opensesame 0.0.1 → 0.0.2

data/README.md

@@ -0,0 +1,40 @@
+# OpenSesame
+
+OpenSesame is a [Warden](https://github.com/hassox/warden) strategy for providing "walled garden" authentication for access to Rack-based applications via Omniauth. For example, your company has internal apps and/or staging enviroments for multiple projects and you want something better than HTTP basic auth. The intent is protect the visibility of your app from the outside world.
+
+Enter OpenSesame. To authenticate, OpenSesame currently uses Omniauth and the Github API to require that a user is both logged in to Github and a member of the configurable Github organization.
+
+## Usage
+
+In your Gemfile:
+
+    $ gem "opensesame"
+
+Register your application(s) with Github for OAuth access. For each application, you need a name, the site url,
+and a callback for OAuth. The OmniAuth-Github OAuth strategy used under the hood will expect the callback at mount path + '/auth/github/callback'. So the development version of your client application might be registered as:
+
+    Name: MyApp - local
+    URL: http://localhost:3000
+    Callback URL: http://localhost:3000/welcome/auth/github/callback
+
+Configure OpenSesame:
+
+```ruby
+# Rails config/initializers/opensesame.rb or Sinatra app.rb
+
+require 'opensesame'
+
+OpenSesame.configure do |config|
+  config.github       ENV['CAPITAN_GITHUB_KEY'], ENV['CAPITAN_GITHUB_SECRET']
+  config.organization 'challengepost'
+  config.mounted_at   '/welcome'
+end
+```
+
+Mount OpenSesame in your Rails routes.rb:
+
+```ruby
+# Rails config/routes.rb
+
+mount OpenSesame::Engine => "/welcome", :as => "opensesame"
+```

data/app/controllers/open_sesame/application_controller.rb

@@ -1,6 +1,6 @@
 module OpenSesame
   class ApplicationController < ActionController::Base
-    unloadable
-    include OpenSesame::ControllerHelper
+    include OpenSesame::ViewHelper
+
   end
 end

data/app/controllers/open_sesame/sessions_controller.rb

@@ -1,10 +1,16 @@
 module OpenSesame
-  class SessionsController < ApplicationController
-    unloadable
+  class SessionsController < OpenSesame::ApplicationController
 
     skip_before_filter :authenticate_opensesame!
+    skip_authorization_check if defined?(CanCan)
+    before_filter :attempt_auto_authenticate, :only => :new
+    after_filter :clear_auto_attempt!, :only => :create
 
     def new
+      if warden.message
+        flash.now[:notice] = warden.message
+      end
+      render :layout => 'open_sesame/application'
     end
 
     def create
@@ -23,5 +29,23 @@ module OpenSesame
       raise params.inspect
     end
 
+    protected
+
+    def attempt_auto_authenticate
+      return unless attempt_auto_access?
+      
+      redirect_to identity_request_path(OpenSesame.auto_access_provider)
+    end
+
+    def attempt_auto_access?
+      return false unless OpenSesame.auto_access_provider.present?
+      attempts = session[:opensesame_auto_access_attempt].to_i
+      session[:opensesame_auto_access_attempt] = attempts + 1
+      attempts < 1
+    end
+
+    def clear_auto_attempt!
+      session[:opensesame_auto_access_attempt] = nil
+    end
   end
 end

data/app/helpers/open_sesame/application_helper.rb

@@ -2,10 +2,5 @@ module OpenSesame
   module ApplicationHelper
     include OpenSesame::ViewHelper
 
-    def page_header(text)
-      content_tag(:header, class: "content-header") do
-        content_tag(:h1, text)
-      end
-    end
   end
 end

data/app/views/open_sesame/sessions/new.html.erb

@@ -1,7 +1,11 @@
-<%= page_header 'Login' %>
-<p>Welcome! You have arrived at a <%= OpenSesame.organization_name.titleize %> application requiring additional credentials. To continue, please log in via:</p>
-<div class="table">
-  <div class="table-cell align-middle">
-    <%= login_image_link_to('github') %>
+<div id="opensesame-session">
+  <header class="content-header">
+    <h1>Login</h1>
+  </header>
+  <p>Welcome! You have arrived at a <%= OpenSesame.organization_name.titleize %> application requiring additional credentials. To continue, please log in via:</p>
+  <div class="table">
+    <div class="table-cell align-middle">
+      <%= login_image_link_to('github') %>
+    </div>
   </div>
 </div>

data/lib/open_sesame/configuration.rb

@@ -2,13 +2,18 @@ module OpenSesame
   class ConfigurationError < RuntimeError; end
 
   class Configuration
-    CONFIGURABLE_ATTRIBUTES = [:organization_name, :mount_prefix, :github_client]
+    CONFIGURABLE_ATTRIBUTES = [:organization_name, :mount_prefix, :github_client, 
+      :enabled, :enable_clause, :full_host, :auto_access_provider]
     attr_accessor *CONFIGURABLE_ATTRIBUTES
 
     def mounted_at(mount_prefix)
       self.mount_prefix = mount_prefix
     end
 
+    def host(full_host)
+      self.full_host = full_host
+    end
+
     def github(client_id, client_secret)
       self.github_client = { :id => client_id, :secret => client_secret }
     end
@@ -17,6 +22,30 @@ module OpenSesame
       self.organization_name = organization_name
     end
 
+    def auto_login(provider)
+      self.auto_access_provider = provider
+    end
+
+    def enable_if(conditional)
+      self.enabled = nil
+      self.enable_clause = lambda { conditional }
+    end
+
+    def enable!
+      self.enable_clause = nil
+      self.enabled = true
+    end
+
+    def disable!
+      self.enable_clause = nil
+      self.enabled = false
+    end
+
+    def enabled?
+      (!self.enabled.nil? && self.enabled) ||
+      (!self.enable_clause.nil? && self.enable_clause.call)
+    end
+
     def configure
       yield self
     end
@@ -28,11 +57,14 @@ module OpenSesame
       [:id, :secret].all? { |key| self.github_client.keys.include?(key) }
     end
 
+    def configured?
+      [:organization_name, :mount_prefix, :github_client].any? { |required| send(required).present? }
+    end
+
     def validate!
       return true if valid?
       message = <<-MESSAGE
 
-
       Update your OpenSesame configuration. Example:
 
       # config/initializers/open_sesame.rb

data/lib/open_sesame/engine.rb

@@ -16,16 +16,32 @@ module OpenSesame
       include OpenSesame::ViewHelper
     end
 
-    initializer "gardenwall.middleware", :after => :load_config_initializers do |app|
+    initializer "opensesame.middleware", :after => :load_config_initializers do |app|
       OpenSesame.configuration.validate!
 
       OpenSesame::Github.organization_name = OpenSesame.organization_name
 
-      middleware.use OmniAuth::Strategies::GitHub, OpenSesame.github_client[:id], OpenSesame.github_client[:secret]
+      middleware.use OmniAuth::Builder do
+        configure do |config|
+          config.path_prefix = '/auth'
+          config.full_host = OpenSesame.full_host if OpenSesame.full_host
+        end
 
-      app.config.middleware.use Warden::Manager do |manager|
-        manager.scope_defaults :opensesame, :strategies => [:opensesame_github]
-        manager.failure_app = lambda { |env| OpenSesame::SessionsController.action(:new).call(env) }
+        provider :github, OpenSesame.github_client[:id], OpenSesame.github_client[:secret]
+      end
+
+      if defined?(Devise)
+        Devise.setup do |config|
+          config.warden do |manager|
+            manager.default_strategies(:opensesame_github, :scope => :opensesame)
+            manager.failure_app = OpenSesame::FailureApp.new
+          end
+        end
+      else
+        app.config.middleware.use Warden::Manager do |manager|
+          manager.default_strategies(:opensesame_github, :scope => :opensesame)
+          manager.failure_app = lambda { |env| OpenSesame::SessionsController.action(:new).call(env)}
+        end
       end
 
     end

data/lib/open_sesame/failure_app.rb

@@ -0,0 +1,14 @@
+require 'devise'
+module OpenSesame
+  class FailureApp < Devise::Delegator
+
+    def call(env)
+      if (env['warden.options'] && (scope = env["warden.options"][:scope]) && scope == :opensesame)
+        OpenSesame::SessionsController.action(:new).call(env)
+      else
+        super
+      end
+    end
+
+  end
+end

data/lib/open_sesame/version.rb

@@ -1,3 +1,3 @@
 module OpenSesame
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/lib/open_sesame.rb

@@ -4,8 +4,10 @@ module OpenSesame
   autoload :Configuration, 'open_sesame/configuration'
   autoload :ControllerHelper, 'open_sesame/controller_helper'
   autoload :ViewHelper, 'open_sesame/view_helper'
+  autoload :FailureApp, 'open_sesame/failure_app'
 
   delegate *Configuration::CONFIGURABLE_ATTRIBUTES, :to => :configuration
+  delegate :enabled?, :to => :configuration
 
   mattr_accessor :configuration
   @@configuration = Configuration.new
@@ -16,4 +18,4 @@ module OpenSesame
   end
 end
 
-require "open_sesame/engine"
+require "open_sesame/engine"

data/spec/dummy/app/controllers/application_controller.rb

@@ -1,3 +1,5 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
+
+  before_filter :authenticate_opensesame!
 end

data/spec/dummy/app/controllers/home_controller.rb

@@ -0,0 +1,4 @@
+class HomeController < ApplicationController
+
+  def index; end
+end

data/spec/dummy/app/views/home/index.html.erb

@@ -0,0 +1 @@
+<h1>Welcome Home!</h1>

data/spec/dummy/config/application.rb

@@ -9,7 +9,6 @@ require "sprockets/railtie"
 # require "rails/test_unit/railtie"
 
 Bundler.require
-require "opensesame"
 
 module Dummy
   class Application < Rails::Application

data/spec/dummy/config/initializers/opensesame.rb

@@ -1,3 +1,5 @@
+require "opensesame"
+
 OpenSesame.configure do |config|
   config.organization 'challengepost'
   config.mounted_at   '/welcome'

data/spec/dummy/config/routes.rb

@@ -1,4 +1,5 @@
 Rails.application.routes.draw do
+  root :to => "home#index"
 
-  mount OpenSesame::Engine => "/opensesame"
+  mount OpenSesame::Engine => "/welcome"
 end

data/spec/dummy/db/schema.rb

@@ -0,0 +1,16 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 0) do
+
+end

data/spec/dummy/log/development.log

@@ -0,0 +1,6 @@
+   (0.1ms)  select sqlite_version(*)
+   (2.4ms)  CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL) 
+   (0.0ms)  PRAGMA index_list("schema_migrations")
+   (0.7ms)  CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version")
+   (0.2ms)  select sqlite_version(*)
+   (0.1ms)  SELECT "schema_migrations"."version" FROM "schema_migrations"