RubyGems - omniauth-rails - Versions diffs - 0.1.0 → 0.2.0 - Mend

omniauth-rails 0.1.0 → 0.2.0

Files changed (49) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d56083f2dbbbb8598f6740095b9df4dd967269be
-  data.tar.gz: 905900d024010eee45dc8025a958e80a167ea269
+  metadata.gz: 059f75d1200dc3b91d801bd9123a59735abf41c7
+  data.tar.gz: fafa8b4b4d0a349c4af547544057b98e4653fa5b
 SHA512:
-  metadata.gz: 418f5a1cafc19fd179bd4bb78b80ec45962c410a3f9aef1f41dc5eaa6aaaddf83b65cb13d0d51234d484d6a5535df8f0c5b6a2f7ae3594f654d6e57449414d29
-  data.tar.gz: 69b3d71ee4887a09f8283c0304391901483b921384f9976805b80b10e109e6149364365cd189dce427cf5133a80a0cd529b873c8f8100ff29e437d4bfcbfc306
+  metadata.gz: 773c1f3d104401f4f59158cd9cc2d237368a3e94643e6e7bec0d56fc445e90b4bf9c619be862b758a5277e6a125c4e2ab011d2be765800fedf8a45f0fc5b72f4
+  data.tar.gz: 2ae36708dd6e522bdb7ebc20a30577bed4c53674d0fc10892ceeb78d4f66300f4fe50d1cc7a811ef5a772575d853ece0a69aba661d6712036b955c7b483ea59b

data/README.md CHANGED Viewed

@@ -1,6 +1,13 @@
 # Omniauth::Rails
+[![Gem Version](https://badge.fury.io/rb/omniauth-rails.svg)](https://badge.fury.io/rb/omniauth-rails)
+[![Code Climate](https://codeclimate.com/github/danrabinowitz/omniauth-rails/badges/gpa.svg)](https://codeclimate.com/github/danrabinowitz/omniauth-rails)
+[![Build Status](https://travis-ci.org/danrabinowitz/omniauth-rails.svg?branch=master)](https://travis-ci.org/danrabinowitz/omniauth-rails)
+[![Test Coverage](https://codeclimate.com/github/danrabinowitz/omniauth-rails/badges/coverage.svg)](https://codeclimate.com/github/danrabinowitz/omniauth-rails/coverage)
 A Rails Engine to make it as easy as possible to add oauth authentication to a Rails app.
 The canonical use case is this:
 You build a simple Rails app for your company. It is for internal use only. Your company uses Google Apps for gmail.
@@ -14,9 +21,8 @@ Authorization is handled separately.
 ## TODO
-* Add a "dev mode" override which simply skips all authentication.
-* Search for "TODO" in the code.
+* Add a new AuthorizationType for groups of email addresses
+* Run ```rake mutant``` and add all the specs.
 ## Usage
@@ -56,6 +62,33 @@ production:
 include Omniauth::Rails::RequireAuthentication
 ```
+## Additional configuration
+### Automount
+By default, Omniauth::Rails sets automount to true. You can override this in the omniauth_rails.yml configuration file.
+When automount is true (the default), the engine's routes are mounted in the host application's routes.
+When automount is false, you need to add this line to your routes.rb:
+```ruby
+mount Omniauth::Rails::Engine => OmniAuth.config.path_prefix
+```
+### path_prefix
+The default path_prefix for Omniauth is "/auth". In the unlikely event that this
+causes a conflict, it can be changed with the path_prefix configuration parameter.
+### autoload_in_application_controller
+The default value of autoload_in_application_controller is true.
+When it is true, the controller concerns are automatically included in ActionController::Base.
+If there is a conflict in having those methods in all controllers, set autoload_in_application_controller to
+false and manually add this line to any controllers which require authentication or authorization:
+```ruby
+include Omniauth::Rails::ControllersConcern
+```
 ## Logging out
 In general, there's not much point in "logging out". It wipes the Omniauth::Rails session,
@@ -64,8 +97,19 @@ but the browser is still logged in to the provider, which has granted access to
 Bottom line: There's usually no reason to have a logout button when using Omniauth::Rails
+## Mutation Testing
+Run ```rake mutant```
+The output will appear on STDOUT and also in coverage/mutant.out
+More info on reading the reports is here: https://github.com/mbj/mutant#reading-reports
 ## Contributing
 PRs are welcome!
+## Credit
+Thanks to [Paul De Goes](https://github.com/pauldegoes) for the idea for this gem. He
+built a similar gem for internal use at LivingSocial.
 ## License
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile CHANGED Viewed

@@ -17,6 +17,7 @@ end
 APP_RAKEFILE = File.expand_path("../spec/test_app/Rakefile", __FILE__)
 load "rails/tasks/engine.rake"
+Rails.application.load_tasks
 load "rails/tasks/statistics.rake"

data/app/assets/stylesheets/omniauth/rails/application.css CHANGED Viewed

@@ -1,19 +1,18 @@
 form.button_to {
   display: inline;
-  margin: 0;
   padding: 0;
 }
 form.button_to div { display: inline; }
 form.button_to input[type=submit] {
-    margin: 0;
-    padding: 0;
-    -webkit-appearance: caret;
-    background: none;
-    border: none;
-    font-size: inherit;
-    font-family: inherit;
-    cursor: pointer;
-    text-decoration: underline;
-    color: #0000FF;
-  }
+  margin: 0;
+  padding: 0;
+  -webkit-appearance: caret;
+  -moz-appearance: caret;
+  background: none;
+  border: none;
+  font-size: inherit;
+  font-family: inherit;
+  cursor: pointer;
+  text-decoration: underline;
+  color: #0000FF;
 }

data/app/controllers/omniauth/rails/{require_authentication.rb → authentication_concern.rb} RENAMED Viewed

@@ -1,19 +1,29 @@
 # frozen_string_literal: true
 module Omniauth
   module Rails
-    module RequireAuthentication
+    module AuthenticationConcern
       extend ActiveSupport::Concern
       included do
         include Omniauth::Rails::ApplicationHelper
+      end
+      module ClassMethods
+        private
-        # TODO: Do not add this before_action in dev_mode
-        before_action :require_authentication
+        def require_authentication
+          before_action :require_authentication
+        end
       end
       private
       def require_authentication
+        if Configuration.dev_mode
+          ::Rails.logger.info "Omniauth::Rails: dev_mode is enabled. Skipping 'require_authentication'"
+          return
+        end
         redirect_to_sign_in_url unless authenticated?
       end

data/app/controllers/omniauth/rails/{require_authorization.rb → authorization_concern.rb} RENAMED Viewed

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 module Omniauth
   module Rails
-    module RequireAuthorization
+    module AuthorizationConcern
       def self.included(klass)
-        klass.include Omniauth::Rails::RequireAuthentication
         klass.extend ClassMethods
       end
@@ -11,7 +10,6 @@ module Omniauth
         private
         def require_authorization(params)
-          # TODO: Do not add this before_action in dev_mode
           before_action { |c| c.require_authorization(params) }
         end
       end
@@ -19,7 +17,14 @@ module Omniauth
       protected
       def require_authorization(params)
-        redirect_to_sign_in_url unless authorized?(params)
+        if Configuration.dev_mode
+          ::Rails.logger.info "Omniauth::Rails: dev_mode is enabled. Skipping 'require_authorization'"
+          return
+        end
+        require_authentication # Require authentication before authorization.
+        return if performed?
+        render_403_forbidden unless authorized?(params)
       end
       private
@@ -27,6 +32,10 @@ module Omniauth
       def authorized?(params)
         AuthorizationChecker.new(email: authenticated_email, params: params).authorized?
       end
+      def render_403_forbidden
+        render "omniauth/rails/forbidden", status: :forbidden, layout: false
+      end
     end
   end
 end

data/app/controllers/omniauth/rails/controllers_concern.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module Omniauth
+  module Rails
+    module ControllersConcern
+      def self.included(klass)
+        klass.include Omniauth::Rails::AuthenticationConcern
+        klass.include Omniauth::Rails::AuthorizationConcern
+      end
+    end
+  end
+end

data/app/controllers/omniauth/rails/flash.rb CHANGED Viewed

@@ -5,39 +5,20 @@ module Omniauth
       extend ActiveSupport::Concern
       def set_url_to_return_to_after_authentication
-        # TODO: Sanitize these urls, to avoid phishing attacks
+        # Use caution when setting these urls.
+        # There are phishing risks associated with redirection, as described here:
         # See https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
         flash[:url_to_return_to_after_authentication] =
-          # url_to_return_to_after_authentication_from_params ||
           url_to_return_to_after_authentication_from_flash ||
-          # url_to_return_to_after_authentication_from_referer ||
           default_url_to_return_to_after_authentication
       end
       private
-      # def url_to_return_to_after_authentication_from_params
-      #   return nil unless allow_url_to_return_to_after_authentication_from_params?
-      #   params[:return_to]
-      # end
-      # def allow_url_to_return_to_after_authentication_from_params?
-      #   false
-      # end
       def url_to_return_to_after_authentication_from_flash
         flash[:url_to_return_to_after_authentication]
       end
-      # def url_to_return_to_after_authentication_from_referer
-      #   return nil unless allow_url_to_return_to_after_authentication_from_referer?
-      #   request.referer
-      # end
-      # def allow_url_to_return_to_after_authentication_from_referer?
-      #   false
-      # end
       def default_url_to_return_to_after_authentication
         Configuration.authenticated_root
       end

data/app/models/omniauth/rails/authentication_request.rb CHANGED Viewed

@@ -7,7 +7,6 @@ module Omniauth
       end
       def persist(authentication_session)
-        # TODO: Store the provider in the session
         authentication_session.email = email
         authentication_session.expire_in(session_duration)
       end
@@ -17,7 +16,11 @@ module Omniauth
       attr_reader :request
       def email
-        request.env["omniauth.auth"].info.email
+        info.email
+      end
+      def info
+        request.env["omniauth.auth"].info
       end
       def session_duration

data/app/views/omniauth/rails/forbidden.html ADDED Viewed

	@@ -0,0 +1 @@
1	+ ACCESS DENIED

data/app/views/omniauth/rails/sessions/destroy.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<div class='notification'>
-  You have been logged out.
+<p>
+  You are logged out.
   Click
   <%= link_to "here", omniauth_rails.sign_in_url, target: '_self' %>
   to log back in.
-</div>
+</p>

data/config/initializers/omniauth_rails.rb CHANGED Viewed

@@ -1,35 +1,2 @@
 # frozen_string_literal: true
-config_hash = YAML.load(ERB.new(File.read("#{Rails.root}/config/omniauth_rails.yml")).result)[Rails.env]
-OmniAuth.config.logger = Rails.logger
-# TODO
-# OmniAuth.config.path_prefix = "/auth"
-Rails.application.config.middleware.use OmniAuth::Builder do
-  if config_hash.present?
-    raise "You must provide at least one oauth provider" unless config_hash["providers"]
-    config_hash["providers"].each do |provider, provider_config|
-      case provider
-      when "google_oauth2"
-        raise "Provider #{provider} requires a client_id" unless provider_config["client_id"]
-        raise "Provider #{provider} requires a client_secret" unless provider_config["client_secret"]
-        provider(:google_oauth2, provider_config["client_id"], provider_config["client_secret"],
-                 access_type: "online", approval_prompt: "auto")
-      else
-        raise "#{provider} is not currently handled by omniauth_rails."
-      end
-    end
-  end
-end
-if config_hash["session_duration_in_seconds"].present?
-  Omniauth::Rails::Configuration.session_duration = config_hash["session_duration_in_seconds"].seconds
-end
-raise "authenticated_root is required" if config_hash["authenticated_root"].blank?
-Omniauth::Rails::Configuration.authenticated_root = config_hash["authenticated_root"]
-raise "unauthenticated_root is required" if config_hash["unauthenticated_root"].blank?
-Omniauth::Rails::Configuration.unauthenticated_root = config_hash["unauthenticated_root"]
+Omniauth::Rails::Configurator.from_default_config_file.configure

data/lib/omniauth/rails.rb CHANGED Viewed

@@ -2,6 +2,8 @@
 require "omniauth/rails/engine"
 require "omniauth/rails/configuration"
+require "omniauth/rails/configurator"
+require "omniauth/rails/provider"
 module Omniauth
   module Rails

data/lib/omniauth/rails/configuration.rb CHANGED Viewed

@@ -2,7 +2,11 @@
 module Omniauth
   module Rails
     class Configuration
-      ATTRIBUTES = %i(authenticated_root unauthenticated_root session_duration logger).freeze
+      ATTRIBUTES = %i(
+        authenticated_root include_concern_in_application_controller
+        unauthenticated_root session_duration logger
+        dev_mode automount
+      ).freeze
       @session_duration = 1.hour
       @logger = ::Rails.logger

data/lib/omniauth/rails/configurator.rb ADDED Viewed

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+module Omniauth
+  module Rails
+    class Configurator
+      REQUIRED_SETTINGS = %i(providers authenticated_root unauthenticated_root).freeze
+      def self.default_config_file
+        "#{::Rails.root}/config/omniauth_rails.yml"
+      end
+      def self.from_default_config_file
+        ::Rails.logger.info "Omniauth::Rails::Configurator: Loading from " \
+                            "default_config_file=#{default_config_file}"
+        from_yaml(default_config_file)
+      end
+      def self.from_yaml(file)
+        new(YAML.load(ERB.new(File.read(file)).result)[::Rails.env])
+      end
+      def initialize(data)
+        @data = data
+      end
+      def configure
+        validate!
+        configure_omni_auth_settings
+        configure_providers
+        Configuration.automount = automount
+        Configuration.authenticated_root = authenticated_root
+        Configuration.unauthenticated_root = unauthenticated_root
+        Configuration.include_concern_in_application_controller = include_concern_in_application_controller
+        Configuration.session_duration = session_duration.seconds if session_duration.present?
+        Configuration.dev_mode = dev_mode
+      end
+      private
+      attr_reader :data
+      def configure_omni_auth_settings
+        OmniAuth.config.logger = ::Rails.logger
+        OmniAuth.config.path_prefix = path_prefix
+      end
+      def dev_mode
+        data["dev_mode"] == true
+      end
+      def validate!
+        REQUIRED_SETTINGS.each do |setting|
+          raise "#{setting} is required" unless send(setting).present?
+        end
+        if dev_mode
+          raise "dev_mode may not be used in #{::Rails.env}" unless dev_mode_allowed?
+          ::Rails.logger.info "Omniauth::Rails: dev_mode is enabled. Authentication and " \
+                              "authorization are disabled."
+        end
+      end
+      def dev_mode_allowed?
+        ::Rails.env.development?
+      end
+      def automount
+        data["automount"] != false
+      end
+      def path_prefix
+        data["path_prefix"] || "/auth"
+      end
+      def authenticated_root
+        data["authenticated_root"]
+      end
+      def unauthenticated_root
+        data["unauthenticated_root"]
+      end
+      def session_duration
+        data["session_duration_in_seconds"]
+      end
+      def providers
+        data["providers"]
+      end
+      def include_concern_in_application_controller
+        data["autoload_in_application_controller"] != false
+      end
+      def configure_providers
+        providers.each do |provider, provider_config|
+          Provider.configure(provider, provider_config)
+        end
+      end
+    end
+  end
+end