Initial commit.

Author: patcon

.gitignore

@@ -0,0 +1 @@
+node_modules

.travis.yml

@@ -0,0 +1,6 @@
+language: node_js
+node_js:
+  - "0.11"
+  - "0.10"
+notifications:
+  email: false

Gruntfile.js

@@ -0,0 +1,40 @@
+'use strict';
+
+module.exports = function(grunt) {
+
+  grunt.loadNpmTasks('grunt-mocha-test');
+  grunt.loadNpmTasks('grunt-release');
+
+  grunt.initConfig({
+    mochaTest: {
+      test: {
+        options: {
+          reporter: 'spec',
+          require: 'coffee-script'
+        },
+        src: ['test/**/*.coffee']
+      }
+    },
+    release: {
+      options: {
+        tagName: 'v<%= version %>',
+        commitMessage: 'Prepared to release <%= version %>.'
+      }
+    },
+    watch: {
+      files: ['Gruntfile.js', 'test/**/*.coffee'],
+      tasks: ['test']
+    }
+  });
+
+  grunt.event.on('watch', function(action, filepath, target) {
+    grunt.log.writeln(target + ': ' + filepath + ' has ' + action);
+  });
+
+  // load all grunt tasks
+  require('matchdep').filterDev('grunt-*').forEach(grunt.loadNpmTasks);
+
+  grunt.registerTask('test', ['mochaTest']);
+  grunt.registerTask('test:watch', ['watch']);
+  grunt.registerTask('default', ['test']);
+};

README.md

@@ -0,0 +1,33 @@
+# Hubot: hubot-auth
+
+Assign roles to users and restrict command access in other scripts.
+
+See [`src/auth.coffee`](src/auth.coffee) for full documentation.
+
+## Installation
+
+Add **hubot-auth** to your `package.json` file:
+
+```json
+"dependencies": {
+  "hubot": ">= 2.5.1",
+  "hubot-scripts": ">= 2.4.2",
+  "hubot-auth": ">= 0.0.0",
+  "hubot-hipchat": "~2.5.1-5",
+}
+```
+
+Add **hubot-auth** to your `external-scripts.json`:
+
+```json
+["hubot-auth"]
+```
+
+Run `npm install`
+
+## Sample Interaction
+
+```
+user1>> hubot hello
+hubot>> hello!
+```

index.coffee

@@ -0,0 +1,12 @@
+fs = require 'fs'
+path = require 'path'
+
+module.exports = (robot, scripts) ->
+  scriptsPath = path.resolve(__dirname, 'src')
+  fs.exists scriptsPath, (exists) ->
+    if exists
+      for script in fs.readdirSync(scriptsPath)
+        if scripts? and '*' not in scripts
+          robot.loadFile(scriptsPath, script) if script in scripts
+        else
+          robot.loadFile(scriptsPath, script)

package.json

@@ -0,0 +1,51 @@
+{
+  "name": "hubot-auth",
+  "description": "Assign roles to users and restrict command access in other scripts",
+  "version": "0.0.0",
+  "author": "Alex Williams (http://github.com/aw)",
+  "contributors": [
+    "technicalpickles",
+    "tombell",
+    "robertfwest",
+    "superkarn",
+    "omares",
+    "rafaelfranca",
+    "mizzy",
+    "jhubert",
+    "davereid",
+    "patcon"
+  ],
+  "license": "MIT",
+
+  "keywords": ["hubot","hubot-scripts","authentication","roles"],
+
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/hubot-scripts/hubot-auth.git"
+  },
+
+  "bugs": {
+    "url": "https://github.com/hubot-scripts/hubot-auth/issues"
+  },
+
+  "dependencies": {
+    "coffee-script": "~1.6"
+  },
+
+  "devDependencies": {
+    "mocha": "*",
+    "chai": "*",
+    "sinon-chai": "*",
+    "sinon": "*",
+    "grunt-mocha-test": "~0.7.0",
+    "grunt-release": "~0.6.0",
+    "matchdep": "~0.1.2",
+    "grunt-contrib-watch": "~0.5.3"
+  },
+
+  "main": "index.coffee",
+
+  "scripts": {
+    "test": "grunt test"
+  }
+}

script/bootstrap

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Make sure everything is development forever
+export NODE_ENV=development
+
+# Load environment specific environment variables
+if [ -f .env ]; then 
+  source .env
+fi
+
+if [ -f .env.${NODE_ENV} ]; then
+  source .env.${NODE_ENV}
+fi
+
+npm install
+
+# Make sure coffee and mocha are on the path
+export PATH="node_modules/.bin:$PATH"

script/test

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# bootstrap environment
+source script/bootstrap
+
+mocha --compilers coffee:coffee-script  

src/auth.coffee

@@ -0,0 +1,113 @@
+# Description
+#   Assign roles to users and restrict command access in other scripts.
+#
+# Configuration:
+#   HUBOT_AUTH_ADMIN - A comma separate list of user IDs
+#
+# Commands:
+#   hubot <user> has <role> role - Assigns a role to a user
+#   hubot <user> doesn't have <role> role - Removes a role from a user
+#   hubot what role does <user> have - Find out what roles are assigned to a specific user
+#   hubot who has admin role - Find out who's an admin and can assign roles
+#
+# Notes:
+#   * Call the method: robot.auth.hasRole(msg.envelope.user,'<role>')
+#   * returns bool true or false
+#
+#   * the 'admin' role can only be assigned through the environment variable
+#   * roles are all transformed to lower case
+#
+#   * The script assumes that user IDs will be unique on the service end as to
+#     correctly identify a user. Names were insecure as a user could impersonate
+#     a user
+
+module.exports = (robot) ->
+
+  unless process.env.HUBOT_AUTH_ADMIN?
+    robot.logger.warning 'The HUBOT_AUTH_ADMIN environment variable not set'
+
+  if process.env.HUBOT_AUTH_ADMIN?
+    admins = process.env.HUBOT_AUTH_ADMIN.split ','
+  else
+    admins = []
+
+  class Auth
+    hasRole: (user, roles) ->
+      user = robot.brain.userForId(user.id)
+      if user? and user.roles?
+        roles = [roles] if typeof roles is 'string'
+        for role in roles
+          return true if role in user.roles
+      return false
+
+    usersWithRole: (role) ->
+      users = []
+      for own key, user of robot.brain.data.users
+        if robot.auth.hasRole(msg.envelope.user, role)
+          users.push(user)
+      users
+
+  robot.auth = new Auth
+
+  robot.respond /@?(.+) (has) (["'\w: -_]+) (role)/i, (msg) ->
+    name    = msg.match[1].trim()
+    newRole = msg.match[3].trim().toLowerCase()
+
+    unless name.toLowerCase() in ['', 'who', 'what', 'where', 'when', 'why']
+      user = robot.brain.userForName(name)
+      return msg.reply "#{name} does not exist" unless user?
+      user.roles or= []
+
+      if newRole in user.roles
+        msg.reply "#{name} already has the '#{newRole}' role."
+      else
+        if newRole is 'admin'
+          msg.reply "Sorry, the 'admin' role can only be defined in the HUBOT_AUTH_ADMIN env variable."
+        else
+          myRoles = msg.message.user.roles or []
+          if msg.message.user.id.toString() in admins
+            user.roles.push(newRole)
+            msg.reply "Ok, #{name} has the '#{newRole}' role."
+
+  robot.respond /@?(.+) (doesn't have|does not have) (["'\w: -_]+) (role)/i, (msg) ->
+    name    = msg.match[1].trim()
+    newRole = msg.match[3].trim().toLowerCase()
+
+    unless name.toLowerCase() in ['', 'who', 'what', 'where', 'when', 'why']
+      user = robot.brain.userForName(name)
+      return msg.reply "#{name} does not exist" unless user?
+      user.roles or= []
+
+      if newRole is 'admin'
+        msg.reply "Sorry, the 'admin' role can only be removed from the HUBOT_AUTH_ADMIN env variable."
+      else
+        myRoles = msg.message.user.roles or []
+        if msg.message.user.id.toString() in admins
+          user.roles = (role for role in user.roles when role isnt newRole)
+          msg.reply "Ok, #{name} doesn't have the '#{newRole}' role."
+
+  robot.respond /(what role does|what roles does) @?(.+) (have)\?*$/i, (msg) ->
+    name = msg.match[2].trim()
+    user = robot.brain.userForName(name)
+    return msg.reply "#{name} does not exist" unless user?
+    user.roles or= []
+    displayRoles = user.roles
+
+    if user.id.toString() in admins
+      displayRoles.push('admin')
+
+    if displayRoles.length == 0
+      msg.reply "#{name} has no roles."
+    else
+      msg.reply "#{name} has the following roles: #{displayRoles.join(', ')}."
+
+  robot.respond /who has admin role\?*$/i, (msg) ->
+    adminNames = []
+    for admin in admins
+      user = robot.brain.userForId(admin)
+      adminNames.push user.name if user?
+
+    if adminNames.length > 0
+      msg.reply "The following people have the 'admin' role: #{adminNames.join(', ')}"
+    else
+      msg.reply "There are no people that have the 'admin' role."

test/auth-test.coffee

@@ -0,0 +1,19 @@
+chai = require 'chai'
+sinon = require 'sinon'
+chai.use require 'sinon-chai'
+
+expect = chai.expect
+
+describe 'hello-world', ->
+  beforeEach ->
+    @robot =
+      respond: sinon.spy()
+      hear: sinon.spy()
+
+    require('../src/hello-world')(@robot)
+
+  it 'registers a respond listener', ->
+    expect(@robot.respond).to.have.been.calledWith(/hello/)
+
+  it 'registers a hear listener', ->
+    expect(@robot.hear).to.have.been.calledWith(/orly/)