simple_admin_auth 0.0.4 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1a51f3f683ce73420e6650166618575cc9909421
-  data.tar.gz: b1c88dca7905f43ba7ed76ab1890fa13e462cdf6
+  metadata.gz: bc29a3124835fb91b32a5afa1734763f3ce95a35
+  data.tar.gz: 207ca3f40452d2e68c941ffff5272afdc298fbdc
 SHA512:
-  metadata.gz: 5d0d4ed426f856c653cd61bee754c857b9f1794a9ec714684a68fbcce1f769e93f8b76802ad0b870bba4630c2b080c6bfa80aa67103e57a35d427abba1e97b8b
-  data.tar.gz: e9362cc0715c3e52da81bde31d4dc1d1f0cfc015fb71eafa17ea6f0038838fceb17544aaa4d5bab18a6eaed23b139816d74af32826f491fb5e70c842b6b2de4c
+  metadata.gz: 487319a2ec55d8df28231b45d90cfeed39ca595f86b23181b9ee77ccd63c4426882bc368607b9a1946195088c411ac684d6d9e43576505f8fb2b47a1ae2cf81a
+  data.tar.gz: ee3d129bd67c21a2ec8bf9c88056ba3cb3c0aacba37c7ea6317559667bf5f587cbdde31c82f94dae30e382ce567fd6695fc6e8d35a2a93d9ed15bab6e280a766

data/.gitignore

@@ -3,7 +3,6 @@
 .bundle
 .config
 .yardoc
-Gemfile.lock
 InstalledFiles
 _yardoc
 coverage

data/.ruby-version

@@ -0,0 +1 @@
+2.0.0

data/.travis.yml

@@ -0,0 +1,14 @@
+language: ruby
+script: "bundle exec rspec"
+
+rvm:
+  - 1.9.3
+  - 2.0.0
+
+gemfile:
+  - gemfiles/rack1.5.gemfile
+  - gemfiles/rails3.2.gemfile
+
+notifications:
+  recipients:
+    - ralf@embarkmobile.com

data/Gemfile

@@ -2,3 +2,10 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in simple_admin_auth.gemspec
 gemspec
+
+gem 'thin'
+gem 'omniauth-google-oauth2'
+gem 'rake'
+gem 'rack-test'
+gem 'rails', '~> 3.2.0'
+gem 'rspec'

data/Gemfile.lock

@@ -0,0 +1,142 @@
+PATH
+  remote: .
+  specs:
+    simple_admin_auth (0.1.0)
+      omniauth
+      sinatra
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (3.2.13)
+      actionpack (= 3.2.13)
+      mail (~> 2.5.3)
+    actionpack (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+    activerecord (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+    activesupport (3.2.13)
+      i18n (= 0.6.1)
+      multi_json (~> 1.0)
+    arel (3.0.2)
+    builder (3.0.4)
+    daemons (1.1.9)
+    diff-lcs (1.2.3)
+    erubis (2.7.0)
+    eventmachine (1.0.3)
+    faraday (0.8.7)
+      multipart-post (~> 1.1)
+    hashie (2.0.4)
+    hike (1.2.2)
+    httpauth (0.2.0)
+    i18n (0.6.1)
+    journey (1.0.4)
+    json (1.7.7)
+    jwt (0.1.8)
+      multi_json (>= 1.5)
+    mail (2.5.3)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.22)
+    multi_json (1.7.2)
+    multipart-post (1.2.0)
+    oauth2 (0.8.1)
+      faraday (~> 0.8)
+      httpauth (~> 0.1)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      rack (~> 1.2)
+    omniauth (1.1.4)
+      hashie (>= 1.2, < 3)
+      rack
+    omniauth-google-oauth2 (0.1.17)
+      omniauth (~> 1.0)
+      omniauth-oauth2
+    omniauth-oauth2 (1.1.1)
+      oauth2 (~> 0.8.0)
+      omniauth (~> 1.0)
+    polyglot (0.3.3)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-protection (1.5.0)
+      rack
+    rack-ssl (1.3.3)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (3.2.13)
+      actionmailer (= 3.2.13)
+      actionpack (= 3.2.13)
+      activerecord (= 3.2.13)
+      activeresource (= 3.2.13)
+      activesupport (= 3.2.13)
+      bundler (~> 1.0)
+      railties (= 3.2.13)
+    railties (3.2.13)
+      actionpack (= 3.2.13)
+      activesupport (= 3.2.13)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (10.0.4)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rspec (2.13.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rspec-core (2.13.1)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.1)
+    sinatra (1.3.6)
+      rack (~> 1.4)
+      rack-protection (~> 1.3)
+      tilt (~> 1.3, >= 1.3.3)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thin (1.5.1)
+      daemons (>= 1.0.9)
+      eventmachine (>= 0.12.6)
+      rack (>= 1.0.0)
+    thor (0.18.1)
+    tilt (1.4.0)
+    treetop (1.4.12)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.37)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  omniauth-google-oauth2
+  rack-test
+  rails (~> 3.2.0)
+  rake
+  rspec
+  simple_admin_auth!
+  thin

data/README.md

@@ -2,18 +2,36 @@
 
 Add simple admin authentication to any Rails application, using Google Apps for authentication.
 
-Authentication is done purely on the Google Apps domain - no user model is used.
+Authentication is done purely on the Google Apps domain - no user model is used. Other providers such as GitHub or
+Facebook may also work, but are untested.
+
+## Google Apps OAuth2
+
+We recommend using OAuth2 to authenticate with Google Apps. You need to sign up for an API key on the
+[Google APIs Console](https://code.google.com/apis/console/).
+
+Make sure that you allow `/auth/admin/callback` as the redirect API, both for your development and production servers.
+Example:
+
+    http://localhost:3000/auth/admin/callback
+    http://yourapp.com/auth/admin/callback
+
 
 ## Usage with Rails 3.x
 
-Add this line to your application's Gemfile:
+Add these lines to your application's Gemfile:
 
     gem 'simple_admin_auth'
+    gem 'omniauth-google-oauth2'
 
-Create an initialiser configuring your domain:
+Create an `config/initializers/admin_auth.rb` configuring your domain:
+
+    require 'omniauth/strategies/google_oauth2'
 
     Rails.application.config.middleware.use SimpleAdminAuth::Builder do
-      provider :google_apps, :domain => 'yourdomain.com', :name => 'admin'
+      # The name must be `admin`
+      provider :google_oauth2, 'YOUR_KEY', 'YOUR_SECRET', name: 'admin',
+              access_type: 'online', hd: 'embarkmobile.com', approval_prompt: 'auto'
     end
 
 Protect any routes that require authentication:
@@ -30,31 +48,65 @@ Sample config.ru:
 
     require 'rack/builder'
     require 'simple_admin_auth'
-    require 'simple_admin_auth/rack'
-    require 'rack/cascade'
+    require 'simple_admin_auth/require_admin'
+    require 'omniauth/strategies/google_oauth2'
 
     app = Rack::Builder.new do
-      use Rack::Session::Cookie, secret: 'change_me'
+      # Change this secret to something unique
+      use Rack::Session::Cookie, secret: 'your_secret_here'
 
       use SimpleAdminAuth::Builder do
-        provider :google_apps, :domain => 'yourdomain.com', :name => 'admin'
+        # You need to create a key for your app on https://code.google.com/apis/console/
+        # The name must be `admin`.
+        provider :google_oauth2, 'YOUR_KEY (client id)', 'YOUR_SECRET', name: 'admin',
+            access_type: 'online', hd: 'yourdomain.com', approval_prompt: 'auto'
       end
 
-      map "/your_protected_area" do
-        use SimpleAdminAuth::Rack
-        run YourProtectedArea.new
+
+      map "/admin" do
+        # This middleware only allows signed-in users to access this app.
+        # This URL may be configured, and you may use the same middleware multiple times.
+        use SimpleAdminAuth::RequireAdmin
+        run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['Welcome, you have been authenticated!']] }
       end
 
       map "/" do
-        run Rack::Cascade.new [
-          YourMainSite.new,
-          SimpleAdminAuth::Application
-        ]
+        # Any user may access this.
+        run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['Main Site']] }
       end
     end
 
     run app
 
+For a full example, see the config.ru in this repository.
+
+## Alternative: Use OpenID
+
+While this is simpler to configure, there are issues with SSL and other unresolved warnings, so we don't recommend this
+ method.
+
+Add the gem `omniauth-google-apps` to your Gemfile.
+
+Use this in the initializer:
+
+    require 'omniauth/strategies/google_apps'
+    require 'openid/store/filesystem'
+    require 'simple_admin_auth/openid_ssl'
+
+    Rails.application.config.middleware.use SimpleAdminAuth::Builder do
+      provider :google_apps, :domain => 'yourdomain.com', :name => 'admin',
+        store: OpenID::Store::Filesystem.new('./tmp')
+    end
+
+Rack/Sinatra apps may be adapted similarly.
+
+## Changelog
+
+### 0.1.0
+
+* Recommend OAuth2 instead of OpenID.
+* Add support for pure Rack/Sinatra applications.
+
 
 ## Contributing
 

data/config.ru

@@ -1,22 +1,34 @@
 require 'rack/builder'
 require 'simple_admin_auth'
-require 'simple_admin_auth/rack'
+require 'simple_admin_auth/require_admin'
+require 'omniauth/strategies/google_oauth2'
+
+%w(GOOGLE_KEY GOOGLE_SECRET ADMIN_DOMAIN).each do |key|
+  if ENV[key].nil?
+    STDERR.puts "ENV[#{key}] is required"
+    exit 1
+  end
+end
 
 app = Rack::Builder.new do
+  # Change this secret to something unique
   use Rack::Session::Cookie, secret: 'your_secret_here'
 
   use SimpleAdminAuth::Builder do
-    provider :google_apps, :domain => 'embarkmobile.com', :name => 'admin'
+    # You need to create a key for your app on https://code.google.com/apis/console/
+    provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], name: 'admin',
+        access_type: 'online', hd: ENV['ADMIN_DOMAIN'], approval_prompt: 'auto'
   end
 
   map "/admin" do
-    use SimpleAdminAuth::Rack
-    run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['Welcome, you have been authenticated!']] }
+    # This middleware only allows signed-in users to access this app.
+    use SimpleAdminAuth::RequireAdmin
+    run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['<p>Welcome, you have been authenticated!</p> <p><a href="/auth/admin/logout">Sign Out</a></p>']] }
   end
 
   map "/" do
-    use SimpleAdminAuth::Application
-    run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['Main site']] }
+    # Any user may access this.
+    run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['<p>Main site</p> <p><a href="/admin">Admin Area</a></p>']] }
   end
 end
 

data/gemfiles/rack1.5.gemfile

@@ -0,0 +1,11 @@
+source 'https://rubygems.org'
+
+gem 'rack', '~> 1.5.0'
+
+gem 'thin'
+gem 'omniauth-google-oauth2'
+gem 'rake'
+gem 'rack-test'
+gem 'rspec'
+
+gemspec path: '../'

data/gemfiles/rack1.5.gemfile.lock

@@ -0,0 +1,71 @@
+PATH
+  remote: /home/ralf/src/simple_admin_auth
+  specs:
+    simple_admin_auth (0.0.4)
+      omniauth
+      sinatra
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    daemons (1.1.9)
+    diff-lcs (1.2.4)
+    eventmachine (1.0.3)
+    faraday (0.8.7)
+      multipart-post (~> 1.1)
+    hashie (2.0.4)
+    httpauth (0.2.0)
+    jwt (0.1.8)
+      multi_json (>= 1.5)
+    multi_json (1.7.2)
+    multipart-post (1.2.0)
+    oauth2 (0.8.1)
+      faraday (~> 0.8)
+      httpauth (~> 0.1)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      rack (~> 1.2)
+    omniauth (1.1.4)
+      hashie (>= 1.2, < 3)
+      rack
+    omniauth-google-oauth2 (0.1.17)
+      omniauth (~> 1.0)
+      omniauth-oauth2
+    omniauth-oauth2 (1.1.1)
+      oauth2 (~> 0.8.0)
+      omniauth (~> 1.0)
+    rack (1.5.2)
+    rack-protection (1.5.0)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.0.4)
+    rspec (2.13.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rspec-core (2.13.1)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.1)
+    sinatra (1.4.2)
+      rack (~> 1.5, >= 1.5.2)
+      rack-protection (~> 1.4)
+      tilt (~> 1.3, >= 1.3.4)
+    thin (1.5.1)
+      daemons (>= 1.0.9)
+      eventmachine (>= 0.12.6)
+      rack (>= 1.0.0)
+    tilt (1.4.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  omniauth-google-oauth2
+  rack (~> 1.5.0)
+  rack-test
+  rake
+  rspec
+  simple_admin_auth!
+  thin

data/gemfiles/rails3.2.gemfile

@@ -0,0 +1,11 @@
+source 'https://rubygems.org'
+
+gem 'rails', '~> 3.2.10'
+
+gem 'thin'
+gem 'omniauth-google-oauth2'
+gem 'rake'
+gem 'rack-test'
+gem 'rspec'
+
+gemspec path: '../'

data/gemfiles/rails3.2.gemfile.lock

@@ -0,0 +1,142 @@
+PATH
+  remote: /home/ralf/src/simple_admin_auth
+  specs:
+    simple_admin_auth (0.0.4)
+      omniauth
+      sinatra
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (3.2.13)
+      actionpack (= 3.2.13)
+      mail (~> 2.5.3)
+    actionpack (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+    activerecord (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+    activesupport (3.2.13)
+      i18n (= 0.6.1)
+      multi_json (~> 1.0)
+    arel (3.0.2)
+    builder (3.0.4)
+    daemons (1.1.9)
+    diff-lcs (1.2.4)
+    erubis (2.7.0)
+    eventmachine (1.0.3)
+    faraday (0.8.7)
+      multipart-post (~> 1.1)
+    hashie (2.0.4)
+    hike (1.2.2)
+    httpauth (0.2.0)
+    i18n (0.6.1)
+    journey (1.0.4)
+    json (1.7.7)
+    jwt (0.1.8)
+      multi_json (>= 1.5)
+    mail (2.5.3)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.23)
+    multi_json (1.7.2)
+    multipart-post (1.2.0)
+    oauth2 (0.8.1)
+      faraday (~> 0.8)
+      httpauth (~> 0.1)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      rack (~> 1.2)
+    omniauth (1.1.4)
+      hashie (>= 1.2, < 3)
+      rack
+    omniauth-google-oauth2 (0.1.17)
+      omniauth (~> 1.0)
+      omniauth-oauth2
+    omniauth-oauth2 (1.1.1)
+      oauth2 (~> 0.8.0)
+      omniauth (~> 1.0)
+    polyglot (0.3.3)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-protection (1.5.0)
+      rack
+    rack-ssl (1.3.3)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (3.2.13)
+      actionmailer (= 3.2.13)
+      actionpack (= 3.2.13)
+      activerecord (= 3.2.13)
+      activeresource (= 3.2.13)
+      activesupport (= 3.2.13)
+      bundler (~> 1.0)
+      railties (= 3.2.13)
+    railties (3.2.13)
+      actionpack (= 3.2.13)
+      activesupport (= 3.2.13)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (10.0.4)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rspec (2.13.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rspec-core (2.13.1)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.1)
+    sinatra (1.3.6)
+      rack (~> 1.4)
+      rack-protection (~> 1.3)
+      tilt (~> 1.3, >= 1.3.3)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thin (1.5.1)
+      daemons (>= 1.0.9)
+      eventmachine (>= 0.12.6)
+      rack (>= 1.0.0)
+    thor (0.18.1)
+    tilt (1.4.0)
+    treetop (1.4.12)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.37)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  omniauth-google-oauth2
+  rack-test
+  rails (~> 3.2.10)
+  rake
+  rspec
+  simple_admin_auth!
+  thin

data/lib/simple_admin_auth/application.rb

@@ -12,7 +12,7 @@ module SimpleAdminAuth
       post(path, opts, &block)
     end
 
-    get_or_post '/auth/admin/callback' do
+    get_or_post '/admin/callback' do
       auth_hash = request.env['omniauth.auth']
 
       session[:admin_user] = auth_hash['info']
@@ -26,17 +26,21 @@ module SimpleAdminAuth
       end
     end
 
-    get '/auth/admin/logout' do
+    get '/failure' do
+      erb :failure
+    end
+
+    get '/admin/logout' do
       return_to = params[:return_to] || '/'
       session[:admin_user] = nil
       redirect return_to
     end
 
-    get '/auth/admin/login' do
+    get '/admin/login' do
       erb :login
     end
 
-    get '/auth/admin/bootstrap.css' do
+    get '/admin/bootstrap.css' do
       send_file File.join(File.dirname(__FILE__), '../../static/css/bootstrap.min.css')
     end
 
@@ -69,7 +73,31 @@ __END__
 <body>
 <div id="content">
   <p>You need to sign in to continue.</p>
-  <a class="btn btn-large" href="/auth/admin">Sign in via Google Apps</a>
+  <a class="btn btn-large" href="/auth/admin">Sign in</a>
+</div>
+
+</body>
+</html>
+
+@@ failure
+<html>
+<head><title>Admin Login</title>
+  <link rel="stylesheet" href="/auth/admin/bootstrap.css" />
+  <style type="text/css">
+    body {
+      background-color: #F9F9F9;
+    }
+
+    #content {
+      text-align: center;
+      margin: 200px auto;
+    }
+  </style>
+</head>
+<body>
+<div id="content">
+  <p>Authentication failed.</p>
+  <a class="btn btn-large" href="/auth/admin">Sign in</a>
 </div>
 
 </body>

data/lib/simple_admin_auth/builder.rb

@@ -1,6 +1,5 @@
 require 'omniauth'
 require 'omniauth/builder'
-require 'omniauth/strategies/google_apps'
 require 'simple_admin_auth/application'
 
 module SimpleAdminAuth
@@ -9,7 +8,10 @@ module SimpleAdminAuth
       super(*args)
 
       use SimpleAdminAuth::LoginRedirect
-      use SimpleAdminAuth::Application
+
+      map '/auth' do
+        use SimpleAdminAuth::Application
+      end
     end
   end
 end

data/lib/simple_admin_auth/openid_ssl.rb

@@ -0,0 +1,26 @@
+# TODO: this does not belong in this gem, but where should it be?
+require 'openid/fetchers'
+
+if OpenID.fetcher.ca_file.nil?
+  # To override the location, set OpenID.fetcher.ca_file before this file is required
+  # TODO: This is fairly OS-specific. Is there any gem that allows us to do this in a cross-platform manner?
+
+  CA_CERT_LOCATIONS = [
+      '/usr/lib/ssl/certs/ca-certificates.crt',     # Ubuntu/Debian
+      '/etc/ssl/certs/ca-certificates.crt',         # Ubuntu/Debian
+      '/opt/local/share/curl/curl-ca-bundle.crt',   # Mac - sudo port install curl-ca-bundle
+  ]
+
+  CA_CERT_LOCATIONS.each do |location|
+    if File.exist? location
+      OpenID.fetcher.ca_file = location
+      break
+    end
+  end
+
+  if OpenID.fetcher.ca_file.nil?
+    # We don't want OpenID to default to not using any CA certs.
+    OpenID.fetcher.ca_file = 'Please specify OpenID.fetcher.ca_file'
+    raise StandardError, 'CA certificates not found. Please specify OpenID.fetcher.ca_file.'
+  end
+end

data/lib/simple_admin_auth/{rack.rb → require_admin.rb}

@@ -1,5 +1,5 @@
 module SimpleAdminAuth
-  class Rack
+  class RequireAdmin
     def initialize(app, options={})
       @app = app
     end

data/lib/simple_admin_auth/version.rb

@@ -1,3 +1,3 @@
 module SimpleAdminAuth
-  VERSION = "0.0.4"
+  VERSION = "0.1.0"
 end

data/simple_admin_auth.gemspec

@@ -18,6 +18,5 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
 
   gem.add_dependency 'omniauth'
-  gem.add_dependency 'omniauth-google-apps'
   gem.add_dependency 'sinatra'
 end

data/spec/application_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+require 'simple_admin_auth/application'
+
+
+describe Application do
+  def app
+    Application
+  end
+
+  it "should present a login screen" do
+    get '/admin/login', nil, {}
+    last_response.should be_ok
+    last_response.body.should =~ /You need to sign in to continue\./
+  end
+
+  it "should render a failure page" do
+    get '/failure', nil, {}
+    last_response.should be_ok
+    last_response.body.should =~ /Authentication failed\./
+  end
+
+end

data/spec/dummy/.gitignore

@@ -0,0 +1 @@
+*.log

data/spec/dummy/application.rb

@@ -0,0 +1,34 @@
+# This is an absolute minimal Rails application
+
+require 'rails'
+require 'action_controller/railtie'
+
+class Dummy < Rails::Application
+  config.session_store :cookie_store, :key => 'jiez4Mielu1AiHugog3shiiPhe3lai3faerooJohGo0rah5Mod'
+  config.secret_token = 'ni6aeph6aeriBiphesh8omahv6cohpue5Quah5ceiMohtuvei8'
+
+  config.logger = Logger.new(File.expand_path('../test.log', __FILE__))
+  Rails.logger = config.logger
+
+  config.middleware.use SimpleAdminAuth::Builder do
+    provider :developer, name: 'admin'
+  end
+
+  routes.draw do
+    get '/'  => 'dummy#index'
+
+    constraints SimpleAdminAuth::Authenticate do
+      get '/protected/test' => 'dummy#protected'
+    end
+  end
+end
+
+class DummyController < ActionController::Base
+  def index
+    render text: 'Home'
+  end
+
+  def protected
+    render text: 'Admin'
+  end
+end

data/spec/integration_examples.rb

@@ -0,0 +1,44 @@
+shared_examples "integration" do
+
+  it "should get the unprotected index page" do
+    get '/'
+    last_response.status.should == 200
+    last_response.body.should =~ /Home/
+    last_response.should be_ok
+  end
+
+  it "should present a login screen" do
+    get '/auth/admin/login', nil, {}
+    last_response.status.should == 200
+    last_response.body.should =~ /You need to sign in to continue\./
+    last_response.should be_ok
+  end
+
+  it "should redirect a protected page to the login page" do
+    get '/protected/test'
+    last_response.status.should == 302
+    follow_redirect!
+    last_request.url.should =~ /auth\/admin\/login$/
+    last_response.status.should == 200
+    last_request.env['rack.session'][:admin_login_return_url].should =~ /protected\/test$/
+  end
+
+  it "should login" do
+    get '/protected/test'
+    # Redirect to login page
+    follow_redirect!
+
+    # Click the login button
+    get '/auth/admin'
+    last_response.status.should == 302
+    follow_redirect!
+
+    # Mock strategy immediately redirects to the callback
+    last_request.url.should =~ /auth\/admin\/callback$/
+    follow_redirect!
+
+    # We should be redirected back to the original page
+    last_request.url.should =~ /\/protected\/test$/
+    last_response.should be_ok
+  end
+end

data/spec/rack_integration_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+require 'simple_admin_auth'
+require 'simple_admin_auth/require_admin'
+require 'integration_examples'
+
+describe "Rack Integration" do
+  let(:app) do
+
+    Rack::Builder.new do
+      use Rack::Session::Cookie, secret: 'some_secret_this_is'
+
+      use SimpleAdminAuth::Builder do
+        provider :developer, name: 'admin'
+      end
+
+      map "/protected" do
+        # This middleware only allows signed-in users to access this app.
+        use SimpleAdminAuth::RequireAdmin
+        run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['Admin']] }
+      end
+
+      map "/" do
+        # Any user may access this.
+        run lambda { |env| [200, {'Content-Type' => 'text/html'}, ['Home']] }
+      end
+    end
+  end
+
+  include_examples 'integration'
+
+end

data/spec/rails_integration_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+require 'simple_admin_auth'
+require 'integration_examples'
+
+begin
+  require 'rails'
+
+  # Configure the Rails application
+  ENV["RAILS_ENV"] = "test"
+  require 'dummy/application'
+
+
+  describe "Rails Integration" do
+    let(:app) do
+      Rails.application
+    end
+
+    include_examples 'integration'
+  end
+rescue LoadError
+  # Cannot find Rails - skip these tests
+end

data/spec/spec_helper.rb

@@ -0,0 +1,14 @@
+require 'rspec'
+require 'rack/test'
+
+require 'simple_admin_auth'
+
+include SimpleAdminAuth
+
+RSpec.configure do |conf|
+  conf.include Rack::Test::Methods
+end
+
+
+OmniAuth.config.add_mock(:admin, {:uid => '12345'})
+OmniAuth.config.test_mode = true

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simple_admin_auth
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.1.0
 platform: ruby
 authors:
 - Ralf Kistner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-19 00:00:00.000000000 Z
+date: 2013-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -24,20 +24,6 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: omniauth-google-apps
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -61,19 +47,34 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .ruby-version
+- .travis.yml
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
 - config.ru
+- gemfiles/rack1.5.gemfile
+- gemfiles/rack1.5.gemfile.lock
+- gemfiles/rails3.2.gemfile
+- gemfiles/rails3.2.gemfile.lock
 - lib/simple_admin_auth.rb
 - lib/simple_admin_auth/application.rb
 - lib/simple_admin_auth/authenticated.rb
 - lib/simple_admin_auth/builder.rb
 - lib/simple_admin_auth/login_redirect.rb
-- lib/simple_admin_auth/rack.rb
+- lib/simple_admin_auth/openid_ssl.rb
+- lib/simple_admin_auth/require_admin.rb
 - lib/simple_admin_auth/version.rb
 - simple_admin_auth.gemspec
+- spec/application_spec.rb
+- spec/dummy/.gitignore
+- spec/dummy/application.rb
+- spec/integration_examples.rb
+- spec/rack_integration_spec.rb
+- spec/rails_integration_spec.rb
+- spec/spec_helper.rb
 - static/css/bootstrap.min.css
 homepage: ''
 licenses: []
@@ -98,4 +99,11 @@ rubygems_version: 2.0.3
 signing_key: 
 specification_version: 4
 summary: Simple admin authentication using Google Apps
-test_files: []
+test_files:
+- spec/application_spec.rb
+- spec/dummy/.gitignore
+- spec/dummy/application.rb
+- spec/integration_examples.rb
+- spec/rack_integration_spec.rb
+- spec/rails_integration_spec.rb
+- spec/spec_helper.rb