1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
require 'omniauth-oauth2'
require 'openssl'
require 'base64'
module OmniAuth
module Strategies
class Salesforce < OmniAuth::Strategies::OAuth2
MOBILE_USER_AGENTS = 'webos|ipod|iphone|ipad|android|blackberry|mobile'
option :client_options, {
:site => 'https://login.salesforce.com',
:authorize_url => '/services/oauth2/authorize',
:token_url => '/services/oauth2/token'
}
option :authorize_options, [
:scope,
:display,
:immediate,
:state,
:prompt
]
def request_phase
req = Rack::Request.new(@env)
options.update(req.params)
ua = req.user_agent.to_s
if !options.has_key?(:display)
mobile_request = ua.downcase =~ Regexp.new(MOBILE_USER_AGENTS)
options[:display] = mobile_request ? 'touch' : 'page'
end
super
end
def auth_hash
signed_value = access_token.params['id'] + access_token.params['issued_at']
raw_expected_signature = OpenSSL::HMAC.digest('sha256', options.client_secret.to_s, signed_value)
expected_signature = Base64.strict_encode64 raw_expected_signature
signature = access_token.params['signature']
fail! "Salesforce user id did not match signature!" unless signature == expected_signature
super
end
uid { raw_info['id'] }
info do
{
'name' => raw_info['display_name'],
'email' => raw_info['email'],
'nickname' => raw_info['nick_name'],
'first_name' => raw_info['first_name'],
'last_name' => raw_info['last_name'],
'location' => '',
'description' => '',
'image' => raw_info['photos']['thumbnail'] + "?oauth_token=#{access_token.token}",
'phone' => '',
'urls' => raw_info['urls']
}
end
credentials do
hash = {'token' => access_token.token}
hash.merge!('instance_url' => access_token.params["instance_url"])
hash.merge!('refresh_token' => access_token.refresh_token) if access_token.refresh_token
hash
end
def raw_info
access_token.options[:mode] = :header
@raw_info ||= access_token.post(access_token['id']).parsed
end
extra do
raw_info.merge({
'instance_url' => access_token.params['instance_url'],
'pod' => access_token.params['instance_url'],
'signature' => access_token.params['signature'],
'issued_at' => access_token.params['issued_at']
})
end
end
class SalesforceSandbox < OmniAuth::Strategies::Salesforce
default_options[:client_options][:site] = 'https://test.salesforce.com'
end
class DatabaseDotCom < OmniAuth::Strategies::Salesforce
default_options[:client_options][:site] = 'https://login.database.com'
end
class SalesforcePreRelease < OmniAuth::Strategies::Salesforce
default_options[:client_options][:site] = 'https://prerellogin.pre.salesforce.com/'
end
end
end
|