Merge pull request #1078 from 8398a7/add_omniauth_for_google

Add omniauth by google

Merge pull request #1078 from 8398a7/add_omniauth_for_google
Add omniauth by google
Stephen Crosby
2 parents 6ef69937 4a7c9f73
Showing 18 changed files with 128 additions and 0 deletions Show diff stats
.env.default
Gemfile
Gemfile.lock
README.md
app/assets/stylesheets/errbit.css.erb
app/controllers/users/omniauth_callbacks_controller.rb
app/controllers/users_controller.rb
app/models/user.rb
app/views/devise/sessions/new.html.haml
app/views/shared/_link_google_account.html.haml
app/views/users/edit.html.haml
app/views/users/show.html.haml
config/initializers/devise.rb
config/load.rb
config/routes.rb
docs/configuration.md
spec/acceptance/acceptance_helper.rb
spec/acceptance/sign_in_with_google_spec.rb
@@ -23,3 +23,5 @@ GITHUB_API_URL=https://api.github.com
 GITHUB_ACCESS_SCOPE='[repo]'
 GITHUB_SITE_TITLE=GitHub
 DEVISE_MODULES='[database_authenticatable,recoverable,rememberable,trackable,validatable,omniauthable]'
+GOOGLE_AUTHENTICATION=true
+GOOGLE_SITE_TITLE=Google
@@ -50,6 +50,8 @@ gem &#39;flowdock&#39;
 # ---------------------------------------
 # GitHub OAuth
 gem 'omniauth-github'
+# Google OAuth
+gem 'omniauth-google-oauth2'
 gem 'ri_cal'
 gem 'yajl-ruby', platform: 'ruby'
@@ -228,6 +228,11 @@ GEM
     omniauth-github (1.1.2)
       omniauth (~> 1.0)
       omniauth-oauth2 (~> 1.1)
+    omniauth-google-oauth2 (0.4.0)
+      jwt (~> 1.5.0)
+      multi_json (~> 1.3)
+      omniauth (>= 1.1.1)
+      omniauth-oauth2 (>= 1.3.1)
     omniauth-oauth2 (1.3.1)
       oauth2 (~> 1.0)
       omniauth (~> 1.2)
@@ -460,6 +465,7 @@ DEPENDENCIES
   mongoid-rspec (~> 3.0.0)
   mongoid_rails_migrations
   omniauth-github
+  omniauth-google-oauth2
   pjax_rails
   poltergeist
   pry-byebug
@@ -149,6 +149,26 @@ few others that could make sense for your needs:
   organization can log in to Errbit through GitHub. Errbit will provision
   accounts for new users.
+### Configuring Google authentication:
+* Set GOOGLE_AUTHENTICATION=true
+* Register your instance of Errbit at https://console.developers.google.com/apis/api/plus/overview
+
+If you host Errbit at errbit.example.com, you would fill in:
+
+<dl>
+<dt>URL
+<dd>http://errbit.example.com
+<dt>Callback URL
+<dd>http://errbit.example.com/users/auth/github
+</dl>
+
+* After you have registered your app, set GOOGLE_CLIENT_ID and GOOGLE_SECRET
+  with your app's Client ID and Secret key.
+
+When you start your application, you should see the option to **Sign in with
+Google** on the Login page. You will also be able to link your Google profile
+to your user account on your **Edit profile** page.
+
 ### Configuring LDAP authentication:
 * Set USER_HAS_USERNAME=true
@@ -231,6 +231,7 @@ a.action  { float: right; font-size: 0.9em;}
 }
 #action-bar span.github a:before { font-family: FontAwesome; content: "\f09b"; margin-right: 8px; position: relative; top: 4px; font-size: 26px; }
+#action-bar span.google a:before { font-family: FontAwesome; content: "\f1a0"; margin-right: 8px; position: relative; top: 4px; font-size: 26px; }
 #action-bar span a.issue-tracker-button {
   padding-left: 5px;
@@ -39,6 +39,32 @@ class Users::OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController
     end
   end
+  def google_oauth2
+    google_uid = env['omniauth.auth'].uid
+    google_email = env['omniauth.auth'].info.email
+    google_user = User.where(google_uid: google_uid).first
+    google_site_title = Errbit::Config.google_site_title
+    # If user is already signed in, link google details to their account
+    if current_user
+      # ... unless a user is already registered with same google login
+      if google_user && google_user != current_user
+        flash[:error] = "User already registered with #{google_site_title} login '#{google_email}'!"
+      else
+        # Add github details to current user
+        current_user.update(google_uid: google_uid)
+        flash[:success] = "Successfully linked #{google_email} account!"
+      end
+      # User must have clicked 'link account' from their user page, so redirect there.
+      redirect_to user_path(current_user)
+    elsif google_user
+      flash[:success] = I18n.t 'devise.omniauth_callbacks.success', kind: google_site_title
+      sign_in_and_redirect google_user, event: :authentication
+    else
+      flash[:error] = "There are no authorized users with #{google_site_title} login '#{google_email}'. Please ask an administrator to register your user account."
+      redirect_to new_user_session_path
+    end
+  end
+
   private def update_user_with_github_attributes(user, login, token)
     user.update_attributes(
       github_login:       login,
@@ -51,6 +51,11 @@ class UsersController &lt; ApplicationController
     redirect_to user_path(user)
   end
+  def unlink_google
+    user.update(google_uid: nil)
+    redirect_to user_path(user)
+  end
+
 protected
   def require_user_edit_priviledges
@@ -8,6 +8,7 @@ class User
   field :email
   field :github_login
   field :github_oauth_token
+  field :google_uid
   field :name
   field :admin, type: Boolean, default: false
   field :per_page, type: Fixnum, default: PER_PAGE
@@ -71,6 +72,10 @@ class User
     self[:github_login] = login
   end
+  def google_account?
+    google_uid.present?
+  end
+
   def ensure_authentication_token
     if authentication_token.blank?
       self.authentication_token = generate_authentication_token
@@ -5,6 +5,7 @@
   - content_for :action_bar do
     %div.action-bar
       %span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github)
+      %span.google= link_to "Sign in with #{Errbit::Config.google_site_title}", user_omniauth_authorize_path(:google_oauth2)
 = form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f|
   .required
@@ -0,0 +1,5 @@
+- if Errbit::Config.google_authentication && user == current_user
+  - if user.google_account?
+    %span.google= link_to "Unlink #{Errbit::Config.google_site_title} account", unlink_google_user_path, method: :delete, data: { confirm: 'Are you sure?' }
+  - else
+    %span.google= link_to "Link #{Errbit::Config.google_site_title} account", user_omniauth_authorize_path(:google_oauth2)
 - content_for :title, "Edit #{user.name}"
 - content_for :action_bar do
   = render 'shared/link_github_account', :user => user
+  = render 'shared/link_google_account'
   = link_to('cancel', user_path(user), :class => 'button')
 = form_for user, :html => {:autocomplete => "off"} do |f|
@@ -7,6 +7,7 @@
 - content_for :action_bar do
   = render 'shared/link_github_account'
+  = render 'shared/link_google_account'
   = link_to 'edit', edit_user_path(user), :class => 'button'
   = link_to 'destroy', user_path(user), :method => :delete,
     :data => { :confirm => t('users.confirm_delete') }, :class => 'delete button'
@@ -252,6 +252,12 @@ Devise.setup do |config|
       github_options
   end
+  if Errbit::Config.google_authentication || Rails.env.test?
+    config.omniauth :google_oauth2,
+      Errbit::Config.google_client_id,
+      Errbit::Config.google_secret
+  end
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.
@@ -39,6 +39,11 @@ Errbit::Config = Configurator.run(
   github_access_scope:       ['GITHUB_ACCESS_SCOPE'],
   github_api_url:            ['GITHUB_API_URL'],
   github_site_title:         ['GITHUB_SITE_TITLE'],
+  # google
+  google_authentication:     ['GOOGLE_AUTHENTICATION'],
+  google_site_title:         ['GOOGLE_SITE_TITLE'],
+  google_client_id:          ['GOOGLE_CLIENT_ID'],
+  google_secret:             ['GOOGLE_SECRET'],
   email_delivery_method:     ['EMAIL_DELIVERY_METHOD', lambda do |values|
     values[:email_delivery_method] && values[:email_delivery_method].to_sym
@@ -9,6 +9,7 @@ Rails.application.routes.draw do
   resources :users do
     member do
       delete :unlink_github
+      delete :unlink_google
     end
   end
@@ -79,6 +79,16 @@ In order of precedence Errbit uses:
 <dt>GITHUB_SITE_TITLE</dt>
 <dd>The title to use for GitHub. This value is whatever you want displayed in the Errbit UI when referring to GitHub.</dd>
 <dd>defaults to GitHub</dd>
+<dt>GOOGLE_AUTHENTICATION
+<dd>Allow google sign-in via OAuth
+<dd>defaults to true
+<dt>GOOGLE_CLIENT_ID
+<dd>Client id of your google application
+<dt>GOOGLE_SECRET
+<dd>Secret key for your google application
+<dt>GOOGLE_SITE_TITLE</dt>
+<dd>The title to use for Google. This value is whatever you want displayed in the Errbit UI when referring to Google.</dd>
+<dd>defaults to Google</dd>
 <dt>EMAIL_DELIVERY_METHOD
 <dd>:smtp or :sendmail, depending on how you want Errbit to send email
 <dt>SMTP_SERVER
@@ -18,6 +18,14 @@ def mock_auth(user = &quot;test_user&quot;, token = &quot;abcdef&quot;)
       'token' => token
     }
   )
+
+  OmniAuth.config.mock_auth[:google_oauth2] = Hashie::Mash.new(
+    provider: 'google',
+    uid: user,
+    info: {
+      email: 'errbit@errbit.example.com'
+    }
+  )
 end
 def log_in(user)
@@ -0,0 +1,23 @@
+require 'acceptance/acceptance_helper'
+
+feature 'Sign in with Google' do
+  background do
+    allow(Errbit::Config).to receive(:google_authentication).and_return(true)
+    Fabricate(:user, google_uid: 'nashby')
+    visit root_path
+  end
+
+  scenario 'log in via Google with recognized user' do
+    mock_auth('nashby')
+
+    click_link 'Sign in with Google'
+    expect(page).to have_content I18n.t('devise.omniauth_callbacks.success', kind: 'Google')
+  end
+
+  scenario 'reject unrecognized user if authenticating via Google' do
+    mock_auth('unknown_user')
+
+    click_link 'Sign in with Google'
+    expect(page).to have_content 'There are no authorized users with Google login'
+  end
+end
	@@ -23,3 +23,5 @@ GITHUB_API_URL=https://api.github.com		@@ -23,3 +23,5 @@ GITHUB_API_URL=https://api.github.com
23	GITHUB_ACCESS_SCOPE='[repo]'	23	GITHUB_ACCESS_SCOPE='[repo]'
24	GITHUB_SITE_TITLE=GitHub	24	GITHUB_SITE_TITLE=GitHub
25	DEVISE_MODULES='[database_authenticatable,recoverable,rememberable,trackable,validatable,omniauthable]'	25	DEVISE_MODULES='[database_authenticatable,recoverable,rememberable,trackable,validatable,omniauthable]'
		26	+GOOGLE_AUTHENTICATION=true
		27	+GOOGLE_SITE_TITLE=Google
	@@ -228,6 +228,11 @@ GEM		@@ -228,6 +228,11 @@ GEM
228	omniauth-github (1.1.2)	228	omniauth-github (1.1.2)
229	omniauth (~> 1.0)	229	omniauth (~> 1.0)
230	omniauth-oauth2 (~> 1.1)	230	omniauth-oauth2 (~> 1.1)
		231	+ omniauth-google-oauth2 (0.4.0)
		232	+ jwt (~> 1.5.0)
		233	+ multi_json (~> 1.3)
		234	+ omniauth (>= 1.1.1)
		235	+ omniauth-oauth2 (>= 1.3.1)
231	omniauth-oauth2 (1.3.1)	236	omniauth-oauth2 (1.3.1)
232	oauth2 (~> 1.0)	237	oauth2 (~> 1.0)
233	omniauth (~> 1.2)	238	omniauth (~> 1.2)
	@@ -460,6 +465,7 @@ DEPENDENCIES		@@ -460,6 +465,7 @@ DEPENDENCIES
460	mongoid-rspec (~> 3.0.0)	465	mongoid-rspec (~> 3.0.0)
461	mongoid_rails_migrations	466	mongoid_rails_migrations
462	omniauth-github	467	omniauth-github
		468	+ omniauth-google-oauth2
463	pjax_rails	469	pjax_rails
464	poltergeist	470	poltergeist
465	pry-byebug	471	pry-byebug
	@@ -149,6 +149,26 @@ few others that could make sense for your needs:		@@ -149,6 +149,26 @@ few others that could make sense for your needs:
149	organization can log in to Errbit through GitHub. Errbit will provision	149	organization can log in to Errbit through GitHub. Errbit will provision
150	accounts for new users.	150	accounts for new users.
151		151
		152	+### Configuring Google authentication:
		153	+* Set GOOGLE_AUTHENTICATION=true
		154	+* Register your instance of Errbit at https://console.developers.google.com/apis/api/plus/overview
		155	+
		156	+If you host Errbit at errbit.example.com, you would fill in:
		157	+
		158	+<dl>
		159	+<dt>URL
		160	+<dd>http://errbit.example.com
		161	+<dt>Callback URL
		162	+<dd>http://errbit.example.com/users/auth/github
		163	+</dl>
		164	+
		165	+* After you have registered your app, set GOOGLE_CLIENT_ID and GOOGLE_SECRET
		166	+ with your app's Client ID and Secret key.
		167	+
		168	+When you start your application, you should see the option to **Sign in with
		169	+Google** on the Login page. You will also be able to link your Google profile
		170	+to your user account on your Edit profile page.
		171	+
152	### Configuring LDAP authentication:	172	### Configuring LDAP authentication:
153		173
154	* Set USER_HAS_USERNAME=true	174	* Set USER_HAS_USERNAME=true
	@@ -231,6 +231,7 @@ a.action { float: right; font-size: 0.9em;}		@@ -231,6 +231,7 @@ a.action { float: right; font-size: 0.9em;}
231	}	231	}
232		232
233	#action-bar span.github a:before { font-family: FontAwesome; content: "\f09b"; margin-right: 8px; position: relative; top: 4px; font-size: 26px; }	233	#action-bar span.github a:before { font-family: FontAwesome; content: "\f09b"; margin-right: 8px; position: relative; top: 4px; font-size: 26px; }
		234	+#action-bar span.google a:before { font-family: FontAwesome; content: "\f1a0"; margin-right: 8px; position: relative; top: 4px; font-size: 26px; }
234		235
235	#action-bar span a.issue-tracker-button {	236	#action-bar span a.issue-tracker-button {
236	padding-left: 5px;	237	padding-left: 5px;
	@@ -39,6 +39,32 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController		@@ -39,6 +39,32 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
39	end	39	end
40	end	40	end
41		41
		42	+ def google_oauth2
		43	+ google_uid = env['omniauth.auth'].uid
		44	+ google_email = env['omniauth.auth'].info.email
		45	+ google_user = User.where(google_uid: google_uid).first
		46	+ google_site_title = Errbit::Config.google_site_title
		47	+ # If user is already signed in, link google details to their account
		48	+ if current_user
		49	+ # ... unless a user is already registered with same google login
		50	+ if google_user && google_user != current_user
		51	+ flash[:error] = "User already registered with #{google_site_title} login '#{google_email}'!"
		52	+ else
		53	+ # Add github details to current user
		54	+ current_user.update(google_uid: google_uid)
		55	+ flash[:success] = "Successfully linked #{google_email} account!"
		56	+ end
		57	+ # User must have clicked 'link account' from their user page, so redirect there.
		58	+ redirect_to user_path(current_user)
		59	+ elsif google_user
		60	+ flash[:success] = I18n.t 'devise.omniauth_callbacks.success', kind: google_site_title
		61	+ sign_in_and_redirect google_user, event: :authentication
		62	+ else
		63	+ flash[:error] = "There are no authorized users with #{google_site_title} login '#{google_email}'. Please ask an administrator to register your user account."
		64	+ redirect_to new_user_session_path
		65	+ end
		66	+ end
		67	+
42	private def update_user_with_github_attributes(user, login, token)	68	private def update_user_with_github_attributes(user, login, token)
43	user.update_attributes(	69	user.update_attributes(
44	github_login: login,	70	github_login: login,
	@@ -5,6 +5,7 @@		@@ -5,6 +5,7 @@
5	- content_for :action_bar do	5	- content_for :action_bar do
6	%div.action-bar	6	%div.action-bar
7	%span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github)	7	%span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github)
		8	+ %span.google= link_to "Sign in with #{Errbit::Config.google_site_title}", user_omniauth_authorize_path(:google_oauth2)
8		9
9	= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do \|f\|	10	= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do \|f\|
10	.required	11	.required
@@ -0,0 +1,5 @@		@@ -0,0 +1,5 @@
	1	+- if Errbit::Config.google_authentication && user == current_user
	2	+ - if user.google_account?
	3	+ %span.google= link_to "Unlink #{Errbit::Config.google_site_title} account", unlink_google_user_path, method: :delete, data: { confirm: 'Are you sure?' }
	4	+ - else
	5	+ %span.google= link_to "Link #{Errbit::Config.google_site_title} account", user_omniauth_authorize_path(:google_oauth2)
1	- content_for :title, "Edit #{user.name}"	1	- content_for :title, "Edit #{user.name}"
2	- content_for :action_bar do	2	- content_for :action_bar do
3	= render 'shared/link_github_account', :user => user	3	= render 'shared/link_github_account', :user => user
		4	+ = render 'shared/link_google_account'
4	= link_to('cancel', user_path(user), :class => 'button')	5	= link_to('cancel', user_path(user), :class => 'button')
5		6
6	= form_for user, :html => {:autocomplete => "off"} do \|f\|	7	= form_for user, :html => {:autocomplete => "off"} do \|f\|
	@@ -7,6 +7,7 @@		@@ -7,6 +7,7 @@
7		7
8	- content_for :action_bar do	8	- content_for :action_bar do
9	= render 'shared/link_github_account'	9	= render 'shared/link_github_account'
		10	+ = render 'shared/link_google_account'
10	= link_to 'edit', edit_user_path(user), :class => 'button'	11	= link_to 'edit', edit_user_path(user), :class => 'button'
11	= link_to 'destroy', user_path(user), :method => :delete,	12	= link_to 'destroy', user_path(user), :method => :delete,
12	:data => { :confirm => t('users.confirm_delete') }, :class => 'delete button'	13	:data => { :confirm => t('users.confirm_delete') }, :class => 'delete button'
	@@ -252,6 +252,12 @@ Devise.setup do \|config\|		@@ -252,6 +252,12 @@ Devise.setup do \|config\|
252	github_options	252	github_options
253	end	253	end
254		254
		255	+ if Errbit::Config.google_authentication \|\| Rails.env.test?
		256	+ config.omniauth :google_oauth2,
		257	+ Errbit::Config.google_client_id,
		258	+ Errbit::Config.google_secret
		259	+ end
		260	+
255	# ==> Warden configuration	261	# ==> Warden configuration
256	# If you want to use other strategies, that are not supported by Devise, or	262	# If you want to use other strategies, that are not supported by Devise, or
257	# change the failure app, you can configure them inside the config.warden block.	263	# change the failure app, you can configure them inside the config.warden block.