omniauth-heroku-sso 1.0.0

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,52 @@
+PATH
+  remote: .
+  specs:
+    omniauth-heroku-sso (1.0.0)
+      omniauth
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    coderay (1.0.6)
+    diff-lcs (1.1.3)
+    ffi (1.0.11)
+    guard (1.0.1)
+      ffi (>= 0.5.0)
+      thor (~> 0.14.6)
+    guard-rspec (0.7.0)
+      guard (>= 0.10.0)
+    hashie (1.2.0)
+    method_source (0.7.1)
+    omniauth (1.1.0)
+      hashie (~> 1.2)
+      rack
+    pry (0.9.9.3)
+      coderay (~> 1.0.5)
+      method_source (~> 0.7.1)
+      slop (>= 2.4.4, < 3)
+    rack (1.4.1)
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rake (0.9.2.2)
+    rspec (2.9.0)
+      rspec-core (~> 2.9.0)
+      rspec-expectations (~> 2.9.0)
+      rspec-mocks (~> 2.9.0)
+    rspec-core (2.9.0)
+    rspec-expectations (2.9.1)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.9.0)
+    slop (2.4.4)
+    thor (0.14.6)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  guard
+  guard-rspec
+  omniauth-heroku-sso!
+  pry
+  rack-test
+  rake
+  rspec

data/Guardfile

@@ -0,0 +1,5 @@
+guard 'rspec', :version => 2 do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/}) { "spec" }
+  watch('spec/spec_helper.rb') { "spec" }
+end

data/README.md

@@ -0,0 +1,31 @@
+omniauth-heroku-sso
+===================
+
+`omniauth-heroku-sso` provides an [OmniAuth][omniauth] strategy for Heroku's single-sign-on, which is part of the [Heroku Provider Program][heroku_provider].
+
+Usage
+-----
+
+Add it to your Gemfile:
+
+    gem 'omniauth-heroku-sso`
+
+For use in Rails, add `config/initializers/omniauth.rb`:
+
+    Rails.application.config.middleware.use OmniAuth::Builder do
+      provider :heroku_sso, "HEROKU_SALT"
+    end
+
+Or, for Sinatra:
+
+    use OmniAuth::Builder do
+      provider :heroku_sso, "HEROKU_SALT"
+    end
+
+    post "/auth/heroku_sso/callback" do
+      auth = request.env['omniauth.auth]
+      # Use the auth info
+    end
+
+[omniauth]: https://github.com/intridea/omniauth
+[heroku_provider]: https://addons.heroku.com/provider

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task :default => :spec
+
+desc "Run specs"
+RSpec::Core::RakeTask.new

data/lib/omniauth-heroku-sso.rb

@@ -0,0 +1,2 @@
+require 'omniauth-heroku-sso/version'
+require 'omniauth/strategies/heroku-sso'

data/lib/omniauth-heroku-sso/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module HerokuSSO
+    VERSION = '1.0.0'
+  end
+end

data/lib/omniauth/strategies/heroku-sso.rb

@@ -0,0 +1,55 @@
+require 'omniauth'
+require 'digest/sha1'
+
+module OmniAuth
+  module Strategies
+    class HerokuSSO
+      include OmniAuth::Strategy
+
+      args [:salt]
+      option :name, 'heroku_sso'
+      option :salt, nil
+      option :heroku_url, "https://api.heroku.com/myapps"
+
+      def request_phase
+        response = Rack::Response.new
+        response.redirect( options.heroku_url )
+        response.finish
+      end
+
+      def callback_phase
+        resource_id = request.params['id']
+        provided_token = request.params['token']
+        timestamp = request.params['timestamp'].to_i
+
+        return fail!( :session_expired ) unless current?( timestamp )
+        return fail!( :invalid_credentials ) unless token_matches?( provided_token, resource_id, timestamp )
+
+        super
+      end
+
+      uid do
+        request.params['email']
+      end
+
+      info do
+        {
+          resource_id: request.params['id']
+        }
+      end
+
+      protected
+
+      def current?( timestamp )
+        timestamp > (Time.now - 2*60).to_i
+      end
+
+      def token_matches?( token, resource_id, timestamp )
+        token_verify = Digest::SHA1.hexdigest( "#{resource_id}:#{options.salt}:#{timestamp}" ).to_s
+        token == token_verify
+      end
+    end
+  end
+end
+
+OmniAuth.config.add_camelization 'heroku_sso', 'HerokuSSO'

data/omniauth-heroku-sso.gemspec

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+require File.dirname(__FILE__) + '/lib/omniauth-heroku-sso/version'
+
+Gem::Specification.new do |s|
+  s.name        = "omniauth-heroku-sso"
+  s.version     = OmniAuth::HerokuSSO::VERSION
+  s.authors     = ["Tyson Tate"]
+  s.email       = ["tyson@tysontate.com"]
+  s.homepage    = "http://github.com/stvp/omniauth-heroku-sso"
+  s.summary     = "Heroku SSO OmniAuth strategy"
+  s.description = "Provides an OmniAuth strategy for Heroku's single-sign-on functionality for service providers."
+
+  s.rubyforge_project = "omniauth-heroku-sso"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "guard"
+  s.add_development_dependency "guard-rspec"
+  s.add_development_dependency "pry"
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rack-test"
+  s.add_runtime_dependency "omniauth"
+end

data/spec/lib/omniauth_heroku_sso_spec.rb

@@ -0,0 +1,63 @@
+require_relative '../spec_helper'
+
+describe OmniAuth::Strategies::HerokuSSO do
+  include OmniAuth::Test::StrategyTestCase
+
+  def strategy
+    [OmniAuth::Strategies::HerokuSSO, 'SALTY']
+  end
+
+  def auth_hash
+    last_request.env['omniauth.auth']
+  end
+
+  it 'can be camel-cased' do
+    OmniAuth::Utils.camelize( 'heroku_sso' ).should == 'HerokuSSO'
+  end
+
+  describe 'request' do
+    it 'redirects to heroku' do
+      get '/auth/heroku_sso'
+      last_response.should be_redirect
+      last_response.headers['Location'].should == 'https://api.heroku.com/myapps'
+    end
+  end
+
+  describe 'callback' do
+    it 'succeeds with the correct parameters' do
+      post '/auth/heroku_sso/callback', {
+        id: 'omg',
+        token: '6fa76206645479b5cc8ad6371584c1d281dd034b',
+        timestamp: 9999999999,
+        email: "test@user.com"
+      }
+      last_response.body.should == 'true'
+      auth_hash.info.should == { 'resource_id' => 'omg' }
+      auth_hash.uid = 'test@user.com'
+    end
+
+    it 'fails with an old timestamp' do
+      post '/auth/heroku_sso/callback', {
+        id: 'omg',
+        token: 'ff7c07eff889491317b120e0f778c88f80a93f59',
+        timestamp: 1,
+        email: "test@user.com"
+      }
+      last_response.should be_redirect
+      last_response.headers['Location'].should == '/auth/failure?message=session_expired&strategy=heroku_sso'
+      auth_hash.should be_nil
+    end
+
+    it 'fails with an incorrect token' do
+      post '/auth/heroku_sso/callback', {
+        id: 'omg',
+        token: 'l33t',
+        timestamp: 9999999999,
+        email: "test@user.com"
+      }
+      last_response.should be_redirect
+      last_response.headers['Location'].should == '/auth/failure?message=invalid_credentials&strategy=heroku_sso'
+      auth_hash.should be_nil
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'bundler'
+Bundler.require
+
+require 'pry'
+require 'rack/test'
+
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+end

metadata

@@ -0,0 +1,136 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-heroku-sso
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- Tyson Tate
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-04-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70344073538380 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70344073538380
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: &70344073537960 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70344073537960
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: &70344073553880 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70344073553880
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: &70344073553440 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70344073553440
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &70344073553000 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70344073553000
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: &70344073552580 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70344073552580
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: &70344073552160 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70344073552160
+description: Provides an OmniAuth strategy for Heroku's single-sign-on functionality
+  for service providers.
+email:
+- tyson@tysontate.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- README.md
+- Rakefile
+- lib/omniauth-heroku-sso.rb
+- lib/omniauth-heroku-sso/version.rb
+- lib/omniauth/strategies/heroku-sso.rb
+- omniauth-heroku-sso.gemspec
+- spec/lib/omniauth_heroku_sso_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/stvp/omniauth-heroku-sso
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: omniauth-heroku-sso
+rubygems_version: 1.8.11
+signing_key: 
+specification_version: 3
+summary: Heroku SSO OmniAuth strategy
+test_files:
+- spec/lib/omniauth_heroku_sso_spec.rb
+- spec/spec_helper.rb