sidekiq_web_google_auth 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a95d3b7b58d3d19c6d13f84edea91a443ea09c944098d8fc274909dc5b0d6f5f
-  data.tar.gz: e4a9320a379a21d000c7c51cb779aba75574016c65bb60e7e0edd8841c6dfac4
+  metadata.gz: 1a36fce164dda6b6f8809ca5157f7c0be81f45a418b645ebe4dfce7b8bfa7e1e
+  data.tar.gz: 4bc9c49d6ad42e542164d9ab2df5cfcebf93a7386d78a0a2282d78c34218265c
 SHA512:
-  metadata.gz: e6c1ee2d889c7c825ae1215f52a883304a0814aa1a7a56ce88044140bc8440adf47702fdc694c9b0c0dd3cfe6e4ac69c79ca05d9f1f89ffbba59f3a42edd6c98
-  data.tar.gz: 04b5baedba8a58f10159bdbdb4653586ef0a4298f63e3f76848cfe9fba23a930ea5325c83a57f1c7a3ac6de4dc35669ee88ac206bfd974aeb603d068d9db2cd9
+  metadata.gz: 81745342e845ca3438c70d08fa31d6a0d19eaa8d2a0fc2cd98ba0ad37a1d7fecffd934931030856a5b7a2d9e3f24686439f814d1e17e87c0ffcabf624f5105b2
+  data.tar.gz: 70d145273192809184660787169e4d40957f4f1089a53005c1d8f5bf2dcc246e56987c601e3a65da41d66b9b679fdec215de6a5c7973f4391b2b8db1dd451e4d

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    sidekiq_web_google_auth (0.1.1)
+    sidekiq_web_google_auth (0.1.2)
       omniauth
       omniauth-google-oauth2
 

data/README.md

@@ -26,13 +26,15 @@ Or install it yourself as:
 Initialize builder:
 
 ```ruby
-    Sidekiq::Web.use(SidekiqWebGoogleAuth::Builder) do
-      provider(
-        "example_client_id", # Google OAuth client ID
-        "example_client_secret", # Google OAuth client secret
-        authorized_emails: %w[test@mail.com], # List of authorized emails
-      )
-   end
+  Sidekiq::Web.use(SidekiqWebGoogleAuth::Builder) do 
+    provider(
+      "example_client_id", # Google OAuth client ID
+      "example_client_secret", # Google OAuth client secret
+      # You must provide at least one of: authorized_emails, authorized_email_domains
+      authorized_emails: %w[test@mail.com], # List of authorized emails
+      authorized_emails_domains: %w[mail.com], # List of authorized emails domains
+    )
+  end
 ```
 
 ## Contributing

data/lib/sidekiq_web_google_auth/builder.rb

@@ -4,9 +4,23 @@ require_relative "extension"
 
 module SidekiqWebGoogleAuth
   class Builder < OmniAuth::Builder
-    def provider(*args, authorized_emails:, **options, &block)
+    class ArgumentError < StandardError; end
+
+    ARGUMENT_ERROR = "You must provide authorized_emails or authorized_emails_domains (or both)"
+
+    def provider(*args, authorized_emails: [], authorized_emails_domains: [], **options, &block)
+      invalid_arguments! if authorized_emails.empty? && authorized_emails_domains.empty?
       super("google_oauth2", *args, options.merge(name: "oauth"), &block)
-      Sidekiq::Web.register(SidekiqWebGoogleAuth::Extension.new(authorized_emails))
+
+      SidekiqWebGoogleAuth::Extension.authorized_emails = authorized_emails
+      SidekiqWebGoogleAuth::Extension.authorized_emails_domains = authorized_emails_domains
+      Sidekiq::Web.register(SidekiqWebGoogleAuth::Extension)
+    end
+
+    private
+
+    def invalid_arguments!
+      raise ArgumentError.new(ARGUMENT_ERROR)
     end
   end
 end

data/lib/sidekiq_web_google_auth/extension.rb

@@ -3,43 +3,50 @@
 # Idea taken from https://github.com/mperham/sidekiq/issues/2460#issuecomment-125694743
 module SidekiqWebGoogleAuth
   class Extension
-    def initialize(authorized_emails)
-      @authorized_emails = authorized_emails
-    end
-
-    def registered(app) # rubocop:disable Metrics/MethodLength
-      authorized_emails = @authorized_emails
+    class << self
+      attr_accessor :authorized_emails, :authorized_emails_domains
 
-      app.before do
-        if !session[:authenticated] && !request.path_info.start_with?("/auth")
-          redirect("#{root_path}auth/page")
-        end
+      def valid_email?(email)
+        authorized_emails.empty? || authorized_emails.include?(email)
       end
 
-      app.get "/auth/page" do
-        "Please <a href='#{root_path}auth/oauth'>authenticate via Google</a>."
+      def valid_email_domain?(email)
+        authorized_emails_domains.empty? || authorized_emails_domains.include?(email[/(?<=@).+/])
       end
 
-      app.get "/auth/oauth/callback" do
-        auth = request.env["omniauth.auth"]
+      def registered(app) # rubocop:disable Metrics/MethodLength
+        app.before do
+          if !session[:authenticated] && !request.path_info.start_with?("/auth")
+            redirect("#{root_path}auth/page")
+          end
+        end
+
+        app.get "/auth/page" do
+          "Please <a href='#{root_path}auth/oauth'>authenticate via Google</a>."
+        end
+
+        app.get "/auth/oauth/callback" do
+          auth = request.env["omniauth.auth"]
+          ext = SidekiqWebGoogleAuth::Extension
+
+          if auth && ext.valid_email?(auth.info.email) && ext.valid_email_domain?(auth.info.email)
+            session[:authenticated] = true
+            redirect(root_path)
+          else
+            OmniAuth.logger.warn(
+              "Someone unauthorized is trying to gain access to Sidekiq: #{auth.info}",
+            )
+            redirect("#{root_path}auth/page")
+          end
+        end
 
-        if auth && authorized_emails.include?(auth.info.email)
-          session[:authenticated] = true
+        app.get "/logout" do
+          session.clear
           redirect(root_path)
-        else
-          OmniAuth.logger.warn(
-            "Someone unauthorized is trying to gain access to Sidekiq: #{auth.info}",
-          )
-          redirect("#{root_path}auth/page")
         end
-      end
 
-      app.get "/logout" do
-        session.clear
-        redirect(root_path)
+        app.tabs["Logout"] = "logout"
       end
-
-      app.tabs["Logout"] = "logout"
     end
   end
 end

data/sidekiq_web_google_auth.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |spec|
   spec.name          = "sidekiq_web_google_auth"
-  spec.version       = "0.1.1"
+  spec.version       = "0.1.2"
   spec.authors       = ["Igor Kir"]
   spec.email         = ["igor.kir@cadolabs.io"]
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sidekiq_web_google_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Igor Kir
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-06-22 00:00:00.000000000 Z
+date: 2022-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth