jekyll-auth 1.0.2 → 2.1.2

data/docs/CONTRIBUTING.md

@@ -0,0 +1,88 @@
+# Contributing to Jekyll Auth
+
+Hi there! We're thrilled that you'd like to contribute to Jekyll Auth. Your help is essential for keeping it great.
+
+Jekyll Auth is an open source project supported by the efforts of an entire community and built one contribution at a time by users like you. We'd love for you to get involved. Whatever your level of skill or however much time you can give, your contribution is greatly appreciated. There are many ways to contribute, from writing tutorials or blog posts, improving the documentation, submitting bug reports and feature requests, helping other users by commenting on issues, or writing code which can be incorporated into Jekyll Auth itself.
+
+Following these guidelines helps to communicate that you respect the time of the developers managing and developing this open source project. In return, they should reciprocate that respect in addressing your issue, assessing changes, and helping you finalize your pull requests.
+
+## Troubleshooting
+
+Having trouble with Jekyll Auth? Check out [the troubleshooting guidelines](troubleshooting.md) for solutions to common problems.
+
+
+## How to report a bug
+
+Think you found a bug? Please check [the list of open issues](https://github.com/benbalter/jekyll-auth/issues) to see if your bug has already been reported. If it hasn't please [submit a new issue](https://github.com/benbalter/jekyll-auth/issues/new).
+
+Here are a few tips for writing *great* bug reports:
+
+* Describe the specific problem (e.g., "widget doesn't turn clockwise" versus "getting an error")
+* Include the steps to reproduce the bug, what you expected to happen, and what happened instead
+* Check that you are using the latest version of the project and its dependencies
+* Include what version of the project your using, as well as any relevant dependencies
+* Only include one bug per issue. If you have discovered two bugs, please file two issues
+* Include screenshots or screencasts whenever possible
+* Even if you don't know how to fix the bug, including a failing test may help others track it down
+
+**If you find a security vulnerability, do not open an issue. Please email ben@balter.com instead.**
+
+## How to suggest a feature or enhancement
+
+If you find yourself wishing for a feature that doesn't exist in Jekyll Auth, you are probably not alone. There are bound to be others out there with similar needs. Many of the features that Jekyll Auth has today have been added because our users saw the need.
+
+Feature requests are welcome. But take a moment to find out whether your idea fits with the scope and goals of the project. It's up to you to make a strong case to convince the project's developers of the merits of this feature. Please provide as much detail and context as possible, including describing the problem you're trying to solve.
+
+[Open an issue](https://github.com/benbalter/jekyll-auth/issues/new) which describes the feature you would like to see, why you want it, how it should work, etc.
+
+
+
+## Your first contribution
+
+We'd love for you to contribute to the project. Unsure where to begin contributing to Jekyll Auth? You can start by looking through these "good first issue" and "help wanted" issues:
+
+* [Good first issues](https://github.com/benbalter/jekyll-auth/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) - issues which should only require a few lines of code and a test or two
+* [Help wanted issues](https://github.com/benbalter/jekyll-auth/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) - issues which may be a bit more involved, but are specifically seeking community contributions
+
+*p.s. Feel free to ask for help; everyone is a beginner at first* :smiley_cat:
+
+## How to propose changes
+
+Here's a few general guidelines for proposing changes:
+
+* If you are changing any user-facing functionality, please be sure to update the documentation
+* If you are adding a new behavior or changing an existing behavior, please be sure to update the corresponding test(s)
+* Each pull request should implement **one** feature or bug fix. If you want to add or fix more than one thing, submit more than one pull request
+* Do not commit changes to files that are irrelevant to your feature or bug fix
+* Don't bump the version number in your pull request (it will be bumped prior to release)
+* Write [a good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
+
+At a high level, [the process for proposing changes](https://guides.github.com/introduction/flow/) is:
+
+1. [Fork](https://github.com/benbalter/jekyll-auth/fork) and clone the project
+2. Configure and install the dependencies: `script/bootstrap`
+3. Make sure the tests pass on your machine: `script/cibuild`
+4. Create a descriptively named branch: `git checkout -b my-branch-name`
+5. Make your change, add tests and documentation, and make sure the tests still pass
+6. Push to your fork and [submit a pull request](https://github.com/benbalter/jekyll-auth/compare) describing your change
+7. Pat your self on the back and wait for your pull request to be reviewed and merged
+
+**Interesting in submitting your first Pull Request?** It's easy! You can learn how from this *free* series [How to Contribute to an Open Source Project on GitHub](https://egghead.io/series/how-to-contribute-to-an-open-source-project-on-github)
+
+## Bootstrapping your local development environment
+
+`script/bootstrap`
+
+## Running tests
+
+`script/cibuild`
+
+## Code of conduct
+
+This project is governed by [the Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.
+
+## Additional Resources
+
+* [Contributing to Open Source on GitHub](https://guides.github.com/activities/contributing-to-open-source/)
+* [Using Pull Requests](https://help.github.com/articles/using-pull-requests/)
+* [GitHub Help](https://help.github.com)

data/docs/README.md

@@ -0,0 +1,33 @@
+# Jekyll Auth
+
+*A simple way to use GitHub OAuth to serve a protected Jekyll site to your GitHub organization*
+
+[![Gem Version](https://badge.fury.io/rb/jekyll-auth.png)](http://badge.fury.io/rb/jekyll-auth) [![Build Status](https://travis-ci.org/benbalter/jekyll-auth.png?branch=master)](https://travis-ci.org/benbalter/jekyll-auth) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)
+
+## The problem
+
+[Jekyll](http://github.com/mojombo/jekyll) and [GitHub Pages](http://pages.github.com) are awesome, right? Static site, lightning fast, everything versioned in Git. What else could you ask for?
+
+But what if you only want to share that site with a select number of people? Before, you were SOL. Now, simply host the site on a free, [Heroku](http://heroku.com) Dyno, and whenever someone tries to access it, it will Oauth them against GitHub, and make sure they're a member of your Organization. Pretty cool, huh?
+
+## Requirements
+
+1. A GitHub account (one per user)
+2. A GitHub Organization (of which members will have access to the Jekyll site)
+3. A GitHub Application (you can [register one](https://github.com/settings/applications/new) for free)
+4. A Heroku account (you can technically use this elsewhere, but the instructions are for Heroku)
+
+## Under the hood
+
+Every time you push to Heroku, we take advantage of the fact that Heroku automatically runs the `rake assets:precompile` command (normally used for Rails sites) to build our Jekyll site and store it statically, just like GitHub pages would.
+
+Anytime a request comes in for a page, we run it through [Sinatra](http://www.sinatrarb.com/) (using the `_site` folder as the static file folder, just as `public` would be normally), and authenticate it using [sinatra\_auth\_github](https://github.com/atmos/sinatra_auth_github).
+
+If they're in the org, they get the page. Otherwise, all they ever get is [the bouncer](http://octodex.github.com/bouncer/).
+
+## Further reading
+
+* [Configuring](configuring.md)
+* [Getting started](getting-started.md)
+* [Running locally](running-locally.md)
+* [Troubleshooting](troubleshooting.md)

data/docs/SECURITY.md

@@ -0,0 +1,3 @@
+# Security Policy
+
+To report a security vulnerability, please email [ben@balter.com](mailto:ben@balter.com).

data/docs/_config.yml

@@ -0,0 +1,2 @@
+title: Jekyll Auth
+permalink: pretty

data/docs/configuring.md

@@ -0,0 +1,36 @@
+## Configuration
+
+### Whitelisting
+
+Don't want to require authentication for every part of your site? Fine! Add a whitelist to your Jekyll's **config.yml** file:
+
+```yaml
+jekyll_auth:
+  whitelist:
+    - drafts?
+```
+
+`jekyll_auth.whitelist` takes an array of regular expressions as strings. The default auth behavior checks (and blocks) against root (`/`). Any path defined in the whitelist won't require authentication on your site.
+
+What if you want to go the other way, and unauthenticate the entire site *except* for certain portions? You can define some regex magic for that:
+
+```yaml
+jekyll_auth:
+  whitelist:
+    - "^((?!draft).)*$"
+```
+
+There is also a more [extensive article containing installation instructions for Jekyll-Auth](http://fabian-kostadinov.github.io/2014/11/13/installation-of-jekyll-auth/) and a second one on [how to find your GitHub team ID](http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/).
+
+### Requiring SSL
+
+If [you've got SSL set up](https://devcenter.heroku.com/articles/ssl-endpoint), simply add the following your your `_config.yml` file to ensure SSL is enforced.
+
+```yaml
+jekyll_auth:
+  ssl: true
+```
+
+### Using a custom 404
+
+Just like GitHub Pages, Jekyll Auth will honor a custom 404 page, if it's generated as `/404.html` in the built site.

data/docs/getting-started.md

@@ -0,0 +1,63 @@
+## Getting Started
+
+### Create a GitHub Application
+
+1. Navigate to [the GitHub app registration page](https://github.com/settings/applications/new)
+2. Give your app a name
+3. Tell GitHub the URL you want the app to eventually live at. If using a free Heroku account, this will be something like <http://my-site.herokuapp.com>
+4. Specify the callback URL; should be like this: <https://my-site.herokuapp.com/auth/github/callback>; note that this is **https**, not http.
+5. Hit Save, but leave the page open, you'll need some of the information in a moment
+
+Remember the 'my-site' part for later on when using `heroku create`. Also, my-site is often called 'app-name' in Heroku documentation.
+
+### Add Jekyll Auth to your site
+
+1. Within your new site repository or orphaned github [branch](https://help.github.com/articles/creating-project-pages-manually/) (the branch could be named anything except 'gh-pages' since this would then be public on GitHub!), add `gem 'jekyll-auth'` to your `Gemfile` or if you don't already have a `Gemfile`, create a file called `Gemfile` in the root of your site's repository with the following content:
+
+   ```ruby
+   source "https://rubygems.org"
+
+   gem 'jekyll-auth'
+   ```
+
+2. `cd` into your project's directory and run `bundle install`. If you get an error using `bundle install`, see Troubleshooting below.
+
+3. Run `bundle exec jekyll-auth new` which will copy the necessary files to set up the server
+
+
+### Setting up hosting with Heroku
+
+#### Automatically
+
+Run `bundle exec jekyll-auth setup --client_id XXX --client_secret XXX --org_name XXX`
+
+(or `--team_id XXX`)
+
+#### Manually
+
+1. You may need to add and commit the files generated by `jekyll-auth new` to Git before continuing
+2. Make sure you have [the Heroku toolbelt](https://toolbelt.heroku.com/) installed
+3. Run `heroku create my-site` from your site's directory; make sure my-site matches what you specified in the GitHub application registration above.
+4. `heroku config:set GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=XXX GITHUB_ORG_NAME=XXX` (or `GITHUB_TEAM_ID`)
+5. `git push heroku`, or if you are maintaining the site in an orphaned branch of your GitHub repo (say 'heroku-pages'), do `git push heroku heroku-pages:master`
+6. `heroku open` to open the site in your browser
+
+#### Find the Organization ID (needed to find Team ID)
+
+If you need to find an organization's ID, you can use the following cURL command:
+
+```
+curl https://api.github.com/orgs/{org_name}
+```
+
+#### Finding the Team ID
+
+If you need help finding a team's numeric ID, you can use the `jekyll-auth team_id` command.
+
+For example, to find the team ID for @jekyll/maintainers you'd run the command:
+
+```
+jekyll-auth team_id --org jekyll --team maintainers
+```
+
+You'll want to add a [personal access token](https://github.com/settings/tokens/new) to your `.env` file so that Jekyll-Auth can make the necessary API request, but the command will run you through the process if you do not provide this.

data/docs/running-locally.md

@@ -0,0 +1,24 @@
+## Running locally
+
+Want to run it locally?
+
+### Without authentication
+
+Just run `jekyll serve` as you would normally.
+
+### With authentication
+
+1. `export GITHUB_CLIENT_ID=[your github app client id]`
+2. `export GITHUB_CLIENT_SECRET=[your github app client secret]`
+3. `export GITHUB_ORG_NAME=[org name]` or `export GITHUB_TEAM_ID=[team id]` or `export GITHUB_TEAM_IDS=1234,5678`
+4. `jekyll-auth serve`
+
+*Pro-tip #1:* For sanity's sake, and to avoid problems with your callback URL, you may want to have two apps, one with a local Oauth callback, and one for production if you're going to be testing auth locally.
+
+*Pro-tip #2*: Jekyll Auth supports [dotenv](https://github.com/bkeepers/dotenv) out of the box. You can create a `.env` file in the root of site and add your configuration variables there. It's ignored by `.gitignore` if you use `jekyll-auth new`, but be sure not to accidentally commit your `.env` file. Here's what your `.env` file might look like:
+
+```
+GITHUB_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz0123456789
+GITHUB_CLIENT_ID=qwertyuiop0001
+GITHUB_TEAM_ID=12345
+```

data/docs/troubleshooting.md

@@ -0,0 +1,31 @@
+## Troubleshooting
+
+### `ERROR: YOUR SITE COULD NOT BE BUILT` During install, either locally or on Heroku.
+
+You likely need to add `exclude: [vendor]` to `_config.yml` in your branch's root directory (create the file if it does not exist already). If you still have problems on the *local* install, you may have better luck using `bundle install --deployment`, but be sure to add the resulting 'vendor' directory to .gitignore. For completeness, the full error may look something like this:
+
+
+```
+remote:        Configuration file: none
+remote:                     ERROR: YOUR SITE COULD NOT BE BUILT:
+remote:                            ------------------------------------
+remote:                            Invalid date '0000-00-00': Post '/vendor/bundle/ruby/2.0.0/gems/jekyll-2.5.3/lib/site_template/_posts/0000-00-00-welcome-to-jekyll.markdown.erb' does not have a valid date in the filename.
+```
+
+### Pushing to heroku
+
+If you are working from a new GitHub-cloned repo (where you have not run `heroku create`), you may also want to push to Heroku. Instead of adding the remote in the standard way with Git, do this:
+
+
+```
+heroku git:remote -a my-site
+```
+
+### Upgrading from Jekyll Auth < 0.1.0
+
+1. `cd` to your project directory
+2. `rm config.ru`
+3. `rm Procfile`
+4. Remove any Jekyll Auth specific requirements from your `Gemfile`
+5. Follow [the instructions above](https://github.com/benbalter/jekyll-auth#add-jekyll-auth-to-your-site) to get started
+6. When prompted, select "n" if Heroku is already set up

data/jekyll-auth.gemspec

@@ -1,31 +1,38 @@
-require './lib/jekyll_auth/version'
+# frozen_string_literal: true
+
+require "./lib/jekyll_auth/version"
 
 Gem::Specification.new do |s|
   s.name                  = "jekyll-auth"
   s.version               = JekyllAuth::VERSION
-  s.summary               = "A simple way to use Github OAuth to serve a protected jekyll site to your GitHub organization"
-  s.description           = "A simple way to use Github Oauth to serve a protected jekyll site to your GitHub organization."
+  s.summary               = "A simple way to use GitHub OAuth to serve a protected jekyll site to your GitHub organization"
+  s.description           = "A simple way to use GitHub OAuth to serve a protected jekyll site to your GitHub organization."
   s.authors               = "Ben Balter"
   s.email                 = "ben@balter.com"
   s.homepage              = "https://github.com/benbalter/jekyll-auth"
   s.license               = "MIT"
   s.files                 = `git ls-files`.split("\n")
   s.test_files            = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables           = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.executables           = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths         = ["lib"]
 
-  s.add_dependency "jekyll", "~> 2.0"
+  s.add_dependency "activesupport", ">= 5", "< 7"
+  s.add_dependency "colorator", "~> 1.0"
+  s.add_dependency "dotenv", "~> 2.0"
+  s.add_dependency "jekyll", "~> 4.0"
+  s.add_dependency "mercenary", "~> 0.3"
+  s.add_dependency "rack", "~> 1.6"
+  s.add_dependency "rack-protection", "~> 1.5", ">= 1.5.5"
+  s.add_dependency "rack-ssl-enforcer", "~> 0.2"
+  s.add_dependency "rake", "~> 13.0"
+  s.add_dependency "safe_yaml", "~> 1.0"
   s.add_dependency "sinatra-index", "~> 0.0"
   s.add_dependency "sinatra_auth_github", "~> 1.1"
-  s.add_dependency "rack", "1.5.2"
-  s.add_dependency "dotenv", "~> 1.0"
-  s.add_dependency "rake", "~> 10.3"
-  s.add_dependency "rack-ssl-enforcer", "~> 0.2"
-  s.add_dependency "mercenary", "~> 0.3"
-  s.add_dependency 'safe_yaml', "~> 1.0"
-  s.add_dependency "colorator", "~> 0.1"
-  s.add_development_dependency "rspec", "~> 3.1"
-  s.add_development_dependency "rack-test", "~> 0.6"
-  s.add_development_dependency "webmock", "~> 1.2 "
   s.add_development_dependency "pry", "~> 0.10"
+  s.add_development_dependency "rack-test", "~> 0.6"
+  s.add_development_dependency "rspec", "~> 3.1"
+  s.add_development_dependency "rubocop", "~> 0.49", ">= 0.49.0"
+  s.add_development_dependency "rubocop-jekyll", "~> 0.11.0"
+  s.add_development_dependency "rubocop-performance", "~> 1.0"
+  s.add_development_dependency "webmock", "~> 2.3 "
 end

data/lib/jekyll-auth.rb

@@ -1,16 +1,19 @@
-require 'sinatra-index'
-require 'sinatra_auth_github'
-require 'dotenv'
-require 'safe_yaml'
-require 'colorator'
-require 'mkmf'
-require_relative 'jekyll_auth/version'
-require_relative 'jekyll_auth/helpers'
-require_relative 'jekyll_auth/config'
-require_relative 'jekyll_auth/auth_site'
-require_relative 'jekyll_auth/jekyll_site'
-require_relative 'jekyll_auth/config_error'
-require_relative 'jekyll_auth/commands'
+# frozen_string_literal: true
+
+require "sinatra-index"
+require "sinatra_auth_github"
+require "dotenv"
+require "safe_yaml"
+require "colorator"
+require "mkmf"
+require_relative "jekyll_auth/version"
+require_relative "jekyll_auth/helpers"
+require_relative "jekyll_auth/config"
+require_relative "jekyll_auth/auth_site"
+require_relative "jekyll_auth/jekyll_site"
+require_relative "jekyll_auth/config_error"
+require_relative "jekyll_auth/commands"
+require_relative "jekyll_auth/sinatra/auth/github"
 
 Dotenv.load
 

data/lib/jekyll_auth/auth_site.rb

@@ -1,21 +1,18 @@
+# frozen_string_literal: true
+
 class JekyllAuth
   class AuthSite < Sinatra::Base
-
     configure :production do
-      require 'rack-ssl-enforcer'
+      require "rack-ssl-enforcer"
       use Rack::SslEnforcer if JekyllAuth.ssl?
     end
 
-    use Rack::Session::Cookie, {
-      :http_only => true,
-      :secret    => ENV['SESSION_SECRET'] || SecureRandom.hex
-    }
+    use Rack::Session::Cookie,       :http_only => true,
+                                     :secret    => ENV["SESSION_SECRET"] || SecureRandom.hex
 
-    set :github_options, {
-      :scopes    => 'read:org'
-    }
+    set :github_options, :scopes => "read:org"
 
-    ENV['WARDEN_GITHUB_VERIFIER_SECRET'] ||= SecureRandom.hex
+    ENV["WARDEN_GITHUB_VERIFIER_SECRET"] ||= SecureRandom.hex
     register Sinatra::Auth::Github
 
     use Rack::Logger
@@ -29,19 +26,19 @@ class JekyllAuth
 
       case authentication_strategy
       when :team
-        github_team_authenticate! ENV['GITHUB_TEAM_ID']
+        github_team_authenticate! ENV["GITHUB_TEAM_ID"]
       when :teams
-        github_teams_authenticate! ENV['GITHUB_TEAM_IDS'].split(",")
+        github_teams_authenticate! ENV["GITHUB_TEAM_IDS"].split(",")
       when :org
-        github_organization_authenticate! ENV['GITHUB_ORG_ID']
+        github_organization_authenticate! ENV["GITHUB_ORG_NAME"]
       else
         raise JekyllAuth::ConfigError
       end
     end
 
-    get '/logout' do
+    get "/logout" do
       logout!
-      redirect '/'
+      redirect "/"
     end
   end
 end

data/lib/jekyll_auth/commands.rb

@@ -1,11 +1,12 @@
+# frozen_string_literal: true
+
 class JekyllAuth
   class Commands
-
-    FILES = %w{Rakefile config.ru .gitignore .env}
-    VARS  = %w{client_id client_secret team_id org_id}
+    FILES = %w(Rakefile config.ru .gitignore .env).freeze
+    VARS  = %w(client_id client_secret team_id org_name).freeze
 
     def self.source
-      @source ||= File.expand_path( "../../templates", File.dirname(__FILE__) )
+      @source ||= File.expand_path("../../templates", File.dirname(__FILE__))
     end
 
     def self.destination
@@ -13,14 +14,15 @@ class JekyllAuth
     end
 
     def self.changed?
-      execute_command("git", "status", destination, "--porcelain").length != 0
-    rescue
+      !execute_command("git", "status", destination, "--porcelain").empty?
+    rescue StandardError
       false
     end
 
     def self.execute_command(*args)
       output, status = Open3.capture2e(*args)
-      raise "Command `#{args.join(" ")}` failed: #{output}" if status != 0
+      raise "Command `#{args.join(" ")}` failed: #{output}" unless status.exitstatus.zero?
+
       output
     end
 
@@ -44,13 +46,14 @@ class JekyllAuth
     end
 
     def self.env_var_set?(var)
-      !(ENV[var].to_s.blank?)
+      !ENV[var].to_s.blank?
     end
 
     def self.init_repo
       execute_command "git", "init", destination
       FILES.each do |file|
         next if file == ".env"
+
         execute_command("git", "add", "--", "#{destination}/#{file}")
       end
     end
@@ -61,7 +64,7 @@ class JekyllAuth
 
     def self.heroku_remote_set?
       remotes = execute_command "git", "remote", "-v"
-      !!(remotes =~ /^heroku\s/)
+      !!(remotes =~ %r!^heroku\s!)
     end
 
     def self.configure_heroku(options)