Permalink
Browse files

Authorize with google openid and track sessions with devise.

  • Loading branch information...
1 parent 66d579d commit 92bbf80dcdaeff22289a576900a643e3301dde0c @saterus saterus committed Apr 19, 2012
View
@@ -9,6 +9,7 @@ gem 'haml-rails'
gem 'jquery-rails'
gem 'twitter-bootstrap-rails'
gem 'omniauth-openid'
+gem 'devise'
gem 'elo'
View
@@ -31,10 +31,16 @@ GEM
addressable (2.2.7)
arel (3.0.2)
awesome_print (1.0.2)
+ bcrypt-ruby (3.0.1)
builder (3.0.0)
coderay (1.0.6)
commonjs (0.2.5)
daemons (1.1.8)
+ devise (2.0.4)
+ bcrypt-ruby (~> 3.0)
+ orm_adapter (~> 0.0.3)
+ railties (~> 3.1)
+ warden (~> 1.1.1)
diff-lcs (1.1.3)
elo (0.1.0)
erubis (2.7.0)
@@ -83,6 +89,7 @@ GEM
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
+ orm_adapter (0.0.7)
pg (0.13.2)
polyglot (0.3.3)
pry (0.9.8.4)
@@ -174,13 +181,16 @@ GEM
uglifier (1.2.4)
execjs (>= 0.3.0)
multi_json (>= 1.0.2)
+ warden (1.1.1)
+ rack (>= 1.0)
yard (0.7.5)
PLATFORMS
ruby
DEPENDENCIES
awesome_print
+ devise
elo
haml-rails
heroku
@@ -0,0 +1,17 @@
+class Admins::SessionsController < Devise::OmniauthCallbacksController
+
+ def callback
+ email = request.env['omniauth.auth'].info.to_hash['email'].downcase
+ if email =~ /@(the)?edgecase.com\Z/
+ @admin = Admin.find_or_create_by_email(email)
+ @admin.ensure_authentication_token!
+ sign_in @admin
+
+ flash.notice = "Authorized as #{email}"
+ else
+ flash.alert = "#{email} not authorized!"
+ end
+ redirect_to request.env['omniauth.origin'] || root_path
+ end
+
+end
@@ -1,13 +0,0 @@
-class SessionController < ApplicationController
-
- def create
- email = request.env['omniauth.auth'].info.to_hash['email']
- if email =~ /@(the)?edgecase.com\Z/
- flash.notice = "Authorized as #{email}"
- else
- flash.alert = "#{email} not authorized!"
- end
- redirect_to request.env['omniauth.origin'] || root_path
- end
-
-end
View
@@ -0,0 +1,12 @@
+class Admin < ActiveRecord::Base
+ # Include default devise modules. Others available are:
+ # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
+ # devise :database_authenticatable, :registerable,
+ # :recoverable, :rememberable, :trackable, :validatable
+ devise :rememberable, :trackable, :omniauthable, :token_authenticatable
+
+ # Setup accessible (or protected) attributes for your model
+ # attr_accessible :email, :password, :password_confirmation, :remember_me
+ attr_accessible :email, :remember_me
+ # attr_accessible :title, :body
+end
@@ -19,6 +19,10 @@
%ul.nav.pull-right
%li= link_to "Source Code", "https://github.com/edgecase/paddle-battle"
%li= link_to "Elo Rating System", "http://en.wikipedia.org/wiki/Elo_rating_system"
+ - if admin_signed_in?
+ %li= link_to "Sign Out", destroy_admin_session_path
+ - else
+ %li= link_to "Sign In", "/admins/auth/google/"
.container
.row
@@ -29,5 +29,6 @@
= "#{m.winner_score} - #{m.loser_score}"
%td.game-scores.score
= format_game_scores m.game_scores
- %td.action
- = link_to "delete", match_path(m), method: :delete
+ - if admin_signed_in?
+ %td.action
+ = link_to "delete", match_path(m), method: :delete
View
@@ -44,7 +44,8 @@ class Application < Rails::Application
# Enable the asset pipeline
config.assets.enabled = true
config.assets.version = '1.0'
-
+ config.assets.initialize_on_precompile = false
+
Elo.configure do |config|
# Every player starts with a rating of 1000
config.default_rating = 1000
@@ -55,6 +56,6 @@ class Application < Rails::Application
# A player is considered a new, when he/she has played less than 30 games
config.starter_boundry = 30
end
-
+
end
end
@@ -16,6 +16,8 @@
# Don't care if the mailer can't send
config.action_mailer.raise_delivery_errors = false
+ config.action_mailer.default_url_options = { :host => 'localhost:3000' }
+
# Print deprecation notices to the Rails logger
config.active_support.deprecation = :log
@@ -40,6 +40,7 @@
# Disable delivery errors, bad email addresses will be ignored
# config.action_mailer.raise_delivery_errors = false
+ config.action_mailer.default_url_options = { :host => 'paddle-battle.herokuapp.com' }
# Enable threaded mode
# config.threadsafe!
@@ -0,0 +1,223 @@
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
+Devise.setup do |config|
+ # ==> Mailer Configuration
+ # Configure the e-mail address which will be shown in Devise::Mailer,
+ # note that it will be overwritten if you use your own mailer class with default "from" parameter.
+ config.mailer_sender = "please-change-me-at-config-initializers-devise@example.com"
+
+ # Configure the class responsible to send e-mails.
+ # config.mailer = "Devise::Mailer"
+
+ # Automatically apply schema changes in tableless databases
+ config.apply_schema = false
+
+ # ==> ORM configuration
+ # Load and configure the ORM. Supports :active_record (default) and
+ # :mongoid (bson_ext recommended) by default. Other ORMs may be
+ # available as additional gems.
+ require 'devise/orm/active_record'
+
+ # ==> Configuration for any authentication mechanism
+ # Configure which keys are used when authenticating a user. The default is
+ # just :email. You can configure it to use [:username, :subdomain], so for
+ # authenticating a user, both parameters are required. Remember that those
+ # parameters are used only when authenticating and not when retrieving from
+ # session. If you need permissions, you should implement that in a before filter.
+ # You can also supply a hash where the value is a boolean determining whether
+ # or not authentication should be aborted when the value is not present.
+ # config.authentication_keys = [ :email ]
+
+ # Configure parameters from the request object used for authentication. Each entry
+ # given should be a request method and it will automatically be passed to the
+ # find_for_authentication method and considered in your model lookup. For instance,
+ # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
+ # The same considerations mentioned for authentication_keys also apply to request_keys.
+ # config.request_keys = []
+
+ # Configure which authentication keys should be case-insensitive.
+ # These keys will be downcased upon creating or modifying a user and when used
+ # to authenticate or find a user. Default is :email.
+ config.case_insensitive_keys = [ :email ]
+
+ # Configure which authentication keys should have whitespace stripped.
+ # These keys will have whitespace before and after removed upon creating or
+ # modifying a user and when used to authenticate or find a user. Default is :email.
+ config.strip_whitespace_keys = [ :email ]
+
+ # Tell if authentication through request.params is enabled. True by default.
+ # It can be set to an array that will enable params authentication only for the
+ # given strategies, for example, `config.params_authenticatable = [:database]` will
+ # enable it only for database (email + password) authentication.
+ # config.params_authenticatable = true
+
+ # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+ # It can be set to an array that will enable http authentication only for the
+ # given strategies, for example, `config.http_authenticatable = [:token]` will
+ # enable it only for token authentication.
+ # config.http_authenticatable = false
+
+ # If http headers should be returned for AJAX requests. True by default.
+ # config.http_authenticatable_on_xhr = true
+
+ # The realm used in Http Basic Authentication. "Application" by default.
+ # config.http_authentication_realm = "Application"
+
+ # It will change confirmation, password recovery and other workflows
+ # to behave the same regardless if the e-mail provided was right or wrong.
+ # Does not affect registerable.
+ # config.paranoid = true
+
+ # By default Devise will store the user in session. You can skip storage for
+ # :http_auth and :token_auth by adding those symbols to the array below.
+ # Notice that if you are skipping storage for all authentication paths, you
+ # may want to disable generating routes to Devise's sessions controller by
+ # passing :skip => :sessions to `devise_for` in your config/routes.rb
+ config.skip_session_storage = [:http_auth]
+
+ # ==> Configuration for :database_authenticatable
+ # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+ # using other encryptors, it sets how many times you want the password re-encrypted.
+ #
+ # Limiting the stretches to just one in testing will increase the performance of
+ # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
+ # a value less than 10 in other environments.
+ config.stretches = Rails.env.test? ? 1 : 10
+
+ # Setup a pepper to generate the encrypted password.
+ # config.pepper = "ad24c0b6dd5a50767a16dec42b264f107364b952c070bae4e811664f20674282f372442dae7fec0e99b660a1f6afc1423a9af4c6ec2a5a48c08e8e781e138ca9"
+
+ # ==> Configuration for :confirmable
+ # A period that the user is allowed to access the website even without
+ # confirming his account. For instance, if set to 2.days, the user will be
+ # able to access the website for two days without confirming his account,
+ # access will be blocked just in the third day. Default is 0.days, meaning
+ # the user cannot access the website without confirming his account.
+ # config.allow_unconfirmed_access_for = 2.days
+
+ # If true, requires any email changes to be confirmed (exctly the same way as
+ # initial account confirmation) to be applied. Requires additional unconfirmed_email
+ # db field (see migrations). Until confirmed new email is stored in
+ # unconfirmed email column, and copied to email column on successful confirmation.
+ config.reconfirmable = true
+
+ # Defines which key will be used when confirming an account
+ # config.confirmation_keys = [ :email ]
+
+ # ==> Configuration for :rememberable
+ # The time the user will be remembered without asking for credentials again.
+ # config.remember_for = 2.weeks
+
+ # If true, extends the user's remember period when remembered via cookie.
+ # config.extend_remember_period = false
+
+ # If true, uses the password salt as remember token. This should be turned
+ # to false if you are not using database authenticatable.
+ config.use_salt_as_remember_token = true
+
+ # Options to be passed to the created cookie. For instance, you can set
+ # :secure => true in order to force SSL only cookies.
+ # config.cookie_options = {}
+
+ # ==> Configuration for :validatable
+ # Range for password length. Default is 6..128.
+ # config.password_length = 6..128
+
+ # Email regex used to validate email formats. It simply asserts that
+ # an one (and only one) @ exists in the given string. This is mainly
+ # to give user feedback and not to assert the e-mail validity.
+ # config.email_regexp = /\A[^@]+@[^@]+\z/
+
+ # ==> Configuration for :timeoutable
+ # The time you want to timeout the user session without activity. After this
+ # time the user will be asked for credentials again. Default is 30 minutes.
+ # config.timeout_in = 30.minutes
+
+ # ==> Configuration for :lockable
+ # Defines which strategy will be used to lock an account.
+ # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+ # :none = No lock strategy. You should handle locking by yourself.
+ # config.lock_strategy = :failed_attempts
+
+ # Defines which key will be used when locking and unlocking an account
+ # config.unlock_keys = [ :email ]
+
+ # Defines which strategy will be used to unlock an account.
+ # :email = Sends an unlock link to the user email
+ # :time = Re-enables login after a certain amount of time (see :unlock_in below)
+ # :both = Enables both strategies
+ # :none = No unlock strategy. You should handle unlocking by yourself.
+ # config.unlock_strategy = :both
+
+ # Number of authentication tries before locking an account if lock_strategy
+ # is failed attempts.
+ # config.maximum_attempts = 20
+
+ # Time interval to unlock the account if :time is enabled as unlock_strategy.
+ # config.unlock_in = 1.hour
+
+ # ==> Configuration for :recoverable
+ #
+ # Defines which key will be used when recovering the password for an account
+ # config.reset_password_keys = [ :email ]
+
+ # Time interval you can reset your password with a reset password key.
+ # Don't put a too small interval or your users won't have the time to
+ # change their passwords.
+ config.reset_password_within = 6.hours
+
+ # ==> Configuration for :encryptable
+ # Allow you to use another encryption algorithm besides bcrypt (default). You can use
+ # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
+ # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
+ # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
+ # REST_AUTH_SITE_KEY to pepper)
+ # config.encryptor = :sha512
+
+ # ==> Configuration for :token_authenticatable
+ # Defines name of the authentication token params key
+ # config.token_authentication_key = :auth_token
+
+ # ==> Scopes configuration
+ # Turn scoped views on. Before rendering "sessions/new", it will first check for
+ # "users/sessions/new". It's turned off by default because it's slower if you
+ # are using only default views.
+ # config.scoped_views = false
+
+ # Configure the default scope given to Warden. By default it's the first
+ # devise role declared in your routes (usually :user).
+ # config.default_scope = :user
+
+ # Configure sign_out behavior.
+ # Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
+ # The default is true, which means any logout action will sign out all active scopes.
+ # config.sign_out_all_scopes = true
+
+ # ==> Navigation configuration
+ # Lists the formats that should be treated as navigational. Formats like
+ # :html, should redirect to the sign in page when the user does not have
+ # access, but formats like :xml or :json, should return 401.
+ #
+ # If you have any extra navigational formats, like :iphone or :mobile, you
+ # should add them to the navigational formats lists.
+ #
+ # The "*/*" below is required to match Internet Explorer requests.
+ # config.navigational_formats = ["*/*", :html]
+
+ # The default HTTP method used to sign out a resource. Default is :delete.
+ config.sign_out_via = :delete
+
+ # ==> OmniAuth
+ # Add a new OmniAuth provider. Check the wiki for more information on setting
+ # up on your models and hooks.
+ # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+
+ # ==> Warden configuration
+ # If you want to use other strategies, that are not supported by Devise, or
+ # change the failure app, you can configure them inside the config.warden block.
+ #
+ # config.warden do |manager|
+ # manager.intercept_401 = false
+ # manager.default_strategies(:scope => :user).unshift :some_external_strategy
+ # end
+end
Oops, something went wrong.

0 comments on commit 92bbf80

Please sign in to comment.