-
Notifications
You must be signed in to change notification settings - Fork 1
/
generic_oauth.rb
111 lines (93 loc) · 3.48 KB
/
generic_oauth.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# encoding: UTF-8
require 'multi_json'
require 'jwt'
require 'omniauth/strategies/oauth2'
module OmniAuth
module Strategies
class GenericOauth < OmniAuth::Strategies::OAuth2
option :name, 'generic_oauth'
uid do
raw_info[options.client_options.info_mappings['uid']].to_s
end
info do
creds = credentials
data = {}
options.client_options.info_mappings.each do |key, value|
data[key] = raw_info[value] || creds[value]
end
data
end
def request_phase
authid = request.params['id']
if authid.nil?
raise 'no auth definition ID provided'
else
set_options(authid)
end
super
end
def callback_phase
authid = request.params['id']
# Set out details once again
if authid.nil?
raise 'no auth definition ID provided'
else
set_options(authid)
end
super
end
def set_options(id)
strat = OauthStrat.find(id)
options.client_options.site = strat.site if strat.site
options.client_options.authorize_url = strat.authorize_url if strat.authorize_url
options.client_options.token_url = strat.token_url if strat.token_url
options.client_options.token_method = strat.token_method.downcase.to_sym if strat.token_method
options.client_options.auth_scheme = strat.auth_scheme.downcase.to_sym if strat.auth_scheme
# options.client_options.authorize_path = strat.authorize_path if strat.authorize_path (renamed to authorize_url)
options.client_options.raw_info_url = strat.raw_info_url if strat.raw_info_url
options.client_options.info_mappings = strat.info_mappings if strat.info_mappings
options.client_options.ensure_matching = strat.ensure_matching || {}
auth_params = strat.authorize_params || {}
auth_params[:scope] = strat.scope
options.authorize_params = auth_params
options.client_id = strat.client_id
options.client_secret = strat.client_secret
# prevent csrf errors
options.provider_ignores_state = true
end
def access_token_options
options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h }
end
# https://github.com/omniauth/omniauth/blob/ef7f7c2349e5cc2da5eda8ab1b1308a46685a5f5/lib/omniauth/strategy.rb#L438
# https://github.com/zquestz/omniauth-google-oauth2/blob/414c43ef3ffec37d473321f262e80f1e46dda89f/lib/omniauth/strategies/google_oauth2.rb#L104
def callback_url
full_host + script_name + callback_path + "?id=#{request.params['id']}"
end
def raw_info
return @raw_info if @raw_info
inf = access_token.get(options.client_options.raw_info_url).parsed
required_matches = options.client_options.ensure_matching
match = true
required_matches.each do |field, options|
checking = Array(inf[field.to_s])
matches = checking & options
if matches.length == 0
match = false
break
end
end
raise "Invalid Hosted Domain" unless match
@raw_info = inf
end
def prune!(hash)
hash.delete_if do |_, value|
prune!(value) if value.is_a?(Hash)
value.nil? || (value.respond_to?(:empty?) && value.empty?)
end
end
def query_string
request.query_string.empty? ? '' : "?#{request.query_string}"
end
end
end
end