Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #25 from hyfn/restrict-login

Restrict login
  • Loading branch information...
commit a999c4beeb0cbf0f136688e31bebc82947205010 2 parents dff528b + cbb04d5
@joelmoss authored
View
8 app/controllers/sessions_controller.rb
@@ -13,8 +13,12 @@ def create
attributes = { :github_data => data, :github_access_token => request.env["omniauth.auth"][:credentials][:token] }
user = User.find_or_create_by_username(data[:login], attributes)
- session[:user_id] = user.id
- redirect_to root_url, :notice => 'Successfully signed in via Github!'
+ if user.authorized_for_app?
+ session[:user_id] = user.id
+ redirect_to root_url, :notice => 'Successfully signed in via Github!'
+ else
+ redirect_to root_url, :alert => "Access requires organization membership"
+ end
end
def destroy
View
11 app/models/user.rb
@@ -47,6 +47,17 @@ def authorized_for_github?
!github.nil?
end
+ # If open_login is set to false in the strano settings, users may only enter if
+ # they or an organization they belong to is explicitly allowed.
+ #
+ # Returns a Boolean
+ def authorized_for_app?
+ # authorized if open login is enabled or they're on the members list
+ return true if Strano.open_login || Strano.allow_users_include?(username)
+
+ # otherwise make a call to github to see if we've allowed any of their organizations
+ github.orgs.any_allowed?
+ end
private
View
6 config/strano.example.yml
@@ -36,6 +36,12 @@ defaults: &defaults
# To only allow project creation from your own repos:
#
# allow_users: my_github_username
+
+ # Set to false to prevent users from accessing the app or creating repos
+ # unless they are listed under allow_users or have membership in an
+ # organization listed under allow_organizations. Default value is true.
+ #
+ # open_login: true
development:
<<: *defaults
View
7 lib/github/orgs.rb
@@ -11,6 +11,13 @@ def each
yield Github::Org.new(@access_token, org)
end
end
+
+ # Whether the user is a member of any of the allowed organizations
+ #
+ # Returns boolean
+ def any_allowed?
+ all.any? { |org| Strano.allow_organizations_include?(org.login) }
+ end
end
end
View
10 lib/strano/configuration.rb
@@ -9,7 +9,8 @@ module Configuration
:github_key,
:github_secret,
:allow_organizations,
- :allow_users].freeze
+ :allow_users,
+ :open_login].freeze
# The public SSH key that Strano will add to each users Github account
# so that Strano can clone github repos locally.
@@ -38,6 +39,12 @@ module Configuration
# creating projects from users completely. Pass an array of Github
# usernames to restrict which projects Strano can create new projects for.
DEFAULT_ALLOW_USERS = true
+
+ # Any user with a Github account can create new deployments. Default
+ # values if true. Setting this to false will only allow users to log in to
+ # the app if they are listed under 'allow_users' or a member of one of the
+ # organizations under 'allow_organizations'.
+ DEFAULT_OPEN_LOGIN = true
attr_accessor *VALID_OPTIONS_KEYS
@@ -119,6 +126,7 @@ def reset
self.github_secret = DEFAULT_GITHUB_SECRET
self.allow_organizations = DEFAULT_ALLOW_ORGANIZATIONS
self.allow_users = DEFAULT_ALLOW_USERS
+ self.open_login = DEFAULT_OPEN_LOGIN
self
end
end
View
4 public/robots.txt
@@ -1,5 +1,5 @@
# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
-# User-Agent: *
-# Disallow: /
+User-Agent: *
+Disallow: /
Please sign in to comment.
Something went wrong with that request. Please try again.