From 2f360bf201f7f4e5c18907bf6c74f47e04b38176 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 14 Oct 2010 23:46:10 +0200 Subject: [PATCH] Remove OAuth2 in favor of OmniAuth. --- Gemfile | 2 +- Gemfile.lock | 17 +- .../devise/oauth_callbacks_controller.rb | 4 - .../devise/omniauth_callbacks_controller.rb | 6 + lib/devise.rb | 23 --- lib/devise/models/oauthable.rb | 49 ----- lib/devise/models/omniauthable.rb | 9 +- lib/devise/modules.rb | 1 - lib/devise/oauth.rb | 41 ---- lib/devise/oauth/config.rb | 33 ---- lib/devise/oauth/helpers.rb | 18 -- lib/devise/oauth/internal_helpers.rb | 182 ------------------ lib/devise/oauth/test_helpers.rb | 29 --- lib/devise/oauth/url_helpers.rb | 35 ---- lib/devise/omniauth.rb | 29 +-- lib/devise/omniauth/test_helpers.rb | 28 ++- lib/devise/rails.rb | 6 - lib/devise/rails/routes.rb | 5 - lib/generators/devise/orm_helpers.rb | 2 +- lib/generators/templates/devise.rb | 12 +- test/{oauth => omniauth}/config_test.rb | 6 +- test/{oauth => omniauth}/url_helpers_test.rb | 30 +-- .../users/omniauth_callbacks_controller.rb | 7 + test/rails_app/config/initializers/devise.rb | 10 +- test/rails_app/config/routes.rb | 2 +- test/rails_app/lib/shared_user.rb | 33 +--- 26 files changed, 91 insertions(+), 528 deletions(-) delete mode 100644 app/controllers/devise/oauth_callbacks_controller.rb create mode 100644 app/controllers/devise/omniauth_callbacks_controller.rb delete mode 100644 lib/devise/models/oauthable.rb delete mode 100644 lib/devise/oauth.rb delete mode 100644 lib/devise/oauth/config.rb delete mode 100644 lib/devise/oauth/helpers.rb delete mode 100644 lib/devise/oauth/internal_helpers.rb delete mode 100644 lib/devise/oauth/test_helpers.rb delete mode 100644 lib/devise/oauth/url_helpers.rb rename test/{oauth => omniauth}/config_test.rb (89%) rename test/{oauth => omniauth}/url_helpers_test.rb (55%) create mode 100644 test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb diff --git a/Gemfile b/Gemfile index 456ac022..0dac1580 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ gemspec gem "rails", "3.0.0" gem "webrat", "0.7.1" gem "mocha", :require => false -gem "oauth2" +gem "oa-oauth", :require => "omniauth/oauth" platforms :jruby do gem 'activerecord-jdbcsqlite3-adapter' diff --git a/Gemfile.lock b/Gemfile.lock index a269b7fd..1104fb46 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -77,9 +77,18 @@ GEM nokogiri (1.4.3.1) nokogiri (1.4.3.1-java) weakling (>= 0.0.3) - oauth2 (0.1.0) - faraday (~> 0.5.0) - multi_json (~> 0.0.4) + oa-core (0.1.4) + rack (~> 1.1) + oa-oauth (0.1.4) + multi_json (~> 0.0.2) + nokogiri (~> 1.4.2) + oa-core (= 0.1.4) + oauth (~> 0.4.0) + oauth2 (~> 0.0.10) + oauth (0.4.3) + oauth2 (0.0.13) + faraday (>= 0.4.1) + multi_json (>= 0.0.4) orm_adapter (0.0.2) polyglot (0.3.1) rack (1.2.1) @@ -132,7 +141,7 @@ DEPENDENCIES mocha mongo (= 1.0.7) mongoid (= 2.0.0.beta.18) - oauth2 + oa-oauth orm_adapter (~> 0.0.2) rails (= 3.0.0) ruby-debug (>= 0.10.3) diff --git a/app/controllers/devise/oauth_callbacks_controller.rb b/app/controllers/devise/oauth_callbacks_controller.rb deleted file mode 100644 index 8d4ab1ab..00000000 --- a/app/controllers/devise/oauth_callbacks_controller.rb +++ /dev/null @@ -1,4 +0,0 @@ -class Devise::OauthCallbacksController < ApplicationController - include Devise::Controllers::InternalHelpers - include Devise::Oauth::InternalHelpers -end \ No newline at end of file diff --git a/app/controllers/devise/omniauth_callbacks_controller.rb b/app/controllers/devise/omniauth_callbacks_controller.rb new file mode 100644 index 00000000..0c484223 --- /dev/null +++ b/app/controllers/devise/omniauth_callbacks_controller.rb @@ -0,0 +1,6 @@ +class Devise::OmniauthCallbacksController < ApplicationController + include Devise::Controllers::InternalHelpers + + def failure + end +end \ No newline at end of file diff --git a/lib/devise.rb b/lib/devise.rb index 7185cc6c..8c609221 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -5,7 +5,6 @@ require 'set' module Devise autoload :FailureApp, 'devise/failure_app' - autoload :Oauth, 'devise/oauth' autoload :OmniAuth, 'devise/omniauth' autoload :PathChecker, 'devise/path_checker' autoload :Schema, 'devise/schema' @@ -187,10 +186,6 @@ module Devise mattr_reader :mappings @@mappings = ActiveSupport::OrderedHash.new - # Oauth configurations. - mattr_reader :oauth_configs - @@oauth_configs = ActiveSupport::OrderedHash.new - # Omniauth configurations. mattr_reader :omniauth_configs @@omniauth_configs = ActiveSupport::OrderedHash.new @@ -211,10 +206,6 @@ module Devise yield self end - def self.oauth_providers - oauth_configs.keys - end - def self.omniauth_providers omniauth_configs.keys end @@ -317,20 +308,6 @@ module Devise @@warden_config_block = block end - # Specify an oauth provider. - # - # config.oauth :github, APP_ID, APP_SECRET, - # :site => 'https://github.com/', - # :authorize_path => '/login/oauth/authorize', - # :access_token_path => '/login/oauth/access_token', - # :scope => %w(user public_repo) - # - def self.oauth(provider, *args) - @@helpers << Devise::Oauth::UrlHelpers - Devise::Oauth::InternalHelpers.define_oauth_helpers(provider) - @@oauth_configs[provider] = Devise::Oauth::Config.new(*args) - end - # Specify an omniauth provider. # # config.omniauth :github, APP_ID, APP_SECRET diff --git a/lib/devise/models/oauthable.rb b/lib/devise/models/oauthable.rb deleted file mode 100644 index 9f1951d6..00000000 --- a/lib/devise/models/oauthable.rb +++ /dev/null @@ -1,49 +0,0 @@ -module Devise - module Models - # Adds OAuth support to your model. The whole workflow is deeply discussed in the - # README. This module adds just a class +oauth_access_token+ helper to your model - # which assists you on creating an access token. All the other OAuth hooks in - # Devise must be implemented by yourself in your application. - # - # == Options - # - # Oauthable adds the following options to devise_for: - # - # * +oauth_providers+: Which providers are avaialble to this model. It expects an array: - # - # devise_for :database_authenticatable, :oauthable, :oauth_providers => [:twitter] - # - module Oauthable - extend ActiveSupport::Concern - - module ClassMethods - def oauth_configs #:nodoc: - Devise.oauth_configs.slice(*oauth_providers) - end - - # Pass a token stored in the database to this object to get an OAuth2::AccessToken - # object back, as the one received in your model hook. - # - # For each provider you add, you may want to add a hook to retrieve the token based - # on the column you stored the token in the database. For example, you may want to - # the following for twitter: - # - # def oauth_twitter_token - # @oauth_twitter_token ||= self.class.oauth_access_token(:twitter, twitter_token) - # end - # - # You can call get, post, put and delete in this object to access Twitter's API. - def oauth_access_token(provider, token) - oauth_configs[provider].access_token_by_token(token) - end - - # TODO Implement this method in the future. - # def refresh_oauth_token(provider, refresh_token) - # returns access_token - # end - - Devise::Models.config(self, :oauth_providers) - end - end - end -end \ No newline at end of file diff --git a/lib/devise/models/omniauthable.rb b/lib/devise/models/omniauthable.rb index d5d983a0..d806f79f 100644 --- a/lib/devise/models/omniauthable.rb +++ b/lib/devise/models/omniauthable.rb @@ -2,18 +2,15 @@ require 'devise/omniauth' module Devise module Models - # Adds OAuth support to your model. The whole workflow is deeply discussed in the - # README. This module adds just a class +oauth_access_token+ helper to your model - # which assists you on creating an access token. All the other OAuth hooks in - # Devise must be implemented by yourself in your application. + # Adds OmniAuth support to your model. # # == Options # # Oauthable adds the following options to devise_for: # - # * +oauth_providers+: Which providers are avaialble to this model. It expects an array: + # * +omniauth_providers+: Which providers are avaialble to this model. It expects an array: # - # devise_for :database_authenticatable, :oauthable, :oauth_providers => [:twitter] + # devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter] # module Omniauthable extend ActiveSupport::Concern diff --git a/lib/devise/modules.rb b/lib/devise/modules.rb index b12f45dd..810ee1a1 100644 --- a/lib/devise/modules.rb +++ b/lib/devise/modules.rb @@ -11,7 +11,6 @@ Devise.with_options :model => true do |d| # Other authentications d.add_module :encryptable - d.add_module :oauthable, :controller => :oauth_callbacks, :route => :oauth_callback d.add_module :omniauthable, :controller => :omniauth_callbacks, :route => :omniauth_callback # Misc after diff --git a/lib/devise/oauth.rb b/lib/devise/oauth.rb deleted file mode 100644 index 8b81d0fb..00000000 --- a/lib/devise/oauth.rb +++ /dev/null @@ -1,41 +0,0 @@ -begin - require "oauth2" -rescue LoadError => e - warn "Could not load 'oauth2'. Please ensure you have the gem installed and listed in your Gemfile." - raise -end - -module Devise - module Oauth - autoload :Config, "devise/oauth/config" - autoload :Helpers, "devise/oauth/helpers" - autoload :InternalHelpers, "devise/oauth/internal_helpers" - autoload :UrlHelpers, "devise/oauth/url_helpers" - autoload :TestHelpers, "devise/oauth/test_helpers" - - class << self - delegate :short_circuit_authorizers!, :unshort_circuit_authorizers!, :to => "Devise::Oauth::TestHelpers" - - def test_mode! - Faraday.default_adapter = :test - ActiveSupport.on_load(:action_controller) { include Devise::Oauth::TestHelpers } - ActiveSupport.on_load(:action_view) { include Devise::Oauth::TestHelpers } - end - - def stub!(provider, stubs=nil, &block) - raise "You either need to pass stubs as a block or as a parameter" unless block_given? || stubs - stubs ||= Faraday::Adapter::Test::Stubs.new(&block) - Devise.oauth_configs[provider].build_connection do |b| - b.adapter :test, stubs - end - end - - def reset_stubs!(*providers) - target = providers.any? ? Devise.oauth_configs.slice(*providers) : Devise.oauth_configs - target.each_value do |v| - v.build_connection { |b| b.adapter Faraday.default_adapter } - end - end - end - end -end \ No newline at end of file diff --git a/lib/devise/oauth/config.rb b/lib/devise/oauth/config.rb deleted file mode 100644 index d9af7878..00000000 --- a/lib/devise/oauth/config.rb +++ /dev/null @@ -1,33 +0,0 @@ -require 'active_support/core_ext/array/wrap' - -module Devise - module Oauth - # A configuration object that holds the OAuth2::Client object - # and all configuration values given config.oauth. - class Config - attr_reader :scope, :client - - def initialize(app_id, app_secret, options) - @scope = Array.wrap(options.delete(:scope)) - @client = OAuth2::Client.new(app_id, app_secret, options) - end - - def authorize_url(options) - options[:scope] ||= @scope.join(',') - client.web_server.authorize_url(options) - end - - def access_token_by_code(code, redirect_uri=nil) - client.web_server.get_access_token(code, :redirect_uri => redirect_uri) - end - - def access_token_by_token(token) - OAuth2::AccessToken.new(client, token) - end - - def build_connection(&block) - client.connection.build(&block) - end - end - end -end \ No newline at end of file diff --git a/lib/devise/oauth/helpers.rb b/lib/devise/oauth/helpers.rb deleted file mode 100644 index 6704cdff..00000000 --- a/lib/devise/oauth/helpers.rb +++ /dev/null @@ -1,18 +0,0 @@ -module Devise - module Oauth - # Provides a few helpers that are included in ActionController::Base - # for convenience. - module Helpers - - protected - - # Overwrite expire_session_data_after_sign_in! so it removes all - # oauth tokens from session ensuring registrations done in a row - # do not try to store the same token in the database. - def expire_session_data_after_sign_in! - super - session.keys.grep(/_oauth_token$/).each { |k| session.delete(k) } - end - end - end -end diff --git a/lib/devise/oauth/internal_helpers.rb b/lib/devise/oauth/internal_helpers.rb deleted file mode 100644 index d8a43e7f..00000000 --- a/lib/devise/oauth/internal_helpers.rb +++ /dev/null @@ -1,182 +0,0 @@ -module Devise - module Oauth - module InternalHelpers - extend ActiveSupport::Concern - - def self.define_oauth_helpers(name) #:nodoc: - alias_method(name, :callback_action) - public name - end - - included do - helpers = %w(oauth_callback oauth_provider oauth_config) - hide_action *helpers - helper_method *helpers - before_filter :valid_oauth_callback?, :oauth_error_happened? - end - - # Returns the oauth_callback (also aliased as oauth_provider) as a symbol. - # For example: :github. - def oauth_callback - @oauth_callback ||= action_name.to_sym - end - alias :oauth_provider :oauth_callback - - # Returns the configuration object for this oauth callback. - def oauth_config - @oauth_client ||= resource_class.oauth_configs[oauth_callback] - end - - protected - - # This method checks three things: - # - # * If the URL being accessed is a valid provider for the given scope; - # * If code or error was streamed back from the server; - # * If the resource class implements the required hook; - # - def valid_oauth_callback? - unless oauth_config - unknown_action! "Skipping #{oauth_callback} OAuth because configuration " << - "could not be found for model #{resource_name}." - end - - unless params[:code] || params[:error] || params[:error_reason] - unknown_action! "Skipping #{oauth_callback} OAuth because code nor error were sent." - end - - unless resource_class.respond_to?(oauth_model_callback) - raise "#{resource_class.name} does not respond to #{oauth_model_callback}. " << - "Check the OAuth section in the README for more information." - end - end - - # Check if an error was sent by the authorizer. If it happened, we redirect - # to url specified by after_oauth_failure_path_for, which defaults to new_session_path. - # - # By default, Devise shows a custom message from I18n saying the user could - # not be authenticated and the reason: - # - # en: - # devise: - # oauth_callbacks: - # failure: 'Could not authorize you from %{kind} because "%{reason}".' - # - # Let's suppose the reason returned by a Github was "access_denied". It will show: - # - # Could not authorize you from Github because "Access denied" - # - # And it will also be logged on console: - # - # github oauth failed: "access_denied". - # - # However, each specific error message can be customized using I18n: - # - # en: - # devise: - # oauth_callbacks: - # access_denied: 'You did not give access to our application on %{kind}.' - # - # Note "access_denied" follows the same lookup rule described in set_oauth_flash_message - # method. Besides, is important to remember most errors are specified by OAuth 2 - # specification. But a few providers do not use them yet. - # - # TODO: Currently, Facebook is returning error_reason=user_denied when - # the user denies, but the specification defines error=access_denied instead. - def oauth_error_happened? - if error = params[:error] || params[:error_reason] - # Some providers returns access-denied instead of access_denied. - error = error.to_s.gsub("-", "_") - logger.warn "[Devise] #{oauth_callback} oauth failed: #{error.inspect}." - - set_oauth_flash_message :alert, :failure, :reason => error.humanize - redirect_to after_oauth_failure_path_for(resource_name) - end - end - - # The model method used as hook. - def oauth_model_callback #:nodoc: - "find_for_#{oauth_callback}_oauth" - end - - # The session key to store the token. - def oauth_session_key #:nodoc: - "#{resource_name}_#{oauth_callback}_oauth_token" - end - - # The callback redirect uri. Used to request the access token. - def oauth_redirect_uri #:nodoc: - oauth_callback_url(resource_name, oauth_callback) - end - - # This is the implementation for all OAuth actions. - def callback_action - access_token = oauth_config.access_token_by_code(params[:code], oauth_redirect_uri) - self.resource = resource_class.send(oauth_model_callback, access_token, signed_in_resource) - - if resource.persisted? && resource.errors.empty? - set_oauth_flash_message :notice, :success - sign_in_and_redirect resource_name, resource, :event => :authentication - else - session[oauth_session_key] = access_token.token - clean_up_passwords(resource) - render_for_oauth - end - end - - # Handles oauth flash messages by adding a cascade. The default messages - # are always in the controller namespace: - # - # en: - # devise: - # oauth_callbacks: - # success: 'Successfully authorized from %{kind} account.' - # failure: 'Could not authorize you from %{kind} because "%{reason}".' - # skipped: 'Skipped Oauth authorization for %{kind}.' - # - # But they can also be nested according to the oauth provider: - # - # en: - # devise: - # oauth_callbacks: - # github: - # success: 'Hello coder! Welcome to our app!' - # - # And finally by Devise scope: - # - # en: - # devise: - # oauth_callbacks: - # admin: - # github: - # success: 'Hello coder with high permissions! Can I get a raise?' - # - def set_oauth_flash_message(key, type, options={}) - options[:kind] = oauth_callback.to_s.titleize - options[:default] = type.to_sym - set_flash_message(key, "#{oauth_callback}.#{type}", options) - end - - # Choose which template to render when a not persisted resource is - # returned in the find_for_x_oauth. By default, it renders registrations/new. - def render_for_oauth - render_with_scope :new, devise_mapping.controllers[:registrations] - end - - # The default hook used by oauth to specify the redirect url for success. - def after_oauth_success_path_for(resource) - after_sign_in_path_for(resource) - end - - # The default hook used by oauth to specify the redirect url for failure. - def after_oauth_failure_path_for(scope) - new_session_path(scope) - end - - # Overwrite redirect_for_sign_in so it takes uses after_oauth_success_path_for. - def redirect_for_sign_in(scope, resource) #:nodoc: - redirect_to stored_location_for(scope) || after_oauth_success_path_for(resource) - end - end - end -end \ No newline at end of file diff --git a/lib/devise/oauth/test_helpers.rb b/lib/devise/oauth/test_helpers.rb deleted file mode 100644 index c68142f3..00000000 --- a/lib/devise/oauth/test_helpers.rb +++ /dev/null @@ -1,29 +0,0 @@ -module Devise - module Oauth - module TestHelpers #:nodoc: - def self.short_circuit_authorizers! - module_eval <<-ALIASES, __FILE__, __LINE__ + 1 - def oauth_authorize_url(scope, provider) - oauth_callback_path(scope, provider, :code => "12345") - end - ALIASES - - Devise.mappings.each_value do |m| - next unless m.oauthable? - - module_eval <<-ALIASES, __FILE__, __LINE__ + 1 - def #{m.name}_oauth_authorize_url(provider) - #{m.name}_oauth_callback_path(provider, :code => "12345") - end - ALIASES - end - end - - def self.unshort_circuit_authorizers! - module_eval do - instance_methods.each { |m| remove_method(m) } - end - end - end - end -end \ No newline at end of file diff --git a/lib/devise/oauth/url_helpers.rb b/lib/devise/oauth/url_helpers.rb deleted file mode 100644 index 49ac366b..00000000 --- a/lib/devise/oauth/url_helpers.rb +++ /dev/null @@ -1,35 +0,0 @@ -module Devise - module Oauth - module UrlHelpers - def self.define_helpers(mapping) - return unless mapping.oauthable? - - class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1 - def #{mapping.name}_oauth_authorize_url(provider, options={}) - if config = Devise.oauth_configs[provider.to_sym] - options[:redirect_uri] ||= #{mapping.name}_oauth_callback_url(provider.to_s) - config.authorize_url(options) - else - raise ArgumentError, "Could not find oauth provider \#{provider.inspect}" - end - end - URL_HELPERS - end - - def oauth_authorize_url(resource_or_scope, *args) - scope = Devise::Mapping.find_scope!(resource_or_scope) - send("#{scope}_oauth_authorize_url", *args) - end - - def oauth_callback_url(resource_or_scope, *args) - scope = Devise::Mapping.find_scope!(resource_or_scope) - send("#{scope}_oauth_callback_url", *args) - end - - def oauth_callback_path(resource_or_scope, *args) - scope = Devise::Mapping.find_scope!(resource_or_scope) - send("#{scope}_oauth_callback_path", *args) - end - end - end -end \ No newline at end of file diff --git a/lib/devise/omniauth.rb b/lib/devise/omniauth.rb index d71c663d..1730283e 100644 --- a/lib/devise/omniauth.rb +++ b/lib/devise/omniauth.rb @@ -26,33 +26,8 @@ module Devise autoload :TestHelpers, "devise/omniauth/test_helpers" class << self - delegate :short_circuit_authorizers!, :unshort_circuit_authorizers!, :to => "Devise::OmniAuth::TestHelpers" - - def test_mode! - Faraday.default_adapter = :test if defined?(Faraday) - ActiveSupport.on_load(:action_controller) { include Devise::OmniAuth::TestHelpers } - ActiveSupport.on_load(:action_view) { include Devise::OmniAuth::TestHelpers } - end - - def stub!(provider, stubs=nil, &block) - raise "You either need to pass stubs as a block or as a parameter" unless block_given? || stubs - - config = Devise.omniauth_configs[provider] - config.check_if_allow_stubs! - - stubs ||= Faraday::Adapter::Test::Stubs.new(&block) - config.build_connection do |b| - b.adapter :test, stubs - end - end - - def reset_stubs!(*providers) - target = providers.any? ? Devise.omniauth_configs.slice(*providers) : Devise.omniauth_configs - target.each_value do |config| - next unless config.allow_stubs? - config.build_connection { |b| b.adapter Faraday.default_adapter } - end - end + delegate :short_circuit_authorizers!, :unshort_circuit_authorizers!, + :test_mode!, :stub!, :reset_stubs!, :to => "Devise::OmniAuth::TestHelpers" end end end \ No newline at end of file diff --git a/lib/devise/omniauth/test_helpers.rb b/lib/devise/omniauth/test_helpers.rb index 25725fae..be218c7e 100644 --- a/lib/devise/omniauth/test_helpers.rb +++ b/lib/devise/omniauth/test_helpers.rb @@ -1,6 +1,32 @@ module Devise module OmniAuth - module TestHelpers #:nodoc: + module TestHelpers + def self.test_mode! + Faraday.default_adapter = :test if defined?(Faraday) + ActiveSupport.on_load(:action_controller) { include Devise::OmniAuth::TestHelpers } + ActiveSupport.on_load(:action_view) { include Devise::OmniAuth::TestHelpers } + end + + def self.stub!(provider, stubs=nil, &block) + raise "You either need to pass stubs as a block or as a parameter" unless block_given? || stubs + + config = Devise.omniauth_configs[provider] + config.check_if_allow_stubs! + + stubs ||= Faraday::Adapter::Test::Stubs.new(&block) + config.build_connection do |b| + b.adapter :test, stubs + end + end + + def self.reset_stubs!(*providers) + target = providers.any? ? Devise.omniauth_configs.slice(*providers) : Devise.omniauth_configs + target.each_value do |config| + next unless config.allow_stubs? + config.build_connection { |b| b.adapter Faraday.default_adapter } + end + end + def self.short_circuit_authorizers! module_eval <<-ALIASES, __FILE__, __LINE__ + 1 def omniauth_authorize_path(*args) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index fdae4303..2166512b 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -28,12 +28,6 @@ module Devise Devise.include_helpers(Devise::Controllers) end - initializer "devise.oauth_url_helpers" do - if Devise.oauth_configs.any? - Devise.include_helpers(Devise::Oauth) - end - end - initializer "devise.omniauth" do |app| Devise.omniauth_configs.each do |provider, config| app.middleware.use config.strategy_class, *config.args do |strategy| diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 91b94528..f7ec04fe 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -238,11 +238,6 @@ module ActionDispatch::Routing end end - def devise_oauth_callback(mapping, controllers) #:nodoc: - get "/oauth/:action/callback", :action => Regexp.union(mapping.to.oauth_providers.map(&:to_s)), - :to => controllers[:oauth_callbacks], :as => :oauth_callback - end - def devise_omniauth_callback(mapping, controllers) #:nodoc: path_prefix = "#{mapping.fullpath}/auth" diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index 535c0fb8..71578842 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -4,7 +4,7 @@ module Devise def model_contents <<-CONTENT # Include default devise modules. Others available are: - # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :oauthable + # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 24b8d5b1..482baa2b 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -148,14 +148,10 @@ Devise.setup do |config| # The default HTTP method used to sign out a resource. Default is :get. # config.sign_out_via = :get - # ==> OAuth2 - # Add a new OAuth2 provider. Check the README for more information on setting - # up on your models and hooks. By default this is not set. - # config.oauth :github, 'APP_ID', 'APP_SECRET', - # :site => 'https://github.com/', - # :authorize_path => '/login/oauth/authorize', - # :access_token_path => '/login/oauth/access_token', - # :scope => %w(user public_repo) + # ==> OmniAuth + # Add a new OmniAuth provider. Check the wiki for more information on setting + # up on your models and hooks. + # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo' # ==> Warden configuration # If you want to use other strategies, that are not supported by Devise, or diff --git a/test/oauth/config_test.rb b/test/omniauth/config_test.rb similarity index 89% rename from test/oauth/config_test.rb rename to test/omniauth/config_test.rb index bb7fdde1..b800b104 100644 --- a/test/oauth/config_test.rb +++ b/test/omniauth/config_test.rb @@ -1,12 +1,12 @@ require 'test_helper' -class OauthConfigTest < ActiveSupport::TestCase +class OmniAuthConfigTest < ActiveSupport::TestCase ACCESS_TOKEN = { :access_token => "plataformatec" } - setup { @config = Devise.oauth_configs[:facebook] } - teardown { Devise::Oauth.reset_stubs! } + setup { @config = Devise.omniauth_configs[:facebook] } + teardown { Devise::Omniauth.reset_stubs! } test "stored OAuth2::Client" do assert_kind_of OAuth2::Client, @config.client diff --git a/test/oauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb similarity index 55% rename from test/oauth/url_helpers_test.rb rename to test/omniauth/url_helpers_test.rb index de03ed52..afc6d1fd 100644 --- a/test/oauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class OauthRoutesTest < ActionController::TestCase +class OmniAuthRoutesTest < ActionController::TestCase tests ApplicationController def assert_path_and_url(action, provider) @@ -17,31 +17,31 @@ class OauthRoutesTest < ActionController::TestCase @controller.send("user_#{action}", provider, :param => 123) end - test 'should alias oauth_callback to mapped user auth_callback' do - assert_path_and_url :oauth_callback_path, :github - assert_path_and_url :oauth_callback_url, :github - assert_path_and_url :oauth_callback_path, :facebook - assert_path_and_url :oauth_callback_url, :facebook + test 'should alias omniauth_callback to mapped user auth_callback' do + assert_path_and_url :omniauth_callback_path, :github + assert_path_and_url :omniauth_callback_url, :github + assert_path_and_url :omniauth_callback_path, :facebook + assert_path_and_url :omniauth_callback_url, :facebook end - test 'should alias oauth_authorize to mapped user auth_authorize' do - assert_path_and_url :oauth_authorize_url, :github - assert_path_and_url :oauth_authorize_url, :facebook + test 'should alias omniauth_authorize to mapped user auth_authorize' do + assert_path_and_url :omniauth_authorize_url, :github + assert_path_and_url :omniauth_authorize_url, :facebook end test 'should adds scope, provider and redirect_uri to authorize urls' do - url = @controller.oauth_authorize_url(:user, :github) - assert_match "https://github.com/login/oauth/authorize?", url + url = @controller.omniauth_authorize_url(:user, :github) + assert_match "https://github.com/login/omniauth/authorize?", url assert_match "scope=user%2Cpublic_repo", url assert_match "client_id=APP_ID", url assert_match "type=web_server", url - assert_match "redirect_uri=http%3A%2F%2Ftest.host%2Fusers%2Foauth%2Fgithub%2Fcallback", url + assert_match "redirect_uri=http%3A%2F%2Ftest.host%2Fusers%2Fomniauth%2Fgithub%2Fcallback", url - url = @controller.oauth_authorize_url(:user, :facebook) - assert_match "https://graph.facebook.com/oauth/authorize?", url + url = @controller.omniauth_authorize_url(:user, :facebook) + assert_match "https://graph.facebook.com/omniauth/authorize?", url assert_match "scope=email%2Coffline_access", url assert_match "client_id=APP_ID", url assert_match "type=web_server", url - assert_match "redirect_uri=http%3A%2F%2Ftest.host%2Fusers%2Foauth%2Ffacebook%2Fcallback", url + assert_match "redirect_uri=http%3A%2F%2Ftest.host%2Fusers%2Fomniauth%2Ffacebook%2Fcallback", url end end diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb new file mode 100644 index 00000000..45216ff4 --- /dev/null +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -0,0 +1,7 @@ +class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController + def facebook + data = env["omniauth.auth"] + session["devise.facebook_data"] = data + render :json => data + end +end \ No newline at end of file diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 9823b83b..a62a4d4e 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -148,18 +148,16 @@ Devise.setup do |config| # The default HTTP method used to sign out a resource. Default is :get. # config.sign_out_via = :get - # ==> OAuth2 - # Add a new OAuth2 provider. Check the README for more information on setting - # up on your models and hooks. By default this is not set. - config.oauth :github, 'APP_ID', 'APP_SECRET', + # ==> OmniAuth + config.omniauth :github, 'APP_ID', 'APP_SECRET', :site => 'https://github.com/', :authorize_path => '/login/oauth/authorize', :access_token_path => '/login/oauth/access_token', :scope => 'user,public_repo' - config.oauth :facebook, 'APP_ID', 'APP_SECRET', + config.omniauth :facebook, 'APP_ID', 'APP_SECRET', :site => 'https://graph.facebook.com/', - :scope => %w(email offline_access) + :scope => 'email,offline_access' # ==> Warden configuration # If you want to use other strategies, that are not supported by Devise, or diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index a3da5e39..adfe006a 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -8,7 +8,7 @@ Rails.application.routes.draw do resources :admins, :only => [:index] # Users scope - devise_for :users do + devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } do match "/devise_for/sign_in", :to => "devise/sessions#new" end diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index 74a4e72a..42862208 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -4,45 +4,20 @@ module SharedUser included do devise :database_authenticatable, :confirmable, :lockable, :recoverable, :registerable, :rememberable, :timeoutable, :token_authenticatable, - :trackable, :validatable, :oauthable + :trackable, :validatable, :omniauthable # They need to be included after Devise is called. extend ExtendMethods end module ExtendMethods - def find_for_facebook_oauth(access_token, signed_in_resource=nil) - data = ActiveSupport::JSON.decode(access_token.get('/me')) - user = signed_in_resource || User.find_by_email(data["email"]) || User.new - user.update_with_facebook_oauth(access_token, data) - user.save - user - end - def new_with_session(params, session) super.tap do |user| - if session[:user_facebook_oauth_token] - access_token = oauth_access_token(:facebook, session[:user_facebook_oauth_token]) - user.update_with_facebook_oauth(access_token) + if data = session["devise.facebook_data"] + user.username = data["nickname"] + user.email = data["email"] end end end end - - def update_with_facebook_oauth(access_token, data=nil) - data ||= ActiveSupport::JSON.decode(access_token.get('/me')) - - self.username = data["username"] unless username.present? - self.email = data["email"] unless email.present? - - self.confirmed_at ||= Time.now - self.facebook_token = access_token.token - - unless encrypted_password.present? - self.password = Devise.friendly_token[0, 10] - self.password_confirmation = nil - end - - yield self if block_given? - end end