Embed omniauth-salesforce

debian/gems-compat/omniauth-salesforce-1.0.5/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+/pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

debian/gems-compat/omniauth-salesforce-1.0.5/.rspec

@@ -0,0 +1 @@
+--colour

debian/gems-compat/omniauth-salesforce-1.0.5/.rvmrc

@@ -0,0 +1 @@
+rvm use 1.9.2-p290@omniauth-salesforce --create

debian/gems-compat/omniauth-salesforce-1.0.5/Gemfile

@@ -0,0 +1,12 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-salesforce.gemspec
+gemspec
+
+group :development, :test do
+  gem 'guard'
+  gem 'guard-rspec'
+  gem 'guard-bundler'
+  gem 'rb-fsevent'
+  gem 'growl'
+end

debian/gems-compat/omniauth-salesforce-1.0.5/Guardfile

@@ -0,0 +1,10 @@
+guard 'rspec', :version => 2 do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end
+
+guard 'bundler' do
+  watch('Gemfile')
+  watch('omniauth-salesforce.gemspec')
+end

debian/gems-compat/omniauth-salesforce-1.0.5/LICENSE.md

@@ -0,0 +1,5 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

debian/gems-compat/omniauth-salesforce-1.0.5/README.md

@@ -0,0 +1,49 @@
+# omniauth-salesforce
+
+[OmniAuth](https://github.com/intridea/omniauth) Strategy for [salesforce.com](salesforce.com).
+
+Note: This is a fork of the [original](https://github.com/richardvanhook/omniauth-salesforce) project and is now the main repository for the omniauth-salesforce gem.
+
+## See it in action
+
+[http://omniauth-salesforce-example.herokuapp.com](http://omniauth-salesforce-example.herokuapp.com)
+
+[Source for above app](https://github.com/richardvanhook/omniauth-salesforce-example)
+
+## Basic Usage
+
+```ruby
+require "sinatra"
+require "omniauth"
+require "omniauth-salesforce"
+
+class MyApplication < Sinatra::Base
+  use Rack::Session
+  use OmniAuth::Builder do
+    provider :salesforce, ENV['SALESFORCE_KEY'], ENV['SALESFORCE_SECRET']
+  end
+end
+```
+
+## Including other sites
+
+```ruby
+use OmniAuth::Builder do
+    provider :salesforce, 
+             ENV['SALESFORCE_KEY'], 
+             ENV['SALESFORCE_SECRET']
+    provider OmniAuth::Strategies::SalesforceSandbox, 
+             ENV['SALESFORCE_SANDBOX_KEY'], 
+             ENV['SALESFORCE_SANDBOX_SECRET']
+    provider OmniAuth::Strategies::SalesforcePreRelease, 
+             ENV['SALESFORCE_PRERELEASE_KEY'], 
+             ENV['SALESFORCE_PRERELEASE_SECRET']
+    provider OmniAuth::Strategies::DatabaseDotCom, 
+             ENV['DATABASE_DOT_COM_KEY'], 
+             ENV['DATABASE_DOT_COM_SECRET']
+end
+```
+
+## Resources
+
+* [Article: Digging Deeper into OAuth 2.0 on Force.com](http://wiki.developerforce.com/index.php/Digging_Deeper_into_OAuth_2.0_on_Force.com)

debian/gems-compat/omniauth-salesforce-1.0.5/Rakefile

@@ -0,0 +1,12 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task :default => :spec
+
+desc "Run specs"
+RSpec::Core::RakeTask.new
+
+desc 'Run specs'
+task :default => :spec

debian/gems-compat/omniauth-salesforce-1.0.5/lib/omniauth-salesforce.rb

@@ -0,0 +1,2 @@
+require "omniauth-salesforce/version"
+require 'omniauth/strategies/salesforce'

debian/gems-compat/omniauth-salesforce-1.0.5/lib/omniauth-salesforce/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Salesforce
+    VERSION = "1.0.5"
+  end
+end

debian/gems-compat/omniauth-salesforce-1.0.5/lib/omniauth/strategies/salesforce.rb

@@ -0,0 +1,97 @@
+require 'omniauth-oauth2'
+require 'openssl'
+require 'base64'
+
+module OmniAuth
+  module Strategies
+    class Salesforce < OmniAuth::Strategies::OAuth2
+
+      MOBILE_USER_AGENTS =  'webos|ipod|iphone|ipad|android|blackberry|mobile'
+
+      option :client_options, {
+        :site          => 'https://login.salesforce.com',
+        :authorize_url => '/services/oauth2/authorize',
+        :token_url     => '/services/oauth2/token'
+      }
+      option :authorize_options, [
+        :scope,
+        :display,
+        :immediate,
+        :state,
+        :prompt
+      ]
+
+      def request_phase
+        req = Rack::Request.new(@env)
+        options.update(req.params)
+        ua = req.user_agent.to_s
+        if !options.has_key?(:display)
+          mobile_request = ua.downcase =~ Regexp.new(MOBILE_USER_AGENTS)
+          options[:display] = mobile_request ? 'touch' : 'page'
+        end
+        super
+      end
+
+      def auth_hash
+        signed_value = access_token.params['id'] + access_token.params['issued_at']
+        raw_expected_signature = OpenSSL::HMAC.digest('sha256', options.client_secret.to_s, signed_value)
+        expected_signature = Base64.strict_encode64 raw_expected_signature
+        signature = access_token.params['signature']
+        fail! "Salesforce user id did not match signature!" unless signature == expected_signature
+        super
+      end
+
+      uid { raw_info['id'] }
+
+      info do
+        {
+          'name'            => raw_info['display_name'],
+          'email'           => raw_info['email'],
+          'nickname'        => raw_info['nick_name'],
+          'first_name'      => raw_info['first_name'],
+          'last_name'       => raw_info['last_name'],
+          'location'        => '',
+          'description'     => '',
+          'image'           => raw_info['photos']['thumbnail'] + "?oauth_token=#{access_token.token}",
+          'phone'           => '',
+          'urls'            => raw_info['urls']
+        }
+      end
+
+      credentials do
+        hash = {'token' => access_token.token}
+        hash.merge!('instance_url' => access_token.params["instance_url"])
+        hash.merge!('refresh_token' => access_token.refresh_token) if access_token.refresh_token
+        hash
+      end
+
+      def raw_info
+        access_token.options[:mode] = :header
+        @raw_info ||= access_token.post(access_token['id']).parsed
+      end
+
+      extra do
+        raw_info.merge({
+          'instance_url' => access_token.params['instance_url'],
+          'pod' => access_token.params['instance_url'],
+          'signature' => access_token.params['signature'],
+          'issued_at' => access_token.params['issued_at']
+        })
+      end
+
+    end
+
+    class SalesforceSandbox < OmniAuth::Strategies::Salesforce
+      default_options[:client_options][:site] = 'https://test.salesforce.com'
+    end
+
+    class DatabaseDotCom < OmniAuth::Strategies::Salesforce
+      default_options[:client_options][:site] = 'https://login.database.com'
+    end
+
+    class SalesforcePreRelease < OmniAuth::Strategies::Salesforce
+      default_options[:client_options][:site] = 'https://prerellogin.pre.salesforce.com/'
+    end
+
+  end
+end

debian/gems-compat/omniauth-salesforce-1.0.5/omniauth-salesforce.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/omniauth-salesforce/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Richard Vanhook"]
+  gem.email         = ["rvanhook@salesforce.com"]
+  gem.description   = %q{OmniAuth strategy for salesforce.com.}
+  gem.summary       = %q{OmniAuth strategy for salesforce.com.}
+  gem.homepage      = "https://github.com/realdoug/omniauth-salesforce"
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "omniauth-salesforce"
+  gem.require_paths = ["lib"]
+  gem.version       = OmniAuth::Salesforce::VERSION
+  gem.license       = "MIT"
+
+  gem.add_dependency 'omniauth', '~> 1.0'
+  gem.add_dependency 'omniauth-oauth2', '~> 1.0'
+  gem.add_development_dependency 'rspec', '~> 2.7'
+  gem.add_development_dependency 'rack-test'
+  gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'webmock'
+end

debian/gems-compat/omniauth-salesforce-1.0.5/spec/omniauth/strategies/salesforce_spec.rb

@@ -0,0 +1,217 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::Salesforce do
+	strategy = nil
+	before do
+		OmniAuth.config.test_mode = true
+		rack_app = []
+		rack_app.stub :call
+		strategy = OmniAuth::Strategies::Salesforce.new rack_app, 'Consumer Key', 'Consumer Secret'
+	end
+	describe "request_phase" do
+		env = nil
+		before do
+			env = {
+				'rack.session' => {},
+				'HTTP_USER_AGENT' => 'unknown',
+				'REQUEST_METHOD' => 'GET',
+				'rack.input' => '',
+				'rack.url_scheme' => 'http',
+				'SERVER_NAME' => 'server.example',
+				'QUERY_STRING' => 'code=xxxx',
+				'SCRIPT_NAME' => '',
+				'SERVER_PORT' => 80
+			}
+		end
+		context "when using a mobile browser" do
+			user_agents = {
+				:Pre => "Mozilla/5.0 (webOS/1.4.0; U; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Version/1.0 Safari/532.2 Pre/1.1",
+				:iPod => "Mozilla/5.0 (iPod; U; CPU like Mac OS X; en) AppleWebKit/420.1 (KHTML, like Gecko) Version/3.0 Mobile/4A93 Safari/419.3",
+				:iPhone => "Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543 Safari/419.3",
+				:iPad => "Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10",
+				:Nexus => "Mozilla/5.0 (Linux; U; Android 2.2; en-us; Nexus One Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
+				:myTouch => "Mozilla/5.0 (Linux; U; Android 1.6; en-us; WOWMobile myTouch 3G Build/unknown) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1",
+				:Storm => "BlackBerry9530/4.7.0.148 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/105",
+				:Torch => "Mozilla/5.0 (BlackBerry; U; BlackBerry 9810; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.0.0 Mobile Safari/534.11+",
+				:generic_mobile => "some mobile device"
+			}
+			user_agents.each_pair do |name, agent|
+				context "with the user agent from a #{name.to_s}" do
+					before do
+						env['HTTP_USER_AGENT'] = agent
+						strategy.call!(env)
+						strategy.request_phase
+					end
+					subject {strategy.options}
+					it "sets the :display option to 'touch'" do
+						subject[:display].should == 'touch'
+					end
+				end
+			end
+		end
+		context "when using a desktop browser" do
+			user_agents = {
+				:Chrome => "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.21 (KHTML, like Gecko) Chrome/19.0.1042.0 Safari/535.21",
+				:Safari => "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; de-at) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1",
+				:IE => "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.0.3705; .NET CLR 1.1.4322)",
+				:anything_else => "unknown"
+			}
+			user_agents.each_pair do |name, agent|
+				context "with the user agent from #{name.to_s}" do
+					before do
+						env['HTTP_USER_AGENT'] = agent
+						strategy.call!(env)
+						strategy.request_phase
+					end
+					subject {strategy.options}
+					it "sets the :display option to 'page'" do
+						subject[:display].should == 'page'
+					end
+				end
+			end
+		end
+	end
+	describe "callback phase" do
+		raw_info = nil
+		before do
+			raw_info = {
+				'id' => 'salesforce id',
+				'display_name' => 'display name',
+				'email' => 'email',
+				'nick_name' => 'nick name',
+				'first_name' => 'first name',
+				'last_name' => 'last name',
+				'photos' => {'thumbnail' => '/thumbnail/url'},
+				'urls'=> {
+					"enterprise" => "https://salesforce.example/services",
+					"metadata" => "https://salesforce.example/services"
+				}
+			}
+			client = OAuth2::Client.new 'id', 'secret', {:site => 'example.com'}
+			access_token = OAuth2::AccessToken.from_hash client, {
+				'access_token' => 'token',
+				'instance_url' => 'http://instance.salesforce.example',
+				'signature' => 'invalid',
+				'issued_at' => '1296458209517'
+			}
+			strategy.stub(:raw_info) { raw_info }
+			strategy.stub(:access_token) { access_token }
+		end
+		describe "uid" do
+			it "sets the id" do
+				strategy.uid.should == raw_info['id']
+			end
+		end
+		describe "info" do
+			subject { strategy.info }
+			it "returns an info hash" do
+				subject.should_not be_nil
+			end
+			it "sets name" do
+				subject['name'].should == raw_info['display_name']
+			end
+			it "sets email" do
+				subject['email'].should == raw_info['email']
+			end
+			it "sets nickname" do
+				subject['nickname'].should == raw_info['nick_name']
+			end
+			it "sets first_name" do
+				subject['first_name'].should == raw_info['first_name']
+			end
+			it "sets last_name" do
+				subject['last_name'].should == raw_info['last_name']
+			end
+			it "sets location" do
+				subject['location'].should == ''
+			end
+			it "sets description" do
+				subject['description'].should == ''
+			end
+			it "sets image" do
+				subject['image'].should == raw_info['photos']['thumbnail'] + "?oauth_token=#{strategy.access_token.token}"
+			end
+			it "sets phone" do
+				subject['phone'].should == ''
+			end
+			it "sets urls" do
+				subject['urls'].should == raw_info['urls']
+			end
+		end
+		describe "credentials" do
+			subject { strategy.credentials }
+			it "sets token" do
+				subject['token'].should == strategy.access_token.token
+			end
+			it "sets instance_url" do
+				subject['instance_url'].should == strategy.access_token.params["instance_url"]
+			end
+			context "given a refresh token" do
+				it "sets refresh_token" do
+					subject['refresh_token'].should == strategy.access_token.refresh_token
+				end
+			end
+			context "when not given a refresh token" do
+				it "does not set a refresh token" do
+					subject['refresh_token'].should be_nil
+				end
+			end
+		end
+		describe "extra" do
+			subject { strategy.extra }
+			it "sets instance_url" do
+				subject['instance_url'].should == strategy.access_token.params['instance_url']
+			end
+			it "sets pod" do
+				subject['pod'].should == strategy.access_token.params['instance_url']
+			end
+			it "sets signature" do
+				subject['signature'].should == strategy.access_token.params['signature']
+			end
+			it "sets issued_at" do
+				subject['issued_at'].should == strategy.access_token.params['issued_at']
+			end
+		end
+		describe "user id validation" do
+			client_id = nil
+			issued_at = nil
+			signature = nil
+			instance_url = 'http://instance.salesforce.example'
+			before do
+					client_id = "https://login.salesforce.com/id/00Dd0000000d45TEBQ/005d0000000fyGPCCY"
+					issued_at = "1331142541514"
+					signature = Base64.strict_encode64(OpenSSL::HMAC.digest('sha256', strategy.options.client_secret.to_s, client_id + issued_at))
+			end
+			context "when the signature does not match" do
+				before do
+					access_token = OAuth2::AccessToken.from_hash strategy.access_token.client, {
+						'id' => 'forged client id',
+						'issued_at' => issued_at,
+						'instance_url' => 'http://instance.salesforce.example',
+						'signature' => signature
+					}
+					strategy.stub(:access_token) { access_token }
+				end
+				it "should call fail!" do
+					strategy.should_receive(:fail!)
+					strategy.auth_hash
+				end
+			end
+			context "when the signature does match" do
+				before do
+					access_token = OAuth2::AccessToken.from_hash strategy.access_token.client, {
+						'id' => client_id,
+						'issued_at' => issued_at,
+						'instance_url' => 'http://instance.salesforce.example',
+						'signature' => signature
+					}
+					strategy.stub(:access_token) { access_token }
+				end
+				it "should not fail" do
+					strategy.should_not_receive(:fail!)
+					strategy.auth_hash
+				end
+			end
+		end
+	end
+end

debian/gems-compat/omniauth-salesforce-1.0.5/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'simplecov'
+SimpleCov.start
+require 'rspec'
+require 'rack/test'
+require 'webmock/rspec'
+require 'omniauth'
+require 'omniauth-salesforce'
+
+RSpec.configure do |config|
+  config.include WebMock::API
+  config.include Rack::Test::Methods
+  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
+end
+

debian/patches/0810-embed-omniauth-salesforce.patch

@@ -0,0 +1,11 @@
+--- a/Gemfile
++++ b/Gemfile
+@@ -54,7 +54,7 @@
+ gem 'omniauth-authentiq', '~> 0.3.3'
+ gem 'omniauth_openid_connect', '~> 0.3.0'
+ gem "omniauth-ultraauth", '~> 0.0.2', path: 'vendor/gems/omniauth-ultraauth-0.0.2'
+-gem 'omniauth-salesforce', '~> 1.0', '>= 1.0.5'
++gem 'omniauth-salesforce', '~> 1.0', '>= 1.0.5', path: 'vendor/gems/omniauth-salesforce-1.0.5'
+ gem 'rack-oauth2', '~> 1.9', '>= 1.9.3'
+ gem 'jwt', '2.1', path: 'vendor/gems/jwt-2.1.0'
+ 

debian/patches/series

@@ -30,3 +30,4 @@
 0740-use-packaged-modules.patch
 bump-devise-to-4-6.patch
 0800-embed-omniauth0ultraauth.patch
+0810-embed-omniauth-salesforce.patch