heroku-bouncer 0.5.2 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/CONTRIBUTING.md +62 -0
- data/README.md +7 -2
- data/lib/heroku/bouncer/middleware.rb +15 -7
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 665c9d7aafb5ad2f6d67e2b2c6534afe7114a310
|
|
4
|
+
data.tar.gz: 740248c7d7ff94e833d11c3072b4d605e545d540
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 98037d0ba899477a43af554df33b0edeaad5b4381e761a8b44d4f91025bd036d92b5cb5c82b83edca30f3edb52a0caf3772b0d7ad327d02834cf8d180299bdde
|
|
7
|
+
data.tar.gz: 229ef416b7d70912a4d38cbb8b76feed9013b6d4a8b5a350b07590a26bc78735116dbd46f34eff5ec38a547c8aa39a0ae2cb155b7710e3a941a628289a22733e
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
# 0.6.0
|
|
2
|
+
|
|
3
|
+
* #42: add `allow_if_user` which takes the user object, instead of just
|
|
4
|
+
an email. Thanks @jacobian!
|
|
5
|
+
* #43: allow bouncer to be installed at sub-paths of the app by using
|
|
6
|
+
`request.path_info`. Thanks @dpiddy!
|
|
7
|
+
|
|
1
8
|
# 0.5.2
|
|
2
9
|
|
|
3
10
|
* #40: fixes redirects to non-standard ports (other than 80/443). Thanks
|
data/CONTRIBUTING.md
ADDED
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
# tl;dr
|
|
2
|
+
|
|
3
|
+
PRs welcome. Please write tests, add an entry to CHANGELOG.md for your
|
|
4
|
+
change, and if the change is user-facing, update README.md.
|
|
5
|
+
|
|
6
|
+
# Contributing
|
|
7
|
+
|
|
8
|
+
Contributions welcome! Here are some ways you can help:
|
|
9
|
+
|
|
10
|
+
* by using alpha, beta, and prerelease versions
|
|
11
|
+
* by reporting bugs
|
|
12
|
+
* by suggesting new features
|
|
13
|
+
* by writing or editing documentation
|
|
14
|
+
* by writing tests or specifications
|
|
15
|
+
* by writing code (**no patch is too small!** Fix typos, add comments, etc)
|
|
16
|
+
* by refactoring code
|
|
17
|
+
* by closing [issues][]
|
|
18
|
+
* by reviewing patches
|
|
19
|
+
|
|
20
|
+
[issues]: https://github.com/heroku/heroku-bouncer/issues
|
|
21
|
+
|
|
22
|
+
## Submitting an Issue
|
|
23
|
+
|
|
24
|
+
We use the [GitHub issue tracker][issues] to track bugs and features.
|
|
25
|
+
Before submitting a bug report or feature request, check to make sure it
|
|
26
|
+
hasn't already been submitted. When submitting a bug report, please
|
|
27
|
+
include a [Gist][] that includes a stack trace and any details that may
|
|
28
|
+
be necessary to reproduce the bug, including your gem version, Ruby
|
|
29
|
+
version, and operating system. Ideally, a bug report should include a
|
|
30
|
+
pull request with failing specs.
|
|
31
|
+
|
|
32
|
+
[Gist]: https://gist.github.com/
|
|
33
|
+
|
|
34
|
+
## Getting Started Locally
|
|
35
|
+
|
|
36
|
+
Fork, then clone the repo:
|
|
37
|
+
|
|
38
|
+
git clone git@github.com:your-username/heroku-bouncer.git
|
|
39
|
+
|
|
40
|
+
Bundle install using your preferred arguments:
|
|
41
|
+
|
|
42
|
+
bundle install -j8 --path .bundle
|
|
43
|
+
|
|
44
|
+
Make sure the tests pass:
|
|
45
|
+
|
|
46
|
+
bundle exec rake
|
|
47
|
+
|
|
48
|
+
## Submitting a Pull Request
|
|
49
|
+
|
|
50
|
+
1. [Fork the repository.][fork]
|
|
51
|
+
2. [Create a topic branch.][branch]
|
|
52
|
+
3. Implement your feature or bug fix. Please include tests and a
|
|
53
|
+
proposed change to the `CHANGELOG.md` file.
|
|
54
|
+
4. Make sure the tests pass using `bundle exec rake`.
|
|
55
|
+
5. Please try to remove any trailing whitespace and make sure all files
|
|
56
|
+
end in a newline. `git diff --check` before committing can help.
|
|
57
|
+
6. Add, commit, and push your changes.
|
|
58
|
+
7. [Submit a pull request.][pr]
|
|
59
|
+
|
|
60
|
+
[fork]: http://help.github.com/fork-a-repo/
|
|
61
|
+
[branch]: http://learn.github.com/p/branching.html
|
|
62
|
+
[pr]: http://help.github.com/send-pull-requests/
|
data/README.md
CHANGED
|
@@ -42,7 +42,7 @@ Sinatra app that uses heroku-bouncer.
|
|
|
42
42
|
require 'my_app'
|
|
43
43
|
|
|
44
44
|
# use `openssl rand -base64 32` to generate a secret
|
|
45
|
-
use Rack::Session::Cookie, secret: "..."
|
|
45
|
+
use Rack::Session::Cookie, secret: "...", key: "my_app_session"
|
|
46
46
|
use Heroku::Bouncer,
|
|
47
47
|
oauth: { id: "...", secret: "..." }, secret: "..."
|
|
48
48
|
run MyApp
|
|
@@ -57,7 +57,7 @@ Sinatra app that uses heroku-bouncer.
|
|
|
57
57
|
```ruby
|
|
58
58
|
class MyApp < Sinatra::Base
|
|
59
59
|
...
|
|
60
|
-
enable :sessions, secret: "..."
|
|
60
|
+
enable :sessions, secret: "...", key: "my_app_session"
|
|
61
61
|
use ::Heroku::Bouncer,
|
|
62
62
|
oauth: { id: "...", secret: "..." }, secret: "..."
|
|
63
63
|
...
|
|
@@ -98,6 +98,11 @@ Here are the supported options you can pass to the middleware:
|
|
|
98
98
|
* `allow_if`: A lambda that takes an email address. If the lambda evaluates to
|
|
99
99
|
true, allow the user through. If false, redirects to `redirect_url`.
|
|
100
100
|
By default, all users are allowed through after authenticating.
|
|
101
|
+
* `allow_if_user`: A lambda that takes the
|
|
102
|
+
[account resource](https://devcenter.heroku.com/articles/platform-api-reference#account)
|
|
103
|
+
representing the user. If the lambda evaluates to true, allow the user
|
|
104
|
+
through. If false, redirects to `redirect_url`. By default, all users are
|
|
105
|
+
allowed through after authenticating.
|
|
101
106
|
* `redirect_url`: Where unauthorized users are redirected to. Defaults to
|
|
102
107
|
`www.heroku.com`.
|
|
103
108
|
* `expose_token`: Expose the OAuth token in the session, allowing you to
|
|
@@ -20,18 +20,24 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
|
|
|
20
20
|
else
|
|
21
21
|
super(app)
|
|
22
22
|
@cookie_secret = extract_option(options, :secret, SecureRandom.base64(32))
|
|
23
|
-
@
|
|
23
|
+
@allow_if_user = extract_option(options, :allow_if_user, nil)
|
|
24
24
|
@redirect_url = extract_option(options, :redirect_url, 'https://www.heroku.com')
|
|
25
25
|
|
|
26
26
|
# backwards-compatibilty for `herokai_only`:
|
|
27
27
|
# * check email for ending with `@heroku.com`
|
|
28
28
|
# * The redirect URL can be passed as a string value to `herokai_only`
|
|
29
|
-
herokai_only = extract_deprecated_option("please use `
|
|
29
|
+
herokai_only = extract_deprecated_option("please use `allow_if_user` instead", options, :herokai_only, false)
|
|
30
30
|
if herokai_only
|
|
31
31
|
if herokai_only.is_a?(String) && !options[:redirect_url]
|
|
32
32
|
@redirect_url = herokai_only
|
|
33
33
|
end
|
|
34
|
-
@
|
|
34
|
+
@allow_if_user ||= lambda { |user| user['email'].end_with?("@heroku.com") }
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
# backwards-compatibility for allow_if
|
|
38
|
+
allow_if = extract_option(options, :allow_if, false)
|
|
39
|
+
if allow_if
|
|
40
|
+
@allow_if_user ||= lambda { |user| allow_if.call(user['email']) }
|
|
35
41
|
end
|
|
36
42
|
|
|
37
43
|
@expose_token = extract_option(options, :expose_token, false)
|
|
@@ -77,11 +83,13 @@ class Heroku::Bouncer::Middleware < Sinatra::Base
|
|
|
77
83
|
# callback when successful, time to save data
|
|
78
84
|
get '/auth/heroku/callback' do
|
|
79
85
|
token = request.env['omniauth.auth']['credentials']['token']
|
|
80
|
-
if @expose_email || @expose_user || !@
|
|
86
|
+
if @expose_email || @expose_user || !@allow_if_user.nil?
|
|
81
87
|
user = fetch_user(token)
|
|
82
88
|
# Wrapping lambda to prevent short-circut proc return
|
|
83
|
-
if @
|
|
84
|
-
|
|
89
|
+
if @allow_if_user.respond_to?(:call)
|
|
90
|
+
if !lambda{ @allow_if_user.call(user)}.call
|
|
91
|
+
redirect to(@redirect_url) and return
|
|
92
|
+
end
|
|
85
93
|
end
|
|
86
94
|
@expose_user ? store_write(:user, user) : store_write(:user, true)
|
|
87
95
|
store_write(:email, user['email']) if @expose_email
|
|
@@ -138,7 +146,7 @@ private
|
|
|
138
146
|
end
|
|
139
147
|
|
|
140
148
|
def auth_request?
|
|
141
|
-
%w[/auth/heroku/callback /auth/heroku /auth/failure /auth/sso-logout /auth/logout /auth/login].include?(request.
|
|
149
|
+
%w[/auth/heroku/callback /auth/heroku /auth/failure /auth/sso-logout /auth/logout /auth/login].include?(request.path_info)
|
|
142
150
|
end
|
|
143
151
|
|
|
144
152
|
def session_nonce_mismatch?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: heroku-bouncer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Dance
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-03-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-heroku
|
|
@@ -158,8 +158,10 @@ extensions: []
|
|
|
158
158
|
extra_rdoc_files:
|
|
159
159
|
- README.md
|
|
160
160
|
- CHANGELOG.md
|
|
161
|
+
- CONTRIBUTING.md
|
|
161
162
|
files:
|
|
162
163
|
- CHANGELOG.md
|
|
164
|
+
- CONTRIBUTING.md
|
|
163
165
|
- Gemfile
|
|
164
166
|
- README.md
|
|
165
167
|
- Rakefile
|
|
@@ -189,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
189
191
|
version: '0'
|
|
190
192
|
requirements: []
|
|
191
193
|
rubyforge_project:
|
|
192
|
-
rubygems_version: 2.
|
|
194
|
+
rubygems_version: 2.4.5
|
|
193
195
|
signing_key:
|
|
194
196
|
specification_version: 4
|
|
195
197
|
summary: Rapidly add Heroku OAuth to your Ruby app.
|