sinatra_auth_github 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +37 -39
- data/lib/sinatra/auth/github.rb +24 -10
- data/sinatra_auth_github.gemspec +2 -2
- data/spec/app.rb +1 -1
- metadata +7 -7
data/README.md
CHANGED
|
@@ -3,58 +3,56 @@ sinatra_auth_github
|
|
|
3
3
|
|
|
4
4
|
A sinatra extension that provides oauth authentication to github. Find out more about enabling your application at github's [oauth quickstart](http://gist.github.com/419219).
|
|
5
5
|
|
|
6
|
-
To test it out on localhost set your callback url to 'http://localhost:
|
|
6
|
+
To test it out on localhost set your callback url to 'http://localhost:9393/auth/github/callback'
|
|
7
7
|
|
|
8
|
-
|
|
8
|
+
The gist of this project is to provide a few things easily:
|
|
9
|
+
|
|
10
|
+
* authenticate a user against github's oauth service
|
|
11
|
+
* provide an easy way to make API requests for the authenticated user
|
|
12
|
+
* optionally restrict users to a specific github organization
|
|
13
|
+
* optionally restrict users to a specific github team
|
|
14
|
+
|
|
15
|
+
Installation
|
|
16
|
+
============
|
|
9
17
|
|
|
10
|
-
|
|
18
|
+
% gem install sinatra_auth_github
|
|
11
19
|
|
|
12
|
-
|
|
13
|
-
|
|
20
|
+
Running the Example
|
|
21
|
+
===================
|
|
14
22
|
% gem install bundler
|
|
15
23
|
% bundle install
|
|
16
|
-
% GITHUB_CLIENT_ID="<from GH>" GITHUB_CLIENT_SECRET="<from GH>" bundle exec
|
|
24
|
+
% GITHUB_CLIENT_ID="<from GH>" GITHUB_CLIENT_SECRET="<from GH>" bundle exec rackup -p9393
|
|
25
|
+
|
|
26
|
+
There's an example app in [spec/app.rb](/atmos/sinatra_auth_github/blob/master/spec/app.rb).
|
|
17
27
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
class App < Sinatra::Base
|
|
21
|
-
enable :sessions
|
|
28
|
+
Example App Functionality
|
|
29
|
+
=========================
|
|
22
30
|
|
|
23
|
-
|
|
24
|
-
# GitHub Provided secrets
|
|
25
|
-
:secret => ENV['GITHUB_CLIENT_SECRET'],
|
|
26
|
-
:client_id => ENV['GITHUB_CLIENT_ID'],
|
|
31
|
+
You can simply authenticate via GitHub by hitting http://localhost:9292
|
|
27
32
|
|
|
28
|
-
|
|
29
|
-
:scopes => 'user,offline_access',
|
|
33
|
+
You can check organization membership by hitting http://localhost:9292/orgs/github
|
|
30
34
|
|
|
31
|
-
|
|
32
|
-
:organization => "github",
|
|
35
|
+
You can check team membership by hitting http://localhost:9292/teams/42
|
|
33
36
|
|
|
34
|
-
|
|
35
|
-
:team => nil # || 42
|
|
36
|
-
}
|
|
37
|
+
All unsuccessful authentication requests get sent to the securocat denied page.
|
|
37
38
|
|
|
38
|
-
|
|
39
|
+
API Requests
|
|
40
|
+
============
|
|
39
41
|
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
end
|
|
42
|
+
The extension also provides a simple way to do get requests against the
|
|
43
|
+
GitHub API as the authenticated user.
|
|
43
44
|
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
github_request("repos/show/#{github_user.login}")
|
|
47
|
-
end
|
|
45
|
+
def repos
|
|
46
|
+
github_request("user/repos")
|
|
48
47
|
end
|
|
49
48
|
|
|
50
|
-
|
|
51
|
-
"Hello There, #{github_user.name}!#{github_user.token}\n#{repos.inspect}"
|
|
52
|
-
end
|
|
49
|
+
There's awesome docs on the v3 API [available here](http://developer.github.com/v3/).
|
|
53
50
|
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
51
|
+
Extension Options
|
|
52
|
+
=================
|
|
53
|
+
|
|
54
|
+
* `:scopes` - The OAuth2 scopes you require, [Learn More](http://gist.github.com/419219)
|
|
55
|
+
* `:secret` - The client secret that GitHub provides
|
|
56
|
+
* `:client_id` - The client id that GitHub provides
|
|
57
|
+
* `:failure_app` - A Sinatra::Base class that has a route for `/authenticated`, Useful for overriding the securocat default page.
|
|
58
|
+
* `:callback_url` - The path that GitHub posts back to, defaults to `/auth/github/callback`.
|
data/lib/sinatra/auth/github.rb
CHANGED
|
@@ -5,14 +5,17 @@ require 'rest_client'
|
|
|
5
5
|
module Sinatra
|
|
6
6
|
module Auth
|
|
7
7
|
module Github
|
|
8
|
-
VERSION = "0.1.
|
|
8
|
+
VERSION = "0.1.2"
|
|
9
9
|
|
|
10
|
+
# Simple way to serve an image early in the stack and not get blocked by
|
|
11
|
+
# application level before filters
|
|
10
12
|
class AccessDenied < Sinatra::Base
|
|
11
13
|
get '/_images/securocat.png' do
|
|
12
14
|
send_file(File.join(File.dirname(__FILE__), "views", "securocat.png"))
|
|
13
15
|
end
|
|
14
16
|
end
|
|
15
17
|
|
|
18
|
+
# The default failure application, this is overridable from the extension config
|
|
16
19
|
class BadAuthentication < Sinatra::Base
|
|
17
20
|
helpers do
|
|
18
21
|
def unauthorized_template
|
|
@@ -43,6 +46,9 @@ module Sinatra
|
|
|
43
46
|
warden.logout
|
|
44
47
|
end
|
|
45
48
|
|
|
49
|
+
# The authenticated user object
|
|
50
|
+
#
|
|
51
|
+
# Supports a variety of methods, name, full_name, email, etc
|
|
46
52
|
def github_user
|
|
47
53
|
warden.user
|
|
48
54
|
end
|
|
@@ -81,7 +87,7 @@ module Sinatra
|
|
|
81
87
|
def github_organization_access?(name)
|
|
82
88
|
orgs = github_request("orgs/#{name}/members")
|
|
83
89
|
orgs.map { |org| org["login"] }.include?(github_user.login)
|
|
84
|
-
rescue RestClient::Unauthorized, RestClient::ResourceNotFound => e
|
|
90
|
+
rescue RestClient::Forbidden, RestClient::Unauthorized, RestClient::ResourceNotFound => e
|
|
85
91
|
false
|
|
86
92
|
end
|
|
87
93
|
|
|
@@ -93,16 +99,25 @@ module Sinatra
|
|
|
93
99
|
def github_team_access?(team_id)
|
|
94
100
|
members = github_request("teams/#{team_id}/members")
|
|
95
101
|
members.map { |user| user["login"] }.include?(github_user.login)
|
|
96
|
-
rescue RestClient::Unauthorized, RestClient::ResourceNotFound => e
|
|
102
|
+
rescue RestClient::Forbidden, RestClient::Unauthorized, RestClient::ResourceNotFound => e
|
|
97
103
|
false
|
|
98
104
|
end
|
|
99
105
|
|
|
100
|
-
#
|
|
106
|
+
# Enforce user membership to the named organization
|
|
107
|
+
#
|
|
108
|
+
# name - the organization to test membership against
|
|
109
|
+
#
|
|
110
|
+
# Returns an execution halt if the user is not a member of the named org
|
|
101
111
|
def github_organization_authenticate!(name)
|
|
102
112
|
authenticate!
|
|
103
113
|
halt([401, "Unauthorized User"]) unless github_organization_access?(name)
|
|
104
114
|
end
|
|
105
115
|
|
|
116
|
+
# Enforce user membership to the team id
|
|
117
|
+
#
|
|
118
|
+
# team_id - the team_id to test membership against
|
|
119
|
+
#
|
|
120
|
+
# Returns an execution halt if the user is not a member of the team
|
|
106
121
|
def github_team_authenticate!(team_id)
|
|
107
122
|
authenticate!
|
|
108
123
|
halt([401, "Unauthorized User"]) unless github_team_access?(team_id)
|
|
@@ -120,10 +135,9 @@ module Sinatra
|
|
|
120
135
|
|
|
121
136
|
manager.failure_app = app.github_options[:failure_app] || BadAuthentication
|
|
122
137
|
|
|
123
|
-
manager[:github_secret] = app.github_options[:secret]
|
|
124
|
-
manager[:github_scopes] = app.github_options[:scopes]
|
|
125
|
-
manager[:github_client_id] = app.github_options[:client_id]
|
|
126
|
-
manager[:github_organization] = app.github_options[:organization] || nil
|
|
138
|
+
manager[:github_secret] = app.github_options[:secret] || ENV['GITHUB_CLIENT_SECRET']
|
|
139
|
+
manager[:github_scopes] = app.github_options[:scopes] || 'email,offline_access'
|
|
140
|
+
manager[:github_client_id] = app.github_options[:client_id] || ENV['GITHUB_CLIENT_ID']
|
|
127
141
|
manager[:github_callback_url] = app.github_options[:callback_url] || '/auth/github/callback'
|
|
128
142
|
end
|
|
129
143
|
|
|
@@ -131,9 +145,9 @@ module Sinatra
|
|
|
131
145
|
|
|
132
146
|
app.get '/auth/github/callback' do
|
|
133
147
|
authenticate!
|
|
134
|
-
|
|
148
|
+
return_to = session.delete('return_to') || _relative_url_for('/')
|
|
149
|
+
redirect return_to
|
|
135
150
|
end
|
|
136
|
-
|
|
137
151
|
end
|
|
138
152
|
end
|
|
139
153
|
end
|
data/sinatra_auth_github.gemspec
CHANGED
|
@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
|
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |s|
|
|
5
5
|
s.name = "sinatra_auth_github"
|
|
6
|
-
s.version = "0.1.
|
|
6
|
+
s.version = "0.1.2"
|
|
7
7
|
s.platform = Gem::Platform::RUBY
|
|
8
8
|
s.authors = ["Corey Donohoe"]
|
|
9
9
|
s.email = ["atmos@atmos.org"]
|
|
@@ -15,7 +15,7 @@ Gem::Specification.new do |s|
|
|
|
15
15
|
|
|
16
16
|
s.add_dependency "sinatra", "~>1.0"
|
|
17
17
|
s.add_dependency "rest-client", "~>1.6.1"
|
|
18
|
-
s.add_dependency "warden-github", "~>0.1.
|
|
18
|
+
s.add_dependency "warden-github", "~>0.1.1"
|
|
19
19
|
|
|
20
20
|
s.add_development_dependency "rake"
|
|
21
21
|
s.add_development_dependency "rspec", "~>1.3.0"
|
data/spec/app.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sinatra_auth_github
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 31
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 0.1.
|
|
9
|
+
- 2
|
|
10
|
+
version: 0.1.2
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Corey Donohoe
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-06-
|
|
18
|
+
date: 2011-06-27 00:00:00 -07:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|
|
@@ -57,12 +57,12 @@ dependencies:
|
|
|
57
57
|
requirements:
|
|
58
58
|
- - ~>
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
|
-
hash:
|
|
60
|
+
hash: 25
|
|
61
61
|
segments:
|
|
62
62
|
- 0
|
|
63
63
|
- 1
|
|
64
|
-
-
|
|
65
|
-
version: 0.1.
|
|
64
|
+
- 1
|
|
65
|
+
version: 0.1.1
|
|
66
66
|
type: :runtime
|
|
67
67
|
version_requirements: *id003
|
|
68
68
|
- !ruby/object:Gem::Dependency
|