Class: OmniAuth::Strategies::Spiffy
- Inherits:
-
OAuth2
- Object
- OAuth2
- OmniAuth::Strategies::Spiffy
- Defined in:
- lib/omniauth/strategies/spiffy.rb
Constant Summary collapse
- DEFAULT_SCOPE =
Available scopes: content themes products customers orders script_tags shipping read_* or write_*
'read_products'
- SCOPE_DELIMITER =
','
- MINUTE =
60
- CODE_EXPIRES_AFTER =
10 * MINUTE
Class Method Summary collapse
Instance Method Summary collapse
- #authorize_params ⇒ Object
- #build_access_token ⇒ Object
- #callback_phase ⇒ Object
- #callback_url ⇒ Object
- #fix_https ⇒ Object
- #normalized_scopes(scopes) ⇒ Object
- #request_phase ⇒ Object
- #setup_phase ⇒ Object
- #valid_permissions?(token) ⇒ Boolean
- #valid_scope?(token) ⇒ Boolean
- #valid_signature? ⇒ Boolean
- #valid_site? ⇒ Boolean
Class Method Details
.encoded_params_for_signature(params) ⇒ Object
80 81 82 83 84 85 |
# File 'lib/omniauth/strategies/spiffy.rb', line 80 def self.encoded_params_for_signature(params) params = params.dup params.delete('hmac') params.delete('signature') # deprecated signature params.map{|k,v| "#{URI.escape(k.to_s, '&=%')}=#{URI.escape(v.to_s, '&%')}"}.sort.join('&') end |
.hmac_sign(encoded_params, secret) ⇒ Object
87 88 89 |
# File 'lib/omniauth/strategies/spiffy.rb', line 87 def self.hmac_sign(encoded_params, secret) OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, encoded_params) end |
Instance Method Details
#authorize_params ⇒ Object
137 138 139 140 141 142 |
# File 'lib/omniauth/strategies/spiffy.rb', line 137 def super.tap do |params| params[:scope] = normalized_scopes(params[:scope] || DEFAULT_SCOPE).join(SCOPE_DELIMITER) params[:grant_options] = ['per-user'] if [:per_user_permissions] end end |
#build_access_token ⇒ Object
133 134 135 |
# File 'lib/omniauth/strategies/spiffy.rb', line 133 def build_access_token @built_access_token ||= super end |
#callback_phase ⇒ Object
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
# File 'lib/omniauth/strategies/spiffy.rb', line 112 def callback_phase return fail!(:invalid_site, CallbackError.new(:invalid_site, "OAuth endpoint is not a Spiffy Stores site.")) unless valid_site? return fail!(:invalid_signature, CallbackError.new(:invalid_signature, "Signature does not match, it may have been tampered with.")) unless valid_signature? error = request.params["error_reason"] || request.params["error"] if error return fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"])) else token = build_access_token unless valid_scope?(token) return fail!(:invalid_scope, CallbackError.new(:invalid_scope, "Scope does not match, it may have been tampered with.")) end unless (token) return fail!(:invalid_permissions, CallbackError.new(:invalid_permissions, "Requested API access mode does not match.")) end end super end |
#callback_url ⇒ Object
144 145 146 |
# File 'lib/omniauth/strategies/spiffy.rb', line 144 def callback_url [:callback_url] || full_host + script_name + callback_path end |
#fix_https ⇒ Object
95 96 97 |
# File 'lib/omniauth/strategies/spiffy.rb', line 95 def fix_https [:client_options][:site] = [:client_options][:site].gsub(/\Ahttp\:/, 'https:') end |
#normalized_scopes(scopes) ⇒ Object
74 75 76 77 78 |
# File 'lib/omniauth/strategies/spiffy.rb', line 74 def normalized_scopes(scopes) scope_list = scopes.to_s.split(SCOPE_DELIMITER).map(&:strip).reject(&:empty?).uniq ignore_scopes = scope_list.map { |scope| scope =~ /\Awrite_(.*)\z/ && "read_#{$1}" }.compact scope_list - ignore_scopes end |
#request_phase ⇒ Object
104 105 106 107 108 109 110 |
# File 'lib/omniauth/strategies/spiffy.rb', line 104 def request_phase if valid_site? super else fail!(:invalid_site) end end |
#setup_phase ⇒ Object
99 100 101 102 |
# File 'lib/omniauth/strategies/spiffy.rb', line 99 def setup_phase super fix_https end |
#valid_permissions?(token) ⇒ Boolean
91 92 93 |
# File 'lib/omniauth/strategies/spiffy.rb', line 91 def (token) token && ([:per_user_permissions] == !token['associated_user'].nil?) end |
#valid_scope?(token) ⇒ Boolean
67 68 69 70 71 72 |
# File 'lib/omniauth/strategies/spiffy.rb', line 67 def valid_scope?(token) params = ..merge(("authorize")) return false unless token && params[:scope] && token['scope'] expected_scope = normalized_scopes(params[:scope]).sort (expected_scope == token['scope'].split(SCOPE_DELIMITER).sort) end |
#valid_signature? ⇒ Boolean
53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/omniauth/strategies/spiffy.rb', line 53 def valid_signature? return false unless request.POST.empty? params = request.GET signature = params['hmac'] = params['timestamp'] return false unless signature && return false unless .to_i > Time.now.to_i - CODE_EXPIRES_AFTER calculated_signature = self.class.hmac_sign(self.class.encoded_params_for_signature(params), .client_secret) Rack::Utils.secure_compare(calculated_signature, signature) end |
#valid_site? ⇒ Boolean
49 50 51 |
# File 'lib/omniauth/strategies/spiffy.rb', line 49 def valid_site? !!(/\A(https|http)\:\/\/[a-zA-Z0-9][a-zA-Z0-9\-]*\.#{Regexp.quote([:spiffy_stores_domain])}[\/]?\z/ =~ [:client_options][:site]) end |