lita-confirmation 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e2c924f5bde1d77a7df72e5a9c2740a4938741b2
+  data.tar.gz: b1ca21f9a0768bf904d13f05c1f8efb0d9f252b5
+SHA512:
+  metadata.gz: 3d15be8fb17d7b2bc78f99494e77030c5b330dba303dfb077df3c79173c9144a56661ad84a93258aeb40887b4d6e8790a7dcc9cd03fc876e9a4be3cd60047c25
+  data.tar.gz: 01fb383bd4ebbdf4c50692abf78f0036b6a0e8cc16fb7ee0b577fe462e93b710ea89c2ede3046b481a15e891964870afc01e0a1ed42de8524f51b6b048744220

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.travis.yml

@@ -0,0 +1,12 @@
+language: ruby
+rvm:
+  - 2.0.0
+script: bundle exec rake
+before_install:
+  - gem update --system
+services:
+  - redis-server
+notifications:
+  webhooks:
+    urls:
+      - https://lita-freenode.herokuapp.com/travis

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2014 Jimmy Cuadra
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,92 @@
+# lita-confirmation
+
+[![Build Status](https://travis-ci.org/jimmycuadra/lita-confirmation.png?branch=master)](https://travis-ci.org/jimmycuadra/lita-confirmation)
+[![Code Climate](https://codeclimate.com/github/jimmycuadra/lita-confirmation.png)](https://codeclimate.com/github/jimmycuadra/lita-confirmation)
+[![Coverage Status](https://coveralls.io/repos/jimmycuadra/lita-confirmation/badge.png)](https://coveralls.io/r/jimmycuadra/lita-confirmation)
+
+**lita-confirmation** is an extension for [Lita](https://www.lita.io/) that allows handler routes to require "confirmation" before being triggered. Confirmation consists of a second message sent to the robot with a confirmation code.
+
+## Installation
+
+Add lita-confirmation to your Lita plugin's gemspec:
+
+``` ruby
+spec.add_runtime_dependency "lita-confirmation"
+```
+
+## Usage
+
+### Basic confirmation
+
+For basic confirmation, simply set the `:confirmation` option to true when defining a route.
+
+``` ruby
+route /danger/, :danger, command: true, confirmation: true
+```
+
+This will result in the following behavior:
+
+```
+Alice: Lita, danger
+Lita: This command requires confirmation. To confirm, send the command "confirm 636f308"
+Alice: Lita, confirm 636f308
+Lita: Dangerous command executed!
+```
+
+### Customized confirmation
+
+There are a few different options that can be supplied to customize the way the confirmation behaves. To supply one or more options, pass a hash as the value for the `:confirmation` option instead of just a boolean.
+
+#### allow_self
+
+By default, the same user who initially triggered the command can confirm it. If you want to make it even harder to trigger a command accidentally, you can require that another user send the confirmation command by setting the `:allow_self` option to false.
+
+``` ruby
+route /danger/, :danger, command: true, confirmation: { allow_self: false }
+```
+
+```
+Alice: Lita, danger
+Lita: This command requires confirmation. To confirm, send the command "confirm 636f308"
+Alice: Lita, confirm 636f308
+Lita: Confirmation 636f308 must come from a different user.
+Bob: Lita, confirm 636f308
+Lita: Dangerous command executed!
+```
+
+#### restrict_to
+
+If you want to require that the confirming user be a member of a particular authorization group, use the `:restrict_to` option. The value can be either a string, a symbol, or an array or strings/symbols.
+
+``` ruby
+route /danger/, :danger, command: true, confirmation: { restrict_to: :managers }
+```
+
+```
+Alice: Lita, danger
+Lita: This command requires confirmation. To confirm, send the command "confirm 636f308"
+Alice: Lita, confirm 636f308
+Lita: Confirmation 636f308 must come from a user in one of the following authorization groups: managers
+Manager: Lita, confirm 636f308
+Lita: Dangerous command executed!
+```
+
+#### expire_after
+
+By default, a confirmation must be made within one minute of the original command. After the expiry period, the original command must be sent again, and a new confirmation code will be generated. To change the length of the expiry, set the `:expire_after` value to an integer or string number of seconds.
+
+``` ruby
+route /danger/, :danger, command: true, confirmation: { expire_after: 10 }
+```
+
+```
+Alice: Lita, danger
+Lita: This command requires confirmation. To confirm, send the command "confirm 636f308"
+Alice: Waiting 15 seconds...
+Alice: Lita, confirm 636f308
+Lita: 636f308 is not a valid confirmation code. It may have expired. Please run the original command agin.
+```
+
+## License
+
+[MIT](http://opensource.org/licenses/MIT)

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/lib/lita-confirmation.rb

@@ -0,0 +1,11 @@
+require "securerandom"
+
+require "lita"
+
+Lita.load_locales Dir[File.expand_path(
+  File.join("..", "..", "locales", "*.yml"), __FILE__
+)]
+
+require "lita/handlers/confirmation"
+require "lita/extensions/confirmation/unconfirmed_command"
+require "lita/extensions/confirmation"

data/lib/lita/extensions/confirmation.rb

@@ -0,0 +1,40 @@
+module Lita
+  module Extensions
+    class Confirmation
+      attr_reader :handler, :message, :robot, :route
+
+      def self.call(payload)
+        new(
+          payload.fetch(:handler),
+          payload.fetch(:message),
+          payload.fetch(:robot),
+          payload.fetch(:route)
+        ).call
+      end
+
+      def initialize(handler, message, robot, route)
+        @handler = handler
+        @message = message
+        @robot = robot
+        @route = route
+      end
+
+      def call
+        if (options = route.extensions[:confirmation])
+          message.reply(
+            I18n.t(
+              "lita.extensions.confirmation.request",
+              code: UnconfirmedCommand.new(handler, message, robot, route, options).code
+            )
+          )
+
+          return false
+        end
+
+        true
+      end
+    end
+
+    Lita.register_hook(:validate_route, Confirmation)
+  end
+end

data/lib/lita/extensions/confirmation/unconfirmed_command.rb

@@ -0,0 +1,77 @@
+require "securerandom"
+
+module Lita
+  module Extensions
+    class Confirmation
+      class UnconfirmedCommand
+        attr_reader :allow_self, :code, :groups, :handler, :message, :robot, :route, :timer_thread
+
+        class << self
+          def find(code)
+            confirmations[code]
+          end
+
+          def confirmations
+            @confirmations ||= {}
+          end
+
+          def reset
+            confirmations.clear
+          end
+        end
+
+        def initialize(handler, message, robot, route, options)
+          @handler = handler
+          @message = message
+          @robot = robot
+          @route = route
+
+          @code = SecureRandom.hex(3)
+
+          self.class.confirmations[code] = self
+
+          process_options(options)
+        end
+
+        def call(user)
+          return :other_user_required if disallow_self?(user)
+          return :user_in_group_required unless in_required_group?(user)
+
+          expire
+          timer_thread.kill if timer_thread
+          handler.dispatch_to_route(route, robot, message)
+        end
+
+        private
+
+        def disallow_self?(confirming_user)
+          true if !allow_self && message.user == confirming_user
+        end
+
+        def expire
+          self.class.confirmations.delete(code)
+        end
+
+        def in_required_group?(user)
+          return true unless groups
+
+          groups.any? { |group| Lita::Authorization.user_in_group?(user, group) }
+        end
+
+        def process_options(options)
+          options = Hash === options ? options : {}
+
+          @allow_self = options.key?(:allow_self) ? options[:allow_self] : true
+          @groups = options.key?(:restrict_to) ? Array(options[:restrict_to]) : nil
+
+          expiry = options.key?(:expire_after) ? options[:expire_after] : 60
+          @timer_thread = Thread.new do
+            Lita::Timer.new(interval: expiry) do
+              expire
+            end.start
+          end
+        end
+      end
+    end
+  end
+end

data/lib/lita/handlers/confirmation.rb

@@ -0,0 +1,36 @@
+module Lita
+  module Handlers
+    class Confirmation < Handler
+      route /^confirm\s+([a-f0-9]{6})$/i, :confirm, command: true, help: {
+        t("help.key") => t("help.value")
+      }
+
+      def confirm(response)
+        code = response.matches[0][0]
+
+        command = Extensions::Confirmation::UnconfirmedCommand.find(code)
+
+        if command
+          call_command(command, code, response)
+        else
+          response.reply(t("invalid_code", code: code))
+        end
+      end
+
+      private
+
+      def call_command(command, code, response)
+        case command.call(response.user)
+        when :other_user_required
+          response.reply(t("other_user_required", code: code))
+        when :user_in_group_required
+          response.reply(
+            t("user_in_group_required", code: code, groups: command.groups.join(", "))
+          )
+        end
+      end
+    end
+
+    Lita.register_handler(Confirmation)
+  end
+end

data/lita-confirmation.gemspec

@@ -0,0 +1,24 @@
+Gem::Specification.new do |spec|
+  spec.name          = "lita-confirmation"
+  spec.version       = "0.0.1"
+  spec.authors       = ["Jimmy Cuadra"]
+  spec.email         = ["jimmy@jimmycuadra.com"]
+  spec.description   = %q{A Lita extension to require confirmation for commands.}
+  spec.summary       = %q{A Lita extension to require confirmation for potentially dangerous commands.}
+  spec.homepage      = "https://github.com/jimmycuadra/lita-confirmation"
+  spec.license       = "MIT"
+  spec.metadata      = { "lita_plugin_type" => "extension" }
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "lita", ">= 3.3"
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec", ">= 3.0.0.beta2"
+  spec.add_development_dependency "simplecov"
+  spec.add_development_dependency "coveralls"
+end

data/locales/en.yml

@@ -0,0 +1,13 @@
+en:
+  lita:
+    extensions:
+      confirmation:
+        request: This command requires confirmation. To confirm, send the command "confirm %{code}"
+    handlers:
+      confirmation:
+        help:
+          key: confirm CODE
+          value: Confirms a previously sent command with the confirmation code CODE.
+        invalid_code: "%{code} is not a valid confirmation code. It may have expired. Please run the original command agin."
+        other_user_required: "Confirmation %{code} must come from a different user."
+        user_in_group_required: "Confirmation %{code} must come from a user in one of the following authorization groups: %{groups}"

data/spec/lita/extensions/confirmation_spec.rb

@@ -0,0 +1,125 @@
+require "spec_helper"
+
+class Dangerous < Lita::Handler
+  route /^danger$/, :danger, command: true, confirmation: true
+  route /^danger self$/, :disallow_self, command: true, confirmation: { allow_self: false }
+  route(
+    /^danger restrict$/,
+    :require_auth_group,
+    command: true,
+    confirmation: { restrict_to: :managers }
+  )
+  route /^danger expire$/, :expire_early, command: true, confirmation: { expire_after: 0 }
+
+  def danger(response)
+    response.reply("Dangerous command executed!")
+  end
+
+  def disallow_self(response)
+    response.reply("Dangerous command confirmed by another user and executed!")
+  end
+
+  def require_auth_group(response)
+    response.reply("Dangerous command confirmed by a manager!")
+  end
+
+  def expire_early(response)
+    response.reply("Dangerous command executed within 0 seconds!")
+  end
+end
+
+describe Dangerous, lita_handler: true do
+  before do
+    allow(Lita).to receive(:handlers).and_return([described_class, Lita::Handlers::Confirmation])
+    Lita::Extensions::Confirmation::UnconfirmedCommand.reset
+  end
+
+  context "with confirmation: true" do
+    it "requires confirmation" do
+      send_command("danger")
+      expect(replies.last).to match(/send the command "confirm [a-f0-9]{6}"/)
+    end
+
+    it "invokes the original route on confirmation" do
+      send_command("danger")
+      code = replies.last.match(/([a-f0-9]{6})"$/)[1]
+      send_command("confirm #{code}")
+      expect(replies.last).to eq("Dangerous command executed!")
+    end
+
+    it "expires when confirmed" do
+      send_command("danger")
+      code = replies.last.match(/([a-f0-9]{6})"$/)[1]
+      send_command("confirm #{code}")
+      send_command("confirm #{code}")
+      expect(replies.last).to include("not a valid confirmation code")
+    end
+
+    it "responds with a message when an invalid code is provided" do
+      send_command("danger")
+      send_command("confirm 000000")
+      expect(replies.last).to include("000000 is not a valid confirmation code")
+    end
+  end
+
+  context "with allow_self: false" do
+    it "responds with a message if the user tries to confirm their own command" do
+      send_command("danger self")
+      code = replies.last.match(/([a-f0-9]{6})"$/)[1]
+      send_command("confirm #{code}")
+      expect(replies.last).to include("must come from a different user")
+    end
+
+    it "invokes the original route on confirmation by another user" do
+      send_command("danger self")
+      code = replies.last.match(/([a-f0-9]{6})"$/)[1]
+      send_command("confirm #{code}", as: Lita::User.create(123))
+      expect(replies.last).to eq("Dangerous command confirmed by another user and executed!")
+    end
+  end
+
+  context "with restrict_to: :managers" do
+    let(:manager) do
+      manager = Lita::User.create(123)
+      allow(Lita::Authorization).to receive(:user_in_group?).with(
+        manager, :managers
+      ).and_return(true)
+      manager
+    end
+
+    it "responds with a message if a user not in a required group tries to confirm a command" do
+      send_command("danger restrict")
+      code = replies.last.match(/([a-f0-9]{6})"$/)[1]
+      send_command("confirm #{code}")
+      expect(replies.last).to include(
+        "must come from a user in one of the following authorization groups: managers"
+      )
+    end
+
+    it "invokes the original route on confirmation by a manager" do
+      send_command("danger restrict")
+      code = replies.last.match(/([a-f0-9]{6})"$/)[1]
+      send_command("confirm #{code}", as: manager)
+      expect(replies.last).to include("confirmed by a manager")
+    end
+  end
+
+  context "with expire_after: 0" do
+    before { allow(Thread).to receive(:new) }
+
+    it "invokes the original route on confirmation within the expiry" do
+      send_command("danger expire")
+      code = replies.last.match(/([a-f0-9]{6})"$/)[1]
+      send_command("confirm #{code}")
+      expect(replies.last).to include("within 0 seconds")
+    end
+
+    it "responds that the code is invalid after 0 seconds" do
+      allow(Thread).to receive(:new).and_yield
+      send_command("danger expire")
+      code = replies.last.match(/([a-f0-9]{6})"$/)[1]
+      send_command("confirm #{code}")
+      expect(replies.last).to include("not a valid confirmation code")
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+require "simplecov"
+require "coveralls"
+SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
+  SimpleCov::Formatter::HTMLFormatter,
+  Coveralls::SimpleCov::Formatter
+]
+SimpleCov.start { add_filter "/spec/" }
+
+require "lita-confirmation"
+require "lita/rspec"

metadata

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: lita-confirmation
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Jimmy Cuadra
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-06-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: lita
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.3'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0.beta2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0.beta2
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A Lita extension to require confirmation for commands.
+email:
+- jimmy@jimmycuadra.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/lita-confirmation.rb
+- lib/lita/extensions/confirmation.rb
+- lib/lita/extensions/confirmation/unconfirmed_command.rb
+- lib/lita/handlers/confirmation.rb
+- lita-confirmation.gemspec
+- locales/en.yml
+- spec/lita/extensions/confirmation_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/jimmycuadra/lita-confirmation
+licenses:
+- MIT
+metadata:
+  lita_plugin_type: extension
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: A Lita extension to require confirmation for potentially dangerous commands.
+test_files:
+- spec/lita/extensions/confirmation_spec.rb
+- spec/spec_helper.rb