devise_g5_authenticatable 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9e6178bfffa50bb6940208406f65192bc3fa8e8e
+  data.tar.gz: 36ae13c7b26dfc6af43a26cb6c22f36e0c93e2a9
+SHA512:
+  metadata.gz: cd3303525818dea3add1c492fd6dc45500240fb308d1f098dae9966601735bb730ddb93f646cef8c9bdcaf35f31b8d878d2a288074fd8a5925a68b52bf772713
+  data.tar.gz: 4656dcac40c6697ab9bc249660848bd207b5a8f948c85b1ba3b9c6f2c8ec89ae312e604eec5f5dd86e15515820fb00d70d131d39f1332019173e7d7cbdb83ae0

data/.gitignore

@@ -0,0 +1,21 @@
+.DS_Store
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+Gemfile.lock
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+spec/dummy/config/database.yml
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/.ruby-version

@@ -0,0 +1 @@
+2.1.0

data/CHANGELOG.md

@@ -0,0 +1,25 @@
+## v0.1.0 (2014-03-12)
+
+* Move `rake g5:export_users` from
+  [omniauth-g5](https://github.com/g5search/omniauth-g5)
+* First open source release to [RubyGems](https://rubygems.org)
+
+## v0.0.4 (2014-02-26)
+
+* Use the main app's root path (necessary when mounted inside another Rails
+  engine with `isolate_namespace`)
+
+## v0.0.3 (2014-02-10)
+
+* Bug fix: fix type conversion errors against PostgreSQL. Assume that model
+`provider` and `uid` are stored as strings.
+
+## v0.0.2 (2014-02-05)
+
+* Bug fix: conditionally require model-level mass assignment logic
+  (e.g. `attr_accessible`) so that the gem can be used in either Rails 3.2 or
+  Rails 4.
+
+## v0.0.1 (2014-02-04)
+
+* Initial release

data/Gemfile

@@ -0,0 +1,23 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devise_g5_authenticatable.gemspec
+gemspec
+
+# Dependencies for the dummy test app
+gem 'rails', '~> 3.2.15'
+gem 'jquery-rails'
+gem 'pg'
+
+group :test, :development do
+  gem 'rspec-rails', '~> 2.14'
+  gem 'pry'
+end
+
+group :test do
+  gem 'capybara'
+  gem 'simplecov'
+  gem 'codeclimate-test-reporter'
+  gem 'webmock'
+  gem 'shoulda-matchers'
+  gem 'factory_girl_rails', '~> 4.3', require: false
+end

data/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 G5
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,243 @@
+# Devise G5 Authenticatable
+
+Devise G5 Authenticatable extends devise to provide an
+[OAuth 2.0](http://oauth.net/2)-based authentication strategy and remote 
+credential management via the G5 Auth service.
+
+Devise G5 Authenticatable is intended as a drop-in replacement for the
+Database Authenticatable module, in order to support single sign-on for
+G5 users.
+
+## Current Version
+
+0.1.0
+
+## Requirements
+
+* [Ruby](https://github.com/ruby/ruby) >= 1.9.3
+* [Rails](https://github.com/rails/rails) >= 3.2
+* [Devise](https://github.com/plataformatec/devise) ~> 3.0
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'devise_g5_authenticatable'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install devise_g5_authenticatable
+
+## Usage
+
+### Registering your OAuth application
+
+1. Visit the [auth server admin console](https://auth.g5search.com/admin)
+   and login.
+2. Click "New Application"
+3. Enter a name that recognizably identifies your application.
+4. Enter the redirect URI where the auth server should redirect
+   after the user successfully authenticates. It will generally be
+   of the form `http://<apphost>/<devise_path>/auth/g5/callback`.
+
+   For non-production environments, this redirect URI does not have to
+   be publicly accessible, but it must be accessible from the browser
+   where you will be testing (so using something like
+   http://localhost:3000/users/auth/g5/callback is fine if your browser
+   and client application server are both local).
+5. For a trusted G5 application, check the "Auto-authorize?" checkbox. This
+   skips the OAuth authorization step where the user is prompted to explicitly
+   authorize the client application to access the user's data.
+6. Click "Submit" to obtain the client application's credentials.
+
+### Environment variables
+
+Once you have your OAuth 2.0 credentials, you'll need to set the following
+environment variables for your client application:
+
+* `G5_AUTH_CLIENT_ID` - the OAuth 2.0 application ID from the auth server
+* `G5_AUTH_CLIENT_SECRET` - the OAuth 2.0 application secret from the auth server
+* `G5_AUTH_REDIRECT_URI` - the OAuth 2.0 redirect URI registered with the auth server
+* `G5_AUTH_ENDPOINT` - the endpoint URL for the G5 auth server
+
+### Configuration
+
+In `config/initializers/devise.rb`, add the following:
+
+```ruby
+Devise.setup do |config|
+  # ...
+  config.omniauth :g5, ENV['G5_AUTH_CLIENT_ID'], ENV['G5_AUTH_CLIENT_SECRET'],
+              client_options: {site: ENV['G5_AUTH_ENDPOINT']}
+end
+```
+
+Create `config/initializers/g5_auth.rb` with the following:
+
+```ruby
+G5AuthenticationClient.configure do |defaults|
+  defaults.client_id = ENV['G5_AUTH_CLIENT_ID']
+  defaults.client_secret = ENV['G5_AUTH_CLIENT_SECRET']
+  defaults.redirect_uri = ENV['G5_AUTH_REDIRECT_URI']
+  defaults.endpoint = ENV['G5_AUTH_ENDPOINT']
+end
+```
+
+### Controller filters and helpers
+
+To require authentication for a controller, use one of devise's generated
+before_filters. For example:
+
+```ruby
+before_filter :authenticate_user!
+```
+
+All of [devise's controller helpers](https://github.com/plataformatec/devise#controller-filters-and-helpers)
+are available inside a controller. To access the model for the signed-in user:
+
+```ruby
+current_user
+```
+
+To check if there is a user signed in:
+
+```ruby
+user_signed_in?
+```
+
+To access the scoped session:
+
+```ruby
+user_session
+```
+
+### Route helpers
+
+This gem will generate devise's usual route helpers for session management.
+For example, if you have configured devise with a `:user` scope, you will have
+the following helpers:
+
+```ruby
+new_user_session_path
+new_session_path(:user)
+
+destroy_user_session_path
+destroy_session_path(:user)
+```
+
+The gem also provides routes for OmniAuth's integration points, although you
+will rarely need to call these directly:
+
+```ruby
+user_g5_authorize_path
+g5_authorize_path(:user)
+
+user_g5_callback_path
+g5_callback_path(:user)
+```
+
+### Configuring the model
+
+In your User model (or whatever model you've configured for use with devise):
+
+```ruby
+class User < ActiveRecord::Base
+  devise :g5_authenticatable # plus whatever other devise modules you'd like
+end
+```
+
+### Configuring a custom controller
+
+You can use `devise_for` to hook in a custom controller in your routes,
+[the same way as devise](https://github.com/plataformatec/devise#configuring-controllers):
+
+```ruby
+devise_for :admins, controllers: {sessions: 'admins/sessions'}
+```
+
+If you need to override the sessions controller, remember to extend the correct
+base class:
+
+```ruby
+class Admins::SessionsController < DeviseG5Authenticatable::SessionsController
+end
+```
+
+### Strong Parameters
+
+If installed in a Rails 4 application, this gem will automatically use
+[devise's parameter sanitizer](https://github.com/plataformatec/devise#strong-parameters)
+logic. Under Rails 3.2.x, it will make the appropriate calls to
+`attr_accessible` in the model.
+
+If you are using Rails 4 in conjunction with the
+[protected_attributes](https://github.com/rails/protected_attributes) gem, you
+will need to insert the following in your `config/initializers/devise.rb`:
+
+```ruby
+require 'devise_g5_authenticatable/models/protected_attributes'
+```
+
+## Examples
+
+Currently, the best source of example code is in the [test Rails
+application](spec/dummy) used for integration testing.
+
+## Authors
+
+ * Maeve Revels / [@maeve](https://github.com/maeve)
+
+## Contributing
+
+1. Fork it
+2. Get it running (see Installation above)
+3. Create your feature branch (`git checkout -b my-new-feature`)
+4. Write your code and **specs**
+5. Commit your changes (`git commit -am 'Add some feature'`)
+6. Push to the branch (`git push origin my-new-feature`)
+7. Create new Pull Request
+
+If you find bugs, have feature requests or questions, please
+[file an issue](https://github.com/G5/devise_g5_authenticatable/issues).
+
+### Specs
+
+Before running the specs for the first time, you will need to initialize the
+database for the test Rails application:
+
+    $ cp spec/dummy/config/database.yml.sample spec/dummy/config/database.yml
+    $ RAILS_ENV=test bundle exec rake app:db:setup
+
+
+To execute the entire test suite:
+
+    $ bundle exec rspec spec
+
+## License
+
+Copyright (c) 2013 G5
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,20 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+Dir[File.join(File.dirname(__FILE__), 'tasks/**/*.rake')].each { |f| load f }
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+task :default => :spec

data/app/controllers/devise_g5_authenticatable/registrations_controller.rb

@@ -0,0 +1,5 @@
+module DeviseG5Authenticatable
+  class RegistrationsController < Devise::RegistrationsController
+    rescue_from ActiveRecord::RecordNotSaved, with: :handle_resource_error
+  end
+end

data/app/controllers/devise_g5_authenticatable/sessions_controller.rb

@@ -0,0 +1,58 @@
+module DeviseG5Authenticatable
+  class SessionsController < Devise::OmniauthCallbacksController
+    prepend_before_filter :require_no_authentication, only: [:new, :create]
+
+    def new
+      redirect_to g5_authorize_path(resource_name)
+    end
+
+    def omniauth_passthru
+      render status: 404, text: 'Authentication passthru.'
+    end
+
+    def create
+      self.resource = resource_class.find_and_update_for_g5_oauth(auth_data)
+      resource ? sign_in_resource : register_resource
+    end
+
+    def destroy
+      signed_in_resource.revoke_g5_credentials!
+      local_sign_out
+      remote_sign_out
+    end
+
+    protected
+    def auth_data
+      @auth_data ||= request.env['omniauth.auth']
+      session['omniauth.auth'] = @auth_data
+    end
+
+    def sign_in_resource
+      set_flash_message(:notice, :signed_in) if is_navigational_format?
+      sign_in_and_redirect(resource)
+    end
+
+    def register_resource
+      set_flash_message(:alert, :not_found) if is_navigational_format?
+      redirect_to(new_registration_path(resource_name))
+    end
+
+    def local_sign_out
+      Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
+    end
+
+    def remote_sign_out
+      redirect_url =  URI.join(request.base_url,
+                               after_sign_out_path_for(resource_name))
+      redirect_to auth_client.sign_out_url(redirect_url.to_s)
+    end
+
+    def auth_client
+      G5AuthenticationClient::Client.new
+    end
+
+    def after_omniauth_failure_path_for(scope)
+      main_app.root_path
+    end
+  end
+end

data/circle.yml

@@ -0,0 +1,4 @@
+database:
+  override:
+    - cp spec/dummy/config/database.yml.ci spec/dummy/config/database.yml
+    - RAILS_ENV=test rake app:db:setup