git_wit 0.0.2 → 0.0.3

data/README.md

@@ -1,6 +1,7 @@
 # GitWit
 
 [![Build Status](https://travis-ci.org/xdissent/git_wit.png?branch=master)](https://travis-ci.org/xdissent/git_wit)
+[![Gem Version](https://badge.fury.io/rb/git_wit.png)](http://badge.fury.io/rb/git_wit)
 
 Dead simple Git hosting for Rails apps.
 
@@ -83,12 +84,43 @@ Your server will ask you for a username and password when you push - use
 `writer` for both and it should accept your changes.
 
 
+## SSL
+
+You **really** should turn `insecure_auth` and `insecure_write` back to `false`
+as quickly as possible and enable SSL for read/write access. GitWit doesn't 
+need any special SSL configuration - just flip SSL on in whatever web server
+is running Rails. You can also use the 
+[tunnels](https://github.com/jugyo/tunnels) gem to run your app with SSL in 
+development. Just add it to the Gemfile and run `bundle install` followed by
+`sudo tunnels` (or `rvmsudo tunnels` for RVM). For `rails s`, which runs on
+port 3000 by default, run `sudo tunnels 443 3000`. Now you may clone 
+repositories over HTTPS:
+
+```console
+$ git clone https://localhost/example.git
+```
+
+
+## A quick note about "local requests"
+
+The default Rails development environment has a config value called 
+`consider_all_requests_local`, which is `true`. This prevents GitWit from 
+correctly handling authentication responses in some cases. It's not a big deal,
+you'll just be asked to re-authenticate more often and some responses will be
+slightly misleading. But the alternative solution, which is to set 
+`consider_all_requests_local` to `false`, disables any special Rails error 
+handling - quite a bummer for development. It would be nice to sort this out a
+little better in the future. Note that the production environment uses `false`
+by default and handles errors appropriately.
+
+
 ## Advanced Usage (Devise, Cancan, etc.)
 
 See [`test/dummy`](https://github.com/xdissent/git_wit/tree/master/test/dummy) 
 for an example app that integrates 
 [Devise](https://github.com/plataformatec/devise), 
-[Cancan](https://github.com/ryanb/cancan), and 
+[Cancan](https://github.com/ryanb/cancan), 
+[rolify](https://github.com/EppO/rolify) and
 [twitter-bootstrap-rails](https://github.com/seyhunak/twitter-bootstrap-rails). 
 Example controllers for managing repositories and public keys are included.
 
@@ -96,7 +128,7 @@ Example controllers for managing repositories and public keys are included.
 ## SSH support - AKA: The hard part
 
 To enable git operations over SSH, you **must have a dedicated SSH user**. This
-user will *only* be used for SSH autentication. Immediately after successfully
+user will *only* be used for SSH authentication. Immediately after successfully
 authenticating, the SSH user will `sudo` to the application user to continue
 with the git operation. This eliminates the need for all the bat-shit crazy git
 pulls/pushes and SSH wrappers and crap that are typical of gitolite/gitosis

data/lib/git_wit/authorized_keys.rb

@@ -92,9 +92,10 @@ module GitWit
       SHELL_OPTIONS = %w(no-port-forwarding no-X11-forwarding 
         no-agent-forwarding no-pty)
 
-      def self.shell_key_for_username(username, key)
+      def self.shell_key_for_username(username, key, debug = false)
         key = self.new key if key.is_a? String
-        key.options = [%(command="gw-shell #{username}"), *SHELL_OPTIONS]
+        debug = debug ? "--debug " : ""
+        key.options = [%(command="gw-shell #{debug}#{username}"), *SHELL_OPTIONS]
         key
       end
     end

data/lib/git_wit/shell.rb

@@ -1,18 +1,33 @@
 module GitWit
   module Shell
     SHELL_COMMANDS = %w(git-upload-pack git-receive-pack git-upload-archive)
-    SUDO_ENV_KEYS = %w(SSH_ORIGINAL_COMMAND GEM_HOME GEM_PATH PATH 
-      BUNDLE_GEMFILE RAILS_ENV)
+
+    def self.run
+      exec_with_sudo!
+      return run_debug if debug?
+      boot_app
+      command, repository = parse_ssh_original_command
+      user = authenticate! ARGV[0]
+      authorize! command, user, repository
+
+      repo_path = File.expand_path File.join(GitWit.repositories_path, repository)
+      cmd = ["git", "shell", "-c", "#{command} '#{repo_path}'"]
+      Rails.logger.info "GitWit SSH command: #{cmd.join " "}"
+      exec *cmd
+    end
 
     def self.exec_with_sudo!(user = app_user)
       return if running_as?(user)
       Dir.chdir rails_root
-      env = SUDO_ENV_KEYS.map { |k| "#{k}=#{ENV[k]}" if ENV[k] }.compact
-      env << "RAILS_ROOT=#{rails_root}" << "TERM=dumb"
-      cmd = ["sudo", "-u", "##{app_user}", *env, "-s", $PROGRAM_NAME, *ARGV]
+      ENV["TERM"] = "dumb"
+      cmd = ["sudo", "-u", "##{app_user}", $PROGRAM_NAME, *ARGV]
       exec *cmd
     end
 
+    def self.debug?
+      ARGV.include? "--debug"
+    end
+
     def self.running_as?(user)
       Process.uid == user
     end
@@ -33,7 +48,9 @@ module GitWit
 
     def self.parse_ssh_original_command
       /^(?<cmd>git-[^\s]+)\s+'(?<repository>[^']+\.git)'/ =~ ENV["SSH_ORIGINAL_COMMAND"]
-      abort "Uknown command #{cmd}" unless SHELL_COMMANDS.include? cmd
+      unless SHELL_COMMANDS.include? cmd
+        abort "Unknown command: #{ENV["SSH_ORIGINAL_COMMAND"]}" 
+      end
       [cmd, repository]
     end
 
@@ -56,17 +73,43 @@ module GitWit
       abort "Unauthorized" unless authorize command, user, repository
     end
 
-    def self.run
-      exec_with_sudo!
-      boot_app
-      command, repository = parse_ssh_original_command
-      user = authenticate! ARGV[0]
-      authorize! command, user, repository
+    def self.run_debug
+      require "pp"
+      puts "*** GitWit DEBUG ***\n\n"
+      puts "ENVIRONMENT:"
+      pp ENV
+      puts "\n*** GitWit DEBUG ***\n"
+    end
+  end
 
-      repo_path = File.expand_path File.join(GitWit.repositories_path, repository)
-      cmd = ["git", "shell", "-c", "#{command} '#{repo_path}'"]
-      Rails.logger.info "GitWit SSH command: #{cmd.join " "}"
-      exec *cmd
+  def self.run_shell_test(quiet = true)
+    success = false
+    Dir.mktmpdir do |ssh|
+      user = "git_wit_shell_test"
+      key_file = File.join ssh, "id_rsa"
+      pub_key_file = "#{key_file}.pub"
+
+      cmd = %(ssh-keygen -q -t rsa -C "#{user}" -f "#{key_file}" -N "")
+      puts "Running #{cmd}" unless quiet
+      `#{cmd}`
+
+      pub_key = File.open(pub_key_file) { |f| f.read }
+      debug_key = AuthorizedKeys::Key.shell_key_for_username user, pub_key, true
+      authorized_keys_file.add debug_key
+      puts "Added key: #{debug_key}" unless quiet
+
+      cmd = %(SSH_AUTH_SOCK="" ssh -i "#{key_file}" #{GitWit.ssh_user}@localhost test 123)
+      puts "Running #{cmd}" unless quiet
+      out = `#{cmd}`
+      puts out unless quiet
+      success = $?.success?
+      if success
+        puts "Success" unless quiet
+      else
+        puts "ERROR!" unless quiet
+      end
+      authorized_keys_file.remove debug_key
     end
+    success
   end
 end

data/lib/git_wit/version.rb

@@ -1,3 +1,3 @@
 module GitWit
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

data/lib/tasks/git_wit_shell.rake

@@ -0,0 +1,8 @@
+namespace :git_wit do
+  namespace :shell do
+    desc "Debug the ssh shell"
+    task test: :environment do
+      GitWit.run_shell_test(false)
+    end
+  end
+end