Class: Slack

Inherits:

Object

• Object
• Slack

Defined in:

lib/ops/oauth2/slack.rb

Overview

Basic support of slack oauth2

Instance Method Summary

• #authorize(s) ⇒ Object
• #configuration ⇒ Object
• #configuration_file ⇒ Object
• #domain(response) ⇒ Object
• #oauth_auth_redirect ⇒ Object
• #oauth_auth_url ⇒ Object
• #oauth_auth_url_params ⇒ Object
• #oauth_client_id ⇒ Object
• #oauth_client_secret ⇒ Object
• #oauth_scopes ⇒ Object
• #oauth_token_url ⇒ Object
• #redirect_url ⇒ Object
• #user_info(response) ⇒ Object
• #verify(params) ⇒ Object
• #whitelisted_domains ⇒ Object

Instance Method Details

#authorize(s) ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 80

def authorize(s)
  response = verify(s.params)
  return 403 unless response.dig('ok')

  # get slack response domain and authorize if included in whitelisted
  return 403 unless whitelisted_domains.include? domain(response.body)

  # make sure we get a proper user info structure
  ui = user_info(response.body)
  return 403 unless ui

  # build and authorize cookies
  Auth.authorize(ui, s.request).each do |cookie, value|
    s.cookies.set(cookie, value: value, expires: Time.now + Auth.cookie_ttl)
  end

  # redirect user to a proper place if needed
  if s.cookies.key?(Auth.cookie_name_redirect)
    redirect_url = s.cookies[Auth.cookie_name_redirect]
    s.cookies.delete(Auth.cookie_name_redirect)
    s.redirect redirect_url
  end

  # redirect to a default page
  s.redirect Auth.default_redirect_page
end

#configuration ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 42

def configuration
  @configuration ||= JSON.parse(File.read(configuration_file))
rescue
  abort("Missing or invalid #{configuration_file}")
end

#configuration_file ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 38

def configuration_file
  '/etc/oauth2/oauth2.conf'
end

#domain(response) ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 73

def domain(response)
  payload = JSON.parse(response)
  payload.dig('team', 'domain')
rescue
  nil
end

#oauth_auth_redirect ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 56

def oauth_auth_redirect
  [
    oauth_auth_url,
    '?',
    oauth_auth_url_params
  ].join
end

#oauth_auth_url ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 26

def oauth_auth_url
  'https://slack.com/oauth/authorize'
end

#oauth_auth_url_params ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 48

def oauth_auth_url_params
  [
    "client_id=#{oauth_client_id}",
    "scope=#{oauth_scopes}",
    "redirect_uri=#{CGI.escape(redirect_url)}"
  ].join('&')
end

#oauth_client_id ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 13

def oauth_client_id
  ENV['SLACK_OAUTH_CLIENT_ID'] || configuration.dig('slack', 'oauth_client_id') || abort('Missing SLACK_OAUTH_CLIENT_ID')
end

#oauth_client_secret ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 9

def oauth_client_secret
  ENV['SLACK_OAUTH_CLIENT_SECRET'] || configuration.dig('slack', 'oauth_client_secret') || abort('Missing SLACK_OAUTH_CLIENT_SECRET')
end

#oauth_scopes ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 34

def oauth_scopes
  'identity.basic,identity.team'
end

#oauth_token_url ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 30

def oauth_token_url
  'https://slack.com/api/oauth.access'
end

#redirect_url ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 17

def redirect_url
  ENV['SLACK_OAUTH_REDIRECT_URL'] || configuration.dig('slack', 'oauth_redirect_url') || abort('Missing SLACK_OAUTH_REDIRECT_URL')
end

#user_info(response) ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 64

def user_info(response)
  payload = JSON.parse(response)
  {
    'user': payload['user']
  }
rescue
  nil
end

#verify(params) ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 107

def verify(params)
  return { 'ok': false } unless params.dig('code')
  options = {
    body: {
      client_id: oauth_client_id,
      client_secret: oauth_client_secret,
      code: params.dig('code'),
      redirect_uri: redirect_url
    }
  }
  HTTParty.post(oauth_token_url, options)
end

#whitelisted_domains ⇒ Object

# File 'lib/ops/oauth2/slack.rb', line 21

def whitelisted_domains
  return ENV['SLACK_WHITELISTED_DOMAINS'].split(',') if ENV['SLACK_WHITELISTED_DOMAINS']
  configuration.dig('slack', 'whitelisted_domains') || abort('Missing SLACK_WHITELISTED_DOMAINS')
end