warden-github 0.12.1 → 0.13.0

data/lib/warden-github.rb

@@ -1,14 +0,0 @@
-require 'warden'
-require 'oauth2'
-require 'yajl'
-
-module Warden
-  module Github
-    class GithubMisconfiguredError < StandardError; end
-  end
-end
-
-require 'warden-github/user'
-require 'warden-github/proxy'
-require 'warden-github/version'
-require 'warden-github/strategy'

data/lib/warden-github/proxy.rb

@@ -1,45 +0,0 @@
-module Warden
-  module Github
-    module Oauth
-      class Proxy
-        attr_accessor :client_id, :secret, :scopes, :oauth_domain, :callback_url
-        def initialize(client_id, secret, scopes, oauth_domain, callback_url)
-          @client_id, @secret, @scopes, @oauth_domain, @callback_url = client_id, secret, scopes, oauth_domain, callback_url
-        end
-
-        def ssl_options
-          ca_file = "/usr/lib/ssl/certs/ca-certificates.crt"
-          if File.exists?(ca_file)
-            { :ca_file => ca_file }
-          else
-            { :ca_file => ''}
-          end
-        end
-
-        def client
-          @client ||= OAuth2::Client.new(@client_id, @secret,
-                                         :ssl           => ssl_options,
-                                         :site          => oauth_domain,
-                                         :token_url     => '/login/oauth/access_token',
-                                         :authorize_url => '/login/oauth/authorize')
-        end
-
-        def api_for(code)
-          client.auth_code.get_token(code, :redirect_uri => callback_url)
-        end
-
-        def state
-          @state ||= Digest::SHA1.hexdigest(rand(36**8).to_s(36))
-        end
-
-        def authorize_url
-          client.auth_code.authorize_url(
-            :state        => state,
-            :scope        => scopes,
-            :redirect_uri => callback_url
-          )
-        end
-      end
-    end
-  end
-end

data/lib/warden-github/strategy.rb

@@ -1,83 +0,0 @@
-Warden::Strategies.add(:github) do
-  # Need to make sure that we have a pure representation of the query string.
-  # Rails adds an "action" parameter which causes the openid gem to error
-  def params
-    @params ||= Rack::Utils.parse_query(request.query_string)
-  end
-
-  def authenticate!
-    if(params['code'] && params['state'] &&
-       env['rack.session']['github_oauth_state'] &&
-       env['rack.session']['github_oauth_state'].size > 0 &&
-       params['state'] == env['rack.session']['github_oauth_state'])
-      begin
-        api = api_for(params['code'])
-
-        user_info = Yajl.load(user_info_for(api.token))
-        user_info.delete('bio') # Delete bio, as it can easily make the session cookie too long.
-
-        success!(Warden::Github::Oauth::User.new(user_info, api.token))
-      rescue OAuth2::Error
-        %(<p>Outdated ?code=#{params['code']}:</p><p>#{$!}</p><p><a href="/auth/github">Retry</a></p>)
-      end
-    else
-      env['rack.session']['github_oauth_state'] = state
-      env['rack.session']['return_to'] = env['REQUEST_URI']
-      throw(:warden, [ 302, {'Location' => authorize_url}, [ ]])
-    end
-  end
-
-  private
-
-  def state
-    oauth_proxy.state
-  end
-
-  def oauth_client
-    oauth_proxy.client
-  end
-
-  def authorize_url
-    oauth_proxy.authorize_url
-  end
-
-  def api_for(code)
-    oauth_proxy.api_for(code)
-  end
-
-  def oauth_proxy
-    @oauth_proxy ||= Warden::Github::Oauth::Proxy.new(env['warden'].config[:github_client_id],
-                                                      env['warden'].config[:github_secret],
-                                                      env['warden'].config[:github_scopes],
-                                                      env['warden'].config[:github_oauth_domain],
-                                                      callback_url)
-  end
-
-  def user_info_for(token)
-    @user_info ||= RestClient.get(github_api_uri + "/user", :params => {:access_token => token})
-  end
-
-  def callback_url
-    absolute_url(request, env['warden'].config[:github_callback_url], env['HTTP_X_FORWARDED_PROTO'])
-  end
-
-  def absolute_url(request, suffix = nil, proto = "http")
-    port_part = case request.scheme
-                when "http"
-                  request.port == 80 ? "" : ":#{request.port}"
-                when "https"
-                  request.port == 443 ? "" : ":#{request.port}"
-                end
-
-    proto = "http" if proto.nil?
-    "#{proto}://#{request.host}#{port_part}#{suffix}"
-  end
-
-  def github_api_uri
-    if ENV['OCTOKIT_API_ENDPOINT']
-      ENV['OCTOKIT_API_ENDPOINT']
-    else
-      "https://api.github.com"
-    end
-  end
-end

data/lib/warden-github/user.rb

@@ -1,159 +0,0 @@
-require 'yajl'
-require 'octokit'
-require 'rest-client'
-
-module Warden
-  module Github
-    module Oauth
-      class User < Struct.new(:attribs, :token)
-        def login
-          attribs['login']
-        end
-
-        def name
-          attribs['name']
-        end
-
-        def gravatar_id
-          attribs['gravatar_id']
-        end
-
-        def email
-          attribs['email']
-        end
-
-        def company
-          attribs['company']
-        end
-
-        # See if the user is a public member of the named organization
-        #
-        # name - the organization name
-        #
-        # Returns: true if the user is publicized as an org member
-        def publicized_organization_member?(org_name)
-          github_raw_request("orgs/#{org_name}/public_members/#{login}").code == 204
-        rescue RestClient::Forbidden, RestClient::Unauthorized, RestClient::ResourceNotFound => e
-          false
-        end
-
-        # See if the user is a member of the named organization
-        #
-        # name - the organization name
-        #
-        # Returns: true if the user has access, false otherwise
-        def organization_member?(org_name)
-          github_raw_request("orgs/#{org_name}/members/#{login}").code == 204
-        rescue RestClient::Forbidden, RestClient::Unauthorized, RestClient::ResourceNotFound => e
-          false
-        end
-
-        # See if the user is a member of the team id
-        #
-        # team_id - the team's id
-        #
-        # Returns: true if the user has access, false otherwise
-        def team_member?(team_id)
-          github_raw_request("teams/#{team_id}/members/#{login}").code == 204
-        rescue RestClient::Forbidden, RestClient::Unauthorized, RestClient::ResourceNotFound => e
-          false
-        end
-
-        # Send a V3 API PUT request to path and parses the response body
-        #
-        # path - the path on api.github.com to hit
-        # params - extra params for calling the api
-        #
-        def get(path, params)
-          github_request(path, params)
-        end
-
-        # Send a V3 API PUT request to path and parses the response body
-        #
-        # path - the path on api.github.com to hit
-        # params - extra params for calling the api
-        #
-        def post(path, params)
-          headers = {:Authorization => "token #{token}", :content_type => :json, :accept => :json}
-          res = RestClient.post("#{github_api_uri}/#{path}", params.to_json, headers)
-          Yajl.load(res)
-        end
-
-        # Send a V3 API PUT request to path and parses the response body
-        #
-        # path - the path on api.github.com to hit
-        # params - extra params for calling the api
-        #
-        def put(path, params)
-          headers = {:Authorization => "token #{token}", :content_type => :json, :accept => :json}
-          res = RestClient.put("#{github_api_uri}/#{path}", params.to_json, headers)
-          Yajl.load(res)
-        end
-
-        # Send a V3 API DELETE request to path and parses the response body
-        #
-        # path - the path on api.github.com to hit
-        # params - extra params for calling the api
-        #
-        def delete(path, params)
-          headers = {:Authorization => "token #{token}", :content_type => :json, :accept => :json}
-          res = RestClient.delete("#{github_api_uri}/#{path}", params.to_json, headers)
-          Yajl.load(res)
-        end
-
-        # Access the GitHub API from Octokit
-        #
-        # Octokit is a robust client library for the GitHub API
-        # https://github.com/pengwynn/octokit
-        #
-        # Returns a cached client object for easy use
-        def api
-          @api ||= Octokit::Client.new(:login => login, :oauth_token => token)
-        end
-
-        # Send a V3 API GET request to path and parse the response body
-        #
-        # path - the path on api.github.com to hit
-        # params - extra params for calling the api
-        #
-        # Returns a parsed JSON response
-        #
-        # Examples
-        #   github_request("/user")
-        #   # => { 'login' => 'atmos', ... }
-        #
-        #   github_request("/user/repos", {:page => 2})
-        #   # => [ { 'name' => 'gollum' ... } ]
-        def github_request(path, params = {})
-          Yajl.load(github_raw_request(path, params))
-        end
-
-        # Send a V3 API GET request to path
-        #
-        # path - the path on api.github.com to hit
-        #
-        # Returns a rest client response object
-        #
-        # Examples
-        #   github_raw_request("/user")
-        #   # => RestClient::Response
-        #
-        #   github_raw_request("/user/repos", {:page => 3})
-        #   # => RestClient::Response
-        def github_raw_request(path, params = {})
-          headers = {:Authorization => "token #{token}", :accept => :json}
-          RestClient.get("#{github_api_uri}/#{path}", headers.merge(:params => params))
-        end
-
-        private
-        def github_api_uri
-          if ENV['GITHUB_OAUTH_API_DOMAIN']
-            ENV['GITHUB_OAUTH_API_DOMAIN']
-          else
-            "https://api.github.com"
-          end
-        end
-      end
-    end
-  end
-end

data/lib/warden-github/version.rb

@@ -1,5 +0,0 @@
-module Warden
-  module Github
-    VERSION = "0.12.1"
-  end
-end

data/spec/app.rb

@@ -1,71 +0,0 @@
-require 'sinatra'
-
-module Example
-  class App < Sinatra::Base
-    enable  :sessions
-    enable  :raise_errors
-    disable :show_exceptions
-
-    use Warden::Manager do |manager|
-      manager.default_strategies :github
-      manager.failure_app = BadAuthentication
-
-      manager[:github_client_id]    = ENV['GITHUB_CLIENT_ID']     || 'ee9aa24b64d82c21535a'
-      manager[:github_secret]       = ENV['GITHUB_CLIENT_SECRET'] || 'ed8ff0c54067aefb808dab1ca265865405d08d6f'
-
-      manager[:github_scopes]       = ''
-      manager[:github_oauth_domain] = ENV['GITHUB_OAUTH_DOMAIN'] || 'https://github.com'
-      manager[:github_callback_url] = '/auth/github/callback'
-    end
-
-    helpers do
-      def ensure_authenticated
-        unless env['warden'].authenticate!
-          throw(:warden)
-        end
-      end
-
-      def user
-        env['warden'].user
-      end
-    end
-
-    get '/' do
-      ensure_authenticated
-      <<-EOS
-      <h2>Hello There, #{user.name}!</h2>
-      <h3>Rails Org Member: #{user.organization_member?('rails')}.</h3>
-      <h3>Publicized Rails Org Member: #{user.publicized_organization_member?('rails')}.</h3>
-      <h3>Rails Committer Team Member: #{user.team_member?(632)}.</h3>
-      EOS
-    end
-
-    get '/redirect_to' do
-      ensure_authenticated
-      "Hello There, #{user.name}! return_to is working!"
-    end
-
-    get '/auth/github/callback' do
-      ensure_authenticated
-      redirect '/'
-    end
-
-    get '/logout' do
-      env['warden'].logout
-      "Peace!"
-    end
-  end
-
-  class BadAuthentication < Sinatra::Base
-    get '/unauthenticated' do
-      status 403
-      "Unable to authenticate, sorry bud."
-    end
-  end
-
-  def self.app
-    @app ||= Rack::Builder.new do
-      run App
-    end
-  end
-end

data/spec/oauth_spec.rb

@@ -1,18 +0,0 @@
-require File.dirname(__FILE__) + '/spec_helper'
-
-describe "Warden::Github" do
-  it "requesting an url that requires authentication redirects to github" do
-    response = get "/"
-
-    uri = Addressable::URI.parse(response.headers["Location"])
-
-    uri.scheme.should eql('https')
-    uri.host.should eql('github.com')
-
-    params = uri.query_values
-    params['response_type'].should eql('code')
-    params['scope'].should eql('')
-    params['client_id'].should match(/\w{20}/)
-    params['redirect_uri'].should eql('http://example.org/auth/github/callback')
-  end
-end

data/spec/proxy_spec.rb

@@ -1,34 +0,0 @@
-require File.dirname(__FILE__) + '/spec_helper'
-
-describe "Warden::Github::Oauth::Proxy" do
-  before(:all) do
-    sha = Digest::SHA1.hexdigest(Time.now.to_s)
-    @proxy =  Warden::Github::Oauth::Proxy.new(sha[0..19], sha[0..39],
-                                               'user,public_repo,repo,gist',
-                                               'http://example.org',
-                                               'http://example.org/auth/github/callback')
-  end
-
-  it "returns an authorize url" do
-    uri = Addressable::URI.parse(@proxy.authorize_url)
-
-    uri.scheme.should eql('http')
-    uri.host.should eql('example.org')
-
-    params = uri.query_values
-    params['response_type'].should eql('code')
-    params['scope'].should eql('user,public_repo,repo,gist')
-    params['client_id'].should match(/\w{20}/)
-    params['redirect_uri'].should eql('http://example.org/auth/github/callback')
-  end
-
-  it "has a client object" do
-    @proxy.client.should_not be_nil
-  end
-
-  it "returns access tokens" do
-    pending "this hits the network" do
-      lambda { @proxy.access_token_for(/\w{20}/.gen) }.should_not raise_error
-    end
-  end
-end

data/spec/user_spec.rb

@@ -1,14 +0,0 @@
-require File.dirname(__FILE__) + '/spec_helper'
-
-describe "Warden::Github" do
-  let(:user) do
-    Warden::Github::Oauth::User.new({'login' => 'atmos'}, 'abcde')
-  end
-
-  it "knows the token" do
-    user.token.should eql('abcde')
-  end
-  it "can access the octokit object to make api calls" do
-    user.api.should_not be_nil
-  end
-end