simple_google_auth 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 916acd1b268b0efded641b43215512f3e85961e3
+  data.tar.gz: b3568a7dc9b1ed4cb78044350aaeab5a9d991ee5
+SHA512:
+  metadata.gz: 6bf85eb9a1d6f43fdd0f017828638ccb9cf00d43e1365f33ac50fb3fd3447b145dfe84af6f421a8efcfc9f55dfaad3cdefdb4760123a6290de23e19804fc0875
+  data.tar.gz: eef11d06ec10dd9d3c26173fa6715269028d039895e1fd5676b378f2d23db51ffa27909190b84a83bfbba7c35bf1ed49086629876591da5d05a6ce81bba710fd

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2014 Roger Nesbitt
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,92 @@
+# SimpleGoogleAuth
+
+Want an extremely easy integration of Google's authentication system in your Rails site?
+
+This is a dead simple gem that allows you to require a Google login for parts of your site.
+You can allow any user with a Google account, or limit access to certain users based on their
+Google e-mail address.
+
+Being simple, it's slightly limited in what it can do.  But if your goal is to put your site
+behind a Google login instead of a crusty basic auth box, it'll do the trick. 
+If you're after more power, there are quite a few gems that'll do what you're looking for,
+such as OmniAuth's Google strategy.
+
+## Installation
+
+Follow these five steps to integrate with your site.
+
+Step 1: Make yourself a project at https://cloud.google.com/console, if you haven't already.
+
+Step 2: In that project, go to the "APIs & auth" tab, then the "Credentials" tab.  Create a new client ID of application type "Web application".  Set the Authorized Redirect URI to
+`http://yoursite.com/google-callback`.  You might want to put in `http://localhost:3000/google-callback` so you can test locally too.
+
+Step 3: Add simple_google_auth to your Gemfile
+
+    gem 'simple_google_auth'
+
+Step 4: In your application.rb, put down some code inside the Application class:
+
+    SimpleGoogleAuth.configure do |config|
+      config.client_id = "the client ID as supplied by Google in step 2"
+      config.client_secret = "the client secret as supplied by Google in step 2"
+      config.redirect_uri = "http://localhost:3000/google-callback"
+      config.authenticate = lambda do |data|
+        data["email"] == "your.email@example.com"
+      end
+    end
+
+Step 5: In your application_controller.rb, add a before filter:
+
+    before_filter :redirect_if_not_google_authenticated
+
+Done!  Any request to your site will now redirect off to Google for authentication.
+A route that captures requests coming in to /google-callback is automatically created and handled for you.
+
+If you log in with `your.email@example.com`, it'll let you in to the site and take you to the page you were initially trying to go to.
+Otherwise it'll redirect to `/` (by default) with `params[:message]` set to the authentication error.
+
+## Setting up multiple environments
+
+You might want to put a different configure block in your development.rb and production.rb, each specifying
+a different redirect URI.  Just pop them on the end of the file.
+
+    # development.rb
+    SimpleGoogleAuth.configure do |config|
+      config.redirect_uri = "http://localhost:3000/google-callback"
+    end
+
+    # production.rb
+    SimpleGoogleAuth.configure do |config|
+      config.redirect_uri = "https://mysite.com/google-callback"
+    end
+
+
+## How do I tell who is logged in?
+
+Call `#google_auth_data` from your controller or view and you'll get the identification hash that Google sends back.
+
+    Welcome, <%= google_auth_data["email"] %>!
+
+Take a look at https://developers.google.com/accounts/docs/OAuth2Login#obtainuserinfo to find out more about the fields in the hash.
+
+## Configuring
+
+There are a few configuration options that can be set using `SimpleGoogleAuth.configure` as in the example above.
+
+Option | Default | Description
+--- | --- | ---
+client_id | (required) | Client ID as provided by Google.
+client_secret | (required) | Client secret as provided by Google.
+redirect_uri | (required) | Where Google should redirect to after authentication.
+redirect_path | `nil` | A route is created at this path.  If no path is specified, the path is taken from redirect_uri.
+authenticate | (required) | A lambda that's run to determine whether the user should be accepted as valid or not.  Takes one argument, a hash of identification data as provided by Google.  Should return true on success, or false if the login should not proceed.
+failed_login_path | `"/"` | Where to redirect to upon a failed login.  `params[:message]` will be set with the error that occurred.
+ca_path | `"/etc/ssl/certs"` | A path or file of SSL certificates, used to check that we're really talking to the Google servers.
+google_auth_url | `"https://accounts.google.com/o/oauth2/auth"` | Google's authentication URL.
+google_token_url | `"https://accounts.google.com/o/oauth2/token"` | Google's token URL.
+state_session_key_name | `"simple-google-auth.state"` | The name of the session variable used to store a random string used to prevent CSRF attacks during authentication.
+data_session_key_name | `"simple-google-auth.data"` | The name of the session variable used to store identification data from Google.
+
+## Licence
+
+MIT.

data/Rakefile

@@ -0,0 +1,20 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'SimpleGoogleAuth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+Bundler::GemHelper.install_tasks

data/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  get SimpleGoogleAuth.config.redirect_path || URI(SimpleGoogleAuth.config.redirect_uri).path, to: SimpleGoogleAuth::Receiver.new
+end

data/lib/simple_google_auth/controller.rb

@@ -0,0 +1,17 @@
+module SimpleGoogleAuth
+  module Controller
+    protected
+    def redirect_if_not_google_authenticated
+      redirect_to google_authentication_uri if google_auth_data.nil?
+    end
+
+    def google_authentication_uri
+      state = session[SimpleGoogleAuth.config.state_session_key_name] = SecureRandom.hex + request.path
+      SimpleGoogleAuth.uri(state)
+    end
+
+    def google_auth_data
+      session[SimpleGoogleAuth.config.data_session_key_name]
+    end
+  end
+end

data/lib/simple_google_auth/engine.rb

@@ -0,0 +1,8 @@
+module SimpleGoogleAuth
+  class Engine < ::Rails::Engine
+    initializer "simple_google_auth.load_helpers" do
+      ActionController::Base.send :include, SimpleGoogleAuth::Controller
+      ActionController::Base.send :helper_method, :google_auth_data
+    end
+  end
+end

data/lib/simple_google_auth/receiver.rb

@@ -0,0 +1,75 @@
+module SimpleGoogleAuth
+  class Receiver
+    Error = Class.new(StandardError)
+
+    def call(env)
+      request = Rack::Request.new(env)
+      config = SimpleGoogleAuth.config
+
+      ensure_params_are_correct(request, config)
+      auth_data = obtain_authentication_data(request.params["code"], config)
+      id_data = decode_id_data(auth_data)
+
+      raise Error, "Authentication failed" unless config.authenticate.call(id_data)
+
+      request.session[config.data_session_key_name] = id_data
+
+      path = request.session[config.state_session_key_name][32..-1]
+      path = "/" if path.blank?
+      [302, {"Location" => path}, [" "]]
+
+    rescue Error => e
+      uri = URI(config.failed_login_path)
+      uri.query = uri.query ? "#{uri.query}&" : ""
+      uri.query += "message=#{CGI.escape e.message}"
+      [302, {"Location" => uri.to_s}, [" "]]
+    end
+
+    protected
+    def ensure_params_are_correct(request, config)
+      if request.params["state"] != request.session[config.state_session_key_name]
+        raise Error, "Invalid state returned from Google"
+      elsif request.params["error"]
+        raise Error, "Authentication failed: #{request.params["error"]}"
+      elsif request.params["code"].nil?
+        raise Error, "No authentication code returned"
+      end
+    end
+
+    def obtain_authentication_data(code, config)
+      uri = URI(config.google_token_url)
+
+      http = Net::HTTP.new(uri.host, uri.port)
+      if uri.scheme == "https"
+        http.use_ssl = true
+        if config.ca_path
+          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          http.ca_path = config.ca_path
+        else
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          Rails.logger.warn "SimpleGoogleAuth does not have a ca_path configured; SSL with Google is not protected"
+        end
+      end
+
+      request = Net::HTTP::Post.new(uri.request_uri)
+      request.set_form_data(
+        code: code,
+        client_id: config.client_id,
+        client_secret: config.client_secret,
+        redirect_uri: config.redirect_uri,
+        grant_type: "authorization_code"
+      )
+
+      response = http.request(request)
+      raise Error, "Failed to get an access token" unless response.is_a?(Net::HTTPSuccess)
+
+      JSON.parse(response.body)
+    end
+
+    def decode_id_data(auth_data)
+      id_data_64 = auth_data["id_token"].split(".")[1]
+      id_data_64 << "=" until id_data_64.length % 3 == 0
+      id_data = JSON.parse(Base64.decode64(id_data_64))
+    end
+  end
+end

data/lib/simple_google_auth/version.rb

@@ -0,0 +1,3 @@
+module SimpleGoogleAuth
+  VERSION = "0.0.1"
+end

data/lib/simple_google_auth.rb

@@ -0,0 +1,48 @@
+module SimpleGoogleAuth
+  Config = Struct.new(
+    :client_id,
+    :client_secret,
+    :redirect_uri,
+    :redirect_path,
+    :failed_login_path,
+    :authenticate,
+    :ca_path,
+    :google_auth_url,
+    :google_token_url,
+    :state_session_key_name,
+    :data_session_key_name
+  )
+
+  mattr_accessor :config
+  self.config = Config.new
+
+  def self.configure
+    yield config
+  end
+
+  def self.uri(state)
+    query = {
+      response_type: "code",
+      client_id: config.client_id,
+      redirect_uri: config.redirect_uri,
+      scope: "openid email",
+      state: state
+    }
+
+    "#{config.google_auth_url}?" + query.map {|k, v| "#{k}=#{CGI.escape v}"}.join("&")
+  end
+end
+
+SimpleGoogleAuth.configure do |config|
+  config.ca_path = %w(/etc/ssl/certs).detect {|dir| Dir.exists?(dir)}
+  config.google_auth_url = "https://accounts.google.com/o/oauth2/auth"
+  config.google_token_url = "https://accounts.google.com/o/oauth2/token"
+  config.state_session_key_name = "simple-google-auth.state"
+  config.data_session_key_name = "simple-google-auth.data"
+  config.failed_login_path = "/"
+  config.authenticate = lambda { raise "You must define an authenticate lambda that sets the session" }
+end
+
+require 'simple_google_auth/engine'
+require 'simple_google_auth/controller'
+require 'simple_google_auth/receiver'

metadata

@@ -0,0 +1,68 @@
+--- !ruby/object:Gem::Specification
+name: simple_google_auth
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Roger Nesbitt
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-02-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+description: An extremely easy way to protect your site by requiring Google logins
+  without having to set up a traditional authentication system
+email:
+- roger@seriousorange.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- config/routes.rb
+- lib/simple_google_auth/controller.rb
+- lib/simple_google_auth/engine.rb
+- lib/simple_google_auth/receiver.rb
+- lib/simple_google_auth/version.rb
+- lib/simple_google_auth.rb
+- MIT-LICENSE
+- Rakefile
+- README.md
+homepage: https://github.com/mogest/simple_google_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.1.11
+signing_key: 
+specification_version: 4
+summary: Super simple Google authentication for your Rails site
+test_files: []