LsOmniauth is a Rails Engine that provides authentication via Google OAuth.
You can allow all users with a livingsocial.com or hungrymachine.com email address to access protected parts of your app.
You can also whitelist the email addresses that are authorized to access protected resources.
Note: There is a dummy application in spec/dummy where this setup is used.
First off, we'll need to mount the engine in your config/routes.rb:
Dummy::Application.routes.draw do
get 'public' => 'public#index', as: :public_page
get 'private' => 'private#index', as: :private_page
mount LsOmniauth::Engine, at: "/auth", as: 'ls_omniauth' # <------ The engine will provide its functionality at /auth in your app
root to: 'public#index'
end
Adding the following lines to a controller will deny access to anyone who does not authenticate with a LivingSocial.com or HungryMachine.com address.
class SecureApplicationController < ApplicationController
include LsOmniauth::OmniauthHelper
before_filter { |c| c.require_authorization domains: ["livingsocial.com","hungrymachine.com"] }
end
Add a config/ls-omniauth.yml file in your app using a format like this to define a general_access group.
You can have several groups under authorized_users.
Also note that the client id and secret configurations are a requirement as of version 2.0.0
client: &client
client_id: 12345.apps.googleusercontent.com
client_secret: 12345
development:
<<: *client
dev_mode: true
production:
<<: *client
authorized_users:
general_access:
- dan.rabinowitz@hungrymachine.com
- tyler.montgomery@hungrymachine.com
super_secret_access:
- the.nsa@hungrymachine.com
Then, add the following lines to a controller:
class SecureApplicationController < ApplicationController
include LsOmniauth::OmniauthHelper
before_filter { |c| c.require_authorization group: "general_access" }
end
It's recommended that for test and dev environments, you enable dev mode by setting the dev_mode key to true in ls-omniauth.yml
dev_mode: true
This will no-op the require_authorization method to prevent any live requests from being made while you're developing or testing.
LsOmniauth adds a sign_in and sign_out route for you. They will work at /auth/sign_in and /auth/sign_out (if you mount your
app at in your routes at /auth).
These routes won't pollute your app's routes. You can access them in views or controllers almost like normal:
redirect_to ls_omniauth.sign_out_url # <---- notice the ls_omniauth prepended to the url helper
In order to use this gem, you'll need an active Google Oauth client id and client secret. Additionally, you'll need to add your application's redirect url to the list of OAuth authorized routes for that Oauth api client. You can find and edit those lists here:
Are we recreating the wheel here? Can this all be done with already-existing gems? Devise?
Is the return_uri code working? If not, can it be made to work?
##License This project rocks and uses MIT-LICENSE.
FAQs
Unknown package
We found that ls-omniauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.
Security News
Research
Socket researchers found a malicious Maven package impersonating the legitimate ‘XZ for Java’ library, introducing a backdoor for remote code execution.