Support GitHub Enterprise logins

Mike Dillon
1 parent a93c24f6
Showing 9 changed files with 71 additions and 12 deletions Show diff stats
.env.default
app/controllers/users/omniauth_callbacks_controller.rb
app/views/devise/sessions/new.html.haml
app/views/shared/_link_github_account.html.haml
app/views/users/show.html.haml
config/initializers/devise.rb
config/load.rb
docs/configuration.md
spec/initializers/devise_spec.rb
@@ -17,7 +17,9 @@ ERRBIT_PER_APP_NOTIFY_AT_NOTICES=false
 MONGO_URL='mongodb://localhost'
 ERRBIT_LOG_LEVEL=info
 ERRBIT_LOG_LOCATION=STDOUT
-GITHUB_URL='https://github.com'
+GITHUB_URL=https://github.com
 GITHUB_AUTHENTICATION=true
+GITHUB_API_URL=https://api.github.com
 GITHUB_ACCESS_SCOPE='[repo]'
+GITHUB_SITE_TITLE=GitHub
 DEVISE_MODULES='[database_authenticatable,recoverable,rememberable,trackable,validatable,omniauthable]'
@@ -3,11 +3,13 @@ class Users::OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController
     github_login = env["omniauth.auth"].extra.raw_info.login
     github_token = env["omniauth.auth"].credentials.token
     github_user  = User.where(:github_login => github_login).first
+    github_site_title = Errbit::Config.github_site_title
     if github_user.nil? && github_org_id = Errbit::Config.github_org_id
       # See if they are a member of the organization that we have access for
       # If they are, automatically create an account
       client = Octokit::Client.new(access_token: github_token)
+      client.api_endpoint = Errbit::Config.github_api_url
       org_ids = client.organizations.map { |org| org.id }
       if org_ids.include?(github_org_id)
         github_user = User.create(name: env["omniauth.auth"].extra.raw_info.name, email: env["omniauth.auth"].extra.raw_info.email)
@@ -18,21 +20,21 @@ class Users::OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController
     if current_user
       # ... unless a user is already registered with same github login
       if github_user && github_user != current_user
-        flash[:error] = "User already registered with GitHub login '#{github_login}'!"
+        flash[:error] = "User already registered with #{github_site_title} login '#{github_login}'!"
       else
         # Add github details to current user
         update_user_with_github_attributes(current_user, github_login, github_token)
-        flash[:success] = "Successfully linked GitHub account!"
+        flash[:success] = "Successfully linked #{github_site_title} account!"
       end
       # User must have clicked 'link account' from their user page, so redirect there.
       redirect_to user_path(current_user)
     elsif github_user
       # Store OAuth token
       update_user_with_github_attributes(github_user, github_login, github_token)
-      flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => "GitHub"
+      flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => github_site_title
       sign_in_and_redirect github_user, :event => :authentication
     else
-      flash[:error] = "There are no authorized users with GitHub login '#{github_login}'. Please ask an administrator to register your user account."
+      flash[:error] = "There are no authorized users with #{github_site_title} login '#{github_login}'. Please ask an administrator to register your user account."
       redirect_to new_user_session_path
     end
   end
@@ -4,7 +4,7 @@
 - if Errbit::Config.github_authentication
   - content_for :action_bar do
     %div.action-bar
-      %span.github= link_to "Sign in with GitHub", user_omniauth_authorize_path(:github)
+      %span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github)
 = form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f|
   .required
 - if Errbit::Config.github_authentication && user == current_user
   - if user.github_account?
-    %span.github= link_to "Unlink GitHub account", unlink_github_user_path(user), :method => :delete, :data => { :confirm => "Are you sure?" }
+    %span.github= link_to "Unlink #{Errbit::Config.github_site_title} account", unlink_github_user_path(user), :method => :delete, :data => { :confirm => "Are you sure?" }
   - else
-    %span.github= link_to "Link GitHub account", user_omniauth_authorize_path(:github)
+    %span.github= link_to "Link #{Errbit::Config.github_site_title} account", user_omniauth_authorize_path(:github)
@@ -21,8 +21,8 @@
       %td.main= user.username
   - if Errbit::Config.github_authentication && user.github_login.present?
     %tr
-      %th GitHub Login
-      %td.main= link_to user.github_login, "https://github.com/#{user.github_login}"
+      %th= "#{Errbit::Config.github_site_title} Login"
+      %td.main= link_to user.github_login, "#{Errbit::Config.github_url}/#{user.github_login}"
   %tr
     %th Admin?
     %td= user.admin? ? 'Y' : 'N'
@@ -236,11 +236,20 @@ Devise.setup do |config|
   # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
   if Errbit::Config.github_authentication || Rails.env.test?
+    github_options = {
+      :scope => Errbit::Config.github_access_scope.join(','),
+      :skip_info => true,
+      :client_options => {
+        :site => Errbit::Config.github_api_url,
+        :authorize_url => "#{Errbit::Config.github_url}/login/oauth/authorize",
+        :token_url => "#{Errbit::Config.github_url}/login/oauth/access_token"
+      }
+    }
+
     config.omniauth :github,
       Errbit::Config.github_client_id,
       Errbit::Config.github_secret,
-      :scope => Errbit::Config.github_access_scope.join(','),
-      :skip_info => true
+      github_options
   end
   # ==> Warden configuration
@@ -37,6 +37,8 @@ Errbit::Config = Configurator.run({
   github_secret:             ['GITHUB_SECRET'],
   github_org_id:             ['GITHUB_ORG_ID'],
   github_access_scope:       ['GITHUB_ACCESS_SCOPE'],
+  github_api_url:            ['GITHUB_API_URL'],
+  github_site_title:         ['GITHUB_SITE_TITLE'],
   email_delivery_method:     ['EMAIL_DELIVERY_METHOD', -> (values) {
     values[:email_delivery_method] && values[:email_delivery_method].to_sym
@@ -61,6 +61,9 @@ In order of precedence Errbit uses:
 <dt>GITHUB_URL
 <dd>Use this URL for interacting github. This is useful if you have a github enterprise account and you're using a URL other than https://github.com
 <dd>defaults to https://github.com
+<dt>GITHUB_API_URL</dt>
+<dd>For github enterprise accounts, the API URL could be something like https://github.example.com/api/v3</dd>
+<dd>defaults to https://api.github.com</dd>
 <dt>GITHUB_AUTHENTICATION
 <dd>Allow github sign-in via OAuth
 <dd>defaults to true
@@ -73,6 +76,9 @@ In order of precedence Errbit uses:
 <dt>GITHUB_ACCESS_SCOPE
 <dd>OAuth scope to request from users when they sign-in through github
 <dd>defaults to [repo]
+<dt>GITHUB_SITE_TITLE</dt>
+<dd>The title to use for GitHub. This value is whatever you want displayed in the Errbit UI when referring to GitHub.</dd>
+<dd>defaults to GitHub</dd>
 <dt>EMAIL_DELIVERY_METHOD
 <dd>:smtp or :sendmail, depending on how you want Errbit to send email
 <dt>SMTP_SERVER
@@ -0,0 +1,38 @@
+describe 'initializers/devise' do
+  def load_initializer
+    load File.join(Rails.root, 'config', 'initializers', 'devise.rb')
+  end
+
+  after do
+    # reset to the defaults
+    load_initializer
+  end
+
+  describe 'omniauth github' do
+    it 'sets the client options correctly for the default github_url' do
+      load_initializer
+
+      options = Devise.omniauth_configs[:github].options
+      expect(options).to have_key(:client_options)
+      expect(options[:client_options]).to eq({
+        site: 'https://api.github.com',
+        authorize_url: 'https://github.com/login/oauth/authorize',
+        token_url: 'https://github.com/login/oauth/access_token',
+      })
+    end
+
+    it 'sets the client options correctly for the a GitHub Enterprise github_url' do
+      allow(Errbit::Config).to receive(:github_url).and_return('https://github.example.com')
+      allow(Errbit::Config).to receive(:github_api_url).and_return('https://github.example.com/api/v3')
+      load_initializer
+
+      options = Devise.omniauth_configs[:github].options
+      expect(options).to have_key(:client_options)
+      expect(options[:client_options]).to eq({
+        site: 'https://github.example.com/api/v3',
+        authorize_url: 'https://github.example.com/login/oauth/authorize',
+        token_url: 'https://github.example.com/login/oauth/access_token',
+      })
+    end
+  end
+end
	@@ -4,7 +4,7 @@		@@ -4,7 +4,7 @@
4	- if Errbit::Config.github_authentication	4	- if Errbit::Config.github_authentication
5	- content_for :action_bar do	5	- content_for :action_bar do
6	%div.action-bar	6	%div.action-bar
7	- %span.github= link_to "Sign in with GitHub", user_omniauth_authorize_path(:github)	7	+ %span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github)
8		8
9	= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do \|f\|	9	= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do \|f\|
10	.required	10	.required
1	- if Errbit::Config.github_authentication && user == current_user	1	- if Errbit::Config.github_authentication && user == current_user
2	- if user.github_account?	2	- if user.github_account?
3	- %span.github= link_to "Unlink GitHub account", unlink_github_user_path(user), :method => :delete, :data => { :confirm => "Are you sure?" }	3	+ %span.github= link_to "Unlink #{Errbit::Config.github_site_title} account", unlink_github_user_path(user), :method => :delete, :data => { :confirm => "Are you sure?" }
4	- else	4	- else
5	- %span.github= link_to "Link GitHub account", user_omniauth_authorize_path(:github)	5	+ %span.github= link_to "Link #{Errbit::Config.github_site_title} account", user_omniauth_authorize_path(:github)
@@ -0,0 +1,38 @@		@@ -0,0 +1,38 @@
	1	+describe 'initializers/devise' do
	2	+ def load_initializer
	3	+ load File.join(Rails.root, 'config', 'initializers', 'devise.rb')
	4	+ end
	5	+
	6	+ after do
	7	+ # reset to the defaults
	8	+ load_initializer
	9	+ end
	10	+
	11	+ describe 'omniauth github' do
	12	+ it 'sets the client options correctly for the default github_url' do
	13	+ load_initializer
	14	+
	15	+ options = Devise.omniauth_configs[:github].options
	16	+ expect(options).to have_key(:client_options)
	17	+ expect(options[:client_options]).to eq({
	18	+ site: 'https://api.github.com',
	19	+ authorize_url: 'https://github.com/login/oauth/authorize',
	20	+ token_url: 'https://github.com/login/oauth/access_token',
	21	+ })
	22	+ end
	23	+
	24	+ it 'sets the client options correctly for the a GitHub Enterprise github_url' do
	25	+ allow(Errbit::Config).to receive(:github_url).and_return('https://github.example.com')
	26	+ allow(Errbit::Config).to receive(:github_api_url).and_return('https://github.example.com/api/v3')
	27	+ load_initializer
	28	+
	29	+ options = Devise.omniauth_configs[:github].options
	30	+ expect(options).to have_key(:client_options)
	31	+ expect(options[:client_options]).to eq({
	32	+ site: 'https://github.example.com/api/v3',
	33	+ authorize_url: 'https://github.example.com/login/oauth/authorize',
	34	+ token_url: 'https://github.example.com/login/oauth/access_token',
	35	+ })
	36	+ end
	37	+ end
	38	+end