brownbeagle-gitauth 0.0.3.3 → 0.0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Rakefile +19 -0
- data/USAGE +1 -1
- data/bin/gitauth +157 -214
- data/bin/gitauth-shell +7 -14
- data/config.ru +5 -0
- data/gitauth.gemspec +28 -0
- data/lib/gitauth/auth_setup_middleware.rb +44 -0
- data/lib/gitauth/client.rb +12 -7
- data/lib/gitauth/command.rb +10 -14
- data/lib/gitauth/group.rb +2 -2
- data/lib/gitauth/message.rb +69 -0
- data/lib/gitauth/repo.rb +52 -33
- data/lib/gitauth/saveable_class.rb +25 -22
- data/lib/gitauth/settings.rb +49 -0
- data/lib/gitauth/user.rb +21 -18
- data/lib/gitauth/web_app.rb +72 -11
- data/lib/gitauth.rb +64 -44
- data/public/gitauth.css +25 -2
- data/resources/messages.yml +9 -0
- data/views/auth_setup.erb +27 -0
- data/views/clone_repo.erb +22 -0
- data/views/layout.erb +1 -1
- metadata +34 -41
data/Rakefile
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'rake'
|
2
|
+
|
3
|
+
task :gemspec do
|
4
|
+
require 'rubygems'
|
5
|
+
require File.join(File.dirname(__FILE__), "lib", "gitauth")
|
6
|
+
spec = Gem::Specification.new do |s|
|
7
|
+
s.name = 'gitauth'
|
8
|
+
s.email = 'sutto@sutto.net'
|
9
|
+
s.homepage = 'http://brownbeagle.com.au/'
|
10
|
+
s.authors = ["Darcy Laycock"]
|
11
|
+
s.version = GitAuth.version
|
12
|
+
s.summary = "An authentication manager for Git repositories served over SSH"
|
13
|
+
s.description = "A library to enable per user / group authentication on a read / write basis for git repositories running over ssh"
|
14
|
+
s.files = (FileList["{bin,lib,public,resources,views}/**/*"].to_a + FileList["*"].to_a).sort
|
15
|
+
s.executables = FileList["bin/*"].to_a.map { |f| File.basename(f) }
|
16
|
+
s.platform = Gem::Platform::RUBY
|
17
|
+
end
|
18
|
+
File.open("gitauth.gemspec", "w+") { |f| f.puts spec.to_ruby }
|
19
|
+
end
|
data/USAGE
CHANGED
@@ -9,7 +9,7 @@ gitauth permissions REPO USERORGROUP [PERMISSION=all,read,write]
|
|
9
9
|
PERMISSION:
|
10
10
|
Default = all
|
11
11
|
The level of permissions you want to give the user or group on the repository in question
|
12
|
-
all = read
|
12
|
+
all = read and write
|
13
13
|
read = the user can see the repository and pull it, but cannot push changes
|
14
14
|
write = user can push changes but can't pull it.
|
15
15
|
|
data/bin/gitauth
CHANGED
@@ -1,252 +1,195 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
require File.join(File.dirname(__FILE__), "..", "lib", "gitauth")
|
2
3
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
#
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
4
|
+
GitAuth::Application.processing(ARGV) do |a|
|
5
|
+
a.banner = "GitAuth v#{GitAuth.version}"
|
6
|
+
|
7
|
+
a.generator!
|
8
|
+
|
9
|
+
a.option(:force, "force the creation of the settings file")
|
10
|
+
a.option(:admin, "pass the path to a ssh public key and it adds a default admin user")
|
11
|
+
a.add("install", "Sets up GitAuth for the current user") do |options|
|
12
|
+
|
13
|
+
setup_generator ".", :silent => true
|
14
|
+
|
15
|
+
# Check for a valid admin key
|
16
|
+
if options.has_key?(:admin) && (!options[:admin].is_a?(String) || !file?(options[:admin]))
|
17
|
+
puts "You provided the admin option but didn't provide it with a path to public key."
|
18
|
+
die! "Please re-run again with a path to a key, e.g. --admin=~/id_rsa.pub"
|
19
|
+
end
|
20
|
+
|
21
|
+
if !yes?("Are you logged in as the correct user?")
|
22
|
+
die!("Please log in as the correct user and re-run")
|
23
|
+
end
|
20
24
|
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
require File.join(File.dirname(__FILE__), "..", "lib", "gitauth")
|
25
|
+
if !GitAuth.has_git?
|
26
|
+
die!("'git' was not found in your path - please install it / add it to your path before continuing.")
|
27
|
+
end
|
25
28
|
|
29
|
+
ssh_folder = "~/.ssh"
|
30
|
+
if !folder?(ssh_folder)
|
31
|
+
folders ssh_folder
|
32
|
+
chmod 0700, ssh_folder
|
33
|
+
end
|
26
34
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
35
|
+
authorized_keys = ssh_folder / "authorized_keys"
|
36
|
+
if !file?(authorized_keys)
|
37
|
+
file authorized_keys, "\n\n## GitAuth - DO NO EDIT BELOW THIS LINE ##\n"
|
38
|
+
chmod 0600, authorized_keys
|
39
|
+
end
|
40
|
+
|
41
|
+
gitauth_folder = "~/.gitauth/"
|
42
|
+
folders gitauth_folder
|
43
|
+
|
44
|
+
settings_file = gitauth_folder / "settings.yml"
|
45
|
+
if !file?(settings_file) || options[:force]
|
46
|
+
repo_path = ask("Where did you want repositories to be stored?", "~/repositories")
|
47
|
+
repo_path = File.expand_path(repo_path)
|
48
|
+
folders repo_path
|
49
|
+
|
50
|
+
default_shell_path = GitAuth::BASE_DIR.join("bin", "gitauth-shell").to_s
|
51
|
+
gitauth_shell_path = ""
|
52
|
+
gitauth_shell_set = false
|
53
|
+
while gitauth_shell_path.blank? || !(file?(gitauth_shell_path) && executable?(gitauth_shell_path))
|
54
|
+
# A Give the user a message if the path doesn't exist.
|
55
|
+
if gitauth_shell_set
|
56
|
+
puts "The shell you provided, #{gitauth_shell_path}, isn't executable"
|
57
|
+
else
|
58
|
+
gitauth_shell_set = true
|
59
|
+
end
|
60
|
+
gitauth_shell_path = ask("What is the path to your gitauth-shell?", default_shell_path)
|
61
|
+
gitauth_shell_path = File.expand_path(gitauth_shell_path)
|
62
|
+
end
|
63
|
+
|
64
|
+
GitAuth::Settings.update!({
|
65
|
+
:base_path => File.expand_path(repo_path),
|
66
|
+
:authorized_keys_file => File.expand_path(authorized_keys),
|
67
|
+
:shell_executable => File.expand_path(gitauth_shell_path)
|
68
|
+
})
|
69
|
+
end
|
70
|
+
|
71
|
+
if options[:admin]
|
72
|
+
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
76
|
+
|
77
|
+
a.controller! :web_app, "Starts the gitauth frontend using the default sintra runner"
|
78
|
+
|
79
|
+
a.option(:force, "Skip the verification / confirmation part of adding the permissions")
|
80
|
+
a.option(:type, "The type of permissions - one of all, read, write or none. Defaults to all")
|
81
|
+
full_desc = "Gives a specific user or group the specified permissions to a given repository - pass '-h' for more information"
|
82
|
+
a.add("permissions REPOSITORY USER-OR-GROUP", full_desc) do |repo, target, options|
|
83
|
+
permissions = options[:type] || 'all'
|
84
|
+
|
85
|
+
if !%w(all read write none).include? permissions
|
86
|
+
die! "'#{permissions}' is not a valid permission type. It must be all, read, write or none"
|
87
|
+
end
|
88
|
+
|
89
|
+
real_permissions = ({"all" => ["read", "write"], "none" => []}[permissions] || [permissions])
|
90
|
+
repository = GitAuth::Repo.get(repo)
|
91
|
+
real_target = GitAuth.get_user_or_group(target)
|
92
|
+
|
93
|
+
die! "Unknown repository '#{repo}'" if repository.blank?
|
94
|
+
die! "Unknown user or group '#{target}'" if real_target.blank?
|
95
|
+
|
96
|
+
if options[:force] || yes?("Adding '#{permissions}' permissions for #{real_target} to #{repository.name}")
|
97
|
+
repository.update_permissions!(real_target, real_permissions)
|
98
|
+
puts "Permissions updated."
|
40
99
|
else
|
41
|
-
|
42
|
-
exit! 1
|
100
|
+
puts "Permissions not added, exiting."
|
43
101
|
end
|
44
102
|
end
|
45
103
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
admin = !!
|
51
|
-
|
52
|
-
|
104
|
+
a.option(:admin, "Makes a user an admin user")
|
105
|
+
a.add("add-user NAME PATH-TO-PUBLIC-KEY", "Creates a user with a given public key") do |name, ssh_key, options|
|
106
|
+
GitAuth.prepare
|
107
|
+
die! "'#{ssh_key}' is not a valid path to a public key" if !File.file?(ssh_key)
|
108
|
+
admin = !!options[:admin]
|
109
|
+
contents = File.read(ssh_key).strip
|
110
|
+
if GitAuth::User.create(name, admin, contents)
|
111
|
+
puts "Successfully added user '#{name}' (user #{admin ? 'is' : 'is not'} an admin)"
|
53
112
|
else
|
54
|
-
|
55
|
-
exit!
|
113
|
+
die! "There was an unknown error attempting to add a user called '#{name}'"
|
56
114
|
end
|
57
115
|
end
|
58
116
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
117
|
+
a.add("add-repo NAME [PATH=NAME]", "Creates a named repository, with an optional path on the file system") do |name, *args|
|
118
|
+
GitAuth.prepare
|
119
|
+
options = args.extract_options!
|
120
|
+
path = (args.shift || name)
|
121
|
+
if GitAuth::Repo.create(name, path)
|
122
|
+
puts "Successfully created repository '#{name}' located at '#{path}'"
|
64
123
|
else
|
65
|
-
|
66
|
-
exit! 1
|
124
|
+
die! "Unable to create repository '#{name}' in location '#{path}'"
|
67
125
|
end
|
68
126
|
end
|
69
127
|
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
exit! 1
|
78
|
-
end
|
79
|
-
repo = GitAuth::Repo.get(repo)
|
80
|
-
uog = GitAuth.get_user_or_group(user_or_group)
|
81
|
-
if repo.nil? || uog.nil?
|
82
|
-
$stderr.puts "Invalid repository or user, please check the name"
|
83
|
-
exit! 1
|
84
|
-
end
|
85
|
-
repo.writeable_by(uog) if %w(all write).include?(permissions)
|
86
|
-
repo.readable_by(uog) if %w(all read).include?(permissions)
|
87
|
-
GitAuth::Repo.save!
|
88
|
-
$stdout.puts "Permissions Added"
|
128
|
+
a.add("add-group NAME", "Creates a group with a given name") do |name, options|
|
129
|
+
GitAuth.prepare
|
130
|
+
if GitAuth::Group.create(name)
|
131
|
+
puts "Successfully created group '#{name}'"
|
132
|
+
else
|
133
|
+
die! "Unable to create group '#{name}'"
|
134
|
+
end
|
89
135
|
end
|
90
136
|
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
exit! 1
|
99
|
-
end
|
100
|
-
if !GitAuth.has_git?
|
101
|
-
$stderr.puts "'git' was not found in your path - please install it before continuing."
|
102
|
-
exit! 1
|
103
|
-
end
|
104
|
-
require 'fileutils'
|
105
|
-
folder = File.expand_path("~/.ssh")
|
106
|
-
if !File.exist?(folder) || !File.directory?(folder)
|
107
|
-
FileUtils.mkdir(folder)
|
108
|
-
FileUtils.chmod(0700, folder)
|
109
|
-
end
|
110
|
-
authorized_keys = File.join(folder, "authorized_keys")
|
111
|
-
if !File.exist?(authorized_keys)
|
112
|
-
File.open(authorized_keys, "w+") do |f|
|
113
|
-
f.puts "## GitAuth - DO NO EDIT BELOW THIS LINE ##"
|
114
|
-
end
|
115
|
-
FileUtils.chmod(0600, authorized_keys)
|
116
|
-
end
|
117
|
-
gitauth_folder = File.expand_path("~/.gitauth/")
|
118
|
-
FileUtils.mkdir(gitauth_folder) if !File.exist?(gitauth_folder) || !File.directory?(gitauth_folder)
|
119
|
-
gitauth_settings_path = File.join(gitauth_folder, "settings.yml")
|
120
|
-
unless File.exist?(gitauth_settings_path) || (options && options[:force_config])
|
121
|
-
print "Where did you want repositories to be stored? (default: ~/repositories/): "
|
122
|
-
path = Readline.readline.strip
|
123
|
-
path = File.expand_path("~/repositories") if path.empty?
|
124
|
-
begin
|
125
|
-
FileUtils.mkdir_p(path)
|
126
|
-
rescue
|
127
|
-
$stderr.puts "There was an error making the repository folder: #{path}"
|
128
|
-
$stderr.puts "Please check again"
|
129
|
-
exit! 1
|
130
|
-
end
|
131
|
-
current_gitauth_shell_path = File.join(GitAuth::BASE_DIR, "bin", "gitauth-shell")
|
132
|
-
$stdout.print "What is the path to your gitauth-shell (default: '#{current_gitauth_shell_path}'): "
|
133
|
-
gitauth_shell_path = Readline.readline
|
134
|
-
gitauth_shell_path = current_gitauth_shell_path if gitauth_shell_path.empty?
|
135
|
-
File.open(gitauth_settings_path, "w+") do |f|
|
136
|
-
f.write({
|
137
|
-
"base_path" => path,
|
138
|
-
"authorized_keys_file" => authorized_keys,
|
139
|
-
"shell_executable" => gitauth_shell_path
|
140
|
-
}.to_yaml)
|
141
|
-
end
|
142
|
-
if !public_key_path.nil? && File.exist?(public_key_path)
|
143
|
-
GitAuth.setup!
|
144
|
-
created = GitAuth::User.create("admin", true, File.read(public_key_path).strip)
|
145
|
-
if created
|
146
|
-
$stdout.puts "Admin User Created."
|
147
|
-
else
|
148
|
-
$stderr.puts "An admin user couldn't be created."
|
149
|
-
exit! 1
|
150
|
-
end
|
151
|
-
end
|
137
|
+
a.add("ls-users", "Lists all users currently managed by gitauth") do |options|
|
138
|
+
GitAuth.prepare
|
139
|
+
puts "Users:"
|
140
|
+
(GitAuth::User.all || []).each do |user|
|
141
|
+
line = "- #{user}"
|
142
|
+
line << " (admin)" if user.admin?
|
143
|
+
puts line
|
152
144
|
end
|
153
|
-
rescue Errno::EACCES
|
154
|
-
$stderr.puts "Hey, it looks you don't have access to that - sorry!"
|
155
|
-
exit! 1
|
156
145
|
end
|
157
146
|
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
GitAuth.setup!
|
163
|
-
$stdout.puts "Repositories:"
|
164
|
-
GitAuth::Repo.all.each do |repo|
|
147
|
+
a.add("ls-repos", "Lists all repositories currently managed by gitauth") do |options|
|
148
|
+
GitAuth.prepare
|
149
|
+
puts "Repositories:"
|
150
|
+
(GitAuth::Repo.all || []).each do |repo|
|
165
151
|
line = " - #{repo.name}"
|
166
152
|
line << " (#{repo.path})" if repo.path != repo.name
|
167
|
-
|
153
|
+
puts line
|
168
154
|
end
|
169
155
|
end
|
170
156
|
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
line = "- #{user}"
|
177
|
-
line << " (admin)" if user.admin?
|
178
|
-
$stdout.puts line
|
157
|
+
a.add("ls-groups", "Lists all groups currently managed by gitauth") do |options|
|
158
|
+
GitAuth.prepare
|
159
|
+
puts "Groups:"
|
160
|
+
(GitAuth::Group.all || []).each do |group|
|
161
|
+
puts "- #{group} (#{group.members.empty? ? "no members" : group.members.join(", ")})"
|
179
162
|
end
|
180
163
|
end
|
181
164
|
|
182
|
-
|
183
|
-
|
184
|
-
GitAuth.
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
end
|
165
|
+
a.add("rm-user NAME", "Removes the specified user") do |name, options|
|
166
|
+
GitAuth.prepare
|
167
|
+
user = GitAuth::User.get(name)
|
168
|
+
die! "Unknown user '#{name}'" if user.blank?
|
169
|
+
user.destroy!
|
170
|
+
puts "Removed user '#{name}' - Please note you will manually need to remove this users line from authorized_keys"
|
189
171
|
end
|
190
172
|
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
username = Readline.readline.strip
|
198
|
-
username = "gitauth" if username.empty?
|
199
|
-
$stdout.print "What password would you like to use?: "
|
200
|
-
password = read_password
|
201
|
-
while password.empty?
|
202
|
-
$stdout.print "Please try again, What password would you like to use?: "
|
203
|
-
password = read_password
|
204
|
-
end
|
205
|
-
print "Please enter your password again: "
|
206
|
-
confirmation = read_password
|
207
|
-
while confirmation != password
|
208
|
-
print "Wrong password, please confirm again: "
|
209
|
-
confirmation = read_password
|
210
|
-
end
|
211
|
-
require 'digest/sha2'
|
212
|
-
settings = YAML.load_file(File.join(GitAuth::GITAUTH_DIR, "settings.yml"))
|
213
|
-
settings.merge!({
|
214
|
-
"web_username" => username,
|
215
|
-
"web_password_hash" => Digest::SHA256.hexdigest(password)
|
216
|
-
})
|
217
|
-
File.open(File.join(GitAuth::GITAUTH_DIR, "settings.yml"), "w+") { |f| f.write settings.to_yaml }
|
218
|
-
puts "Username and Password saved."
|
219
|
-
GitAuth.reload_settings!
|
220
|
-
end
|
221
|
-
GitAuth.serve_web!
|
222
|
-
rescue Interrupt
|
223
|
-
exit! 1
|
173
|
+
a.add("rm-repo NAME", "Removes the specified repo") do |name, options|
|
174
|
+
GitAuth.prepare
|
175
|
+
repo = GitAuth::Repo.get(name)
|
176
|
+
die! "Unknown repo '#{name}'" if repo.blank?
|
177
|
+
repo.destroy!
|
178
|
+
puts "Removed repo '#{name}'"
|
224
179
|
end
|
225
180
|
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
end
|
233
|
-
file.close
|
181
|
+
a.add("rm-group NAME", "Removes the specified group") do |name, options|
|
182
|
+
GitAuth.prepare
|
183
|
+
group = GitAuth::Group.get(name)
|
184
|
+
die! "Unknown group '#{name}'" if group.blank?
|
185
|
+
group.destroy!
|
186
|
+
puts "Removed group '#{name}'"
|
234
187
|
end
|
235
188
|
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
line = Readline.readline.strip
|
241
|
-
system "stty echo"
|
242
|
-
print "\n"
|
243
|
-
return line
|
189
|
+
a.add("usage", "Prints out the sample usage instructions") do |options|
|
190
|
+
File.open(GitAuth::BASE_DIR.join("USAGE")) do |f|
|
191
|
+
f.each_line { |line| puts line }
|
192
|
+
end
|
244
193
|
end
|
245
194
|
|
246
|
-
end
|
247
|
-
|
248
|
-
if ARGV.empty?
|
249
|
-
GitAuthRunner.new.help
|
250
|
-
else
|
251
|
-
GitAuthRunner.start
|
252
|
-
end
|
195
|
+
end
|
data/bin/gitauth-shell
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
#--
|
4
4
|
# Copyright (C) 2009 Brown Beagle Software
|
5
|
-
# Copyright (C)
|
5
|
+
# Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
|
6
6
|
#
|
7
7
|
# This program is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Affero General Public License as published by
|
@@ -19,18 +19,11 @@
|
|
19
19
|
#++
|
20
20
|
|
21
21
|
|
22
|
-
|
22
|
+
base = __FILE__
|
23
|
+
# Get out of symlink-hell and then require the gitauth file.
|
24
|
+
base = File.readlink(base) while File.symlink?(base)
|
25
|
+
require File.expand_path(File.join(File.dirname(base), "..", "lib", "gitauth"))
|
23
26
|
|
24
|
-
#
|
25
|
-
|
26
|
-
|
27
|
-
GitAuth.setup!
|
28
|
-
|
29
|
-
# Gitorious does it so I should too!
|
30
|
-
File.umask(0022)
|
31
|
-
|
32
|
-
user_name = ARGV[0]
|
33
|
-
command = ENV["SSH_ORIGINAL_COMMAND"]
|
34
|
-
|
35
|
-
GitAuth::Client.start!(user_name, command)
|
27
|
+
# Start the cli client.
|
28
|
+
GitAuth::Client.start!(ARGV[0], ENV["SSH_ORIGINAL_COMMAND"])
|
36
29
|
|
data/config.ru
ADDED
data/gitauth.gemspec
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = %q{gitauth}
|
5
|
+
s.version = "0.0.4.0"
|
6
|
+
|
7
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
|
+
s.authors = ["Darcy Laycock"]
|
9
|
+
s.date = %q{2009-09-06}
|
10
|
+
s.description = %q{A library to enable per user / group authentication on a read / write basis for git repositories running over ssh}
|
11
|
+
s.email = %q{sutto@sutto.net}
|
12
|
+
s.executables = ["gitauth", "gitauth-shell"]
|
13
|
+
s.files = ["LICENSE", "README.rdoc", "Rakefile", "USAGE", "bin", "bin/gitauth", "bin/gitauth-shell", "config.ru", "gitauth.gemspec", "lib", "lib/gitauth", "lib/gitauth.rb", "lib/gitauth/auth_setup_middleware.rb", "lib/gitauth/client.rb", "lib/gitauth/command.rb", "lib/gitauth/group.rb", "lib/gitauth/message.rb", "lib/gitauth/repo.rb", "lib/gitauth/saveable_class.rb", "lib/gitauth/settings.rb", "lib/gitauth/user.rb", "lib/gitauth/web_app.rb", "public", "public/gitauth.css", "public/gitauth.js", "public/jquery.js", "resources", "resources/messages.yml", "vendor", "views", "views/auth_setup.erb", "views/clone_repo.erb", "views/group.erb", "views/index.erb", "views/layout.erb", "views/repo.erb", "views/user.erb"]
|
14
|
+
s.homepage = %q{http://brownbeagle.com.au/}
|
15
|
+
s.require_paths = ["lib"]
|
16
|
+
s.rubygems_version = %q{1.3.2}
|
17
|
+
s.summary = %q{An authentication manager for Git repositories served over SSH}
|
18
|
+
|
19
|
+
if s.respond_to? :specification_version then
|
20
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
21
|
+
s.specification_version = 3
|
22
|
+
|
23
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
24
|
+
else
|
25
|
+
end
|
26
|
+
else
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
#--
|
2
|
+
# Copyright (C) 2009 Brown Beagle Software
|
3
|
+
# Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
|
4
|
+
#
|
5
|
+
# This program is free software: you can redistribute it and/or modify
|
6
|
+
# it under the terms of the GNU Affero General Public License as published by
|
7
|
+
# the Free Software Foundation, either version 3 of the License, or
|
8
|
+
# (at your option) any later version.
|
9
|
+
#
|
10
|
+
# This program is distributed in the hope that it will be useful,
|
11
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
12
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
13
|
+
# GNU Affero General Public License for more details.
|
14
|
+
#
|
15
|
+
# You should have received a copy of the GNU Affero General Public License
|
16
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
17
|
+
#++
|
18
|
+
|
19
|
+
module GitAuth
|
20
|
+
class AuthSetupMiddleware
|
21
|
+
|
22
|
+
def initialize(app)
|
23
|
+
@app = app
|
24
|
+
@files = Rack::File.new(GitAuth::BASE_DIR.join("public").to_s)
|
25
|
+
end
|
26
|
+
|
27
|
+
def call(env)
|
28
|
+
dup._call(env)
|
29
|
+
end
|
30
|
+
|
31
|
+
def _call(env)
|
32
|
+
if GitAuth::WebApp.has_auth?
|
33
|
+
@app.call(env)
|
34
|
+
elsif env["PATH_INFO"].include?("/gitauth.css")
|
35
|
+
@files.call(env)
|
36
|
+
else
|
37
|
+
content = ERB.new(File.read(GitAuth::BASE_DIR.join("views", "auth_setup.erb"))).result
|
38
|
+
headers = {"Content-Type" => "text/html", "Content-Length" => Rack::Utils.bytesize(content).to_s}
|
39
|
+
[403, headers, [content]]
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
end
|
data/lib/gitauth/client.rb
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
#--
|
2
2
|
# Copyright (C) 2009 Brown Beagle Software
|
3
|
+
# Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
|
3
4
|
# Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies)
|
4
5
|
# Copyright (C) 2007, 2008 Johan Sørensen <johan@johansorensen.com>
|
5
6
|
# Copyright (C) 2008 Tor Arne Vestbø <tavestbo@trolltech.com>
|
6
|
-
# Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
|
7
7
|
#
|
8
8
|
# This program is free software: you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU Affero General Public License as published by
|
@@ -25,14 +25,14 @@ module GitAuth
|
|
25
25
|
attr_accessor :user, :command
|
26
26
|
|
27
27
|
def initialize(user_name, command)
|
28
|
-
GitAuth.
|
28
|
+
GitAuth::Logger.debug "Initializing client with command: #{command.inspect} and user name #{user_name.inspect}"
|
29
29
|
@callbacks = Hash.new { |h,k| h[k] = [] }
|
30
30
|
@user = GitAuth::User.get(user_name.to_s.strip)
|
31
31
|
@command = command
|
32
32
|
end
|
33
33
|
|
34
34
|
def exit_with_error(error)
|
35
|
-
GitAuth.
|
35
|
+
GitAuth::Logger.warn "Exiting with error: #{error}"
|
36
36
|
$stderr.puts error
|
37
37
|
exit! 1
|
38
38
|
end
|
@@ -47,7 +47,7 @@ module GitAuth
|
|
47
47
|
exit_with_error "SSH_ORIGINAL_COMMAND is needed, mmmkay?"
|
48
48
|
end
|
49
49
|
else
|
50
|
-
command = Command.parse
|
50
|
+
command = Command.parse(@command)
|
51
51
|
repo = command.bad? ? nil : Repo.get(extract_repo_name(command))
|
52
52
|
if command.bad?
|
53
53
|
if user.shell_accessible?
|
@@ -59,21 +59,26 @@ module GitAuth
|
|
59
59
|
exit_with_error "Ze repository you specified does not exist."
|
60
60
|
elsif user.can_execute?(command, repo)
|
61
61
|
git_shell_argument = "#{command.verb} '#{repo.real_path}'"
|
62
|
-
GitAuth.
|
62
|
+
GitAuth::Logger.info "Running command: #{git_shell_argument} for user: #{@user.name}"
|
63
63
|
exec("git-shell", "-c", git_shell_argument)
|
64
64
|
else
|
65
65
|
exit_with_error "These are not the droids you are looking for"
|
66
66
|
end
|
67
67
|
end
|
68
68
|
rescue Exception => e
|
69
|
-
GitAuth.
|
69
|
+
GitAuth::Logger.fatal "Exception: #{e.class.name}: #{e.message}"
|
70
70
|
e.backtrace.each do |l|
|
71
|
-
GitAuth.
|
71
|
+
GitAuth::Logger.fatal " => #{l}"
|
72
72
|
end
|
73
73
|
exit_with_error "Holy crap, we've imploded cap'n!"
|
74
74
|
end
|
75
75
|
|
76
76
|
def self.start!(user, command)
|
77
|
+
# Gitorious does it so I should too!
|
78
|
+
File.umask(0022)
|
79
|
+
# Setup models etc
|
80
|
+
GitAuth.prepare
|
81
|
+
# Finally, create and initialize
|
77
82
|
client = self.new(user, command)
|
78
83
|
yield client if block_given?
|
79
84
|
client.run!
|