simple_google_auth 0.2.1 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/MIT-LICENSE +2 -1
- data/README.md +6 -0
- data/Rakefile +8 -1
- data/lib/simple_google_auth.rb +2 -0
- data/lib/simple_google_auth/config.rb +15 -3
- data/lib/simple_google_auth/controller.rb +1 -1
- data/lib/simple_google_auth/engine.rb +4 -2
- data/lib/simple_google_auth/receiver.rb +1 -1
- data/lib/simple_google_auth/version.rb +1 -1
- data/spec/simple_google_auth/config_spec.rb +16 -0
- data/spec/simple_google_auth/controller_spec.rb +3 -2
- data/spec/simple_google_auth/receiver_spec.rb +4 -0
- metadata +12 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 8dd8d1cf6e697eb5d635b3118923e4f916ca5de03847c78143fb7ce8ece9c8c5
|
|
4
|
+
data.tar.gz: 61cf025ca623785b3c150f79c5035eabd5b4606e5e95f47a48affd0bc090d790
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1c4a1060d4eda6cc1bdf1acc2609e40766019254c8165d756495bb145b253f3bec4ab769a69656ac6f0af46ec93330491527da2a2611ad86bead167fa381243b
|
|
7
|
+
data.tar.gz: 870f90edbed191d998ffb364cf474a40776c436ea4ec8c25b33c5f27881edfa3c60f6f86d2e07981c362112658b9d1548155898daa1ab3eda495dcb82e0513d5
|
data/MIT-LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -122,14 +122,20 @@ data_session_key_name | `"simple-google-auth.data"` | The name of the session va
|
|
|
122
122
|
request_parameters | `{scope: "openid email"}` | Parameters to use when requesting a login from Google
|
|
123
123
|
open_timeout | `15` | The maximum time, in seconds, to wait connecting to Google before giving up
|
|
124
124
|
read_timeout | `15` | The maximum time, in seconds, to wait for a response from Google before giving up
|
|
125
|
+
authentication_uri_state_builder | ->(request) { SecureRandom.hex + request.path } | The lambda used to create the state param for the oauth uri.
|
|
126
|
+
authentication_uri_state_path_extractor | ->(state) { state[32..-1] } | The lambda used to extract the request path from the state param.
|
|
125
127
|
|
|
126
128
|
Items marked with * may be a lambda, which will be called when that config item is required.
|
|
127
129
|
|
|
130
|
+
Note that when customising the oauth uri state param, you will need to configure both authentication_uri_state_builder and authentication_uri_state_path_extractor. The builder must include the request path when creating the state param, otherwise simple_google_auth will always redirect back to '/'. This feature can be used to encode other information into the state parameter.
|
|
131
|
+
|
|
128
132
|
## Licence
|
|
129
133
|
|
|
130
134
|
MIT. Copyright 2014-2016 Roger Nesbitt, Powershop New Zealand Limited.
|
|
135
|
+
MIT. Copyright 2020 Flux Federation Ltd
|
|
131
136
|
|
|
132
137
|
## Authors and contributors
|
|
133
138
|
|
|
134
139
|
- Roger Nesbitt
|
|
135
140
|
- Andy Newport
|
|
141
|
+
- Flux Federation
|
data/Rakefile
CHANGED
|
@@ -14,7 +14,14 @@ RDoc::Task.new(:rdoc) do |rdoc|
|
|
|
14
14
|
rdoc.rdoc_files.include('lib/**/*.rb')
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
+
Bundler::GemHelper.install_tasks
|
|
17
18
|
|
|
19
|
+
begin
|
|
20
|
+
require 'rspec/core/rake_task'
|
|
18
21
|
|
|
22
|
+
RSpec::Core::RakeTask.new(:spec)
|
|
19
23
|
|
|
20
|
-
|
|
24
|
+
task :default => :spec
|
|
25
|
+
rescue LoadError
|
|
26
|
+
# no rspec available
|
|
27
|
+
end
|
data/lib/simple_google_auth.rb
CHANGED
|
@@ -36,4 +36,6 @@ SimpleGoogleAuth.configure do |config|
|
|
|
36
36
|
config.authenticate = lambda {|data| raise "You must define an authenticate lambda that determines whether a user should be allowed access or not"}
|
|
37
37
|
config.open_timeout = SimpleGoogleAuth::HttpClient::DEFAULT_OPEN_TIMEOUT
|
|
38
38
|
config.read_timeout = SimpleGoogleAuth::HttpClient::DEFAULT_READ_TIMEOUT
|
|
39
|
+
config.authentication_uri_state_builder = ->(request) { SecureRandom.hex + request.path }
|
|
40
|
+
config.authentication_uri_state_path_extractor = ->(state) { state[32..-1] }
|
|
39
41
|
end
|
|
@@ -14,6 +14,8 @@ module SimpleGoogleAuth
|
|
|
14
14
|
:refresh_stale_tokens,
|
|
15
15
|
:open_timeout,
|
|
16
16
|
:read_timeout,
|
|
17
|
+
:authentication_uri_state_builder,
|
|
18
|
+
:authentication_uri_state_path_extractor,
|
|
17
19
|
]
|
|
18
20
|
|
|
19
21
|
class Config < Struct.new(*config_fields)
|
|
@@ -30,9 +32,19 @@ module SimpleGoogleAuth
|
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
def authenticate=(value)
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
35
|
+
raise Error, "Your SimpleGoogleAuth authenticator must be an object that responds to :call, normally a lambda. See documentation for configuration details." unless value.respond_to?(:call)
|
|
36
|
+
|
|
37
|
+
super
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def authentication_uri_state_builder=(value)
|
|
41
|
+
raise Error, "Your SimpleGoogleAuth authentication_uri_state_builder must be an object that responds to :call, normally a lambda. See documentation for configuration details." unless value.respond_to?(:call)
|
|
42
|
+
|
|
43
|
+
super
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def authentication_uri_state_path_extractor=(value)
|
|
47
|
+
raise Error, "Your SimpleGoogleAuth authentication_uri_state_path_extractor must be an object that responds to :call, normally a lambda. See documentation for configuration details." unless value.respond_to?(:call)
|
|
36
48
|
|
|
37
49
|
super
|
|
38
50
|
end
|
|
@@ -7,7 +7,7 @@ module SimpleGoogleAuth
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def google_authentication_uri
|
|
10
|
-
state = session[SimpleGoogleAuth.config.state_session_key_name] =
|
|
10
|
+
state = session[SimpleGoogleAuth.config.state_session_key_name] = SimpleGoogleAuth.config.authentication_uri_state_builder.call(request)
|
|
11
11
|
SimpleGoogleAuth::AuthorizationUriBuilder.new(state).uri
|
|
12
12
|
end
|
|
13
13
|
|
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
module SimpleGoogleAuth
|
|
2
2
|
class Engine < ::Rails::Engine
|
|
3
3
|
initializer "simple_google_auth.load_helpers" do
|
|
4
|
-
|
|
5
|
-
|
|
4
|
+
ActiveSupport.on_load(:action_controller) do
|
|
5
|
+
ActionController::Base.include(SimpleGoogleAuth::Controller)
|
|
6
|
+
ActionController::Base.helper_method(:google_auth_data)
|
|
7
|
+
end
|
|
6
8
|
end
|
|
7
9
|
end
|
|
8
10
|
end
|
|
@@ -13,7 +13,7 @@ module SimpleGoogleAuth
|
|
|
13
13
|
|
|
14
14
|
request.session[config.data_session_key_name] = auth_data
|
|
15
15
|
|
|
16
|
-
path = request.session[config.state_session_key_name]
|
|
16
|
+
path = config.authentication_uri_state_path_extractor.call(request.session[config.state_session_key_name])
|
|
17
17
|
path = "/" if path.blank?
|
|
18
18
|
[302, {"Location" => path}, [" "]]
|
|
19
19
|
|
|
@@ -36,4 +36,20 @@ describe SimpleGoogleAuth::Config do
|
|
|
36
36
|
subject.ca_path = "/etc/certs"
|
|
37
37
|
end
|
|
38
38
|
end
|
|
39
|
+
|
|
40
|
+
describe "#authentication_uri_state_builder=" do
|
|
41
|
+
it "raises if the value isn't callable" do
|
|
42
|
+
expect {
|
|
43
|
+
subject.authentication_uri_state_builder = "not a lambda"
|
|
44
|
+
}.to raise_error(SimpleGoogleAuth::Error, /responds to :call/)
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
describe "#authentication_uri_state_path_extractor=" do
|
|
49
|
+
it "raises if the value isn't callable" do
|
|
50
|
+
expect {
|
|
51
|
+
subject.authentication_uri_state_path_extractor = "not a lambda"
|
|
52
|
+
}.to raise_error(SimpleGoogleAuth::Error, /responds to :call/)
|
|
53
|
+
end
|
|
54
|
+
end
|
|
39
55
|
end
|
|
@@ -24,8 +24,9 @@ describe SimpleGoogleAuth::Controller do
|
|
|
24
24
|
|
|
25
25
|
describe "#redirect_if_not_google_authenticated" do
|
|
26
26
|
it "redirects if not authenticated" do
|
|
27
|
-
|
|
28
|
-
|
|
27
|
+
SimpleGoogleAuth.config.authentication_uri_state_builder = ->(request) { 'prefix-/somepath' }
|
|
28
|
+
|
|
29
|
+
expect(subject).to receive(:redirect_to).with("https://accounts.google.com/o/oauth2/auth?scope=openid+email&response_type=code&client_id=123&redirect_uri=%2Fabc&state=prefix-%2Fsomepath")
|
|
29
30
|
subject.send(:redirect_if_not_google_authenticated)
|
|
30
31
|
end
|
|
31
32
|
|
|
@@ -12,6 +12,7 @@ describe SimpleGoogleAuth::Receiver do
|
|
|
12
12
|
let(:auth_data) { double }
|
|
13
13
|
let(:env) { double }
|
|
14
14
|
let(:auth_data_presenter) { instance_double(SimpleGoogleAuth::AuthDataPresenter) }
|
|
15
|
+
let(:authentication_uri_state_path_extractor) { double(:call => '') }
|
|
15
16
|
|
|
16
17
|
before do
|
|
17
18
|
expect(Rack::Request).to receive(:new).with(env).and_return(request)
|
|
@@ -19,6 +20,7 @@ describe SimpleGoogleAuth::Receiver do
|
|
|
19
20
|
|
|
20
21
|
SimpleGoogleAuth.config.authenticate = authenticator
|
|
21
22
|
SimpleGoogleAuth.config.failed_login_path = '/error'
|
|
23
|
+
SimpleGoogleAuth.config.authentication_uri_state_path_extractor = authentication_uri_state_path_extractor
|
|
22
24
|
end
|
|
23
25
|
|
|
24
26
|
subject { SimpleGoogleAuth::Receiver.new.call(env) }
|
|
@@ -38,6 +40,8 @@ describe SimpleGoogleAuth::Receiver do
|
|
|
38
40
|
end
|
|
39
41
|
|
|
40
42
|
it "redirects to the URL specified in the session" do
|
|
43
|
+
expect(authentication_uri_state_path_extractor).to receive(:call).with(state).and_return('/place')
|
|
44
|
+
|
|
41
45
|
expect(subject).to eq [302, {"Location" => "/place"}, [" "]]
|
|
42
46
|
end
|
|
43
47
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: simple_google_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Roger Nesbitt
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-02-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: '5.2'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: '5.2'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rspec-rails
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '3.
|
|
33
|
+
version: '3.9'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '3.
|
|
40
|
+
version: '3.9'
|
|
41
41
|
description: An extremely easy way to protect your site by requiring Google logins
|
|
42
42
|
without having to set up a traditional authentication system
|
|
43
43
|
email:
|
|
@@ -89,17 +89,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
89
89
|
version: '0'
|
|
90
90
|
requirements: []
|
|
91
91
|
rubyforge_project:
|
|
92
|
-
rubygems_version: 2.
|
|
92
|
+
rubygems_version: 2.7.6
|
|
93
93
|
signing_key:
|
|
94
94
|
specification_version: 4
|
|
95
95
|
summary: Super simple Google authentication for your Rails site
|
|
96
96
|
test_files:
|
|
97
|
-
- spec/
|
|
98
|
-
- spec/simple_google_auth/authorization_uri_builder_spec.rb
|
|
99
|
-
- spec/simple_google_auth/config_spec.rb
|
|
100
|
-
- spec/simple_google_auth/controller_spec.rb
|
|
97
|
+
- spec/spec_helper.rb
|
|
101
98
|
- spec/simple_google_auth/http_client_spec.rb
|
|
99
|
+
- spec/simple_google_auth/config_spec.rb
|
|
100
|
+
- spec/simple_google_auth/auth_data_presenter_spec.rb
|
|
102
101
|
- spec/simple_google_auth/oauth_spec.rb
|
|
103
102
|
- spec/simple_google_auth/receiver_spec.rb
|
|
103
|
+
- spec/simple_google_auth/authorization_uri_builder_spec.rb
|
|
104
|
+
- spec/simple_google_auth/controller_spec.rb
|
|
104
105
|
- spec/simple_google_auth_spec.rb
|
|
105
|
-
- spec/spec_helper.rb
|