Skip to content
Browse files

add option to restrict login by username/org

Adds a new configuration option "open_login" which restricts the ability to access the app at all, based on the user's github login or organization membership
  • Loading branch information...
1 parent 7492cb2 commit cbb04d511801bee6a84378e244c15ea595f4c624 @dleavitt dleavitt committed Oct 2, 2012
Showing with 39 additions and 3 deletions.
  1. +6 −2 app/controllers/sessions_controller.rb
  2. +11 −0 app/models/user.rb
  3. +6 −0 config/strano.example.yml
  4. +7 −0 lib/github/orgs.rb
  5. +9 −1 lib/strano/configuration.rb
View
8 app/controllers/sessions_controller.rb
@@ -13,8 +13,12 @@ def create
attributes = { :github_data => data, :github_access_token => request.env["omniauth.auth"][:credentials][:token] }
user = User.find_or_create_by_username(data[:login], attributes)
- session[:user_id] = user.id
- redirect_to root_url, :notice => 'Successfully signed in via Github!'
+ if user.authorized_for_app?
+ session[:user_id] = user.id
+ redirect_to root_url, :notice => 'Successfully signed in via Github!'
+ else
+ redirect_to root_url, :alert => "Access requires organization membership"
+ end
end
def destroy
View
11 app/models/user.rb
@@ -47,6 +47,17 @@ def authorized_for_github?
!github.nil?
end
+ # If open_login is set to false in the strano settings, users may only enter if
+ # they or an organization they belong to is explicitly allowed.
+ #
+ # Returns a Boolean
+ def authorized_for_app?
+ # authorized if open login is enabled or they're on the members list
+ return true if Strano.open_login || Strano.allow_users_include?(username)
+
+ # otherwise make a call to github to see if we've allowed any of their organizations
+ github.orgs.any_allowed?
+ end
private
View
6 config/strano.example.yml
@@ -36,6 +36,12 @@ defaults: &defaults
# To only allow project creation from your own repos:
#
# allow_users: my_github_username
+
+ # Set to false to prevent users from accessing the app or creating repos
+ # unless they are listed under allow_users or have membership in an
+ # organization listed under allow_organizations. Default value is true.
+ #
+ # open_login: true
development:
<<: *defaults
View
7 lib/github/orgs.rb
@@ -11,6 +11,13 @@ def each
yield Github::Org.new(@access_token, org)
end
end
+
+ # Whether the user is a member of any of the allowed organizations
+ #
+ # Returns boolean
+ def any_allowed?
+ all.any? { |org| Strano.allow_organizations_include?(org.login) }
+ end
end
end
View
10 lib/strano/configuration.rb
@@ -9,7 +9,8 @@ module Configuration
:github_key,
:github_secret,
:allow_organizations,
- :allow_users].freeze
+ :allow_users,
+ :open_login].freeze
# The public SSH key that Strano will add to each users Github account
# so that Strano can clone github repos locally.
@@ -38,6 +39,12 @@ module Configuration
# creating projects from users completely. Pass an array of Github
# usernames to restrict which projects Strano can create new projects for.
DEFAULT_ALLOW_USERS = true
+
+ # Any user with a Github account can create new deployments. Default
+ # values if true. Setting this to false will only allow users to log in to
+ # the app if they are listed under 'allow_users' or a member of one of the
+ # organizations under 'allow_organizations'.
+ DEFAULT_OPEN_LOGIN = true
attr_accessor *VALID_OPTIONS_KEYS
@@ -119,6 +126,7 @@ def reset
self.github_secret = DEFAULT_GITHUB_SECRET
self.allow_organizations = DEFAULT_ALLOW_ORGANIZATIONS
self.allow_users = DEFAULT_ALLOW_USERS
+ self.open_login = DEFAULT_OPEN_LOGIN
self
end
end

0 comments on commit cbb04d5

Please sign in to comment.
Something went wrong with that request. Please try again.