From e91eed76906e5dbd9b3fbe8f74d4e733ee0c8e06 Mon Sep 17 00:00:00 2001 From: Zach Grande Date: Tue, 24 Sep 2024 11:14:38 -0700 Subject: [PATCH 1/4] chore: add debug logs --- lib/omniauth/strategies/microsoft_graph.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/omniauth/strategies/microsoft_graph.rb b/lib/omniauth/strategies/microsoft_graph.rb index 3cef1c4..50e02b2 100644 --- a/lib/omniauth/strategies/microsoft_graph.rb +++ b/lib/omniauth/strategies/microsoft_graph.rb @@ -83,6 +83,10 @@ def custom_build_access_token def get_access_token(request) verifier = request.params['code'] redirect_uri = request.params['redirect_uri'] || request.params['callback_url'] + + log("[OAUTH DEBUG 2024-09-24] request.body.read: #{request.body.read}") + request.body.rewind + if verifier && request.xhr? client_get_token(verifier, redirect_uri || '/auth/microsoft_graph/callback') elsif verifier @@ -131,6 +135,9 @@ def verify_token(access_token) def verify_email(auth_hash, access_token) OmniAuth::MicrosoftGraph::DomainVerifier.verify!(auth_hash, access_token, options) end + + def log(message) + puts message end end end From 7499cde10d90d45305c06cc04ee46f30aaf4f760 Mon Sep 17 00:00:00 2001 From: Zach Grande Date: Tue, 24 Sep 2024 11:24:41 -0700 Subject: [PATCH 2/4] fix: add end of method --- lib/omniauth/strategies/microsoft_graph.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/omniauth/strategies/microsoft_graph.rb b/lib/omniauth/strategies/microsoft_graph.rb index 50e02b2..8894eb1 100644 --- a/lib/omniauth/strategies/microsoft_graph.rb +++ b/lib/omniauth/strategies/microsoft_graph.rb @@ -138,6 +138,7 @@ def verify_email(auth_hash, access_token) def log(message) puts message + end end end end From f9a8bdfea8e1b6bbd05e4558ea819480bcae3dd3 Mon Sep 17 00:00:00 2001 From: Zach Grande Date: Tue, 24 Sep 2024 11:35:00 -0700 Subject: [PATCH 3/4] fix(spec): allow tests to return :body --- spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb b/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb index b87a84c..dc5df6e 100644 --- a/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb +++ b/spec/omniauth/strategies/microsoft_graph_oauth2_spec.rb @@ -315,11 +315,14 @@ end describe 'build_access_token' do + let(:body) { StringIO.new(%({"code":"json_access_token"})) } + it 'should use a hybrid authorization request_uri if this is an AJAX request with a code parameter' do allow(request).to receive(:scheme).and_return('https') allow(request).to receive(:url).and_return('https://example.com') allow(request).to receive(:xhr?).and_return(true) allow(request).to receive(:params).and_return('code' => 'valid_code') + allow(request).to receive(:body).and_return(body) client = double(:client) auth_code = double(:auth_code) @@ -337,6 +340,7 @@ allow(request).to receive(:url).and_return('https://example.com') allow(request).to receive(:xhr?).and_return(true) allow(request).to receive(:params).and_return('code' => 'valid_code', 'callback_url' => 'localhost') + allow(request).to receive(:body).and_return(body) client = double(:client) auth_code = double(:auth_code) @@ -354,6 +358,7 @@ allow(request).to receive(:url).and_return('https://example.com') allow(request).to receive(:xhr?).and_return(false) allow(request).to receive(:params).and_return('code' => 'valid_code', 'callback_url' => 'callback_url') + allow(request).to receive(:body).and_return(body) client = double(:client) auth_code = double(:auth_code) @@ -370,6 +375,7 @@ allow(request).to receive(:url).and_return('https://example.com') allow(request).to receive(:xhr?).and_return(false) allow(request).to receive(:params).and_return('access_token' => 'valid_access_token') + allow(request).to receive(:body).and_return(body) expect(subject).to receive(:verify_token).with('valid_access_token').and_return true expect(subject).to receive(:client).and_return(:client) @@ -380,7 +386,6 @@ end it 'reads the code from a json request body' do - body = StringIO.new(%({"code":"json_access_token"})) client = double(:client) auth_code = double(:auth_code) @@ -403,6 +408,7 @@ allow(request).to receive(:xhr?).and_return(false) allow(request).to receive(:params).and_return('code' => 'valid_code') allow(request).to receive(:content_type).and_return('application/x-www-form-urlencoded') + allow(request).to receive(:body).and_return(body) client = double(:client) auth_code = double(:auth_code) From 5285931e6802f8120cc0953ae374bbc4443e9b70 Mon Sep 17 00:00:00 2001 From: Zach Grande Date: Tue, 24 Sep 2024 12:35:38 -0700 Subject: [PATCH 4/4] fix: avoid naming collision with helper method --- lib/omniauth/strategies/microsoft_graph.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/omniauth/strategies/microsoft_graph.rb b/lib/omniauth/strategies/microsoft_graph.rb index 8894eb1..1d23781 100644 --- a/lib/omniauth/strategies/microsoft_graph.rb +++ b/lib/omniauth/strategies/microsoft_graph.rb @@ -84,7 +84,7 @@ def get_access_token(request) verifier = request.params['code'] redirect_uri = request.params['redirect_uri'] || request.params['callback_url'] - log("[OAUTH DEBUG 2024-09-24] request.body.read: #{request.body.read}") + log_message("[OAUTH DEBUG 2024-09-24] request.body.read: #{request.body.read}") request.body.rewind if verifier && request.xhr? @@ -136,7 +136,7 @@ def verify_email(auth_hash, access_token) OmniAuth::MicrosoftGraph::DomainVerifier.verify!(auth_hash, access_token, options) end - def log(message) + def log_message(message) puts message end end