simple_admin_auth 0.0.4 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +0 -1
- data/.ruby-version +1 -0
- data/.travis.yml +14 -0
- data/Gemfile +7 -0
- data/Gemfile.lock +142 -0
- data/README.md +67 -15
- data/config.ru +18 -6
- data/gemfiles/rack1.5.gemfile +11 -0
- data/gemfiles/rack1.5.gemfile.lock +71 -0
- data/gemfiles/rails3.2.gemfile +11 -0
- data/gemfiles/rails3.2.gemfile.lock +142 -0
- data/lib/simple_admin_auth/application.rb +33 -5
- data/lib/simple_admin_auth/builder.rb +4 -2
- data/lib/simple_admin_auth/openid_ssl.rb +26 -0
- data/lib/simple_admin_auth/{rack.rb → require_admin.rb} +1 -1
- data/lib/simple_admin_auth/version.rb +1 -1
- data/simple_admin_auth.gemspec +0 -1
- data/spec/application_spec.rb +23 -0
- data/spec/dummy/.gitignore +1 -0
- data/spec/dummy/application.rb +34 -0
- data/spec/integration_examples.rb +44 -0
- data/spec/rack_integration_spec.rb +31 -0
- data/spec/rails_integration_spec.rb +22 -0
- data/spec/spec_helper.rb +14 -0
- metadata +26 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bc29a3124835fb91b32a5afa1734763f3ce95a35
|
4
|
+
data.tar.gz: 207ca3f40452d2e68c941ffff5272afdc298fbdc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 487319a2ec55d8df28231b45d90cfeed39ca595f86b23181b9ee77ccd63c4426882bc368607b9a1946195088c411ac684d6d9e43576505f8fb2b47a1ae2cf81a
|
7
|
+
data.tar.gz: ee3d129bd67c21a2ec8bf9c88056ba3cb3c0aacba37c7ea6317559667bf5f587cbdde31c82f94dae30e382ce567fd6695fc6e8d35a2a93d9ed15bab6e280a766
|
data/.gitignore
CHANGED
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.0.0
|
data/.travis.yml
ADDED
data/Gemfile
CHANGED
data/Gemfile.lock
ADDED
@@ -0,0 +1,142 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
simple_admin_auth (0.1.0)
|
5
|
+
omniauth
|
6
|
+
sinatra
|
7
|
+
|
8
|
+
GEM
|
9
|
+
remote: https://rubygems.org/
|
10
|
+
specs:
|
11
|
+
actionmailer (3.2.13)
|
12
|
+
actionpack (= 3.2.13)
|
13
|
+
mail (~> 2.5.3)
|
14
|
+
actionpack (3.2.13)
|
15
|
+
activemodel (= 3.2.13)
|
16
|
+
activesupport (= 3.2.13)
|
17
|
+
builder (~> 3.0.0)
|
18
|
+
erubis (~> 2.7.0)
|
19
|
+
journey (~> 1.0.4)
|
20
|
+
rack (~> 1.4.5)
|
21
|
+
rack-cache (~> 1.2)
|
22
|
+
rack-test (~> 0.6.1)
|
23
|
+
sprockets (~> 2.2.1)
|
24
|
+
activemodel (3.2.13)
|
25
|
+
activesupport (= 3.2.13)
|
26
|
+
builder (~> 3.0.0)
|
27
|
+
activerecord (3.2.13)
|
28
|
+
activemodel (= 3.2.13)
|
29
|
+
activesupport (= 3.2.13)
|
30
|
+
arel (~> 3.0.2)
|
31
|
+
tzinfo (~> 0.3.29)
|
32
|
+
activeresource (3.2.13)
|
33
|
+
activemodel (= 3.2.13)
|
34
|
+
activesupport (= 3.2.13)
|
35
|
+
activesupport (3.2.13)
|
36
|
+
i18n (= 0.6.1)
|
37
|
+
multi_json (~> 1.0)
|
38
|
+
arel (3.0.2)
|
39
|
+
builder (3.0.4)
|
40
|
+
daemons (1.1.9)
|
41
|
+
diff-lcs (1.2.3)
|
42
|
+
erubis (2.7.0)
|
43
|
+
eventmachine (1.0.3)
|
44
|
+
faraday (0.8.7)
|
45
|
+
multipart-post (~> 1.1)
|
46
|
+
hashie (2.0.4)
|
47
|
+
hike (1.2.2)
|
48
|
+
httpauth (0.2.0)
|
49
|
+
i18n (0.6.1)
|
50
|
+
journey (1.0.4)
|
51
|
+
json (1.7.7)
|
52
|
+
jwt (0.1.8)
|
53
|
+
multi_json (>= 1.5)
|
54
|
+
mail (2.5.3)
|
55
|
+
i18n (>= 0.4.0)
|
56
|
+
mime-types (~> 1.16)
|
57
|
+
treetop (~> 1.4.8)
|
58
|
+
mime-types (1.22)
|
59
|
+
multi_json (1.7.2)
|
60
|
+
multipart-post (1.2.0)
|
61
|
+
oauth2 (0.8.1)
|
62
|
+
faraday (~> 0.8)
|
63
|
+
httpauth (~> 0.1)
|
64
|
+
jwt (~> 0.1.4)
|
65
|
+
multi_json (~> 1.0)
|
66
|
+
rack (~> 1.2)
|
67
|
+
omniauth (1.1.4)
|
68
|
+
hashie (>= 1.2, < 3)
|
69
|
+
rack
|
70
|
+
omniauth-google-oauth2 (0.1.17)
|
71
|
+
omniauth (~> 1.0)
|
72
|
+
omniauth-oauth2
|
73
|
+
omniauth-oauth2 (1.1.1)
|
74
|
+
oauth2 (~> 0.8.0)
|
75
|
+
omniauth (~> 1.0)
|
76
|
+
polyglot (0.3.3)
|
77
|
+
rack (1.4.5)
|
78
|
+
rack-cache (1.2)
|
79
|
+
rack (>= 0.4)
|
80
|
+
rack-protection (1.5.0)
|
81
|
+
rack
|
82
|
+
rack-ssl (1.3.3)
|
83
|
+
rack
|
84
|
+
rack-test (0.6.2)
|
85
|
+
rack (>= 1.0)
|
86
|
+
rails (3.2.13)
|
87
|
+
actionmailer (= 3.2.13)
|
88
|
+
actionpack (= 3.2.13)
|
89
|
+
activerecord (= 3.2.13)
|
90
|
+
activeresource (= 3.2.13)
|
91
|
+
activesupport (= 3.2.13)
|
92
|
+
bundler (~> 1.0)
|
93
|
+
railties (= 3.2.13)
|
94
|
+
railties (3.2.13)
|
95
|
+
actionpack (= 3.2.13)
|
96
|
+
activesupport (= 3.2.13)
|
97
|
+
rack-ssl (~> 1.3.2)
|
98
|
+
rake (>= 0.8.7)
|
99
|
+
rdoc (~> 3.4)
|
100
|
+
thor (>= 0.14.6, < 2.0)
|
101
|
+
rake (10.0.4)
|
102
|
+
rdoc (3.12.2)
|
103
|
+
json (~> 1.4)
|
104
|
+
rspec (2.13.0)
|
105
|
+
rspec-core (~> 2.13.0)
|
106
|
+
rspec-expectations (~> 2.13.0)
|
107
|
+
rspec-mocks (~> 2.13.0)
|
108
|
+
rspec-core (2.13.1)
|
109
|
+
rspec-expectations (2.13.0)
|
110
|
+
diff-lcs (>= 1.1.3, < 2.0)
|
111
|
+
rspec-mocks (2.13.1)
|
112
|
+
sinatra (1.3.6)
|
113
|
+
rack (~> 1.4)
|
114
|
+
rack-protection (~> 1.3)
|
115
|
+
tilt (~> 1.3, >= 1.3.3)
|
116
|
+
sprockets (2.2.2)
|
117
|
+
hike (~> 1.2)
|
118
|
+
multi_json (~> 1.0)
|
119
|
+
rack (~> 1.0)
|
120
|
+
tilt (~> 1.1, != 1.3.0)
|
121
|
+
thin (1.5.1)
|
122
|
+
daemons (>= 1.0.9)
|
123
|
+
eventmachine (>= 0.12.6)
|
124
|
+
rack (>= 1.0.0)
|
125
|
+
thor (0.18.1)
|
126
|
+
tilt (1.4.0)
|
127
|
+
treetop (1.4.12)
|
128
|
+
polyglot
|
129
|
+
polyglot (>= 0.3.1)
|
130
|
+
tzinfo (0.3.37)
|
131
|
+
|
132
|
+
PLATFORMS
|
133
|
+
ruby
|
134
|
+
|
135
|
+
DEPENDENCIES
|
136
|
+
omniauth-google-oauth2
|
137
|
+
rack-test
|
138
|
+
rails (~> 3.2.0)
|
139
|
+
rake
|
140
|
+
rspec
|
141
|
+
simple_admin_auth!
|
142
|
+
thin
|
data/README.md
CHANGED
@@ -2,18 +2,36 @@
|
|
2
2
|
|
3
3
|
Add simple admin authentication to any Rails application, using Google Apps for authentication.
|
4
4
|
|
5
|
-
Authentication is done purely on the Google Apps domain - no user model is used.
|
5
|
+
Authentication is done purely on the Google Apps domain - no user model is used. Other providers such as GitHub or
|
6
|
+
Facebook may also work, but are untested.
|
7
|
+
|
8
|
+
## Google Apps OAuth2
|
9
|
+
|
10
|
+
We recommend using OAuth2 to authenticate with Google Apps. You need to sign up for an API key on the
|
11
|
+
[Google APIs Console](https://code.google.com/apis/console/).
|
12
|
+
|
13
|
+
Make sure that you allow `/auth/admin/callback` as the redirect API, both for your development and production servers.
|
14
|
+
Example:
|
15
|
+
|
16
|
+
http://localhost:3000/auth/admin/callback
|
17
|
+
http://yourapp.com/auth/admin/callback
|
18
|
+
|
6
19
|
|
7
20
|
## Usage with Rails 3.x
|
8
21
|
|
9
|
-
Add
|
22
|
+
Add these lines to your application's Gemfile:
|
10
23
|
|
11
24
|
gem 'simple_admin_auth'
|
25
|
+
gem 'omniauth-google-oauth2'
|
12
26
|
|
13
|
-
Create an
|
27
|
+
Create an `config/initializers/admin_auth.rb` configuring your domain:
|
28
|
+
|
29
|
+
require 'omniauth/strategies/google_oauth2'
|
14
30
|
|
15
31
|
Rails.application.config.middleware.use SimpleAdminAuth::Builder do
|
16
|
-
|
32
|
+
# The name must be `admin`
|
33
|
+
provider :google_oauth2, 'YOUR_KEY', 'YOUR_SECRET', name: 'admin',
|
34
|
+
access_type: 'online', hd: 'embarkmobile.com', approval_prompt: 'auto'
|
17
35
|
end
|
18
36
|
|
19
37
|
Protect any routes that require authentication:
|
@@ -30,31 +48,65 @@ Sample config.ru:
|
|
30
48
|
|
31
49
|
require 'rack/builder'
|
32
50
|
require 'simple_admin_auth'
|
33
|
-
require 'simple_admin_auth/
|
34
|
-
require '
|
51
|
+
require 'simple_admin_auth/require_admin'
|
52
|
+
require 'omniauth/strategies/google_oauth2'
|
35
53
|
|
36
54
|
app = Rack::Builder.new do
|
37
|
-
|
55
|
+
# Change this secret to something unique
|
56
|
+
use Rack::Session::Cookie, secret: 'your_secret_here'
|
38
57
|
|
39
58
|
use SimpleAdminAuth::Builder do
|
40
|
-
|
59
|
+
# You need to create a key for your app on https://code.google.com/apis/console/
|
60
|
+
# The name must be `admin`.
|
61
|
+
provider :google_oauth2, 'YOUR_KEY (client id)', 'YOUR_SECRET', name: 'admin',
|
62
|
+
access_type: 'online', hd: 'yourdomain.com', approval_prompt: 'auto'
|
41
63
|
end
|
42
64
|
|
43
|
-
|
44
|
-
|
45
|
-
|
65
|
+
|
66
|
+
map "/admin" do
|
67
|
+
# This middleware only allows signed-in users to access this app.
|
68
|
+
# This URL may be configured, and you may use the same middleware multiple times.
|
69
|
+
use SimpleAdminAuth::RequireAdmin
|
70
|
+
run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['Welcome, you have been authenticated!']] }
|
46
71
|
end
|
47
72
|
|
48
73
|
map "/" do
|
49
|
-
|
50
|
-
|
51
|
-
SimpleAdminAuth::Application
|
52
|
-
]
|
74
|
+
# Any user may access this.
|
75
|
+
run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['Main Site']] }
|
53
76
|
end
|
54
77
|
end
|
55
78
|
|
56
79
|
run app
|
57
80
|
|
81
|
+
For a full example, see the config.ru in this repository.
|
82
|
+
|
83
|
+
## Alternative: Use OpenID
|
84
|
+
|
85
|
+
While this is simpler to configure, there are issues with SSL and other unresolved warnings, so we don't recommend this
|
86
|
+
method.
|
87
|
+
|
88
|
+
Add the gem `omniauth-google-apps` to your Gemfile.
|
89
|
+
|
90
|
+
Use this in the initializer:
|
91
|
+
|
92
|
+
require 'omniauth/strategies/google_apps'
|
93
|
+
require 'openid/store/filesystem'
|
94
|
+
require 'simple_admin_auth/openid_ssl'
|
95
|
+
|
96
|
+
Rails.application.config.middleware.use SimpleAdminAuth::Builder do
|
97
|
+
provider :google_apps, :domain => 'yourdomain.com', :name => 'admin',
|
98
|
+
store: OpenID::Store::Filesystem.new('./tmp')
|
99
|
+
end
|
100
|
+
|
101
|
+
Rack/Sinatra apps may be adapted similarly.
|
102
|
+
|
103
|
+
## Changelog
|
104
|
+
|
105
|
+
### 0.1.0
|
106
|
+
|
107
|
+
* Recommend OAuth2 instead of OpenID.
|
108
|
+
* Add support for pure Rack/Sinatra applications.
|
109
|
+
|
58
110
|
|
59
111
|
## Contributing
|
60
112
|
|
data/config.ru
CHANGED
@@ -1,22 +1,34 @@
|
|
1
1
|
require 'rack/builder'
|
2
2
|
require 'simple_admin_auth'
|
3
|
-
require 'simple_admin_auth/
|
3
|
+
require 'simple_admin_auth/require_admin'
|
4
|
+
require 'omniauth/strategies/google_oauth2'
|
5
|
+
|
6
|
+
%w(GOOGLE_KEY GOOGLE_SECRET ADMIN_DOMAIN).each do |key|
|
7
|
+
if ENV[key].nil?
|
8
|
+
STDERR.puts "ENV[#{key}] is required"
|
9
|
+
exit 1
|
10
|
+
end
|
11
|
+
end
|
4
12
|
|
5
13
|
app = Rack::Builder.new do
|
14
|
+
# Change this secret to something unique
|
6
15
|
use Rack::Session::Cookie, secret: 'your_secret_here'
|
7
16
|
|
8
17
|
use SimpleAdminAuth::Builder do
|
9
|
-
|
18
|
+
# You need to create a key for your app on https://code.google.com/apis/console/
|
19
|
+
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], name: 'admin',
|
20
|
+
access_type: 'online', hd: ENV['ADMIN_DOMAIN'], approval_prompt: 'auto'
|
10
21
|
end
|
11
22
|
|
12
23
|
map "/admin" do
|
13
|
-
|
14
|
-
|
24
|
+
# This middleware only allows signed-in users to access this app.
|
25
|
+
use SimpleAdminAuth::RequireAdmin
|
26
|
+
run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['<p>Welcome, you have been authenticated!</p> <p><a href="/auth/admin/logout">Sign Out</a></p>']] }
|
15
27
|
end
|
16
28
|
|
17
29
|
map "/" do
|
18
|
-
|
19
|
-
run lambda { |env| [200, {'Content-Type' => 'text/
|
30
|
+
# Any user may access this.
|
31
|
+
run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['<p>Main site</p> <p><a href="/admin">Admin Area</a></p>']] }
|
20
32
|
end
|
21
33
|
end
|
22
34
|
|
@@ -0,0 +1,71 @@
|
|
1
|
+
PATH
|
2
|
+
remote: /home/ralf/src/simple_admin_auth
|
3
|
+
specs:
|
4
|
+
simple_admin_auth (0.0.4)
|
5
|
+
omniauth
|
6
|
+
sinatra
|
7
|
+
|
8
|
+
GEM
|
9
|
+
remote: https://rubygems.org/
|
10
|
+
specs:
|
11
|
+
daemons (1.1.9)
|
12
|
+
diff-lcs (1.2.4)
|
13
|
+
eventmachine (1.0.3)
|
14
|
+
faraday (0.8.7)
|
15
|
+
multipart-post (~> 1.1)
|
16
|
+
hashie (2.0.4)
|
17
|
+
httpauth (0.2.0)
|
18
|
+
jwt (0.1.8)
|
19
|
+
multi_json (>= 1.5)
|
20
|
+
multi_json (1.7.2)
|
21
|
+
multipart-post (1.2.0)
|
22
|
+
oauth2 (0.8.1)
|
23
|
+
faraday (~> 0.8)
|
24
|
+
httpauth (~> 0.1)
|
25
|
+
jwt (~> 0.1.4)
|
26
|
+
multi_json (~> 1.0)
|
27
|
+
rack (~> 1.2)
|
28
|
+
omniauth (1.1.4)
|
29
|
+
hashie (>= 1.2, < 3)
|
30
|
+
rack
|
31
|
+
omniauth-google-oauth2 (0.1.17)
|
32
|
+
omniauth (~> 1.0)
|
33
|
+
omniauth-oauth2
|
34
|
+
omniauth-oauth2 (1.1.1)
|
35
|
+
oauth2 (~> 0.8.0)
|
36
|
+
omniauth (~> 1.0)
|
37
|
+
rack (1.5.2)
|
38
|
+
rack-protection (1.5.0)
|
39
|
+
rack
|
40
|
+
rack-test (0.6.2)
|
41
|
+
rack (>= 1.0)
|
42
|
+
rake (10.0.4)
|
43
|
+
rspec (2.13.0)
|
44
|
+
rspec-core (~> 2.13.0)
|
45
|
+
rspec-expectations (~> 2.13.0)
|
46
|
+
rspec-mocks (~> 2.13.0)
|
47
|
+
rspec-core (2.13.1)
|
48
|
+
rspec-expectations (2.13.0)
|
49
|
+
diff-lcs (>= 1.1.3, < 2.0)
|
50
|
+
rspec-mocks (2.13.1)
|
51
|
+
sinatra (1.4.2)
|
52
|
+
rack (~> 1.5, >= 1.5.2)
|
53
|
+
rack-protection (~> 1.4)
|
54
|
+
tilt (~> 1.3, >= 1.3.4)
|
55
|
+
thin (1.5.1)
|
56
|
+
daemons (>= 1.0.9)
|
57
|
+
eventmachine (>= 0.12.6)
|
58
|
+
rack (>= 1.0.0)
|
59
|
+
tilt (1.4.0)
|
60
|
+
|
61
|
+
PLATFORMS
|
62
|
+
ruby
|
63
|
+
|
64
|
+
DEPENDENCIES
|
65
|
+
omniauth-google-oauth2
|
66
|
+
rack (~> 1.5.0)
|
67
|
+
rack-test
|
68
|
+
rake
|
69
|
+
rspec
|
70
|
+
simple_admin_auth!
|
71
|
+
thin
|
@@ -0,0 +1,142 @@
|
|
1
|
+
PATH
|
2
|
+
remote: /home/ralf/src/simple_admin_auth
|
3
|
+
specs:
|
4
|
+
simple_admin_auth (0.0.4)
|
5
|
+
omniauth
|
6
|
+
sinatra
|
7
|
+
|
8
|
+
GEM
|
9
|
+
remote: https://rubygems.org/
|
10
|
+
specs:
|
11
|
+
actionmailer (3.2.13)
|
12
|
+
actionpack (= 3.2.13)
|
13
|
+
mail (~> 2.5.3)
|
14
|
+
actionpack (3.2.13)
|
15
|
+
activemodel (= 3.2.13)
|
16
|
+
activesupport (= 3.2.13)
|
17
|
+
builder (~> 3.0.0)
|
18
|
+
erubis (~> 2.7.0)
|
19
|
+
journey (~> 1.0.4)
|
20
|
+
rack (~> 1.4.5)
|
21
|
+
rack-cache (~> 1.2)
|
22
|
+
rack-test (~> 0.6.1)
|
23
|
+
sprockets (~> 2.2.1)
|
24
|
+
activemodel (3.2.13)
|
25
|
+
activesupport (= 3.2.13)
|
26
|
+
builder (~> 3.0.0)
|
27
|
+
activerecord (3.2.13)
|
28
|
+
activemodel (= 3.2.13)
|
29
|
+
activesupport (= 3.2.13)
|
30
|
+
arel (~> 3.0.2)
|
31
|
+
tzinfo (~> 0.3.29)
|
32
|
+
activeresource (3.2.13)
|
33
|
+
activemodel (= 3.2.13)
|
34
|
+
activesupport (= 3.2.13)
|
35
|
+
activesupport (3.2.13)
|
36
|
+
i18n (= 0.6.1)
|
37
|
+
multi_json (~> 1.0)
|
38
|
+
arel (3.0.2)
|
39
|
+
builder (3.0.4)
|
40
|
+
daemons (1.1.9)
|
41
|
+
diff-lcs (1.2.4)
|
42
|
+
erubis (2.7.0)
|
43
|
+
eventmachine (1.0.3)
|
44
|
+
faraday (0.8.7)
|
45
|
+
multipart-post (~> 1.1)
|
46
|
+
hashie (2.0.4)
|
47
|
+
hike (1.2.2)
|
48
|
+
httpauth (0.2.0)
|
49
|
+
i18n (0.6.1)
|
50
|
+
journey (1.0.4)
|
51
|
+
json (1.7.7)
|
52
|
+
jwt (0.1.8)
|
53
|
+
multi_json (>= 1.5)
|
54
|
+
mail (2.5.3)
|
55
|
+
i18n (>= 0.4.0)
|
56
|
+
mime-types (~> 1.16)
|
57
|
+
treetop (~> 1.4.8)
|
58
|
+
mime-types (1.23)
|
59
|
+
multi_json (1.7.2)
|
60
|
+
multipart-post (1.2.0)
|
61
|
+
oauth2 (0.8.1)
|
62
|
+
faraday (~> 0.8)
|
63
|
+
httpauth (~> 0.1)
|
64
|
+
jwt (~> 0.1.4)
|
65
|
+
multi_json (~> 1.0)
|
66
|
+
rack (~> 1.2)
|
67
|
+
omniauth (1.1.4)
|
68
|
+
hashie (>= 1.2, < 3)
|
69
|
+
rack
|
70
|
+
omniauth-google-oauth2 (0.1.17)
|
71
|
+
omniauth (~> 1.0)
|
72
|
+
omniauth-oauth2
|
73
|
+
omniauth-oauth2 (1.1.1)
|
74
|
+
oauth2 (~> 0.8.0)
|
75
|
+
omniauth (~> 1.0)
|
76
|
+
polyglot (0.3.3)
|
77
|
+
rack (1.4.5)
|
78
|
+
rack-cache (1.2)
|
79
|
+
rack (>= 0.4)
|
80
|
+
rack-protection (1.5.0)
|
81
|
+
rack
|
82
|
+
rack-ssl (1.3.3)
|
83
|
+
rack
|
84
|
+
rack-test (0.6.2)
|
85
|
+
rack (>= 1.0)
|
86
|
+
rails (3.2.13)
|
87
|
+
actionmailer (= 3.2.13)
|
88
|
+
actionpack (= 3.2.13)
|
89
|
+
activerecord (= 3.2.13)
|
90
|
+
activeresource (= 3.2.13)
|
91
|
+
activesupport (= 3.2.13)
|
92
|
+
bundler (~> 1.0)
|
93
|
+
railties (= 3.2.13)
|
94
|
+
railties (3.2.13)
|
95
|
+
actionpack (= 3.2.13)
|
96
|
+
activesupport (= 3.2.13)
|
97
|
+
rack-ssl (~> 1.3.2)
|
98
|
+
rake (>= 0.8.7)
|
99
|
+
rdoc (~> 3.4)
|
100
|
+
thor (>= 0.14.6, < 2.0)
|
101
|
+
rake (10.0.4)
|
102
|
+
rdoc (3.12.2)
|
103
|
+
json (~> 1.4)
|
104
|
+
rspec (2.13.0)
|
105
|
+
rspec-core (~> 2.13.0)
|
106
|
+
rspec-expectations (~> 2.13.0)
|
107
|
+
rspec-mocks (~> 2.13.0)
|
108
|
+
rspec-core (2.13.1)
|
109
|
+
rspec-expectations (2.13.0)
|
110
|
+
diff-lcs (>= 1.1.3, < 2.0)
|
111
|
+
rspec-mocks (2.13.1)
|
112
|
+
sinatra (1.3.6)
|
113
|
+
rack (~> 1.4)
|
114
|
+
rack-protection (~> 1.3)
|
115
|
+
tilt (~> 1.3, >= 1.3.3)
|
116
|
+
sprockets (2.2.2)
|
117
|
+
hike (~> 1.2)
|
118
|
+
multi_json (~> 1.0)
|
119
|
+
rack (~> 1.0)
|
120
|
+
tilt (~> 1.1, != 1.3.0)
|
121
|
+
thin (1.5.1)
|
122
|
+
daemons (>= 1.0.9)
|
123
|
+
eventmachine (>= 0.12.6)
|
124
|
+
rack (>= 1.0.0)
|
125
|
+
thor (0.18.1)
|
126
|
+
tilt (1.4.0)
|
127
|
+
treetop (1.4.12)
|
128
|
+
polyglot
|
129
|
+
polyglot (>= 0.3.1)
|
130
|
+
tzinfo (0.3.37)
|
131
|
+
|
132
|
+
PLATFORMS
|
133
|
+
ruby
|
134
|
+
|
135
|
+
DEPENDENCIES
|
136
|
+
omniauth-google-oauth2
|
137
|
+
rack-test
|
138
|
+
rails (~> 3.2.10)
|
139
|
+
rake
|
140
|
+
rspec
|
141
|
+
simple_admin_auth!
|
142
|
+
thin
|
@@ -12,7 +12,7 @@ module SimpleAdminAuth
|
|
12
12
|
post(path, opts, &block)
|
13
13
|
end
|
14
14
|
|
15
|
-
get_or_post '/
|
15
|
+
get_or_post '/admin/callback' do
|
16
16
|
auth_hash = request.env['omniauth.auth']
|
17
17
|
|
18
18
|
session[:admin_user] = auth_hash['info']
|
@@ -26,17 +26,21 @@ module SimpleAdminAuth
|
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
29
|
-
get '/
|
29
|
+
get '/failure' do
|
30
|
+
erb :failure
|
31
|
+
end
|
32
|
+
|
33
|
+
get '/admin/logout' do
|
30
34
|
return_to = params[:return_to] || '/'
|
31
35
|
session[:admin_user] = nil
|
32
36
|
redirect return_to
|
33
37
|
end
|
34
38
|
|
35
|
-
get '/
|
39
|
+
get '/admin/login' do
|
36
40
|
erb :login
|
37
41
|
end
|
38
42
|
|
39
|
-
get '/
|
43
|
+
get '/admin/bootstrap.css' do
|
40
44
|
send_file File.join(File.dirname(__FILE__), '../../static/css/bootstrap.min.css')
|
41
45
|
end
|
42
46
|
|
@@ -69,7 +73,31 @@ __END__
|
|
69
73
|
<body>
|
70
74
|
<div id="content">
|
71
75
|
<p>You need to sign in to continue.</p>
|
72
|
-
<a class="btn btn-large" href="/auth/admin">Sign in
|
76
|
+
<a class="btn btn-large" href="/auth/admin">Sign in</a>
|
77
|
+
</div>
|
78
|
+
|
79
|
+
</body>
|
80
|
+
</html>
|
81
|
+
|
82
|
+
@@ failure
|
83
|
+
<html>
|
84
|
+
<head><title>Admin Login</title>
|
85
|
+
<link rel="stylesheet" href="/auth/admin/bootstrap.css" />
|
86
|
+
<style type="text/css">
|
87
|
+
body {
|
88
|
+
background-color: #F9F9F9;
|
89
|
+
}
|
90
|
+
|
91
|
+
#content {
|
92
|
+
text-align: center;
|
93
|
+
margin: 200px auto;
|
94
|
+
}
|
95
|
+
</style>
|
96
|
+
</head>
|
97
|
+
<body>
|
98
|
+
<div id="content">
|
99
|
+
<p>Authentication failed.</p>
|
100
|
+
<a class="btn btn-large" href="/auth/admin">Sign in</a>
|
73
101
|
</div>
|
74
102
|
|
75
103
|
</body>
|
@@ -1,6 +1,5 @@
|
|
1
1
|
require 'omniauth'
|
2
2
|
require 'omniauth/builder'
|
3
|
-
require 'omniauth/strategies/google_apps'
|
4
3
|
require 'simple_admin_auth/application'
|
5
4
|
|
6
5
|
module SimpleAdminAuth
|
@@ -9,7 +8,10 @@ module SimpleAdminAuth
|
|
9
8
|
super(*args)
|
10
9
|
|
11
10
|
use SimpleAdminAuth::LoginRedirect
|
12
|
-
|
11
|
+
|
12
|
+
map '/auth' do
|
13
|
+
use SimpleAdminAuth::Application
|
14
|
+
end
|
13
15
|
end
|
14
16
|
end
|
15
17
|
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# TODO: this does not belong in this gem, but where should it be?
|
2
|
+
require 'openid/fetchers'
|
3
|
+
|
4
|
+
if OpenID.fetcher.ca_file.nil?
|
5
|
+
# To override the location, set OpenID.fetcher.ca_file before this file is required
|
6
|
+
# TODO: This is fairly OS-specific. Is there any gem that allows us to do this in a cross-platform manner?
|
7
|
+
|
8
|
+
CA_CERT_LOCATIONS = [
|
9
|
+
'/usr/lib/ssl/certs/ca-certificates.crt', # Ubuntu/Debian
|
10
|
+
'/etc/ssl/certs/ca-certificates.crt', # Ubuntu/Debian
|
11
|
+
'/opt/local/share/curl/curl-ca-bundle.crt', # Mac - sudo port install curl-ca-bundle
|
12
|
+
]
|
13
|
+
|
14
|
+
CA_CERT_LOCATIONS.each do |location|
|
15
|
+
if File.exist? location
|
16
|
+
OpenID.fetcher.ca_file = location
|
17
|
+
break
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
if OpenID.fetcher.ca_file.nil?
|
22
|
+
# We don't want OpenID to default to not using any CA certs.
|
23
|
+
OpenID.fetcher.ca_file = 'Please specify OpenID.fetcher.ca_file'
|
24
|
+
raise StandardError, 'CA certificates not found. Please specify OpenID.fetcher.ca_file.'
|
25
|
+
end
|
26
|
+
end
|
data/simple_admin_auth.gemspec
CHANGED
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
require 'simple_admin_auth/application'
|
4
|
+
|
5
|
+
|
6
|
+
describe Application do
|
7
|
+
def app
|
8
|
+
Application
|
9
|
+
end
|
10
|
+
|
11
|
+
it "should present a login screen" do
|
12
|
+
get '/admin/login', nil, {}
|
13
|
+
last_response.should be_ok
|
14
|
+
last_response.body.should =~ /You need to sign in to continue\./
|
15
|
+
end
|
16
|
+
|
17
|
+
it "should render a failure page" do
|
18
|
+
get '/failure', nil, {}
|
19
|
+
last_response.should be_ok
|
20
|
+
last_response.body.should =~ /Authentication failed\./
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
*.log
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# This is an absolute minimal Rails application
|
2
|
+
|
3
|
+
require 'rails'
|
4
|
+
require 'action_controller/railtie'
|
5
|
+
|
6
|
+
class Dummy < Rails::Application
|
7
|
+
config.session_store :cookie_store, :key => 'jiez4Mielu1AiHugog3shiiPhe3lai3faerooJohGo0rah5Mod'
|
8
|
+
config.secret_token = 'ni6aeph6aeriBiphesh8omahv6cohpue5Quah5ceiMohtuvei8'
|
9
|
+
|
10
|
+
config.logger = Logger.new(File.expand_path('../test.log', __FILE__))
|
11
|
+
Rails.logger = config.logger
|
12
|
+
|
13
|
+
config.middleware.use SimpleAdminAuth::Builder do
|
14
|
+
provider :developer, name: 'admin'
|
15
|
+
end
|
16
|
+
|
17
|
+
routes.draw do
|
18
|
+
get '/' => 'dummy#index'
|
19
|
+
|
20
|
+
constraints SimpleAdminAuth::Authenticate do
|
21
|
+
get '/protected/test' => 'dummy#protected'
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
class DummyController < ActionController::Base
|
27
|
+
def index
|
28
|
+
render text: 'Home'
|
29
|
+
end
|
30
|
+
|
31
|
+
def protected
|
32
|
+
render text: 'Admin'
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
shared_examples "integration" do
|
2
|
+
|
3
|
+
it "should get the unprotected index page" do
|
4
|
+
get '/'
|
5
|
+
last_response.status.should == 200
|
6
|
+
last_response.body.should =~ /Home/
|
7
|
+
last_response.should be_ok
|
8
|
+
end
|
9
|
+
|
10
|
+
it "should present a login screen" do
|
11
|
+
get '/auth/admin/login', nil, {}
|
12
|
+
last_response.status.should == 200
|
13
|
+
last_response.body.should =~ /You need to sign in to continue\./
|
14
|
+
last_response.should be_ok
|
15
|
+
end
|
16
|
+
|
17
|
+
it "should redirect a protected page to the login page" do
|
18
|
+
get '/protected/test'
|
19
|
+
last_response.status.should == 302
|
20
|
+
follow_redirect!
|
21
|
+
last_request.url.should =~ /auth\/admin\/login$/
|
22
|
+
last_response.status.should == 200
|
23
|
+
last_request.env['rack.session'][:admin_login_return_url].should =~ /protected\/test$/
|
24
|
+
end
|
25
|
+
|
26
|
+
it "should login" do
|
27
|
+
get '/protected/test'
|
28
|
+
# Redirect to login page
|
29
|
+
follow_redirect!
|
30
|
+
|
31
|
+
# Click the login button
|
32
|
+
get '/auth/admin'
|
33
|
+
last_response.status.should == 302
|
34
|
+
follow_redirect!
|
35
|
+
|
36
|
+
# Mock strategy immediately redirects to the callback
|
37
|
+
last_request.url.should =~ /auth\/admin\/callback$/
|
38
|
+
follow_redirect!
|
39
|
+
|
40
|
+
# We should be redirected back to the original page
|
41
|
+
last_request.url.should =~ /\/protected\/test$/
|
42
|
+
last_response.should be_ok
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'simple_admin_auth'
|
3
|
+
require 'simple_admin_auth/require_admin'
|
4
|
+
require 'integration_examples'
|
5
|
+
|
6
|
+
describe "Rack Integration" do
|
7
|
+
let(:app) do
|
8
|
+
|
9
|
+
Rack::Builder.new do
|
10
|
+
use Rack::Session::Cookie, secret: 'some_secret_this_is'
|
11
|
+
|
12
|
+
use SimpleAdminAuth::Builder do
|
13
|
+
provider :developer, name: 'admin'
|
14
|
+
end
|
15
|
+
|
16
|
+
map "/protected" do
|
17
|
+
# This middleware only allows signed-in users to access this app.
|
18
|
+
use SimpleAdminAuth::RequireAdmin
|
19
|
+
run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['Admin']] }
|
20
|
+
end
|
21
|
+
|
22
|
+
map "/" do
|
23
|
+
# Any user may access this.
|
24
|
+
run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['Home']] }
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
include_examples 'integration'
|
30
|
+
|
31
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'simple_admin_auth'
|
3
|
+
require 'integration_examples'
|
4
|
+
|
5
|
+
begin
|
6
|
+
require 'rails'
|
7
|
+
|
8
|
+
# Configure the Rails application
|
9
|
+
ENV["RAILS_ENV"] = "test"
|
10
|
+
require 'dummy/application'
|
11
|
+
|
12
|
+
|
13
|
+
describe "Rails Integration" do
|
14
|
+
let(:app) do
|
15
|
+
Rails.application
|
16
|
+
end
|
17
|
+
|
18
|
+
include_examples 'integration'
|
19
|
+
end
|
20
|
+
rescue LoadError
|
21
|
+
# Cannot find Rails - skip these tests
|
22
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'rspec'
|
2
|
+
require 'rack/test'
|
3
|
+
|
4
|
+
require 'simple_admin_auth'
|
5
|
+
|
6
|
+
include SimpleAdminAuth
|
7
|
+
|
8
|
+
RSpec.configure do |conf|
|
9
|
+
conf.include Rack::Test::Methods
|
10
|
+
end
|
11
|
+
|
12
|
+
|
13
|
+
OmniAuth.config.add_mock(:admin, {:uid => '12345'})
|
14
|
+
OmniAuth.config.test_mode = true
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simple_admin_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ralf Kistner
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-
|
11
|
+
date: 2013-05-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth
|
@@ -24,20 +24,6 @@ dependencies:
|
|
24
24
|
- - '>='
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '0'
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: omniauth-google-apps
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - '>='
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: '0'
|
34
|
-
type: :runtime
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - '>='
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: '0'
|
41
27
|
- !ruby/object:Gem::Dependency
|
42
28
|
name: sinatra
|
43
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -61,19 +47,34 @@ extensions: []
|
|
61
47
|
extra_rdoc_files: []
|
62
48
|
files:
|
63
49
|
- .gitignore
|
50
|
+
- .ruby-version
|
51
|
+
- .travis.yml
|
64
52
|
- Gemfile
|
53
|
+
- Gemfile.lock
|
65
54
|
- LICENSE.txt
|
66
55
|
- README.md
|
67
56
|
- Rakefile
|
68
57
|
- config.ru
|
58
|
+
- gemfiles/rack1.5.gemfile
|
59
|
+
- gemfiles/rack1.5.gemfile.lock
|
60
|
+
- gemfiles/rails3.2.gemfile
|
61
|
+
- gemfiles/rails3.2.gemfile.lock
|
69
62
|
- lib/simple_admin_auth.rb
|
70
63
|
- lib/simple_admin_auth/application.rb
|
71
64
|
- lib/simple_admin_auth/authenticated.rb
|
72
65
|
- lib/simple_admin_auth/builder.rb
|
73
66
|
- lib/simple_admin_auth/login_redirect.rb
|
74
|
-
- lib/simple_admin_auth/
|
67
|
+
- lib/simple_admin_auth/openid_ssl.rb
|
68
|
+
- lib/simple_admin_auth/require_admin.rb
|
75
69
|
- lib/simple_admin_auth/version.rb
|
76
70
|
- simple_admin_auth.gemspec
|
71
|
+
- spec/application_spec.rb
|
72
|
+
- spec/dummy/.gitignore
|
73
|
+
- spec/dummy/application.rb
|
74
|
+
- spec/integration_examples.rb
|
75
|
+
- spec/rack_integration_spec.rb
|
76
|
+
- spec/rails_integration_spec.rb
|
77
|
+
- spec/spec_helper.rb
|
77
78
|
- static/css/bootstrap.min.css
|
78
79
|
homepage: ''
|
79
80
|
licenses: []
|
@@ -98,4 +99,11 @@ rubygems_version: 2.0.3
|
|
98
99
|
signing_key:
|
99
100
|
specification_version: 4
|
100
101
|
summary: Simple admin authentication using Google Apps
|
101
|
-
test_files:
|
102
|
+
test_files:
|
103
|
+
- spec/application_spec.rb
|
104
|
+
- spec/dummy/.gitignore
|
105
|
+
- spec/dummy/application.rb
|
106
|
+
- spec/integration_examples.rb
|
107
|
+
- spec/rack_integration_spec.rb
|
108
|
+
- spec/rails_integration_spec.rb
|
109
|
+
- spec/spec_helper.rb
|