lib/omniauth/strategies/salesforce.rb in omniauth-salesforce-1.0.3 vs lib/omniauth/strategies/salesforce.rb in omniauth-salesforce-1.0.4
- old
+ new
@@ -1,23 +1,26 @@
require 'omniauth-oauth2'
+require 'openssl'
+require 'base64'
module OmniAuth
module Strategies
class Salesforce < OmniAuth::Strategies::OAuth2
- MOBILE_USER_AGENTS = 'webos|ipod|iphone|mobile'
+ MOBILE_USER_AGENTS = 'webos|ipod|iphone|ipad|android|blackberry|mobile'
option :client_options, {
:site => 'https://login.salesforce.com',
:authorize_url => '/services/oauth2/authorize',
:token_url => '/services/oauth2/token'
}
option :authorize_options, [
:scope,
:display,
:immediate,
- :state
+ :state,
+ :prompt
]
def request_phase
req = Rack::Request.new(@env)
options.update(req.params)
@@ -27,10 +30,19 @@
options[:display] = mobile_request ? 'touch' : 'page'
end
super
end
+ def auth_hash
+ signed_value = access_token.params['id'] + access_token.params['issued_at']
+ raw_expected_signature = OpenSSL::HMAC.digest('sha256', options.client_secret, signed_value)
+ expected_signature = Base64.strict_encode64 raw_expected_signature
+ signature = access_token.params['signature']
+ fail! "Salesforce user id did not match signature!" unless signature == expected_signature
+ super
+ end
+
uid { raw_info['id'] }
info do
{
'name' => raw_info['display_name'],
@@ -60,10 +72,12 @@
end
extra do
raw_info.merge({
'instance_url' => access_token.params['instance_url'],
- 'pod' => access_token.params['instance_url']
+ 'pod' => access_token.params['instance_url'],
+ 'signature' => access_token.params['signature'],
+ 'issued_at' => access_token.params['issued_at']
})
end
end