hubot-archive / hubot-auth Goto Github PK
View Code? Open in Web Editor NEWAssign roles to users and restrict command access in other scripts
Assign roles to users and restrict command access in other scripts
Has anyone written unit tests for scripts that include/call hubot-auth? I haven't found any solid examples of how to stub out the 'hasRole' or 'isAdmin' functions. I've played around with my own using sinonjs, but when I finally get it passing, the script actually doesn't work in chat, and a working script doesn't pass the unit tests. It also requires modification to auth.coffee in order to get it to pass the test.
I'm guessing I'm probably doing it wrong. Has anyone stubbed this out before?
Hi,
Found an issue with Hangups adapter where ID of user is random for each conversation ... Is there anyway to assign rights based on username or email ID ?
Regards
Chakri
Tests are currently the default and don't work. We should get them working :)
https://github.com/patcon/hubot-auth/blob/master/test/auth-test.coffee
Thanks for hubot-auth. It really helped to restrict commands, which is great. I integrated hubot with hipchat. Assigned roles and its working good. While un-assigning role, instead of
hubot jester doesn't have deploy role
I typed
hubot jester doesn
t have deploy role `
Hubot replied as
jester doesn't does not exist
.
But when I typed
hubot jester doesn't have deploy role
Hubot replied as
jester doesn't does not exist
OK, jester doesn't have the 'deploy' role.
On whole it works, but is there a way to not display unnecessary messages. Am I missing something? Thanks!
I think the above mentioned feature would make hubot-auth alot more intuitive.
The feature would be quite simple to implement aswell, instead of using this:
class Auth
isAdmin: (user) ->
user.id.toString() in admins
using this would provide username support:
class Auth
isAdmin: (user) ->
(user.id.toString() in admins) or (user.name.toString() in admins)
Please think about it, i will provide and link a pull request aswell
Hey all,
Is it possible to save a new custom role upon adding it to user (making a new section in hubot's brain for custom roles) and then listing them when asked?
I'll try to make a PR when I get some code up.
Regards.
It looks like the tests have been failing for a while, because of some issue with mock-adaptor and the latest version of hubot?
@michaelansel: Do you have recommendations for how @patcon can fix the tests?
It looks like https://github.com/michaelansel/hubot-approval/blob/master/test/approval-test.coffee is using a combination of chai
, sinon
, and sinon-chai
. I don't know what those things are because I'm new to NodeJS, but I saw hubot-approval using them, so maybe they're the current state of the art?
See this shell output, the first message is unnecessary:
Alonzo> @Alonzo who has TA role?
Shell: Sorry, only admins can assign roles.
Shell: There are no people that have the 'TA' role.
``
I am having issue getting this to work. I keep getting "<username> does not exist" message back when I run "<username> has <role> role".
hubot version: 2.19.0
hubot-auth version: 2.0.0
hubot-redis-brain version: 0.0.3
hubot-slack version: 4.3.0
Any help is appreciated.
Thanks
Here's my log:
[Sun Jan 15 2017 04:21:34 GMT+0000 (UTC)] DEBUG Loading adapter slack
[Sun Jan 15 2017 04:21:38 GMT+0000 (UTC)] INFO Logged in as angelo_sanramon_hubot of t+p
[Sun Jan 15 2017 04:21:38 GMT+0000 (UTC)] INFO Slack client now connected
[Sun Jan 15 2017 04:21:38 GMT+0000 (UTC)] DEBUG Loading scripts from /home/asanra001c/myhubot/scripts
[Sun Jan 15 2017 04:21:38 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/scripts/example.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/scripts/route53-healthchecks.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/scripts/x1sports_service.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Loading scripts from /home/asanra001c/myhubot/src/scripts
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Loading external-scripts from npm packages
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-diagnostics/src/diagnostics.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-help/src/help.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-google-images/src/google-images.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-google-translate/src/google-translate.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-pugme/src/pugme.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-maps/src/maps.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] INFO hubot-redis-brain: Using default redis on localhost:6379
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-redis-brain/src/redis-brain.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-rules/src/rules.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-shipit/src/shipit.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-reload-scripts/src/reload-scripts.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-auth/src/auth.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG hubot-redis-brain: Successfully connected to Redis
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] INFO hubot-redis-brain: Data for hubot brain retrieved from Redis
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Received message: 'angelo_sanramon_hubot angelo_sanramon has support role' in channel: DM, from: angelo_sanramon
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Message 'angelo_sanramon_hubot angelo_sanramon has support role' matched regex //^\s*[@]?angelo_sanramon_hubot[:,]?\s*(?:@?([^\s]+) ha(?:s|ve) (["'\w: -_]+) role)/i/; listener.options = { id: null }
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Executing listener callback for Message 'angelo_sanramon_hubot angelo_sanramon has support role'
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Sending to D3K5FJS7Q: angelo_sanramon does not exist
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Sending to D3K5FJS7Q: angelo_sanramon does not exist
Using hubot-auth and hubot-slack the roles dont persist in redis brain, can this be added?
Had to go looking for how to use this in another script, found it on StackOverflow. Something like the following in the README would help.
## Using hubot-auth in other scripts
Wrap restricted commands in a conditional like the following to ensure that only authorized users can execute them:
``` coffeescript
authorizedRoles = [
'admin'
'oss'
]
module.exports = (robot) ->
robot.respond /do something/i, (msg) ->
if (r for r in robot.auth.userRoles(msg.envelope.user) when r in authorizedRoles).length > 0
# Restricted actions here
else
robot.reply "Only members of these groups #{authorizedRoles} can perform this command."
```
Will submit a PR when I have a chance, just dropping a note here until I can get that done.
It looks like hubot-auth doesn't actually store the roles assigned in any persistent fashion.
This makes it relatively useless for anything but admin roles, which are provided externally.
Is this deliberate, or an oversight that user roles are not stored in the brain?
Ref. https://issues.jenkins-ci.org/browse/JENKINS-31350
We're deploying hubot with Docker and the docker-build-step plugin in Jenkins comma-delimits the container environment variables. This means we can only specify one user id when deploying this from Jenkins.
While I've filed a bug against the Jenkins plugin, it's possible this issue may come up for others, and adding a second delimiter in hubot-auth is a much easier task, given the user id format and code simplicity.
I don't see any mechanism to pre-configure some roles automatically (with an environment variable for instance).
I can install hubot-auth, setup some roles persisted in Redis Brain using hubot commands.
But, if my redis or hubot crash, I have to setup roles again.
What do you think ?
Best Regards
The list assigned roles command gets no response when I issue it with hubot. No errors or any messages from hubot. Just nothing as if the command weren't recognized. All other commands are fine (if I ask it what roles I have, or what roles a specific user has, or who has a specific role, it works fine). I think this may have something to do with my hubot standup script not recognizing any members of roles.
I've recently attempted to upgrade from 1.2.0 to 2.0.0 and found that it no longer accepts usernames with spaces when assigning roles.
hubot: 2.19.0
adapter: HipChat
nodejs: 4.5
hubot-auth: 2.0.0
When I attempt the following, I get no response.
hubot Joe User has developer role
I tracked the problem down to the @?([^\s]+) regex block which only grabs the first word. Version 1.2.0 used @?(.+) which does support spaces in usernames.
If the intent for this change was to force the use of @joeuser instead of Joe User, the field that needs to be referenced for HipChat is 'mention_name', not 'name'.
"123456": {
"id": "123456",
"jid": "[email protected]",
"name": "Joe User",
"mention_name": "JoeUser",
"email_address": "[email protected]",
"room": "[email protected]",
"roles": [
"my"
]
}
Having a few issues (aplogies if I'm just being stupid):
When I run "what roles do I have" hubot returns nothing, debug looks like:
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG From: 1gu5otii6baaaaamanz3h1kear, To: 5cdpm7euotaaaaaa1ca5agt8je
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG Received message from user_mcuser: what roles do I have
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG Message sent to hubot brain.
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG Message 'bob what roles do I have' matched regex //^\s*[@]?bob[:,]?\s*(?:what roles? do(es)? @?([^\s]+) have\?*$)/i/; listener.options = { id: null }
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG Executing listener callback for Message 'bob what roles do I have'
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] ERROR TypeError: Cannot read property 'length' of undefined
at TextListener.callback (/opt/hubot/node_modules/hubot-auth/src/auth.coffee:136:17)
at /opt/hubot/node_modules/hubot/src/listener.coffee:65:12
at allDone (/opt/hubot/node_modules/hubot/src/middleware.coffee:44:37)
at /opt/hubot/node_modules/hubot/node_modules/async/lib/async.js:274:13
at Object.async.eachSeries (/opt/hubot/node_modules/hubot/node_modules/async/lib/async.js:142:20)
at Object.async.reduce (/opt/hubot/node_modules/hubot/node_modules/async/lib/async.js:268:15)
at /opt/hubot/node_modules/hubot/src/middleware.coffee:49:13
at nextTickCallbackWith0Args (node.js:420:9)
at process._tickCallback (node.js:349:13)
Additionally despite having set the env variable:
echo $HUBOT_AUTH_ROLES
admin=1gu5otii6baaaaamanz3h1kear
Running "list assigned roles" returns:
@bob Sorry, only admins can list assigned roles.
Any tips on what might be occuring?
Hi All,
Does this plugin work with hipchat. If so, what would be user naming convention for assigning an admin role ?
thanks!
After upgrade from 1.2 to 1.3, admin role seem not work correctly.
I try both new variable HUBOT_AUTH_ROLES="admin=USERID"
and old one HUBOT_AUTH_ADMIN=USERID
and both not work.
bot always return There are no people that have the 'admin' role
, I do see the log message show WARNING The HUBOT_AUTH_ADMIN environment variable has been deprecated in favor of HUBOT_AUTH_ROLES
and both variable should still support on v1.3 (after I trace the source code).
Any advice? Thanks
ps: I works perfect after I downgrade to v1.2.
I have set the environment variable properly but it fails with this error:
ERROR Unable to load /opt/bot/node_modules/hubot-auth/src/auth: TypeError: Cannot read property '0' of null
at module.exports (/opt/bot/node_modules/hubot-auth/src/auth.coffee:48:36, :35:70)
at Robot.loadFile (/opt/bot/node_modules/hubot/src/robot.coffee:358:11, :226:13)
at /opt/bot/node_modules/hubot-auth/index.coffee:12:11, :26:33
at FSReqWrap.cb [as oncomplete] (fs.js:240:19)
Looks like the authors part of the documentation was removed in the port.
Something changed and our hubot-auth logic no longer works.
eve deploy b78e275f9821a58e6249757faf3019f9274362c4 to production
Sorry, (user1) hasn't been added to the 'prod_deploy' role
An administrator has to approve you for this role using: eve user1 has prod_deploy role
eve who has prod_deploy role
@user1 The following people have the 'prod_deploy' role: user1, user2, user3
Here is the code I'm using in my script to evaluate if the user has a specific role:
if !robot.auth.hasRole(res.envelope.user, 'prod_deploy')
res.send "Sorry, (#{res.message.user.name}) hasn't been added to the 'prod_deploy' role"
res.send "An administrator has to approve you for this role using: eve #{res.message.user.name} has prod_deploy role"
return
What am I doing wrong? Can someone please help, this is awfully frustrating to experience during a release.
@technicalpickles Sorry, did I do this the right way? I just assigned it to hubot-scripts as I didn't really care to keep it on my account :)
I would like a way to pre-load/bulk-load user roles at build/deploy time via an environment variable.
Example
HUBOT_AUTH_ROLES="role1:user1,user2,user3;role2:user1,user2,user3"
This could be handled similarly to the HUBOT_ADMIN_USERS environment variable.
Happy to do a PR for this. Happy to take input on variable format and separators.
I use hubot-auth for a bot on my XMPP server.
On XMPP server, users are identified with a JID, something that looks like an email:
[email protected]
HUBOT_AUTH_ADMIN works fine if i set just the username.
But if I set a the JID, so [email protected], then this person is not recognized as an admin.
The problem is that on a XMPP server [email protected] and [email protected] are two different persons! So right now, if I set HUBOT_AUTH_ADMIN=david, both of them would have admin rights. That's not what i want...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.