https(ca_path)
+    end
+
+    def request(params)
+      request = Net::HTTP::Post.new(@uri.request_uri)
+      request.set_form_data(params)
+      response = @http.request(request)
+      response.body
+    end
+
+    private
+    def setup_https(ca_path)
+      if @uri.scheme == "https"
+        @http.use_ssl = true
+        if ca_path
+          @http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          @http.ca_path = ca_path
+        else
+          @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          Rails.logger.warn "SimpleGoogleAuth does not have a ca_path configured; SSL with Google is not protected"
+        end
+      end
+    end
+  end
+end

data/lib/simple_google_auth/oauth.rb

@@ -0,0 +1,51 @@
+module SimpleGoogleAuth
+  class OAuth
+    def initialize(config)
+      @config = config
+      @client = HttpClient.new(@config.google_token_url, @config.ca_path)
+    end
+
+    def exchange_code_for_auth_token!(code)
+      response = @client.request(
+        code: code,
+        grant_type: "authorization_code",
+        client_id: @config.client_id,
+        client_secret: @config.client_secret,
+        redirect_uri: @config.redirect_uri)
+
+      parse_auth_response(response)
+    end
+
+    def refresh_auth_token!(refresh_token)
+      return if refresh_token.blank?
+
+      response = @client.request(
+        refresh_token: refresh_token,
+        client_id: @config.client_id,
+        client_secret: @config.client_secret,
+        grant_type: "refresh_token")
+
+      parse_auth_response(response).merge("refresh_token" => refresh_token)
+    end
+
+    private
+    def parse_auth_response(response)
+      auth_data = JSON.parse(response)
+
+      auth_data["expires_at"] = calculate_expiry(auth_data).to_s
+
+      id_data = decode_id_data(auth_data.delete("id_token"))
+      auth_data.merge!(id_data)
+    end
+
+    def calculate_expiry(auth_data)
+      Time.now + auth_data["expires_in"] - 5.seconds
+    end
+
+    def decode_id_data(id_data)
+      id_data_64 = id_data.split(".")[1]
+      id_data_64 << "=" until id_data_64.length % 4 == 0
+      JSON.parse(Base64.decode64(id_data_64))
+    end
+  end
+end

data/lib/simple_google_auth/receiver.rb

@@ -5,14 +5,14 @@ module SimpleGoogleAuth
     def call(env)
       request = Rack::Request.new(env)
       config = SimpleGoogleAuth.config
-
       ensure_params_are_correct(request, config)
-      auth_data = obtain_authentication_data(request.params["code"], config)
-      id_data = decode_id_data(auth_data.delete("id_token"))
 
-      raise Error, "Authentication failed" unless config.authenticate.call(id_data)
+      api = SimpleGoogleAuth::OAuth.new(config)
+      auth_data = api.exchange_code_for_auth_token!(request.params["code"])
+
+      raise Error, "Authentication failed" unless config.authenticate.call(auth_data)
 
-      request.session[config.data_session_key_name] = id_data.merge(auth_data)
+      request.session[config.data_session_key_name] = auth_data
 
       path = request.session[config.state_session_key_name][32..-1]
       path = "/" if path.blank?
@@ -35,41 +35,5 @@ module SimpleGoogleAuth
         raise Error, "No authentication code returned"
       end
     end
-
-    def obtain_authentication_data(code, config)
-      uri = URI(config.google_token_url)
-
-      http = Net::HTTP.new(uri.host, uri.port)
-      if uri.scheme == "https"
-        http.use_ssl = true
-        if config.ca_path
-          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-          http.ca_path = config.ca_path
-        else
-          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-          Rails.logger.warn "SimpleGoogleAuth does not have a ca_path configured; SSL with Google is not protected"
-        end
-      end
-
-      request = Net::HTTP::Post.new(uri.request_uri)
-      request.set_form_data(
-        code: code,
-        client_id: config.get_or_call(:client_id),
-        client_secret: config.get_or_call(:client_secret),
-        redirect_uri: config.redirect_uri,
-        grant_type: "authorization_code"
-      )
-
-      response = http.request(request)
-      raise Error, "Failed to get an access token" unless response.is_a?(Net::HTTPSuccess)
-
-      JSON.parse(response.body)
-    end
-
-    def decode_id_data(id_data)
-      id_data_64 = id_data.split(".")[1]
-      id_data_64 << "=" until id_data_64.length % 4 == 0
-      JSON.parse(Base64.decode64(id_data_64))
-    end
   end
 end

data/lib/simple_google_auth/version.rb

@@ -1,3 +1,3 @@
 module SimpleGoogleAuth
-  VERSION = "0.0.5"
+  VERSION = "0.0.6"
 end

metadata

@@ -1,27 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: simple_google_auth
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - Roger Nesbitt
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-05 00:00:00.000000000 Z
+date: 2015-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.0
 description: An extremely easy way to protect your site by requiring Google logins
@@ -32,15 +32,17 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- MIT-LICENSE
+- README.md
+- Rakefile
 - config/routes.rb
+- lib/simple_google_auth.rb
 - lib/simple_google_auth/controller.rb
 - lib/simple_google_auth/engine.rb
+- lib/simple_google_auth/http_client.rb
+- lib/simple_google_auth/oauth.rb
 - lib/simple_google_auth/receiver.rb
 - lib/simple_google_auth/version.rb
-- lib/simple_google_auth.rb
-- MIT-LICENSE
-- Rakefile
-- README.md
 homepage: https://github.com/mogest/simple_google_auth
 licenses:
 - MIT
@@ -51,17 +53,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Super simple Google authentication for your Rails site