maestrano-rails-test 0.9.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +273 -0
- data/Rakefile +38 -0
- data/app/controllers/maestrano/rails/metadata_controller.rb +8 -0
- data/app/controllers/maestrano/rails/saml_base_controller.rb +40 -0
- data/app/controllers/maestrano/rails/web_hook_controller.rb +16 -0
- data/lib/generators/active_record/maestrano_group_generator.rb +38 -0
- data/lib/generators/active_record/maestrano_user_generator.rb +38 -0
- data/lib/generators/active_record/templates/migration.rb +13 -0
- data/lib/generators/maestrano/USAGE +2 -0
- data/lib/generators/maestrano/group_generator.rb +11 -0
- data/lib/generators/maestrano/install_generator.rb +31 -0
- data/lib/generators/maestrano/orm_helpers.rb +75 -0
- data/lib/generators/maestrano/templates/group_users_controller.rb +26 -0
- data/lib/generators/maestrano/templates/groups_controller.rb +36 -0
- data/lib/generators/maestrano/templates/maestrano.rb +126 -0
- data/lib/generators/maestrano/templates/saml_controller.rb +52 -0
- data/lib/generators/maestrano/user_generator.rb +11 -0
- data/lib/generators/mongoid/maestrano_group_generator.rb +26 -0
- data/lib/generators/mongoid/maestrano_user_generator.rb +26 -0
- data/lib/maestrano-rails.rb +1 -0
- data/lib/maestrano/rails.rb +11 -0
- data/lib/maestrano/rails/controllers/maestrano_security.rb +32 -0
- data/lib/maestrano/rails/models/maestrano_auth_resource.rb +116 -0
- data/lib/maestrano/rails/routing/routes.rb +28 -0
- data/lib/maestrano/rails/version.rb +5 -0
- data/test/controllers/generic_controller_test.rb +56 -0
- data/test/controllers/group_users_controller_test.rb +23 -0
- data/test/controllers/groups_controller_test.rb +24 -0
- data/test/controllers/metadata_controller_test.rb +25 -0
- data/test/controllers/saml_controller_test.rb +123 -0
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +44 -0
- data/test/dummy/log/test.log +6611 -0
- data/test/dummy_activerecord/README.rdoc +261 -0
- data/test/dummy_activerecord/Rakefile +7 -0
- data/test/dummy_activerecord/app/assets/javascripts/application.js +15 -0
- data/test/dummy_activerecord/app/assets/javascripts/pages.js +2 -0
- data/test/dummy_activerecord/app/assets/stylesheets/application.css +13 -0
- data/test/dummy_activerecord/app/assets/stylesheets/pages.css +4 -0
- data/test/dummy_activerecord/app/controllers/application_controller.rb +3 -0
- data/test/dummy_activerecord/app/controllers/maestrano/account/group_users_controller.rb +27 -0
- data/test/dummy_activerecord/app/controllers/maestrano/account/groups_controller.rb +37 -0
- data/test/dummy_activerecord/app/controllers/maestrano/auth/saml_controller.rb +14 -0
- data/test/dummy_activerecord/app/controllers/pages_controller.rb +4 -0
- data/test/dummy_activerecord/app/helpers/application_helper.rb +2 -0
- data/test/dummy_activerecord/app/helpers/pages_helper.rb +2 -0
- data/test/dummy_activerecord/app/models/admin.rb +5 -0
- data/test/dummy_activerecord/app/models/admin/monster.rb +2 -0
- data/test/dummy_activerecord/app/models/mno_crew.rb +7 -0
- data/test/dummy_activerecord/app/models/mno_monster.rb +9 -0
- data/test/dummy_activerecord/app/models/monster.rb +2 -0
- data/test/dummy_activerecord/app/views/layouts/application.html.erb +14 -0
- data/test/dummy_activerecord/app/views/pages/home.html.erb +2 -0
- data/test/dummy_activerecord/config.ru +4 -0
- data/test/dummy_activerecord/config/application.rb +56 -0
- data/test/dummy_activerecord/config/boot.rb +10 -0
- data/test/dummy_activerecord/config/database.yml +25 -0
- data/test/dummy_activerecord/config/environment.rb +5 -0
- data/test/dummy_activerecord/config/environments/development.rb +37 -0
- data/test/dummy_activerecord/config/environments/production.rb +67 -0
- data/test/dummy_activerecord/config/environments/test.rb +37 -0
- data/test/dummy_activerecord/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy_activerecord/config/initializers/inflections.rb +15 -0
- data/test/dummy_activerecord/config/initializers/maestrano.rb +85 -0
- data/test/dummy_activerecord/config/initializers/mime_types.rb +5 -0
- data/test/dummy_activerecord/config/initializers/secret_token.rb +7 -0
- data/test/dummy_activerecord/config/initializers/session_store.rb +8 -0
- data/test/dummy_activerecord/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy_activerecord/config/locales/en.yml +5 -0
- data/test/dummy_activerecord/config/routes.rb +63 -0
- data/test/dummy_activerecord/db/development.sqlite3 +0 -0
- data/test/dummy_activerecord/db/migrate/20140526125222_create_monsters.rb +8 -0
- data/test/dummy_activerecord/db/migrate/20140526125242_create_admin_monsters.rb +8 -0
- data/test/dummy_activerecord/db/migrate/20140526144828_create_mno_monsters.rb +13 -0
- data/test/dummy_activerecord/db/migrate/20140526151139_create_mno_crews.rb +11 -0
- data/test/dummy_activerecord/db/schema.rb +44 -0
- data/test/dummy_activerecord/db/test.sqlite3 +0 -0
- data/test/dummy_activerecord/log/development.log +76 -0
- data/test/dummy_activerecord/log/test.log +326 -0
- data/test/dummy_activerecord/public/404.html +26 -0
- data/test/dummy_activerecord/public/422.html +26 -0
- data/test/dummy_activerecord/public/500.html +25 -0
- data/test/dummy_activerecord/public/favicon.ico +0 -0
- data/test/dummy_activerecord/script/rails +6 -0
- data/test/dummy_mongoid/README.rdoc +261 -0
- data/test/dummy_mongoid/Rakefile +7 -0
- data/test/dummy_mongoid/app/assets/javascripts/application.js +15 -0
- data/test/dummy_mongoid/app/assets/javascripts/pages.js +2 -0
- data/test/dummy_mongoid/app/assets/stylesheets/application.css +13 -0
- data/test/dummy_mongoid/app/assets/stylesheets/pages.css +4 -0
- data/test/dummy_mongoid/app/controllers/application_controller.rb +3 -0
- data/test/dummy_mongoid/app/controllers/maestrano/account/group_users_controller.rb +27 -0
- data/test/dummy_mongoid/app/controllers/maestrano/account/groups_controller.rb +37 -0
- data/test/dummy_mongoid/app/controllers/maestrano/auth/saml_controller.rb +14 -0
- data/test/dummy_mongoid/app/controllers/pages_controller.rb +4 -0
- data/test/dummy_mongoid/app/helpers/application_helper.rb +2 -0
- data/test/dummy_mongoid/app/helpers/pages_helper.rb +2 -0
- data/test/dummy_mongoid/app/models/mno_crew.rb +11 -0
- data/test/dummy_mongoid/app/models/mno_monster.rb +14 -0
- data/test/dummy_mongoid/app/models/monster.rb +3 -0
- data/test/dummy_mongoid/app/views/layouts/application.html.erb +14 -0
- data/test/dummy_mongoid/app/views/pages/home.html.erb +2 -0
- data/test/dummy_mongoid/config.ru +4 -0
- data/test/dummy_mongoid/config/application.rb +59 -0
- data/test/dummy_mongoid/config/boot.rb +10 -0
- data/test/dummy_mongoid/config/environment.rb +5 -0
- data/test/dummy_mongoid/config/environments/development.rb +37 -0
- data/test/dummy_mongoid/config/environments/production.rb +67 -0
- data/test/dummy_mongoid/config/environments/test.rb +37 -0
- data/test/dummy_mongoid/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy_mongoid/config/initializers/inflections.rb +15 -0
- data/test/dummy_mongoid/config/initializers/maestrano.rb +85 -0
- data/test/dummy_mongoid/config/initializers/mime_types.rb +5 -0
- data/test/dummy_mongoid/config/initializers/secret_token.rb +7 -0
- data/test/dummy_mongoid/config/initializers/session_store.rb +8 -0
- data/test/dummy_mongoid/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy_mongoid/config/locales/en.yml +5 -0
- data/test/dummy_mongoid/config/mongoid.yml +80 -0
- data/test/dummy_mongoid/config/routes.rb +63 -0
- data/test/dummy_mongoid/db/migrate/20140526125222_create_monsters.rb +8 -0
- data/test/dummy_mongoid/db/migrate/20140526125242_create_admin_monsters.rb +8 -0
- data/test/dummy_mongoid/db/migrate/20140526144828_create_mno_monsters.rb +13 -0
- data/test/dummy_mongoid/db/migrate/20140526151139_create_mno_crews.rb +11 -0
- data/test/dummy_mongoid/db/schema.rb +44 -0
- data/test/dummy_mongoid/public/404.html +26 -0
- data/test/dummy_mongoid/public/422.html +26 -0
- data/test/dummy_mongoid/public/500.html +25 -0
- data/test/dummy_mongoid/public/favicon.ico +0 -0
- data/test/dummy_mongoid/script/rails +6 -0
- data/test/generators/group/active_record_generator_test.rb +79 -0
- data/test/generators/group/mongoid_generator_test.rb +76 -0
- data/test/generators/group_generator_test.rb +39 -0
- data/test/generators/install_generator_test.rb +45 -0
- data/test/generators/user/active_record_generator_test.rb +79 -0
- data/test/generators/user/mongoid_generator_test.rb +76 -0
- data/test/generators/user_generator_test.rb +39 -0
- data/test/maestrano-rails_test.rb +7 -0
- data/test/models/maestrano_group_via_test.rb +66 -0
- data/test/models/maestrano_user_via_test.rb +70 -0
- data/test/test_files/config/routes.rb +58 -0
- data/test/test_helper.rb +42 -0
- data/test/tmp/app/models/monster.rb +20 -0
- metadata +418 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: e95e42057dd205b88f756314ca4d4e59303a2593
|
4
|
+
data.tar.gz: fe43d9ba22c558b262fb20da82c7646e84933d78
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 79218db5cdf79c58d2c2c25830cbcafb32fe292d787f3ddf9c11ff9727ea4ac8e3095410be3a749461b84d8cc03f36eda9bf1db17da5df9ab2be1049437f07f7
|
7
|
+
data.tar.gz: fffccc41a5ef3db6826152e65476ad8667f7b28340a70237fb575035aef80ace45106c5596583d61a11d3ee5ce08fbe7f62e59b413251aee425c28855532275c
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2014 Maestrano
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,273 @@
|
|
1
|
+
<p align="center">
|
2
|
+
<img src="https://raw.github.com/maestrano/maestrano-rails/master/maestrano.png" alt="Maestrano Logo">
|
3
|
+
</p>
|
4
|
+
|
5
|
+
Maestrano Cloud Integration is currently in closed beta. Want to know more? Send us an email to <contact@maestrano.com>.
|
6
|
+
|
7
|
+
|
8
|
+
- - -
|
9
|
+
|
10
|
+
1. [Getting Setup](#getting-setup)
|
11
|
+
2. [Getting Started](#getting-started)
|
12
|
+
* [User Model](#user-model)
|
13
|
+
* [Group Model](#group-model)
|
14
|
+
* [Controller Setup](#controller-setup)
|
15
|
+
3. [Account Webhooks](#account-webhooks)
|
16
|
+
* [Groups Controller](#groups-controller-service-cancellation)
|
17
|
+
* [Group Users Controller](#group-users-controller-business-member-removal)
|
18
|
+
4. [API](https://github.com/maestrano/maestrano-ruby#api)
|
19
|
+
* [Bill](https://github.com/maestrano/maestrano-ruby#bill)
|
20
|
+
* [Recurring Bill](https://github.com/maestrano/maestrano-ruby#recurring-bill)
|
21
|
+
|
22
|
+
- - -
|
23
|
+
|
24
|
+
|
25
|
+
## Getting Setup
|
26
|
+
Before integrating with us you will need an App ID and API Key. Maestrano Cloud Integration being still in closed beta you will need to contact us beforehand to gain production access.
|
27
|
+
|
28
|
+
For testing purpose we provide an API Sandbox where you can freely obtain an App ID and API Key. The sandbox is great to test single sign-on and API integration (e.g: billing API).
|
29
|
+
|
30
|
+
To get started just go to: http://api-sandbox.maestrano.io
|
31
|
+
|
32
|
+
## Getting Started
|
33
|
+
|
34
|
+
maestrano-rails works with Rails 3.2 onwards. You can add it to your Gemfile with:
|
35
|
+
|
36
|
+
```ruby
|
37
|
+
gem 'maestrano-rails'
|
38
|
+
```
|
39
|
+
|
40
|
+
Run bundle to install the gem as well as the [maestrano ruby bindings](https://github.com/maestrano/maestrano-ruby) (dependency)
|
41
|
+
|
42
|
+
```console
|
43
|
+
bundle
|
44
|
+
```
|
45
|
+
|
46
|
+
After you install Maestrano and add it to your Gemfile, you need to run the generator:
|
47
|
+
|
48
|
+
```console
|
49
|
+
rails generate maestrano:install
|
50
|
+
```
|
51
|
+
|
52
|
+
The generator will install an initializer which describes ALL Maestrano's configuration options. You will need to take a look at it as this is where you set your API key. This configuration will also be used to automatically generate a '/maestrano/metadata' endpoint in your application that Maestrano will fetch automatically at regular intervals (or by hitting 'refresh metadata' in your cloud partner dashboard on maestrano.com).
|
53
|
+
|
54
|
+
The generator also generates a SamlController for single sign-on that you will need to customize (see below) as well as the required routes.
|
55
|
+
|
56
|
+
When you are done, you can start maestrano-izing your user and group model using the generators.
|
57
|
+
|
58
|
+
### User model
|
59
|
+
Assuming your user model is called 'User' you can run the following generator to prepare this model for single sign-on:
|
60
|
+
|
61
|
+
```console
|
62
|
+
rails generate maestrano:user User
|
63
|
+
```
|
64
|
+
|
65
|
+
This generator will create a migration adding a :provider and :uid field to your user model. If you are already using multi-auth strategies (using [omniauth](https://github.com/intridea/omniauth) for example) then you can just ignore and delete this migration.
|
66
|
+
|
67
|
+
Run the migration with:
|
68
|
+
```console
|
69
|
+
bundle exec rake db:migrate
|
70
|
+
```
|
71
|
+
|
72
|
+
This generator also adds a configuration block to your user model which looks like this:
|
73
|
+
```ruby
|
74
|
+
class User < ActiveRecord::Base
|
75
|
+
# Enable Maestrano for this user
|
76
|
+
maestrano_user_via :provider, :uid do |user,maestrano|
|
77
|
+
user.name = maestrano.first_name
|
78
|
+
user.surname = maestrano.last_name
|
79
|
+
user.email = maestrano.email
|
80
|
+
#user.company = maestrano.company_name
|
81
|
+
#user.country_alpha2 = maestrano.country
|
82
|
+
#user.some_required_field = 'some-appropriate-default-value'
|
83
|
+
end
|
84
|
+
|
85
|
+
...
|
86
|
+
|
87
|
+
end
|
88
|
+
```
|
89
|
+
|
90
|
+
This block is used to create a mapping between your user model fields and the attributes provided by Maestrano during the single sign-on handshake.
|
91
|
+
|
92
|
+
### Group model
|
93
|
+
Because Maestrano works with businesses it expects your service to be able to manage groups of users. A group represents 1) a billing entity 2) a collaboration group. During the first single sign-on handshake both a user and a group should be created. Additional users logging in via the same group should then be added to this existing group (see controller setup below)
|
94
|
+
|
95
|
+
Assuming your group model is called 'Organization' you can run the following generator to prepare this model for single sign-on:
|
96
|
+
|
97
|
+
```console
|
98
|
+
rails generate maestrano:group Organization
|
99
|
+
```
|
100
|
+
|
101
|
+
This generator will create a migration adding a :provider and :uid field to your group model.
|
102
|
+
|
103
|
+
Run the migration with:
|
104
|
+
```console
|
105
|
+
bundle exec rake db:migrate
|
106
|
+
```
|
107
|
+
|
108
|
+
This generator also adds a configuration block to your group model which looks like this:
|
109
|
+
|
110
|
+
```ruby
|
111
|
+
class Organization < ActiveRecord::Base
|
112
|
+
maestrano_group_via :provider, :uid do |group,maestrano|
|
113
|
+
group.name = maestrano.company_name || "Your Group"
|
114
|
+
end
|
115
|
+
|
116
|
+
...
|
117
|
+
|
118
|
+
end
|
119
|
+
```
|
120
|
+
|
121
|
+
### Controller setup
|
122
|
+
The last step of integrating single sign-on with Maestrano is to customize the consume action of the SamlController. This action represents the last step of single sign-on handshake and should handle user finding/creation, group finding/creation, user-group relationship and finally user sign in.
|
123
|
+
|
124
|
+
The controller is located here: app/controllers/maestrano/auth/saml_controller.rb
|
125
|
+
|
126
|
+
The sample belows shows one possible way of writing this controller action:
|
127
|
+
|
128
|
+
```ruby
|
129
|
+
class Maestrano::Auth::SamlController < Maestrano::Rails::SamlBaseController
|
130
|
+
|
131
|
+
#== POST '/maestrano/auth/saml/consume'
|
132
|
+
# -
|
133
|
+
# Assuming you have enabled maestrano on a user model
|
134
|
+
# called 'User' and a group model called 'Organization'
|
135
|
+
# the action could be written the following way
|
136
|
+
def consume
|
137
|
+
# 1)Find or create the user and the group
|
138
|
+
# --
|
139
|
+
# The class method 'find_or_create_for_maestrano' is provided
|
140
|
+
# by the maestrano-rails gem on the model you have maestrano-ized.
|
141
|
+
# The method uses the mapping defined in the model 'maestrano_*_via'
|
142
|
+
# block to create the resource if it does not exist
|
143
|
+
# The 'user_auth_hash' and 'group_auth_hash' methods are provided
|
144
|
+
# by the controller.
|
145
|
+
# --
|
146
|
+
user = User.find_or_create_for_maestrano(user_auth_hash)
|
147
|
+
organization = Organization.find_or_create_for_maestrano(group_auth_hash)
|
148
|
+
|
149
|
+
|
150
|
+
# 2) Add the user to the group if not already a member
|
151
|
+
# --
|
152
|
+
# The 'user_group_rel_hash' method is provided by the controller.
|
153
|
+
# The role attribute provided by maestrano is one of the following:
|
154
|
+
# 'Member', 'Power User', 'Admin', 'Super Admin'
|
155
|
+
# The 'member_of?' and 'add_member' methods are not provided by
|
156
|
+
# maestrano and are left to you to implement on your models
|
157
|
+
# --
|
158
|
+
unless user.member_of?(organization)
|
159
|
+
organization.add_member(user,role: user_group_rel_hash[:role])
|
160
|
+
end
|
161
|
+
|
162
|
+
|
163
|
+
# Sign the user in and redirect to application root
|
164
|
+
# --
|
165
|
+
# The 'sign_in' method is not provided by maestrano but should already
|
166
|
+
# be there if you are using an authentication framework like Devise
|
167
|
+
# --
|
168
|
+
sign_in(user)
|
169
|
+
redirect_to root_path
|
170
|
+
end
|
171
|
+
end
|
172
|
+
```
|
173
|
+
|
174
|
+
## Account Webhooks
|
175
|
+
Single sign on has been setup into your app and Maestrano users are now able to use your service. Great! Wait what happens when a business (group) decides to stop using your service? Also what happens when a user gets removed from a business? Well the controllers generated under RAILS_ROOT/app/controllers/maestrano/account/ are typically for Maestrano to be able to notify you of such events.
|
176
|
+
|
177
|
+
### Groups Controller (service cancellation)
|
178
|
+
Sad as it is a business might decide to stop using your service at some point. On Maestrano billing entities are represented by groups (used for collaboration & billing). So when a business decides to stop using your service we will issue a DELETE request to the webhook.account.groups_path endpoint (typically /maestrano/account/groups/:id).
|
179
|
+
|
180
|
+
Maestrano only uses this controller for service cancellation so there is no need to implement any other type of action - ie: GET, PUT/PATCH or POST. The use of other http verbs might come in the future to improve the communication between Maestrano and your service but as of now it is not required.
|
181
|
+
|
182
|
+
Below is an example of what your groups destroy action might look like:
|
183
|
+
```ruby
|
184
|
+
class Maestrano::Account::GroupsController < Maestrano::Rails::WebHookController
|
185
|
+
|
186
|
+
# DELETE /maestrano/account/groups/cld-1
|
187
|
+
# Delete an entire group
|
188
|
+
def destroy
|
189
|
+
group_uid = params[:id]
|
190
|
+
|
191
|
+
# Perform deletion steps here
|
192
|
+
# --
|
193
|
+
# If you need to perform a final checkout
|
194
|
+
# then you can call Maestrano::Account::Bill.create({.. final checkout details ..})
|
195
|
+
# --
|
196
|
+
# If Maestrano.param('sso.creation_mode') is set to virtual
|
197
|
+
# then you might want to delete/cancel/block all users under
|
198
|
+
# that group
|
199
|
+
# --
|
200
|
+
# E.g:
|
201
|
+
organization = Organization.find_by_provider_and_uid('maestrano',group_uid)
|
202
|
+
|
203
|
+
amount_cents = organization.calculate_total_due_remaining
|
204
|
+
Maestrano::Account::Bill.create({
|
205
|
+
group_id: group_uid,
|
206
|
+
price_cents: amount_cents,
|
207
|
+
description: "Final Payout"
|
208
|
+
})
|
209
|
+
|
210
|
+
if Maestrano.param('sso.creation_mode') == 'virtual'
|
211
|
+
organization.members.where(provider:'maestrano').each do |user|
|
212
|
+
user.destroy
|
213
|
+
end
|
214
|
+
|
215
|
+
organization.destroy
|
216
|
+
render json: {success: true}
|
217
|
+
end
|
218
|
+
end
|
219
|
+
```
|
220
|
+
|
221
|
+
### Group Users Controller (business member removal)
|
222
|
+
A business might decide at some point to revoke access to your services for one of its member. In such case we will issue a DELETE request to the webhook.account.group_users_path endpoint (typically /maestrano/account/groups/:group_id/users/:id).
|
223
|
+
|
224
|
+
Maestrano only uses this controller for user membership cancellation so there is no need to implement any other type of action - ie: GET, PUT/PATCH or POST. The use of other http verbs might come in the future to improve the communication between Maestrano and your service but as of now it is not required.
|
225
|
+
|
226
|
+
|
227
|
+
Below is an example of what your group users destroy action might look like:
|
228
|
+
```ruby
|
229
|
+
class Maestrano::Account::GroupUsersController < Maestrano::Rails::WebHookController
|
230
|
+
|
231
|
+
# DELETE /maestrano/account/groups/cld-1/users/usr-1
|
232
|
+
# Remove a user from a group
|
233
|
+
def destroy
|
234
|
+
# Set the right uid based on Maestrano.param('sso.creation_mode')
|
235
|
+
user_uid = Maestrano.mask_user(params[:id],params[:group_id])
|
236
|
+
group_uid = params[:group_id]
|
237
|
+
|
238
|
+
# Perform association deletion steps here
|
239
|
+
# --
|
240
|
+
# If Maestrano.param('sso.creation_mode') is set to virtual
|
241
|
+
# then you might want to just delete/cancel/block the user
|
242
|
+
#
|
243
|
+
# E.g
|
244
|
+
user = User.find_by_provider_and_uid('maestrano',user_uid)
|
245
|
+
organization = Organization.find_by_provider_and_uid('maestrano',group_uid)
|
246
|
+
|
247
|
+
if Maestrano.param('sso.creation_mode') == 'virtual'
|
248
|
+
user.destroy
|
249
|
+
else
|
250
|
+
organization.remove_user(user)
|
251
|
+
user.block_access! if user.reload.organizations.empty?
|
252
|
+
end
|
253
|
+
|
254
|
+
render json: {success: true}
|
255
|
+
end
|
256
|
+
end
|
257
|
+
```
|
258
|
+
|
259
|
+
## API
|
260
|
+
The maestrano-rails gem also provides bindings to its REST API allowing you to access, create, update or delete various entities under your account (e.g: billing).
|
261
|
+
|
262
|
+
Your can read the API documentation directly on the [maestrano gem project page](https://github.com/maestrano/maestrano-ruby#api).
|
263
|
+
|
264
|
+
## Support
|
265
|
+
This README is still in the process of being written and improved. As such it might not cover some of the questions you might have.
|
266
|
+
|
267
|
+
So if you have any question or need help integrating with us just let us know at support@maestrano.com
|
268
|
+
|
269
|
+
## License
|
270
|
+
|
271
|
+
MIT License. Copyright 2014 Maestrano Pty Ltd. https://maestrano.com
|
272
|
+
|
273
|
+
You are not granted rights or licenses to the trademarks of Maestrano.
|
data/Rakefile
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
begin
|
3
|
+
require 'bundler/setup'
|
4
|
+
rescue LoadError
|
5
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
6
|
+
end
|
7
|
+
begin
|
8
|
+
require 'rdoc/task'
|
9
|
+
rescue LoadError
|
10
|
+
require 'rdoc/rdoc'
|
11
|
+
require 'rake/rdoctask'
|
12
|
+
RDoc::Task = Rake::RDocTask
|
13
|
+
end
|
14
|
+
|
15
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
16
|
+
rdoc.rdoc_dir = 'rdoc'
|
17
|
+
rdoc.title = 'Maestrano-rails'
|
18
|
+
rdoc.options << '--line-numbers'
|
19
|
+
rdoc.rdoc_files.include('README.rdoc')
|
20
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
21
|
+
end
|
22
|
+
|
23
|
+
|
24
|
+
|
25
|
+
|
26
|
+
Bundler::GemHelper.install_tasks
|
27
|
+
|
28
|
+
require 'rake/testtask'
|
29
|
+
|
30
|
+
Rake::TestTask.new(:test) do |t|
|
31
|
+
t.libs << 'lib'
|
32
|
+
t.libs << 'test'
|
33
|
+
t.pattern = 'test/**/*_test.rb'
|
34
|
+
t.verbose = false
|
35
|
+
end
|
36
|
+
|
37
|
+
|
38
|
+
task :default => :test
|
@@ -0,0 +1,40 @@
|
|
1
|
+
class Maestrano::Rails::SamlBaseController < ApplicationController
|
2
|
+
attr_reader :saml_response, :user_auth_hash, :group_auth_hash, :user_group_rel_hash
|
3
|
+
protect_from_forgery :except => [:consume]
|
4
|
+
around_filter :saml_response_transaction, only: [:consume]
|
5
|
+
|
6
|
+
# Initialize the SAML request and redirects the
|
7
|
+
# user to Maestrano
|
8
|
+
def init
|
9
|
+
redirect_to Maestrano::Saml::Request.new(params,session).redirect_url
|
10
|
+
end
|
11
|
+
|
12
|
+
#===================================
|
13
|
+
# Helper methods
|
14
|
+
#===================================
|
15
|
+
def saml_response_transaction
|
16
|
+
begin
|
17
|
+
process_saml_response
|
18
|
+
yield
|
19
|
+
Maestrano::SSO.set_session(session,@user_auth_hash)
|
20
|
+
rescue Exception => e
|
21
|
+
if Rails.env.development?
|
22
|
+
raise
|
23
|
+
else
|
24
|
+
logger.error e
|
25
|
+
redirect_to "#{Maestrano::SSO.unauthorized_url}?err=internal"
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def process_saml_response
|
31
|
+
if params[:SAMLResponse]
|
32
|
+
@saml_response = Maestrano::Saml::Response.new(params[:SAMLResponse])
|
33
|
+
if @saml_response.validate!
|
34
|
+
@user_auth_hash = Maestrano::SSO::BaseUser.new(@saml_response).to_hash
|
35
|
+
@group_auth_hash = Maestrano::SSO::BaseGroup.new(@saml_response).to_hash
|
36
|
+
@user_group_rel_hash = Maestrano::SSO::BaseMembership.new(@saml_response).to_hash
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
class Maestrano::Rails::WebHookController < ApplicationController
|
2
|
+
skip_before_filter :verify_authenticity_token
|
3
|
+
before_filter :authenticate_maestrano!
|
4
|
+
|
5
|
+
private
|
6
|
+
def authenticate_maestrano!
|
7
|
+
authorized = false
|
8
|
+
authenticate_with_http_basic do |app_id, api_token|
|
9
|
+
authorized = Maestrano.authenticate(app_id,api_token)
|
10
|
+
end
|
11
|
+
unless authorized
|
12
|
+
render json: {error: 'Invalid credentials' }, status: :unauthorized
|
13
|
+
end
|
14
|
+
return true
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'rails/generators/active_record'
|
2
|
+
require 'generators/maestrano/orm_helpers'
|
3
|
+
|
4
|
+
module ActiveRecord
|
5
|
+
module Generators
|
6
|
+
class MaestranoGroupGenerator < ActiveRecord::Generators::Base
|
7
|
+
include Maestrano::Generators::OrmHelpers
|
8
|
+
source_root File.expand_path("../templates", __FILE__)
|
9
|
+
|
10
|
+
def copy_maestrano_migration
|
11
|
+
migration_template "migration.rb", "db/migrate/add_maestrano_to_#{table_name}.rb"
|
12
|
+
end
|
13
|
+
|
14
|
+
def inject_maestrano_content
|
15
|
+
content = model_contents
|
16
|
+
|
17
|
+
class_path = if namespaced?
|
18
|
+
class_name.to_s.split("::")
|
19
|
+
else
|
20
|
+
[class_name]
|
21
|
+
end
|
22
|
+
|
23
|
+
indent_depth = class_path.size - 1
|
24
|
+
content = content.split("\n").map { |line| " " * indent_depth + line } .join("\n") << "\n"
|
25
|
+
|
26
|
+
inject_into_class(model_path, class_path.last, content) if model_exists?
|
27
|
+
end
|
28
|
+
|
29
|
+
def migration_data
|
30
|
+
<<RUBY
|
31
|
+
## User source identification fields
|
32
|
+
t.string :provider
|
33
|
+
t.string :uid
|
34
|
+
RUBY
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|