summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZ.J. van de Weg <git@zjvandeweg.nl>2016-12-12 09:31:48 +0100
committerZ.J. van de Weg <git@zjvandeweg.nl>2016-12-17 10:31:14 +0100
commitf11caaf4692afdde0a2c458b3682aef3f9658b6a (patch)
tree5c0c6e010ef41c88e5ecc422ad8009ebdeb51d9b
parent0a6450094eb13702f6f6f03e468db4fc8f023315 (diff)
downloadgitlab-ce-f11caaf4692afdde0a2c458b3682aef3f9658b6a.tar.gz
Setup mattermost session
-rw-r--r--lib/mattermost/mattermost.rb102
-rw-r--r--spec/lib/mattermost/mattermost_spec.rb42
2 files changed, 144 insertions, 0 deletions
diff --git a/lib/mattermost/mattermost.rb b/lib/mattermost/mattermost.rb
new file mode 100644
index 00000000000..84d016bb197
--- /dev/null
+++ b/lib/mattermost/mattermost.rb
@@ -0,0 +1,102 @@
+module Mattermost
+ class NoSessionError < StandardError; end
+ # This class' prime objective is to obtain a session token on a Mattermost
+ # instance with SSO configured where this GitLab instance is the provider.
+ #
+ # The process depends on OAuth, but skips a step in the authentication cycle.
+ # For example, usually a user would click the 'login in GitLab' button on
+ # Mattermost, which would yield a 302 status code and redirects you to GitLab
+ # to approve the use of your account on Mattermost. Which would trigger a
+ # callback so Mattermost knows this request is approved and gets the required
+ # data to create the user account etc.
+ #
+ # This class however skips the button click, and also the approval phase to
+ # speed up the process and keep it without manual action and get a session
+ # going.
+ class Mattermost
+ include Doorkeeper::Helpers::Controller
+ include HTTParty
+
+ attr_accessor :current_resource_owner
+
+ def initialize(uri, current_user)
+ self.class.base_uri(uri)
+
+ @current_resource_owner = current_user
+ end
+
+ def with_session
+ raise NoSessionError unless create
+ yield
+ destroy
+ end
+
+ # Next methods are needed for Doorkeeper
+ def pre_auth
+ @pre_auth ||= Doorkeeper::OAuth::PreAuthorization.new(
+ Doorkeeper.configuration, server.client_via_uid, params)
+ end
+
+ def authorization
+ @authorization ||= strategy.request
+ end
+
+ def strategy
+ @strategy ||= server.authorization_request(pre_auth.response_type)
+ end
+
+ def request
+ @request ||= OpenStruct.new(parameters: params)
+ end
+
+ def params
+ Rack::Utils.parse_query(@oauth_uri.query).symbolize_keys
+ end
+
+ private
+
+ def create
+ return unless oauth_uri
+ return unless token_uri
+
+ self.class.headers("Cookie" => "MMAUTHTOKEN=#{request_token}")
+
+ request_token
+ end
+
+ def destroy
+ post('/api/v3/users/logout')
+ end
+
+ def oauth_uri
+ response = get("/api/v3/oauth/gitlab/login", follow_redirects: false)
+ return unless 300 <= response.code && response.code < 400
+
+ redirect_uri = response.headers['location']
+ return unless redirect_uri
+
+ @oauth_uri ||= URI.parse(redirect_uri)
+ end
+
+ def token_uri
+ @token_uri ||= if @oauth_uri
+ authorization.authorize.redirect_uri if pre_auth.authorizable?
+ end
+ end
+
+ def request_token
+ @request_token ||= if @token_uri
+ response = get(@token_uri, follow_redirects: false)
+ response.headers['token'] if 200 <= response.code && response.code < 400
+ end
+ end
+
+ def get(path, options = {})
+ self.class.get(path, options)
+ end
+
+ def post(path, options = {})
+ self.class.post(path, options)
+ end
+ end
+end
diff --git a/spec/lib/mattermost/mattermost_spec.rb b/spec/lib/mattermost/mattermost_spec.rb
new file mode 100644
index 00000000000..7c99b4df9f3
--- /dev/null
+++ b/spec/lib/mattermost/mattermost_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe Mattermost::Mattermost do
+ let(:user) { create(:user) }
+
+ subject { described_class.new('http://localhost:8065', user) }
+
+ # Needed for doorman to function
+ it { is_expected.to respond_to(:current_resource_owner) }
+ it { is_expected.to respond_to(:request) }
+ it { is_expected.to respond_to(:authorization) }
+ it { is_expected.to respond_to(:strategy) }
+
+ describe '#with session' do
+ let!(:stub) do
+ WebMock.stub_request(:get, 'http://localhost:8065/api/v3/oauth/gitlab/login').
+ to_return(headers: { 'location' => 'http://mylocation.com' }, status: 307)
+ end
+
+ context 'without oauth uri' do
+ it 'makes a request to the oauth uri' do
+ expect { subject.with_session }.to raise_error(Mattermost::NoSessionError)
+ end
+
+ context 'with oauth_uri' do
+ let!(:doorkeeper) do
+ Doorkeeper::Application.create(name: "GitLab Mattermost",
+ redirect_uri: "http://localhost:8065/signup/gitlab/complete\nhttp://localhost:8065/login/gitlab/complete",
+ scopes: "")
+ end
+
+ context 'without token_uri' do
+ it 'can not create a session' do
+ expect do
+ subject.with_session
+ end.to raise_error(Mattermost::NoSessionError)
+ end
+ end
+ end
+ end
+ end
+end