Tidy up and move some more things that should be in config into config

README.md

@@ -2,10 +2,15 @@ For super-quickness:
 
 You need to tell us the name of your User model, which needs to respond to klass.find_by_uid(uid), and must include the GDS::SSO::User module.
 
+You also need to include `GDS::SSO::ControllerMethods` in your ApplicationController
+
 Create a `config/initializers/gds-sso.rb` that looks like:
 
     GDS::SSO.config do |config|
-      config.user_model = 'User'
+      config.user_model   = 'User'
+      # set up ID and Secret in a way which doesn't require it to be checked in to source control...
+      config.oauth_id     = ENV['OAUTH_ID']
+      config.oauth_secret = ENV['OAUTH_SECRET']
+      # optional config for location of sign-on-o-tron
+      config.oauth_root_url = "http://localhost:3001"
     end
-
-

lib/gds-sso.rb

@@ -1,69 +1,26 @@
 require 'rails'
-require 'active_support/ordered_options'
 
-require 'gds-sso/warden_config'
-require 'gds-sso/omniauth_strategy'
-require 'gds-sso/user'
-require 'gds-sso/controller_methods'
 require 'gds-sso/config'
+require 'gds-sso/omniauth_strategy'
+require 'gds-sso/warden_config'
 
 module GDS
   module SSO
-    autoload :FailureApp, 'gds-sso/failure_app'
-
+    autoload :FailureApp,        'gds-sso/failure_app'
+    autoload :ControllerMethods, 'gds-sso/controller_methods'
+    autoload :User,              'gds-sso/user'
 
     def self.config
-      yield GDS::SSO::Config if block_given?
+      yield GDS::SSO::Config
     end
 
     class Engine < ::Rails::Engine
-      # config.gds = # that ordered hash map config thingy
-
-      # Initialize Warden and copy its configurations.
-    #   config.app_middleware.use Warden::Manager do |config|
-    #     Devise.warden_config = config
-    #   end
-    # 
-    #   # Force routes to be loaded if we are doing any eager load.
-    #   config.before_eager_load { |app| app.reload_routes! }
-    # 
-    #   initializer "devise.url_helpers" do
-    #     Devise.include_helpers(Devise::Controllers)
-    #   end
-    # 
-    #   initializer "devise.auth_keys" do
-    #     if Devise.authentication_keys.size > 1
-    #       puts "[DEVISE] You are configuring Devise to use more than one authentication key. " \
-    #         "In previous versions, we automatically added #{Devise.authentication_keys[1..-1].inspect} " \
-    #         "as scope to your e-mail validation, but this was changed now. If you were relying in such " \
-    #         "behavior, you should remove :validatable from your models and add the validations manually. " \
-    #         "To get rid of this warning, you can comment config.authentication_keys in your initializer " \
-    #         "and pass the current values as key to the devise call in your model."
-    #     end
-    #   end
-    # 
-    #   initializer "devise.omniauth" do |app|
-    #     Devise.omniauth_configs.each do |provider, config|
-    #       app.middleware.use config.strategy_class, *config.args do |strategy|
-    #         config.strategy = strategy
-    #       end
-    #     end
-    # 
-    #     if Devise.omniauth_configs.any?
-    #       Devise.include_helpers(Devise::OmniAuth)
-    #     end
-    #   end
-    # NeedOTron::Application.config.middleware.use OmniAuth::Builder do
-    #   provider :gds, 'abcdefgh12345678', 'secret'
-    # end
-    # 
-    # NeedOTron::Application.config.middleware.use Warden::Manager do |manager|
-    #   manager.default_strategies :signonotron
-    #   manager.failure_app = FailureApp
-    # end
+      # Force routes to be loaded if we are doing any eager load.
+      # TODO - check this one - Stolen from Devise because it looked sensible...
+      config.before_eager_load { |app| app.reload_routes! }
 
       config.app_middleware.use ::OmniAuth::Builder do
-        provider :gds, 'abcdefgh12345678', 'secret'
+        provider :gds, GDS::SSO::Config.oauth_id, GDS::SSO::Config.oauth_secret
       end
 
       config.app_middleware.use Warden::Manager do |manager|

lib/gds-sso/config.rb

@@ -4,7 +4,17 @@ module Config
       # Name of the User class
       mattr_accessor :user
       @@user = "User"
-
+
+      # OAuth ID
+      mattr_accessor :oauth_id
+
+      # OAuth Secret
+      mattr_accessor :oauth_secret
+
+      # Location of the OAuth server
+      mattr_accessor :oauth_root_url
+      @@oauth_root_url = "http://localhost:3001"
+
       def self.user_klass
         user.to_s.constantize
       end

lib/gds-sso/omniauth_strategy.rb

@@ -5,17 +5,17 @@
 # basic user information.
 #
 # @example Basic Usage
-#     use GdsOauth, 'API Key', 'Secret Key'
+#     use OmniAuth::Builder :gds, 'API Key', 'Secret Key'
 
 class OmniAuth::Strategies::Gds < OmniAuth::Strategies::OAuth2
   # @param [Rack Application] app standard middleware application parameter
   # @param [String] api_key the application id as [provided by GDS]
   # @param [String] secret_key the application secret as [provided by Bitly]
   def initialize(app, api_key = nil, secret_key = nil, options = {}, &block)
     client_options = {
-      :site => 'http://local.alphagov.co.uk:3001/',
-      :authorize_url => 'http://local.alphagov.co.uk:3001/oauth/authorize',
-      :access_token_url => 'http://local.alphagov.co.uk:3001/oauth/access_token'
+      :site => "#{GDS::SSO::Config.oauth_root_url}/",
+      :authorize_url => "#{GDS::SSO::Config.oauth_root_url}/oauth/authorize",
+      :access_token_url => "#{GDS::SSO::Config.oauth_root_url}/oauth/access_token"
     }
 
     super(app, :gds, api_key, secret_key, client_options, options, &block)