Replace Facebook OAuth with Auth0

Fix: #371

Gemfile

@@ -44,15 +44,16 @@ gem 'validates_timeliness', '~> 4.1'
 
 # Authentication framework
 gem 'devise', '~> 4.7'
-gem 'omniauth', '~> 1.9' # TODO: wait for devise support of OmniAuth 2.0
+gem 'omniauth', '~> 1.9' # TODO: wait for devise/auth0 of OmniAuth 2.0
+gem 'omniauth-rails_csrf_protection', '~> 0.1.2'
+
+# OAuth Provider
+gem 'auth0', '~> 5.0'
+gem 'omniauth-auth0', '~> 2.3'
 
 # Geospatial data library
 gem 'rgeo', '~> 2.2'
 
-# Facebook integration
-gem 'koala', '~> 3.0'
-gem 'omniauth-facebook', '~> 8.0'
-
 # Performance
 gem 'newrelic_rpm', '~> 6.15'
 

Gemfile.lock

@@ -70,6 +70,11 @@ GEM
     airbrake-ruby (5.2.0)
       rbtree3 (~> 0.5)
     ast (2.4.2)
+    auth0 (5.0.0)
+      addressable (~> 2.7.0)
+      jwt (~> 2.2.0)
+      rest-client (~> 2.0.0)
+      zache (~> 0.12.0)
     bcrypt (3.1.16)
     better_errors (2.9.1)
       coderay (>= 1.0.0)
@@ -121,6 +126,8 @@ GEM
       warden (~> 1.2.3)
     diff-lcs (1.4.4)
     docile (1.3.5)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
     email_spec (2.2.0)
       htmlentities (~> 4.3.3)
       launchy (~> 2.1)
@@ -146,6 +153,8 @@ GEM
     hashdiff (1.0.1)
     hashie (4.1.0)
     htmlentities (4.3.4)
+    http-cookie (1.0.3)
+      domain_name (~> 0.5)
     http_accept_language (2.1.1)
     i18n (1.8.8)
       concurrent-ruby (~> 1.0)
@@ -160,7 +169,6 @@ GEM
       character_set (~> 1.4)
       regexp_parser (~> 2.0)
       regexp_property_values (~> 1.0)
-    json (2.5.1)
     jwt (2.2.2)
     kaminari (1.2.1)
       activesupport (>= 4.1.0)
@@ -174,10 +182,6 @@ GEM
       activerecord
       kaminari-core (= 1.2.1)
     kaminari-core (1.2.1)
-    koala (3.0.0)
-      addressable
-      faraday
-      json (>= 1.8)
     launchy (2.5.0)
       addressable (~> 2.7)
     listen (3.4.1)
@@ -191,6 +195,9 @@ GEM
     marcel (0.3.3)
       mimemagic (~> 0.3.2)
     method_source (1.0.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.1104)
     mimemagic (0.3.5)
     mini_mime (1.0.2)
     mini_portile2 (2.5.0)
@@ -199,6 +206,7 @@ GEM
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
+    netrc (0.11.0)
     newrelic_rpm (6.15.0)
     nio4r (2.5.5)
     nokogiri (1.11.1)
@@ -213,11 +221,15 @@ GEM
     omniauth (1.9.1)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
-    omniauth-facebook (8.0.0)
-      omniauth-oauth2 (~> 1.2)
+    omniauth-auth0 (2.5.0)
+      omniauth (~> 1.9)
+      omniauth-oauth2 (~> 1.5)
     omniauth-oauth2 (1.7.1)
       oauth2 (~> 1.4)
       omniauth (>= 1.9, < 3)
+    omniauth-rails_csrf_protection (0.1.2)
+      actionpack (>= 4.2)
+      omniauth (>= 1.3.1)
     orm_adapter (0.5.0)
     parallel (1.20.1)
     parser (3.0.0.0)
@@ -277,6 +289,10 @@ GEM
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
+    rest-client (2.0.2)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
     rexml (3.2.4)
     rgeo (2.2.0)
     rgeo-activerecord (7.0.0)
@@ -381,6 +397,9 @@ GEM
     turbolinks-source (5.2.0)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.7)
     unicode-display_width (2.0.0)
     uniform_notifier (1.13.2)
     validates_timeliness (4.1.1)
@@ -406,6 +425,7 @@ GEM
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
+    zache (0.12.0)
     zeitwerk (2.4.2)
 
 PLATFORMS
@@ -415,6 +435,7 @@ DEPENDENCIES
   activerecord-postgis-adapter (~> 7.0)
   addressable (~> 2.7)
   airbrake (~> 11.0)
+  auth0 (~> 5.0)
   better_errors (~> 2.9)
   binding_of_caller (~> 1.0)
   bootsnap (~> 1.7)
@@ -434,12 +455,12 @@ DEPENDENCIES
   inline_svg (~> 1.7)
   jbuilder (~> 2.11)
   kaminari (~> 1.2)
-  koala (~> 3.0)
   launchy (~> 2.5)
   listen (~> 3.4)
   newrelic_rpm (~> 6.15)
   omniauth (~> 1.9)
-  omniauth-facebook (~> 8.0)
+  omniauth-auth0 (~> 2.3)
+  omniauth-rails_csrf_protection (~> 0.1.2)
   pg (~> 1.2)
   pry (~> 0.13.1)
   pry-byebug (~> 3.9)

README.md

@@ -20,7 +20,7 @@ By having more people using one vehicle, carpooling reduces each person’s trav
 * [Font Awesome][7] (vectorial icons)
 * [Devise][2]
 * Asynchronous tasks with [Sucker Punch][9]
-* Facebook Open Graph / Rest API with [Koala][11]
+* OAuth login with [Auth0][11]
 * Google Maps API
 * [RSpec][12]
 * [Heroku][14] Cloud Application Platform
@@ -36,7 +36,7 @@ By having more people using one vehicle, carpooling reduces each person’s trav
  [6]: https://getbootstrap.com
  [7]: https://fontawesome.com
  [9]: https://github.com/brandonhilkert/sucker_punch
- [11]: https://github.com/arsduo/koala
+ [11]: https://auth0.com/
  [12]: https://rspec.info/
  [13]: https://newrelic.com/
  [14]: https://www.heroku.com/

app.json

@@ -1,6 +1,6 @@
 {
   "name": "icare",
-  "description": "Open Source Carpooling Platform. icare requires a valid Facebook application, check our Wiki for more information.",
+  "description": "Open Source Carpooling Platform. icare requires a valid Auth0 application, check our Wiki for more information.",
   "keywords": [
     "Carpooling",
     "Ridesharing",
@@ -26,14 +26,14 @@
     "GOOGLE_MAPS_API_KEY": {
       "description": "A valid Google Maps JavaScript API key. Check our Wiki for more information."
     },
-    "FACEBOOK_NAMESPACE": {
-      "description": "The namespace of your Facebook application. Check our Wiki for more information."
+    "AUTH0_DOMAIN": {
+      "description": "The Domain of your Auth0 application. Check our Wiki for more information."
     },
-    "FACEBOOK_APP_ID": {
-      "description": "The ID of your Facebook application. Check our Wiki for more information."
+    "AUTH0_CLIENT_ID": {
+      "description": "The Client Secret of your Auth0 application. Check our Wiki for more information."
     },
-    "FACEBOOK_SECRET": {
-      "description": "The secret of your Facebook application. Check our Wiki for more information."
+    "AUTH0_CLIENT_SECRET": {
+      "description": "The secret of your Auth0 application. Check our Wiki for more information."
     },
     "NEW_RELIC_APP_NAME": {
       "description": "Sets the name of your application as it will appear on the New Relic dashboard.",

app/controllers/users/omniauth_callbacks_controller.rb

@@ -2,12 +2,11 @@
 
 module Users
   class OmniauthCallbacksController < ::Devise::OmniauthCallbacksController
-    def facebook
+    def auth0
       @user = User.from_omniauth(auth_hash)
 
       if @user.persisted?
         @user.update_info_from_auth_hash! auth_hash
-        CacheFacebookDataJob.perform_later @user
         sign_in_and_redirect @user, event: :authentication
       else
         redirect_to root_path, flash: { error: t('flash.sessions.error.create') }

app/helpers/users_helper.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module UsersHelper
-  def facebook_profile_picture(user, type = :square)
+  def auth0_profile_picture(user, type = :square)
     if user_signed_in? && user.image?
       "#{user.image}?type=#{type}"
     else
@@ -13,45 +13,8 @@ def user_profile_picture(user, size: [50, 50], type: :square, style: 'img-fluid'
     tag :img,
         { width:  ("#{size[0]}px" if size),
           height: ("#{size[1]}px" if size),
-          src:    facebook_profile_picture(user, type),
+          src:    auth0_profile_picture(user, type),
           alt:    '',
-          class:  [('verified' if user.facebook_verified?), style].compact.join(' ') }.merge(opts)
-  end
-
-  def language_tags(user)
-    return unless user.languages&.any?
-
-    render_common_tags = (user != current_user)
-    common_languages = get_common_tags(current_user.languages, user.languages) if render_common_tags
-    html = user.languages.map { |language| render_tag t('.language', language: language['name']), (render_common_tags && common_languages.include?(language['id'])) }
-    safe_join html
-  end
-
-  def favorite_tags(user, user_favorites)
-    return unless user_favorites&.any?
-
-    render_tags user_favorites, current_user.facebook_favorites, render_common_tags: (user != current_user), content: t('.likes'), class: 'tag tag-facebook tag-sm', css_class: 'tag-sm'
-  end
-
-  private
-
-  def get_common_tags(my_tags, user_tags)
-    return [] if my_tags&.empty?
-
-    (my_tags.map { |tag| tag['id'] }) & (user_tags.map { |tag| tag['id'] })
-  end
-
-  def render_tags(user_tags, my_tags, opts = {})
-    options = { render_common_tags: false }.merge(opts)
-    common_tags = get_common_tags(my_tags, user_tags) if options[:render_common_tags]
-    html = tag.div(options[:content], class: options[:class])
-    user_tags.each do |tag|
-      html << render_tag(tag['name'], options[:render_common_tags] && common_tags.include?(tag['id']), options[:css_class])
-    end
-    html
-  end
-
-  def render_tag(tag_text, common, css_class = nil)
-    tag.div tag_text, class: ['tag', ('tag-common' if common), css_class].compact.join(' ')
+          class:  style }.merge(opts)
   end
 end

app/javascript/src/fontawesome.js

@@ -41,7 +41,6 @@ import {
 } from '@fortawesome/free-solid-svg-icons'
 
 import {
-  faFacebook,
   faGithub
 } from '@fortawesome/free-brands-svg-icons'
 
@@ -88,7 +87,6 @@ library.add(
   faUserSecret,
   faWrench,
 
-  faFacebook,
   faGithub
 )
 

app/javascript/src/javascripts/maps-search.js

@@ -168,7 +168,6 @@ const initItineraryIndex = function () {
           $('#itineraries-thumbs').append(HandlebarsTemplates['itineraries/thumbnail'](this))
         })
         icare.map.fitBounds(icare.latLngBounds)
-        $('.facebook-verified-tooltip').tooltip()
       }
     })
 

app/javascript/src/javascripts/templates/itineraries/thumbnail.handlebars

@@ -5,7 +5,7 @@
       <div class="media"><img alt="" class="mr-2" height="50" src="{{user.image}}" width="50">
         <div class="media-body">
           <h5 class="mb-0"><a class="pre-line" href="{{url}}">{{title}}</a></h5>
-          <p>{{user.name}}{{#if user.facebook_verified}} <span class="fas fa-check text-success facebook-verified-tooltip" data-toggle="tooltip" title="{{translate "templates.itineraries.facebook_verified"}}"></span> {{/if}}</p>
+          <p>{{user.name}}</p>
         </div>
       </div>
       <p class="card-text">{{#if pink}}<span class="text-pink"> <span class="fas fa-lock"></span> {{translate "activerecord.attributes.itinerary.pink"}} </span><br>{{/if}}{{#if daily}}<br> <span class="fas fa-redo"></span> <span class="text-muted">{{translate "activerecord.attributes.itinerary.daily"}} </span> <span class="fas fa-clock"></span> {{localize "time.formats.time_only" leave_date}} {{else}} <span class="text-muted">{{translate "activerecord.attributes.itinerary.leave_date"}}: </span>{{localize "date.formats.long" leave_date}} {{localize "time.formats.time_only" leave_date}} {{#if round_trip}}<br><span class="text-muted">{{translate "activerecord.attributes.itinerary.return_date"}}: </span>{{localize "date.formats.long" return_date}} <span class="fas fa-clock"></span> {{localize "time.formats.time_only" return_date}}{{/if}}{{/if}}<br><span class="text-muted">{{translate "activerecord.attributes.itinerary.fuel_cost"}}: </span>{{currency fuel_cost}} <br><span class="text-muted">{{translate "activerecord.attributes.itinerary.tolls"}}: </span>{{currency tolls}} </p>