brownbeagle-gitauth 0.0.3.3 → 0.0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +19 -0
- data/USAGE +1 -1
- data/bin/gitauth +157 -214
- data/bin/gitauth-shell +7 -14
- data/config.ru +5 -0
- data/gitauth.gemspec +28 -0
- data/lib/gitauth/auth_setup_middleware.rb +44 -0
- data/lib/gitauth/client.rb +12 -7
- data/lib/gitauth/command.rb +10 -14
- data/lib/gitauth/group.rb +2 -2
- data/lib/gitauth/message.rb +69 -0
- data/lib/gitauth/repo.rb +52 -33
- data/lib/gitauth/saveable_class.rb +25 -22
- data/lib/gitauth/settings.rb +49 -0
- data/lib/gitauth/user.rb +21 -18
- data/lib/gitauth/web_app.rb +72 -11
- data/lib/gitauth.rb +64 -44
- data/public/gitauth.css +25 -2
- data/resources/messages.yml +9 -0
- data/views/auth_setup.erb +27 -0
- data/views/clone_repo.erb +22 -0
- data/views/layout.erb +1 -1
- metadata +34 -41
data/Rakefile
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'rake'
|
2
|
+
|
3
|
+
task :gemspec do
|
4
|
+
require 'rubygems'
|
5
|
+
require File.join(File.dirname(__FILE__), "lib", "gitauth")
|
6
|
+
spec = Gem::Specification.new do |s|
|
7
|
+
s.name = 'gitauth'
|
8
|
+
s.email = 'sutto@sutto.net'
|
9
|
+
s.homepage = 'http://brownbeagle.com.au/'
|
10
|
+
s.authors = ["Darcy Laycock"]
|
11
|
+
s.version = GitAuth.version
|
12
|
+
s.summary = "An authentication manager for Git repositories served over SSH"
|
13
|
+
s.description = "A library to enable per user / group authentication on a read / write basis for git repositories running over ssh"
|
14
|
+
s.files = (FileList["{bin,lib,public,resources,views}/**/*"].to_a + FileList["*"].to_a).sort
|
15
|
+
s.executables = FileList["bin/*"].to_a.map { |f| File.basename(f) }
|
16
|
+
s.platform = Gem::Platform::RUBY
|
17
|
+
end
|
18
|
+
File.open("gitauth.gemspec", "w+") { |f| f.puts spec.to_ruby }
|
19
|
+
end
|
data/USAGE
CHANGED
@@ -9,7 +9,7 @@ gitauth permissions REPO USERORGROUP [PERMISSION=all,read,write]
|
|
9
9
|
PERMISSION:
|
10
10
|
Default = all
|
11
11
|
The level of permissions you want to give the user or group on the repository in question
|
12
|
-
all = read
|
12
|
+
all = read and write
|
13
13
|
read = the user can see the repository and pull it, but cannot push changes
|
14
14
|
write = user can push changes but can't pull it.
|
15
15
|
|
data/bin/gitauth
CHANGED
@@ -1,252 +1,195 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
require File.join(File.dirname(__FILE__), "..", "lib", "gitauth")
|
2
3
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
#
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
4
|
+
GitAuth::Application.processing(ARGV) do |a|
|
5
|
+
a.banner = "GitAuth v#{GitAuth.version}"
|
6
|
+
|
7
|
+
a.generator!
|
8
|
+
|
9
|
+
a.option(:force, "force the creation of the settings file")
|
10
|
+
a.option(:admin, "pass the path to a ssh public key and it adds a default admin user")
|
11
|
+
a.add("install", "Sets up GitAuth for the current user") do |options|
|
12
|
+
|
13
|
+
setup_generator ".", :silent => true
|
14
|
+
|
15
|
+
# Check for a valid admin key
|
16
|
+
if options.has_key?(:admin) && (!options[:admin].is_a?(String) || !file?(options[:admin]))
|
17
|
+
puts "You provided the admin option but didn't provide it with a path to public key."
|
18
|
+
die! "Please re-run again with a path to a key, e.g. --admin=~/id_rsa.pub"
|
19
|
+
end
|
20
|
+
|
21
|
+
if !yes?("Are you logged in as the correct user?")
|
22
|
+
die!("Please log in as the correct user and re-run")
|
23
|
+
end
|
20
24
|
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
require File.join(File.dirname(__FILE__), "..", "lib", "gitauth")
|
25
|
+
if !GitAuth.has_git?
|
26
|
+
die!("'git' was not found in your path - please install it / add it to your path before continuing.")
|
27
|
+
end
|
25
28
|
|
29
|
+
ssh_folder = "~/.ssh"
|
30
|
+
if !folder?(ssh_folder)
|
31
|
+
folders ssh_folder
|
32
|
+
chmod 0700, ssh_folder
|
33
|
+
end
|
26
34
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
35
|
+
authorized_keys = ssh_folder / "authorized_keys"
|
36
|
+
if !file?(authorized_keys)
|
37
|
+
file authorized_keys, "\n\n## GitAuth - DO NO EDIT BELOW THIS LINE ##\n"
|
38
|
+
chmod 0600, authorized_keys
|
39
|
+
end
|
40
|
+
|
41
|
+
gitauth_folder = "~/.gitauth/"
|
42
|
+
folders gitauth_folder
|
43
|
+
|
44
|
+
settings_file = gitauth_folder / "settings.yml"
|
45
|
+
if !file?(settings_file) || options[:force]
|
46
|
+
repo_path = ask("Where did you want repositories to be stored?", "~/repositories")
|
47
|
+
repo_path = File.expand_path(repo_path)
|
48
|
+
folders repo_path
|
49
|
+
|
50
|
+
default_shell_path = GitAuth::BASE_DIR.join("bin", "gitauth-shell").to_s
|
51
|
+
gitauth_shell_path = ""
|
52
|
+
gitauth_shell_set = false
|
53
|
+
while gitauth_shell_path.blank? || !(file?(gitauth_shell_path) && executable?(gitauth_shell_path))
|
54
|
+
# A Give the user a message if the path doesn't exist.
|
55
|
+
if gitauth_shell_set
|
56
|
+
puts "The shell you provided, #{gitauth_shell_path}, isn't executable"
|
57
|
+
else
|
58
|
+
gitauth_shell_set = true
|
59
|
+
end
|
60
|
+
gitauth_shell_path = ask("What is the path to your gitauth-shell?", default_shell_path)
|
61
|
+
gitauth_shell_path = File.expand_path(gitauth_shell_path)
|
62
|
+
end
|
63
|
+
|
64
|
+
GitAuth::Settings.update!({
|
65
|
+
:base_path => File.expand_path(repo_path),
|
66
|
+
:authorized_keys_file => File.expand_path(authorized_keys),
|
67
|
+
:shell_executable => File.expand_path(gitauth_shell_path)
|
68
|
+
})
|
69
|
+
end
|
70
|
+
|
71
|
+
if options[:admin]
|
72
|
+
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
76
|
+
|
77
|
+
a.controller! :web_app, "Starts the gitauth frontend using the default sintra runner"
|
78
|
+
|
79
|
+
a.option(:force, "Skip the verification / confirmation part of adding the permissions")
|
80
|
+
a.option(:type, "The type of permissions - one of all, read, write or none. Defaults to all")
|
81
|
+
full_desc = "Gives a specific user or group the specified permissions to a given repository - pass '-h' for more information"
|
82
|
+
a.add("permissions REPOSITORY USER-OR-GROUP", full_desc) do |repo, target, options|
|
83
|
+
permissions = options[:type] || 'all'
|
84
|
+
|
85
|
+
if !%w(all read write none).include? permissions
|
86
|
+
die! "'#{permissions}' is not a valid permission type. It must be all, read, write or none"
|
87
|
+
end
|
88
|
+
|
89
|
+
real_permissions = ({"all" => ["read", "write"], "none" => []}[permissions] || [permissions])
|
90
|
+
repository = GitAuth::Repo.get(repo)
|
91
|
+
real_target = GitAuth.get_user_or_group(target)
|
92
|
+
|
93
|
+
die! "Unknown repository '#{repo}'" if repository.blank?
|
94
|
+
die! "Unknown user or group '#{target}'" if real_target.blank?
|
95
|
+
|
96
|
+
if options[:force] || yes?("Adding '#{permissions}' permissions for #{real_target} to #{repository.name}")
|
97
|
+
repository.update_permissions!(real_target, real_permissions)
|
98
|
+
puts "Permissions updated."
|
40
99
|
else
|
41
|
-
|
42
|
-
exit! 1
|
100
|
+
puts "Permissions not added, exiting."
|
43
101
|
end
|
44
102
|
end
|
45
103
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
admin = !!
|
51
|
-
|
52
|
-
|
104
|
+
a.option(:admin, "Makes a user an admin user")
|
105
|
+
a.add("add-user NAME PATH-TO-PUBLIC-KEY", "Creates a user with a given public key") do |name, ssh_key, options|
|
106
|
+
GitAuth.prepare
|
107
|
+
die! "'#{ssh_key}' is not a valid path to a public key" if !File.file?(ssh_key)
|
108
|
+
admin = !!options[:admin]
|
109
|
+
contents = File.read(ssh_key).strip
|
110
|
+
if GitAuth::User.create(name, admin, contents)
|
111
|
+
puts "Successfully added user '#{name}' (user #{admin ? 'is' : 'is not'} an admin)"
|
53
112
|
else
|
54
|
-
|
55
|
-
exit!
|
113
|
+
die! "There was an unknown error attempting to add a user called '#{name}'"
|
56
114
|
end
|
57
115
|
end
|
58
116
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
117
|
+
a.add("add-repo NAME [PATH=NAME]", "Creates a named repository, with an optional path on the file system") do |name, *args|
|
118
|
+
GitAuth.prepare
|
119
|
+
options = args.extract_options!
|
120
|
+
path = (args.shift || name)
|
121
|
+
if GitAuth::Repo.create(name, path)
|
122
|
+
puts "Successfully created repository '#{name}' located at '#{path}'"
|
64
123
|
else
|
65
|
-
|
66
|
-
exit! 1
|
124
|
+
die! "Unable to create repository '#{name}' in location '#{path}'"
|
67
125
|
end
|
68
126
|
end
|
69
127
|
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
exit! 1
|
78
|
-
end
|
79
|
-
repo = GitAuth::Repo.get(repo)
|
80
|
-
uog = GitAuth.get_user_or_group(user_or_group)
|
81
|
-
if repo.nil? || uog.nil?
|
82
|
-
$stderr.puts "Invalid repository or user, please check the name"
|
83
|
-
exit! 1
|
84
|
-
end
|
85
|
-
repo.writeable_by(uog) if %w(all write).include?(permissions)
|
86
|
-
repo.readable_by(uog) if %w(all read).include?(permissions)
|
87
|
-
GitAuth::Repo.save!
|
88
|
-
$stdout.puts "Permissions Added"
|
128
|
+
a.add("add-group NAME", "Creates a group with a given name") do |name, options|
|
129
|
+
GitAuth.prepare
|
130
|
+
if GitAuth::Group.create(name)
|
131
|
+
puts "Successfully created group '#{name}'"
|
132
|
+
else
|
133
|
+
die! "Unable to create group '#{name}'"
|
134
|
+
end
|
89
135
|
end
|
90
136
|
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
exit! 1
|
99
|
-
end
|
100
|
-
if !GitAuth.has_git?
|
101
|
-
$stderr.puts "'git' was not found in your path - please install it before continuing."
|
102
|
-
exit! 1
|
103
|
-
end
|
104
|
-
require 'fileutils'
|
105
|
-
folder = File.expand_path("~/.ssh")
|
106
|
-
if !File.exist?(folder) || !File.directory?(folder)
|
107
|
-
FileUtils.mkdir(folder)
|
108
|
-
FileUtils.chmod(0700, folder)
|
109
|
-
end
|
110
|
-
authorized_keys = File.join(folder, "authorized_keys")
|
111
|
-
if !File.exist?(authorized_keys)
|
112
|
-
File.open(authorized_keys, "w+") do |f|
|
113
|
-
f.puts "## GitAuth - DO NO EDIT BELOW THIS LINE ##"
|
114
|
-
end
|
115
|
-
FileUtils.chmod(0600, authorized_keys)
|
116
|
-
end
|
117
|
-
gitauth_folder = File.expand_path("~/.gitauth/")
|
118
|
-
FileUtils.mkdir(gitauth_folder) if !File.exist?(gitauth_folder) || !File.directory?(gitauth_folder)
|
119
|
-
gitauth_settings_path = File.join(gitauth_folder, "settings.yml")
|
120
|
-
unless File.exist?(gitauth_settings_path) || (options && options[:force_config])
|
121
|
-
print "Where did you want repositories to be stored? (default: ~/repositories/): "
|
122
|
-
path = Readline.readline.strip
|
123
|
-
path = File.expand_path("~/repositories") if path.empty?
|
124
|
-
begin
|
125
|
-
FileUtils.mkdir_p(path)
|
126
|
-
rescue
|
127
|
-
$stderr.puts "There was an error making the repository folder: #{path}"
|
128
|
-
$stderr.puts "Please check again"
|
129
|
-
exit! 1
|
130
|
-
end
|
131
|
-
current_gitauth_shell_path = File.join(GitAuth::BASE_DIR, "bin", "gitauth-shell")
|
132
|
-
$stdout.print "What is the path to your gitauth-shell (default: '#{current_gitauth_shell_path}'): "
|
133
|
-
gitauth_shell_path = Readline.readline
|
134
|
-
gitauth_shell_path = current_gitauth_shell_path if gitauth_shell_path.empty?
|
135
|
-
File.open(gitauth_settings_path, "w+") do |f|
|
136
|
-
f.write({
|
137
|
-
"base_path" => path,
|
138
|
-
"authorized_keys_file" => authorized_keys,
|
139
|
-
"shell_executable" => gitauth_shell_path
|
140
|
-
}.to_yaml)
|
141
|
-
end
|
142
|
-
if !public_key_path.nil? && File.exist?(public_key_path)
|
143
|
-
GitAuth.setup!
|
144
|
-
created = GitAuth::User.create("admin", true, File.read(public_key_path).strip)
|
145
|
-
if created
|
146
|
-
$stdout.puts "Admin User Created."
|
147
|
-
else
|
148
|
-
$stderr.puts "An admin user couldn't be created."
|
149
|
-
exit! 1
|
150
|
-
end
|
151
|
-
end
|
137
|
+
a.add("ls-users", "Lists all users currently managed by gitauth") do |options|
|
138
|
+
GitAuth.prepare
|
139
|
+
puts "Users:"
|
140
|
+
(GitAuth::User.all || []).each do |user|
|
141
|
+
line = "- #{user}"
|
142
|
+
line << " (admin)" if user.admin?
|
143
|
+
puts line
|
152
144
|
end
|
153
|
-
rescue Errno::EACCES
|
154
|
-
$stderr.puts "Hey, it looks you don't have access to that - sorry!"
|
155
|
-
exit! 1
|
156
145
|
end
|
157
146
|
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
GitAuth.setup!
|
163
|
-
$stdout.puts "Repositories:"
|
164
|
-
GitAuth::Repo.all.each do |repo|
|
147
|
+
a.add("ls-repos", "Lists all repositories currently managed by gitauth") do |options|
|
148
|
+
GitAuth.prepare
|
149
|
+
puts "Repositories:"
|
150
|
+
(GitAuth::Repo.all || []).each do |repo|
|
165
151
|
line = " - #{repo.name}"
|
166
152
|
line << " (#{repo.path})" if repo.path != repo.name
|
167
|
-
|
153
|
+
puts line
|
168
154
|
end
|
169
155
|
end
|
170
156
|
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
line = "- #{user}"
|
177
|
-
line << " (admin)" if user.admin?
|
178
|
-
$stdout.puts line
|
157
|
+
a.add("ls-groups", "Lists all groups currently managed by gitauth") do |options|
|
158
|
+
GitAuth.prepare
|
159
|
+
puts "Groups:"
|
160
|
+
(GitAuth::Group.all || []).each do |group|
|
161
|
+
puts "- #{group} (#{group.members.empty? ? "no members" : group.members.join(", ")})"
|
179
162
|
end
|
180
163
|
end
|
181
164
|
|
182
|
-
|
183
|
-
|
184
|
-
GitAuth.
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
end
|
165
|
+
a.add("rm-user NAME", "Removes the specified user") do |name, options|
|
166
|
+
GitAuth.prepare
|
167
|
+
user = GitAuth::User.get(name)
|
168
|
+
die! "Unknown user '#{name}'" if user.blank?
|
169
|
+
user.destroy!
|
170
|
+
puts "Removed user '#{name}' - Please note you will manually need to remove this users line from authorized_keys"
|
189
171
|
end
|
190
172
|
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
username = Readline.readline.strip
|
198
|
-
username = "gitauth" if username.empty?
|
199
|
-
$stdout.print "What password would you like to use?: "
|
200
|
-
password = read_password
|
201
|
-
while password.empty?
|
202
|
-
$stdout.print "Please try again, What password would you like to use?: "
|
203
|
-
password = read_password
|
204
|
-
end
|
205
|
-
print "Please enter your password again: "
|
206
|
-
confirmation = read_password
|
207
|
-
while confirmation != password
|
208
|
-
print "Wrong password, please confirm again: "
|
209
|
-
confirmation = read_password
|
210
|
-
end
|
211
|
-
require 'digest/sha2'
|
212
|
-
settings = YAML.load_file(File.join(GitAuth::GITAUTH_DIR, "settings.yml"))
|
213
|
-
settings.merge!({
|
214
|
-
"web_username" => username,
|
215
|
-
"web_password_hash" => Digest::SHA256.hexdigest(password)
|
216
|
-
})
|
217
|
-
File.open(File.join(GitAuth::GITAUTH_DIR, "settings.yml"), "w+") { |f| f.write settings.to_yaml }
|
218
|
-
puts "Username and Password saved."
|
219
|
-
GitAuth.reload_settings!
|
220
|
-
end
|
221
|
-
GitAuth.serve_web!
|
222
|
-
rescue Interrupt
|
223
|
-
exit! 1
|
173
|
+
a.add("rm-repo NAME", "Removes the specified repo") do |name, options|
|
174
|
+
GitAuth.prepare
|
175
|
+
repo = GitAuth::Repo.get(name)
|
176
|
+
die! "Unknown repo '#{name}'" if repo.blank?
|
177
|
+
repo.destroy!
|
178
|
+
puts "Removed repo '#{name}'"
|
224
179
|
end
|
225
180
|
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
end
|
233
|
-
file.close
|
181
|
+
a.add("rm-group NAME", "Removes the specified group") do |name, options|
|
182
|
+
GitAuth.prepare
|
183
|
+
group = GitAuth::Group.get(name)
|
184
|
+
die! "Unknown group '#{name}'" if group.blank?
|
185
|
+
group.destroy!
|
186
|
+
puts "Removed group '#{name}'"
|
234
187
|
end
|
235
188
|
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
line = Readline.readline.strip
|
241
|
-
system "stty echo"
|
242
|
-
print "\n"
|
243
|
-
return line
|
189
|
+
a.add("usage", "Prints out the sample usage instructions") do |options|
|
190
|
+
File.open(GitAuth::BASE_DIR.join("USAGE")) do |f|
|
191
|
+
f.each_line { |line| puts line }
|
192
|
+
end
|
244
193
|
end
|
245
194
|
|
246
|
-
end
|
247
|
-
|
248
|
-
if ARGV.empty?
|
249
|
-
GitAuthRunner.new.help
|
250
|
-
else
|
251
|
-
GitAuthRunner.start
|
252
|
-
end
|
195
|
+
end
|
data/bin/gitauth-shell
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
#--
|
4
4
|
# Copyright (C) 2009 Brown Beagle Software
|
5
|
-
# Copyright (C)
|
5
|
+
# Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
|
6
6
|
#
|
7
7
|
# This program is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Affero General Public License as published by
|
@@ -19,18 +19,11 @@
|
|
19
19
|
#++
|
20
20
|
|
21
21
|
|
22
|
-
|
22
|
+
base = __FILE__
|
23
|
+
# Get out of symlink-hell and then require the gitauth file.
|
24
|
+
base = File.readlink(base) while File.symlink?(base)
|
25
|
+
require File.expand_path(File.join(File.dirname(base), "..", "lib", "gitauth"))
|
23
26
|
|
24
|
-
#
|
25
|
-
|
26
|
-
|
27
|
-
GitAuth.setup!
|
28
|
-
|
29
|
-
# Gitorious does it so I should too!
|
30
|
-
File.umask(0022)
|
31
|
-
|
32
|
-
user_name = ARGV[0]
|
33
|
-
command = ENV["SSH_ORIGINAL_COMMAND"]
|
34
|
-
|
35
|
-
GitAuth::Client.start!(user_name, command)
|
27
|
+
# Start the cli client.
|
28
|
+
GitAuth::Client.start!(ARGV[0], ENV["SSH_ORIGINAL_COMMAND"])
|
36
29
|
|
data/config.ru
ADDED
data/gitauth.gemspec
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = %q{gitauth}
|
5
|
+
s.version = "0.0.4.0"
|
6
|
+
|
7
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
|
+
s.authors = ["Darcy Laycock"]
|
9
|
+
s.date = %q{2009-09-06}
|
10
|
+
s.description = %q{A library to enable per user / group authentication on a read / write basis for git repositories running over ssh}
|
11
|
+
s.email = %q{sutto@sutto.net}
|
12
|
+
s.executables = ["gitauth", "gitauth-shell"]
|
13
|
+
s.files = ["LICENSE", "README.rdoc", "Rakefile", "USAGE", "bin", "bin/gitauth", "bin/gitauth-shell", "config.ru", "gitauth.gemspec", "lib", "lib/gitauth", "lib/gitauth.rb", "lib/gitauth/auth_setup_middleware.rb", "lib/gitauth/client.rb", "lib/gitauth/command.rb", "lib/gitauth/group.rb", "lib/gitauth/message.rb", "lib/gitauth/repo.rb", "lib/gitauth/saveable_class.rb", "lib/gitauth/settings.rb", "lib/gitauth/user.rb", "lib/gitauth/web_app.rb", "public", "public/gitauth.css", "public/gitauth.js", "public/jquery.js", "resources", "resources/messages.yml", "vendor", "views", "views/auth_setup.erb", "views/clone_repo.erb", "views/group.erb", "views/index.erb", "views/layout.erb", "views/repo.erb", "views/user.erb"]
|
14
|
+
s.homepage = %q{http://brownbeagle.com.au/}
|
15
|
+
s.require_paths = ["lib"]
|
16
|
+
s.rubygems_version = %q{1.3.2}
|
17
|
+
s.summary = %q{An authentication manager for Git repositories served over SSH}
|
18
|
+
|
19
|
+
if s.respond_to? :specification_version then
|
20
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
21
|
+
s.specification_version = 3
|
22
|
+
|
23
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
24
|
+
else
|
25
|
+
end
|
26
|
+
else
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
#--
|
2
|
+
# Copyright (C) 2009 Brown Beagle Software
|
3
|
+
# Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
|
4
|
+
#
|
5
|
+
# This program is free software: you can redistribute it and/or modify
|
6
|
+
# it under the terms of the GNU Affero General Public License as published by
|
7
|
+
# the Free Software Foundation, either version 3 of the License, or
|
8
|
+
# (at your option) any later version.
|
9
|
+
#
|
10
|
+
# This program is distributed in the hope that it will be useful,
|
11
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
12
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
13
|
+
# GNU Affero General Public License for more details.
|
14
|
+
#
|
15
|
+
# You should have received a copy of the GNU Affero General Public License
|
16
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
17
|
+
#++
|
18
|
+
|
19
|
+
module GitAuth
|
20
|
+
class AuthSetupMiddleware
|
21
|
+
|
22
|
+
def initialize(app)
|
23
|
+
@app = app
|
24
|
+
@files = Rack::File.new(GitAuth::BASE_DIR.join("public").to_s)
|
25
|
+
end
|
26
|
+
|
27
|
+
def call(env)
|
28
|
+
dup._call(env)
|
29
|
+
end
|
30
|
+
|
31
|
+
def _call(env)
|
32
|
+
if GitAuth::WebApp.has_auth?
|
33
|
+
@app.call(env)
|
34
|
+
elsif env["PATH_INFO"].include?("/gitauth.css")
|
35
|
+
@files.call(env)
|
36
|
+
else
|
37
|
+
content = ERB.new(File.read(GitAuth::BASE_DIR.join("views", "auth_setup.erb"))).result
|
38
|
+
headers = {"Content-Type" => "text/html", "Content-Length" => Rack::Utils.bytesize(content).to_s}
|
39
|
+
[403, headers, [content]]
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
end
|
data/lib/gitauth/client.rb
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
#--
|
2
2
|
# Copyright (C) 2009 Brown Beagle Software
|
3
|
+
# Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
|
3
4
|
# Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies)
|
4
5
|
# Copyright (C) 2007, 2008 Johan Sørensen <johan@johansorensen.com>
|
5
6
|
# Copyright (C) 2008 Tor Arne Vestbø <tavestbo@trolltech.com>
|
6
|
-
# Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
|
7
7
|
#
|
8
8
|
# This program is free software: you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU Affero General Public License as published by
|
@@ -25,14 +25,14 @@ module GitAuth
|
|
25
25
|
attr_accessor :user, :command
|
26
26
|
|
27
27
|
def initialize(user_name, command)
|
28
|
-
GitAuth.
|
28
|
+
GitAuth::Logger.debug "Initializing client with command: #{command.inspect} and user name #{user_name.inspect}"
|
29
29
|
@callbacks = Hash.new { |h,k| h[k] = [] }
|
30
30
|
@user = GitAuth::User.get(user_name.to_s.strip)
|
31
31
|
@command = command
|
32
32
|
end
|
33
33
|
|
34
34
|
def exit_with_error(error)
|
35
|
-
GitAuth.
|
35
|
+
GitAuth::Logger.warn "Exiting with error: #{error}"
|
36
36
|
$stderr.puts error
|
37
37
|
exit! 1
|
38
38
|
end
|
@@ -47,7 +47,7 @@ module GitAuth
|
|
47
47
|
exit_with_error "SSH_ORIGINAL_COMMAND is needed, mmmkay?"
|
48
48
|
end
|
49
49
|
else
|
50
|
-
command = Command.parse
|
50
|
+
command = Command.parse(@command)
|
51
51
|
repo = command.bad? ? nil : Repo.get(extract_repo_name(command))
|
52
52
|
if command.bad?
|
53
53
|
if user.shell_accessible?
|
@@ -59,21 +59,26 @@ module GitAuth
|
|
59
59
|
exit_with_error "Ze repository you specified does not exist."
|
60
60
|
elsif user.can_execute?(command, repo)
|
61
61
|
git_shell_argument = "#{command.verb} '#{repo.real_path}'"
|
62
|
-
GitAuth.
|
62
|
+
GitAuth::Logger.info "Running command: #{git_shell_argument} for user: #{@user.name}"
|
63
63
|
exec("git-shell", "-c", git_shell_argument)
|
64
64
|
else
|
65
65
|
exit_with_error "These are not the droids you are looking for"
|
66
66
|
end
|
67
67
|
end
|
68
68
|
rescue Exception => e
|
69
|
-
GitAuth.
|
69
|
+
GitAuth::Logger.fatal "Exception: #{e.class.name}: #{e.message}"
|
70
70
|
e.backtrace.each do |l|
|
71
|
-
GitAuth.
|
71
|
+
GitAuth::Logger.fatal " => #{l}"
|
72
72
|
end
|
73
73
|
exit_with_error "Holy crap, we've imploded cap'n!"
|
74
74
|
end
|
75
75
|
|
76
76
|
def self.start!(user, command)
|
77
|
+
# Gitorious does it so I should too!
|
78
|
+
File.umask(0022)
|
79
|
+
# Setup models etc
|
80
|
+
GitAuth.prepare
|
81
|
+
# Finally, create and initialize
|
77
82
|
client = self.new(user, command)
|
78
83
|
yield client if block_given?
|
79
84
|
client.run!
|