g5_authenticatable 0.9.1.pre.2 → 1.0.0.pre.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e4ea16474bb9af27d71cc19d0860500e289b1183
-  data.tar.gz: 888f2f21d3516ef5832df070d3da0c193c9bb8f8
+  metadata.gz: a76fa37dacb1777aa7e76189bf050ffdae4bab7a
+  data.tar.gz: e323ad93ec0f5f40500e999c5303828b4f7070c0
 SHA512:
-  metadata.gz: a1390a2a326b668987b0b1dd78a8a131b24f4a092f746776605dbfde284aabe7df899d9507d76ec170980510f293453042864183576054edc5e770e5270e05c9
-  data.tar.gz: fc5a84542730f57401d3080e6fb8682a7b5f6cac0c00bdb31281a4424ab57b37420de941cfed4d7931749d7b3e34790243934e90f5f847c158ff046356fcfd56
+  metadata.gz: 83e1c15d70f574298141c0515335fe6bb7d3e9dd31c356b8dec6aba013209a3b6e1423b23ed366307c84bd53e25a35eb5eb7ddd0b2a7565b8e908b65861bb5f7
+  data.tar.gz: c1117229b44ca11584355e70c4262d023f708e1b604cd8f6de1fed0c064aff583668184dd064dad172c5aff717d1e671934b4c3d47f29f9480f6f2d1f69d4530

data/.gitignore

@@ -5,6 +5,7 @@
 .config
 .yardoc
 Gemfile.lock
+gemfiles/*.gemfile.lock
 InstalledFiles
 _yardoc
 coverage

data/.ruby-version

@@ -1 +1 @@
-2.1.2
+2.3.4

data/.travis.yml

@@ -1,18 +1,32 @@
 language: ruby
 rvm:
-  - 2.0.0
-  - 2.1
-  - 2.2
+  - 2.2.7
+  - 2.3.4
+  - 2.4.1
+gemfile:
+  - gemfiles/rails_4.1.gemfile
+  - gemfiles/rails_4.2.gemfile
+  - gemfiles/rails_5.0.gemfile
+  - gemfiles/rails_5.1.gemfile
+matrix:
+  exclude:
+    - rvm: 2.4.1
+      gemfile: gemfiles/rails_4.1.gemfile
+  allow_failures:
+    - rvm: 2.4.1
+dist: trusty
+sudo: false
+cache:
+  bundler: true
 before_install:
   - gem install bundler
-script:
-  - RAILS_ENV=test bundle exec rake app:db:setup
-  - bundle exec rspec spec
 before_script:
   - cp spec/dummy/config/database.yml.ci spec/dummy/config/database.yml
-  - psql -c 'create database g5_authenticatable_test;' -U postgres
+  - RAILS_ENV=test bundle exec rake app:db:create app:db:migrate
+script:
+  - bundle exec rspec spec
+after_script:
+  - RAILS_ENV=test bundle exec rake app:db:drop
 env:
   global:
     - DEVISE_SECRET_KEY=foo
-addons:
-  postgresql: "9.2"

data/Appraisals

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+appraise 'rails-4.1' do
+  gem 'rails', '~> 4.1.16'
+end
+
+appraise 'rails-4.2' do
+  gem 'rails', '~> 4.2.8'
+end
+
+appraise 'rails-5.0' do
+  gem 'rails', '~> 5.0.3'
+end
+
+appraise 'rails-5.1' do
+  gem 'rails', '~> 5.1.1'
+end

data/CHANGELOG.md

@@ -1,3 +1,17 @@
+## v1.0.0.pre.1 (TBD)
+
+* **Backwards incompatible changes**
+  * Dropped support for rails < 4.1
+  * The `:g5_authenticatable_user` factory no longer assigns a default role to
+  the user. If you specifically need a user with a global viewer role, use the
+  new `:g5_authenticatable_viewer` factory instead.
+* Bug fixes
+  * Fixed problem with route generation in devise failure app
+* Deprecations
+  * The `has_global_role?` method on `G5Authenticatable::BasePolicy` and
+  `G5Authenticatable::BasePolicy::BaseScope` has been deprecated in favor of
+  `global_role?`
+
 ## v0.9.0 (2016-11-03)
 
 * Refactor custom mapping logic into devise_g5_authenticatable callbacks

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 # Declare your gem's dependencies in g5_authenticatable.gemspec.
@@ -6,35 +8,30 @@ source 'https://rubygems.org'
 gemspec
 
 # Gems used by the dummy application
-gem 'rails', '4.2.0'
+gem 'active_model_serializers', '<= 0.10.0' # For compatibility with ruby 2.0.0
+gem 'grape'
 gem 'jquery-rails'
 gem 'pg'
-gem 'grape'
-gem 'active_model_serializers', '<= 0.10.0' # For compatibility with ruby 2.0.0
+gem 'rails', '~> 5.1.1'
 
 group :test, :development do
-  gem 'rspec-rails', '~> 3.1'
-  gem 'pry-byebug'
+  gem 'appraisal'
   gem 'dotenv-rails'
+  gem 'pry-byebug'
+  gem 'rspec-rails', '~> 3.6'
   gem 'web-console', '~> 2.0'
 end
 
 group :test do
   gem 'capybara'
-  gem 'factory_girl_rails', '~> 4.3', require: false
-  gem 'simplecov', require: false
-  gem 'codeclimate-test-reporter', require: false
-  gem 'webmock'
-  gem 'shoulda-matchers', '~> 2.6'
+  gem 'codeclimate-test-reporter'
   gem 'generator_spec'
-  gem 'rspec-http', require: 'rspec/http'
   gem 'rspec-activemodel-mocks'
+  gem 'shoulda-matchers', '~> 3.1'
+  gem 'simplecov', require: false
 end
 
 # Declare any dependencies that are still in development here instead of in
 # your gemspec. These might include edge Rails or gems from your path or
 # Git. Remember to move these dependencies to your gemspec before releasing
 # your gem to rubygems.org.
-
-# To use debugger
-# gem 'debugger'

data/README.md

@@ -18,11 +18,11 @@ library in isolation.
 
 ## Current Version
 
-0.9.0
+1.0.0.pre.1
 
 ## Requirements
 
-* [rails](https://github.com/rails/rails) >= 3.2
+* [rails](https://github.com/rails/rails) >= 4.1
 
 ## Installation
 
@@ -68,7 +68,7 @@ Devise requires you to define a root route in your application's
 `config/routes.rb`. For example:
 
 ```ruby
-root :to => 'home#index'
+root to: 'home#index'
 ```
 
 ### Registering your OAuth application
@@ -133,10 +133,10 @@ G5Authenticatable.strict_token_validation = true
 ### Controller filters and helpers
 
 G5 Authenticatable installs all of the usual devise controllers and helpers.
-To set up a controller that requires authentication, use this before_filter:
+To set up a controller that requires authentication, use this before_action:
 
 ```ruby
-before_filter :authenticate_user!
+before_action :authenticate_user!
 ```
 
 To verify if a user is signed in, use the following helper:
@@ -157,6 +157,32 @@ To access scoped session storage:
 user_session
 ```
 
+### Securing an engine (e.g. sidekiq or resque web UI)
+
+To use G5 Auth to secure another Rails engine mounted within your application,
+modify your `config/routes.rb` file like so:
+
+```ruby
+# To allow any authenticated user to access the mounted engine
+authenticate :user do
+  mount Sidekiq::Web => '/sidekiq'
+end
+
+# To restrict access to a particular user role
+authenticate :user, ->(user) { user.has_role?(:super_admin) } do
+  mount Sidekiq::Web => '/sidekiq'
+end
+```
+
+Note that some additional configuration may be necessary, depending on the
+engine which you are securing. For instance, sidekiq web tries to manage its
+own independent session store, which must be disabled by adding this line to
+your `config/initializers/sidekiq.rb` file:
+
+```ruby
+Sidekiq::Web.set(:sessions, false)
+```
+
 ### Route helpers
 
 There are several generic helper methods for session and omniauth
@@ -233,7 +259,7 @@ method:
 class MyResourcesController < ApplicationController
   respond_to :json
 
-  before_filter :authenticate_api_user!
+  before_action :authenticate_api_user!
 
   def get
     @resource = MyResource.find(params[:id])
@@ -457,7 +483,8 @@ your javascript driver instead.
 #### Installation ####
 
 To automatically mix in helpers to your feature and request specs, include the
-following line in your `spec/spec_helper.rb`:
+following line in your `spec/rails_helper.rb`, after your app and rspec-rails
+have been loaded:
 
 ```ruby
 require 'g5_authenticatable/rspec'
@@ -685,14 +712,14 @@ when reconfiguring a client application to use a different auth endpoint
 
 ### Protecting a particular Rails controller action
 
-You can use all of the usual options to `before_filter` for more fine-grained
+You can use all of the usual options to `before_action` for more fine-grained
 control over where authentication is required. For example, to require
 authentication only to edit a resource while leaving all other actions
 unsecured:
 
 ```ruby
 class MyResourcesController < ApplicationController
-  before_filter :authenticate_user!, only: [:edit, :update]
+  before_action :authenticate_user!, only: [:edit, :update]
 
   # ...
 end
@@ -747,8 +774,8 @@ the request format:
 
 ```ruby
 class MyMixedUpController < ApplicationController
-  before_filter :authenticate_api_user!, unless: :is_navigational_format?
-  before_filter :authenticate_user!, if: :is_navigational_format?
+  before_action :authenticate_api_user!, unless: :is_navigational_format?
+  before_action :authenticate_user!, if: :is_navigational_format?
 
   respond_to :html, :json
 
@@ -768,8 +795,8 @@ a signup form, you can try something like this:
 
 ```ruby
 class MyMixedUpController < ApplicationController
-  before_filter :authenticate_api_user!, if: :is_api_request?
-  before_filter :authenticate_user!, unless: :is_api_request?
+  before_action :authenticate_api_user!, if: :is_api_request?
+  before_action :authenticate_user!, unless: :is_api_request?
 
   respond_to :html
 

data/app/controllers/concerns/g5_authenticatable/authorization.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 module G5Authenticatable
+  # Authorization helpers and error handling for controllers
   module Authorization
     extend ActiveSupport::Concern
 
@@ -10,7 +13,7 @@ module G5Authenticatable
     def user_not_authorized
       respond_to do |format|
         format.json do
-          render status: :forbidden, json: {error: 'Access forbidden'}
+          render status: :forbidden, json: { error: 'Access forbidden' }
         end
         format.html do
           render status: :forbidden, file: "#{Rails.root}/public/403"

data/app/controllers/g5_authenticatable/application_controller.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 module G5Authenticatable
+  # Base class for all controllers in the G5Authenticatable engine
   class ApplicationController < ActionController::Base
   end
 end

data/app/controllers/g5_authenticatable/error_controller.rb

@@ -1,9 +1,10 @@
+# frozen_string_literal: true
+
 module G5Authenticatable
+  # For handling errors returned by the auth server
   class ErrorController < G5Authenticatable::ApplicationController
-
     def auth_error
       flash[:error] = 'There was a problem with the Auth Server!'
     end
-
   end
 end

data/app/controllers/g5_authenticatable/failure_app.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module G5Authenticatable
+  # Custom failure app that generates urls correctly within an isolated engine
+  # https://github.com/plataformatec/devise/issues/4127
+  class FailureApp < Devise::FailureApp
+    def scope_url
+      opts  = {}
+      route = :"new_#{scope}_session_url"
+      opts[:format] = request_format unless skip_format?
+
+      config = Rails.application.config
+
+      if config.try(:relative_url_root)
+        opts[:script_name] = config.relative_url_root
+      end
+
+      failure_url(route, opts)
+    end
+
+    private
+
+    def failure_url(route, opts)
+      context = send(Devise.available_router_name)
+
+      if context.respond_to?(route)
+        context.send(route, opts)
+      elsif respond_to?(:root_url)
+        root_url(opts)
+      else
+        '/'
+      end
+    end
+  end
+end

data/app/controllers/g5_authenticatable/sessions_controller.rb

@@ -1,12 +1,16 @@
+# frozen_string_literal: true
+
 module G5Authenticatable
+  # Custom sessions controller to handle auth server interaction
   class SessionsController < DeviseG5Authenticatable::SessionsController
     protected
+
     def register_resource
       create_resource
       sign_in_resource
     end
 
-    def signed_in_root_path(resource_or_scope)
+    def signed_in_root_path(_resource_or_scope)
       main_app.root_path
     end
 
@@ -16,11 +20,11 @@ module G5Authenticatable
       resource.save!
     end
 
-    def after_omniauth_failure_path_for(scope)
+    def after_omniauth_failure_path_for(_scope)
       auth_error_path
     end
 
-    def after_sign_out_path_for(resource_or_scope)
+    def after_sign_out_path_for(_resource_or_scope)
       main_app.root_path
     end
   end

data/app/helpers/g5_authenticatable/application_helper.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 module G5Authenticatable
+  # Helper methods for all G5Authenticatable controllers/views
   module ApplicationHelper
   end
 end

data/app/models/g5_authenticatable/role.rb

@@ -1,7 +1,10 @@
+# frozen_string_literal: true
+
 module G5Authenticatable
+  # A user role (e.g. admin, viewer), optionally scoped to a client or location
   class Role < ActiveRecord::Base
-    has_and_belongs_to_many :users, :join_table => :g5_authenticatable_users_roles
-    belongs_to :resource, :polymorphic => true
+    has_and_belongs_to_many :users, join_table: :g5_authenticatable_users_roles
+    belongs_to :resource, polymorphic: true
 
     scopify
   end

data/app/models/g5_authenticatable/user.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 module G5Authenticatable
+  # Cache of local user data, populated based on G5 Auth
   class User < ActiveRecord::Base
     devise :g5_authenticatable, :trackable, :timeoutable
     rolify role_cname: 'G5Authenticatable::Role',
@@ -10,13 +13,13 @@ module G5Authenticatable
     GLOBAL_ROLE = 'GLOBAL'
 
     def attributes_from_auth(auth_data)
-      super(auth_data).merge({
+      super(auth_data).merge(
         first_name: auth_data.info.first_name,
         last_name: auth_data.info.last_name,
         phone_number: auth_data.info.phone,
         title: auth_data.extra.title,
         organization_name: auth_data.extra.organization_name
-      })
+      )
     end
 
     def update_roles_from_auth(auth_data)
@@ -27,18 +30,22 @@ module G5Authenticatable
     end
 
     def selectable_clients
-      G5Updatable::SelectableClientPolicy::Scope.new(self, G5Updatable::Client).resolve
+      G5Updatable::SelectableClientPolicy::Scope.new(self, G5Updatable::Client)
+                                                .resolve
     end
 
     def clients
-      G5Updatable::ClientPolicy::Scope.new(self, G5Updatable::Client).resolve
+      G5Updatable::ClientPolicy::Scope.new(self, G5Updatable::Client)
+                                      .resolve
     end
 
     def locations
-      G5Updatable::LocationPolicy::Scope.new(self, G5Updatable::Location).resolve
+      G5Updatable::LocationPolicy::Scope.new(self, G5Updatable::Location)
+                                        .resolve
     end
 
     private
+
     def add_scoped_role(role)
       the_class = Object.const_get(role.type)
       resource = the_class.where(urn: role.urn).first