RubyGems - opensesame - Versions diffs - 0.0.2 → 0.1.0 - Mend

opensesame 0.0.2 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

data/README.md CHANGED Viewed

@@ -1,8 +1,8 @@
 # OpenSesame
-OpenSesame is a [Warden](https://github.com/hassox/warden) strategy for providing "walled garden" authentication for access to Rack-based applications via Omniauth. For example, your company has internal apps and/or staging enviroments for multiple projects and you want something better than HTTP basic auth. The intent is protect the visibility of your app from the outside world.
+OpenSesame is a [Warden](https://github.com/hassox/warden) strategy for providing "walled garden" authentication for access to Rack-based applications via Omniauth. The intent is protect the visibility of your app from the outside world. For example, your company has internal apps and/or staging enviroments for multiple projects and you want something better than HTTP basic auth.
-Enter OpenSesame. To authenticate, OpenSesame currently uses Omniauth and the Github API to require that a user is both logged in to Github and a member of the configurable Github organization.
+Enter OpenSesame. To authenticate, OpenSesame currently uses Omniauth and the Github API to require that a user is both logged in to Github and a member of the Github organization for which OpenSesame is configured.
 ## Usage
@@ -11,23 +11,24 @@ In your Gemfile:
     $ gem "opensesame"
 Register your application(s) with Github for OAuth access. For each application, you need a name, the site url,
-and a callback for OAuth. The OmniAuth-Github OAuth strategy used under the hood will expect the callback at mount path + '/auth/github/callback'. So the development version of your client application might be registered as:
+and a callback for OAuth. The OmniAuth-Github OAuth strategy used under the hood will expect the callback at mount path + '/github/callback'. So the development version of your client application might be registered as:
     Name: MyApp - local
     URL: http://localhost:3000
-    Callback URL: http://localhost:3000/welcome/auth/github/callback
+    Callback URL: http://localhost:3000/opensesame/github/callback
 Configure OpenSesame:
 ```ruby
-# Rails config/initializers/opensesame.rb or Sinatra app.rb
+# Rails config/initializers/opensesame.rb
 require 'opensesame'
 OpenSesame.configure do |config|
-  config.github       ENV['CAPITAN_GITHUB_KEY'], ENV['CAPITAN_GITHUB_SECRET']
+  config.enable       Rails.env.staging?
+  config.github       ENV['GITHUB_APP_ID'], ENV['GITHUB_SECRET']
   config.organization 'challengepost'
-  config.mounted_at   '/welcome'
+  config.mounted_at   '/opensesame'
 end
 ```
@@ -36,5 +37,5 @@ Mount OpenSesame in your Rails routes.rb:
 ```ruby
 # Rails config/routes.rb
-mount OpenSesame::Engine => "/welcome", :as => "opensesame"
+mount OpenSesame::Engine => "/opensesame", :as => "opensesame"
 ```

data/app/assets/stylesheets/open_sesame/{application.css → opensesame.css} RENAMED Viewed

@@ -9,6 +9,5 @@
  * compiled file, but it's generally better to create a new file per style scope.
  *
  *= require_self
- *= require ./opensesame_bootstrap
  *= require ./welcome
 */

data/app/assets/stylesheets/open_sesame/{welcome.css.scss → welcome.css} RENAMED Viewed

@@ -49,4 +49,53 @@ pre, code { font-family: monospace, sans-serif; font-size: 1em; color:#080; }
 .field input { border: 1px solid #CCC; }
 #grant, #deny { padding: 5px 0px }
-.green { color: green }
+.green { color: green }
+.btn {
+display: inline-block;
+padding: 4px 10px 4px;
+margin-bottom: 0;
+font-size: 13px;
+line-height: 18px;
+color: #333;
+text-align: center;
+text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75);
+vertical-align: middle;
+cursor: pointer;
+background-color: whiteSmoke;
+background-image: -ms-linear-gradient(top, white, #E6E6E6);
+background-image: -webkit-gradient(linear, 0 0, 0 100%, from(white), to(#E6E6E6));
+background-image: -webkit-linear-gradient(top, white, #E6E6E6);
+background-image: -o-linear-gradient(top, white, #E6E6E6);
+background-image: linear-gradient(top, white, #E6E6E6);
+background-image: -moz-linear-gradient(top, white, #E6E6E6);
+background-repeat: repeat-x;
+border: 1px solid #CCC;
+border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);
+border-bottom-color: #B3B3B3;
+-webkit-border-radius: 4px;
+-moz-border-radius: 4px;
+border-radius: 4px;
+filter: progid:dximagetransform.microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);
+filter: progid:dximagetransform.microsoft.gradient(enabled=false);
+-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);
+-moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);
+box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05);
+}
+.btn-large {
+  font-size: 20px;
+font-weight: normal;
+padding: 14px 24px;
+margin-right: 10px;
+-webkit-border-radius: 6px;
+-moz-border-radius: 6px;
+border-radius: 6px;
+}
+.content-header {
+  border-bottom: 1px solid #ccc;
+  margin-bottom: 1em;
+}
+.content-header h1 { font-size: 24px; }

data/app/controllers/open_sesame/application_controller.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 module OpenSesame
   class ApplicationController < ActionController::Base
-    include OpenSesame::ViewHelper
+    include OpenSesame::Helpers::ViewHelper
   end
 end

data/app/controllers/open_sesame/sessions_controller.rb CHANGED Viewed

@@ -14,14 +14,12 @@ module OpenSesame
     end
     def create
-      warden.authenticate!(:scope => :opensesame)
-      flash[:success] = "Welcome!"
+      login_opensesame
       redirect_to main_app.root_url
     end
     def destroy
-      warden.logout(:opensesame)
-      flash[:notice] = "Logged out!"
+      logout_opensesame
       redirect_to main_app.root_url
     end
@@ -33,19 +31,38 @@ module OpenSesame
     def attempt_auto_authenticate
       return unless attempt_auto_access?
       redirect_to identity_request_path(OpenSesame.auto_access_provider)
     end
     def attempt_auto_access?
+      return false if just_logged_out?
       return false unless OpenSesame.auto_access_provider.present?
       attempts = session[:opensesame_auto_access_attempt].to_i
       session[:opensesame_auto_access_attempt] = attempts + 1
       attempts < 1
     end
+    def just_logged_out?
+      !!session[:opensesame_logged_out].tap do
+        session[:opensesame_logged_out] = nil
+      end
+    end
     def clear_auto_attempt!
       session[:opensesame_auto_access_attempt] = nil
     end
+    def login_opensesame
+      warden.authenticate!(:scope => :opensesame)
+      flash[:success] = "Welcome!"
+    end
+    def logout_opensesame
+      warden.logout(:opensesame)
+      session[:opensesame_logged_out] = 1
+      flash[:notice] = "Logged out!"
+    end
   end
 end

data/app/helpers/open_sesame/application_helper.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 module OpenSesame
   module ApplicationHelper
-    include OpenSesame::ViewHelper
+    include OpenSesame::Helpers::ViewHelper
   end
 end

data/app/views/layouts/open_sesame/application.html.erb CHANGED Viewed

@@ -2,8 +2,7 @@
 <html>
 <head>
   <title>OpenSesame</title>
-  <%= stylesheet_link_tag    "open_sesame/application", :media => "all" %>
-  <%= javascript_include_tag "open_sesame/application" %>
+  <%= stylesheet_link_tag    "open_sesame/opensesame", :media => "all" %>
   <%= csrf_meta_tags %>
 </head>
 <body>

data/config/routes.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 OpenSesame::Engine.routes.draw do
   root :to => "sessions#new"
-  match '/auth/:provider/callback', :to => 'sessions#create'
-  match '/auth/failure', :to => 'sessions#failure'
+  match '/:provider/callback', :to => 'sessions#create'
+  match '/:provider/failure', :to => 'sessions#failure'
   match '/login', :to => 'sessions#new', :as => :sign_in
   match '/logout', :to => 'sessions#destroy', :as => :sign_out
 end

data/lib/open_sesame/configuration.rb CHANGED Viewed

@@ -1,9 +1,10 @@
+# encoding: utf-8
 module OpenSesame
   class ConfigurationError < RuntimeError; end
   class Configuration
-    CONFIGURABLE_ATTRIBUTES = [:organization_name, :mount_prefix, :github_client,
-      :enabled, :enable_clause, :full_host, :auto_access_provider]
+    CONFIGURABLE_ATTRIBUTES = [:organization_name, :mount_prefix, :github_client,
+      :enabled, :full_host, :auto_access_provider]
     attr_accessor *CONFIGURABLE_ATTRIBUTES
     def mounted_at(mount_prefix)
@@ -26,24 +27,20 @@ module OpenSesame
       self.auto_access_provider = provider
     end
-    def enable_if(conditional)
-      self.enabled = nil
-      self.enable_clause = lambda { conditional }
-    end
     def enable!
-      self.enable_clause = nil
       self.enabled = true
     end
     def disable!
-      self.enable_clause = nil
       self.enabled = false
     end
+    def enable(enabled)
+      self.enabled = !!enabled
+    end
     def enabled?
-      (!self.enabled.nil? && self.enabled) ||
-      (!self.enable_clause.nil? && self.enable_clause.call)
+      self.enabled
     end
     def configure
@@ -70,14 +67,14 @@ module OpenSesame
       # config/initializers/open_sesame.rb
       OpenSesame.configure do |config|
         config.organization 'challengepost'
-        config.mounted_at   '/welcome'
+        config.mounted_at   '/opensesame'
         config.github       ENV['CAPITAN_GITHUB_KEY'], ENV['CAPITAN_GITHUB_SECRET']
       end
       When you register the app, make sure to point the callback url to
       the engine mountpoint + /auth/github/callback. For example, if your
       development app is on http://localhost:3000 and you're mounting
-      the OpenSesame::Engine at '/welcome', your github
+      the OpenSesame::Engine at '/opensesame', your github
       callback url should be:
       http://localhost:3000/auth/github/callback

data/lib/open_sesame/engine.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'opensesame-github'
+# encoding: utf-8
 module OpenSesame
   class Engine < ::Rails::Engine
@@ -9,41 +9,40 @@ module OpenSesame
     end
     ActiveSupport.on_load(:action_controller) do
-      include OpenSesame::ControllerHelper
+      include OpenSesame::Helpers::ControllerHelper
     end
     ActiveSupport.on_load(:action_view) do
-      include OpenSesame::ViewHelper
+      include OpenSesame::Helpers::ViewHelper
     end
     initializer "opensesame.middleware", :after => :load_config_initializers do |app|
-      OpenSesame.configuration.validate!
+      if OpenSesame.enabled?
+        require 'open_sesame/github_warden'
-      OpenSesame::Github.organization_name = OpenSesame.organization_name
+        app.config.assets.precompile += ['opensesame.css']
-      middleware.use OmniAuth::Builder do
-        configure do |config|
-          config.path_prefix = '/auth'
-          config.full_host = OpenSesame.full_host if OpenSesame.full_host
-        end
+        OpenSesame.configuration.validate!
-        provider :github, OpenSesame.github_client[:id], OpenSesame.github_client[:secret]
-      end
+        app.config.middleware.use OpenSesame::GithubAuth,
+          OpenSesame.github_client[:id],
+          OpenSesame.github_client[:secret],
+          :path_prefix => OpenSesame.mount_prefix
-      if defined?(Devise)
-        Devise.setup do |config|
-          config.warden do |manager|
+        if defined?(Devise)
+          Devise.setup do |config|
+            config.warden do |manager|
+              manager.default_strategies(:opensesame_github, :scope => :opensesame)
+              manager.failure_app = OpenSesame::Failure::DeviseApp.new
+            end
+          end
+        else
+          app.config.middleware.use ::Warden::Manager do |manager|
             manager.default_strategies(:opensesame_github, :scope => :opensesame)
-            manager.failure_app = OpenSesame::FailureApp.new
+            manager.failure_app = OpenSesame::Failure::App.new
           end
         end
-      else
-        app.config.middleware.use Warden::Manager do |manager|
-          manager.default_strategies(:opensesame_github, :scope => :opensesame)
-          manager.failure_app = lambda { |env| OpenSesame::SessionsController.action(:new).call(env)}
-        end
       end
     end
   end
 end

data/lib/open_sesame/failure/app.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# encoding: utf-8
+module OpenSesame
+  module Failure
+    class App
+      def call(env)
+        OpenSesame::SessionsController.action(:new).call(env)
+      end
+    end
+  end
+end

data/lib/open_sesame/failure/devise_app.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# encoding: utf-8
+require 'devise'
+module OpenSesame
+  module Failure
+    class DeviseApp < ::Devise::Delegator
+      def call(env)
+        if (env['warden.options'] && (scope = env["warden.options"][:scope]) && scope == :opensesame)
+          OpenSesame::SessionsController.action(:new).call(env)
+        else
+          super
+        end
+      end
+    end
+  end
+end

data/lib/open_sesame/github_auth.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# encoding: utf-8
+require 'omniauth-github'
+module OpenSesame
+  class GithubAuth < ::OmniAuth::Strategies::GitHub
+    option :name, 'github'
+    option :path_prefix, OpenSesame.mount_prefix
+  end
+end

data/lib/open_sesame/github_warden.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# encoding: utf-8
+require 'warden'
+module OpenSesame
+  class GithubWarden < ::Warden::Strategies::Base
+    def valid?
+      auth_hash && auth_hash["provider"] == "github"
+    end
+    def authenticate!
+      if member = OpenSesame::Member.find(auth_hash["uid"])
+        success! member
+      else
+        fail 'Sorry, you do not have access'
+      end
+    end
+    def auth_hash
+      request.env['omniauth.auth']
+    end
+  end
+end
+::Warden::Strategies.add(:opensesame_github, OpenSesame::GithubWarden)

data/lib/open_sesame/{controller_helper.rb → helpers/controller_helper.rb} RENAMED Viewed

@@ -1,5 +1,6 @@
+# encoding: utf-8
 module OpenSesame
-  module ControllerHelper
+  module Helpers::ControllerHelper
     extend ActiveSupport::Concern
     def warden

data/lib/open_sesame/{view_helper.rb → helpers/view_helper.rb} RENAMED Viewed

@@ -1,14 +1,15 @@
+# encoding: utf-8
 module OpenSesame
-  module ViewHelper
+  module Helpers::ViewHelper
     def login_image_link_to(provider)
-      link_to identity_request_path(provider), class: "btn btn-large" do
+      link_to identity_request_path(provider), :class => "btn btn-large" do
         image_tag("open_sesame/#{provider}_64.png") + "<br/><span>#{provider}</span>".html_safe
       end
     end
     def identity_request_path(provider)
-      [OpenSesame.mount_prefix, 'auth', provider].join('/')
+      [OpenSesame.mount_prefix, provider].join('/')
     end
   end

data/lib/open_sesame/member.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# encoding: utf-8
+require "octokit"
+module OpenSesame
+  class Member
+    def self.organization_name
+      OpenSesame.organization_name
+    end
+    def self.find(member_id)
+      return nil unless member_id.present?
+      attributes = organization_members.detect { |member| member.id.to_s == member_id.to_s }
+      return nil unless attributes.present?
+      new(attributes)
+    end
+    def self.organization_members
+      github_api.organization_members(organization_name)
+    end
+    def self.github_api
+      @github_api ||= Octokit.new
+    end
+    def self.lazy_attr_reader(*attrs)
+      attrs.each do |attribute|
+        class_eval do
+          define_method(attribute) do
+            @attributes[attribute.to_s] || @attributes[attribute] # allow string or symbol access
+          end
+        end
+      end
+    end
+    def self.serialize_into_session(member)
+      [member.id]
+    end
+    def self.serialize_from_session(*args)
+      id = args.shift
+      find(id)
+    end
+    attr_accessor :attributes
+    lazy_attr_reader :id, :login, :avatar_url, :gravatar_id, :url
+    def initialize(attributes = {})
+      @attributes = attributes
+    end
+    def id
+      @attributes["id"]
+    end
+    def organization_name
+      self.class.organization_name
+    end
+    def ==(other)
+      super || (other.class == self.class && other.id == self.id)
+    end
+  end
+end

data/lib/open_sesame/version.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# encoding: utf-8
 module OpenSesame
-  VERSION = "0.0.2"
+  VERSION = "0.1.0"
 end

data/lib/open_sesame.rb CHANGED Viewed

@@ -2,11 +2,23 @@ module OpenSesame
   extend self
   autoload :Configuration, 'open_sesame/configuration'
-  autoload :ControllerHelper, 'open_sesame/controller_helper'
-  autoload :ViewHelper, 'open_sesame/view_helper'
+  autoload :GithubAuth, 'open_sesame/github_auth'
+  autoload :GithubWarden, 'open_sesame/github_warden'
   autoload :FailureApp, 'open_sesame/failure_app'
+  autoload :Member, 'open_sesame/member'
-  delegate *Configuration::CONFIGURABLE_ATTRIBUTES, :to => :configuration
+  module Helpers
+    autoload :ControllerHelper, 'open_sesame/helpers/controller_helper'
+    autoload :ViewHelper, 'open_sesame/helpers/view_helper'
+  end
+  module Failure
+    autoload :App, 'open_sesame/failure/app'
+    autoload :DeviseApp, 'open_sesame/failure/devise_app'
+  end
+  @to_configuration = Configuration::CONFIGURABLE_ATTRIBUTES + [:to => :configuration]
+  delegate *@to_configuration
   delegate :enabled?, :to => :configuration
   mattr_accessor :configuration
@@ -18,4 +30,4 @@ module OpenSesame
   end
 end
-require "open_sesame/engine"
+require "open_sesame/engine" if defined?(Rails)

data/spec/dummy/app/views/home/index.html.erb CHANGED Viewed

@@ -1 +1,3 @@
-<h1>Welcome Home!</h1>
+<h1>Welcome Home!</h1>
+<%= link_to "Logout", opensesame.sign_out_path %>

data/spec/dummy/config/initializers/opensesame.rb CHANGED Viewed

@@ -1,7 +1,21 @@
 require "opensesame"
+app_id = ENV['GITHUB_APP_ID']
+secret = ENV['GITHUB_SECRET']
+if app_id.nil?
+  puts "Setting app_id to dummy string"
+  app_id = 'dummy_app_id'
+end
+if secret.nil?
+  puts "Setting secret to dummy string"
+  secret = 'dummy_secret'
+end
 OpenSesame.configure do |config|
+  config.enable       true
   config.organization 'challengepost'
-  config.mounted_at   '/welcome'
-  config.github       'github_client_id', 'github_client_secret'
+  config.mounted_at   '/opensesame'
+  config.github       app_id, secret
 end

data/spec/dummy/config/initializers/session_store.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # Be sure to restart your server when you modify this file.
-Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
+Dummy::Application.config.session_store :cookie_store, :key => '_dummy_session'
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information

data/spec/dummy/config/initializers/wrap_parameters.rb CHANGED Viewed

@@ -5,7 +5,7 @@
 # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
 ActiveSupport.on_load(:action_controller) do
-  wrap_parameters format: [:json]
+  wrap_parameters :format => [:json]
 end
 # Disable root element in JSON by default.

data/spec/dummy/config/routes.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 Rails.application.routes.draw do
   root :to => "home#index"
-  mount OpenSesame::Engine => "/welcome"
+  mount OpenSesame::Engine => "/opensesame", :as => :opensesame
 end

data/spec/dummy/db/development.sqlite3 CHANGED Viewed

Binary file