artsy-auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1cf1e6c6b3b49a4acdcd25dccd98ce3ae28a04c7
+  data.tar.gz: 04708d532731280d1043d3613c775351a027f699
+SHA512:
+  metadata.gz: 89a733670ad984119f5a7d03ff96d22ff9fbe15c4f313fcdf3a3623e5d6463fabce0e6aa611528310fcea0786d22b76387eb3153abd0463adcbb4e92f22d73f8
+  data.tar.gz: 87b350bdbb4270269baebe4d50ae9fc7ec63a3e2baebfd3baee6d6e78454d6d3fc57beae4cd472fd8d6c3b059b390216ca8ddbd9b2f2265f9711713f145e61e9

data/README.md

@@ -0,0 +1,59 @@
+# Artsy Authentication
+
+Ruby Gem for adding Artsy's omniauth based authentication to your app.
+
+## Installation
+Add following line to your Gemfile
+
+```
+gem 'artsy-auth'
+```
+
+## Usage
+Artsy Auth is based on [`Rails::Engine`](http://api.rubyonrails.org/classes/Rails/Engine.html).
+
+### Configure
+Add `artsy_auth.rb` under `config/initializer`. We need to configure `ArtsyAuth` to use proper Artsy `application_id` and `application_secret`. Also it needs `artsy_url` which will be used to redirect `sign_out` to proper location.
+`callback_url` defines after a successful omniauth handshake, where should we get redirected to.
+
+```ruby
+# config/initalizers/artsy_auth.rb
+ArtsyAuth.config.artsy_url = 'https://stagingapi.artsy.net'
+ArtsyAuth.config.callback_url = '/admin'
+ArtsyAuth.config.application_id = '321322131'
+ArtsyAuth.config.application_secret = '123123asdasd'
+```
+
+You also need to mount session related endpoints to your app, in your `config/routes.rb`. Add following line to your current routes.
+```ruby
+# config/routes.rb
+mount ArtsyAuth::Engine => '/'
+```
+
+In order to force authenticaiton, you need to change your `ApplicationController` to inherit from ` ArtsyAuth::ApplicationController`, you also need to add (override) `authorize?` method there which gets a token and in your app you need to define how do you authorize that token, for example:
+```ruby
+class ApplicationController < ArtsyAuth::ApplicationController
+  # Prevent CSRF attacks by raising an exception.
+  protect_from_forgery with: :exception
+
+  # override applicaiton to decode token and allow only users with `tester` role
+  def authorized?(token)
+    decoded_token, _headers = JWT.decode(token, 'some-secret')
+    decoded_token['roles'].include? 'tester'
+  end
+end
+```
+Note that this will add authenticaiton to all of your controllers, if you want to skip Artsy's authentication for specific controller you can skip it in your controller by adding:
+```ruby
+class TestController
+  skip_before_action :require_artsy_authentication
+end
+```
+
+
+# Contributing
+
+* Fork the project.
+* Make your feature addition or bug fix with tests.
+* Update CHANGELOG.
+* Send a pull request. Bonus points for topic branches.

data/Rakefile

@@ -0,0 +1,12 @@
+require 'rubygems'
+require 'bundler/gem_tasks'
+Bundler.setup(:default, :development)
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+task :default => :spec

data/config/initializers/omniauth.rb

@@ -0,0 +1,3 @@
+ArtsyAuth::Engine.middleware.use OmniAuth::Builder do
+  provider :artsy, ArtsyAuth.config.application_id, ArtsyAuth.config.application_secret
+end

data/config/routes.rb

@@ -0,0 +1,4 @@
+ArtsyAuth::Engine.routes.draw do
+  get '/auth/:provider/callback', to: 'sessions#create'
+  get '/sign_out', to: 'sessions#destroy'
+end

data/lib/artsy-auth/application_controller.rb

@@ -0,0 +1,23 @@
+module ArtsyAuth
+  class ApplicationController < ActionController::Base
+    before_action :require_artsy_authentication
+
+    def require_artsy_authentication
+      if session[:access_token]
+        head(:forbidden) unless authorized? session[:access_token]
+      else
+        clear_session_and_reauth! unless session[:access_token]
+      end
+    end
+
+    def clear_session_and_reauth!
+      reset_session
+      session[:redirect_to] = request.url
+      redirect_to '/auth/artsy'
+    end
+
+    def authorized?(token)
+      raise NotImplementedError
+    end
+  end
+end

data/lib/artsy-auth/config.rb

@@ -0,0 +1,10 @@
+module ArtsyAuth
+  mattr_accessor :config
+end
+
+ArtsyAuth.config = OpenStruct.new(
+  artsy_url: ENV['artsy_url'] || 'http://localhost:3000',
+  callback_url: ENV['callback_url'] || 'http://localhost:3000/',
+  application_id: ENV['application_id'],
+  application_secret: ENV['application_secret']
+)

data/lib/artsy-auth/engine.rb

@@ -0,0 +1,8 @@
+require 'omniauth'
+require 'omniauth-artsy'
+
+module ArtsyAuth
+  class Engine < ::Rails::Engine
+    isolate_namespace ArtsyAuth
+  end
+end

data/lib/artsy-auth/session_controller.rb

@@ -0,0 +1,22 @@
+module ArtsyAuth
+  class SessionsController < ApplicationController
+    skip_before_action :require_artsy_authentication
+    def create
+      session[:user_id] = auth_hash['uid']
+      session[:email] = auth_hash['info']['raw_info']['email']
+      session[:access_token] = auth_hash['credentials']['token']
+      redirect_to "#{ArtsyAuth.config[:callback_url]}"
+    end
+
+    def destroy
+      reset_session
+      redirect_to "#{ArtsyAuth.config[:artsy_url]}/users/sign_out"
+    end
+
+    protected
+
+    def auth_hash
+      request.env['omniauth.auth']
+    end
+  end
+end

data/lib/artsy-auth/version.rb

@@ -0,0 +1,3 @@
+module ArtsyAuth
+  VERSION = '0.1.0'.freeze
+end

data/lib/artsy-auth.rb

@@ -0,0 +1,8 @@
+require 'artsy-auth/config'
+require 'artsy-auth/engine'
+require 'artsy-auth/version'
+require 'artsy-auth/application_controller'
+require 'artsy-auth/session_controller'
+
+module ArtsyAuth
+end

metadata

@@ -0,0 +1,166 @@
+--- !ruby/object:Gem::Specification
+name: artsy-auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Artsy
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-03-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-artsy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: See summary.
+email:
+- it@artsymail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- Rakefile
+- config/initializers/omniauth.rb
+- config/routes.rb
+- lib/artsy-auth.rb
+- lib/artsy-auth/application_controller.rb
+- lib/artsy-auth/config.rb
+- lib/artsy-auth/engine.rb
+- lib/artsy-auth/session_controller.rb
+- lib/artsy-auth/version.rb
+homepage: http://artsy.net
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: ArtsyAuth is a rails based gem that adds Artsy authentication with authorization
+  to your app.
+test_files: []