[ { "path": ".github/FUNDING.yml", "content": "github: bobbymcwho\ntidelift: rubygems/omniauth-oauth2\n" }, { "path": ".github/workflows/main.yml", "content": "name: Ruby\n\non:\n push:\n branches: [ master ]\n pull_request:\n branches: [ master ]\n\njobs:\n test:\n runs-on: ${{ matrix.os }}\n timeout-minutes: 30\n strategy:\n fail-fast: false\n matrix:\n os: [ubuntu-latest, macos-latest]\n ruby: ['3.0', 3.1, 3.2, 3.3, 3.4, head, debug, truffleruby, truffleruby-head, jruby, jruby-head]\n steps:\n - uses: actions/checkout@v3\n - name: Set up Ruby\n uses: ruby/setup-ruby@v1\n with:\n ruby-version: ${{ matrix.ruby }}\n bundler-cache: true\n - name: Set JRUBY_OPTS environment variable\n run: echo \"JRUBY_OPTS=--debug\" >> \"$GITHUB_ENV\"\n if: ${{ startsWith(matrix.ruby, 'jruby') }}\n - name: Run tests\n run: bundle exec rake\n - uses: actions/upload-artifact@v4\n if: ${{ matrix.os == 'ubuntu-latest' && matrix.ruby == '3.0' }}\n with:\n name: coverage\n path: coverage/\n retention-days: 1\n\n coveralls:\n needs: test\n runs-on: ubuntu-latest\n timeout-minutes: 30\n steps:\n - uses: actions/download-artifact@v4\n with:\n name: coverage\n path: coverage/\n - name: Coveralls GitHub Action\n uses: coverallsapp/github-action@v2\n" }, { "path": ".gitignore", "content": "*.gem\n*.rbc\n.bundle\n.config\n.yardoc\nGemfile.lock\nInstalledFiles\n_yardoc\ncoverage\ndoc/\nlib/bundler/man\npkg\nrdoc\nspec/reports\ntest/tmp\ntest/version_tmp\ntmp\n*.swp\n" }, { "path": ".rspec", "content": "--colour\n--format=progress\n" }, { "path": ".rubocop.yml", "content": "AllCops:\n NewCops: enable\n\nGemspec/RequiredRubyVersion:\n Enabled: false\n\nLayout/AccessModifierIndentation:\n EnforcedStyle: outdent\n\nLayout/LineLength:\n AllowURI: true\n Enabled: false\n\nLayout/SpaceInsideHashLiteralBraces:\n EnforcedStyle: no_space\n\nLint/MissingSuper:\n Enabled: false\n\nMetrics/AbcSize:\n Max: 18\n\nMetrics/BlockLength:\n Exclude:\n - spec/omniauth/strategies/oauth2_spec.rb\n\nMetrics/BlockNesting:\n Max: 2\n\nMetrics/ClassLength:\n Max: 110\n\nMetrics/MethodLength:\n CountComments: false\n Max: 10\n\nMetrics/ParameterLists:\n Max: 4\n CountKeywordArgs: true\n\nNaming/FileName:\n Exclude:\n - lib/omniauth-oauth2.rb\n\nStyle/CollectionMethods:\n PreferredMethods:\n map: 'collect'\n reduce: 'inject'\n find: 'detect'\n find_all: 'select'\n\nStyle/Documentation:\n Enabled: false\n\nStyle/DoubleNegation:\n Enabled: false\n\nStyle/ExpandPathArguments:\n Enabled: false\n\nStyle/FrozenStringLiteralComment:\n Enabled: false\n\nStyle/HashSyntax:\n EnforcedStyle: hash_rockets\n\nStyle/StderrPuts:\n Enabled: false\n\nStyle/StringLiterals:\n EnforcedStyle: double_quotes\n\nStyle/TrailingCommaInArguments:\n EnforcedStyleForMultiline: comma\n\nStyle/TrailingCommaInHashLiteral:\n EnforcedStyleForMultiline: comma\n\nStyle/TrailingCommaInArrayLiteral:\n EnforcedStyleForMultiline: comma\n" }, { "path": "CHANGELOG.md", "content": "## [v1.9.0](https://github.com/omniauth/omniauth-oauth2/releases/tag/v1.9.0)\n- Prevent timing attacks [#174](https://github.com/omniauth/omniauth-oauth2/pull/174)\n- Rescue OAuth2 timeouts [#169](https://github.com/omniauth/omniauth-oauth2/pull/169)\n\n## [v1.8.0](https://github.com/omniauth/omniauth-oauth2/releases/tag/v1.8.0)\n- Relaxes allowed versions of the oauth2 gem. [#146](https://github.com/omniauth/omniauth-oauth2/pull/146)\n- Requires omniauth `~> 2.0` [#152](https://github.com/omniauth/omniauth-oauth2/pull/152) \n\nPlease see https://github.com/omniauth/omniauth-oauth2/releases for changelog prior to 1.8.0\n" }, { "path": "Gemfile", "content": "source \"https://rubygems.org\"\n\ngem \"rake\", \"~> 13.0\"\n\ngroup :test do\n gem \"addressable\", \"~> 2.3.8\", :platforms => %i[jruby ruby_18]\n gem 'coveralls_reborn', '~> 0.19.0', require: false\n gem \"json\", :platforms => %i[jruby ruby_18 ruby_19]\n gem \"mime-types\", \"~> 1.25\", :platforms => %i[jruby ruby_18]\n gem \"rack-test\"\n gem \"rest-client\", \"~> 1.8.0\", :platforms => %i[jruby ruby_18]\n gem \"rspec\", \"~> 3.2\"\n gem \"rubocop\", \">= 0.51\", :platforms => %i[ruby_19 ruby_20 ruby_21 ruby_22 ruby_23 ruby_24]\n gem 'simplecov-lcov'\n gem 'tins', '~> 1.13', :platforms => %i[jruby_18 jruby_19 ruby_19]\n gem \"webmock\", \"~> 3.0\"\nend\n\n# Specify your gem's dependencies in omniauth-oauth2.gemspec\ngemspec\n" }, { "path": "LICENSE.md", "content": "Copyright (C) 2014 Michael Bleigh, Erik Michaels-Ober and Intridea, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n" }, { "path": "README.md", "content": "# OmniAuth OAuth2\n\n[![Gem Version](http://img.shields.io/gem/v/omniauth-oauth2.svg)][gem]\n[![Code Climate](http://img.shields.io/codeclimate/maintainability/intridea/omniauth-oauth2.svg)][codeclimate]\n[![Coverage Status](http://img.shields.io/coveralls/intridea/omniauth-oauth2.svg)][coveralls]\n[![Security](https://hakiri.io/github/omniauth/omniauth-oauth2/master.svg)](https://hakiri.io/github/omniauth/omniauth-oauth2/master)\n\n[gem]: https://rubygems.org/gems/omniauth-oauth2\n[codeclimate]: https://codeclimate.com/github/intridea/omniauth-oauth2\n[coveralls]: https://coveralls.io/r/intridea/omniauth-oauth2\n\nThis gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve\nas a building block strategy for other strategies and not to be used\nindependently (since it has no inherent way to gather uid and user info).\n\n## Creating an OAuth2 Strategy\n\nTo create an OmniAuth OAuth2 strategy using this gem, you can simply subclass\nit and add a few extra methods like so:\n\n```ruby\nrequire 'omniauth-oauth2'\n\nmodule OmniAuth\n module Strategies\n class SomeSite < OmniAuth::Strategies::OAuth2\n # Give your strategy a name.\n option :name, \"some_site\"\n\n # This is where you pass the options you would pass when\n # initializing your consumer from the OAuth gem.\n option :client_options, {:site => \"https://api.somesite.com\"}\n\n # You may specify that your strategy should use PKCE by setting\n # the pkce option to true: https://tools.ietf.org/html/rfc7636\n option :pkce, true\n\n # These are called after authentication has succeeded. If\n # possible, you should try to set the UID without making\n # additional calls (if the user id is returned with the token\n # or as a URI parameter). This may not be possible with all\n # providers.\n uid{ raw_info['id'] }\n\n info do\n {\n :name => raw_info['name'],\n :email => raw_info['email']\n }\n end\n\n extra do\n {\n 'raw_info' => raw_info\n }\n end\n\n def raw_info\n @raw_info ||= access_token.get('/me').parsed\n end\n end\n end\nend\n```\n\nThat's pretty much it!\n\n## OmniAuth-OAuth2 for Enterprise\n\nAvailable as part of the Tidelift Subscription.\n\nThe maintainers of OmniAuth-OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-omniauth-oauth2?utm_source=undefined&utm_medium=referral&utm_campaign=enterprise)\n\n## Supported Ruby Versions\n\nOmniAuth is tested under 2.5, 2.6, 2.7, 3.0, 3.1, 3.2, truffleruby, and JRuby." }, { "path": "Rakefile", "content": "#!/usr/bin/env rake\n\nrequire \"bundler/gem_tasks\"\nrequire \"rspec/core/rake_task\"\n\nRSpec::Core::RakeTask.new\n\ntask :test => :spec\n\nbegin\n require \"rubocop/rake_task\"\n RuboCop::RakeTask.new\nrescue LoadError\n task :rubocop do\n $stderr.puts \"RuboCop is disabled\"\n end\nend\n\ntask :default => %i[spec rubocop]\n" }, { "path": "SECURITY.md", "content": "# Security Policy\n\n## Supported Versions\n\nUse this section to tell people about which versions of your project are\ncurrently being supported with security updates.\n\n| Version | Supported |\n| ------- | ------------------ |\n| 1.7.x | :white_check_mark: |\n| <= 1.6.x | :x: |\n\n## Security contact information\n\nTo report a security vulnerability, please use the\n[Tidelift security contact](https://tidelift.com/security).\nTidelift will coordinate the fix and disclosure.\n" }, { "path": "lib/omniauth/strategies/oauth2.rb", "content": "require \"oauth2\"\nrequire \"omniauth\"\nrequire \"securerandom\"\nrequire \"socket\" # for SocketError\nrequire \"timeout\" # for Timeout::Error\n\nmodule OmniAuth\n module Strategies\n # Authentication strategy for connecting with APIs constructed using\n # the [OAuth 2.0 Specification](http://tools.ietf.org/html/draft-ietf-oauth-v2-10).\n # You must generally register your application with the provider and\n # utilize an application id and secret in order to authenticate using\n # OAuth 2.0.\n class OAuth2\n include OmniAuth::Strategy\n\n def self.inherited(subclass)\n OmniAuth::Strategy.included(subclass)\n end\n\n args %i[client_id client_secret]\n\n option :client_id, nil\n option :client_secret, nil\n option :client_options, {}\n option :authorize_params, {}\n option :authorize_options, %i[scope state]\n option :token_params, {}\n option :token_options, []\n option :auth_token_params, {}\n option :provider_ignores_state, false\n option :pkce, false\n option :pkce_verifier, nil\n option :pkce_options, {\n :code_challenge => proc { |verifier|\n Base64.urlsafe_encode64(\n Digest::SHA2.digest(verifier),\n :padding => false,\n )\n },\n :code_challenge_method => \"S256\",\n }\n\n attr_accessor :access_token\n\n def client\n ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))\n end\n\n credentials do\n hash = {\"token\" => access_token.token}\n hash[\"refresh_token\"] = access_token.refresh_token if access_token.expires? && access_token.refresh_token\n hash[\"expires_at\"] = access_token.expires_at if access_token.expires?\n hash[\"expires\"] = access_token.expires?\n hash\n end\n\n def request_phase\n redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))\n end\n\n def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength\n options.authorize_params[:state] = SecureRandom.hex(24)\n\n if OmniAuth.config.test_mode\n @env ||= {}\n @env[\"rack.session\"] ||= {}\n end\n\n params = options.authorize_params\n .merge(options_for(\"authorize\"))\n .merge(pkce_authorize_params)\n\n session[\"omniauth.pkce.verifier\"] = options.pkce_verifier if options.pkce\n session[\"omniauth.state\"] = params[:state]\n\n params\n end\n\n def token_params\n options.token_params.merge(options_for(\"token\")).merge(pkce_token_params)\n end\n\n def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity\n error = request.params[\"error_reason\"] || request.params[\"error\"]\n if !options.provider_ignores_state && (request.params[\"state\"].to_s.empty? || !secure_compare(request.params[\"state\"], session.delete(\"omniauth.state\")))\n fail!(:csrf_detected, CallbackError.new(:csrf_detected, \"CSRF detected\"))\n elsif error\n fail!(error, CallbackError.new(request.params[\"error\"], request.params[\"error_description\"] || request.params[\"error_reason\"], request.params[\"error_uri\"]))\n else\n self.access_token = build_access_token\n self.access_token = access_token.refresh! if access_token.expired?\n super\n end\n rescue ::OAuth2::Error, CallbackError => e\n fail!(:invalid_credentials, e)\n rescue ::Timeout::Error, ::Errno::ETIMEDOUT, ::OAuth2::TimeoutError, ::OAuth2::ConnectionError => e\n fail!(:timeout, e)\n rescue ::SocketError => e\n fail!(:failed_to_connect, e)\n end\n\n protected\n\n def pkce_authorize_params\n return {} unless options.pkce\n\n options.pkce_verifier = SecureRandom.hex(64)\n\n # NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A\n {\n :code_challenge => options.pkce_options[:code_challenge]\n .call(options.pkce_verifier),\n :code_challenge_method => options.pkce_options[:code_challenge_method],\n }\n end\n\n def pkce_token_params\n return {} unless options.pkce\n\n {:code_verifier => session.delete(\"omniauth.pkce.verifier\")}\n end\n\n def build_access_token\n verifier = request.params[\"code\"]\n client.auth_code.get_token(verifier, {:redirect_uri => callback_url}.merge(token_params.to_hash(:symbolize_keys => true)), deep_symbolize(options.auth_token_params))\n end\n\n def deep_symbolize(options)\n options.each_with_object({}) do |(key, value), hash|\n hash[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value\n end\n end\n\n def options_for(option)\n hash = {}\n options.send(:\"#{option}_options\").select { |key| options[key] }.each do |key|\n hash[key.to_sym] = if options[key].respond_to?(:call)\n options[key].call(env)\n else\n options[key]\n end\n end\n hash\n end\n\n # constant-time comparison algorithm to prevent timing attacks\n def secure_compare(string_a, string_b)\n return false unless string_a.bytesize == string_b.bytesize\n\n l = string_a.unpack \"C#{string_a.bytesize}\"\n\n res = 0\n string_b.each_byte { |byte| res |= byte ^ l.shift }\n res.zero?\n end\n\n # An error that is indicated in the OAuth 2.0 callback.\n # This could be a `redirect_uri_mismatch` or other\n class CallbackError < StandardError\n attr_accessor :error, :error_reason, :error_uri\n\n def initialize(error, error_reason = nil, error_uri = nil)\n self.error = error\n self.error_reason = error_reason\n self.error_uri = error_uri\n end\n\n def message\n [error, error_reason, error_uri].compact.join(\" | \")\n end\n end\n end\n end\nend\n\nOmniAuth.config.add_camelization \"oauth2\", \"OAuth2\"\n" }, { "path": "lib/omniauth-oauth2/version.rb", "content": "module OmniAuth\n module OAuth2\n VERSION = \"1.9.0\".freeze\n end\nend\n" }, { "path": "lib/omniauth-oauth2.rb", "content": "require \"omniauth-oauth2/version\"\nrequire \"omniauth/strategies/oauth2\"\n" }, { "path": "omniauth-oauth2.gemspec", "content": "lib = File.expand_path(\"../lib\", __FILE__)\n$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)\nrequire \"omniauth-oauth2/version\"\n\nGem::Specification.new do |gem|\n gem.add_dependency \"oauth2\", [\">= 2.0.2\", \"< 3\"]\n gem.add_dependency \"omniauth\", \"~> 2.0\"\n\n gem.add_development_dependency \"bundler\", \"~> 4.0\"\n\n gem.authors = [\"Michael Bleigh\", \"Erik Michaels-Ober\", \"Tom Milewski\"]\n gem.email = [\"michael@intridea.com\", \"sferik@gmail.com\", \"tmilewski@gmail.com\"]\n gem.description = \"An abstract OAuth2 strategy for OmniAuth.\"\n gem.summary = gem.description\n gem.homepage = \"https://github.com/omniauth/omniauth-oauth2\"\n gem.licenses = %w[MIT]\n\n gem.executables = `git ls-files -- bin/*`.split(\"\\n\").collect { |f| File.basename(f) }\n gem.files = `git ls-files`.split(\"\\n\")\n gem.test_files = `git ls-files -- {test,spec,features}/*`.split(\"\\n\")\n gem.name = \"omniauth-oauth2\"\n gem.require_paths = %w[lib]\n gem.version = OmniAuth::OAuth2::VERSION\nend\n" }, { "path": "spec/helper.rb", "content": "$LOAD_PATH.unshift File.expand_path(\"..\", __FILE__)\n$LOAD_PATH.unshift File.expand_path(\"../../lib\", __FILE__)\n\nif RUBY_VERSION >= \"1.9\"\n require \"simplecov\"\n require \"simplecov-lcov\"\n require \"coveralls\"\n\n SimpleCov::Formatter::LcovFormatter.config.report_with_single_file = true\n\n SimpleCov.formatters = [\n SimpleCov::Formatter::HTMLFormatter,\n SimpleCov::Formatter::LcovFormatter,\n Coveralls::SimpleCov::Formatter\n ]\n\n SimpleCov.start do\n minimum_coverage(78.48)\n end\nend\n\nrequire \"rspec\"\nrequire \"rack/test\"\nrequire \"webmock/rspec\"\nrequire \"omniauth\"\nrequire \"omniauth-oauth2\"\n\nRSpec.configure do |config|\n config.expect_with :rspec do |c|\n c.syntax = :expect\n end\n config.extend OmniAuth::Test::StrategyMacros, :type => :strategy\n config.include Rack::Test::Methods\n config.include WebMock::API\nend\n" }, { "path": "spec/omniauth/strategies/oauth2_spec.rb", "content": "require \"helper\"\n\ndescribe OmniAuth::Strategies::OAuth2 do\n def app\n lambda do |_env|\n [200, {}, [\"Hello.\"]]\n end\n end\n let(:fresh_strategy) { Class.new(OmniAuth::Strategies::OAuth2) }\n\n before do\n OmniAuth.config.test_mode = true\n end\n\n after do\n OmniAuth.config.test_mode = false\n end\n\n describe \"Subclassing Behavior\" do\n subject { fresh_strategy }\n\n it \"performs the OmniAuth::Strategy included hook\" do\n expect(OmniAuth.strategies).to include(OmniAuth::Strategies::OAuth2)\n expect(OmniAuth.strategies).to include(subject)\n end\n end\n\n describe \"#client\" do\n subject { fresh_strategy }\n\n it \"is initialized with symbolized client_options\" do\n instance = subject.new(app, :client_options => {\"authorize_url\" => \"https://example.com\"})\n expect(instance.client.options[:authorize_url]).to eq(\"https://example.com\")\n end\n\n it \"sets ssl options as connection options\" do\n instance = subject.new(app, :client_options => {\"ssl\" => {\"ca_path\" => \"foo\"}})\n expect(instance.client.options[:connection_opts][:ssl]).to eq(:ca_path => \"foo\")\n end\n end\n\n describe \"#authorize_params\" do\n subject { fresh_strategy }\n\n it \"includes any authorize params passed in the :authorize_params option\" do\n instance = subject.new(\"abc\", \"def\", :authorize_params => {:foo => \"bar\", :baz => \"zip\"})\n expect(instance.authorize_params[\"foo\"]).to eq(\"bar\")\n expect(instance.authorize_params[\"baz\"]).to eq(\"zip\")\n end\n\n it \"includes top-level options that are marked as :authorize_options\" do\n instance = subject.new(\"abc\", \"def\", :authorize_options => %i[scope foo state], :scope => \"bar\", :foo => \"baz\")\n expect(instance.authorize_params[\"scope\"]).to eq(\"bar\")\n expect(instance.authorize_params[\"foo\"]).to eq(\"baz\")\n expect(instance.authorize_params[\"state\"]).not_to be_empty\n end\n\n it \"includes random state in the authorize params\" do\n instance = subject.new(\"abc\", \"def\")\n expect(instance.authorize_params.keys).to eq([\"state\"])\n expect(instance.session[\"omniauth.state\"]).not_to be_empty\n end\n\n it \"includes custom state in the authorize params\" do\n instance = subject.new(\"abc\", \"def\", :state => proc { \"qux\" })\n expect(instance.authorize_params.keys).to eq([\"state\"])\n expect(instance.session[\"omniauth.state\"]).to eq(\"qux\")\n end\n\n it \"includes PKCE parameters if enabled\" do\n instance = subject.new(\"abc\", \"def\", :pkce => true)\n expect(instance.authorize_params[:code_challenge]).to be_a(String)\n expect(instance.authorize_params[:code_challenge_method]).to eq(\"S256\")\n expect(instance.session[\"omniauth.pkce.verifier\"]).to be_a(String)\n end\n end\n\n describe \"#token_params\" do\n subject { fresh_strategy }\n\n it \"includes any authorize params passed in the :authorize_params option\" do\n instance = subject.new(\"abc\", \"def\", :token_params => {:foo => \"bar\", :baz => \"zip\"})\n expect(instance.token_params).to eq(\"foo\" => \"bar\", \"baz\" => \"zip\")\n end\n\n it \"includes top-level options that are marked as :authorize_options\" do\n instance = subject.new(\"abc\", \"def\", :token_options => %i[scope foo], :scope => \"bar\", :foo => \"baz\")\n expect(instance.token_params).to eq(\"scope\" => \"bar\", \"foo\" => \"baz\")\n end\n\n it \"includes the PKCE code_verifier if enabled\" do\n instance = subject.new(\"abc\", \"def\", :pkce => true)\n # setup session\n instance.authorize_params\n expect(instance.token_params[:code_verifier]).to be_a(String)\n end\n end\n\n describe \"#callback_phase\" do\n subject(:instance) { fresh_strategy.new(\"abc\", \"def\") }\n\n let(:params) { {\"error_reason\" => \"user_denied\", \"error\" => \"access_denied\", \"state\" => state} }\n let(:state) { \"secret\" }\n\n before do\n allow(instance).to receive(:request) do\n double(\"Request\", :params => params)\n end\n\n allow(instance).to receive(:session) do\n double(\"Session\", :delete => state)\n end\n end\n\n it \"calls fail with the error received\" do\n expect(instance).to receive(:fail!).with(\"user_denied\", anything)\n\n instance.callback_phase\n end\n\n it \"calls fail with the error received if state is missing and CSRF verification is disabled\" do\n params[\"state\"] = nil\n instance.options.provider_ignores_state = true\n\n expect(instance).to receive(:fail!).with(\"user_denied\", anything)\n\n instance.callback_phase\n end\n\n it \"calls fail with a CSRF error if the state is missing\" do\n params[\"state\"] = nil\n\n expect(instance).to receive(:fail!).with(:csrf_detected, anything)\n instance.callback_phase\n end\n\n it \"calls fail with a CSRF error if the state is invalid\" do\n params[\"state\"] = \"invalid\"\n\n expect(instance).to receive(:fail!).with(:csrf_detected, anything)\n instance.callback_phase\n end\n\n describe 'exception handlings' do\n let(:params) do\n {\"code\" => \"code\", \"state\" => state}\n end\n\n before do\n allow_any_instance_of(OmniAuth::Strategies::OAuth2).to receive(:build_access_token).and_raise(exception)\n end\n\n {\n :invalid_credentials => [OAuth2::Error, OmniAuth::Strategies::OAuth2::CallbackError],\n :timeout => [Timeout::Error, Errno::ETIMEDOUT, OAuth2::TimeoutError, OAuth2::ConnectionError],\n :failed_to_connect => [SocketError]\n }.each do |error_type, exceptions|\n exceptions.each do |klass|\n context \"when #{klass}\" do\n let(:exception) { klass.new 'error' }\n\n it do\n expect(instance).to receive(:fail!).with(error_type, exception)\n instance.callback_phase\n end\n end\n end\n end\n end\n end\n\n describe \"#secure_compare\" do\n subject { fresh_strategy }\n\n it \"returns true when the two inputs are the same and false otherwise\" do\n instance = subject.new(\"abc\", \"def\")\n expect(instance.send(:secure_compare, \"a\", \"a\")).to be true\n expect(instance.send(:secure_compare, \"b\", \"a\")).to be false\n end\n end\nend\n\ndescribe OmniAuth::Strategies::OAuth2::CallbackError do\n let(:error) { Class.new(OmniAuth::Strategies::OAuth2::CallbackError) }\n describe \"#message\" do\n subject { error }\n it \"includes all of the attributes\" do\n instance = subject.new(\"error\", \"description\", \"uri\")\n expect(instance.message).to match(/error/)\n expect(instance.message).to match(/description/)\n expect(instance.message).to match(/uri/)\n end\n it \"includes all of the attributes\" do\n instance = subject.new(nil, :symbol)\n expect(instance.message).to eq(\"symbol\")\n end\n end\nend\n" } ]