require 'travis/api/app' require 'addressable/uri' require 'faraday' require 'securerandom' class Travis::Api::App class Endpoint # You need to get hold of an access token in order to reach any # endpoint requiring authorization. # There are three ways to get hold of such a token: OAuth2, via a GitHub # token you may already have or with Cross-Origin Window Messages. # # ## OAuth2 # # API authorization is done via a subset of OAuth2 and is largely compatible # with the [GitHub process](http://developer.github.com/v3/oauth/). # Be aware that Travis CI will in turn use OAuth2 to authenticate (and # authorize) against GitHub. # # This is the recommended way for third-party web apps. # The entry point is [/auth/authorize](#/auth/authorize). # # ## GitHub Token # # If you already have a GitHub token with the same or greater scope than # the tokens used by Travis CI, you can easily exchange it for a access # token. Travis will not store the GitHub token and only use it for a single # request to resolve the associated user and scopes. # # This is the recommended way for GitHub applications that also want Travis # integration. # # The entry point is [/auth/github](#POST /auth/github). # # ## Cross-Origin Window Messages # # This is the recommended way for the official client. We might improve the # authorization flow to support third-party clients in the future, too. # # The entry point is [/auth/post_message](#/auth/post_message). class Authorization < Endpoint enable :inline_templates set prefix: '/auth' # Endpoint for retrieving an authorization code, which in turn can be used # to generate an access token. # # NOTE: This endpoint is not yet implemented. # # Parameters: # # * **client_id**: your App's client id (required) # * **redirect_uri**: URL to redirect to # * **scope**: requested access scope # * **state**: should be random string to prevent CSRF attacks get '/authorize' do raise NotImplementedError end # Endpoint for generating an access token from an authorization code. # # NOTE: This endpoint is not yet implemented. # # Parameters: # # * **client_id**: your App's client id (required) # * **client_secret**: your App's client secret (required) # * **code**: code retrieved from redirect from [/auth/authorize](#/auth/authorize) (required) # * **redirect_uri**: URL to redirect to # * **state**: same value sent to [/auth/authorize](#/auth/authorize) post '/access_token' do raise NotImplementedError end # Endpoint for generating an access token from a GitHub access token. # # Parameters: # # * **github_token**: GitHub token for checking authorization (required) post '/github' do unless params[:github_token] halt 422, { "error" => "Must pass 'github_token' parameter" } end { 'access_token' => github_to_travis(params[:github_token], app_id: 1, drop_token: true) } end # Endpoint for making sure user authorized Travis CI to access GitHub. # There are no restrictions on where to redirect to after handshake. # However, no information whatsoever is being sent with the redirect. # # Parameters: # # * **redirect_uri**: URI to redirect to after handshake. get '/handshake' do handshake do |user, token, redirect_uri| if target_ok? redirect_uri content_type :html data = { user: user, token: token, uri: redirect_uri } erb(:post_payload, locals: data) else safe_redirect redirect_uri end end end # This endpoint is meant to be embedded in an iframe, popup window or # similar. It will perform the handshake and, once done, will send an # access token and user payload to the parent window via postMessage. # # However, the endpoint to send the payload to has to be explicitely # whitelisted in production, as this is endpoint is only meant to be used # with the official Travis CI client at the moment. # # Example usage: # # window.addEventListener("message", function(event) { # console.log("received token: " + event.data.token); # }); # # var iframe = $('