Add GH tpls; update README to new format; add CONTRIBUTING; add rubocop to dev env

joshcanhelp · joshcanhelp · commit 078dce381589 · 2018-11-01T08:22:28.000-07:00
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,39 @@
+In order to efficiently and accurately address your issue or feature request, please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. Please delete any sections or questions below that do not pertain to this request.
+
+For general support or usage questions, please use the [Auth0 Community](https://community.auth0.com/) or [Auth0 Support](https://support.auth0.com.).
+
+### Description
+
+Description of the bug or feature request and why it's a problem. Consider including:
+
+- The use case or overall problem you're trying to solve
+- Information about when the problem started
+
+### Prerequisites
+
+* [ ] I have read the [Auth0 contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
+* [ ] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
+* [ ] Did you check the [documentation](https://auth0.com/docs/quickstart/webapp/rails)?
+* [ ] Did you check [Auth0 Community](https://community.auth0.com/tags/rails)?
+* [ ] Are you reporting this to the correct repository? This strategy relies on [OmniAuth](https://github.com/omniauth/omniauth) and the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy. 
+* [ ] Are there any related or duplicate [Issues](https://github.com/auth0/omniauth-auth0/issues) or [PRs](https://github.com/auth0/omniauth-auth0/pulls) for this issue?
+
+### Environment
+
+Please provide the following:
+
+* OmniAuth-Auth0 version:
+* Ruby version:
+* Rails veresion:
+* Browser version, if applicable:
+* Additional gems that might be affecting your instance:
+
+### Reproduction
+
+Detail the steps taken to reproduce this error and note if this issue can be reproduced consistently or if it is intermittent.
+
+Please include:
+
+- Log files (redact/remove sensitive information)
+- Application settings (redact/remove sensitive information)
+- Screenshots, if helpful
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,32 @@
+### Changes
+
+Please describe both what is changing and why this is important. Include:
+
+- Endpoints added, deleted, deprecated, or changed
+- Classes and methods added, deleted, deprecated, or changed
+- Screenshots of new or changed UI, if applicable
+- A summary of usage if this is a new feature or change to a public API (this should also be added to relevant documentation once released)
+
+### References
+
+Please include relevant links supporting this change such as a:
+
+- support ticket
+- community post
+- StackOverflow post
+- support forum thread
+- related GitHub issue in this or another repo
+
+### Testing
+
+Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.
+
+* [ ] This change adds unit test coverage
+* [ ] This change has been tested on the latest version of the platform/language or why not
+
+### Checklist
+
+* [ ] I have read the [Auth0 contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
+* [ ] I have read the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
+* [ ] All existing and new tests complete without errors
+* [ ] All code quality tools/guidelines in the [CONTRIBUTING documentation](CONTRIBUTING.md) have been run/followed
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,71 @@
+# Contribution
+
+**Thank you in advance for your contribution!**
+
+Please read [Auth0's contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md) before beginning work on your contribution here. 
+
+## Environment setup
+
+The best way we've found to develop gems locally is by using a local setting for your Bundler config. First, checkout the project locally:
+
+```bash
+$ pwd
+/PROJECT_ROOT/
+$ mkdir vendor # if one does not exist
+$ echo "/vendor/" >> .gitignore
+$ git clone git@github.com:auth0/omniauth-auth0.git vendor/omniauth-auth0
+Cloning into 'vendor/omniauth-auth0'...
+```
+
+Now, run the following command in your project root directory:
+
+```bash
+$ bundle config --local local.omniauth-auth0 /PROJECT_ROOT/vendor/omniauth-auth0
+You are replacing the current local value of local.omniauth-auth0, which is currently nil
+$ bundle config
+Settings are listed in order of priority. The top value will be used.
+local.omniauth-auth0
+Set for your local app (/PROJECT_ROOT/.bundle/config): "/PROJECT_ROOT/vendor/omniauth-auth0"
+```
+
+Finally, add or change the gem include to add a `github:` param:
+
+```ruby
+source 'https://rubygems.org'
+# ...
+# OmniAuth strategy for authenticating with Auth0
+gem 'omniauth-auth0', github: 'auth0/omniauth-auth0'
+#..
+```
+
+Now you should be able to make changes locally and have them reflected in your test app. Keep in mind you'll need to restart your app between changes.
+
+[Great explanation for why this setup works well](https://rossta.net/blog/how-to-specify-local-ruby-gems-in-your-gemfile.html). 
+
+## Testing
+
+Tests should be added for additional or modified functionality and all tests should run successfully before submitting a PR. 
+
+### Adding tests
+
+All new tests should be added to the `/spec/omniauth` directory. Testing resources, like JSON fixtures, should be added to the `/spec/resources` directory.
+
+### Running tests
+
+Running tests is as simple as:
+
+```bash
+$ bundle exec rake spec
+```
+
+## Documentation
+
+Documentation for this gem is primarily done at the code level. All new methods should include a docblock at least. 
+
+## Code quality tools
+
+Code quality is enforced across the entire gem with Rubocop:
+
+```bash
+$ bundle exec rake rubocop
+```
diff --git a/Gemfile b/Gemfile
@@ -12,16 +12,14 @@ group :development do
   gem 'shotgun'
   gem 'sinatra'
   gem 'thin'
+  gem 'rubocop', require: false
 end
 
 group :test do
   gem 'guard-rspec', require: false
   gem 'listen', '~> 3.1.5'
   gem 'rack-test'
   gem 'rspec', '~> 3.5'
-  gem 'rubocop', '>= 0.30', platforms: %i[
-    ruby_19 ruby_20 ruby_21 ruby_22
-  ]
   gem 'simplecov'
   gem 'webmock'
 end
diff --git a/README.md b/README.md
@@ -1,54 +1,57 @@
-[![Build Status](https://travis-ci.org/auth0/omniauth-auth0.svg)](https://travis-ci.org/auth0/omniauth-auth0)
-
 # OmniAuth Auth0
 
-This is the official [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating to [Auth0](https://auth0.com).
+An [OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating with [Auth0](https://auth0.com). This strategy is based on the [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2) strategy. 
 
-## Installing
+[![Build Status](https://travis-ci.org/auth0/omniauth-auth0.svg)](https://travis-ci.org/auth0/omniauth-auth0)
+[![Gem Version](https://badge.fury.io/rb/auth0.svg)](http://badge.fury.io/rb/auth0)
+[![MIT licensed](https://img.shields.io/dub/l/vibe-d.svg?style=flat)](https://github.com/auth0/ruby-auth0/blob/master/LICENSE)
 
-Add to your `Gemfile`:
+## Table of Contents
 
-```ruby
-gem 'omniauth-auth0'
-```
+- [Documentation](#documentation)
+- [Installation](#installation)
+- [Getting Started](#getting-started)
+- [Contribution](#contribution)
+- [Support + Feedback](#support--feedback)
+- [Vulnerability Reporting](#vulnerability-reporting)
+- [What is Auth0](#what-is-auth0)
+- [License](#license)
+
+## Documentation
 
-Then `bundle install`.
+- [Ruby on Rails Quickstart](https://auth0.com/docs/quickstart/webapp/rails)
+- [Sample projects](https://github.com/auth0-samples/auth0-rubyonrails-sample)
 
-## Usage
+## Installation
 
-### Rails
+Add the following line to your `Gemfile`:
 
 ```ruby
-Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :auth0, ENV['AUTH0_CLIENT_ID'], ENV['AUTH0_CLIENT_SECRET'], ENV['AUTH0_DOMAIN']
-end
+gem 'omniauth-auth0'
 ```
 
-Then to redirect to your tenant's hosted login page:
+Then install:
 
-```ruby
-redirect_to '/auth/auth0'
+```bash
+$ bundle install
 ```
 
-### Sinatra
+See our [contributing guide](CONTRIBUTING.md) for information on local installation for development. 
 
-```ruby
-use OmniAuth::Builder do
-  provider :auth0, ENV['AUTH0_CLIENT_ID'], ENV['AUTH0_CLIENT_SECRET'], ENV['AUTH0_DOMAIN']
-end
-```
+## Getting Started
 
-Then to redirect to your tenant's hosted login page:
+To start processing authentication requests, the following steps must be performed:
 
-```ruby
-redirect to('/auth/auth0')
-```
+1. Initialize the strategy
+2. Configure the callback controller
+3. Add the required routes
+4. Trigger an authentication request
 
-> You can customize your hosted login page in your [Auth0 Dashboard](https://manage.auth0.com/#/login_page)
+All of these tasks and more are covered in our [Ruby on Rails Quickstart](https://auth0.com/docs/quickstart/webapp/rails).
 
-### Auth parameters
+### Additional authentication parameters
 
-To send additional parameters during login you can specify them when you register the provider
+To send additional parameters during login, you can specify them when you register the provider:
 
 ```ruby
 provider 
@@ -64,81 +67,89 @@ provider
   }
 ```
 
-that will tell it to send those parameters on every Auth request.
+... which will tell the strategy to send those parameters on every Auth request.
 
-Or you can do it for a specific Auth request by adding them in the query parameter of the redirect URL. Allowed parameters are `connection` and `prompt`:
+Or you can do it for a specific authentication request by adding them to the query parameters of the redirect URL. Allowed parameters are `connection` and `prompt`:
 
 ```ruby
 redirect_to '/auth/auth0?connection=google-oauth2'
 redirect_to '/auth/auth0?prompt=none'
 ```
 
-### Auth Hash
+### Authentication hash
 
-Auth0 strategy will have the standard OmniAuth hash attributes:
+The Auth0 strategy will provide the standard OmniAuth hash attributes:
 
-- provider: the name of the strategy, in this case `auth0`
-- uid: the user identifier
-- info: the result of the call to /userinfo using OmniAuth standard attributes
-- credentials: Auth0 tokens, at least will have an access_token but can eventually have refresh_token and/or id_token
-- extra: Additional info obtained from calling /userinfo in the attribute `raw_info`
+- `:provider` - the name of the strategy, in this case `auth0`
+- `:uid` - the user identifier
+- `:info` - the result of the call to `/userinfo` using OmniAuth standard attributes
+- `:credentials` - tokens requested and data
+- `:extra` - Additional info obtained from calling `/userinfo` in the `:raw_info` property
 
 ```ruby
-	{
-	  :provider => 'auth0',
-	  :uid => 'google-oauth2|this-is-the-google-id',
-	  :info => {
-	    :name => 'John Foo',
-	    :email => 'johnfoo@example.org',
-	    :nickname => 'john',
-	    :image => 'https://example.org/john.jpg'
-	  },
-	  :credentials => {
-	    :token => 'XdDadllcas2134rdfdsI',
-	    :expires_at => 1485373937,
-        :expires => true,
-        :refresh_token => 'aKNajdjfj123nBasd',
-	    :id_token => 'eyJhbGciOiJIUzI1NiIsImN0eSI6IkpXVCJ9.eyJuYW1lIjoiSm9obiBGb28ifQ.lxAiy1rqve8ZHQEQVehUlP1sommPHVJDhgPgFPnDosg',
-	    :token_type => 'bearer',
-	  },
-	  :extra => {
-	    :raw_info => {
-	      :email => 'johnfoo@example.org',
-	      :email_verified => 'true',
-	      :name => 'John Foo',
-	      :picture => 'https://example.org/john.jpg',
-	      :user_id => 'google-oauth2|this-is-the-google-id',
-	      :nickname => 'john',
-	      :created_at => '2014-07-15T17:19:50.387Z'
-	    }
-	  }
-	}
+{
+  :provider => 'auth0',
+  :uid => 'auth0|USER_ID',
+  :info => {
+    :name => 'John Foo',
+    :email => 'johnfoo@example.org',
+    :nickname => 'john',
+    :image => 'https://example.org/john.jpg'
+  },
+  :credentials => {
+    :token => 'ACCESS_TOKEN',
+    :expires_at => 1485373937,
+    :expires => true,
+    :refresh_token => 'REFRESH_TOKEN',
+    :id_token => 'JWT_ID_TOKEN',
+    :token_type => 'bearer',
+  },
+  :extra => {
+    :raw_info => {
+      :email => 'johnfoo@example.org',
+      :email_verified => 'true',
+      :name => 'John Foo',
+      :picture => 'https://example.org/john.jpg',
+      :user_id => 'auth0|USER_ID',
+      :nickname => 'john',
+      :created_at => '2014-07-15T17:19:50.387Z'
+    }
+  }
+}
 ```
 
-### ActionDispatch::Cookies::CookieOverflow issue
+## Contribution
 
-If you are getting this error it means that you are using Cookie sessions and since you are storing the whole profile it overflows the max-size of 4K.
+We appreciate feedback and contribution to this repo! Before you get started, please see the following:
 
-You can change to use In-Memory store for development as follows:
+- [Auth0's contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
+- [Auth0's Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
+- [This repo's contribution guide](CONTRIBUTING.md)
 
-	# /config/initializers/session_store.rb
-	CrazyApp::Application.config.session_store :cache_store
+## Support + Feedback
 
-	# /config/environments/development.rb
-	config.cache_store = :memory_store
 
-## Documentation
+- Use [Community](https://community.auth0.com/) for usage, questions, specific cases.
+- Use [Issues](https://github.com/auth0/omniauth-auth0/issues) here for code-level support and bug reports.
+- Paid customers can use [Support](https://support.auth0.com/) to submit a trouble ticket for production-affecting issues. 
+
+## Vulnerability Reporting
 
-For more information about [auth0](http://auth0.com) contact our [documentation page](http://docs.auth0.com/).
+Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
 
-## Issue Reporting
+## What is Auth0?
 
-If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+Auth0 helps you to easily:
 
-## Author
+- implement authentication with multiple identity providers, including social (e.g., Google, Facebook, Microsoft, LinkedIn, GitHub, Twitter, etc), or enterprise (e.g., Windows Azure AD, Google Apps, Active Directory, ADFS, SAML, etc.)
+- log in users with username/password databases, passwordless, or multi-factor authentication
+- link multiple user accounts together
+- generate signed JSON Web Tokens to authorize your API calls and flow the user identity securely
+- access demographics and analytics detailing how, when, and where users are logging in
+- enrich user profiles from other data sources using customizable JavaScript rules
 
-[Auth0](https://auth0.com)
+[Why Auth0?](https://auth0.com/why-auth0)
 
 ## License
 
-This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.
+The OmniAuth Auth0 strategy is licensed under MIT - [LICENSE](LICENSE)
