sinatra_auth_github 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +37 -39
- data/lib/sinatra/auth/github.rb +24 -10
- data/sinatra_auth_github.gemspec +2 -2
- data/spec/app.rb +1 -1
- metadata +7 -7
data/README.md
CHANGED
|
@@ -3,58 +3,56 @@ sinatra_auth_github
|
|
|
3
3
|
|
|
4
4
|
A sinatra extension that provides oauth authentication to github. Find out more about enabling your application at github's [oauth quickstart](http://gist.github.com/419219).
|
|
5
5
|
|
|
6
|
-
To test it out on localhost set your callback url to 'http://localhost:
|
|
6
|
+
To test it out on localhost set your callback url to 'http://localhost:9393/auth/github/callback'
|
|
7
7
|
|
|
8
|
-
|
|
8
|
+
The gist of this project is to provide a few things easily:
|
|
9
|
+
|
|
10
|
+
* authenticate a user against github's oauth service
|
|
11
|
+
* provide an easy way to make API requests for the authenticated user
|
|
12
|
+
* optionally restrict users to a specific github organization
|
|
13
|
+
* optionally restrict users to a specific github team
|
|
14
|
+
|
|
15
|
+
Installation
|
|
16
|
+
============
|
|
9
17
|
|
|
10
|
-
|
|
18
|
+
% gem install sinatra_auth_github
|
|
11
19
|
|
|
12
|
-
|
|
13
|
-
|
|
20
|
+
Running the Example
|
|
21
|
+
===================
|
|
14
22
|
% gem install bundler
|
|
15
23
|
% bundle install
|
|
16
|
-
% GITHUB_CLIENT_ID="<from GH>" GITHUB_CLIENT_SECRET="<from GH>" bundle exec
|
|
24
|
+
% GITHUB_CLIENT_ID="<from GH>" GITHUB_CLIENT_SECRET="<from GH>" bundle exec rackup -p9393
|
|
25
|
+
|
|
26
|
+
There's an example app in [spec/app.rb](/atmos/sinatra_auth_github/blob/master/spec/app.rb).
|
|
17
27
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
class App < Sinatra::Base
|
|
21
|
-
enable :sessions
|
|
28
|
+
Example App Functionality
|
|
29
|
+
=========================
|
|
22
30
|
|
|
23
|
-
|
|
24
|
-
# GitHub Provided secrets
|
|
25
|
-
:secret => ENV['GITHUB_CLIENT_SECRET'],
|
|
26
|
-
:client_id => ENV['GITHUB_CLIENT_ID'],
|
|
31
|
+
You can simply authenticate via GitHub by hitting http://localhost:9292
|
|
27
32
|
|
|
28
|
-
|
|
29
|
-
:scopes => 'user,offline_access',
|
|
33
|
+
You can check organization membership by hitting http://localhost:9292/orgs/github
|
|
30
34
|
|
|
31
|
-
|
|
32
|
-
:organization => "github",
|
|
35
|
+
You can check team membership by hitting http://localhost:9292/teams/42
|
|
33
36
|
|
|
34
|
-
|
|
35
|
-
:team => nil # || 42
|
|
36
|
-
}
|
|
37
|
+
All unsuccessful authentication requests get sent to the securocat denied page.
|
|
37
38
|
|
|
38
|
-
|
|
39
|
+
API Requests
|
|
40
|
+
============
|
|
39
41
|
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
end
|
|
42
|
+
The extension also provides a simple way to do get requests against the
|
|
43
|
+
GitHub API as the authenticated user.
|
|
43
44
|
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
github_request("repos/show/#{github_user.login}")
|
|
47
|
-
end
|
|
45
|
+
def repos
|
|
46
|
+
github_request("user/repos")
|
|
48
47
|
end
|
|
49
48
|
|
|
50
|
-
|
|
51
|
-
"Hello There, #{github_user.name}!#{github_user.token}\n#{repos.inspect}"
|
|
52
|
-
end
|
|
49
|
+
There's awesome docs on the v3 API [available here](http://developer.github.com/v3/).
|
|
53
50
|
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
51
|
+
Extension Options
|
|
52
|
+
=================
|
|
53
|
+
|
|
54
|
+
* `:scopes` - The OAuth2 scopes you require, [Learn More](http://gist.github.com/419219)
|
|
55
|
+
* `:secret` - The client secret that GitHub provides
|
|
56
|
+
* `:client_id` - The client id that GitHub provides
|
|
57
|
+
* `:failure_app` - A Sinatra::Base class that has a route for `/authenticated`, Useful for overriding the securocat default page.
|
|
58
|
+
* `:callback_url` - The path that GitHub posts back to, defaults to `/auth/github/callback`.
|
data/lib/sinatra/auth/github.rb
CHANGED
|
@@ -5,14 +5,17 @@ require 'rest_client'
|
|
|
5
5
|
module Sinatra
|
|
6
6
|
module Auth
|
|
7
7
|
module Github
|
|
8
|
-
VERSION = "0.1.
|
|
8
|
+
VERSION = "0.1.2"
|
|
9
9
|
|
|
10
|
+
# Simple way to serve an image early in the stack and not get blocked by
|
|
11
|
+
# application level before filters
|
|
10
12
|
class AccessDenied < Sinatra::Base
|
|
11
13
|
get '/_images/securocat.png' do
|
|
12
14
|
send_file(File.join(File.dirname(__FILE__), "views", "securocat.png"))
|
|
13
15
|
end
|
|
14
16
|
end
|
|
15
17
|
|
|
18
|
+
# The default failure application, this is overridable from the extension config
|
|
16
19
|
class BadAuthentication < Sinatra::Base
|
|
17
20
|
helpers do
|
|
18
21
|
def unauthorized_template
|
|
@@ -43,6 +46,9 @@ module Sinatra
|
|
|
43
46
|
warden.logout
|
|
44
47
|
end
|
|
45
48
|
|
|
49
|
+
# The authenticated user object
|
|
50
|
+
#
|
|
51
|
+
# Supports a variety of methods, name, full_name, email, etc
|
|
46
52
|
def github_user
|
|
47
53
|
warden.user
|
|
48
54
|
end
|
|
@@ -81,7 +87,7 @@ module Sinatra
|
|
|
81
87
|
def github_organization_access?(name)
|
|
82
88
|
orgs = github_request("orgs/#{name}/members")
|
|
83
89
|
orgs.map { |org| org["login"] }.include?(github_user.login)
|
|
84
|
-
rescue RestClient::Unauthorized, RestClient::ResourceNotFound => e
|
|
90
|
+
rescue RestClient::Forbidden, RestClient::Unauthorized, RestClient::ResourceNotFound => e
|
|
85
91
|
false
|
|
86
92
|
end
|
|
87
93
|
|
|
@@ -93,16 +99,25 @@ module Sinatra
|
|
|
93
99
|
def github_team_access?(team_id)
|
|
94
100
|
members = github_request("teams/#{team_id}/members")
|
|
95
101
|
members.map { |user| user["login"] }.include?(github_user.login)
|
|
96
|
-
rescue RestClient::Unauthorized, RestClient::ResourceNotFound => e
|
|
102
|
+
rescue RestClient::Forbidden, RestClient::Unauthorized, RestClient::ResourceNotFound => e
|
|
97
103
|
false
|
|
98
104
|
end
|
|
99
105
|
|
|
100
|
-
#
|
|
106
|
+
# Enforce user membership to the named organization
|
|
107
|
+
#
|
|
108
|
+
# name - the organization to test membership against
|
|
109
|
+
#
|
|
110
|
+
# Returns an execution halt if the user is not a member of the named org
|
|
101
111
|
def github_organization_authenticate!(name)
|
|
102
112
|
authenticate!
|
|
103
113
|
halt([401, "Unauthorized User"]) unless github_organization_access?(name)
|
|
104
114
|
end
|
|
105
115
|
|
|
116
|
+
# Enforce user membership to the team id
|
|
117
|
+
#
|
|
118
|
+
# team_id - the team_id to test membership against
|
|
119
|
+
#
|
|
120
|
+
# Returns an execution halt if the user is not a member of the team
|
|
106
121
|
def github_team_authenticate!(team_id)
|
|
107
122
|
authenticate!
|
|
108
123
|
halt([401, "Unauthorized User"]) unless github_team_access?(team_id)
|
|
@@ -120,10 +135,9 @@ module Sinatra
|
|
|
120
135
|
|
|
121
136
|
manager.failure_app = app.github_options[:failure_app] || BadAuthentication
|
|
122
137
|
|
|
123
|
-
manager[:github_secret] = app.github_options[:secret]
|
|
124
|
-
manager[:github_scopes] = app.github_options[:scopes]
|
|
125
|
-
manager[:github_client_id] = app.github_options[:client_id]
|
|
126
|
-
manager[:github_organization] = app.github_options[:organization] || nil
|
|
138
|
+
manager[:github_secret] = app.github_options[:secret] || ENV['GITHUB_CLIENT_SECRET']
|
|
139
|
+
manager[:github_scopes] = app.github_options[:scopes] || 'email,offline_access'
|
|
140
|
+
manager[:github_client_id] = app.github_options[:client_id] || ENV['GITHUB_CLIENT_ID']
|
|
127
141
|
manager[:github_callback_url] = app.github_options[:callback_url] || '/auth/github/callback'
|
|
128
142
|
end
|
|
129
143
|
|
|
@@ -131,9 +145,9 @@ module Sinatra
|
|
|
131
145
|
|
|
132
146
|
app.get '/auth/github/callback' do
|
|
133
147
|
authenticate!
|
|
134
|
-
|
|
148
|
+
return_to = session.delete('return_to') || _relative_url_for('/')
|
|
149
|
+
redirect return_to
|
|
135
150
|
end
|
|
136
|
-
|
|
137
151
|
end
|
|
138
152
|
end
|
|
139
153
|
end
|
data/sinatra_auth_github.gemspec
CHANGED
|
@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
|
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |s|
|
|
5
5
|
s.name = "sinatra_auth_github"
|
|
6
|
-
s.version = "0.1.
|
|
6
|
+
s.version = "0.1.2"
|
|
7
7
|
s.platform = Gem::Platform::RUBY
|
|
8
8
|
s.authors = ["Corey Donohoe"]
|
|
9
9
|
s.email = ["atmos@atmos.org"]
|
|
@@ -15,7 +15,7 @@ Gem::Specification.new do |s|
|
|
|
15
15
|
|
|
16
16
|
s.add_dependency "sinatra", "~>1.0"
|
|
17
17
|
s.add_dependency "rest-client", "~>1.6.1"
|
|
18
|
-
s.add_dependency "warden-github", "~>0.1.
|
|
18
|
+
s.add_dependency "warden-github", "~>0.1.1"
|
|
19
19
|
|
|
20
20
|
s.add_development_dependency "rake"
|
|
21
21
|
s.add_development_dependency "rspec", "~>1.3.0"
|
data/spec/app.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sinatra_auth_github
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 31
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 0.1.
|
|
9
|
+
- 2
|
|
10
|
+
version: 0.1.2
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Corey Donohoe
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-06-
|
|
18
|
+
date: 2011-06-27 00:00:00 -07:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|
|
@@ -57,12 +57,12 @@ dependencies:
|
|
|
57
57
|
requirements:
|
|
58
58
|
- - ~>
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
|
-
hash:
|
|
60
|
+
hash: 25
|
|
61
61
|
segments:
|
|
62
62
|
- 0
|
|
63
63
|
- 1
|
|
64
|
-
-
|
|
65
|
-
version: 0.1.
|
|
64
|
+
- 1
|
|
65
|
+
version: 0.1.1
|
|
66
66
|
type: :runtime
|
|
67
67
|
version_requirements: *id003
|
|
68
68
|
- !ruby/object:Gem::Dependency
|