Merge pull request #15 from synth/pete/improve-specs

Improve specs and overall code structure

Author: synth

.travis.yml

@@ -1,4 +1,5 @@
 language: ruby
 rvm:
-  - 2.2
+  - 2.3
+  - 2.6
   - jruby

Rakefile

@@ -1,10 +1,8 @@
-require "bundler/gem_tasks"
-require "rake/testtask"
+# frozen_string_literal: true
 
-Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.test_files = FileList['test/*_test.rb']
-end
+require File.join('bundler', 'gem_tasks')
+require File.join('rspec', 'core', 'rake_task')
 
-task :default => :test
+RSpec::Core::RakeTask.new(:spec)
 
+task default: :spec

lib/omniauth/strategies/microsoft_graph.rb

@@ -3,6 +3,10 @@
 module OmniAuth
   module Strategies
     class MicrosoftGraph < OmniAuth::Strategies::OAuth2
+      BASE_SCOPE_URL = 'https://graph.microsoft.com/'
+      BASE_SCOPES = %w[offline_access openid email profile].freeze
+      DEFAULT_SCOPE = 'openid email profile User.Read'.freeze
+
       option :name, :microsoft_graph
 
       option :client_options, {
@@ -11,13 +15,13 @@ class MicrosoftGraph < OmniAuth::Strategies::OAuth2
         authorize_url: 'common/oauth2/v2.0/authorize'
       }
 
-      option :authorize_params, {
-      }
+      option :authorize_options, %i[state callback_url access_type display score auth_type scope prompt login_hint domain_hint response_mode]
 
       option :token_params, {
       }
 
-      option :scope, "offline_access https://graph.microsoft.com/User.Read"
+      option :scope, DEFAULT_SCOPE
+      option :authorized_client_ids, []
 
       uid { raw_info["id"] }
 
@@ -34,17 +38,88 @@ class MicrosoftGraph < OmniAuth::Strategies::OAuth2
       extra do
         {
           'raw_info' => raw_info,
-          'params' => access_token.params
+          'params' => access_token.params,
+          'aud' => options.client_id
         }
       end
 
+      def authorize_params
+        super.tap do |params|
+          options[:authorize_options].each do |k|
+            params[k] = request.params[k.to_s] unless [nil, ''].include?(request.params[k.to_s])
+          end
+
+          params[:scope] = get_scope(params)
+          params[:access_type] = 'offline' if params[:access_type].nil?
+
+          session['omniauth.state'] = params[:state] if params[:state]
+        end
+      end     
+
       def raw_info
         @raw_info ||= access_token.get('https://graph.microsoft.com/v1.0/me').parsed
       end
 
       def callback_url
         options[:callback_url] || full_host + script_name + callback_path
-      end      
+      end  
+
+      def custom_build_access_token
+        access_token = get_access_token(request)
+        access_token
+      end
+
+      alias build_access_token custom_build_access_token
+
+      private
+
+      def get_access_token(request)
+        verifier = request.params['code']
+        redirect_uri = request.params['redirect_uri'] || request.params['callback_url']
+        if verifier && request.xhr?
+          client_get_token(verifier, redirect_uri || '/auth/microsoft_graph/callback')
+        elsif verifier
+          client_get_token(verifier, redirect_uri || callback_url)
+        elsif verify_token(request.params['access_token'])
+          ::OAuth2::AccessToken.from_hash(client, request.params.dup)
+        elsif request.content_type =~ /json/i
+          begin
+            body = JSON.parse(request.body.read)
+            request.body.rewind # rewind request body for downstream middlewares
+            verifier = body && body['code']
+            client_get_token(verifier, '/auth/microsoft_graph/callback') if verifier
+          rescue JSON::ParserError => e
+            warn "[omniauth google-oauth2] JSON parse error=#{e}"
+          end
+        end
+      end
+
+      def client_get_token(verifier, redirect_uri)
+        client.auth_code.get_token(verifier, get_token_options(redirect_uri), get_token_params)
+      end
+
+      def get_token_params
+        deep_symbolize(options.auth_token_params || {})
+      end
+
+      def get_token_options(redirect_uri = '')
+        { redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
+      end
+
+      def get_scope(params)
+        raw_scope = params[:scope] || DEFAULT_SCOPE
+        scope_list = raw_scope.split(' ').map { |item| item.split(',') }.flatten
+        scope_list.map! { |s| s =~ %r{^https?://} || BASE_SCOPES.include?(s) ? s : "#{BASE_SCOPE_URL}#{s}" }
+        scope_list.join(' ')
+      end
+
+      def verify_token(access_token)
+        return false unless access_token
+        # access_token.get('https://graph.microsoft.com/v1.0/me').parsed
+        raw_response = client.request(:get, 'https://graph.microsoft.com/v1.0/me',
+                                      params: { access_token: access_token }).parsed
+        (raw_response['aud'] == options.client_id) || options.authorized_client_ids.include?(raw_response['aud'])
+      end              
     end
   end
 end

omniauth-microsoft_graph.gemspec

@@ -18,10 +18,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_runtime_dependency "omniauth-oauth2"
-
+  spec.add_runtime_dependency 'omniauth', '>= 1.1.1'
+  spec.add_runtime_dependency 'omniauth-oauth2', '>= 1.6'
   spec.add_development_dependency "sinatra"
   spec.add_development_dependency "rake"
-  spec.add_development_dependency "minitest"
+  spec.add_development_dependency 'rspec', '~> 3.6'
   spec.add_development_dependency "mocha"
 end