sso-auth 0.0.6 → 0.0.7

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: adf457dcf0eac446e4be9b4019d8944c0abf1732
+  data.tar.gz: 628575cfab94a454fc20fbcd9d5c5ec7137cd0df
+SHA512:
+  metadata.gz: bca87b39ca118375066f7797f82a718d3b06d8e3d3898777f9fe41b9366de39c10d6558a4d425e40a624b6320523d888c92e1eb73a9a05503cffe148707a1aaf
+  data.tar.gz: d00ae8083fec8f2465c8db79795af519aa6eda801d83c4c5b415930a4c001c4474042a1755ce3ff2a9bd35ee6e40dbf2325d349052ff8b7daf310f9b7deab031

data/README.rdoc

@@ -6,23 +6,17 @@ Gemfile
 
   gem 'sso-auth'
 
+Run
+  bin/rails g sso:auth:install
+
 Layout
 
   <body>
-    <%= render :partial => "sso_auth/shared/header" %>
+    <%= render :partial => "sso-auth/shared/user_box" %>
     ...
     <%= yield %>
-    ...
-    <%= render :partial => "sso_auth/shared/footer" %>
   </body>
 
-Stylesheet
-
-  *= require ...
-  *= require sso_auth/shared // common styles
-  *= require custom_sso_auth // customize styles
-  */
-
 == License
 
-This project rocks and uses MIT-LICENSE.
+This project rocks and uses MIT-LICENSE.

data/app/controllers/{sso_auth → sso/auth}/omniauth_callbacks_controller.rb

@@ -1,6 +1,6 @@
 # encoding: utf-8
 
-class SsoAuth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+class Sso::Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
   def identity
     sign_in User.find_or_create_by_omniauth_hash(request.env['omniauth.auth']), :event => :authentication
     flash[:notice] = I18n.t('devise.omniauth_callbacks.success', :kind => I18n.t('sso-auth.provider.title'))

data/app/controllers/{sso_auth → sso/auth}/sessions_controller.rb

@@ -1,4 +1,4 @@
-class SsoAuth::SessionsController < ApplicationController
+class Sso::Auth::SessionsController < ApplicationController
   def destroy
     reset_session
     redirect_to "#{Settings['sso.url']}/users/sign_out?redirect_uri=#{CGI.escape(redirect_uri)}"

data/config/initializers/devise.rb

@@ -1,13 +1,19 @@
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
+  # The secret key used by Devise. Devise uses this key to generate
+  # random tokens. Changing this key will render invalid all existing
+  # confirmation, reset password and unlock tokens in the database.
+  config.secret_key = Settings['devise.secret']
+
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
-  # note that it will be overwritten if you use your own mailer class with default "from" parameter.
-  # config.mailer_sender = "please-change-me-at-config-initializers-devise@example.com"
+  # note that it will be overwritten if you use your own mailer class
+  # with default "from" parameter.
+  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
 
   # Configure the class responsible to send e-mails.
-  # config.mailer = "Devise::Mailer"
+  # config.mailer = 'Devise::Mailer'
 
   # ==> ORM configuration
   # Load and configure the ORM. Supports :active_record (default) and
@@ -35,12 +41,12 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = []
+  config.case_insensitive_keys = [ :email ]
 
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
   # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = []
+  config.strip_whitespace_keys = [ :email ]
 
   # Tell if authentication through request.params is enabled. True by default.
   # It can be set to an array that will enable params authentication only for the
@@ -48,17 +54,18 @@ Devise.setup do |config|
   # enable it only for database (email + password) authentication.
   # config.params_authenticatable = true
 
-  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # Tell if authentication through HTTP Auth is enabled. False by default.
   # It can be set to an array that will enable http authentication only for the
-  # given strategies, for example, `config.http_authenticatable = [:token]` will
-  # enable it only for token authentication.
+  # given strategies, for example, `config.http_authenticatable = [:database]` will
+  # enable it only for database authentication. The supported strategies are:
+  # :database      = Support basic authentication with authentication key + password
   # config.http_authenticatable = false
 
   # If http headers should be returned for AJAX requests. True by default.
   # config.http_authenticatable_on_xhr = true
 
-  # The realm used in Http Basic Authentication. "Application" by default.
-  # config.http_authentication_realm = "Application"
+  # The realm used in Http Basic Authentication. 'Application' by default.
+  # config.http_authentication_realm = 'Application'
 
   # It will change confirmation, password recovery and other workflows
   # to behave the same regardless if the e-mail provided was right or wrong.
@@ -66,12 +73,18 @@ Devise.setup do |config|
   # config.paranoid = true
 
   # By default Devise will store the user in session. You can skip storage for
-  # :http_auth and :token_auth by adding those symbols to the array below.
+  # particular strategies by setting this option.
   # Notice that if you are skipping storage for all authentication paths, you
   # may want to disable generating routes to Devise's sessions controller by
   # passing :skip => :sessions to `devise_for` in your config/routes.rb
   config.skip_session_storage = [:http_auth]
 
+  # By default, Devise cleans up the CSRF token on authentication to
+  # avoid CSRF token fixation attacks. This means that, when using AJAX
+  # requests for sign in and sign up, you need to get a new CSRF token
+  # from the server. You can disable this option at your own risk.
+  # config.clean_up_csrf_token_on_authentication = true
+
   # ==> Configuration for :database_authenticatable
   # For bcrypt, this is the cost for hashing the password and defaults to 10. If
   # using other encryptors, it sets how many times you want the password re-encrypted.
@@ -82,7 +95,7 @@ Devise.setup do |config|
   config.stretches = Rails.env.test? ? 1 : 10
 
   # Setup a pepper to generate the encrypted password.
-  # config.pepper = "d38daf1ff1526d1a6df451bc2a0cea2e2eb02dafa36d59b4852177ad91e8e3e5948a04c6f68302740e2187fc75cb84c5cf8a1aceaef6b9278df7b407546ddea1"
+  # config.pepper = '<%= SecureRandom.hex(64) %>'
 
   # ==> Configuration for :confirmable
   # A period that the user is allowed to access the website even without
@@ -92,6 +105,14 @@ Devise.setup do |config|
   # the user cannot access the website without confirming his account.
   # config.allow_unconfirmed_access_for = 2.days
 
+  # A period that the user is allowed to confirm their account before their
+  # token becomes invalid. For example, if set to 3.days, the user can confirm
+  # their account within 3 days after the mail was sent, but on the fourth day
+  # their account can't be confirmed with the token any more.
+  # Default is nil, meaning there is no restriction on how long a user can take
+  # before confirming their account.
+  # config.confirm_within = 3.days
+
   # If true, requires any email changes to be confirmed (exactly the same way as
   # initial account confirmation) to be applied. Requires additional unconfirmed_email
   # db field (see migrations). Until confirmed new email is stored in
@@ -113,11 +134,11 @@ Devise.setup do |config|
   # config.rememberable_options = {}
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 6..128.
-  # config.password_length = 6..128
+  # Range for password length. Default is 8..128.
+  config.password_length = 8..128
 
   # Email regex used to validate email formats. It simply asserts that
-  # an one (and only one) @ exists in the given string. This is mainly
+  # one (and only one) @ exists in the given string. This is mainly
   # to give user feedback and not to assert the e-mail validity.
   # config.email_regexp = /\A[^@]+@[^@]+\z/
 
@@ -126,6 +147,9 @@ Devise.setup do |config|
   # time the user will be asked for credentials again. Default is 30 minutes.
   # config.timeout_in = 30.minutes
 
+  # If true, expires auth token on session timeout.
+  # config.expire_auth_token_on_timeout = false
+
   # ==> Configuration for :lockable
   # Defines which strategy will be used to lock an account.
   # :failed_attempts = Locks an account after a number of failed attempts to sign in.
@@ -149,6 +173,9 @@ Devise.setup do |config|
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
   # config.unlock_in = 1.hour
 
+  # Warn on the last attempt before the account is locked.
+  # config.last_attempt_warning = false
+
   # ==> Configuration for :recoverable
   #
   # Defines which key will be used when recovering the password for an account
@@ -164,13 +191,11 @@ Devise.setup do |config|
   # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
   # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
   # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper)
+  # REST_AUTH_SITE_KEY to pepper).
+  #
+  # Require the `devise-encryptable` gem when using anything other than bcrypt
   # config.encryptor = :sha512
 
-  # ==> Configuration for :token_authenticatable
-  # Defines name of the authentication token params key
-  # config.token_authentication_key = :auth_token
-
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
   # "users/sessions/new". It's turned off by default because it's slower if you
@@ -181,9 +206,8 @@ Devise.setup do |config|
   # devise role declared in your routes (usually :user).
   # config.default_scope = :user
 
-  # Configure sign_out behavior.
-  # Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
-  # The default is true, which means any logout action will sign out all active scopes.
+  # Set this configuration to false if you want /users/sign_out to sign out
+  # only the current scope. By default, Devise signs out all scopes.
   # config.sign_out_all_scopes = true
 
   # ==> Navigation configuration
@@ -195,7 +219,7 @@ Devise.setup do |config|
   # should add them to the navigational formats lists.
   #
   # The "*/*" below is required to match Internet Explorer requests.
-  # config.navigational_formats = ["*/*", :html]
+  # config.navigational_formats = ['*/*', :html]
 
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete
@@ -213,4 +237,18 @@ Devise.setup do |config|
   #   manager.intercept_401 = false
   #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
   # end
+
+  # ==> Mountable engine configurations
+  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
+  # is mountable, there are some extra configurations to be taken into account.
+  # The following options are available, assuming the engine is mounted as:
+  #
+  #     mount MyEngine, at: '/my_engine'
+  #
+  # The router that invoked `devise_for`, in the example above, would be:
+  # config.router_name = :my_engine
+  #
+  # When using omniauth, Devise cannot automatically set Omniauth path,
+  # so you need to do it manually. For the users scope, it would be:
+  # config.omniauth_path_prefix = '/my_engine/users/auth'
 end

data/lib/generators/sso/auth/install_generator.rb

@@ -0,0 +1,49 @@
+require 'rails/generators/migration'
+
+module Sso
+  module Auth
+    module Generators
+      class InstallGenerator < Rails::Generators::Base
+        include Rails::Generators::Migration
+
+        source_root File.expand_path('../templates', __FILE__)
+
+        def self.next_migration_number(dirname)
+          @number ||= Time.now.strftime('%Y%m%d%H%M%S').to_i
+          @number += 1
+        end
+
+        def create_models
+          template 'app/models/ability.rb'
+          template 'app/models/user.rb'
+          template 'app/models/permission.rb'
+        end
+
+        def create_controllers
+          template 'app/controllers/manage/application_controller.rb'
+        end
+
+        def add_routes
+          route "devise_scope :users do
+            get 'sign_out' => 'sso/auth/sessions#destroy', :as => :destroy_user_session
+            get 'sign_in' => redirect('/auth/auth/identity'), :as => :new_user_session
+          end"
+          route "devise_for :users, :path => 'auth', :controllers => {:omniauth_callbacks => 'sso/auth/omniauth_callbacks'}, :skip => [:sessions]"
+        end
+
+        def create_specs
+          template 'spec/models/ability_spec.rb'
+        end
+
+        def create_migrations
+          migration_template 'db/migrate/create_users.rb'
+          migration_template 'db/migrate/create_permissions.rb'
+        end
+
+        def create_403_page
+          copy_file 'public/403.html', 'public/403.html'
+        end
+      end
+    end
+  end
+end

data/lib/generators/{sso-auth/install → sso/auth}/templates/app/models/permission.rb

@@ -12,5 +12,6 @@
 #
 
 class Permission < ActiveRecord::Base
+  attr_accessible :role
   sso_auth_permission :roles => [:manager, :operator]
 end

data/lib/generators/{sso-auth/install → sso/auth}/templates/db/migrate/create_permissions.rb

@@ -7,5 +7,10 @@ class CreatePermissions < ActiveRecord::Migration
       t.timestamps
     end
     add_index :permissions, [:user_id, :role, :context_id, :context_type], :name => 'by_user_and_role_and_context', :uniq => true
+
+    User.find_or_initialize_by_uid('1').tap do | user |
+      user.save(:validate => false)
+      user.permissions.create! :role => :manager if user.permissions.empty?
+    end
   end
 end

data/lib/generators/sso/auth/templates/public/403.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Access Denied (403)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/403.html -->
+  <div class="dialog">
+    <h1>Access Denied</h1>
+    <p>You don't have permission to access this page.</p>
+  </div>
+</body>
+</html>

data/lib/sso/auth.rb

@@ -0,0 +1,10 @@
+require "sso/auth/engine"
+
+require 'cancan'
+require 'devise'
+require 'devise-russian'
+
+module Sso
+  module Auth
+  end
+end

data/lib/sso/auth/engine.rb

@@ -0,0 +1,103 @@
+module Sso
+  module Auth
+    class Engine < ::Rails::Engine
+      isolate_namespace Sso::Auth
+
+      config.after_initialize do
+        begin
+          Settings.define 'sso.url',       :env_var => 'SSO_URL',       :require => true
+          Settings.define 'sso.key',       :env_var => 'SSO_KEY',       :require => true
+          Settings.define 'sso.secret',    :env_var => 'SSO_SECRET',    :require => true
+          Settings.define 'devise.secret', :env_var => 'DEVISE_SECRET', :require => true
+
+          Settings.resolve!
+        rescue => e
+          puts "WARNING! #{e.message}"
+        end
+      end
+
+      initializer "sso_client.devise", :before => 'devise.omniauth' do |app|
+        require File.expand_path("../../../omniauth/strategies/identity", __FILE__)
+        Devise.setup do |config|
+          config.omniauth :identity, Settings['sso.key'], Settings['sso.secret'], :client_options => { :site => Settings['sso.url'] }
+        end
+      end
+
+      config.to_prepare do
+        ActionController::Base.class_eval do
+          define_singleton_method :sso_authenticate_and_authorize do
+            before_filter :authenticate_user!
+            before_filter :authorize_manage_application!
+            rescue_from CanCan::AccessDenied do |exception|
+              render :file => "#{Rails.root}/public/403", :formats => [:html], :status => 403, :layout => false
+            end
+          end
+
+          define_singleton_method :sso_load_and_authorize_resource do
+            sso_authenticate_and_authorize
+            inherit_resources
+            load_and_authorize_resource
+          end
+
+          protected
+
+          define_method :authorize_manage_application! do
+            authorize! :manage, :application
+          end
+        end
+        ActiveRecord::Base.class_eval do
+          def self.sso_auth_user
+            has_many :permissions, :dependent => :destroy
+
+            devise :omniauthable, :trackable, :timeoutable
+
+            Permission.available_roles.each do |role|
+              define_method "#{role}_of?" do |context|
+                permissions.for_role(role).for_context(context).exists?
+              end
+              define_method "#{role}?" do
+                permissions.for_role(role).exists?
+              end
+            end
+
+            define_method :sso_auth_name do
+              email? ? "#{name} <#{email}>" : name
+            end
+
+            define_singleton_method :find_or_create_by_omniauth_hash do |omniauth_hash|
+              user = User.find_by_uid(omniauth_hash[:uid])
+              user ||= User.find_by_email(omniauth_hash[:info][:email]) if omniauth_hash[:info][:email].present?
+              user ||= User.new
+              user.uid = omniauth_hash[:uid]
+              attributes = omniauth_hash[:extra][:raw_info][:user].dup || {}
+              attributes.delete(:uid)
+              attributes = attributes.merge(omniauth_hash[:info])
+              attributes[:raw_info] = omniauth_hash[:extra][:raw_info].to_json
+              attributes.each do |attribute, value|
+                user.send("#{attribute}=", value) if user.respond_to?("#{attribute}=")
+              end
+              user.save(:validate => false)
+              user
+            end
+          end
+
+          def self.sso_auth_permission(options)
+            define_singleton_method :available_roles do
+              options[:roles].map(&:to_s)
+            end
+
+            belongs_to :context, :polymorphic => true
+            belongs_to :user
+
+            validates_inclusion_of  :role, :in => available_roles + available_roles.map(&:to_sym)
+            validates_presence_of   :role, :user
+            validates_uniqueness_of :role, :scope => [:user_id, :context_id, :context_type]
+
+            scope :for_role,    ->(role)    { where(:role => role) }
+            scope :for_context, ->(context) { where(:context_id => context.try(:id), :context_type => context.try(:class)) }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sso/auth/spec_helper.rb

@@ -0,0 +1,50 @@
+module Sso
+  module Auth
+    module SpecHelper
+
+      def ability_for(user)
+        Ability.new(user)
+      end
+
+      def create_user
+        @sequence ||= 0
+        @sequence += 1
+        User.new.tap do |user|
+          user.uid = @sequence
+          user.save(:validate => false)
+        end
+      end
+
+      def user_with_role(role, context=nil, prefix=nil, user=nil)
+        @roles ||= {}
+        @roles["#{prefix}_#{role}"] ||= {}
+        @roles["#{prefix}_#{role}"][context] ||= (user || create_user).tap do |user|
+          user.permissions.create!({:context => context, :role => role}, :without_protection => true)
+        end
+      end
+
+      def user
+        @user ||= create_user
+      end
+
+      def another_user
+        @another_user ||= create_user
+      end
+
+      Permission.available_roles.each do | role |
+        define_method "#{role}_of" do |context, params={}|
+          user_with_role role, context, nil, params[:user]
+        end
+        define_method "#{role}" do
+          self.send("#{role}_of", nil)
+        end
+        define_method "another_#{role}_of" do |context, params={}|
+          user_with_role role, context, "another", params[:user]
+        end
+        define_method "another_#{role}" do
+          self.send("another_#{role}_of", nil)
+        end
+      end
+    end
+  end
+end

data/lib/sso/auth/version.rb

@@ -0,0 +1,5 @@
+module Sso
+  module Auth
+    VERSION = "0.0.7"
+  end
+end

metadata

@@ -1,174 +1,167 @@
 --- !ruby/object:Gem::Specification
 name: sso-auth
 version: !ruby/object:Gem::Version
-  version: 0.0.6
-  prerelease: 
+  version: 0.0.7
 platform: ruby
 authors:
 - http://openteam.ru
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-15 00:00:00.000000000 Z
+date: 2013-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cancan
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: configliere
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: devise-russian
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: annotate
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: shoulda-matchers
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Description of SsoAuth.
@@ -178,58 +171,50 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- app/controllers/sso_auth/omniauth_callbacks_controller.rb
-- app/controllers/sso_auth/sessions_controller.rb
+- app/controllers/sso/auth/omniauth_callbacks_controller.rb
+- app/controllers/sso/auth/sessions_controller.rb
 - app/views/sso-auth/shared/_user_box.html.erb
 - config/initializers/devise.rb
 - config/locales/en.yml
 - config/locales/ru.yml
-- config/routes.rb
-- lib/generators/sso-auth/install/install_generator.rb
-- lib/generators/sso-auth/install/templates/app/controllers/manage/application_controller.rb
-- lib/generators/sso-auth/install/templates/app/models/ability.rb
-- lib/generators/sso-auth/install/templates/app/models/permission.rb
-- lib/generators/sso-auth/install/templates/app/models/user.rb
-- lib/generators/sso-auth/install/templates/db/migrate/create_permissions.rb
-- lib/generators/sso-auth/install/templates/db/migrate/create_users.rb
-- lib/generators/sso-auth/install/templates/db/seeds.rb
-- lib/generators/sso-auth/install/templates/spec/models/ability_spec.rb
+- lib/generators/sso/auth/install_generator.rb
+- lib/generators/sso/auth/templates/app/controllers/manage/application_controller.rb
+- lib/generators/sso/auth/templates/app/models/ability.rb
+- lib/generators/sso/auth/templates/app/models/permission.rb
+- lib/generators/sso/auth/templates/app/models/user.rb
+- lib/generators/sso/auth/templates/db/migrate/create_permissions.rb
+- lib/generators/sso/auth/templates/db/migrate/create_users.rb
+- lib/generators/sso/auth/templates/public/403.html
+- lib/generators/sso/auth/templates/spec/models/ability_spec.rb
 - lib/omniauth/strategies/identity.rb
-- lib/sso-auth/engine.rb
-- lib/sso-auth/spec_helper.rb
-- lib/sso-auth/version.rb
-- lib/sso-auth.rb
+- lib/sso/auth/engine.rb
+- lib/sso/auth/spec_helper.rb
+- lib/sso/auth/version.rb
+- lib/sso/auth.rb
 - MIT-LICENSE
 - Rakefile
 - README.rdoc
 homepage: 
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -4140832109074497253
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -4140832109074497253
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.1.11
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Summary of SsoAuth.
 test_files: []

data/config/routes.rb

@@ -1,11 +0,0 @@
-Rails.application.routes.draw do
-  devise_for :users, :path => 'auth',
-                     :controllers => {:omniauth_callbacks => 'sso_auth/omniauth_callbacks'},
-                     :skip => [:sessions]
-
-  devise_scope :users do
-    get 'sign_out' => 'sso-auth/sessions#destroy', :as => :destroy_user_session
-    get 'sign_in' => redirect('/auth/auth/identity'), :as => :new_user_session
-  end
-end
-

data/lib/generators/sso-auth/install/install_generator.rb

@@ -1,40 +0,0 @@
-require 'rails/generators/migration'
-
-module SsoAuth
-  module Generators
-    class InstallGenerator < Rails::Generators::Base
-      include Rails::Generators::Migration
-
-      source_root File.expand_path('../templates', __FILE__)
-
-      def self.next_migration_number(dirname)
-        @number ||= Time.now.strftime('%Y%m%d%H%M%S').to_i
-        @number += 1
-      end
-
-      def create_models
-        template 'app/models/ability.rb'
-        template 'app/models/user.rb'
-        template 'app/models/permission.rb'
-      end
-
-      def create_controllers
-        template 'app/controllers/manage/application_controller.rb'
-      end
-
-      def create_seeds
-        template 'db/seeds.rb'
-      end
-
-      def create_specs
-        template 'spec/models/ability_spec.rb'
-      end
-
-      def create_migrations
-        migration_template 'db/migrate/create_users.rb'
-        migration_template 'db/migrate/create_permissions.rb'
-      end
-
-    end
-  end
-end

data/lib/generators/sso-auth/install/templates/db/seeds.rb

@@ -1,4 +0,0 @@
-User.find_or_initialize_by_uid('1').tap do | user |
-  user.save(:validate => false)
-  user.permissions.create! :role => :manager if user.permissions.empty?
-end

data/lib/sso-auth.rb

@@ -1,7 +0,0 @@
-require "sso-auth/engine"
-
-require 'cancan'
-require 'devise'
-
-module SsoAuth
-end

data/lib/sso-auth/engine.rb

@@ -1,100 +0,0 @@
-module SsoAuth
-  class Engine < ::Rails::Engine
-    isolate_namespace SsoAuth
-
-    config.after_initialize do
-      begin
-        Settings.define 'sso.url',     :env_var => 'SSO_URL',     :require => true
-        Settings.define 'sso.key',     :env_var => 'SSO_KEY',     :require => true
-        Settings.define 'sso.secret',  :env_var => 'SSO_SECRET',  :require => true
-
-        Settings.resolve!
-      rescue => e
-        puts "WARNING! #{e.message}"
-      end
-    end
-
-    initializer "sso_client.devise", :before => 'devise.omniauth' do |app|
-      require File.expand_path("../../../lib/omniauth/strategies/identity", __FILE__)
-      Devise.setup do |config|
-        config.omniauth :identity, Settings['sso.key'], Settings['sso.secret'], :client_options => { :site => Settings['sso.url'] }
-      end
-    end
-
-    config.to_prepare do
-      ActionController::Base.class_eval do
-        define_singleton_method :sso_authenticate_and_authorize do
-          before_filter :authenticate_user!
-          before_filter :authorize_manage_application!
-          rescue_from CanCan::AccessDenied do |exception|
-            render :file => "#{Rails.root}/public/403", :formats => [:html], :status => 403, :layout => false
-          end
-        end
-
-        define_singleton_method :sso_load_and_authorize_resource do
-          sso_authenticate_and_authorize
-          inherit_resources
-          load_and_authorize_resource
-        end
-
-        protected
-
-        define_method :authorize_manage_application! do
-          authorize! :manage, :application
-        end
-      end
-      ActiveRecord::Base.class_eval do
-        def self.sso_auth_user
-          has_many :permissions, :dependent => :destroy
-
-          devise :omniauthable, :trackable, :timeoutable
-
-          Permission.available_roles.each do |role|
-            define_method "#{role}_of?" do |context|
-              permissions.for_role(role).for_context(context).exists?
-            end
-            define_method "#{role}?" do
-              permissions.for_role(role).exists?
-            end
-          end
-
-          define_method :sso_auth_name do
-            email? ? "#{name} <#{email}>" : name
-          end
-
-          define_singleton_method :find_or_create_by_omniauth_hash do |omniauth_hash|
-            user = User.find_by_uid(omniauth_hash[:uid])
-            user ||= User.find_by_email(omniauth_hash[:info][:email]) if omniauth_hash[:info][:email].present?
-            user ||= User.new
-            user.uid = omniauth_hash[:uid]
-            attributes = omniauth_hash[:extra][:raw_info][:user].dup || {}
-            attributes.delete(:uid)
-            attributes = attributes.merge(omniauth_hash[:info])
-            attributes[:raw_info] = omniauth_hash[:extra][:raw_info].to_json
-            attributes.each do |attribute, value|
-              user.send("#{attribute}=", value) if user.respond_to?("#{attribute}=")
-            end
-            user.save(:validate => false)
-            user
-          end
-        end
-
-        def self.sso_auth_permission(options)
-          define_singleton_method :available_roles do
-            options[:roles].map(&:to_s)
-          end
-
-          belongs_to :context, :polymorphic => true
-          belongs_to :user
-
-          validates_inclusion_of  :role, :in => available_roles + available_roles.map(&:to_sym)
-          validates_presence_of   :role, :user
-          validates_uniqueness_of :role, :scope => [:user_id, :context_id, :context_type]
-
-          scope :for_role,    ->(role)    { where(:role => role) }
-          scope :for_context, ->(context) { where(:context_id => context.try(:id), :context_type => context.try(:class)) }
-        end
-      end
-    end
-  end
-end

data/lib/sso-auth/spec_helper.rb

@@ -1,48 +0,0 @@
-module SsoAuth
-  module SpecHelper
-
-    def ability_for(user)
-      Ability.new(user)
-    end
-
-    def create_user
-      @sequence ||= 0
-      @sequence += 1
-      User.new.tap do |user|
-        user.uid = @sequence
-        user.save(:validate => false)
-      end
-    end
-
-    def user_with_role(role, context=nil, prefix=nil, user=nil)
-      @roles ||= {}
-      @roles["#{prefix}_#{role}"] ||= {}
-      @roles["#{prefix}_#{role}"][context] ||= (user || create_user).tap do |user|
-        user.permissions.create!({:context => context, :role => role}, :without_protection => true)
-      end
-    end
-
-    def user
-      @user ||= create_user
-    end
-
-    def another_user
-      @another_user ||= create_user
-    end
-
-    Permission.available_roles.each do | role |
-      define_method "#{role}_of" do |context, params={}|
-        user_with_role role, context, nil, params[:user]
-      end
-      define_method "#{role}" do
-        self.send("#{role}_of", nil)
-      end
-      define_method "another_#{role}_of" do |context, params={}|
-        user_with_role role, context, "another", params[:user]
-      end
-      define_method "another_#{role}" do
-        self.send("another_#{role}_of", nil)
-      end
-    end
-  end
-end

data/lib/sso-auth/version.rb

@@ -1,3 +0,0 @@
-module SsoAuth
-  VERSION = "0.0.6"
-end