suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f05ea7198b
travis-api/lib/travis/api/app/endpoint/authorization.rb
Konstantin Haase f05ea7198b fully implement access tokens
2012-08-15 00:52:22 +02:00

91 lines
3.0 KiB
Ruby
Raw Blame History

require 'travis/api/app'
class Travis::Api::App
class Endpoint
# You need to get hold of an access token in order to reach any
# endpoint requiring authorization.
# There are three ways to get hold of such a token: OAuth2, via a GitHub
# token you may already have or with Cross-Origin Window Messages.
#
# ## OAuth2
#
# API authorization is done via a subset of OAuth2 and is largely compatible
# with the [GitHub process](http://developer.github.com/v3/oauth/).
# Be aware that Travis CI will in turn use OAuth2 to authenticate (and
# authorize) against GitHub.
#
# This is the recommended way for third-party web apps.
#
# ## GitHub Token
#
# If you already have a GitHub token with the same or greater scope than
# the tokens used by Travis CI, you can easily exchange it for a access
# token. Travis will not store the GitHub token and only use it for a single
# request to resolve the associated user and scopes.
#
# This is the recommended way for GitHub applications that also want Travis
# integration.
#
# ## Cross-Origin Window Messages
#
# This is the recommended way for the official client. We might improve the
# authorization flow to support third-party clients in the future, too.
class Authorization < Endpoint
set prefix: '/auth'
# Parameters:
#
# * **client_id**: your App's client id (required)
# * **redirect_uri**: URL to redirect to
# * **scope**: requested access scope
# * **state**: should be random string to prevent CSRF attacks
get '/authorize' do
raise NotImplementedError
end
# Parameters:
#
# * **client_id**: your App's client id (required)
# * **client_secret**: your App's client secret (required)
# * **code**: code retrieved from redirect from [/authorize](#/authorize) (required)
# * **redirect_uri**: URL to redirect to
# * **state**: same value sent to [/authorize](#/authorize)
post '/access_token' do
raise NotImplementedError
end
# Parameters:
#
# * **token**: GitHub token for checking authorization (required)
post '/github' do
data = GH.with(token: params[:token].to_s) { GH['user'] }
scopes = parse_scopes data.headers['x-oauth-scopes']
user = User.find_by_login(data['login'])
halt 403, 'not a Travis user' if user.nil?
halt 403, 'insufficient access' unless acceptable? scopes
{ 'access_token' => generate_token(user) }
end
error Faraday::Error::ClientError do
halt 401, 'could not resolve github token'
end
private
def parse_scopes(data)
data.gsub(/\s/,'').split(',') if data
end
def generate_token(user)
AccessToken.create(user: user).token
end
def acceptable?(scopes)
scopes.include? 'public_repo' or scopes.include? 'repo'
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink