Commit b419fe76 authored by Balasankar "Balu" C's avatar Balasankar "Balu" C

New upstream version 0.0.9

parent a9a9e153
language: ruby
rvm:
- 2.1.8
# Version 0.0.9
* Added support for dynamic tenant urls. Thanks @marcus-fellinger-esc
# Version 0.0.8
* Upgrade to omniauth-oauth2 1.4.0 and fix callback url issue
* Allow prompt parameter, thanks @hilu
* Add tenant id to info
* Updated base url
# Version 0.0.6 # Version 0.0.6
* Use 'name' from Azure for name, and 'unique_name' for nickname per Auth Hash spec. Thanks @jayme-github * Use 'name' from Azure for name, and 'unique_name' for nickname per Auth Hash spec. Thanks @jayme-github
......
# OmniAuth Windows Azure Active Directory Strategy # OmniAuth Windows Azure Active Directory Strategy
[![Build Status](https://travis-ci.org/KonaTeam/omniauth-azure-oauth2.svg?branch=master)](https://travis-ci.org/KonaTeam/omniauth-azure-oauth2)
This gem provides a simple way to authenticate to Windows Azure Active Directory (WAAD) over OAuth2 using OmniAuth. This gem provides a simple way to authenticate to Windows Azure Active Directory (WAAD) over OAuth2 using OmniAuth.
...@@ -100,6 +101,9 @@ use OmniAuth::Builder do ...@@ -100,6 +101,9 @@ use OmniAuth::Builder do
end end
``` ```
The base_azure_url can be overridden in the provider configuration for different locales; e.g. `base_azure_url: "https://login.microsoftonline.de"`
## Auth Hash Schema ## Auth Hash Schema
The following information is provided back to you for this provider: The following information is provided back to you for this provider:
...@@ -140,6 +144,8 @@ end ...@@ -140,6 +144,8 @@ end
5. Push to the branch (`git push origin my-new-feature`) 5. Push to the branch (`git push origin my-new-feature`)
6. Create new Pull Request 6. Create new Pull Request
## Misc ## Misc
Run tests `bundle exec rake` Run tests `bundle exec rake`
Push to rubygems `bundle exec rake release`. Push to rubygems `bundle exec rake release`.
module OmniAuth module OmniAuth
module AzureOauth2 module AzureOauth2
VERSION = "0.0.6" VERSION = "0.0.9"
end end
end end
...@@ -4,7 +4,7 @@ require 'jwt' ...@@ -4,7 +4,7 @@ require 'jwt'
module OmniAuth module OmniAuth
module Strategies module Strategies
class AzureOauth2 < OmniAuth::Strategies::OAuth2 class AzureOauth2 < OmniAuth::Strategies::OAuth2
BASE_AZURE_URL = 'https://login.windows.net' BASE_AZURE_URL = 'https://login.microsoftonline.com'
option :name, 'azure_oauth2' option :name, 'azure_oauth2'
...@@ -13,24 +13,27 @@ module OmniAuth ...@@ -13,24 +13,27 @@ module OmniAuth
# AD resource identifier # AD resource identifier
option :resource, '00000002-0000-0000-c000-000000000000' option :resource, '00000002-0000-0000-c000-000000000000'
# tenant_provider must return client_id, client_secret and optionally tenant_id # tenant_provider must return client_id, client_secret and optionally tenant_id and base_azure_url
args [:tenant_provider] args [:tenant_provider]
def client def client
if options.tenant_provider if options.tenant_provider
provider = options.tenant_provider.new(self) provider = options.tenant_provider.new(self)
else else
provider = options # if pass has to config, get mapped right on to ptions provider = options # if pass has to config, get mapped right on to options
end end
options.client_id = provider.client_id options.client_id = provider.client_id
options.client_secret = provider.client_secret options.client_secret = provider.client_secret
options.tenant_id = options.tenant_id =
provider.respond_to?(:tenant_id) ? provider.tenant_id : 'common' provider.respond_to?(:tenant_id) ? provider.tenant_id : 'common'
options.base_azure_url =
provider.respond_to?(:base_azure_url) ? provider.base_azure_url : BASE_AZURE_URL
options.authorize_params.domain_hint = provider.domain_hint if provider.respond_to?(:domain_hint) && provider.domain_hint options.authorize_params.domain_hint = provider.domain_hint if provider.respond_to?(:domain_hint) && provider.domain_hint
options.client_options.authorize_url = "#{BASE_AZURE_URL}/#{options.tenant_id}/oauth2/authorize" options.authorize_params.prompt = request.params['prompt'] if request.params['prompt']
options.client_options.token_url = "#{BASE_AZURE_URL}/#{options.tenant_id}/oauth2/token" options.client_options.authorize_url = "#{options.base_azure_url}/#{options.tenant_id}/oauth2/authorize"
options.client_options.token_url = "#{options.base_azure_url}/#{options.tenant_id}/oauth2/token"
options.token_params.resource = options.resource options.token_params.resource = options.resource
super super
...@@ -47,10 +50,14 @@ module OmniAuth ...@@ -47,10 +50,14 @@ module OmniAuth
first_name: raw_info['given_name'], first_name: raw_info['given_name'],
last_name: raw_info['family_name'], last_name: raw_info['family_name'],
email: raw_info['email'] || raw_info['upn'], email: raw_info['email'] || raw_info['upn'],
oid: raw_info['oid'] oid: raw_info['oid'],
tid: raw_info['tid']
} }
end end
def callback_url
full_host + script_name + callback_path
end
def raw_info def raw_info
# it's all here in JWT http://msdn.microsoft.com/en-us/library/azure/dn195587.aspx # it's all here in JWT http://msdn.microsoft.com/en-us/library/azure/dn195587.aspx
......
...@@ -19,7 +19,7 @@ Gem::Specification.new do |gem| ...@@ -19,7 +19,7 @@ Gem::Specification.new do |gem|
gem.add_dependency 'omniauth', '~> 1.0' gem.add_dependency 'omniauth', '~> 1.0'
gem.add_dependency 'jwt', '~> 1.0' gem.add_dependency 'jwt', '~> 1.0'
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.1' gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.4'
gem.add_development_dependency 'rspec', '>= 2.14.0' gem.add_development_dependency 'rspec', '>= 2.14.0'
gem.add_development_dependency 'rake' gem.add_development_dependency 'rake'
......
...@@ -31,19 +31,23 @@ describe OmniAuth::Strategies::AzureOauth2 do ...@@ -31,19 +31,23 @@ describe OmniAuth::Strategies::AzureOauth2 do
describe '#client' do describe '#client' do
it 'has correct authorize url' do it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/tenant/oauth2/authorize') allow(subject).to receive(:request) { request }
expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/authorize')
end end
it 'has correct authorize params' do it 'has correct authorize params' do
allow(subject).to receive(:request) { request }
subject.client subject.client
expect(subject.authorize_params[:domain_hint]).to be_nil expect(subject.authorize_params[:domain_hint]).to be_nil
end end
it 'has correct token url' do it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/tenant/oauth2/token') allow(subject).to receive(:request) { request }
expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/token')
end end
it 'has correct token params' do it 'has correct token params' do
allow(subject).to receive(:request) { request }
subject.client subject.client
expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000') expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000')
end end
...@@ -51,6 +55,7 @@ describe OmniAuth::Strategies::AzureOauth2 do ...@@ -51,6 +55,7 @@ describe OmniAuth::Strategies::AzureOauth2 do
describe "overrides" do describe "overrides" do
it 'should override domain_hint' do it 'should override domain_hint' do
@options = {domain_hint: 'hint'} @options = {domain_hint: 'hint'}
allow(subject).to receive(:request) { request }
subject.client subject.client
expect(subject.authorize_params[:domain_hint]).to eql('hint') expect(subject.authorize_params[:domain_hint]).to eql('hint')
end end
...@@ -59,19 +64,63 @@ describe OmniAuth::Strategies::AzureOauth2 do ...@@ -59,19 +64,63 @@ describe OmniAuth::Strategies::AzureOauth2 do
end end
describe 'static configuration - german' do
let(:options) { @options || {} }
subject do
OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret', tenant_id: 'tenant', base_azure_url: 'https://login.microsoftonline.de'}.merge(options))
end
describe '#client' do
it 'has correct authorize url' do
allow(subject).to receive(:request) { request }
expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/authorize')
end
it 'has correct authorize params' do
allow(subject).to receive(:request) { request }
subject.client
expect(subject.authorize_params[:domain_hint]).to be_nil
end
it 'has correct token url' do
allow(subject).to receive(:request) { request }
expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/token')
end
it 'has correct token params' do
allow(subject).to receive(:request) { request }
subject.client
expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000')
end
describe "overrides" do
it 'should override domain_hint' do
@options = {domain_hint: 'hint'}
allow(subject).to receive(:request) { request }
subject.client
expect(subject.authorize_params[:domain_hint]).to eql('hint')
end
end
end
end
describe 'static common configuration' do describe 'static common configuration' do
let(:options) { @options || {} } let(:options) { @options || {} }
subject do subject do
OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret'}.merge(options)) OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret'}.merge(options))
end end
before do
allow(subject).to receive(:request) { request }
end
describe '#client' do describe '#client' do
it 'has correct authorize url' do it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/common/oauth2/authorize') expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/common/oauth2/authorize')
end end
it 'has correct token url' do it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/common/oauth2/token') expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/common/oauth2/token')
end end
end end
end end
...@@ -101,9 +150,13 @@ describe OmniAuth::Strategies::AzureOauth2 do ...@@ -101,9 +150,13 @@ describe OmniAuth::Strategies::AzureOauth2 do
OmniAuth::Strategies::AzureOauth2.new(app, provider_klass) OmniAuth::Strategies::AzureOauth2.new(app, provider_klass)
end end
before do
allow(subject).to receive(:request) { request }
end
describe '#client' do describe '#client' do
it 'has correct authorize url' do it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/tenant/oauth2/authorize') expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/authorize')
end end
it 'has correct authorize params' do it 'has correct authorize params' do
...@@ -112,7 +165,7 @@ describe OmniAuth::Strategies::AzureOauth2 do ...@@ -112,7 +165,7 @@ describe OmniAuth::Strategies::AzureOauth2 do
end end
it 'has correct token url' do it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/tenant/oauth2/token') expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/token')
end end
it 'has correct token params' do it 'has correct token params' do
...@@ -132,6 +185,69 @@ describe OmniAuth::Strategies::AzureOauth2 do ...@@ -132,6 +185,69 @@ describe OmniAuth::Strategies::AzureOauth2 do
end end
describe 'dynamic configuration - german' do
let(:provider_klass) {
Class.new {
def initialize(strategy)
end
def client_id
'id'
end
def client_secret
'secret'
end
def tenant_id
'tenant'
end
def base_azure_url
'https://login.microsoftonline.de'
end
}
}
subject do
OmniAuth::Strategies::AzureOauth2.new(app, provider_klass)
end
before do
allow(subject).to receive(:request) { request }
end
describe '#client' do
it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/authorize')
end
it 'has correct authorize params' do
subject.client
expect(subject.authorize_params[:domain_hint]).to be_nil
end
it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/token')
end
it 'has correct token params' do
subject.client
expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000')
end
# todo: how to get this working?
# describe "overrides" do
# it 'should override domain_hint' do
# provider_klass.domain_hint = 'hint'
# subject.client
# expect(subject.authorize_params[:domain_hint]).to eql('hint')
# end
# end
end
end
describe 'dynamic common configuration' do describe 'dynamic common configuration' do
let(:provider_klass) { let(:provider_klass) {
Class.new { Class.new {
...@@ -152,13 +268,17 @@ describe OmniAuth::Strategies::AzureOauth2 do ...@@ -152,13 +268,17 @@ describe OmniAuth::Strategies::AzureOauth2 do
OmniAuth::Strategies::AzureOauth2.new(app, provider_klass) OmniAuth::Strategies::AzureOauth2.new(app, provider_klass)
end end
before do
allow(subject).to receive(:request) { request }
end
describe '#client' do describe '#client' do
it 'has correct authorize url' do it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/common/oauth2/authorize') expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/common/oauth2/authorize')
end end
it 'has correct token url' do it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/common/oauth2/token') expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/common/oauth2/token')
end end
end end
end end
...@@ -176,8 +296,9 @@ describe OmniAuth::Strategies::AzureOauth2 do ...@@ -176,8 +296,9 @@ describe OmniAuth::Strategies::AzureOauth2 do
double(:token => token) double(:token => token)
end end
before :each do before do
allow(subject).to receive(:access_token) { access_token } allow(subject).to receive(:access_token) { access_token }
allow(subject).to receive(:request) { request }
end end
it "does not clash if JWT strategy is used" do it "does not clash if JWT strategy is used" do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment