update basics of auth for editable scopes

Author: izuzak

api/ruby/basics-of-authentication/Gemfile

@@ -3,4 +3,3 @@ source "http://rubygems.org"
 gem "json",        "1.7.7"
 gem 'sinatra',     '~> 1.3.5'
 gem 'rest-client', '~> 1.6.3'
-gem 'sinatra_auth_github', '~> 0.13.3'

api/ruby/basics-of-authentication/Gemfile.lock

@@ -1,24 +1,8 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    addressable (2.3.3)
-    faraday (0.8.6)
-      multipart-post (~> 1.1)
-    faraday_middleware (0.9.0)
-      faraday (>= 0.7.4, < 0.9)
-    hashie (1.2.0)
     json (1.7.7)
     mime-types (1.21)
-    multi_json (1.6.1)
-    multipart-post (1.2.0)
-    netrc (0.7.7)
-    octokit (1.23.0)
-      addressable (~> 2.2)
-      faraday (~> 0.8)
-      faraday_middleware (~> 0.9)
-      hashie (~> 1.2)
-      multi_json (~> 1.3)
-      netrc (~> 0.7.7)
     rack (1.5.2)
     rack-protection (1.3.2)
       rack
@@ -28,15 +12,7 @@ GEM
       rack (~> 1.4)
       rack-protection (~> 1.3)
       tilt (~> 1.3, >= 1.3.3)
-    sinatra_auth_github (0.13.3)
-      sinatra (~> 1.0)
-      warden-github (~> 0.13.1)
     tilt (1.3.3)
-    warden (1.2.1)
-      rack (>= 1.0)
-    warden-github (0.13.2)
-      octokit (>= 1.22.0)
-      warden (> 1.0)
 
 PLATFORMS
   ruby
@@ -45,4 +21,3 @@ DEPENDENCIES
   json (= 1.7.7)
   rest-client (~> 1.6.3)
   sinatra (~> 1.3.5)
-  sinatra_auth_github (~> 0.13.3)

api/ruby/basics-of-authentication/README.md

@@ -9,10 +9,11 @@ It consists of two different servers: one built correctly, and one built less op
 To run these projects, make sure you have [Bundler][bundler] installed; then type
 `bundle install` on the command line.
 
-For the "less optimal" server, type `ruby server.rb` on the command line. 
-This will run the server at `localhost:4567`.
+For the "less optimal" server, type `ruby server.rb` on the command line.
 
-For the correct server, enter `rackup -p 4567` on the command line.
+For the correct server, enter `ruby advanced_server.rb` on the command line.
+
+Both commands will run the server at `localhost:4567`.
 
 [basics of auth]: http://developer.github.com/guides/basics-of-authentication/
 [bundler]: http://gembundler.com/

api/ruby/basics-of-authentication/advanced_server.rb

@@ -1,50 +1,63 @@
-require 'sinatra/auth/github'
+require 'sinatra'
 require 'rest_client'
-
-module Example
-  class MyBasicApp < Sinatra::Base
-    # !!! DO NOT EVER USE HARD-CODED VALUES IN A REAL APP !!!
-    # Instead, set and test environment variables, like below
-    # if ENV['GITHUB_CLIENT_ID'] && ENV['GITHUB_CLIENT_SECRET']
-    #  CLIENT_ID        = ENV['GITHUB_CLIENT_ID']
-    #  CLIENT_SECRET    = ENV['GITHUB_CLIENT_SECRET']
-    # end
-
-    CLIENT_ID = ENV['GH_BASIC_CLIENT_ID']
-    CLIENT_SECRET = ENV['GH_BASIC_SECRET_ID']
-
-    enable :sessions
-
-    set :github_options, {
-      :scopes    => "user",
-      :secret    => CLIENT_SECRET,
-      :client_id => CLIENT_ID,
-      :callback_url => "/callback"
-    }
-
-    register Sinatra::Auth::Github
-
-    get '/' do
-      if !authenticated?
-        authenticate!
-      else
-        access_token = github_user["token"]
-        auth_result = RestClient.get("https://api.github.com/user", {:params => {:access_token => access_token, :accept => :json}, 
-                                                                                  :accept => :json})
-
-        auth_result = JSON.parse(auth_result)
-
-        erb :advanced, :locals => {:login => auth_result["login"],
-                                   :hire_status => auth_result["hireable"] ? "hireable" : "not hireable"}
-      end
+require 'json'
+
+# !!! DO NOT EVER USE HARD-CODED VALUES IN A REAL APP !!!
+# Instead, set and test environment variables, like below
+# if ENV['GITHUB_CLIENT_ID'] && ENV['GITHUB_CLIENT_SECRET']
+#  CLIENT_ID        = ENV['GITHUB_CLIENT_ID']
+#  CLIENT_SECRET    = ENV['GITHUB_CLIENT_SECRET']
+# end
+
+CLIENT_ID = ENV['GH_BASIC_CLIENT_ID']
+CLIENT_SECRET = ENV['GH_BASIC_SECRET_ID']
+
+use Rack::Session::Cookie, :secret => rand.to_s()
+
+def authenticated?
+  puts session[:access_token]
+  session[:access_token]
+end
+
+def authenticate!
+  erb :index, :locals => {:client_id => CLIENT_ID}
+end
+
+get '/' do
+  if !authenticated?
+    authenticate!
+  else
+    access_token = session[:access_token]
+    scopes = session[:scopes]
+
+    auth_result = JSON.parse(RestClient.get("https://api.github.com/user",
+                                            {:params => {:access_token => access_token},
+                                             :accept => :json}))
+
+    if scopes.include? 'user:email'
+      auth_result['private_emails'] =
+        JSON.parse(RestClient.get("https://api.github.com/user/emails",
+                                  {:params => {:access_token => access_token},
+                                   :accept => :json}))
     end
 
-    get '/callback' do
-      if authenticated?
-        redirect "/"
-      else
-        authenticate!
-      end
-    end
+    erb :advanced, :locals => {:login => auth_result["login"],
+                               :public_email => auth_result["email"],
+                               :private_emails => auth_result["private_emails"]}
   end
-end
+end
+
+get '/callback' do
+  session_code = request.env['rack.request.query_hash']["code"]
+
+  result = RestClient.post("https://github.com/login/oauth/access_token",
+                          {:client_id => CLIENT_ID,
+                           :client_secret => CLIENT_SECRET,
+                           :code => session_code},
+                           :accept => :json)
+
+  session[:access_token] = JSON.parse(result)["access_token"]
+  session[:scopes] = JSON.parse(result)["scope"].split(",")
+
+  redirect '/'
+end

api/ruby/basics-of-authentication/config.ru

@@ -18,20 +18,30 @@
 get '/callback' do
   # get temporary GitHub code...
   session_code = request.env['rack.request.query_hash']["code"]
+
   # ... and POST it back to GitHub
   result = RestClient.post("https://github.com/login/oauth/access_token",
                           {:client_id => CLIENT_ID,
                            :client_secret => CLIENT_SECRET,
                            :code => session_code},
                            :accept => :json)
+
+  # extract token and granted scopes
   access_token = JSON.parse(result)["access_token"]
+  scopes = JSON.parse(result)["scope"].split(",")
 
-  auth_result = RestClient.get("https://api.github.com/user", {:params => {:access_token => access_token, :accept => :json}, 
-                                                                          :accept => :json})
+  # fetch user information
+  auth_result = JSON.parse(RestClient.get("https://api.github.com/user",
+                                          {:params => {:access_token => access_token},
+                                           :accept => :json}))
 
-  auth_result = JSON.parse(auth_result)
+  # if the user authorized it, fetch private emails
+  if scopes.include? 'user:email'
+    auth_result['private_emails'] =
+      JSON.parse(RestClient.get("https://api.github.com/user/emails",
+                                {:params => {:access_token => access_token},
+                                 :accept => :json}))
+  end
 
-  erb :basic, :locals => {:login => auth_result["login"],
-                          :hire_status => auth_result["hireable"] ? "hireable" : "not hireable"
-                         }
-end
+  erb :basic, :locals => auth_result
+end

api/ruby/basics-of-authentication/server.rb

@@ -5,6 +5,19 @@
 
   </head>
   <body>
-    <p>Well, well, well, <%= login %>! It looks like you're <em>still</em> <%= hire_status %>!</p>
+    <p>Well, well, well, <%= login %>!</p>
+    <p>
+      <% if !public_email.empty? %> It looks like your public email address is <%= public_email %>.
+      <% else %> It looks like you don't have a public email. That's cool.
+      <% end %>
+    </p>
+    <p>
+      <% if defined? private_emails %>
+      With your permission, we were also able to dig up your private email addresses:
+      <%= private_emails.join(", ") %>
+      <% else %>
+      Also, you're a bit secretive about your private email addresses.
+      <% end %>
+    </p>
   </body>
-</html>
+</html>

api/ruby/basics-of-authentication/views/advanced.erb

@@ -5,6 +5,19 @@
 
   </head>
   <body>
-    <p>Hello, <%= login %>! It looks like you're <%= hire_status %>.</p>
+    <p>Hello, <%= login %>!</p>
+    <p>
+      <% if !email.empty? %> It looks like your public email address is <%= email %>.
+      <% else %> It looks like you don't have a public email. That's cool.
+      <% end %>
+    </p>
+    <p>
+      <% if defined? private_emails %>
+      With your permission, we were also able to dig up your private email addresses:
+      <%= private_emails.join(", ") %>
+      <% else %>
+      Also, you're a bit secretive about your private email addresses.
+      <% end %>
+    </p>
   </body>
-</html>
+</html>

api/ruby/basics-of-authentication/views/basic.erb

@@ -6,7 +6,7 @@
   </head>
   <body>
     <p>Well, hello there!</p>
-    <p>We're going to now talk to the GitHub API. Ready? <a href="https://github.com/login/oauth/authorize?client_id=<%= client_id %>">Click here</a> to begin!</a></p>
+    <p>We're going to now talk to the GitHub API. Ready? <a href="https://github.com/login/oauth/authorize?scope=user:email&client_id=<%= client_id %>">Click here</a> to begin!</a></p>
     <p>If that link doesn't work, remember to provide your own <a href="http://developer.github.com/v3/oauth/#web-application-flow">Client ID</a>!</p>
   </body>
-</html>
+</html>