sidekiq_web_google_auth 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +9 -7
- data/lib/sidekiq_web_google_auth/builder.rb +16 -2
- data/lib/sidekiq_web_google_auth/extension.rb +34 -27
- data/sidekiq_web_google_auth.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a36fce164dda6b6f8809ca5157f7c0be81f45a418b645ebe4dfce7b8bfa7e1e
|
|
4
|
+
data.tar.gz: 4bc9c49d6ad42e542164d9ab2df5cfcebf93a7386d78a0a2282d78c34218265c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 81745342e845ca3438c70d08fa31d6a0d19eaa8d2a0fc2cd98ba0ad37a1d7fecffd934931030856a5b7a2d9e3f24686439f814d1e17e87c0ffcabf624f5105b2
|
|
7
|
+
data.tar.gz: 70d145273192809184660787169e4d40957f4f1089a53005c1d8f5bf2dcc246e56987c601e3a65da41d66b9b679fdec215de6a5c7973f4391b2b8db1dd451e4d
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -26,13 +26,15 @@ Or install it yourself as:
|
|
|
26
26
|
Initialize builder:
|
|
27
27
|
|
|
28
28
|
```ruby
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
29
|
+
Sidekiq::Web.use(SidekiqWebGoogleAuth::Builder) do
|
|
30
|
+
provider(
|
|
31
|
+
"example_client_id", # Google OAuth client ID
|
|
32
|
+
"example_client_secret", # Google OAuth client secret
|
|
33
|
+
# You must provide at least one of: authorized_emails, authorized_email_domains
|
|
34
|
+
authorized_emails: %w[test@mail.com], # List of authorized emails
|
|
35
|
+
authorized_emails_domains: %w[mail.com], # List of authorized emails domains
|
|
36
|
+
)
|
|
37
|
+
end
|
|
36
38
|
```
|
|
37
39
|
|
|
38
40
|
## Contributing
|
|
@@ -4,9 +4,23 @@ require_relative "extension"
|
|
|
4
4
|
|
|
5
5
|
module SidekiqWebGoogleAuth
|
|
6
6
|
class Builder < OmniAuth::Builder
|
|
7
|
-
|
|
7
|
+
class ArgumentError < StandardError; end
|
|
8
|
+
|
|
9
|
+
ARGUMENT_ERROR = "You must provide authorized_emails or authorized_emails_domains (or both)"
|
|
10
|
+
|
|
11
|
+
def provider(*args, authorized_emails: [], authorized_emails_domains: [], **options, &block)
|
|
12
|
+
invalid_arguments! if authorized_emails.empty? && authorized_emails_domains.empty?
|
|
8
13
|
super("google_oauth2", *args, options.merge(name: "oauth"), &block)
|
|
9
|
-
|
|
14
|
+
|
|
15
|
+
SidekiqWebGoogleAuth::Extension.authorized_emails = authorized_emails
|
|
16
|
+
SidekiqWebGoogleAuth::Extension.authorized_emails_domains = authorized_emails_domains
|
|
17
|
+
Sidekiq::Web.register(SidekiqWebGoogleAuth::Extension)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def invalid_arguments!
|
|
23
|
+
raise ArgumentError.new(ARGUMENT_ERROR)
|
|
10
24
|
end
|
|
11
25
|
end
|
|
12
26
|
end
|
|
@@ -3,43 +3,50 @@
|
|
|
3
3
|
# Idea taken from https://github.com/mperham/sidekiq/issues/2460#issuecomment-125694743
|
|
4
4
|
module SidekiqWebGoogleAuth
|
|
5
5
|
class Extension
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
def registered(app) # rubocop:disable Metrics/MethodLength
|
|
11
|
-
authorized_emails = @authorized_emails
|
|
6
|
+
class << self
|
|
7
|
+
attr_accessor :authorized_emails, :authorized_emails_domains
|
|
12
8
|
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
redirect("#{root_path}auth/page")
|
|
16
|
-
end
|
|
9
|
+
def valid_email?(email)
|
|
10
|
+
authorized_emails.empty? || authorized_emails.include?(email)
|
|
17
11
|
end
|
|
18
12
|
|
|
19
|
-
|
|
20
|
-
|
|
13
|
+
def valid_email_domain?(email)
|
|
14
|
+
authorized_emails_domains.empty? || authorized_emails_domains.include?(email[/(?<=@).+/])
|
|
21
15
|
end
|
|
22
16
|
|
|
23
|
-
app
|
|
24
|
-
|
|
17
|
+
def registered(app) # rubocop:disable Metrics/MethodLength
|
|
18
|
+
app.before do
|
|
19
|
+
if !session[:authenticated] && !request.path_info.start_with?("/auth")
|
|
20
|
+
redirect("#{root_path}auth/page")
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
app.get "/auth/page" do
|
|
25
|
+
"Please <a href='#{root_path}auth/oauth'>authenticate via Google</a>."
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
app.get "/auth/oauth/callback" do
|
|
29
|
+
auth = request.env["omniauth.auth"]
|
|
30
|
+
ext = SidekiqWebGoogleAuth::Extension
|
|
31
|
+
|
|
32
|
+
if auth && ext.valid_email?(auth.info.email) && ext.valid_email_domain?(auth.info.email)
|
|
33
|
+
session[:authenticated] = true
|
|
34
|
+
redirect(root_path)
|
|
35
|
+
else
|
|
36
|
+
OmniAuth.logger.warn(
|
|
37
|
+
"Someone unauthorized is trying to gain access to Sidekiq: #{auth.info}",
|
|
38
|
+
)
|
|
39
|
+
redirect("#{root_path}auth/page")
|
|
40
|
+
end
|
|
41
|
+
end
|
|
25
42
|
|
|
26
|
-
|
|
27
|
-
session
|
|
43
|
+
app.get "/logout" do
|
|
44
|
+
session.clear
|
|
28
45
|
redirect(root_path)
|
|
29
|
-
else
|
|
30
|
-
OmniAuth.logger.warn(
|
|
31
|
-
"Someone unauthorized is trying to gain access to Sidekiq: #{auth.info}",
|
|
32
|
-
)
|
|
33
|
-
redirect("#{root_path}auth/page")
|
|
34
46
|
end
|
|
35
|
-
end
|
|
36
47
|
|
|
37
|
-
|
|
38
|
-
session.clear
|
|
39
|
-
redirect(root_path)
|
|
48
|
+
app.tabs["Logout"] = "logout"
|
|
40
49
|
end
|
|
41
|
-
|
|
42
|
-
app.tabs["Logout"] = "logout"
|
|
43
50
|
end
|
|
44
51
|
end
|
|
45
52
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sidekiq_web_google_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Igor Kir
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-06-
|
|
11
|
+
date: 2022-06-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth
|