From ccf121ac500f88504105592ae62d97ac7c603394 Mon Sep 17 00:00:00 2001 From: Lenart Rudel Date: Thu, 24 Jan 2019 12:57:26 +0100 Subject: [PATCH 1/2] Update gems --- lib/omniauth/amazon/version.rb | 2 +- omniauth-amazon.gemspec | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/omniauth/amazon/version.rb b/lib/omniauth/amazon/version.rb index ba6a0d1..f5d9876 100644 --- a/lib/omniauth/amazon/version.rb +++ b/lib/omniauth/amazon/version.rb @@ -1,5 +1,5 @@ module OmniAuth module Amazon - VERSION = "1.0.1" + VERSION = "1.1.0" end end diff --git a/omniauth-amazon.gemspec b/omniauth-amazon.gemspec index fe6c7a1..60c2f74 100644 --- a/omniauth-amazon.gemspec +++ b/omniauth-amazon.gemspec @@ -6,8 +6,8 @@ require 'omniauth/amazon/version' Gem::Specification.new do |spec| spec.name = "omniauth-amazon" spec.version = OmniAuth::Amazon::VERSION - spec.authors = ["Stafford Brunk"] - spec.email = ["stafford.brunk@gmail.com"] + spec.authors = ["Stafford Brunk", "Lenart Rudel"] + spec.email = ["stafford.brunk@gmail.com", "lenart.rudel@gmail.com"] spec.description = %q{Login with Amazon OAuth2 strategy for OmniAuth 1.0} spec.summary = %q{Login with Amazon OAuth2 strategy for OmniAuth 1.0} spec.homepage = "https://github.com/wingrunr21/omniauth-amazon" @@ -21,9 +21,9 @@ Gem::Specification.new do |spec| spec.add_dependency 'omniauth', '~> 1.0' spec.add_dependency 'omniauth-oauth2', '~> 1.1' - spec.add_development_dependency "bundler", "~> 1.3" + spec.add_development_dependency "bundler" spec.add_development_dependency "rake" - spec.add_development_dependency 'rspec', '~> 2.13' + spec.add_development_dependency 'rspec', '>= 2.13' spec.add_development_dependency 'rack-test' spec.add_development_dependency 'simplecov' spec.add_development_dependency 'webmock' From 0e466b6c8d7f84b719a5a50499260d31b3585843 Mon Sep 17 00:00:00 2001 From: Lenart Rudel Date: Thu, 24 Jan 2019 12:57:59 +0100 Subject: [PATCH 2/2] Allow custom scope param to be passed --- lib/omniauth/strategies/amazon.rb | 21 +++++++++++++++++++++ spec/omniauth/strategies/amazon_spec.rb | 6 ++++++ 2 files changed, 27 insertions(+) diff --git a/lib/omniauth/strategies/amazon.rb b/lib/omniauth/strategies/amazon.rb index 3405dc0..c415920 100644 --- a/lib/omniauth/strategies/amazon.rb +++ b/lib/omniauth/strategies/amazon.rb @@ -30,6 +30,21 @@ def build_access_token client.auth_code.get_token(verifier, token_params) end + def query_string + super.gsub(/\?state=[^&]*&?/, '') + end + + def authorize_params + options.authorize_params[:state] = state + params = options.authorize_params.merge(options_for("authorize")) + if OmniAuth.config.test_mode + @env ||= {} + @env["rack.session"] ||= {} + end + session["omniauth.state"] = params[:state] + params + end + uid { raw_info['Profile']['CustomerId'] } info do @@ -57,6 +72,12 @@ def raw_info params = {:params => { :access_token => access_token.token}} @raw_info ||= access_token.client.request(:get, url, params).parsed end + + private + + def state + request.params["state"] || SecureRandom.hex(24) + end end end end diff --git a/spec/omniauth/strategies/amazon_spec.rb b/spec/omniauth/strategies/amazon_spec.rb index 67e66d7..b0dfa6f 100644 --- a/spec/omniauth/strategies/amazon_spec.rb +++ b/spec/omniauth/strategies/amazon_spec.rb @@ -26,4 +26,10 @@ expect(subject.callback_path).to eq('/auth/amazon/callback') end end + + describe '#scope' do + it 'passes custom state to Amazon site' + it 'generates random state value when one is not explicitly provided' + it 'strips state from callback_url query params' + end end