Merge 465ae9c into 1ddf715

.gitignore

@@ -3,10 +3,8 @@ db/*.sqlite3
 log/*.log
 tmp/**/*
 tmp/*
-config/config.yml
 config/deploy.rb
 config/deploy
-config/mongoid.yml
 config/newrelic.yml
 .rvmrc
 .idea
@@ -18,4 +16,3 @@ bin
 bundle
 coverage
 *#
-.ruby-version

.ruby-version

@@ -0,0 +1 @@
+2.0.0-p353

Gemfile

@@ -72,6 +72,15 @@ gem 'flowdock'
 # GitHub OAuth
 gem 'omniauth-github'
 
+#### GDS additions ####
+# GDS Signon
+gem 'omniauth-gds', '3.0.0'
+gem 'plek', '1.7.0'
+gem 'warden-oauth2', '0.0.1'
+
+gem 'logstasher', '0.4.8'
+#### End GDS additions ####
+
 gem 'ri_cal'
 gem 'yajl-ruby', :require => "yajl"
 

Gemfile.lock

@@ -158,6 +158,9 @@ GEM
       activesupport (>= 3.0.0)
     linecache (0.46)
       rbx-require-relative (> 0.0.4)
+    logstash-event (1.1.5)
+    logstasher (0.4.8)
+      logstash-event (~> 1.1.0)
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
@@ -207,6 +210,8 @@ GEM
     omniauth (1.1.4)
       hashie (>= 1.2, < 3)
       rack
+    omniauth-gds (3.0.0)
+      omniauth-oauth2 (~> 1.0)
     omniauth-github (1.1.1)
       omniauth (~> 1.0)
       omniauth-oauth2 (~> 1.1)
@@ -229,6 +234,7 @@ GEM
       rest-client (~> 1.6.0)
     pjax_rails (0.3.4)
       jquery-rails
+    plek (1.7.0)
     polyglot (0.3.4)
     premailer (1.7.3)
       css_parser (>= 1.1.9)
@@ -352,6 +358,8 @@ GEM
     useragent (0.8.3)
     warden (1.2.3)
       rack (>= 1.0)
+    warden-oauth2 (0.0.1)
+      warden
     webmock (1.15.0)
       addressable (>= 2.2.7)
       crack (>= 0.3.2)
@@ -396,15 +404,18 @@ DEPENDENCIES
   kaminari (>= 0.14.1)
   launchy
   lighthouse-api
+  logstasher (= 0.4.8)
   meta_request
   mongoid
   mongoid-rspec
   mongoid_rails_migrations
   octokit (~> 2.0)
+  omniauth-gds (= 3.0.0)
   omniauth-github
   oruen_redmine_client
   pivotal-tracker
   pjax_rails
+  plek (= 1.7.0)
   pry-rails
   puma
   quiet_assets
@@ -425,6 +436,7 @@ DEPENDENCIES
   underscore-rails
   unicorn
   useragent
+  warden-oauth2 (= 0.0.1)
   webmock
   xmpp4r
   yajl-ruby

Rakefile

@@ -14,12 +14,12 @@ namespace :spec do
   task :prepare do
     tmp_env = Rails.env
     Rails.env = "test"
-    %w( errbit:bootstrap ).each do |task|
+    %w( db:drop db:mongoid:create_indexes ).each do |task|
       Rake::Task[task].invoke
     end
     Rails.env = tmp_env
   end
 end
 
 Rake::Task["spec"].prerequisites.push("spec:prepare")
-task :default => ['spec']
+task :default => ['spec']

app/controllers/apps_controller.rb

@@ -8,11 +8,11 @@ class AppsController < ApplicationController
   respond_to :html
 
   expose(:app_scope) {
-    (current_user.admin? ? App : current_user.apps)
+    App
   }
 
   expose(:apps) {
-    app_scope.all.sort.to_a
+    app_scope.asc('name').to_a
   }
 
   expose(:app, :ancestor => :app_scope)

app/controllers/problems_controller.rb

@@ -13,13 +13,7 @@ class ProblemsController < ApplicationController
     :resolve_several, :unresolve_several, :unmerge_several
   ]
 
-  expose(:app) {
-    if current_user.admin?
-      App.find(params[:app_id])
-    else
-      current_user.apps.find(params[:app_id])
-    end
-  }
+  expose(:app)
 
   expose(:problem) {
     app.problems.find(params[:id])

app/controllers/users/gds_signon_callbacks_controller.rb

@@ -0,0 +1,25 @@
+class Users::GdsSignonCallbacksController < ApplicationController
+
+  skip_before_filter :authenticate_user!
+  before_filter :authenticate_api_user!
+
+  def update
+    oauth_hash = GDSBearerToken.omniauth_style_response(request.body)
+    User.find_for_gds_oauth(oauth_hash)
+    head :ok
+  end
+
+  def reauth
+    user = User.where(:uid => params[:uid]).first
+    user.set_remotely_signed_out! if user
+    head :ok
+  end
+
+  private
+
+  def authenticate_api_user!
+    unless user_signed_in? and current_user.permissions.include?("user_update_permission")
+      render :nothing => true, :status => 401
+    end
+  end
+end

app/controllers/users/omniauth_callbacks_controller.rb

@@ -37,6 +37,17 @@ def github
     end
   end
 
+  def gds
+    auth = env["omniauth.auth"]
+    if user = User.find_for_gds_oauth(auth)
+      user.clear_remotely_signed_out!
+      flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => "GDS Signon"
+      sign_in_and_redirect user, :event => :authentication
+    else
+      render :status => 403, :text => I18n.t("devise.omniauth_callbacks.failure", :kind => "GDS Signon", :reason => "You do not have permission to access the app")
+    end
+  end
+
   private
 
   def update_user_with_github_attributes(user, login, token)

app/controllers/users/sessions_controller.rb

@@ -0,0 +1,12 @@
+class Users::SessionsController < Devise::SessionsController
+
+  def new
+    redirect_to user_omniauth_authorize_path(:gds)
+  end
+
+  private
+
+  def after_sign_out_path_for(resource_name)
+    GDS::SSO::Config.oauth_root_url + "/users/sign_out"
+  end
+end

app/controllers/watchers_controller.rb

@@ -9,18 +9,26 @@ class WatchersController < ApplicationController
     app.watchers.where(:user_id => params[:id]).first
   end
 
-  before_filter :require_watcher_edit_priviledges, :only => [:destroy]
+  before_filter :require_watcher_edit_priviledges, :only => [:update, :destroy]
+
+  def update
+    if watcher.nil?
+      app.watchers.create(:user_id => params[:id])
+      flash[:success] = I18n.t('controllers.watchers.flash.create.success', :app_name => app.name)
+    end
+    redirect_to app_path(app)
+  end
 
   def destroy
     app.watchers.delete(watcher)
     flash[:success] = "That's sad. #{watcher.label} is no longer watcher."
-    redirect_to root_path
+    redirect_to app_path(app)
   end
 
   private
 
   def require_watcher_edit_priviledges
-    redirect_to(root_path) unless current_user == watcher.user || current_user.admin?
+    redirect_to(root_path) unless current_user.id.to_s == params[:id] || current_user.admin?
   end
 
 end

app/models/user.rb

@@ -36,6 +36,12 @@ class User
 
   index :authentication_token => 1
 
+  ### GDS SSO
+  field :uid, :type => String
+  field :remotely_signed_out, :type => Boolean, :default => false
+  field :permissions, :type => Array, :default => []
+  index :uid => 1
+
   before_save :ensure_authentication_token
 
   validates_presence_of :name
@@ -61,7 +67,7 @@ def watching?(app)
   end
 
   def password_required?
-    github_login.present? ? false : super
+    (github_login.present? or uid.present?) ? false : super
   end
 
   def github_account?
@@ -89,6 +95,32 @@ def self.token_authentication_key
     :auth_token
   end
 
+  def active_for_authentication?
+    super && ! remotely_signed_out
+  end
+
+  def set_remotely_signed_out!
+    self.update_attribute(:remotely_signed_out, true) unless self.remotely_signed_out
+  end
+
+  def clear_remotely_signed_out!
+    self.update_attribute(:remotely_signed_out, false) if self.remotely_signed_out
+  end
+
+  def self.find_for_gds_oauth(auth_hash)
+    return false unless auth_hash.has_key?('info') and auth_hash.has_key?('extra') and auth_hash['extra'].has_key?('user')
+
+    permissions = auth_hash['extra']['user']['permissions'] || []
+    return false unless permissions.include?('signin')
+
+    user = self.where(:uid => auth_hash['uid']).first_or_initialize
+    user.permissions = permissions
+    user.admin = permissions.include?("admin")
+    user.name = auth_hash['info']['name']
+    user.email = auth_hash['info']['email']
+    user.save and user
+  end
+
   private
 
   def generate_authentication_token

app/views/apps/_fields.html.haml

@@ -63,6 +63,6 @@
   = f.check_box :resolve_errs_on_deploy
   = f.label :resolve_errs_on_deploy, 'Resolve errs on deploy'
 
-= render "issue_tracker_fields", :f => f
-= render "service_notification_fields", :f => f
+-#= render "issue_tracker_fields", :f => f
+-#= render "service_notification_fields", :f => f
 

app/views/apps/show.html.haml

@@ -21,6 +21,8 @@
 
   - if current_user.watching?(app)
     = link_to t('.unwatch'),  app_watcher_path({:app_id => app, :id => current_user.id}), :method => :delete, :class => 'button', :confirm => t('.are_you_sure')
+  - else
+    = link_to t('.watch'), app_watcher_path({:app_id => app, :id => current_user.id}), :method => :put, :class => 'button'
 %h3#watchers_toggle
   =t('.watchers')
   %span.click_span=t('.show_hide')

app/views/users/_fields.html.haml

@@ -2,7 +2,7 @@
 
 .required
   = f.label :name
-  = f.text_field :name
+  = f.text_field :name, :disabled => true
 
 - if Errbit::Config.user_has_username
   .required
@@ -11,7 +11,7 @@
 
 .required
   = f.label :email
-  = f.text_field :email
+  = f.text_field :email, :disabled => true
 
 - if Errbit::Config.github_authentication
   = f.label :github_login
@@ -25,16 +25,8 @@
   = f.label :time_zone
   = f.time_zone_select :time_zone, ActiveSupport::TimeZone.us_zones
 
-.required
-  = f.label :password
-  = f.password_field :password, :autocomplete => "off"
-
-.required
-  = f.label :password_confirmation
-  = f.password_field :password_confirmation
-
 - if current_user.admin?
   .checkbox
-    = f.check_box :admin
+    = f.check_box :admin, :disabled => true
     = f.label :admin, 'Admin?'
 

app/views/users/index.html.haml

@@ -1,6 +1,4 @@
 - content_for :title, 'Users'
-- content_for :action_bar do
-  %span= link_to('Add a New User', new_user_path, :class => 'add')
 
 %table.users
   %thead

app/views/users/show.html.haml

@@ -7,7 +7,6 @@
 
 - content_for :action_bar do
   = render 'shared/link_github_account'
-  %span= link_to('Add a New User', new_user_path, :class => 'add')
   = link_to 'edit', edit_user_path(user), :class => 'button'
   = link_to 'destroy', user_path(user), :method => :delete,
     :data => { :confirm => t('users.confirm_delete') }, :class => 'delete button'