omniauth-github-organization 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8ee761593b94579587c1458522cfdfab119045d82e5eb798871870d02699fca5
+  data.tar.gz: 7194d2d81ac82dd13fb5060c57274faa90cc0fe1eab6cdca28b4f18c8d91d815
+SHA512:
+  metadata.gz: 15417059ecfd6ec0fd67ad42693f84c243d172cfb91fe4c17de53f77d7e5c1a0b9641e6e7cd5fec97b811bfed1b42b80afcd296e7dd3d835c13b0d552c0cc7da
+  data.tar.gz: 118b186fc9ef394f43f8f6ee9bf61f39dd9246c1f9e4a59e3f01930b0bfb4f3a4df6399d47689378f88ddaf04e0624e689b86098b1f8fcb01ddb7334269c282f

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+/pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.idea/

data/.rspec

@@ -0,0 +1 @@
+--colour

data/Gemfile

@@ -0,0 +1,13 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-github.gemspec
+gemspec
+
+group :development, :test do
+  gem 'guard'
+  gem 'guard-rspec'
+  gem 'guard-bundler'
+  gem 'rb-fsevent'
+  gem 'growl'
+  gem 'rake'
+end

data/Guardfile

@@ -0,0 +1,10 @@
+guard 'rspec', :version => 2 do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end
+
+guard 'bundler' do
+  watch('Gemfile')
+  watch('omniauth-github.gemspec')
+end

data/LICENSE.txt

@@ -0,0 +1,7 @@
+Copyright (c) 2018 Sequoia Capital.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,38 @@
+# OmniAuth GitHub Organization
+
+
+This is the OmniAuth strategy for authenticating to GitHub Organization. To
+use it, you'll need to sign up for an OAuth2 Application ID and Secret
+on the [GitHub Applications Page](https://github.com/settings/applications).
+
+## Basic Usage
+
+```ruby
+use OmniAuth::Builder do
+  provider :github_organization, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'], organization: ENV['GITHUB_ORGANIZATION_NAME']
+end
+```
+
+## Scopes
+
+GitHub API v3 lets you set scopes to provide granular access to different types of data: 
+
+```ruby
+use OmniAuth::Builder do
+  provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'],ENV['GITHUB_ORGANIZATION_NAME'], { organization: ENV['GITHUB_ORGANIZATION_NAME'], scope: "user,repo,gist" }
+end
+```
+
+More info on [Scopes](http://developer.github.com/v3/oauth/#scopes).
+
+## License
+
+Copyright (c) 2018 Sequoia Capital.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+> Fork by [omniauth-github](https://github.com/omniauth/omniauth-github). Copyright (c) 2011 Michael Bleigh and Intridea, Inc.

data/Rakefile

@@ -0,0 +1,8 @@
+#!/usr/bin/env rake
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new
+
+desc 'Run specs'
+task default: :spec

data/lib/omniauth-github-organization.rb

@@ -0,0 +1,2 @@
+require 'omniauth-github-organization/version'
+require 'omniauth/strategies/github_organization'

data/lib/omniauth-github-organization/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module GitHubOrganization
+    VERSION = '0.1.0'.freeze
+  end
+end

data/lib/omniauth/strategies/github_organization.rb

@@ -0,0 +1,96 @@
+require 'omniauth-oauth2'
+
+module OmniAuth
+  module Strategies
+    class GitHubOrganization < OmniAuth::Strategies::OAuth2
+      option :name, 'github_organization'
+      option :scope, 'user,read:org'
+      option :organization, 'example'
+      # rubocop:disable Style/BracesAroundHashParameters
+      option :client_options, {
+        site: 'https://api.github.com',
+        authorize_url: 'https://github.com/login/oauth/authorize',
+        token_url: 'https://github.com/login/oauth/access_token'
+      }
+
+      def request_phase
+        super
+      end
+
+      def authorize_params
+        super.tap do |params|
+          %w[scope client_options].each do |v|
+            if request.params[v]
+              params[v.to_sym] = request.params[v]
+            end
+          end
+        end
+      end
+
+      def callback_phase
+        return fail!(:user_denied, CallbackError.new(:user_denied, options['organization'])) unless organizations.include? options['organization']
+        super
+      end
+
+      def organizations
+        access_token.options[:mode] = :query
+        organizations = access_token.get('user/orgs', headers: { 'Accept' => 'application/vnd.github.v3' }).parsed
+        organizations.map { |x| x['login'] }
+      end
+
+      uid { raw_info['id'].to_s }
+
+      info do
+        {
+          'nickname' => raw_info['login'],
+          'email' => email,
+          'name' => raw_info['name'],
+          'image' => raw_info['avatar_url'],
+          'organizations' => organizations,
+          'urls' => {
+            'GitHub' => raw_info['html_url'],
+            'Blog' => raw_info['blog'],
+          },
+        }
+      end
+
+      extra do
+        { raw_info: raw_info, all_emails: emails }
+      end
+
+      def raw_info
+        access_token.options[:mode] = :query
+        @raw_info ||= access_token.get('user').parsed
+      end
+
+      def email
+        email_access_allowed? ? primary_email : raw_info['email']
+      end
+
+      def primary_email
+        primary = emails.find { |i| i['primary'] && i['verified'] }
+        primary && primary['email'] || nil
+      end
+
+      # The new /user/emails API - http://developer.github.com/v3/users/emails/#future-response
+      def emails
+        return [] unless email_access_allowed?
+        access_token.options[:mode] = :query
+        @emails ||= access_token.get('user/emails', headers: { 'Accept' => 'application/vnd.github.v3' }).parsed
+      end
+
+      def email_access_allowed?
+        return false unless options['scope']
+        email_scopes = %w[user user:email]
+        scopes = options['scope'].split(',')
+        (scopes & email_scopes).any?
+      end
+
+      def callback_url
+        full_host + script_name + callback_path
+      end
+    end
+  end
+end
+
+OmniAuth.config.add_camelization 'github_organization', 'GitHubOrganization'

data/omniauth-github-organization.gemspec

@@ -0,0 +1,24 @@
+require File.expand_path('../lib/omniauth-github-organization/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ['Boris Ding', 'Michael Bleigh']
+  gem.email         = %w[lding@sequoiacap.com michael@intridea.com]
+  gem.description   = 'This is the OmniAuth strategy for authenticating to GitHub Organization.'
+  gem.summary       = 'This is the OmniAuth strategy for authenticating to GitHub Organization.'
+  gem.homepage      = 'https://github.com/sequoia-china/omniauth-github-organization'
+  gem.license       = 'MIT'
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = 'omniauth-github-organization'
+  gem.require_paths = ['lib']
+  gem.version       = OmniAuth::GitHubOrganization::VERSION
+
+  gem.add_dependency 'omniauth', '~> 1.5'
+  gem.add_dependency 'omniauth-oauth2', '>= 1.4.0', '< 2.0'
+  gem.add_development_dependency 'rack-test'
+  gem.add_development_dependency 'rspec', '~> 3.5'
+  gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'webmock'
+end

data/spec/omniauth/strategies/github_organization_spec.rb

@@ -0,0 +1,178 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::GitHubOrganization do
+  let(:access_token) { instance_double('AccessToken', options: {}) }
+  let(:parsed_response) { instance_double('ParsedResponse') }
+  let(:response) { instance_double('Response', parsed: parsed_response) }
+
+  let(:enterprise_site)          { 'https://some.other.site.com/api/v3' }
+  let(:enterprise_authorize_url) { 'https://some.other.site.com/login/oauth/authorize' }
+  let(:enterprise_token_url)     { 'https://some.other.site.com/login/oauth/access_token' }
+  let(:enterprise) do
+    OmniAuth::Strategies::GitHubOrganization.new('GITHUB_KEY', 'GITHUB_SECRET',
+        {
+            client_options: {
+                site: enterprise_site,
+                authorize_url: enterprise_authorize_url,
+                token_url: enterprise_token_url
+            },
+            organization: 'test'
+        }
+    )
+  end
+
+  subject do
+    OmniAuth::Strategies::GitHubOrganization.new({},scope: 'read:org')
+  end
+
+  before(:each) do
+    allow(subject).to receive(:access_token).and_return(access_token)
+    allow(subject).to receive(:organizations).and_return(%w[example test])
+  end
+
+  context 'client options' do
+    it 'should have correct site' do
+      expect(subject.options.client_options.site).to eq('https://api.github.com')
+    end
+
+    it 'should have correct authorize url' do
+      expect(subject.options.client_options.authorize_url).to eq('https://github.com/login/oauth/authorize')
+    end
+
+    it 'should have correct token url' do
+      expect(subject.options.client_options.token_url).to eq('https://github.com/login/oauth/access_token')
+    end
+
+    it 'should have correct organization name' do
+      expect(subject.options.organization).to eq('example')
+    end
+
+    describe 'should be overrideable' do
+      it 'for site' do
+        expect(enterprise.options.client_options.site).to eq(enterprise_site)
+      end
+
+      it 'for authorize url' do
+        expect(enterprise.options.client_options.authorize_url).to eq(enterprise_authorize_url)
+      end
+
+      it 'for token url' do
+        expect(enterprise.options.client_options.token_url).to eq(enterprise_token_url)
+      end
+
+      it 'for organization name' do
+        expect(enterprise.options.organization).to eq('test')
+      end
+    end
+  end
+
+  context '#email_access_allowed?' do
+    it 'should not allow email if scope is nil' do
+      expect(subject.options['scope']).to eq('read:org')
+      expect(subject).to_not be_email_access_allowed
+    end
+
+    it 'should allow email if scope is user' do
+      subject.options['scope'] = 'user'
+      expect(subject).to be_email_access_allowed
+    end
+
+    it 'should allow email if scope is a bunch of stuff including user' do
+      subject.options['scope'] = 'public_repo,user,repo,delete_repo,gist'
+      expect(subject).to be_email_access_allowed
+    end
+
+    it 'should not allow email if scope does not grant email access' do
+      subject.options['scope'] = 'repo,user:follow'
+      expect(subject).to_not be_email_access_allowed
+    end
+
+    it 'should assume email access not allowed if scope is something currently not documented' do
+      subject.options['scope'] = 'currently_not_documented'
+      expect(subject).to_not be_email_access_allowed
+    end
+  end
+
+  context '#email' do
+    it 'should return email from raw_info if available' do
+      allow(subject).to receive(:raw_info).and_return({ 'email' => 'you@example.com' })
+      expect(subject.email).to eq('you@example.com')
+    end
+
+    it 'should return nil if there is no raw_info and email access is not allowed' do
+      allow(subject).to receive(:raw_info).and_return({})
+      expect(subject.email).to be_nil
+    end
+
+    it 'should not return the primary email if there is no raw_info and email access is allowed' do
+      emails = [
+        { 'email' => 'secondary@example.com', 'primary' => false },
+        { 'email' => 'primary@example.com',   'primary' => true }
+      ]
+      allow(subject).to receive(:raw_info).and_return({})
+      subject.options['scope'] = 'user'
+      allow(subject).to receive(:emails).and_return(emails)
+      expect(subject.email).to be_nil
+    end
+
+    it 'should not return the first email if there is no raw_info and email access is allowed' do
+      emails = [
+        { 'email' => 'first@example.com',   'primary' => false },
+        { 'email' => 'second@example.com',  'primary' => false }
+      ]
+      allow(subject).to receive(:raw_info).and_return({})
+      subject.options['scope'] = 'user'
+      allow(subject).to receive(:emails).and_return(emails)
+      expect(subject.email).to be_nil
+    end
+  end
+
+  context '#raw_info' do
+    it 'should use relative paths' do
+      expect(access_token).to receive(:get).with('user').and_return(response)
+      expect(subject.raw_info).to eq(parsed_response)
+    end
+  end
+
+  context '#emails' do
+    it 'should use relative paths' do
+      expect(access_token).to receive(:get).with('user/emails', headers: {
+        'Accept' => 'application/vnd.github.v3'
+      }).and_return(response)
+
+      subject.options['scope'] = 'user'
+      expect(subject.emails).to eq(parsed_response)
+    end
+  end
+
+  context '#info.email' do
+    it 'should use any available email' do
+      allow(subject).to receive(:raw_info).and_return({})
+      allow(subject).to receive(:email).and_return('you@example.com')
+      expect(subject.info['email']).to eq('you@example.com')
+    end
+  end
+
+  context '#info.urls' do
+    it 'should use html_url from raw_info' do
+      allow(subject).to receive(:raw_info).and_return({ 'login' => 'me', 'html_url' => 'http://enterprise/me' })
+      expect(subject.info['urls']['GitHub']).to eq('http://enterprise/me')
+    end
+  end
+
+  describe '#callback_url' do
+    it 'is a combination of host, script name, and callback path' do
+      allow(subject).to receive(:full_host).and_return('https://example.com')
+      allow(subject).to receive(:script_name).and_return('/sub_uri')
+
+      expect(subject.callback_url).to eq('https://example.com/sub_uri/auth/github_organization/callback')
+    end
+  end
+
+  it 'is should return error if organization not match' do
+    allow(subject).to receive(:organizations).and_return(%w[not_match])
+    expect(subject).to receive(:fail!).with(:user_denied, anything)
+    subject.callback_phase
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'simplecov'
+SimpleCov.start
+require 'rspec'
+require 'rack/test'
+require 'webmock/rspec'
+require 'omniauth'
+require 'omniauth-github-organization'
+
+RSpec.configure do |config|
+  config.include WebMock::API
+  config.include Rack::Test::Methods
+  config.extend  OmniAuth::Test::StrategyMacros, type: :strategy
+end
+

metadata

@@ -0,0 +1,151 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-github-organization
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Boris Ding
+- Michael Bleigh
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-02-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This is the OmniAuth strategy for authenticating to GitHub Organization.
+email:
+- lding@sequoiacap.com
+- michael@intridea.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/omniauth-github-organization.rb
+- lib/omniauth-github-organization/version.rb
+- lib/omniauth/strategies/github_organization.rb
+- omniauth-github-organization.gemspec
+- spec/omniauth/strategies/github_organization_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/sequoia-china/omniauth-github-organization
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: This is the OmniAuth strategy for authenticating to GitHub Organization.
+test_files:
+- spec/omniauth/strategies/github_organization_spec.rb
+- spec/spec_helper.rb