omniauth-heroku-sso 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source "http://rubygems.org"
2
+
3
+ gemspec
@@ -0,0 +1,52 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ omniauth-heroku-sso (1.0.0)
5
+ omniauth
6
+
7
+ GEM
8
+ remote: http://rubygems.org/
9
+ specs:
10
+ coderay (1.0.6)
11
+ diff-lcs (1.1.3)
12
+ ffi (1.0.11)
13
+ guard (1.0.1)
14
+ ffi (>= 0.5.0)
15
+ thor (~> 0.14.6)
16
+ guard-rspec (0.7.0)
17
+ guard (>= 0.10.0)
18
+ hashie (1.2.0)
19
+ method_source (0.7.1)
20
+ omniauth (1.1.0)
21
+ hashie (~> 1.2)
22
+ rack
23
+ pry (0.9.9.3)
24
+ coderay (~> 1.0.5)
25
+ method_source (~> 0.7.1)
26
+ slop (>= 2.4.4, < 3)
27
+ rack (1.4.1)
28
+ rack-test (0.6.1)
29
+ rack (>= 1.0)
30
+ rake (0.9.2.2)
31
+ rspec (2.9.0)
32
+ rspec-core (~> 2.9.0)
33
+ rspec-expectations (~> 2.9.0)
34
+ rspec-mocks (~> 2.9.0)
35
+ rspec-core (2.9.0)
36
+ rspec-expectations (2.9.1)
37
+ diff-lcs (~> 1.1.3)
38
+ rspec-mocks (2.9.0)
39
+ slop (2.4.4)
40
+ thor (0.14.6)
41
+
42
+ PLATFORMS
43
+ ruby
44
+
45
+ DEPENDENCIES
46
+ guard
47
+ guard-rspec
48
+ omniauth-heroku-sso!
49
+ pry
50
+ rack-test
51
+ rake
52
+ rspec
@@ -0,0 +1,5 @@
1
+ guard 'rspec', :version => 2 do
2
+ watch(%r{^spec/.+_spec\.rb$})
3
+ watch(%r{^lib/}) { "spec" }
4
+ watch('spec/spec_helper.rb') { "spec" }
5
+ end
@@ -0,0 +1,31 @@
1
+ omniauth-heroku-sso
2
+ ===================
3
+
4
+ `omniauth-heroku-sso` provides an [OmniAuth][omniauth] strategy for Heroku's single-sign-on, which is part of the [Heroku Provider Program][heroku_provider].
5
+
6
+ Usage
7
+ -----
8
+
9
+ Add it to your Gemfile:
10
+
11
+ gem 'omniauth-heroku-sso`
12
+
13
+ For use in Rails, add `config/initializers/omniauth.rb`:
14
+
15
+ Rails.application.config.middleware.use OmniAuth::Builder do
16
+ provider :heroku_sso, "HEROKU_SALT"
17
+ end
18
+
19
+ Or, for Sinatra:
20
+
21
+ use OmniAuth::Builder do
22
+ provider :heroku_sso, "HEROKU_SALT"
23
+ end
24
+
25
+ post "/auth/heroku_sso/callback" do
26
+ auth = request.env['omniauth.auth]
27
+ # Use the auth info
28
+ end
29
+
30
+ [omniauth]: https://github.com/intridea/omniauth
31
+ [heroku_provider]: https://addons.heroku.com/provider
@@ -0,0 +1,8 @@
1
+ require "bundler/gem_tasks"
2
+ require 'rspec/core/rake_task'
3
+
4
+ desc 'Default: run specs.'
5
+ task :default => :spec
6
+
7
+ desc "Run specs"
8
+ RSpec::Core::RakeTask.new
@@ -0,0 +1,2 @@
1
+ require 'omniauth-heroku-sso/version'
2
+ require 'omniauth/strategies/heroku-sso'
@@ -0,0 +1,5 @@
1
+ module OmniAuth
2
+ module HerokuSSO
3
+ VERSION = '1.0.0'
4
+ end
5
+ end
@@ -0,0 +1,55 @@
1
+ require 'omniauth'
2
+ require 'digest/sha1'
3
+
4
+ module OmniAuth
5
+ module Strategies
6
+ class HerokuSSO
7
+ include OmniAuth::Strategy
8
+
9
+ args [:salt]
10
+ option :name, 'heroku_sso'
11
+ option :salt, nil
12
+ option :heroku_url, "https://api.heroku.com/myapps"
13
+
14
+ def request_phase
15
+ response = Rack::Response.new
16
+ response.redirect( options.heroku_url )
17
+ response.finish
18
+ end
19
+
20
+ def callback_phase
21
+ resource_id = request.params['id']
22
+ provided_token = request.params['token']
23
+ timestamp = request.params['timestamp'].to_i
24
+
25
+ return fail!( :session_expired ) unless current?( timestamp )
26
+ return fail!( :invalid_credentials ) unless token_matches?( provided_token, resource_id, timestamp )
27
+
28
+ super
29
+ end
30
+
31
+ uid do
32
+ request.params['email']
33
+ end
34
+
35
+ info do
36
+ {
37
+ resource_id: request.params['id']
38
+ }
39
+ end
40
+
41
+ protected
42
+
43
+ def current?( timestamp )
44
+ timestamp > (Time.now - 2*60).to_i
45
+ end
46
+
47
+ def token_matches?( token, resource_id, timestamp )
48
+ token_verify = Digest::SHA1.hexdigest( "#{resource_id}:#{options.salt}:#{timestamp}" ).to_s
49
+ token == token_verify
50
+ end
51
+ end
52
+ end
53
+ end
54
+
55
+ OmniAuth.config.add_camelization 'heroku_sso', 'HerokuSSO'
@@ -0,0 +1,27 @@
1
+ # -*- encoding: utf-8 -*-
2
+ require File.dirname(__FILE__) + '/lib/omniauth-heroku-sso/version'
3
+
4
+ Gem::Specification.new do |s|
5
+ s.name = "omniauth-heroku-sso"
6
+ s.version = OmniAuth::HerokuSSO::VERSION
7
+ s.authors = ["Tyson Tate"]
8
+ s.email = ["tyson@tysontate.com"]
9
+ s.homepage = "http://github.com/stvp/omniauth-heroku-sso"
10
+ s.summary = "Heroku SSO OmniAuth strategy"
11
+ s.description = "Provides an OmniAuth strategy for Heroku's single-sign-on functionality for service providers."
12
+
13
+ s.rubyforge_project = "omniauth-heroku-sso"
14
+
15
+ s.files = `git ls-files`.split("\n")
16
+ s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
17
+ s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
18
+ s.require_paths = ["lib"]
19
+
20
+ s.add_development_dependency "rspec"
21
+ s.add_development_dependency "guard"
22
+ s.add_development_dependency "guard-rspec"
23
+ s.add_development_dependency "pry"
24
+ s.add_development_dependency "rake"
25
+ s.add_development_dependency "rack-test"
26
+ s.add_runtime_dependency "omniauth"
27
+ end
@@ -0,0 +1,63 @@
1
+ require_relative '../spec_helper'
2
+
3
+ describe OmniAuth::Strategies::HerokuSSO do
4
+ include OmniAuth::Test::StrategyTestCase
5
+
6
+ def strategy
7
+ [OmniAuth::Strategies::HerokuSSO, 'SALTY']
8
+ end
9
+
10
+ def auth_hash
11
+ last_request.env['omniauth.auth']
12
+ end
13
+
14
+ it 'can be camel-cased' do
15
+ OmniAuth::Utils.camelize( 'heroku_sso' ).should == 'HerokuSSO'
16
+ end
17
+
18
+ describe 'request' do
19
+ it 'redirects to heroku' do
20
+ get '/auth/heroku_sso'
21
+ last_response.should be_redirect
22
+ last_response.headers['Location'].should == 'https://api.heroku.com/myapps'
23
+ end
24
+ end
25
+
26
+ describe 'callback' do
27
+ it 'succeeds with the correct parameters' do
28
+ post '/auth/heroku_sso/callback', {
29
+ id: 'omg',
30
+ token: '6fa76206645479b5cc8ad6371584c1d281dd034b',
31
+ timestamp: 9999999999,
32
+ email: "test@user.com"
33
+ }
34
+ last_response.body.should == 'true'
35
+ auth_hash.info.should == { 'resource_id' => 'omg' }
36
+ auth_hash.uid = 'test@user.com'
37
+ end
38
+
39
+ it 'fails with an old timestamp' do
40
+ post '/auth/heroku_sso/callback', {
41
+ id: 'omg',
42
+ token: 'ff7c07eff889491317b120e0f778c88f80a93f59',
43
+ timestamp: 1,
44
+ email: "test@user.com"
45
+ }
46
+ last_response.should be_redirect
47
+ last_response.headers['Location'].should == '/auth/failure?message=session_expired&strategy=heroku_sso'
48
+ auth_hash.should be_nil
49
+ end
50
+
51
+ it 'fails with an incorrect token' do
52
+ post '/auth/heroku_sso/callback', {
53
+ id: 'omg',
54
+ token: 'l33t',
55
+ timestamp: 9999999999,
56
+ email: "test@user.com"
57
+ }
58
+ last_response.should be_redirect
59
+ last_response.headers['Location'].should == '/auth/failure?message=invalid_credentials&strategy=heroku_sso'
60
+ auth_hash.should be_nil
61
+ end
62
+ end
63
+ end
@@ -0,0 +1,10 @@
1
+ require 'rubygems'
2
+ require 'bundler'
3
+ Bundler.require
4
+
5
+ require 'pry'
6
+ require 'rack/test'
7
+
8
+ RSpec.configure do |config|
9
+ config.include Rack::Test::Methods
10
+ end
metadata ADDED
@@ -0,0 +1,136 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: omniauth-heroku-sso
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Tyson Tate
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-04-25 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rspec
16
+ requirement: &70344073538380 !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :development
23
+ prerelease: false
24
+ version_requirements: *70344073538380
25
+ - !ruby/object:Gem::Dependency
26
+ name: guard
27
+ requirement: &70344073537960 !ruby/object:Gem::Requirement
28
+ none: false
29
+ requirements:
30
+ - - ! '>='
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ type: :development
34
+ prerelease: false
35
+ version_requirements: *70344073537960
36
+ - !ruby/object:Gem::Dependency
37
+ name: guard-rspec
38
+ requirement: &70344073553880 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ! '>='
42
+ - !ruby/object:Gem::Version
43
+ version: '0'
44
+ type: :development
45
+ prerelease: false
46
+ version_requirements: *70344073553880
47
+ - !ruby/object:Gem::Dependency
48
+ name: pry
49
+ requirement: &70344073553440 !ruby/object:Gem::Requirement
50
+ none: false
51
+ requirements:
52
+ - - ! '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ type: :development
56
+ prerelease: false
57
+ version_requirements: *70344073553440
58
+ - !ruby/object:Gem::Dependency
59
+ name: rake
60
+ requirement: &70344073553000 !ruby/object:Gem::Requirement
61
+ none: false
62
+ requirements:
63
+ - - ! '>='
64
+ - !ruby/object:Gem::Version
65
+ version: '0'
66
+ type: :development
67
+ prerelease: false
68
+ version_requirements: *70344073553000
69
+ - !ruby/object:Gem::Dependency
70
+ name: rack-test
71
+ requirement: &70344073552580 !ruby/object:Gem::Requirement
72
+ none: false
73
+ requirements:
74
+ - - ! '>='
75
+ - !ruby/object:Gem::Version
76
+ version: '0'
77
+ type: :development
78
+ prerelease: false
79
+ version_requirements: *70344073552580
80
+ - !ruby/object:Gem::Dependency
81
+ name: omniauth
82
+ requirement: &70344073552160 !ruby/object:Gem::Requirement
83
+ none: false
84
+ requirements:
85
+ - - ! '>='
86
+ - !ruby/object:Gem::Version
87
+ version: '0'
88
+ type: :runtime
89
+ prerelease: false
90
+ version_requirements: *70344073552160
91
+ description: Provides an OmniAuth strategy for Heroku's single-sign-on functionality
92
+ for service providers.
93
+ email:
94
+ - tyson@tysontate.com
95
+ executables: []
96
+ extensions: []
97
+ extra_rdoc_files: []
98
+ files:
99
+ - Gemfile
100
+ - Gemfile.lock
101
+ - Guardfile
102
+ - README.md
103
+ - Rakefile
104
+ - lib/omniauth-heroku-sso.rb
105
+ - lib/omniauth-heroku-sso/version.rb
106
+ - lib/omniauth/strategies/heroku-sso.rb
107
+ - omniauth-heroku-sso.gemspec
108
+ - spec/lib/omniauth_heroku_sso_spec.rb
109
+ - spec/spec_helper.rb
110
+ homepage: http://github.com/stvp/omniauth-heroku-sso
111
+ licenses: []
112
+ post_install_message:
113
+ rdoc_options: []
114
+ require_paths:
115
+ - lib
116
+ required_ruby_version: !ruby/object:Gem::Requirement
117
+ none: false
118
+ requirements:
119
+ - - ! '>='
120
+ - !ruby/object:Gem::Version
121
+ version: '0'
122
+ required_rubygems_version: !ruby/object:Gem::Requirement
123
+ none: false
124
+ requirements:
125
+ - - ! '>='
126
+ - !ruby/object:Gem::Version
127
+ version: '0'
128
+ requirements: []
129
+ rubyforge_project: omniauth-heroku-sso
130
+ rubygems_version: 1.8.11
131
+ signing_key:
132
+ specification_version: 3
133
+ summary: Heroku SSO OmniAuth strategy
134
+ test_files:
135
+ - spec/lib/omniauth_heroku_sso_spec.rb
136
+ - spec/spec_helper.rb