Add GDS SSO.

Gemfile

@@ -7,6 +7,7 @@ gem 'sass-rails', '~> 5.0'
 gem 'uglifier', '>= 1.3.0'
 gem 'unicorn'
 
+gem 'gds-sso', '10.0.0'
 gem 'plek', '1.10.0'
 gem 'airbrake', '4.1.0'
 

Gemfile.lock

@@ -52,11 +52,24 @@ GEM
     debugger-linecache (1.2.0)
     erubis (2.7.0)
     execjs (2.3.0)
+    faraday (0.9.1)
+      multipart-post (>= 1.2, < 3)
+    gds-sso (10.0.0)
+      multi_json (~> 1.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
+      omniauth-gds (~> 3.1)
+      rack-accept (~> 0.4.4)
+      rails (>= 3.0.0)
+      warden (~> 1.2)
+      warden-oauth2 (~> 0.0.1)
     globalid (0.3.0)
       activesupport (>= 4.1.0)
+    hashie (3.4.0)
     hike (1.2.3)
     i18n (0.7.0)
     json (1.8.2)
+    jwt (1.2.1)
     kgio (2.9.3)
     loofah (2.0.1)
       nokogiri (>= 1.5.9)
@@ -66,11 +79,32 @@ GEM
     mini_portile (0.6.2)
     minitest (5.5.1)
     multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
     nokogiri (1.6.6.2)
       mini_portile (~> 0.6.0)
+    oauth2 (1.0.0)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-gds (3.1.0)
+      multi_json (~> 1.10)
+      omniauth-oauth2 (~> 1.0)
+    omniauth-oauth2 (1.2.0)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
     pg (0.18.1)
     plek (1.10.0)
     rack (1.6.0)
+    rack-accept (0.4.5)
+      rack (>= 0.4)
     rack-test (0.6.3)
       rack (>= 1.0)
     rails (4.2.0)
@@ -128,6 +162,10 @@ GEM
       kgio (~> 2.6)
       rack
       raindrops (~> 0.7)
+    warden (1.2.3)
+      rack (>= 1.0)
+    warden-oauth2 (0.0.1)
+      warden
     web-console (2.0.0)
       activemodel (~> 4.0)
       binding_of_caller (>= 0.7.2)
@@ -140,6 +178,7 @@ PLATFORMS
 DEPENDENCIES
   airbrake (= 4.1.0)
   byebug
+  gds-sso (= 10.0.0)
   pg
   plek (= 1.10.0)
   rails (= 4.2.0)

app/controllers/application_controller.rb

@@ -2,4 +2,7 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+
+  include GDS::SSO::ControllerMethods
+  before_filter :require_signin_permission!
 end

app/models/user.rb

@@ -0,0 +1,5 @@
+class User < ActiveRecord::Base
+  include GDS::SSO::User
+
+  serialize :permissions, Array
+end

config/initializers/gds_sso.rb

@@ -0,0 +1,14 @@
+# This initialiser is overwritten when deployed to preview, staging & production.
+
+GDS::SSO.config do |config|
+  config.user_model   = 'User'
+  config.oauth_id     = ENV['OAUTH_ID']
+  config.oauth_secret = ENV['OAUTH_SECRET']
+  config.oauth_root_url = Plek.current.find('signon')
+end
+
+GDS::SSO.test_user = User.find_or_create_by(email: '[email protected]').tap do |u|
+  u.name = 'Test User'
+  u.permissions = ['signin']
+  u.save!
+end

db/migrate/20150204143329_create_user.rb

@@ -0,0 +1,12 @@
+class CreateUser < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.string :email
+      t.string :uid
+      t.string :organisation_slug
+      t.string :permissions
+      t.boolean :remotely_signed_out, default: false
+    end
+  end
+end

db/schema.rb

@@ -11,9 +11,18 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 0) do
+ActiveRecord::Schema.define(version: 20150204143329) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
+  create_table "users", force: :cascade do |t|
+    t.string  "name"
+    t.string  "email"
+    t.string  "uid"
+    t.string  "organisation_slug"
+    t.string  "permissions"
+    t.boolean "remotely_signed_out", default: false
+  end
+
 end