omniauth-github-team-member 1.0.0 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +20 -0
- data/README.md +44 -20
- data/lib/omniauth-github-team-member/version.rb +1 -1
- data/lib/omniauth/strategies/github_team_member.rb +19 -6
- data/omniauth-github-team-member.gemspec +2 -2
- metadata +22 -32
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 2ac1491bf37b9186f206e2fe303e55090a1835f981dfe93519db775c38d21ad2
|
|
4
|
+
data.tar.gz: 41d42aa061dff7acee04796abf49425ad3b6dd4245e513c4a02a57b6f9b3f10a
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: e4b226fa970d2d5a63ebf4e764021b10b049081bdcb63f2f9cea347fba279451f2236c9d472363509e41458ca06b22ec246ce56c139bffa43fc2131fd97d1474
|
|
7
|
+
data.tar.gz: f51c34abc78c5434471d684d67a281ca4c2513e4916af5b1b4a7e59caa6d016d60c7d5a5094e8ee0c5f23d5d9448d986b418b2dd251ef975b8fc1448f10d880c
|
data/LICENSE
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
Copyright (c) 2013 Jonathan Hoyt
|
|
2
|
+
|
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
|
4
|
+
a copy of this software and associated documentation files (the
|
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
|
9
|
+
the following conditions:
|
|
10
|
+
|
|
11
|
+
The above copyright notice and this permission notice shall be
|
|
12
|
+
included in all copies or substantial portions of the Software.
|
|
13
|
+
|
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
# OmniAuth
|
|
1
|
+
# OmniAuth GitHub Team Auth
|
|
2
2
|
|
|
3
|
-
This is
|
|
4
|
-
|
|
5
|
-
on the [GitHub Applications Page](https://github.com/settings/applications).
|
|
3
|
+
This is an OmniAuth strategy for authenticating to GitHub and ensuring the user belongs to a specific team. This strategy is useful for building web apps that should only be administered by specific teams. I adapted this from an internal gem at GitHub.
|
|
4
|
+
|
|
5
|
+
To use it, you'll need to sign up for an OAuth2 Application ID and Secret on the [GitHub Applications Page](https://github.com/settings/applications).
|
|
6
6
|
|
|
7
7
|
## Installing
|
|
8
8
|
|
|
@@ -12,23 +12,31 @@ Add the gem to your Gemfile and bundle.
|
|
|
12
12
|
gem "omniauth-github-team-member"
|
|
13
13
|
```
|
|
14
14
|
|
|
15
|
-
|
|
15
|
+
I like to store the GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET in my environment, but you don't have to if you have a preferred place to put keys and secrets. For local development I recommend the [dotenv](https://github.com/bkeepers/dotenv) gem for setting environment variables.
|
|
16
16
|
|
|
17
17
|
## Basic Usage
|
|
18
18
|
|
|
19
|
+
In the examples below, `42634` is the id of the team we are checking against. You can find the id of a team via the GitHub API, either by [listing all teams for the parent org](https://developer.github.com/v3/orgs/teams/#list-teams) or [finding all of the team memberships for a user who is on the team you are looking for](https://developer.github.com/v3/orgs/teams/#get-team-membership).
|
|
20
|
+
|
|
19
21
|
Usage in Rails:
|
|
20
22
|
|
|
21
23
|
```ruby
|
|
24
|
+
# config/initializers/github_omniauth.rb
|
|
25
|
+
|
|
22
26
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
|
23
|
-
provider :
|
|
27
|
+
provider :githubteammember,
|
|
28
|
+
ENV['GITHUB_CLIENT_ID'],
|
|
29
|
+
ENV['GITHUB_CLIENT_SECRET'],
|
|
30
|
+
scope: 'read:org',
|
|
31
|
+
teams: {
|
|
32
|
+
"mentors_team_member?" => 426344
|
|
33
|
+
}
|
|
24
34
|
end
|
|
25
35
|
```
|
|
26
36
|
|
|
27
|
-
During the callback phase, you can check to see if the authed user is
|
|
28
|
-
by checking the returned credentials object `request.env['omniauth.auth'].credentials.team_member?`.
|
|
37
|
+
During the callback phase, you can check to see if the authed user is on the mentors team or not by checking the returned credentials object `request.env['omniauth.auth'].credentials.mentors_team_member?`.
|
|
29
38
|
|
|
30
|
-
An example of how to integrate this strategy with OmniAuth is below. Do note that these
|
|
31
|
-
examples are just guidelines, you will most likely need to change each example to match your application's needs.
|
|
39
|
+
An example of how to integrate this strategy with OmniAuth is below. Do note that these examples are just guidelines, you will most likely need to change each example to match your application's needs.
|
|
32
40
|
|
|
33
41
|
```ruby
|
|
34
42
|
class SessionsController
|
|
@@ -50,7 +58,7 @@ class User < ActiveRecord::Base
|
|
|
50
58
|
# Prevents past team members from logging into existing accounts they
|
|
51
59
|
# created when they were previously a team member. Also ensures
|
|
52
60
|
# new accounts can't be created unless they are a team member.
|
|
53
|
-
return false unless access_token.credentials.
|
|
61
|
+
return false unless access_token.credentials.mentors_team_member?
|
|
54
62
|
|
|
55
63
|
info = access_token.info
|
|
56
64
|
github_id = access_token.uid
|
|
@@ -72,19 +80,35 @@ Usage in Sinatra:
|
|
|
72
80
|
|
|
73
81
|
```ruby
|
|
74
82
|
use OmniAuth::Builder do
|
|
75
|
-
provider :
|
|
83
|
+
provider :githubteammember,
|
|
84
|
+
ENV['GITHUB_CLIENT_ID'],
|
|
85
|
+
ENV['GITHUB_CLIENT_SECRET'],
|
|
86
|
+
scope: 'read:org',
|
|
87
|
+
teams: {
|
|
88
|
+
"mentors_team_member?" => 426344
|
|
89
|
+
}
|
|
76
90
|
end
|
|
77
91
|
```
|
|
78
92
|
|
|
79
93
|
### Scopes
|
|
80
94
|
|
|
81
|
-
You must require the
|
|
82
|
-
the authenticated user.
|
|
83
|
-
|
|
84
|
-
```ruby
|
|
85
|
-
use OmniAuth::Builder do
|
|
86
|
-
provider :github_team_member, ENV['GITHUB_CLIENT_ID'], ENV['GITHUB_CLIENT_SECRET'], :scope => 'user'
|
|
87
|
-
end
|
|
88
|
-
```
|
|
95
|
+
You must require the `read:org` scope to be able to access the team data associated with the authenticated user.
|
|
89
96
|
|
|
90
97
|
More info on [Scopes](http://developer.github.com/v3/oauth/#scopes).
|
|
98
|
+
|
|
99
|
+
## Contributing
|
|
100
|
+
|
|
101
|
+
1. [Fork it](https://help.github.com/articles/fork-a-repo)
|
|
102
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
103
|
+
3. Commit your changes (`git commit -am 'Added some feature'`)
|
|
104
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
|
105
|
+
5. Create new [Pull Request](https://help.github.com/articles/using-pull-requests)
|
|
106
|
+
|
|
107
|
+
## Contributors
|
|
108
|
+
|
|
109
|
+
* [Garrett Bjerkhoel](https://github.com/dewski)
|
|
110
|
+
* [Jonathan Hoyt](https://github.com/jonmagic)
|
|
111
|
+
* [Arthur Chiu](https://github.com/achiu)
|
|
112
|
+
* [Tim Clem](https://github.com/tclem)
|
|
113
|
+
* [Jessie Young](https://github.com/jessieay)
|
|
114
|
+
* [Paul Schreiber](https://github.com/paulschreiber)
|
|
@@ -4,18 +4,31 @@ module OmniAuth
|
|
|
4
4
|
module Strategies
|
|
5
5
|
class GitHubTeamMember < OmniAuth::Strategies::GitHub
|
|
6
6
|
credentials do
|
|
7
|
-
|
|
7
|
+
options['teams'].inject({}) do |base, key_value_pair|
|
|
8
|
+
method_name, team_id = key_value_pair
|
|
9
|
+
base[booleanize_method_name(method_name)] = team_member?(team_id)
|
|
10
|
+
base["email"] = email_addresses
|
|
11
|
+
base
|
|
12
|
+
end
|
|
8
13
|
end
|
|
9
14
|
|
|
10
|
-
def
|
|
11
|
-
|
|
12
|
-
|
|
15
|
+
def email_addresses
|
|
16
|
+
response = access_token.get("/user/emails")
|
|
17
|
+
response.status == 200 && response.parsed.map{|user| user["email"]}
|
|
13
18
|
rescue ::OAuth2::Error
|
|
14
19
|
false
|
|
15
20
|
end
|
|
16
21
|
|
|
17
|
-
def team_id
|
|
18
|
-
|
|
22
|
+
def team_member?(team_id)
|
|
23
|
+
response = access_token.get("/teams/#{team_id}/memberships/#{raw_info['login']}")
|
|
24
|
+
response.status == 200 && response.parsed["state"] == "active"
|
|
25
|
+
rescue ::OAuth2::Error
|
|
26
|
+
false
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def booleanize_method_name(method_name)
|
|
30
|
+
return method_name if method_name =~ /\?$/
|
|
31
|
+
return "#{method_name}?"
|
|
19
32
|
end
|
|
20
33
|
end
|
|
21
34
|
end
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
require File.expand_path('../lib/omniauth-github-team-member/version', __FILE__)
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |gem|
|
|
5
|
-
gem.authors = ['Jonathan Hoyt']
|
|
6
|
-
gem.email = ['jonmagic@gmail.com']
|
|
5
|
+
gem.authors = ['Garrett Bjerkhoel', 'Jonathan Hoyt']
|
|
6
|
+
gem.email = ['me@garrettbjerkhoel.com', 'jonmagic@gmail.com']
|
|
7
7
|
gem.description = %q{OmniAuth strategy for GitHub Team Auth.}
|
|
8
8
|
gem.summary = %q{OmniAuth strategy for GitHub Team Auth.}
|
|
9
9
|
gem.homepage = 'https://github.com/jonmagic/omniauth-github-team-member'
|
metadata
CHANGED
|
@@ -1,107 +1,99 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-github-team-member
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 2.1.0
|
|
6
5
|
platform: ruby
|
|
7
6
|
authors:
|
|
7
|
+
- Garrett Bjerkhoel
|
|
8
8
|
- Jonathan Hoyt
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2021-02-18 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: omniauth-github
|
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
-
none: false
|
|
18
17
|
requirements:
|
|
19
|
-
- -
|
|
18
|
+
- - ">="
|
|
20
19
|
- !ruby/object:Gem::Version
|
|
21
20
|
version: '0'
|
|
22
21
|
type: :runtime
|
|
23
22
|
prerelease: false
|
|
24
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
-
none: false
|
|
26
24
|
requirements:
|
|
27
|
-
- -
|
|
25
|
+
- - ">="
|
|
28
26
|
- !ruby/object:Gem::Version
|
|
29
27
|
version: '0'
|
|
30
28
|
- !ruby/object:Gem::Dependency
|
|
31
29
|
name: rspec
|
|
32
30
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
-
none: false
|
|
34
31
|
requirements:
|
|
35
|
-
- - ~>
|
|
32
|
+
- - "~>"
|
|
36
33
|
- !ruby/object:Gem::Version
|
|
37
34
|
version: '2.7'
|
|
38
35
|
type: :development
|
|
39
36
|
prerelease: false
|
|
40
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
-
none: false
|
|
42
38
|
requirements:
|
|
43
|
-
- - ~>
|
|
39
|
+
- - "~>"
|
|
44
40
|
- !ruby/object:Gem::Version
|
|
45
41
|
version: '2.7'
|
|
46
42
|
- !ruby/object:Gem::Dependency
|
|
47
43
|
name: rack-test
|
|
48
44
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
-
none: false
|
|
50
45
|
requirements:
|
|
51
|
-
- -
|
|
46
|
+
- - ">="
|
|
52
47
|
- !ruby/object:Gem::Version
|
|
53
48
|
version: '0'
|
|
54
49
|
type: :development
|
|
55
50
|
prerelease: false
|
|
56
51
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
-
none: false
|
|
58
52
|
requirements:
|
|
59
|
-
- -
|
|
53
|
+
- - ">="
|
|
60
54
|
- !ruby/object:Gem::Version
|
|
61
55
|
version: '0'
|
|
62
56
|
- !ruby/object:Gem::Dependency
|
|
63
57
|
name: simplecov
|
|
64
58
|
requirement: !ruby/object:Gem::Requirement
|
|
65
|
-
none: false
|
|
66
59
|
requirements:
|
|
67
|
-
- -
|
|
60
|
+
- - ">="
|
|
68
61
|
- !ruby/object:Gem::Version
|
|
69
62
|
version: '0'
|
|
70
63
|
type: :development
|
|
71
64
|
prerelease: false
|
|
72
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
73
|
-
none: false
|
|
74
66
|
requirements:
|
|
75
|
-
- -
|
|
67
|
+
- - ">="
|
|
76
68
|
- !ruby/object:Gem::Version
|
|
77
69
|
version: '0'
|
|
78
70
|
- !ruby/object:Gem::Dependency
|
|
79
71
|
name: webmock
|
|
80
72
|
requirement: !ruby/object:Gem::Requirement
|
|
81
|
-
none: false
|
|
82
73
|
requirements:
|
|
83
|
-
- -
|
|
74
|
+
- - ">="
|
|
84
75
|
- !ruby/object:Gem::Version
|
|
85
76
|
version: '0'
|
|
86
77
|
type: :development
|
|
87
78
|
prerelease: false
|
|
88
79
|
version_requirements: !ruby/object:Gem::Requirement
|
|
89
|
-
none: false
|
|
90
80
|
requirements:
|
|
91
|
-
- -
|
|
81
|
+
- - ">="
|
|
92
82
|
- !ruby/object:Gem::Version
|
|
93
83
|
version: '0'
|
|
94
84
|
description: OmniAuth strategy for GitHub Team Auth.
|
|
95
85
|
email:
|
|
86
|
+
- me@garrettbjerkhoel.com
|
|
96
87
|
- jonmagic@gmail.com
|
|
97
88
|
executables: []
|
|
98
89
|
extensions: []
|
|
99
90
|
extra_rdoc_files: []
|
|
100
91
|
files:
|
|
101
|
-
- .gitignore
|
|
102
|
-
- .rspec
|
|
92
|
+
- ".gitignore"
|
|
93
|
+
- ".rspec"
|
|
103
94
|
- Gemfile
|
|
104
95
|
- Guardfile
|
|
96
|
+
- LICENSE
|
|
105
97
|
- README.md
|
|
106
98
|
- Rakefile
|
|
107
99
|
- lib/omniauth-github-team-member.rb
|
|
@@ -113,27 +105,25 @@ files:
|
|
|
113
105
|
- spec/spec_helper.rb
|
|
114
106
|
homepage: https://github.com/jonmagic/omniauth-github-team-member
|
|
115
107
|
licenses: []
|
|
108
|
+
metadata: {}
|
|
116
109
|
post_install_message:
|
|
117
110
|
rdoc_options: []
|
|
118
111
|
require_paths:
|
|
119
112
|
- lib
|
|
120
113
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
121
|
-
none: false
|
|
122
114
|
requirements:
|
|
123
|
-
- -
|
|
115
|
+
- - ">="
|
|
124
116
|
- !ruby/object:Gem::Version
|
|
125
117
|
version: '0'
|
|
126
118
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
127
|
-
none: false
|
|
128
119
|
requirements:
|
|
129
|
-
- -
|
|
120
|
+
- - ">="
|
|
130
121
|
- !ruby/object:Gem::Version
|
|
131
122
|
version: '0'
|
|
132
123
|
requirements: []
|
|
133
|
-
|
|
134
|
-
rubygems_version: 1.8.23
|
|
124
|
+
rubygems_version: 3.0.3
|
|
135
125
|
signing_key:
|
|
136
|
-
specification_version:
|
|
126
|
+
specification_version: 4
|
|
137
127
|
summary: OmniAuth strategy for GitHub Team Auth.
|
|
138
128
|
test_files:
|
|
139
129
|
- spec/omniauth/strategies/github_spec.rb
|