Add sign in with google omniauth

839
1 parent 6ef69937
Showing 16 changed files with 98 additions and 0 deletions Show diff stats
.env.default
Gemfile
Gemfile.lock
app/assets/stylesheets/errbit.css.erb
app/controllers/users/omniauth_callbacks_controller.rb
app/controllers/users_controller.rb
app/models/user.rb
app/views/devise/sessions/new.html.haml
app/views/shared/_link_google_account.html.haml
app/views/users/edit.html.haml
app/views/users/show.html.haml
config/initializers/devise.rb
config/load.rb
config/routes.rb
spec/acceptance/acceptance_helper.rb
spec/acceptance/sign_in_with_google_spec.rb
@@ -23,3 +23,5 @@ GITHUB_API_URL=https://api.github.com
 GITHUB_ACCESS_SCOPE='[repo]'
 GITHUB_SITE_TITLE=GitHub
 DEVISE_MODULES='[database_authenticatable,recoverable,rememberable,trackable,validatable,omniauthable]'
+GOOGLE_AUTHENTICATION=true
+GOOGLE_SITE_TITLE=Google
@@ -50,6 +50,8 @@ gem &#39;flowdock&#39;
 # ---------------------------------------
 # GitHub OAuth
 gem 'omniauth-github'
+# Google OAuth
+gem 'omniauth-google-oauth2'
  
 gem 'ri_cal'
 gem 'yajl-ruby', platform: 'ruby'
@@ -228,6 +228,11 @@ GEM
     omniauth-github (1.1.2)
       omniauth (~> 1.0)
       omniauth-oauth2 (~> 1.1)
+    omniauth-google-oauth2 (0.4.0)
+      jwt (~> 1.5.0)
+      multi_json (~> 1.3)
+      omniauth (>= 1.1.1)
+      omniauth-oauth2 (>= 1.3.1)
     omniauth-oauth2 (1.3.1)
       oauth2 (~> 1.0)
       omniauth (~> 1.2)
@@ -460,6 +465,7 @@ DEPENDENCIES
   mongoid-rspec (~> 3.0.0)
   mongoid_rails_migrations
   omniauth-github
+  omniauth-google-oauth2
   pjax_rails
   poltergeist
   pry-byebug
@@ -231,6 +231,7 @@ a.action  { float: right; font-size: 0.9em;}
 }
  
 #action-bar span.github a:before { font-family: FontAwesome; content: "\f09b"; margin-right: 8px; position: relative; top: 4px; font-size: 26px; }
+#action-bar span.google a:before { font-family: FontAwesome; content: "\f1a0"; margin-right: 8px; position: relative; top: 4px; font-size: 26px; }
  
 #action-bar span a.issue-tracker-button {
   padding-left: 5px;
@@ -39,6 +39,32 @@ class Users::OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController
     end
   end
  
+  def google_oauth2
+    google_uid = env['omniauth.auth'].uid
+    google_email = env['omniauth.auth'].info.email
+    google_user = User.where(google_uid: google_uid).first
+    google_site_title = Errbit::Config.google_site_title
+    # If user is already signed in, link google details to their account
+    if current_user
+      # ... unless a user is already registered with same google login
+      if google_user && google_user != current_user
+        flash[:error] = "User already registered with #{google_site_title} login '#{google_email}'!"
+      else
+        # Add github details to current user
+        current_user.update(google_uid: google_uid)
+        flash[:success] = "Successfully linked #{google_email} account!"
+      end
+      # User must have clicked 'link account' from their user page, so redirect there.
+      redirect_to user_path(current_user)
+    elsif google_user
+      flash[:success] = I18n.t 'devise.omniauth_callbacks.success', kind: google_site_title
+      sign_in_and_redirect google_user, event: :authentication
+    else
+      flash[:error] = "There are no authorized users with #{google_site_title} login '#{google_email}'. Please ask an administrator to register your user account."
+      redirect_to new_user_session_path
+    end
+  end
+
   private def update_user_with_github_attributes(user, login, token)
     user.update_attributes(
       github_login:       login,
@@ -51,6 +51,11 @@ class UsersController &lt; ApplicationController
     redirect_to user_path(user)
   end
  
+  def unlink_google
+    user.update(google_uid: nil)
+    redirect_to user_path(user)
+  end
+
 protected
  
   def require_user_edit_priviledges
@@ -8,6 +8,7 @@ class User
   field :email
   field :github_login
   field :github_oauth_token
+  field :google_uid
   field :name
   field :admin, type: Boolean, default: false
   field :per_page, type: Fixnum, default: PER_PAGE
@@ -71,6 +72,10 @@ class User
     self[:github_login] = login
   end
  
+  def google_account?
+    google_uid.present?
+  end
+
   def ensure_authentication_token
     if authentication_token.blank?
       self.authentication_token = generate_authentication_token
@@ -5,6 +5,7 @@
   - content_for :action_bar do
     %div.action-bar
       %span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github)
+      %span.google= link_to "Sign in with #{Errbit::Config.google_site_title}", user_omniauth_authorize_path(:google_oauth2)
  
 = form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f|
   .required
@@ -0,0 +1,5 @@
+- if Errbit::Config.google_authentication && user == current_user
+  - if user.google_account?
+    %span.google= link_to "Unlink #{Errbit::Config.google_site_title} account", unlink_google_user_path, method: :delete, data: { confirm: 'Are you sure?' }
+  - else
+    %span.google= link_to "Link #{Errbit::Config.google_site_title} account", user_omniauth_authorize_path(:google_oauth2)
 - content_for :title, "Edit #{user.name}"
 - content_for :action_bar do
   = render 'shared/link_github_account', :user => user
+  = render 'shared/link_google_account'
   = link_to('cancel', user_path(user), :class => 'button')
  
 = form_for user, :html => {:autocomplete => "off"} do |f|
@@ -7,6 +7,7 @@
  
 - content_for :action_bar do
   = render 'shared/link_github_account'
+  = render 'shared/link_google_account'
   = link_to 'edit', edit_user_path(user), :class => 'button'
   = link_to 'destroy', user_path(user), :method => :delete,
     :data => { :confirm => t('users.confirm_delete') }, :class => 'delete button'
@@ -252,6 +252,12 @@ Devise.setup do |config|
       github_options
   end
  
+  if Errbit::Config.google_authentication || Rails.env.test?
+    config.omniauth :google_oauth2,
+      Errbit::Config.google_client_id,
+      Errbit::Config.google_secret
+  end
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.
@@ -39,6 +39,11 @@ Errbit::Config = Configurator.run(
   github_access_scope:       ['GITHUB_ACCESS_SCOPE'],
   github_api_url:            ['GITHUB_API_URL'],
   github_site_title:         ['GITHUB_SITE_TITLE'],
+  # google
+  google_authentication:     ['GOOGLE_AUTHENTICATION'],
+  google_site_title:         ['GOOGLE_SITE_TITLE'],
+  google_client_id:          ['GOOGLE_CLIENT_ID'],
+  google_secret:             ['GOOGLE_SECRET'],
  
   email_delivery_method:     ['EMAIL_DELIVERY_METHOD', lambda do |values|
     values[:email_delivery_method] && values[:email_delivery_method].to_sym
@@ -9,6 +9,7 @@ Rails.application.routes.draw do
   resources :users do
     member do
       delete :unlink_github
+      delete :unlink_google
     end
   end
  
@@ -18,6 +18,14 @@ def mock_auth(user = &quot;test_user&quot;, token = &quot;abcdef&quot;)
       'token' => token
     }
   )
+
+  OmniAuth.config.mock_auth[:google_oauth2] = Hashie::Mash.new(
+    provider: 'google',
+    uid: user,
+    info: {
+      email: 'errbit@errbit.example.com'
+    }
+  )
 end
  
 def log_in(user)
@@ -0,0 +1,23 @@
+require 'acceptance/acceptance_helper'
+
+feature 'Sign in with Google' do
+  background do
+    allow(Errbit::Config).to receive(:google_authentication).and_return(true)
+    Fabricate(:user, google_uid: 'nashby')
+    visit root_path
+  end
+
+  scenario 'log in via Google with recognized user' do
+    mock_auth('nashby')
+
+    click_link 'Sign in with Google'
+    expect(page).to have_content I18n.t('devise.omniauth_callbacks.success', kind: 'Google')
+  end
+
+  scenario 'reject unrecognized user if authenticating via Google' do
+    mock_auth('unknown_user')
+
+    click_link 'Sign in with Google'
+    expect(page).to have_content 'There are no authorized users with Google login'
+  end
+end
...	...	@@ -23,3 +23,5 @@ GITHUB_API_URL=https://api.github.com
23	23	GITHUB_ACCESS_SCOPE='[repo]'
24	24	GITHUB_SITE_TITLE=GitHub
25	25	DEVISE_MODULES='[database_authenticatable,recoverable,rememberable,trackable,validatable,omniauthable]'
	26	+GOOGLE_AUTHENTICATION=true
	27	+GOOGLE_SITE_TITLE=Google
...	...
...	...	@@ -50,6 +50,8 @@ gem 'flowdock'
50	50	# ---------------------------------------
51	51	# GitHub OAuth
52	52	gem 'omniauth-github'
	53	+# Google OAuth
	54	+gem 'omniauth-google-oauth2'
53	55
54	56	gem 'ri_cal'
55	57	gem 'yajl-ruby', platform: 'ruby'
...	...
...	...	@@ -228,6 +228,11 @@ GEM
228	228	omniauth-github (1.1.2)
229	229	omniauth (~> 1.0)
230	230	omniauth-oauth2 (~> 1.1)
	231	+ omniauth-google-oauth2 (0.4.0)
	232	+ jwt (~> 1.5.0)
	233	+ multi_json (~> 1.3)
	234	+ omniauth (>= 1.1.1)
	235	+ omniauth-oauth2 (>= 1.3.1)
231	236	omniauth-oauth2 (1.3.1)
232	237	oauth2 (~> 1.0)
233	238	omniauth (~> 1.2)
...	...	@@ -460,6 +465,7 @@ DEPENDENCIES
460	465	mongoid-rspec (~> 3.0.0)
461	466	mongoid_rails_migrations
462	467	omniauth-github
	468	+ omniauth-google-oauth2
463	469	pjax_rails
464	470	poltergeist
465	471	pry-byebug
...	...
...	...	@@ -231,6 +231,7 @@ a.action { float: right; font-size: 0.9em;}
231	231	}
232	232
233	233	#action-bar span.github a:before { font-family: FontAwesome; content: "\f09b"; margin-right: 8px; position: relative; top: 4px; font-size: 26px; }
	234	+#action-bar span.google a:before { font-family: FontAwesome; content: "\f1a0"; margin-right: 8px; position: relative; top: 4px; font-size: 26px; }
234	235
235	236	#action-bar span a.issue-tracker-button {
236	237	padding-left: 5px;
...	...
...	...	@@ -39,6 +39,32 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
39	39	end
40	40	end
41	41
	42	+ def google_oauth2
	43	+ google_uid = env['omniauth.auth'].uid
	44	+ google_email = env['omniauth.auth'].info.email
	45	+ google_user = User.where(google_uid: google_uid).first
	46	+ google_site_title = Errbit::Config.google_site_title
	47	+ # If user is already signed in, link google details to their account
	48	+ if current_user
	49	+ # ... unless a user is already registered with same google login
	50	+ if google_user && google_user != current_user
	51	+ flash[:error] = "User already registered with #{google_site_title} login '#{google_email}'!"
	52	+ else
	53	+ # Add github details to current user
	54	+ current_user.update(google_uid: google_uid)
	55	+ flash[:success] = "Successfully linked #{google_email} account!"
	56	+ end
	57	+ # User must have clicked 'link account' from their user page, so redirect there.
	58	+ redirect_to user_path(current_user)
	59	+ elsif google_user
	60	+ flash[:success] = I18n.t 'devise.omniauth_callbacks.success', kind: google_site_title
	61	+ sign_in_and_redirect google_user, event: :authentication
	62	+ else
	63	+ flash[:error] = "There are no authorized users with #{google_site_title} login '#{google_email}'. Please ask an administrator to register your user account."
	64	+ redirect_to new_user_session_path
	65	+ end
	66	+ end
	67	+
42	68	private def update_user_with_github_attributes(user, login, token)
43	69	user.update_attributes(
44	70	github_login: login,
...	...
...	...	@@ -51,6 +51,11 @@ class UsersController < ApplicationController
51	51	redirect_to user_path(user)
52	52	end
53	53
	54	+ def unlink_google
	55	+ user.update(google_uid: nil)
	56	+ redirect_to user_path(user)
	57	+ end
	58	+
54	59	protected
55	60
56	61	def require_user_edit_priviledges
...	...
...	...	@@ -8,6 +8,7 @@ class User
8	8	field :email
9	9	field :github_login
10	10	field :github_oauth_token
	11	+ field :google_uid
11	12	field :name
12	13	field :admin, type: Boolean, default: false
13	14	field :per_page, type: Fixnum, default: PER_PAGE
...	...	@@ -71,6 +72,10 @@ class User
71	72	self[:github_login] = login
72	73	end
73	74
	75	+ def google_account?
	76	+ google_uid.present?
	77	+ end
	78	+
74	79	def ensure_authentication_token
75	80	if authentication_token.blank?
76	81	self.authentication_token = generate_authentication_token
...	...
...	...	@@ -5,6 +5,7 @@
5	5	- content_for :action_bar do
6	6	%div.action-bar
7	7	%span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github)
	8	+ %span.google= link_to "Sign in with #{Errbit::Config.google_site_title}", user_omniauth_authorize_path(:google_oauth2)
8	9
9	10	= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do \|f\|
10	11	.required
...	...
...	...	@@ -0,0 +1,5 @@
	1	+- if Errbit::Config.google_authentication && user == current_user
	2	+ - if user.google_account?
	3	+ %span.google= link_to "Unlink #{Errbit::Config.google_site_title} account", unlink_google_user_path, method: :delete, data: { confirm: 'Are you sure?' }
	4	+ - else
	5	+ %span.google= link_to "Link #{Errbit::Config.google_site_title} account", user_omniauth_authorize_path(:google_oauth2)
...	...
1	1	- content_for :title, "Edit #{user.name}"
2	2	- content_for :action_bar do
3	3	= render 'shared/link_github_account', :user => user
	4	+ = render 'shared/link_google_account'
4	5	= link_to('cancel', user_path(user), :class => 'button')
5	6
6	7	= form_for user, :html => {:autocomplete => "off"} do \|f\|
...	...