ls-omniauth 3.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a7db0c922e3ee7c046ebe1777f687954bd54fdba
+  data.tar.gz: 6aca405d80f430cf2f18283d6ffb2b2a7b558b99
+SHA512:
+  metadata.gz: 52a91fac3c78a0a09f84d125ba54934205f26cee85d8f766a8afa90e1d83572dffcba23c3f38814d937455acb2f72ac7bad3ab9d984bd1a7a7ea81ded6ae4720
+  data.tar.gz: 03840409523bac80984361385259b7022808166d646c0facb2b1429ec63aa16f9d29a9e70ff9be55fa70c0e0d4a9f0789e57f6d413841d93d503f12256bbf6ac

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,99 @@
+# LsOmniauth
+LsOmniauth is a Rails Engine that provides authentication via Google OAuth.
+
+You can allow all users with a livingsocial.com or hungrymachine.com email
+address to access protected parts of your app.
+
+You can also whitelist the email addresses that are authorized to access
+protected resources.
+
+## Getting Started
+_Note: There is a dummy application in `spec/dummy` where this setup is used._
+
+#### Mount the engine
+First off, we'll need to mount the engine in your `config/routes.rb`:
+```ruby
+Dummy::Application.routes.draw do
+  get 'public'  => 'public#index', as: :public_page
+  get 'private' => 'private#index', as: :private_page
+
+  mount LsOmniauth::Engine, at: "/auth", as: 'ls_omniauth' # <------ The engine will provide its functionality at /auth in your app
+  root to: 'public#index'
+end
+```
+
+#### Protect controllers
+Adding the following lines to a controller will deny access to anyone who does not
+authenticate with a LivingSocial.com or HungryMachine.com address.
+```ruby
+class SecureApplicationController < ApplicationController
+  include LsOmniauth::OmniauthHelper
+  before_filter { |c| c.require_authorization domains: ["livingsocial.com","hungrymachine.com"] }
+end
+```
+
+#### Restrict access to only specific users
+Add a `config/ls-omniauth.yml` file in your app using a format like this to define a `general_access` group.
+You can have several groups under `authorized_users`.
+Also note that the client id and secret configurations are a requirement as of version 2.0.0
+
+```yaml
+client: &client
+  client_id: 12345.apps.googleusercontent.com
+  client_secret: 12345
+development:
+  <<: *client
+  dev_mode: true
+production:
+  <<: *client
+  authorized_users:
+    general_access:
+      - dan.rabinowitz@hungrymachine.com
+      - tyler.montgomery@hungrymachine.com
+    super_secret_access:
+      - the.nsa@hungrymachine.com
+```
+
+Then, add the following lines to a controller:
+```ruby
+class SecureApplicationController < ApplicationController
+  include LsOmniauth::OmniauthHelper
+  before_filter { |c| c.require_authorization group: "general_access" }
+end
+```
+
+## Dev Mode
+
+It's recommended that for test and dev environments, you enable dev mode by setting the dev_mode key to true in ls-omniauth.yml
+
+```
+dev_mode: true
+```
+
+This will no-op the require_authorization method to prevent any live requests from being made while you're developing or testing.
+
+## Routes
+
+LsOmniauth adds a `sign_in` and `sign_out` route for you. They will work at `/auth/sign_in` and `/auth/sign_out` (if you mount your
+app at in your routes at `/auth`).
+
+These routes won't pollute your app's routes. You can access them in views or controllers almost like normal:
+```ruby
+redirect_to ls_omniauth.sign_out_url # <---- notice the ls_omniauth prepended to the url helper
+```
+
+## Redirect URL authorization
+
+In order to use this gem, you'll need an active Google Oauth client id and client secret.  Additionally, you'll need to add your application's redirect url to the list of OAuth authorized routes for that Oauth api client.  You can find and edit those lists here:
+
+* [Digital Marketing] (https://console.developers.google.com/apis/credentials/oauthclient/1041688722300.apps.googleusercontent.com?project=hungrymachine.com:arctic-app-831)
+
+
+## TODO:
+Are we recreating the wheel here? Can this all be done with already-existing gems? Devise?
+
+Is the return_uri code working? If not, can it be made to work?
+
+##License
+This project rocks and uses MIT-LICENSE.
+

data/Rakefile

@@ -0,0 +1,22 @@
+#!/usr/bin/env rake
+begin
+ require 'bundler/setup'
+rescue LoadError
+ puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+Dir[File.join(File.dirname(__FILE__), 'tasks/**/*.rake')].each {|f| load f }
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/app/controllers/ls_omniauth/omniauth_controller.rb

@@ -0,0 +1,60 @@
+module LsOmniauth
+  class OmniauthController < ActionController::Base
+    include Rails.application.routes.url_helpers
+
+    before_filter :set_return_uri
+
+    def authenticate
+      auth_response = request.env['omniauth.auth']
+      email = auth_response.info.email
+
+      LsOmniauth::AuthSessions.new(session).tap {|session|
+        session.auth.set(email)
+        origin = session.origin.getOrElse("/")
+        Rails.logger.warn "origin = #{origin}"
+        session.origin.clear
+        redirect_to origin
+      }
+    end
+
+    def new_authentication
+      LsOmniauth::AuthSessions.new(session).origin.set(params[:return_uri]) if params[:return_uri]
+      LsOmniauth::AuthSessions.new(session).auth.clear
+      url = oauth_url(params)
+      redirect_to url
+    end
+
+    def revoke_authentication
+      return_uri = return_uri(session)
+      clear_authentication_sessions(session)
+      render :text => "<div class='notification'>your have been logged out click <a href='#{ls_omniauth.sign_in_url}?return_uri=#{return_uri}' target='_self'>here</a> to log back in</div>"
+    end
+
+    private
+    def set_return_uri
+      session[:return_uri] = request.referrer if (request.referrer !~ /sign_out/)
+    end
+
+    def return_uri(session)
+      session.delete(:return_uri) || (defined?(root_url) && root_url) || '/'
+    end
+
+    def clear_authentication_sessions(session)
+      LsOmniauth::AuthSessions.new(session).tap {|s|
+        s.auth.clear
+        s.origin.clear
+      }
+    end
+
+    def oauth_url(params)
+      params = params.dup
+      provider = params.delete(:provider) || 'google_oauth2'
+      url = route_for_provider(provider)
+      params.empty? ? url : "#{url}?#{params.to_query}"
+    end
+
+    def route_for_provider(provider)
+      "/auth/#{provider}"
+    end
+  end
+end

data/app/helpers/ls_omniauth/omniauth_helper.rb

@@ -0,0 +1,72 @@
+module LsOmniauth::OmniauthHelper
+  def require_authentication
+    when_not_in_dev_mode {
+      sessions = LsOmniauth::AuthSessions.new(session)
+      if sessions.auth.get.blank?
+        sessions.origin.set("#{request.protocol}#{request.host_with_port}#{request.fullpath}")
+        redirect_to ls_omniauth.sign_in_url and return false
+      end
+      true
+    }
+  end
+
+  def require_authorization(options = {})
+    when_not_in_dev_mode {
+      return unless require_authentication
+
+      sessions = LsOmniauth::AuthSessions.new(session)
+      email = sessions.auth.get
+
+
+      options.symbolize_keys!
+      if options[:domains].respond_to? :include?
+        email_domain = email.match(/[\w]+\.com/)[0]
+        unless options[:domains].map(&:upcase).include? email_domain.upcase
+          render_access_denied and return
+        end
+      end
+
+      if options.has_key? :group
+        if !email_in_group(email, options[:group])
+          render_access_denied and return
+        end
+      end
+    }
+  end
+
+  def current_user_in_group(group)
+    email_in_group(email_for_current_user, group)
+  end
+
+  def when_not_in_dev_mode(&block)
+    if !running_in_dev_mode?
+      yield
+    end
+  end
+
+  module_function
+
+  def running_in_dev_mode?
+    LS_OMNIAUTH.config.running_in_dev_mode?
+  end
+
+  def authorized_users
+    @authorized_users ||= (LS_OMNIAUTH.config[:authorized_users] || {})
+  end
+
+  def authorized_group_users(group)
+    authorized_users[group] || []
+  end
+
+  def email_for_current_user
+    LsOmniauth::AuthSessions.new(session).auth.get
+  end
+
+  def email_in_group(email, group)
+    authorized_group_users(group).map(&:upcase).include?(email.to_s.upcase)
+  end
+
+  def render_access_denied
+    render :text => "<div class='notification error'>You are not authorized to view this resource.  Sorry!</div>", :status => 401
+  end
+end

data/app/models/ls_omniauth/abstract_session.rb

@@ -0,0 +1,17 @@
+class LsOmniauth::AbstractSession
+  attr_reader :session, :key, :value
+
+  def initialize(session, key);
+    @session  = session
+    @key      = key
+    @value    = session[key]
+  end
+
+  def set(value); @session[@key] = value end
+  def get; @session[@key] end
+  def getOrElse(v2)
+    v = get
+    v.blank? ? v2 : v
+  end
+  def clear; @session[@key] = nil end
+end

data/app/models/ls_omniauth/auth_sessions.rb

@@ -0,0 +1,10 @@
+class LsOmniauth::AuthSessions
+  AUTH_SESSION_KEY      = "ls_auth_user"
+  AUTH_REQUEST_ORIGIN   = "ls_auth_request_origin"
+
+  attr_reader :auth, :origin
+  def initialize(session)
+    @auth   = LsOmniauth::AbstractSession.new(session, AUTH_SESSION_KEY)
+    @origin = LsOmniauth::AbstractSession.new(session, AUTH_REQUEST_ORIGIN)
+  end
+end

data/app/models/ls_omniauth/config.rb

@@ -0,0 +1,10 @@
+class LsOmniauth::Config < HashWithIndifferentAccess
+
+  def running_in_dev_mode?
+    self[:dev_mode].to_s == true.to_s && !LS_OMNIAUTH.environment.production?
+  end
+
+  def valid?
+    self.slice(*[:client_id, :client_secret]).values.compact.length == 2
+  end
+end

data/config/initializers/load_lsomniauth_config.rb

@@ -0,0 +1,6 @@
+config_file = Rails.root.join("config/ls-omniauth.yml")
+
+LS_OMNIAUTH = OpenStruct.new(
+  config: LsOmniauth::Config.new(File.exists?(config_file) ? YAML.load_file(config_file)[Rails.env] : {}),
+  environment: Rails.env
+)

data/config/initializers/ls-omniauth.rb

@@ -0,0 +1,11 @@
+# -*- encoding : utf-8 -*-
+Rails.application.config.middleware.use OmniAuth::Builder do
+  config = LS_OMNIAUTH.config
+
+  if config.valid?
+    provider :google_oauth2, config[:client_id], config[:client_secret], {:access_type => 'online', :approval_prompt => 'auto'}
+  else
+    Rails.logger.error("ERROR: ls-omniauth.yml is missing or not properly configured. Please ensure that both a client id and client secret have been set.")
+  end
+end
+

data/config/routes.rb

@@ -0,0 +1,6 @@
+# Rails.application.routes.draw do
+::LsOmniauth::Engine.routes.draw do
+  get '/:provider/callback', :to => 'omniauth#authenticate'
+  get '/sign_in', :to => 'omniauth#new_authentication', as: :sign_in
+  get '/sign_out', :to => 'omniauth#revoke_authentication', as: :sign_out
+end

data/lib/ls-omniauth.rb

@@ -0,0 +1,4 @@
+require "ls-omniauth/engine"
+
+module LsOmniauth
+end

data/lib/ls-omniauth/engine.rb

@@ -0,0 +1,7 @@
+module LsOmniauth
+  class Engine < ::Rails::Engine
+    require 'omniauth'
+    require 'omniauth-google-oauth2'
+    isolate_namespace LsOmniauth
+  end
+end

data/lib/ls-omniauth/version.rb

@@ -0,0 +1,3 @@
+module LsOmniauth
+  VERSION = "3.0.3"
+end

data/spec/controllers/ls_omniauth/omniauth_controller_spec.rb

@@ -0,0 +1,56 @@
+require "spec_helper"
+
+describe LsOmniauth::OmniauthController, :type => :controller do
+  routes { LsOmniauth::Engine.routes }
+
+  describe "GET authenticate" do
+    before :each do
+      info = double
+      expect(info).to receive(:email).and_return('user@domain.com')
+
+      auth_response = double(:info => info)
+
+      controller.request.env['omniauth.auth'] = auth_response
+
+      LsOmniauth::AuthSessions.new(session).origin.set('/blah')
+    end
+
+    it "should set the email key of the session" do
+      get :authenticate, provider: :google_oauth2
+      expect(session['ls_auth_user']).to eq 'user@domain.com'
+    end
+
+    it "should redirect" do
+      get :authenticate, provider: :google_oauth2
+      expect(response).to redirect_to("/blah")
+    end
+  end
+
+  describe "GET new_authentication" do
+    before :each do
+      LsOmniauth::AuthSessions.new(session).auth.set('user@domain.com')
+    end
+
+    it "should redirect" do
+      get :new_authentication
+      expect(response).to redirect_to("/auth/google_oauth2?action=new_authentication&controller=ls_omniauth%2Fomniauth")
+    end
+
+    it "should clear the user" do
+      get :new_authentication
+      expect(session['ls_auth_user']).to eq nil
+    end
+  end
+
+  describe "GET revoke_authentication" do
+    before :each do
+      LsOmniauth::AuthSessions.new(session).auth.set('user@domain.com')
+    end
+
+    it "should clear the user" do
+      get :revoke_authentication
+      expect(session['ls_auth_user']).to eq nil
+    end
+  end
+
+end

data/spec/dummy/README.rdoc

@@ -0,0 +1,5 @@
+This is the dummy app used for testing ls-omniauth
+
+These are the two pages to test:
+* http://localhost:3004/public
+* http://localhost:3004/private

data/spec/dummy/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks