Merge pull request #958 from appropriate/github-enterprise-login

GitHub enterprise login

Merge pull request #958 from appropriate/github-enterprise-login
GitHub enterprise login
Stephen Crosby
2 parents a93c24f6 1ac7afa9
Showing 9 changed files with 71 additions and 12 deletions Show diff stats
.env.default
app/controllers/users/omniauth_callbacks_controller.rb
app/views/devise/sessions/new.html.haml
app/views/shared/_link_github_account.html.haml
app/views/users/show.html.haml
config/initializers/devise.rb
config/load.rb
docs/configuration.md
spec/initializers/devise_spec.rb
@@ -17,7 +17,9 @@ ERRBIT_PER_APP_NOTIFY_AT_NOTICES=false
 MONGO_URL='mongodb://localhost'
 ERRBIT_LOG_LEVEL=info
 ERRBIT_LOG_LOCATION=STDOUT
-GITHUB_URL='https://github.com'
+GITHUB_URL=https://github.com
 GITHUB_AUTHENTICATION=true
+GITHUB_API_URL=https://api.github.com
 GITHUB_ACCESS_SCOPE='[repo]'
+GITHUB_SITE_TITLE=GitHub
 DEVISE_MODULES='[database_authenticatable,recoverable,rememberable,trackable,validatable,omniauthable]'
@@ -3,11 +3,13 @@ class Users::OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController
     github_login = env["omniauth.auth"].extra.raw_info.login
     github_token = env["omniauth.auth"].credentials.token
     github_user  = User.where(:github_login => github_login).first
+    github_site_title = Errbit::Config.github_site_title
  
     if github_user.nil? && github_org_id = Errbit::Config.github_org_id
       # See if they are a member of the organization that we have access for
       # If they are, automatically create an account
       client = Octokit::Client.new(access_token: github_token)
+      client.api_endpoint = Errbit::Config.github_api_url
       org_ids = client.organizations.map { |org| org.id }
       if org_ids.include?(github_org_id)
         github_user = User.create(name: env["omniauth.auth"].extra.raw_info.name, email: env["omniauth.auth"].extra.raw_info.email)
@@ -18,21 +20,21 @@ class Users::OmniauthCallbacksController &lt; Devise::OmniauthCallbacksController
     if current_user
       # ... unless a user is already registered with same github login
       if github_user && github_user != current_user
-        flash[:error] = "User already registered with GitHub login '#{github_login}'!"
+        flash[:error] = "User already registered with #{github_site_title} login '#{github_login}'!"
       else
         # Add github details to current user
         update_user_with_github_attributes(current_user, github_login, github_token)
-        flash[:success] = "Successfully linked GitHub account!"
+        flash[:success] = "Successfully linked #{github_site_title} account!"
       end
       # User must have clicked 'link account' from their user page, so redirect there.
       redirect_to user_path(current_user)
     elsif github_user
       # Store OAuth token
       update_user_with_github_attributes(github_user, github_login, github_token)
-      flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => "GitHub"
+      flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => github_site_title
       sign_in_and_redirect github_user, :event => :authentication
     else
-      flash[:error] = "There are no authorized users with GitHub login '#{github_login}'. Please ask an administrator to register your user account."
+      flash[:error] = "There are no authorized users with #{github_site_title} login '#{github_login}'. Please ask an administrator to register your user account."
       redirect_to new_user_session_path
     end
   end
@@ -4,7 +4,7 @@
 - if Errbit::Config.github_authentication
   - content_for :action_bar do
     %div.action-bar
-      %span.github= link_to "Sign in with GitHub", user_omniauth_authorize_path(:github)
+      %span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github)
  
 = form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f|
   .required
 - if Errbit::Config.github_authentication && user == current_user
   - if user.github_account?
-    %span.github= link_to "Unlink GitHub account", unlink_github_user_path(user), :method => :delete, :data => { :confirm => "Are you sure?" }
+    %span.github= link_to "Unlink #{Errbit::Config.github_site_title} account", unlink_github_user_path(user), :method => :delete, :data => { :confirm => "Are you sure?" }
   - else
-    %span.github= link_to "Link GitHub account", user_omniauth_authorize_path(:github)
+    %span.github= link_to "Link #{Errbit::Config.github_site_title} account", user_omniauth_authorize_path(:github)
@@ -21,8 +21,8 @@
       %td.main= user.username
   - if Errbit::Config.github_authentication && user.github_login.present?
     %tr
-      %th GitHub Login
-      %td.main= link_to user.github_login, "https://github.com/#{user.github_login}"
+      %th= "#{Errbit::Config.github_site_title} Login"
+      %td.main= link_to user.github_login, "#{Errbit::Config.github_url}/#{user.github_login}"
   %tr
     %th Admin?
     %td= user.admin? ? 'Y' : 'N'
@@ -236,11 +236,20 @@ Devise.setup do |config|
   # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
  
   if Errbit::Config.github_authentication || Rails.env.test?
+    github_options = {
+      :scope => Errbit::Config.github_access_scope.join(','),
+      :skip_info => true,
+      :client_options => {
+        :site => Errbit::Config.github_api_url,
+        :authorize_url => "#{Errbit::Config.github_url}/login/oauth/authorize",
+        :token_url => "#{Errbit::Config.github_url}/login/oauth/access_token"
+      }
+    }
+
     config.omniauth :github,
       Errbit::Config.github_client_id,
       Errbit::Config.github_secret,
-      :scope => Errbit::Config.github_access_scope.join(','),
-      :skip_info => true
+      github_options
   end
  
   # ==> Warden configuration
@@ -37,6 +37,8 @@ Errbit::Config = Configurator.run({
   github_secret:             ['GITHUB_SECRET'],
   github_org_id:             ['GITHUB_ORG_ID'],
   github_access_scope:       ['GITHUB_ACCESS_SCOPE'],
+  github_api_url:            ['GITHUB_API_URL'],
+  github_site_title:         ['GITHUB_SITE_TITLE'],
  
   email_delivery_method:     ['EMAIL_DELIVERY_METHOD', -> (values) {
     values[:email_delivery_method] && values[:email_delivery_method].to_sym
@@ -61,6 +61,9 @@ In order of precedence Errbit uses:
 <dt>GITHUB_URL
 <dd>Use this URL for interacting github. This is useful if you have a github enterprise account and you're using a URL other than https://github.com
 <dd>defaults to https://github.com
+<dt>GITHUB_API_URL</dt>
+<dd>For github enterprise accounts, the API URL could be something like https://github.example.com/api/v3</dd>
+<dd>defaults to https://api.github.com</dd>
 <dt>GITHUB_AUTHENTICATION
 <dd>Allow github sign-in via OAuth
 <dd>defaults to true
@@ -73,6 +76,9 @@ In order of precedence Errbit uses:
 <dt>GITHUB_ACCESS_SCOPE
 <dd>OAuth scope to request from users when they sign-in through github
 <dd>defaults to [repo]
+<dt>GITHUB_SITE_TITLE</dt>
+<dd>The title to use for GitHub. This value is whatever you want displayed in the Errbit UI when referring to GitHub.</dd>
+<dd>defaults to GitHub</dd>
 <dt>EMAIL_DELIVERY_METHOD
 <dd>:smtp or :sendmail, depending on how you want Errbit to send email
 <dt>SMTP_SERVER
@@ -0,0 +1,38 @@
+describe 'initializers/devise' do
+  def load_initializer
+    load File.join(Rails.root, 'config', 'initializers', 'devise.rb')
+  end
+
+  after do
+    # reset to the defaults
+    load_initializer
+  end
+
+  describe 'omniauth github' do
+    it 'sets the client options correctly for the default github_url' do
+      load_initializer
+
+      options = Devise.omniauth_configs[:github].options
+      expect(options).to have_key(:client_options)
+      expect(options[:client_options]).to eq({
+        site: 'https://api.github.com',
+        authorize_url: 'https://github.com/login/oauth/authorize',
+        token_url: 'https://github.com/login/oauth/access_token',
+      })
+    end
+
+    it 'sets the client options correctly for the a GitHub Enterprise github_url' do
+      allow(Errbit::Config).to receive(:github_url).and_return('https://github.example.com')
+      allow(Errbit::Config).to receive(:github_api_url).and_return('https://github.example.com/api/v3')
+      load_initializer
+
+      options = Devise.omniauth_configs[:github].options
+      expect(options).to have_key(:client_options)
+      expect(options[:client_options]).to eq({
+        site: 'https://github.example.com/api/v3',
+        authorize_url: 'https://github.example.com/login/oauth/authorize',
+        token_url: 'https://github.example.com/login/oauth/access_token',
+      })
+    end
+  end
+end
...	...	@@ -17,7 +17,9 @@ ERRBIT_PER_APP_NOTIFY_AT_NOTICES=false
17	17	MONGO_URL='mongodb://localhost'
18	18	ERRBIT_LOG_LEVEL=info
19	19	ERRBIT_LOG_LOCATION=STDOUT
20		-GITHUB_URL='https://github.com'
	20	+GITHUB_URL=https://github.com
21	21	GITHUB_AUTHENTICATION=true
	22	+GITHUB_API_URL=https://api.github.com
22	23	GITHUB_ACCESS_SCOPE='[repo]'
	24	+GITHUB_SITE_TITLE=GitHub
23	25	DEVISE_MODULES='[database_authenticatable,recoverable,rememberable,trackable,validatable,omniauthable]'
...	...
...	...	@@ -3,11 +3,13 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
3	3	github_login = env["omniauth.auth"].extra.raw_info.login
4	4	github_token = env["omniauth.auth"].credentials.token
5	5	github_user = User.where(:github_login => github_login).first
	6	+ github_site_title = Errbit::Config.github_site_title
6	7
7	8	if github_user.nil? && github_org_id = Errbit::Config.github_org_id
8	9	# See if they are a member of the organization that we have access for
9	10	# If they are, automatically create an account
10	11	client = Octokit::Client.new(access_token: github_token)
	12	+ client.api_endpoint = Errbit::Config.github_api_url
11	13	org_ids = client.organizations.map { \|org\| org.id }
12	14	if org_ids.include?(github_org_id)
13	15	github_user = User.create(name: env["omniauth.auth"].extra.raw_info.name, email: env["omniauth.auth"].extra.raw_info.email)
...	...	@@ -18,21 +20,21 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
18	20	if current_user
19	21	# ... unless a user is already registered with same github login
20	22	if github_user && github_user != current_user
21		- flash[:error] = "User already registered with GitHub login '#{github_login}'!"
	23	+ flash[:error] = "User already registered with #{github_site_title} login '#{github_login}'!"
22	24	else
23	25	# Add github details to current user
24	26	update_user_with_github_attributes(current_user, github_login, github_token)
25		- flash[:success] = "Successfully linked GitHub account!"
	27	+ flash[:success] = "Successfully linked #{github_site_title} account!"
26	28	end
27	29	# User must have clicked 'link account' from their user page, so redirect there.
28	30	redirect_to user_path(current_user)
29	31	elsif github_user
30	32	# Store OAuth token
31	33	update_user_with_github_attributes(github_user, github_login, github_token)
32		- flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => "GitHub"
	34	+ flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => github_site_title
33	35	sign_in_and_redirect github_user, :event => :authentication
34	36	else
35		- flash[:error] = "There are no authorized users with GitHub login '#{github_login}'. Please ask an administrator to register your user account."
	37	+ flash[:error] = "There are no authorized users with #{github_site_title} login '#{github_login}'. Please ask an administrator to register your user account."
36	38	redirect_to new_user_session_path
37	39	end
38	40	end
...	...
...	...	@@ -4,7 +4,7 @@
4	4	- if Errbit::Config.github_authentication
5	5	- content_for :action_bar do
6	6	%div.action-bar
7		- %span.github= link_to "Sign in with GitHub", user_omniauth_authorize_path(:github)
	7	+ %span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github)
8	8
9	9	= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do \|f\|
10	10	.required
...	...
1	1	- if Errbit::Config.github_authentication && user == current_user
2	2	- if user.github_account?
3		- %span.github= link_to "Unlink GitHub account", unlink_github_user_path(user), :method => :delete, :data => { :confirm => "Are you sure?" }
	3	+ %span.github= link_to "Unlink #{Errbit::Config.github_site_title} account", unlink_github_user_path(user), :method => :delete, :data => { :confirm => "Are you sure?" }
4	4	- else
5		- %span.github= link_to "Link GitHub account", user_omniauth_authorize_path(:github)
	5	+ %span.github= link_to "Link #{Errbit::Config.github_site_title} account", user_omniauth_authorize_path(:github)
...	...
...	...	@@ -21,8 +21,8 @@
21	21	%td.main= user.username
22	22	- if Errbit::Config.github_authentication && user.github_login.present?
23	23	%tr
24		- %th GitHub Login
25		- %td.main= link_to user.github_login, "https://github.com/#{user.github_login}"
	24	+ %th= "#{Errbit::Config.github_site_title} Login"
	25	+ %td.main= link_to user.github_login, "#{Errbit::Config.github_url}/#{user.github_login}"
26	26	%tr
27	27	%th Admin?
28	28	%td= user.admin? ? 'Y' : 'N'
...	...
...	...	@@ -236,11 +236,20 @@ Devise.setup do \|config\|
236	236	# config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
237	237
238	238	if Errbit::Config.github_authentication \|\| Rails.env.test?
	239	+ github_options = {
	240	+ :scope => Errbit::Config.github_access_scope.join(','),
	241	+ :skip_info => true,
	242	+ :client_options => {
	243	+ :site => Errbit::Config.github_api_url,
	244	+ :authorize_url => "#{Errbit::Config.github_url}/login/oauth/authorize",
	245	+ :token_url => "#{Errbit::Config.github_url}/login/oauth/access_token"
	246	+ }
	247	+ }
	248	+
239	249	config.omniauth :github,
240	250	Errbit::Config.github_client_id,
241	251	Errbit::Config.github_secret,
242		- :scope => Errbit::Config.github_access_scope.join(','),
243		- :skip_info => true
	252	+ github_options
244	253	end
245	254
246	255	# ==> Warden configuration
...	...
...	...	@@ -37,6 +37,8 @@ Errbit::Config = Configurator.run({
37	37	github_secret: ['GITHUB_SECRET'],
38	38	github_org_id: ['GITHUB_ORG_ID'],
39	39	github_access_scope: ['GITHUB_ACCESS_SCOPE'],
	40	+ github_api_url: ['GITHUB_API_URL'],
	41	+ github_site_title: ['GITHUB_SITE_TITLE'],
40	42
41	43	email_delivery_method: ['EMAIL_DELIVERY_METHOD', -> (values) {
42	44	values[:email_delivery_method] && values[:email_delivery_method].to_sym
...	...
...	...	@@ -61,6 +61,9 @@ In order of precedence Errbit uses:
61	61	<dt>GITHUB_URL
62	62	<dd>Use this URL for interacting github. This is useful if you have a github enterprise account and you're using a URL other than https://github.com
63	63	<dd>defaults to https://github.com
	64	+<dt>GITHUB_API_URL</dt>
	65	+<dd>For github enterprise accounts, the API URL could be something like https://github.example.com/api/v3</dd>
	66	+<dd>defaults to https://api.github.com</dd>
64	67	<dt>GITHUB_AUTHENTICATION
65	68	<dd>Allow github sign-in via OAuth
66	69	<dd>defaults to true
...	...	@@ -73,6 +76,9 @@ In order of precedence Errbit uses:
73	76	<dt>GITHUB_ACCESS_SCOPE
74	77	<dd>OAuth scope to request from users when they sign-in through github
75	78	<dd>defaults to [repo]
	79	+<dt>GITHUB_SITE_TITLE</dt>
	80	+<dd>The title to use for GitHub. This value is whatever you want displayed in the Errbit UI when referring to GitHub.</dd>
	81	+<dd>defaults to GitHub</dd>
76	82	<dt>EMAIL_DELIVERY_METHOD
77	83	<dd>:smtp or :sendmail, depending on how you want Errbit to send email
78	84	<dt>SMTP_SERVER
...	...
...	...	@@ -0,0 +1,38 @@
	1	+describe 'initializers/devise' do
	2	+ def load_initializer
	3	+ load File.join(Rails.root, 'config', 'initializers', 'devise.rb')
	4	+ end
	5	+
	6	+ after do
	7	+ # reset to the defaults
	8	+ load_initializer
	9	+ end
	10	+
	11	+ describe 'omniauth github' do
	12	+ it 'sets the client options correctly for the default github_url' do
	13	+ load_initializer
	14	+
	15	+ options = Devise.omniauth_configs[:github].options
	16	+ expect(options).to have_key(:client_options)
	17	+ expect(options[:client_options]).to eq({
	18	+ site: 'https://api.github.com',
	19	+ authorize_url: 'https://github.com/login/oauth/authorize',
	20	+ token_url: 'https://github.com/login/oauth/access_token',
	21	+ })
	22	+ end
	23	+
	24	+ it 'sets the client options correctly for the a GitHub Enterprise github_url' do
	25	+ allow(Errbit::Config).to receive(:github_url).and_return('https://github.example.com')
	26	+ allow(Errbit::Config).to receive(:github_api_url).and_return('https://github.example.com/api/v3')
	27	+ load_initializer
	28	+
	29	+ options = Devise.omniauth_configs[:github].options
	30	+ expect(options).to have_key(:client_options)
	31	+ expect(options[:client_options]).to eq({
	32	+ site: 'https://github.example.com/api/v3',
	33	+ authorize_url: 'https://github.example.com/login/oauth/authorize',
	34	+ token_url: 'https://github.example.com/login/oauth/access_token',
	35	+ })
	36	+ end
	37	+ end
	38	+end
...	...