RubyGems - opensesame - Versions diffs - 0.0.2 → 0.1.0 - Mend

opensesame 0.0.2 → 0.1.0

Files changed (111) hide show

data/README.md CHANGED Viewed

@@ -1,8 +1,8 @@
 # OpenSesame
-OpenSesame is a [Warden](https://github.com/hassox/warden) strategy for providing "walled garden" authentication for access to Rack-based applications via Omniauth. For example, your company has internal apps and/or staging enviroments for multiple projects and you want something better than HTTP basic auth. The intent is protect the visibility of your app from the outside world.
+OpenSesame is a [Warden](https://github.com/hassox/warden) strategy for providing "walled garden" authentication for access to Rack-based applications via Omniauth. The intent is protect the visibility of your app from the outside world. For example, your company has internal apps and/or staging enviroments for multiple projects and you want something better than HTTP basic auth.
-Enter OpenSesame. To authenticate, OpenSesame currently uses Omniauth and the Github API to require that a user is both logged in to Github and a member of the configurable Github organization.
+Enter OpenSesame. To authenticate, OpenSesame currently uses Omniauth and the Github API to require that a user is both logged in to Github and a member of the Github organization for which OpenSesame is configured.
 ## Usage
@@ -11,23 +11,24 @@ In your Gemfile:
     $ gem "opensesame"
 Register your application(s) with Github for OAuth access. For each application, you need a name, the site url,
-and a callback for OAuth. The OmniAuth-Github OAuth strategy used under the hood will expect the callback at mount path + '/auth/github/callback'. So the development version of your client application might be registered as:
+and a callback for OAuth. The OmniAuth-Github OAuth strategy used under the hood will expect the callback at mount path + '/github/callback'. So the development version of your client application might be registered as:
     Name: MyApp - local
     URL: http://localhost:3000
-    Callback URL: http://localhost:3000/welcome/auth/github/callback
+    Callback URL: http://localhost:3000/opensesame/github/callback
 Configure OpenSesame:
 ```ruby
-# Rails config/initializers/opensesame.rb or Sinatra app.rb
+# Rails config/initializers/opensesame.rb
 require 'opensesame'
 OpenSesame.configure do |config|
-  config.github       ENV['CAPITAN_GITHUB_KEY'], ENV['CAPITAN_GITHUB_SECRET']
+  config.enable       Rails.env.staging?
+  config.github       ENV['GITHUB_APP_ID'], ENV['GITHUB_SECRET']
   config.organization 'challengepost'
-  config.mounted_at   '/welcome'
+  config.mounted_at   '/opensesame'
 end
 ```
@@ -36,5 +37,5 @@ Mount OpenSesame in your Rails routes.rb:
 ```ruby
 # Rails config/routes.rb
-mount OpenSesame::Engine => "/welcome", :as => "opensesame"
+mount OpenSesame::Engine => "/opensesame", :as => "opensesame"
 ```

data/app/assets/stylesheets/open_sesame/{application.css → opensesame.css} RENAMED Viewed

@@ -9,6 +9,5 @@
  * compiled file, but it's generally better to create a new file per style scope.
  *
  *= require_self
- *= require ./opensesame_bootstrap
  *= require ./welcome
 */

data/app/assets/stylesheets/open_sesame/{welcome.css.scss → welcome.css} RENAMED Viewed

@@ -49,4 +49,53 @@ pre, code { font-family: monospace, sans-serif; font-size: 1em; color:#080; }
 .field input { border: 1px solid #CCC; }
 #grant, #deny { padding: 5px 0px }
-.green { color: green }
+.green { color: green }
+.btn {
+display: inline-block;
+padding: 4px 10px 4px;
+margin-bottom: 0;
+font-size: 13px;
+line-height: 18px;
+color: #333;
+text-align: center;
+text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75);
+vertical-align: middle;
+cursor: pointer;
+background-color: whiteSmoke;
+background-image: -ms-linear-gradient(top, white, #E6E6E6);
+background-image: -webkit-gradient(linear, 0 0, 0 100%, from(white), to(#E6E6E6));
+background-image: -webkit-linear-gradient(top, white, #E6E6E6);
+background-image: -o-linear-gradient(top, white, #E6E6E6);
+background-image: linear-gradient(top, white, #E6E6E6);
+background-image: -moz-linear-gradient(top, white, #E6E6E6);
+background-repeat: repeat-x;
+border: 1px solid #CCC;
+border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);
+border-bottom-color: #B3B3B3;
+-webkit-border-radius: 4px;
+-moz-border-radius: 4px;
+border-radius: 4px;
+filter: progid:dximagetransform.microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);
+filter: progid:dximagetransform.microsoft.gradient(enabled=false);
+-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);
+-moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);
+box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);
+}
+.btn-large {
+  font-size: 20px;
+font-weight: normal;
+padding: 14px 24px;
+margin-right: 10px;
+-webkit-border-radius: 6px;
+-moz-border-radius: 6px;
+border-radius: 6px;
+}
+.content-header {
+  border-bottom: 1px solid #ccc;
+  margin-bottom: 1em;
+}
+.content-header h1 { font-size: 24px; }

data/app/controllers/open_sesame/application_controller.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 module OpenSesame
   class ApplicationController < ActionController::Base
-    include OpenSesame::ViewHelper
+    include OpenSesame::Helpers::ViewHelper
   end
 end

data/app/controllers/open_sesame/sessions_controller.rb CHANGED Viewed

@@ -14,14 +14,12 @@ module OpenSesame
     end
     def create
-      warden.authenticate!(:scope => :opensesame)
-      flash[:success] = "Welcome!"
+      login_opensesame
       redirect_to main_app.root_url
     end
     def destroy
-      warden.logout(:opensesame)
-      flash[:notice] = "Logged out!"
+      logout_opensesame
       redirect_to main_app.root_url
     end
@@ -33,19 +31,38 @@ module OpenSesame
     def attempt_auto_authenticate
       return unless attempt_auto_access?
       redirect_to identity_request_path(OpenSesame.auto_access_provider)
     end
     def attempt_auto_access?
+      return false if just_logged_out?
       return false unless OpenSesame.auto_access_provider.present?
       attempts = session[:opensesame_auto_access_attempt].to_i
       session[:opensesame_auto_access_attempt] = attempts + 1
       attempts < 1
     end
+    def just_logged_out?
+      !!session[:opensesame_logged_out].tap do
+        session[:opensesame_logged_out] = nil
+      end
+    end
     def clear_auto_attempt!
       session[:opensesame_auto_access_attempt] = nil
     end
+    def login_opensesame
+      warden.authenticate!(:scope => :opensesame)
+      flash[:success] = "Welcome!"
+    end
+    def logout_opensesame
+      warden.logout(:opensesame)
+      session[:opensesame_logged_out] = 1
+      flash[:notice] = "Logged out!"
+    end
   end
 end

data/app/helpers/open_sesame/application_helper.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 module OpenSesame
   module ApplicationHelper
-    include OpenSesame::ViewHelper
+    include OpenSesame::Helpers::ViewHelper
   end
 end

data/app/views/layouts/open_sesame/application.html.erb CHANGED Viewed

@@ -2,8 +2,7 @@
 <html>
 <head>
   <title>OpenSesame</title>
-  <%= stylesheet_link_tag    "open_sesame/application", :media => "all" %>
-  <%= javascript_include_tag "open_sesame/application" %>
+  <%= stylesheet_link_tag    "open_sesame/opensesame", :media => "all" %>
   <%= csrf_meta_tags %>
 </head>
 <body>

data/config/routes.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 OpenSesame::Engine.routes.draw do
   root :to => "sessions#new"
-  match '/auth/:provider/callback', :to => 'sessions#create'
-  match '/auth/failure', :to => 'sessions#failure'
+  match '/:provider/callback', :to => 'sessions#create'
+  match '/:provider/failure', :to => 'sessions#failure'
   match '/login', :to => 'sessions#new', :as => :sign_in
   match '/logout', :to => 'sessions#destroy', :as => :sign_out
 end

data/lib/open_sesame/configuration.rb CHANGED Viewed

@@ -1,9 +1,10 @@
+# encoding: utf-8
 module OpenSesame
   class ConfigurationError < RuntimeError; end
   class Configuration
-    CONFIGURABLE_ATTRIBUTES = [:organization_name, :mount_prefix, :github_client,
-      :enabled, :enable_clause, :full_host, :auto_access_provider]
+    CONFIGURABLE_ATTRIBUTES = [:organization_name, :mount_prefix, :github_client,
+      :enabled, :full_host, :auto_access_provider]
     attr_accessor *CONFIGURABLE_ATTRIBUTES
     def mounted_at(mount_prefix)
@@ -26,24 +27,20 @@ module OpenSesame
       self.auto_access_provider = provider
     end
-    def enable_if(conditional)
-      self.enabled = nil
-      self.enable_clause = lambda { conditional }
-    end
     def enable!
-      self.enable_clause = nil
       self.enabled = true
     end
     def disable!
-      self.enable_clause = nil
       self.enabled = false
     end
+    def enable(enabled)
+      self.enabled = !!enabled
+    end
     def enabled?
-      (!self.enabled.nil? && self.enabled) ||
-      (!self.enable_clause.nil? && self.enable_clause.call)
+      self.enabled
     end
     def configure
@@ -70,14 +67,14 @@ module OpenSesame
       # config/initializers/open_sesame.rb
       OpenSesame.configure do |config|
         config.organization 'challengepost'
-        config.mounted_at   '/welcome'
+        config.mounted_at   '/opensesame'
         config.github       ENV['CAPITAN_GITHUB_KEY'], ENV['CAPITAN_GITHUB_SECRET']
       end
       When you register the app, make sure to point the callback url to
       the engine mountpoint + /auth/github/callback. For example, if your
       development app is on http://localhost:3000 and you're mounting
-      the OpenSesame::Engine at '/welcome', your github
+      the OpenSesame::Engine at '/opensesame', your github
       callback url should be:
       http://localhost:3000/auth/github/callback

data/lib/open_sesame/engine.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'opensesame-github'
+# encoding: utf-8
 module OpenSesame
   class Engine < ::Rails::Engine
@@ -9,41 +9,40 @@ module OpenSesame
     end
     ActiveSupport.on_load(:action_controller) do
-      include OpenSesame::ControllerHelper
+      include OpenSesame::Helpers::ControllerHelper
     end
     ActiveSupport.on_load(:action_view) do
-      include OpenSesame::ViewHelper
+      include OpenSesame::Helpers::ViewHelper
     end
     initializer "opensesame.middleware", :after => :load_config_initializers do |app|
-      OpenSesame.configuration.validate!
+      if OpenSesame.enabled?
+        require 'open_sesame/github_warden'
-      OpenSesame::Github.organization_name = OpenSesame.organization_name
+        app.config.assets.precompile += ['opensesame.css']
-      middleware.use OmniAuth::Builder do
-        configure do |config|
-          config.path_prefix = '/auth'
-          config.full_host = OpenSesame.full_host if OpenSesame.full_host
-        end
+        OpenSesame.configuration.validate!
-        provider :github, OpenSesame.github_client[:id], OpenSesame.github_client[:secret]
-      end
+        app.config.middleware.use OpenSesame::GithubAuth,
+          OpenSesame.github_client[:id],
+          OpenSesame.github_client[:secret],
+          :path_prefix => OpenSesame.mount_prefix
-      if defined?(Devise)
-        Devise.setup do |config|
-          config.warden do |manager|
+        if defined?(Devise)
+          Devise.setup do |config|
+            config.warden do |manager|
+              manager.default_strategies(:opensesame_github, :scope => :opensesame)
+              manager.failure_app = OpenSesame::Failure::DeviseApp.new
+            end
+          end
+        else
+          app.config.middleware.use ::Warden::Manager do |manager|
             manager.default_strategies(:opensesame_github, :scope => :opensesame)
-            manager.failure_app = OpenSesame::FailureApp.new
+            manager.failure_app = OpenSesame::Failure::App.new
           end
         end
-      else
-        app.config.middleware.use Warden::Manager do |manager|
-          manager.default_strategies(:opensesame_github, :scope => :opensesame)
-          manager.failure_app = lambda { |env| OpenSesame::SessionsController.action(:new).call(env)}
-        end
       end
     end
   end
 end

data/lib/open_sesame/failure/app.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module OpenSesame
+  module Failure
+    class App
+      def call(env)
+        OpenSesame::SessionsController.action(:new).call(env)
+      end
+    end
+  end
+end

data/lib/open_sesame/failure/devise_app.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# encoding: utf-8
+require 'devise'
+module OpenSesame
+  module Failure
+    class DeviseApp < ::Devise::Delegator
+      def call(env)
+        if (env['warden.options'] && (scope = env["warden.options"][:scope]) && scope == :opensesame)
+          OpenSesame::SessionsController.action(:new).call(env)
+        else
+          super
+        end
+      end
+    end
+  end
+end

data/lib/open_sesame/github_auth.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# encoding: utf-8
+require 'omniauth-github'
+module OpenSesame
+  class GithubAuth < ::OmniAuth::Strategies::GitHub
+    option :name, 'github'
+    option :path_prefix, OpenSesame.mount_prefix
+  end
+end

data/lib/open_sesame/github_warden.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# encoding: utf-8
+require 'warden'
+module OpenSesame
+  class GithubWarden < ::Warden::Strategies::Base
+    def valid?
+      auth_hash && auth_hash["provider"] == "github"
+    end
+    def authenticate!
+      if member = OpenSesame::Member.find(auth_hash["uid"])
+        success! member
+      else
+        fail 'Sorry, you do not have access'
+      end
+    end
+    def auth_hash
+      request.env['omniauth.auth']
+    end
+  end
+end
+::Warden::Strategies.add(:opensesame_github, OpenSesame::GithubWarden)

data/lib/open_sesame/{controller_helper.rb → helpers/controller_helper.rb} RENAMED Viewed

@@ -1,5 +1,6 @@
+# encoding: utf-8
 module OpenSesame
-  module ControllerHelper
+  module Helpers::ControllerHelper
     extend ActiveSupport::Concern
     def warden

data/lib/open_sesame/{view_helper.rb → helpers/view_helper.rb} RENAMED Viewed

@@ -1,14 +1,15 @@
+# encoding: utf-8
 module OpenSesame
-  module ViewHelper
+  module Helpers::ViewHelper
     def login_image_link_to(provider)
-      link_to identity_request_path(provider), class: "btn btn-large" do
+      link_to identity_request_path(provider), :class => "btn btn-large" do
         image_tag("open_sesame/#{provider}_64.png") + "<br/><span>#{provider}</span>".html_safe
       end
     end
     def identity_request_path(provider)
-      [OpenSesame.mount_prefix, 'auth', provider].join('/')
+      [OpenSesame.mount_prefix, provider].join('/')
     end
   end

data/lib/open_sesame/member.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# encoding: utf-8
+require "octokit"
+module OpenSesame
+  class Member
+    def self.organization_name
+      OpenSesame.organization_name
+    end
+    def self.find(member_id)
+      return nil unless member_id.present?
+      attributes = organization_members.detect { |member| member.id.to_s == member_id.to_s }
+      return nil unless attributes.present?
+      new(attributes)
+    end
+    def self.organization_members
+      github_api.organization_members(organization_name)
+    end
+    def self.github_api
+      @github_api ||= Octokit.new
+    end
+    def self.lazy_attr_reader(*attrs)
+      attrs.each do |attribute|
+        class_eval do
+          define_method(attribute) do
+            @attributes[attribute.to_s] || @attributes[attribute] # allow string or symbol access
+          end
+        end
+      end
+    end
+    def self.serialize_into_session(member)
+      [member.id]
+    end
+    def self.serialize_from_session(*args)
+      id = args.shift
+      find(id)
+    end
+    attr_accessor :attributes
+    lazy_attr_reader :id, :login, :avatar_url, :gravatar_id, :url
+    def initialize(attributes = {})
+      @attributes = attributes
+    end
+    def id
+      @attributes["id"]
+    end
+    def organization_name
+      self.class.organization_name
+    end
+    def ==(other)
+      super || (other.class == self.class && other.id == self.id)
+    end
+  end
+end

data/lib/open_sesame/version.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# encoding: utf-8
 module OpenSesame
-  VERSION = "0.0.2"
+  VERSION = "0.1.0"
 end

data/lib/open_sesame.rb CHANGED Viewed

@@ -2,11 +2,23 @@ module OpenSesame
   extend self
   autoload :Configuration, 'open_sesame/configuration'
-  autoload :ControllerHelper, 'open_sesame/controller_helper'
-  autoload :ViewHelper, 'open_sesame/view_helper'
+  autoload :GithubAuth, 'open_sesame/github_auth'
+  autoload :GithubWarden, 'open_sesame/github_warden'
   autoload :FailureApp, 'open_sesame/failure_app'
+  autoload :Member, 'open_sesame/member'
-  delegate *Configuration::CONFIGURABLE_ATTRIBUTES, :to => :configuration
+  module Helpers
+    autoload :ControllerHelper, 'open_sesame/helpers/controller_helper'
+    autoload :ViewHelper, 'open_sesame/helpers/view_helper'
+  end
+  module Failure
+    autoload :App, 'open_sesame/failure/app'
+    autoload :DeviseApp, 'open_sesame/failure/devise_app'
+  end
+  @to_configuration = Configuration::CONFIGURABLE_ATTRIBUTES + [:to => :configuration]
+  delegate *@to_configuration
   delegate :enabled?, :to => :configuration
   mattr_accessor :configuration
@@ -18,4 +30,4 @@ module OpenSesame
   end
 end
-require "open_sesame/engine"
+require "open_sesame/engine" if defined?(Rails)

data/spec/dummy/app/views/home/index.html.erb CHANGED Viewed

@@ -1 +1,3 @@
-<h1>Welcome Home!</h1>
+<h1>Welcome Home!</h1>
+<%= link_to "Logout", opensesame.sign_out_path %>

data/spec/dummy/config/initializers/opensesame.rb CHANGED Viewed

@@ -1,7 +1,21 @@
 require "opensesame"
+app_id = ENV['GITHUB_APP_ID']
+secret = ENV['GITHUB_SECRET']
+if app_id.nil?
+  puts "Setting app_id to dummy string"
+  app_id = 'dummy_app_id'
+end
+if secret.nil?
+  puts "Setting secret to dummy string"
+  secret = 'dummy_secret'
+end
 OpenSesame.configure do |config|
+  config.enable       true
   config.organization 'challengepost'
-  config.mounted_at   '/welcome'
-  config.github       'github_client_id', 'github_client_secret'
+  config.mounted_at   '/opensesame'
+  config.github       app_id, secret
 end

data/spec/dummy/config/initializers/session_store.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # Be sure to restart your server when you modify this file.
-Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
+Dummy::Application.config.session_store :cookie_store, :key => '_dummy_session'
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information

data/spec/dummy/config/initializers/wrap_parameters.rb CHANGED Viewed

@@ -5,7 +5,7 @@
 # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
 ActiveSupport.on_load(:action_controller) do
-  wrap_parameters format: [:json]
+  wrap_parameters :format => [:json]
 end
 # Disable root element in JSON by default.

data/spec/dummy/config/routes.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 Rails.application.routes.draw do
   root :to => "home#index"
-  mount OpenSesame::Engine => "/welcome"
+  mount OpenSesame::Engine => "/opensesame", :as => :opensesame
 end

data/spec/dummy/db/development.sqlite3 CHANGED Viewed

Binary file