...
 
Commits (5)
language: ruby
rvm:
- 2.1.8
# Version 0.0.9
* Added support for dynamic tenant urls. Thanks @marcus-fellinger-esc
# Version 0.0.8
* Upgrade to omniauth-oauth2 1.4.0 and fix callback url issue
* Allow prompt parameter, thanks @hilu
* Add tenant id to info
* Updated base url
# Version 0.0.6
* Use 'name' from Azure for name, and 'unique_name' for nickname per Auth Hash spec. Thanks @jayme-github
......
# OmniAuth Windows Azure Active Directory Strategy
[![Build Status](https://travis-ci.org/KonaTeam/omniauth-azure-oauth2.svg?branch=master)](https://travis-ci.org/KonaTeam/omniauth-azure-oauth2)
This gem provides a simple way to authenticate to Windows Azure Active Directory (WAAD) over OAuth2 using OmniAuth.
......@@ -100,6 +101,9 @@ use OmniAuth::Builder do
end
```
The base_azure_url can be overridden in the provider configuration for different locales; e.g. `base_azure_url: "https://login.microsoftonline.de"`
## Auth Hash Schema
The following information is provided back to you for this provider:
......@@ -140,6 +144,8 @@ end
5. Push to the branch (`git push origin my-new-feature`)
6. Create new Pull Request
## Misc
Run tests `bundle exec rake`
Push to rubygems `bundle exec rake release`.
ruby-omniauth-azure-oauth2 (0.0.9-1) experimental; urgency=medium
* New upstream release.
* Bump debhelper compatibility to 11
* Bump Standards-Version to 4.1.3 (no changes needed)
-- Balasankar C <balasankarc@debian.org> Tue, 13 Mar 2018 13:48:48 +0530
ruby-omniauth-azure-oauth2 (0.0.6-1) unstable; urgency=medium
* New upstream release.
......
......@@ -2,8 +2,8 @@ Source: ruby-omniauth-azure-oauth2
Section: ruby
Priority: optional
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Uploaders: Balasankar C <balasankarc@autistici.org>
Build-Depends: debhelper (>= 9~),
Uploaders: Balasankar C <balasankarc@debian.org>
Build-Depends: debhelper (>= 11~),
gem2deb,
rake,
ruby-jwt (>= 1.0),
......@@ -11,7 +11,7 @@ Build-Depends: debhelper (>= 9~),
ruby-omniauth-oauth2 (>= 1.1),
ruby-rspec,
ruby-sinatra
Standards-Version: 3.9.7
Standards-Version: 4.1.3
Vcs-Git: https://anonscm.debian.org/git/pkg-ruby-extras/ruby-omniauth-azure-oauth2.git
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-ruby-extras/ruby-omniauth-azure-oauth2.git
Homepage: https://github.com/KonaTeam/omniauth-azure-oauth2
......
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: omniauth-azure-oauth2
Source: https://github.com/KonaTeam/omniauth-azure-oauth2
......
module OmniAuth
module AzureOauth2
VERSION = "0.0.6"
VERSION = "0.0.9"
end
end
......@@ -4,7 +4,7 @@ require 'jwt'
module OmniAuth
module Strategies
class AzureOauth2 < OmniAuth::Strategies::OAuth2
BASE_AZURE_URL = 'https://login.windows.net'
BASE_AZURE_URL = 'https://login.microsoftonline.com'
option :name, 'azure_oauth2'
......@@ -13,24 +13,27 @@ module OmniAuth
# AD resource identifier
option :resource, '00000002-0000-0000-c000-000000000000'
# tenant_provider must return client_id, client_secret and optionally tenant_id
# tenant_provider must return client_id, client_secret and optionally tenant_id and base_azure_url
args [:tenant_provider]
def client
if options.tenant_provider
provider = options.tenant_provider.new(self)
else
provider = options # if pass has to config, get mapped right on to ptions
provider = options # if pass has to config, get mapped right on to options
end
options.client_id = provider.client_id
options.client_secret = provider.client_secret
options.tenant_id =
provider.respond_to?(:tenant_id) ? provider.tenant_id : 'common'
options.base_azure_url =
provider.respond_to?(:base_azure_url) ? provider.base_azure_url : BASE_AZURE_URL
options.authorize_params.domain_hint = provider.domain_hint if provider.respond_to?(:domain_hint) && provider.domain_hint
options.client_options.authorize_url = "#{BASE_AZURE_URL}/#{options.tenant_id}/oauth2/authorize"
options.client_options.token_url = "#{BASE_AZURE_URL}/#{options.tenant_id}/oauth2/token"
options.authorize_params.prompt = request.params['prompt'] if request.params['prompt']
options.client_options.authorize_url = "#{options.base_azure_url}/#{options.tenant_id}/oauth2/authorize"
options.client_options.token_url = "#{options.base_azure_url}/#{options.tenant_id}/oauth2/token"
options.token_params.resource = options.resource
super
......@@ -47,10 +50,14 @@ module OmniAuth
first_name: raw_info['given_name'],
last_name: raw_info['family_name'],
email: raw_info['email'] || raw_info['upn'],
oid: raw_info['oid']
oid: raw_info['oid'],
tid: raw_info['tid']
}
end
def callback_url
full_host + script_name + callback_path
end
def raw_info
# it's all here in JWT http://msdn.microsoft.com/en-us/library/azure/dn195587.aspx
......
......@@ -19,7 +19,7 @@ Gem::Specification.new do |gem|
gem.add_dependency 'omniauth', '~> 1.0'
gem.add_dependency 'jwt', '~> 1.0'
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.1'
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.4'
gem.add_development_dependency 'rspec', '>= 2.14.0'
gem.add_development_dependency 'rake'
......
......@@ -31,19 +31,23 @@ describe OmniAuth::Strategies::AzureOauth2 do
describe '#client' do
it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/tenant/oauth2/authorize')
allow(subject).to receive(:request) { request }
expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/authorize')
end
it 'has correct authorize params' do
allow(subject).to receive(:request) { request }
subject.client
expect(subject.authorize_params[:domain_hint]).to be_nil
end
it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/tenant/oauth2/token')
allow(subject).to receive(:request) { request }
expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/token')
end
it 'has correct token params' do
allow(subject).to receive(:request) { request }
subject.client
expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000')
end
......@@ -51,6 +55,7 @@ describe OmniAuth::Strategies::AzureOauth2 do
describe "overrides" do
it 'should override domain_hint' do
@options = {domain_hint: 'hint'}
allow(subject).to receive(:request) { request }
subject.client
expect(subject.authorize_params[:domain_hint]).to eql('hint')
end
......@@ -59,19 +64,63 @@ describe OmniAuth::Strategies::AzureOauth2 do
end
describe 'static configuration - german' do
let(:options) { @options || {} }
subject do
OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret', tenant_id: 'tenant', base_azure_url: 'https://login.microsoftonline.de'}.merge(options))
end
describe '#client' do
it 'has correct authorize url' do
allow(subject).to receive(:request) { request }
expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/authorize')
end
it 'has correct authorize params' do
allow(subject).to receive(:request) { request }
subject.client
expect(subject.authorize_params[:domain_hint]).to be_nil
end
it 'has correct token url' do
allow(subject).to receive(:request) { request }
expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/token')
end
it 'has correct token params' do
allow(subject).to receive(:request) { request }
subject.client
expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000')
end
describe "overrides" do
it 'should override domain_hint' do
@options = {domain_hint: 'hint'}
allow(subject).to receive(:request) { request }
subject.client
expect(subject.authorize_params[:domain_hint]).to eql('hint')
end
end
end
end
describe 'static common configuration' do
let(:options) { @options || {} }
subject do
OmniAuth::Strategies::AzureOauth2.new(app, {client_id: 'id', client_secret: 'secret'}.merge(options))
end
before do
allow(subject).to receive(:request) { request }
end
describe '#client' do
it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/common/oauth2/authorize')
expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/common/oauth2/authorize')
end
it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/common/oauth2/token')
expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/common/oauth2/token')
end
end
end
......@@ -101,9 +150,76 @@ describe OmniAuth::Strategies::AzureOauth2 do
OmniAuth::Strategies::AzureOauth2.new(app, provider_klass)
end
before do
allow(subject).to receive(:request) { request }
end
describe '#client' do
it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/authorize')
end
it 'has correct authorize params' do
subject.client
expect(subject.authorize_params[:domain_hint]).to be_nil
end
it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/tenant/oauth2/token')
end
it 'has correct token params' do
subject.client
expect(subject.token_params[:resource]).to eql('00000002-0000-0000-c000-000000000000')
end
# todo: how to get this working?
# describe "overrides" do
# it 'should override domain_hint' do
# provider_klass.domain_hint = 'hint'
# subject.client
# expect(subject.authorize_params[:domain_hint]).to eql('hint')
# end
# end
end
end
describe 'dynamic configuration - german' do
let(:provider_klass) {
Class.new {
def initialize(strategy)
end
def client_id
'id'
end
def client_secret
'secret'
end
def tenant_id
'tenant'
end
def base_azure_url
'https://login.microsoftonline.de'
end
}
}
subject do
OmniAuth::Strategies::AzureOauth2.new(app, provider_klass)
end
before do
allow(subject).to receive(:request) { request }
end
describe '#client' do
it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/tenant/oauth2/authorize')
expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/authorize')
end
it 'has correct authorize params' do
......@@ -112,7 +228,7 @@ describe OmniAuth::Strategies::AzureOauth2 do
end
it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/tenant/oauth2/token')
expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.de/tenant/oauth2/token')
end
it 'has correct token params' do
......@@ -152,13 +268,17 @@ describe OmniAuth::Strategies::AzureOauth2 do
OmniAuth::Strategies::AzureOauth2.new(app, provider_klass)
end
before do
allow(subject).to receive(:request) { request }
end
describe '#client' do
it 'has correct authorize url' do
expect(subject.client.options[:authorize_url]).to eql('https://login.windows.net/common/oauth2/authorize')
expect(subject.client.options[:authorize_url]).to eql('https://login.microsoftonline.com/common/oauth2/authorize')
end
it 'has correct token url' do
expect(subject.client.options[:token_url]).to eql('https://login.windows.net/common/oauth2/token')
expect(subject.client.options[:token_url]).to eql('https://login.microsoftonline.com/common/oauth2/token')
end
end
end
......@@ -176,8 +296,9 @@ describe OmniAuth::Strategies::AzureOauth2 do
double(:token => token)
end
before :each do
before do
allow(subject).to receive(:access_token) { access_token }
allow(subject).to receive(:request) { request }
end
it "does not clash if JWT strategy is used" do
......