omniauth-dingtalk-oauth2-1.0.0/0000755000175100017510000000000014153366133015362 5ustar pravipraviomniauth-dingtalk-oauth2-1.0.0/.gitignore0000644000175100017510000000016614153366133017355 0ustar pravipravi/.bundle/ /.yardoc /_yardoc/ /coverage/ /doc/ /pkg/ /spec/reports/ /tmp/ # rspec failure tracking .rspec_status *.gemomniauth-dingtalk-oauth2-1.0.0/Rakefile0000644000175100017510000000016514153366133017031 0ustar pravipravirequire "bundler/gem_tasks" require "rspec/core/rake_task" RSpec::Core::RakeTask.new(:spec) task :default => :spec omniauth-dingtalk-oauth2-1.0.0/bin/0000755000175100017510000000000014153366133016132 5ustar pravipraviomniauth-dingtalk-oauth2-1.0.0/bin/console0000755000175100017510000000015414153366133017522 0ustar pravipravi#!/usr/bin/env ruby require "bundler/setup" require "omniauth/dingtalk" require "irb" IRB.start(__FILE__) omniauth-dingtalk-oauth2-1.0.0/bin/setup0000755000175100017510000000011314153366133017213 0ustar pravipravi#!/usr/bin/env bash set -euo pipefail IFS=$'\n\t' set -vx bundle install omniauth-dingtalk-oauth2-1.0.0/Gemfile.lock0000644000175100017510000000341714153366133017611 0ustar pravipraviPATH remote: . specs: omniauth-dingtalk-oauth2 (1.0.0) omniauth-oauth2 GEM remote: https://rubygems.org/ specs: byebug (11.1.3) diff-lcs (1.4.4) faraday (1.8.0) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) faraday-httpclient (~> 1.0.1) faraday-net_http (~> 1.0) faraday-net_http_persistent (~> 1.1) faraday-patron (~> 1.0) faraday-rack (~> 1.0) multipart-post (>= 1.2, < 3) ruby2_keywords (>= 0.0.4) faraday-em_http (1.0.0) faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) faraday-httpclient (1.0.1) faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) hashie (4.1.0) jwt (2.3.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) omniauth (2.0.4) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection omniauth-oauth2 (1.7.2) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) rack (2.2.3) rack-protection (2.1.0) rack rake (12.3.3) rspec (3.10.0) rspec-core (~> 3.10.0) rspec-expectations (~> 3.10.0) rspec-mocks (~> 3.10.0) rspec-core (3.10.1) rspec-support (~> 3.10.0) rspec-expectations (3.10.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) rspec-mocks (3.10.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) rspec-support (3.10.2) ruby2_keywords (0.0.5) PLATFORMS ruby DEPENDENCIES byebug omniauth-dingtalk-oauth2! rake (~> 12.0) rspec (~> 3.0) BUNDLED WITH 2.1.4 omniauth-dingtalk-oauth2-1.0.0/lib/0000755000175100017510000000000014153366133016130 5ustar pravipraviomniauth-dingtalk-oauth2-1.0.0/lib/omniauth-dingtalk/0000755000175100017510000000000014153366133021547 5ustar pravipraviomniauth-dingtalk-oauth2-1.0.0/lib/omniauth-dingtalk/client/0000755000175100017510000000000014153366133023025 5ustar pravipraviomniauth-dingtalk-oauth2-1.0.0/lib/omniauth-dingtalk/client/third_party_personal.rb0000644000175100017510000000061414153366133027607 0ustar pravipravi# frozen_string_literal: true require 'omniauth-dingtalk/client/base' module OmniAuth module Dingtalk module Client class ThirdPartyPersonal < ::OmniAuth::Dingtalk::Client::Base TOKEN_URL = '/sns/gettoken' def get_user_info(params = {}) resp = get_user_info_by_code(params[:code]) resp['user_info'] || {} end end end end end omniauth-dingtalk-oauth2-1.0.0/lib/omniauth-dingtalk/client/enterprise_internal.rb0000644000175100017510000000150214153366133027424 0ustar pravipravi# frozen_string_literal: true require 'omniauth-dingtalk/client/base' module OmniAuth module Dingtalk module Client class EnterpriseInternal < ::OmniAuth::Dingtalk::Client::Base TOKEN_URL = '/gettoken' def token_params { appkey: id, appsecret: secret } end def get_user_info(params = {}) resp = get_user_info_by_code(params[:code]) user_info = resp['user_info'] || {} return user_info if user_info['unionid'].to_s.empty? user_id = get_user_id_by_unionid(params[:access_token], user_info['unionid']).dig('result', 'userid') return user_info if user_id.to_s.empty? result = get_user_info_by_id(params[:access_token], user_id)['result'] user_info.merge(result || {}) end end end end end omniauth-dingtalk-oauth2-1.0.0/lib/omniauth-dingtalk/client/base.rb0000644000175100017510000000460614153366133024272 0ustar pravipravi# frozen_string_literal: true require 'openssl' require 'base64' require 'cgi' require 'json' module OmniAuth module Dingtalk module Client class Base < ::OAuth2::Client AUTHORIZE_URL = { 'qrcode' => '/connect/qrconnect', 'account' => '/connect/oauth2/sns_authorize' }.freeze GET_USER_INFO_BY_CODE_URL = '/sns/getuserinfo_bycode' GET_USER_ID_BY_UNIONID_URL = '/topapi/user/getbyunionid' GET_USER_INFO_BY_ID_URL = '/topapi/v2/user/get' def initialize(client_id, client_secret, options = {}, &block) opts = { authorize_url: AUTHORIZE_URL.fetch(options[:authorize_method].to_s, AUTHORIZE_URL['qrcode']), token_url: token_url, token_method: :get }.merge(options) super(client_id, client_secret, opts, &block) end def get_user_info_by_code(code) t = (Time.now.to_f * 1000).to_i.to_s raw_sign = Base64.encode64(OpenSSL::HMAC.digest('SHA256', secret, t)).strip sign = CGI.escape(raw_sign) url = "#{GET_USER_INFO_BY_CODE_URL}?accessKey=#{id}×tamp=#{t}&signature=#{sign}" request(:post, url, headers: { 'Content-Type' => 'application/json' }, body: { tmp_auth_code: code }.to_json ).parsed end def get_user_id_by_unionid(access_token, unionid) request(:post, GET_USER_ID_BY_UNIONID_URL, headers: { 'Content-Type' => 'application/json' }, body: { unionid: unionid }.to_json, params: { access_token: access_token } ).parsed end def get_user_info_by_id(access_token, id) request(:post, GET_USER_INFO_BY_ID_URL, headers: { 'Content-Type' => 'application/json' }, body: { userid: id }.to_json, params: { access_token: access_token } ).parsed end def get_user_info(params = {}) raise NotImplementedError end def token_url self.class.const_get(:TOKEN_URL) rescue nil end def token_params { appid: id, appsecret: secret } end def get_token(params, access_token_opts = {}, extract_access_token = options[:extract_access_token]) super(token_params.merge(params), access_token_opts, extract_access_token) end end end end end omniauth-dingtalk-oauth2-1.0.0/lib/omniauth-dingtalk/version.rb0000644000175100017510000000014114153366133023555 0ustar pravipravi# frozen_string_literal: true module OmniAuth module Dingtalk VERSION = '1.0.0' end end omniauth-dingtalk-oauth2-1.0.0/lib/omniauth-dingtalk/client.rb0000644000175100017510000000072014153366133023351 0ustar pravipravi# frozen_string_literal: true require 'omniauth-dingtalk/client/third_party_personal' require 'omniauth-dingtalk/client/enterprise_internal' module OmniAuth module Dingtalk module Client def self.get(client_type) case client_type.to_s when 'third_party_personal' ::OmniAuth::Dingtalk::Client::ThirdPartyPersonal else ::OmniAuth::Dingtalk::Client::EnterpriseInternal end end end end end omniauth-dingtalk-oauth2-1.0.0/lib/omniauth-dingtalk-oauth2.rb0000644000175100017510000000020414153366133023270 0ustar pravipravi# frozen_string_literal: true require 'omniauth-oauth2' require 'omniauth-dingtalk/version' require 'omniauth/strategies/dingtalk' omniauth-dingtalk-oauth2-1.0.0/lib/omniauth/0000755000175100017510000000000014153366133017754 5ustar pravipraviomniauth-dingtalk-oauth2-1.0.0/lib/omniauth/strategies/0000755000175100017510000000000014153366133022126 5ustar pravipraviomniauth-dingtalk-oauth2-1.0.0/lib/omniauth/strategies/dingtalk.rb0000644000175100017510000000361514153366133024255 0ustar pravipravi# frozen_string_literal: true require 'omniauth-dingtalk/client' module OmniAuth module Strategies class Dingtalk < OmniAuth::Strategies::OAuth2 option :name, 'dingtalk' option :client_options, { site: 'https://oapi.dingtalk.com', # one of qrcode, account, default is qrcode authorize_method: :qrcode } # one of enterprise_internal, third_party_personal, default is enterprise_internal option :client_type, :enterprise_internal # one of snsapi_login, snsapi_auth, default is snsapi_login option :authorize_params, scope: 'snsapi_login' uid do user_info['openid'] end info do { unionid: user_info['unionid'], ding_id: user_info['dingId'], name: user_info['nick'], username: user_info['nick'] }.merge(user_info) end extra do { raw_info: user_info } end def request_phase params = client.auth_code.authorize_params.merge(redirect_uri: callback_url).merge(authorize_params) params['appid'] = params.delete('client_id') redirect client.authorize_url(params) end protected def client ::OmniAuth::Dingtalk::Client.get(options.client_type).new( options.client_id, options.client_secret, deep_symbolize(options.client_options) ) end def build_access_token verifier = request.params['code'] access_token_options = { redirect_uri: callback_url }.merge(token_params.to_hash(symbolize_keys: true)) client.auth_code.get_token(verifier, access_token_options, deep_symbolize(options.auth_token_params)) end def user_info @user_info ||= client.get_user_info(code: request.params['code'], access_token: access_token.token) end end end end OmniAuth.config.add_camelization 'dingtalk', 'Dingtalk' omniauth-dingtalk-oauth2-1.0.0/README.md0000644000175100017510000000212514153366133016641 0ustar pravipravi# Omniauth DingTalk This project forked from [https://github.com/jinhucheung/omniauth-dingding](https://github.com/jinhucheung/omniauth-dingding). To use it, you'll need to sign up for an OAuth2 Application ID and Secret on the [DingTalk Applications Page](https://open-dev.dingtalk.com/). ## Installation Add this line to your application's Gemfile: ```ruby gem 'omniauth-dingtalk-oauth2' ``` And then execute: ``` $ bundle install ``` ## Usage `OmniAuth::Strategies::Dingtalk` is simply a Rack middleware. Read the OmniAuth docs for detailed instructions: https://github.com/intridea/omniauth. Here's a quick example, adding the middleware to a Rails app in `config/initializers/omniauth.rb`: ```ruby Rails.application.config.middleware.use OmniAuth::Builder do provider :dingtalk, ENV['DINGTALK_APP_ID'], ENV['DINGTALK_APP_SECRET'] end ``` ## Contributing Bug reports and pull requests are welcome on GitLab at https://gitlab.com/gitlab-jh/jh-team/omniauth-dingtalk. ## License The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). omniauth-dingtalk-oauth2-1.0.0/omniauth-dingtalk-oauth2.gemspec0000644000175100017510000000220014153366133023540 0ustar pravipravirequire_relative 'lib/omniauth-dingtalk/version' Gem::Specification.new do |spec| spec.name = "omniauth-dingtalk-oauth2" spec.version = OmniAuth::Dingtalk::VERSION spec.authors = ["JiHu(GitLab)"] spec.email = ["dev@jihulab.com"] spec.summary = %q{Omniauth strategy for DingTalk} spec.description = %q{Wrapper the DingTalk Oauth2 API} spec.homepage = "https://gitlab.com/gitlab-jh/jh-team/omniauth-dingtalk" spec.license = "MIT" spec.metadata["homepage_uri"] = spec.homepage spec.metadata["source_code_uri"] = "https://gitlab.com/gitlab-jh/jh-team/omniauth-dingtalk" # Specify which files should be added to the gem when it is released. # The `git ls-files -z` loads the files in the RubyGem that have been added into git. spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) } end spec.bindir = "exe" spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.require_paths = ["lib"] spec.add_dependency 'omniauth-oauth2', '~> 1.7.1' end omniauth-dingtalk-oauth2-1.0.0/Gemfile0000644000175100017510000000014114153366133016651 0ustar pravipravisource "https://rubygems.org" gemspec gem "rake", "~> 12.0" gem "rspec", "~> 3.0" gem "byebug" omniauth-dingtalk-oauth2-1.0.0/.rspec0000644000175100017510000000006514153366133016500 0ustar pravipravi--format documentation --color --require spec_helper omniauth-dingtalk-oauth2-1.0.0/LICENSE.txt0000644000175100017510000000206414153366133017207 0ustar pravipraviThe MIT License (MIT) Copyright (c) 2021 jimcheung Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.