sorcery 0.13.0 → 0.16.1

data/lib/sorcery/providers/discord.rb

@@ -0,0 +1,52 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with discordapp.com
+
+    class Discord < Base
+      include Protocols::Oauth2
+
+      attr_accessor :auth_path, :scope, :token_url, :user_info_path
+
+      def initialize
+        super
+
+        @scope          = 'identify'
+        @site           = 'https://discordapp.com/'
+        @auth_path      = '/api/oauth2/authorize'
+        @token_url      = '/api/oauth2/token'
+        @user_info_path = '/api/users/@me'
+        @state          = SecureRandom.hex(16)
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+        body = JSON.parse(response.body)
+        auth_hash(access_token).tap do |h|
+          h[:user_info] = body
+          h[:uid] = body['id']
+        end
+      end
+
+      # calculates and returns the url to which the user should be redirected,
+      # to get authenticated at the external provider's site.
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_path)
+      end
+
+      # tries to login the user from access token
+      def process_callback(params, _session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+        get_access_token(
+          args,
+          token_url: token_url,
+          client_id: @key,
+          client_secret: @secret,
+          grant_type: 'authorization_code',
+          token_method: :post
+        )
+      end
+    end
+  end
+end

data/lib/sorcery/providers/line.rb

@@ -0,0 +1,63 @@
+module Sorcery
+  module Providers
+    # This class adds support for OAuth with line.com.
+    #
+    #   config.line.key = <key>
+    #   config.line.secret = <secret>
+    #   ...
+    #
+    class Line < Base
+      include Protocols::Oauth2
+
+      attr_accessor :token_url, :user_info_path, :auth_path, :scope, :bot_prompt
+
+      def initialize
+        super
+
+        @site           = 'https://access.line.me'
+        @user_info_path = 'https://api.line.me/v2/profile'
+        @token_url      = 'https://api.line.me/oauth2/v2.1/token'
+        @auth_path      = 'oauth2/v2.1/authorize'
+        @scope          = 'profile'
+      end
+
+      def get_user_hash(access_token)
+        response = access_token.get(user_info_path)
+        auth_hash(access_token).tap do |h|
+          h[:user_info] = JSON.parse(response.body)
+          h[:uid] = h[:user_info]['userId'].to_s
+        end
+      end
+
+      # calculates and returns the url to which the user should be redirected,
+      # to get authenticated at the external provider's site.
+      def login_url(_params, _session)
+        @state = SecureRandom.hex(16)
+        authorize_url(authorize_url: auth_path)
+      end
+
+      # overrides oauth2#authorize_url to add bot_prompt query.
+      def authorize_url(options = {})
+        options.merge!({
+          connection_opts: { params: { bot_prompt: bot_prompt } }
+        }) if bot_prompt.present?
+
+        super(options)
+      end
+
+      # tries to login the user from access token
+      def process_callback(params, _session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+
+        get_access_token(
+          args,
+          token_url: token_url,
+          token_method: :post,
+          grant_type: 'authorization_code'
+        )
+      end
+    end
+  end
+end

data/lib/sorcery/providers/linkedin.rb

@@ -1,65 +1,74 @@
 module Sorcery
   module Providers
-    # This class adds support for OAuth with Linkedin.com.
+    # This class adds support for OAuth with LinkedIn.
     #
     #   config.linkedin.key = <key>
     #   config.linkedin.secret = <secret>
     #   ...
     #
     class Linkedin < Base
-      include Protocols::Oauth
+      include Protocols::Oauth2
 
-      attr_accessor :authorize_path, :access_permissions, :access_token_path,
-                    :request_token_path, :user_info_fields, :user_info_path
+      attr_accessor :auth_url, :scope, :token_url, :user_info_url, :email_info_url
 
       def initialize
-        @configuration = {
-          site: 'https://api.linkedin.com',
-          authorize_path: '/uas/oauth/authenticate',
-          request_token_path: '/uas/oauth/requestToken',
-          access_token_path: '/uas/oauth/accessToken'
-        }
-        @user_info_path = '/v1/people/~'
-      end
+        super
 
-      # Override included get_consumer method to provide authorize_path
-      def get_consumer
-        # Add access permissions to request token path
-        @configuration[:request_token_path] += '?scope=' + access_permissions.join('+') unless access_permissions.blank? || @configuration[:request_token_path].include?('?scope=')
-        ::OAuth::Consumer.new(@key, @secret, @configuration)
+        @site           = 'https://api.linkedin.com'
+        @auth_url       = '/oauth/v2/authorization'
+        @token_url      = '/oauth/v2/accessToken'
+        @user_info_url  = 'https://api.linkedin.com/v2/me'
+        @email_info_url = 'https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))'
+        @scope          = 'r_liteprofile r_emailaddress'
+        @state          = SecureRandom.hex(16)
       end
 
       def get_user_hash(access_token)
-        # Always include id for provider uid and prevent accidental duplication via setting `user_info_field = ['id']` (needed in Sorcery 0.9.1)
-        info_fields = user_info_fields ? user_info_fields.reject { |n| n == 'id' } : []
-        fields = info_fields.any? ? 'id,' + info_fields.join(',') : 'id'
-        response = access_token.get("#{@user_info_path}:(#{fields})", 'x-li-format' => 'json')
+        user_info = get_user_info(access_token)
 
         auth_hash(access_token).tap do |h|
-          h[:user_info] = JSON.parse(response.body)
-          h[:uid] = h[:user_info]['id'].to_s
+          h[:user_info] = user_info
+          h[:uid]       = h[:user_info]['id']
         end
       end
 
       # calculates and returns the url to which the user should be redirected,
       # to get authenticated at the external provider's site.
-      def login_url(_params, session)
-        req_token = get_request_token
-        session[:request_token]         = req_token.token
-        session[:request_token_secret]  = req_token.secret
-        authorize_url(request_token: req_token.token, request_token_secret: req_token.secret)
+      def login_url(_params, _session)
+        authorize_url(authorize_url: auth_url)
       end
 
       # tries to login the user from access token
-      def process_callback(params, session)
-        args = {
-          oauth_verifier:       params[:oauth_verifier],
-          request_token:        session[:request_token],
-          request_token_secret: session[:request_token_secret]
-        }
+      def process_callback(params, _session)
+        args = {}.tap do |a|
+          a[:code] = params[:code] if params[:code]
+        end
+
+        get_access_token(args, token_url: token_url, token_method: :post)
+      end
+
+      def get_user_info(access_token)
+        response  = access_token.get(user_info_url)
+        user_info = JSON.parse(response.body)
+
+        if email_in_scope?
+          email = fetch_email(access_token)
+
+          return user_info.merge(email)
+        end
+
+        user_info
+      end
+
+      def email_in_scope?
+        scope.include?('r_emailaddress')
+      end
+
+      def fetch_email(access_token)
+        email_response = access_token.get(email_info_url)
+        email_info     = JSON.parse(email_response.body)['elements'].first
 
-        args[:code] = params[:code] if params[:code]
-        get_access_token(args)
+        email_info['handle~']
       end
     end
   end

data/lib/sorcery/providers/vk.rb

@@ -37,7 +37,7 @@ module Sorcery
           user_hash[:user_info] = user_hash[:user_info]['response'][0]
           user_hash[:user_info]['full_name'] = [user_hash[:user_info]['first_name'], user_hash[:user_info]['last_name']].join(' ')
 
-          user_hash[:uid] = user_hash[:user_info]['uid']
+          user_hash[:uid] = user_hash[:user_info]['id']
           user_hash[:user_info]['email'] = access_token.params['email']
         end
         user_hash

data/lib/sorcery/version.rb

@@ -1,3 +1,3 @@
 module Sorcery
-  VERSION = '0.13.0'.freeze
+  VERSION = '0.16.1'.freeze
 end

data/sorcery.gemspec

@@ -14,28 +14,27 @@ Gem::Specification.new do |s|
     'Josh Buker'
   ]
   s.email = [
-    'chase.gilliam@gmail.com',
-    'contact@joshbuker.com'
+    'crypto@joshbuker.com'
   ]
 
   # TODO: Cleanup formatting.
-  # rubocop:disable Metrics/LineLength
+  # rubocop:disable Layout/LineLength
   s.description = 'Provides common authentication needs such as signing in/out, activating by email and resetting password.'
   s.summary = 'Magical authentication for Rails applications'
   s.homepage = 'https://github.com/Sorcery/sorcery'
   s.post_install_message = "As of version 1.0 oauth/oauth2 won't be automatically bundled so you may need to add those dependencies to your Gemfile.\n"
   s.post_install_message += 'You may need oauth2 if you use external providers such as any of these: https://github.com/Sorcery/sorcery/tree/master/lib/sorcery/providers'
-  # rubocop:enable Metrics/LineLength
+  # rubocop:enable Layout/LineLength
 
   s.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   s.require_paths = ['lib']
 
   s.licenses = ['MIT']
 
-  s.required_ruby_version = '>= 2.2.9'
+  s.required_ruby_version = '>= 2.4.9'
 
   s.add_dependency 'bcrypt', '~> 3.1'
-  s.add_dependency 'oauth', '~> 0.4', '>= 0.4.4'
+  s.add_dependency 'oauth', '~> 0.5', '>= 0.5.5'
   s.add_dependency 'oauth2', '~> 1.0', '>= 0.8.0'
 
   s.add_development_dependency 'byebug', '~> 10.0.0'

data/spec/controllers/controller_oauth2_spec.rb

@@ -116,12 +116,21 @@ describe SorceryController, active_record: true, type: :controller do
     end
 
     context 'when callback_url begin with http://' do
+      before do
+        sorcery_controller_external_property_set(:facebook, :callback_url, '/oauth/twitter/callback')
+        sorcery_controller_external_property_set(:facebook, :api_version, 'v2.2')
+      end
+
       it 'login_at redirects correctly' do
         create_new_user
         get :login_at_test_facebook
         expect(response).to be_a_redirect
         expect(response).to redirect_to("https://www.facebook.com/v2.2/dialog/oauth?client_id=#{::Sorcery::Controller::Config.facebook.key}&display=page&redirect_uri=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&response_type=code&scope=email&state")
       end
+
+      after do
+        sorcery_controller_external_property_set(:facebook, :callback_url, 'http://blabla.com')
+      end
     end
 
     it "'login_from' logins if user exists" do
@@ -155,7 +164,7 @@ describe SorceryController, active_record: true, type: :controller do
       expect(flash[:notice]).to eq 'Success!'
     end
 
-    %i[github google liveid vk salesforce paypal slack wechat microsoft instagram auth0].each do |provider|
+    %i[github google liveid vk salesforce paypal slack wechat microsoft instagram auth0 discord battlenet].each do |provider|
       describe "with #{provider}" do
         it 'login_at redirects correctly' do
           get :"login_at_test_#{provider}"
@@ -216,6 +225,9 @@ describe SorceryController, active_record: true, type: :controller do
           microsoft
           instagram
           auth0
+          line
+          discord
+          battlenet
         ]
       )
 
@@ -257,6 +269,15 @@ describe SorceryController, active_record: true, type: :controller do
       sorcery_controller_external_property_set(:auth0, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
       sorcery_controller_external_property_set(:auth0, :callback_url, 'http://blabla.com')
       sorcery_controller_external_property_set(:auth0, :site, 'https://sorcery-test.auth0.com')
+      sorcery_controller_external_property_set(:line, :key, "eYVNBjBDi33aa9GkA3w")
+      sorcery_controller_external_property_set(:line, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+      sorcery_controller_external_property_set(:line, :callback_url, "http://blabla.com")
+      sorcery_controller_external_property_set(:discord, :key, 'eYVNBjBDi33aa9GkA3w')
+      sorcery_controller_external_property_set(:discord, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
+      sorcery_controller_external_property_set(:discord, :callback_url, 'http://blabla.com')
+      sorcery_controller_external_property_set(:battlenet, :key, '4c43d4862c774ca5bbde89873bf0d338')
+      sorcery_controller_external_property_set(:battlenet, :secret, 'TxY7IwKOykACd8kUxPyVGTqBs44UBDdX')
+      sorcery_controller_external_property_set(:battlenet, :callback_url, 'http://blabla.com')
     end
 
     after(:each) do
@@ -279,7 +300,7 @@ describe SorceryController, active_record: true, type: :controller do
       expect(ActionMailer::Base.deliveries.size).to eq old_size
     end
 
-    %i[github google liveid vk salesforce paypal wechat microsoft instagram auth0].each do |provider|
+    %i[github google liveid vk salesforce paypal wechat microsoft instagram auth0 discord battlenet].each do |provider|
       it "does not send activation email to external users (#{provider})" do
         old_size = ActionMailer::Base.deliveries.size
         create_new_external_user provider
@@ -303,7 +324,7 @@ describe SorceryController, active_record: true, type: :controller do
       sorcery_reload!(%i[activity_logging external])
     end
 
-    %w[facebook github google liveid vk salesforce slack].each do |provider|
+    %w[facebook github google liveid vk salesforce slack discord battlenet].each do |provider|
       context "when #{provider}" do
         before(:each) do
           sorcery_controller_property_set(:register_login_time, true)
@@ -342,7 +363,7 @@ describe SorceryController, active_record: true, type: :controller do
 
     let(:user) { double('user', id: 42) }
 
-    %w[facebook github google liveid vk salesforce slack].each do |provider|
+    %w[facebook github google liveid vk salesforce slack discord battlenet].each do |provider|
       context "when #{provider}" do
         before(:each) do
           sorcery_model_property_set(:authentications_class, Authentication)
@@ -423,7 +444,7 @@ describe SorceryController, active_record: true, type: :controller do
         # response for VK auth
         'response' => [
           {
-            'uid' => '123',
+            'id' => '123',
             'first_name' => 'Noam',
             'last_name' => 'Ben Ari'
           }
@@ -474,6 +495,9 @@ describe SorceryController, active_record: true, type: :controller do
         microsoft
         instagram
         auth0
+        line
+        discord
+        battlenet
       ]
     )
     sorcery_controller_external_property_set(:facebook, :key, 'eYVNBjBDi33aa9GkA3w')
@@ -513,6 +537,15 @@ describe SorceryController, active_record: true, type: :controller do
     sorcery_controller_external_property_set(:auth0, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
     sorcery_controller_external_property_set(:auth0, :callback_url, 'http://blabla.com')
     sorcery_controller_external_property_set(:auth0, :site, 'https://sorcery-test.auth0.com')
+    sorcery_controller_external_property_set(:line, :key, "eYVNBjBDi33aa9GkA3w")
+    sorcery_controller_external_property_set(:line, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
+    sorcery_controller_external_property_set(:line, :callback_url, "http://blabla.com")
+    sorcery_controller_external_property_set(:discord, :key, 'eYVNBjBDi33aa9GkA3w')
+    sorcery_controller_external_property_set(:discord, :secret, 'XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8')
+    sorcery_controller_external_property_set(:discord, :callback_url, 'http://blabla.com')
+    sorcery_controller_external_property_set(:battlenet, :key, '4c43d4862c774ca5bbde89873bf0d338')
+    sorcery_controller_external_property_set(:battlenet, :secret, 'TxY7IwKOykACd8kUxPyVGTqBs44UBDdX')
+    sorcery_controller_external_property_set(:battlenet, :callback_url, 'http://blabla.com')
   end
 
   def provider_url(provider)
@@ -527,7 +560,9 @@ describe SorceryController, active_record: true, type: :controller do
       wechat: "https://open.weixin.qq.com/connect/qrconnect?appid=#{::Sorcery::Controller::Config.wechat.key}&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=snsapi_login&state=#wechat_redirect",
       microsoft: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=#{::Sorcery::Controller::Config.microsoft.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+email+https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state",
       instagram: "https://api.instagram.com/oauth/authorize?client_id=#{::Sorcery::Controller::Config.instagram.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=#{::Sorcery::Controller::Config.instagram.scope}&state",
-      auth0: "https://sorcery-test.auth0.com/authorize?client_id=#{::Sorcery::Controller::Config.auth0.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+profile+email&state"
+      auth0: "https://sorcery-test.auth0.com/authorize?client_id=#{::Sorcery::Controller::Config.auth0.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid+profile+email&state",
+      discord: "https://discordapp.com/api/oauth2/authorize?client_id=#{::Sorcery::Controller::Config.discord.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=identify&state",
+      battlenet: "https://eu.battle.net/oauth/authorize?client_id=#{::Sorcery::Controller::Config.battlenet.key}&display&redirect_uri=http%3A%2F%2Fblabla.com&response_type=code&scope=openid&state"
     }[provider]
   end
 end

data/spec/controllers/controller_oauth_spec.rb

@@ -84,11 +84,17 @@ describe SorceryController, type: :controller do
     end
 
     context 'when callback_url begin with http://' do
+      before do
+        sorcery_controller_external_property_set(:twitter, :callback_url, '/oauth/twitter/callback')
+      end
       it 'login_at redirects correctly', pending: true do
         get :login_at_test
         expect(response).to be_a_redirect
         expect(response).to redirect_to('http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=')
       end
+      after do
+        sorcery_controller_external_property_set(:twitter, :callback_url, 'http://blabla.com')
+      end
     end
 
     it 'logins if user exists' do

data/spec/controllers/controller_remember_me_spec.rb

@@ -6,14 +6,19 @@ describe SorceryController, type: :controller do
   # ----------------- REMEMBER ME -----------------------
   context 'with remember me features' do
     before(:all) do
+      if SORCERY_ORM == :active_record
+        MigrationHelper.migrate("#{Rails.root}/db/migrate/remember_me")
+        User.reset_column_information
+      end
+
       sorcery_reload!([:remember_me])
     end
 
-    # TODO: Unused, remove?
-    # after(:each) do
-    #   session = nil
-    #   cookies = nil
-    # end
+    after(:all) do
+      if SORCERY_ORM == :active_record
+        MigrationHelper.rollback("#{Rails.root}/db/migrate/remember_me")
+      end
+    end
 
     before(:each) do
       allow(user).to receive(:remember_me_token)
@@ -32,19 +37,17 @@ describe SorceryController, type: :controller do
     end
 
     it 'clears cookie on forget_me!' do
-      cookies['remember_me_token'] = { value: 'asd54234dsfsd43534', expires: 3600 }
-      get :test_logout
+      request.cookies[:remember_me_token] = { value: 'asd54234dsfsd43534', expires: 3600 }
+      get :test_logout_with_forget_me
 
-      pending 'Test previously broken, functionality might not be working here.'
-      expect(cookies['remember_me_token']).to be_nil
+      expect(response.cookies[:remember_me_token]).to be_nil
     end
 
     it 'clears cookie on force_forget_me!' do
-      cookies['remember_me_token'] = { value: 'asd54234dsfsd43534', expires: 3600 }
+      request.cookies[:remember_me_token] = { value: 'asd54234dsfsd43534', expires: 3600 }
       get :test_logout_with_force_forget_me
 
-      pending 'Test previously broken, functionality might not be working here.'
-      expect(cookies['remember_me_token']).to be_nil
+      expect(response.cookies[:remember_me_token]).to be_nil
     end
 
     it 'login(email,password,remember_me) logs user in and remembers' do