omniauth-oauth2-1.4.0/0000755000004100000410000000000012616712234014574 5ustar www-datawww-dataomniauth-oauth2-1.4.0/Rakefile0000644000004100000410000000046512616712234016246 0ustar www-datawww-data#!/usr/bin/env rake require "bundler/gem_tasks" require "rspec/core/rake_task" RSpec::Core::RakeTask.new task :test => :spec begin require "rubocop/rake_task" RuboCop::RakeTask.new rescue LoadError task :rubocop do $stderr.puts "RuboCop is disabled" end end task :default => [:spec, :rubocop] omniauth-oauth2-1.4.0/Gemfile0000644000004100000410000000077112616712234016074 0ustar www-datawww-datasource "http://rubygems.org" gem "rake" group :test do gem "coveralls" gem "json", :platforms => [:jruby, :ruby_18, :ruby_19] gem "mime-types", "~> 1.25", :platforms => [:jruby, :ruby_18] gem "rack-test" gem "rest-client", "~> 1.6.0", :platforms => [:jruby, :ruby_18] gem "rspec", "~> 3.2" gem "rubocop", ">= 0.30", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22] gem "simplecov", ">= 0.9" gem "webmock" end # Specify your gem's dependencies in omniauth-oauth2.gemspec gemspec omniauth-oauth2-1.4.0/.rspec0000644000004100000410000000003312616712234015705 0ustar www-datawww-data--colour --format=progress omniauth-oauth2-1.4.0/spec/0000755000004100000410000000000012616712234015526 5ustar www-datawww-dataomniauth-oauth2-1.4.0/spec/helper.rb0000644000004100000410000000124312616712234017332 0ustar www-datawww-data$LOAD_PATH.unshift File.expand_path("..", __FILE__) $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__) if RUBY_VERSION >= "1.9" require "simplecov" require "coveralls" SimpleCov.formatters = [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter] SimpleCov.start do minimum_coverage(78.48) end end require "rspec" require "rack/test" require "webmock/rspec" require "omniauth" require "omniauth-oauth2" RSpec.configure do |config| config.expect_with :rspec do |c| c.syntax = :expect end config.extend OmniAuth::Test::StrategyMacros, :type => :strategy config.include Rack::Test::Methods config.include WebMock::API end omniauth-oauth2-1.4.0/spec/omniauth/0000755000004100000410000000000012616712234017352 5ustar www-datawww-dataomniauth-oauth2-1.4.0/spec/omniauth/strategies/0000755000004100000410000000000012616712234021524 5ustar www-datawww-dataomniauth-oauth2-1.4.0/spec/omniauth/strategies/oauth2_spec.rb0000644000004100000410000000715312616712234024273 0ustar www-datawww-datarequire "helper" describe OmniAuth::Strategies::OAuth2 do def app lambda do |_env| [200, {}, ["Hello."]] end end let(:fresh_strategy) { Class.new(OmniAuth::Strategies::OAuth2) } before do OmniAuth.config.test_mode = true end after do OmniAuth.config.test_mode = false end describe "Subclassing Behavior" do subject { fresh_strategy } it "performs the OmniAuth::Strategy included hook" do expect(OmniAuth.strategies).to include(OmniAuth::Strategies::OAuth2) expect(OmniAuth.strategies).to include(subject) end end describe "#client" do subject { fresh_strategy } it "is initialized with symbolized client_options" do instance = subject.new(app, :client_options => {"authorize_url" => "https://example.com"}) expect(instance.client.options[:authorize_url]).to eq("https://example.com") end it "sets ssl options as connection options" do instance = subject.new(app, :client_options => {"ssl" => {"ca_path" => "foo"}}) expect(instance.client.options[:connection_opts][:ssl]).to eq(:ca_path => "foo") end end describe "#authorize_params" do subject { fresh_strategy } it "includes any authorize params passed in the :authorize_params option" do instance = subject.new("abc", "def", :authorize_params => {:foo => "bar", :baz => "zip"}) expect(instance.authorize_params["foo"]).to eq("bar") expect(instance.authorize_params["baz"]).to eq("zip") end it "includes top-level options that are marked as :authorize_options" do instance = subject.new("abc", "def", :authorize_options => [:scope, :foo, :state], :scope => "bar", :foo => "baz") expect(instance.authorize_params["scope"]).to eq("bar") expect(instance.authorize_params["foo"]).to eq("baz") end it "includes random state in the authorize params" do instance = subject.new("abc", "def") expect(instance.authorize_params.keys).to eq(["state"]) expect(instance.session["omniauth.state"]).not_to be_empty end end describe "#token_params" do subject { fresh_strategy } it "includes any authorize params passed in the :authorize_params option" do instance = subject.new("abc", "def", :token_params => {:foo => "bar", :baz => "zip"}) expect(instance.token_params).to eq("foo" => "bar", "baz" => "zip") end it "includes top-level options that are marked as :authorize_options" do instance = subject.new("abc", "def", :token_options => [:scope, :foo], :scope => "bar", :foo => "baz") expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz") end end describe "#callback_phase" do subject { fresh_strategy } it "calls fail with the client error received" do instance = subject.new("abc", "def") allow(instance).to receive(:request) do double("Request", :params => {"error_reason" => "user_denied", "error" => "access_denied"}) end expect(instance).to receive(:fail!).with("user_denied", anything) instance.callback_phase end end end describe OmniAuth::Strategies::OAuth2::CallbackError do let(:error) { Class.new(OmniAuth::Strategies::OAuth2::CallbackError) } describe "#message" do subject { error } it "includes all of the attributes" do instance = subject.new("error", "description", "uri") expect(instance.message).to match(/error/) expect(instance.message).to match(/description/) expect(instance.message).to match(/uri/) end it "includes all of the attributes" do instance = subject.new(nil, :symbol) expect(instance.message).to eq("symbol") end end end omniauth-oauth2-1.4.0/LICENSE.md0000644000004100000410000000211112616712234016173 0ustar www-datawww-dataCopyright (C) 2014 Michael Bleigh, Erik Michaels-Ober and Intridea, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. omniauth-oauth2-1.4.0/.travis.yml0000644000004100000410000000051212616712234016703 0ustar www-datawww-databefore_install: gem install bundler env: global: - JRUBY_OPTS="$JRUBY_OPTS --debug" language: ruby rvm: - 1.8.7 - 1.9.3 - 2.0.0 - 2.1 - 2.2 - jruby-18mode - jruby-19mode - jruby-head - rbx-2 - ruby-head matrix: allow_failures: - rvm: jruby-head - rvm: ruby-head fast_finish: true sudo: false omniauth-oauth2-1.4.0/lib/0000755000004100000410000000000012616712234015342 5ustar www-datawww-dataomniauth-oauth2-1.4.0/lib/omniauth/0000755000004100000410000000000012616712234017166 5ustar www-datawww-dataomniauth-oauth2-1.4.0/lib/omniauth/strategies/0000755000004100000410000000000012616712234021340 5ustar www-datawww-dataomniauth-oauth2-1.4.0/lib/omniauth/strategies/oauth2.rb0000644000004100000410000001046612616712234023076 0ustar www-datawww-datarequire "oauth2" require "omniauth" require "securerandom" require "socket" # for SocketError require "timeout" # for Timeout::Error module OmniAuth module Strategies # Authentication strategy for connecting with APIs constructed using # the [OAuth 2.0 Specification](http://tools.ietf.org/html/draft-ietf-oauth-v2-10). # You must generally register your application with the provider and # utilize an application id and secret in order to authenticate using # OAuth 2.0. class OAuth2 include OmniAuth::Strategy def self.inherited(subclass) OmniAuth::Strategy.included(subclass) end args [:client_id, :client_secret] option :client_id, nil option :client_secret, nil option :client_options, {} option :authorize_params, {} option :authorize_options, [:scope] option :token_params, {} option :token_options, [] option :auth_token_params, {} option :provider_ignores_state, false attr_accessor :access_token def client ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options)) end credentials do hash = {"token" => access_token.token} hash.merge!("refresh_token" => access_token.refresh_token) if access_token.expires? && access_token.refresh_token hash.merge!("expires_at" => access_token.expires_at) if access_token.expires? hash.merge!("expires" => access_token.expires?) hash end def request_phase redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params)) end def authorize_params options.authorize_params[:state] = SecureRandom.hex(24) params = options.authorize_params.merge(options_for("authorize")) if OmniAuth.config.test_mode @env ||= {} @env["rack.session"] ||= {} end session["omniauth.state"] = params[:state] params end def token_params options.token_params.merge(options_for("token")) end def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity error = request.params["error_reason"] || request.params["error"] if error fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"])) elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state")) fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected")) else self.access_token = build_access_token self.access_token = access_token.refresh! if access_token.expired? super end rescue ::OAuth2::Error, CallbackError => e fail!(:invalid_credentials, e) rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e fail!(:timeout, e) rescue ::SocketError => e fail!(:failed_to_connect, e) end protected def build_access_token verifier = request.params["code"] client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params)) end def deep_symbolize(options) hash = {} options.each do |key, value| hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value end hash end def options_for(option) hash = {} options.send(:"#{option}_options").select { |key| options[key] }.each do |key| hash[key.to_sym] = options[key] end hash end # An error that is indicated in the OAuth 2.0 callback. # This could be a `redirect_uri_mismatch` or other class CallbackError < StandardError attr_accessor :error, :error_reason, :error_uri def initialize(error, error_reason = nil, error_uri = nil) self.error = error self.error_reason = error_reason self.error_uri = error_uri end def message [error, error_reason, error_uri].compact.join(" | ") end end end end end OmniAuth.config.add_camelization "oauth2", "OAuth2" omniauth-oauth2-1.4.0/lib/omniauth-oauth2.rb0000644000004100000410000000014212616712234020710 0ustar www-datawww-datarequire "omniauth-oauth2/version" # rubocop:disable FileName require "omniauth/strategies/oauth2" omniauth-oauth2-1.4.0/lib/omniauth-oauth2/0000755000004100000410000000000012616712234020366 5ustar www-datawww-dataomniauth-oauth2-1.4.0/lib/omniauth-oauth2/version.rb0000644000004100000410000000010012616712234022367 0ustar www-datawww-datamodule OmniAuth module OAuth2 VERSION = "1.4.0" end end omniauth-oauth2-1.4.0/.rubocop.yml0000644000004100000410000000127712616712234017055 0ustar www-datawww-dataMetrics/BlockNesting: Max: 2 Metrics/LineLength: AllowURI: true Enabled: false Metrics/MethodLength: CountComments: false Max: 10 Metrics/ParameterLists: Max: 4 CountKeywordArgs: true Style/AccessModifierIndentation: EnforcedStyle: outdent Style/CollectionMethods: PreferredMethods: map: 'collect' reduce: 'inject' find: 'detect' find_all: 'select' Style/Documentation: Enabled: false Style/DoubleNegation: Enabled: false Style/HashSyntax: EnforcedStyle: hash_rockets Style/SpaceInsideHashLiteralBraces: EnforcedStyle: no_space Style/StringLiterals: EnforcedStyle: double_quotes Style/TrailingComma: EnforcedStyleForMultiline: 'comma' omniauth-oauth2-1.4.0/metadata.yml0000644000004100000410000000457112616712234017106 0ustar www-datawww-data--- !ruby/object:Gem::Specification name: omniauth-oauth2 version: !ruby/object:Gem::Version version: 1.4.0 platform: ruby authors: - Michael Bleigh - Erik Michaels-Ober autorequire: bindir: bin cert_chain: [] date: 2015-10-21 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: oauth2 requirement: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version version: '1.0' type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version version: '1.0' - !ruby/object:Gem::Dependency name: omniauth requirement: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version version: '1.2' type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version version: '1.2' - !ruby/object:Gem::Dependency name: bundler requirement: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version version: '1.0' type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version version: '1.0' description: An abstract OAuth2 strategy for OmniAuth. email: - michael@intridea.com - sferik@gmail.com executables: [] extensions: [] extra_rdoc_files: [] files: - ".gitignore" - ".rspec" - ".rubocop.yml" - ".travis.yml" - Gemfile - LICENSE.md - README.md - Rakefile - lib/omniauth-oauth2.rb - lib/omniauth-oauth2/version.rb - lib/omniauth/strategies/oauth2.rb - omniauth-oauth2.gemspec - spec/helper.rb - spec/omniauth/strategies/oauth2_spec.rb homepage: https://github.com/intridea/omniauth-oauth2 licenses: - MIT metadata: {} post_install_message: rdoc_options: [] require_paths: - lib required_ruby_version: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' required_rubygems_version: !ruby/object:Gem::Requirement requirements: - - ">=" - !ruby/object:Gem::Version version: '0' requirements: [] rubyforge_project: rubygems_version: 2.4.8 signing_key: specification_version: 4 summary: An abstract OAuth2 strategy for OmniAuth. test_files: - spec/helper.rb - spec/omniauth/strategies/oauth2_spec.rb omniauth-oauth2-1.4.0/.gitignore0000644000004100000410000000024012616712234016560 0ustar www-datawww-data*.gem *.rbc .bundle .config .yardoc Gemfile.lock InstalledFiles _yardoc coverage doc/ lib/bundler/man pkg rdoc spec/reports test/tmp test/version_tmp tmp *.swp omniauth-oauth2-1.4.0/omniauth-oauth2.gemspec0000644000004100000410000000172312616712234021170 0ustar www-datawww-datalib = File.expand_path("../lib", __FILE__) $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) require "omniauth-oauth2/version" Gem::Specification.new do |gem| gem.add_dependency "oauth2", "~> 1.0" gem.add_dependency "omniauth", "~> 1.2" gem.add_development_dependency "bundler", "~> 1.0" gem.authors = ["Michael Bleigh", "Erik Michaels-Ober"] gem.email = ["michael@intridea.com", "sferik@gmail.com"] gem.description = "An abstract OAuth2 strategy for OmniAuth." gem.summary = gem.description gem.homepage = "https://github.com/intridea/omniauth-oauth2" gem.licenses = %w(MIT) gem.executables = `git ls-files -- bin/*`.split("\n").collect { |f| File.basename(f) } gem.files = `git ls-files`.split("\n") gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") gem.name = "omniauth-oauth2" gem.require_paths = %w(lib) gem.version = OmniAuth::OAuth2::VERSION end omniauth-oauth2-1.4.0/README.md0000644000004100000410000000436012616712234016056 0ustar www-datawww-data# OmniAuth OAuth2 [![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem] [![Build Status](http://img.shields.io/travis/intridea/omniauth-oauth2.svg)][travis] [![Dependency Status](http://img.shields.io/gemnasium/intridea/omniauth-oauth2.svg)][gemnasium] [![Code Climate](http://img.shields.io/codeclimate/github/intridea/omniauth-oauth2.svg)][codeclimate] [![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls] [gem]: https://rubygems.org/gems/omniauth-oauth2 [travis]: http://travis-ci.org/intridea/omniauth-oauth2 [gemnasium]: https://gemnasium.com/intridea/omniauth-oauth2 [codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2 [coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2 This gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve as a building block strategy for other strategies and not to be used independently (since it has no inherent way to gather uid and user info). ## Creating an OAuth2 Strategy To create an OmniAuth OAuth2 strategy using this gem, you can simply subclass it and add a few extra methods like so: ```ruby require 'omniauth-oauth2' module OmniAuth module Strategies class SomeSite < OmniAuth::Strategies::OAuth2 # Give your strategy a name. option :name, "some_site" # This is where you pass the options you would pass when # initializing your consumer from the OAuth gem. option :client_options, {:site => "https://api.somesite.com"} # These are called after authentication has succeeded. If # possible, you should try to set the UID without making # additional calls (if the user id is returned with the token # or as a URI parameter). This may not be possible with all # providers. uid{ raw_info['id'] } info do { :name => raw_info['name'], :email => raw_info['email'] } end extra do { 'raw_info' => raw_info } end def raw_info @raw_info ||= access_token.get('/me').parsed end end end end ``` That's pretty much it! [![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/intridea/omniauth-oauth2/trend.png)](https://bitdeli.com/free "Bitdeli Badge")