start working on post_message auth flow

2012-09-17 23:58:57 +02:00 · 2012-09-17 23:58:57 +02:00 · 474f5bd896
commit 474f5bd896
parent f05f841a46
3 changed files with 45 additions and 9 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -32,7 +32,7 @@ GIT

 GIT
  remote: git://github.com/travis-ci/travis-core.git
-  revision: b71c3be388451581f2ca60e6fd862c2bfc56bfb6
+  revision: 73679d7263ded28620dac7815e4aed253a8191d3
  specs:
    travis-core (0.0.1)
      actionmailer (~> 3.2.3)
@ -53,7 +53,7 @@ GIT

 GIT
  remote: git://github.com/travis-ci/travis-support.git
-  revision: 27857bb4f5425b8aacc9b26e4661688dca962fb0
+  revision: b150763d253331de9adadcb5b39f7df5efccb676
  specs:
    travis-support (0.0.1)

--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@ -1,4 +1,6 @@
 require 'travis/api/app'
+require 'addressable/uri'
+require 'faraday'

 class Travis::Api::App
  class Endpoint
@ -58,14 +60,31 @@ class Travis::Api::App
      #
      # * **token**: GitHub token for checking authorization (required)
      post '/github' do
-        data   = GH.with(token: params[:token].to_s) { GH['user'] }
-        scopes = parse_scopes data.headers['x-oauth-scopes']
-        user   = User.find_by_login(data['login'])
+        { 'access_token' => github_to_travis(params[:token]) }
+      end

-        halt 403, 'not a Travis user'   if user.nil?
-        halt 403, 'insufficient access' unless acceptable? scopes
+      get '/post_message' do
+        config   = Travis.config.oauth2
+        endpoint = Addressable::URI.parse(config.authorization_server)
+        values   = {
+          client_id:    config.client_id,
+          scope:        config.scope,
+          redirect_uri: url
+        }

-        { 'access_token' => generate_token(user) }
+        if params[:code]
+          endpoint.path          = config.access_token_path
+          values[:code]          = params[:code]
+          values[:state]         = params[:state] if params[:state]
+          values[:client_secret] = config.client_secret
+
+          token = github_to_travis get_token(endpoint.to_s, values)
+          { 'access_token' => token }
+        else
+          endpoint.path         = config.authorize_path
+          endpoint.query_values = values
+          redirect to(endpoint.to_s)
+        end
      end

      error Faraday::Error::ClientError do
@ -74,6 +93,23 @@ class Travis::Api::App

      private

+        def github_to_travis(token)
+          data   = GH.with(token: token.to_s) { GH['user'] }
+          scopes = parse_scopes data.headers['x-oauth-scopes']
+          user   = User.find_by_login(data['login'])
+
+          halt 403, 'not a Travis user'   if user.nil?
+          halt 403, 'insufficient access' unless acceptable? scopes
+
+          generate_token(user)
+        end
+
+        def get_token(endoint, value)
+          response   = Faraday.get(endoint, value)
+          parameters = Addressable::URI.form_unencode(response.body)
+          parameters.assoc("access_token").last
+        end
+
        def parse_scopes(data)
          data.gsub(/\s/,'').split(',') if data
        end
--- a/script/server
+++ b/script/server
@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 cd "$(dirname "$0")/.."
-[ $PORT ]     || PORT=5000
+[ $PORT ]     || PORT=3000
 [ $RACK_ENV ] || RACK_ENV=development

 cmd="ruby -I lib -S bundle exec ruby -I lib -S thin start -p $PORT -e $RACK_ENV --threaded"