sidekiq_web_google_auth 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +9 -7
- data/lib/sidekiq_web_google_auth/builder.rb +16 -2
- data/lib/sidekiq_web_google_auth/extension.rb +34 -27
- data/sidekiq_web_google_auth.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1a36fce164dda6b6f8809ca5157f7c0be81f45a418b645ebe4dfce7b8bfa7e1e
|
4
|
+
data.tar.gz: 4bc9c49d6ad42e542164d9ab2df5cfcebf93a7386d78a0a2282d78c34218265c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 81745342e845ca3438c70d08fa31d6a0d19eaa8d2a0fc2cd98ba0ad37a1d7fecffd934931030856a5b7a2d9e3f24686439f814d1e17e87c0ffcabf624f5105b2
|
7
|
+
data.tar.gz: 70d145273192809184660787169e4d40957f4f1089a53005c1d8f5bf2dcc246e56987c601e3a65da41d66b9b679fdec215de6a5c7973f4391b2b8db1dd451e4d
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -26,13 +26,15 @@ Or install it yourself as:
|
|
26
26
|
Initialize builder:
|
27
27
|
|
28
28
|
```ruby
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
29
|
+
Sidekiq::Web.use(SidekiqWebGoogleAuth::Builder) do
|
30
|
+
provider(
|
31
|
+
"example_client_id", # Google OAuth client ID
|
32
|
+
"example_client_secret", # Google OAuth client secret
|
33
|
+
# You must provide at least one of: authorized_emails, authorized_email_domains
|
34
|
+
authorized_emails: %w[test@mail.com], # List of authorized emails
|
35
|
+
authorized_emails_domains: %w[mail.com], # List of authorized emails domains
|
36
|
+
)
|
37
|
+
end
|
36
38
|
```
|
37
39
|
|
38
40
|
## Contributing
|
@@ -4,9 +4,23 @@ require_relative "extension"
|
|
4
4
|
|
5
5
|
module SidekiqWebGoogleAuth
|
6
6
|
class Builder < OmniAuth::Builder
|
7
|
-
|
7
|
+
class ArgumentError < StandardError; end
|
8
|
+
|
9
|
+
ARGUMENT_ERROR = "You must provide authorized_emails or authorized_emails_domains (or both)"
|
10
|
+
|
11
|
+
def provider(*args, authorized_emails: [], authorized_emails_domains: [], **options, &block)
|
12
|
+
invalid_arguments! if authorized_emails.empty? && authorized_emails_domains.empty?
|
8
13
|
super("google_oauth2", *args, options.merge(name: "oauth"), &block)
|
9
|
-
|
14
|
+
|
15
|
+
SidekiqWebGoogleAuth::Extension.authorized_emails = authorized_emails
|
16
|
+
SidekiqWebGoogleAuth::Extension.authorized_emails_domains = authorized_emails_domains
|
17
|
+
Sidekiq::Web.register(SidekiqWebGoogleAuth::Extension)
|
18
|
+
end
|
19
|
+
|
20
|
+
private
|
21
|
+
|
22
|
+
def invalid_arguments!
|
23
|
+
raise ArgumentError.new(ARGUMENT_ERROR)
|
10
24
|
end
|
11
25
|
end
|
12
26
|
end
|
@@ -3,43 +3,50 @@
|
|
3
3
|
# Idea taken from https://github.com/mperham/sidekiq/issues/2460#issuecomment-125694743
|
4
4
|
module SidekiqWebGoogleAuth
|
5
5
|
class Extension
|
6
|
-
|
7
|
-
|
8
|
-
end
|
9
|
-
|
10
|
-
def registered(app) # rubocop:disable Metrics/MethodLength
|
11
|
-
authorized_emails = @authorized_emails
|
6
|
+
class << self
|
7
|
+
attr_accessor :authorized_emails, :authorized_emails_domains
|
12
8
|
|
13
|
-
|
14
|
-
|
15
|
-
redirect("#{root_path}auth/page")
|
16
|
-
end
|
9
|
+
def valid_email?(email)
|
10
|
+
authorized_emails.empty? || authorized_emails.include?(email)
|
17
11
|
end
|
18
12
|
|
19
|
-
|
20
|
-
|
13
|
+
def valid_email_domain?(email)
|
14
|
+
authorized_emails_domains.empty? || authorized_emails_domains.include?(email[/(?<=@).+/])
|
21
15
|
end
|
22
16
|
|
23
|
-
app
|
24
|
-
|
17
|
+
def registered(app) # rubocop:disable Metrics/MethodLength
|
18
|
+
app.before do
|
19
|
+
if !session[:authenticated] && !request.path_info.start_with?("/auth")
|
20
|
+
redirect("#{root_path}auth/page")
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
app.get "/auth/page" do
|
25
|
+
"Please <a href='#{root_path}auth/oauth'>authenticate via Google</a>."
|
26
|
+
end
|
27
|
+
|
28
|
+
app.get "/auth/oauth/callback" do
|
29
|
+
auth = request.env["omniauth.auth"]
|
30
|
+
ext = SidekiqWebGoogleAuth::Extension
|
31
|
+
|
32
|
+
if auth && ext.valid_email?(auth.info.email) && ext.valid_email_domain?(auth.info.email)
|
33
|
+
session[:authenticated] = true
|
34
|
+
redirect(root_path)
|
35
|
+
else
|
36
|
+
OmniAuth.logger.warn(
|
37
|
+
"Someone unauthorized is trying to gain access to Sidekiq: #{auth.info}",
|
38
|
+
)
|
39
|
+
redirect("#{root_path}auth/page")
|
40
|
+
end
|
41
|
+
end
|
25
42
|
|
26
|
-
|
27
|
-
session
|
43
|
+
app.get "/logout" do
|
44
|
+
session.clear
|
28
45
|
redirect(root_path)
|
29
|
-
else
|
30
|
-
OmniAuth.logger.warn(
|
31
|
-
"Someone unauthorized is trying to gain access to Sidekiq: #{auth.info}",
|
32
|
-
)
|
33
|
-
redirect("#{root_path}auth/page")
|
34
46
|
end
|
35
|
-
end
|
36
47
|
|
37
|
-
|
38
|
-
session.clear
|
39
|
-
redirect(root_path)
|
48
|
+
app.tabs["Logout"] = "logout"
|
40
49
|
end
|
41
|
-
|
42
|
-
app.tabs["Logout"] = "logout"
|
43
50
|
end
|
44
51
|
end
|
45
52
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sidekiq_web_google_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Igor Kir
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-06-
|
11
|
+
date: 2022-06-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth
|