See this shell output, the first message is unnecessary:

Alonzo> @Alonzo who has TA role?
Shell: Sorry, only admins can assign roles.
Shell: There are no people that have the 'TA' role.
``

Something changed and our hubot-auth logic no longer works.

eve deploy b78e275f9821a58e6249757faf3019f9274362c4 to production

Sorry, (user1) hasn't been added to the 'prod_deploy' role
An administrator has to approve you for this role using: eve user1 has prod_deploy role

eve who has prod_deploy role

@user1 The following people have the 'prod_deploy' role: user1, user2, user3

Here is the code I'm using in my script to evaluate if the user has a specific role:

if !robot.auth.hasRole(res.envelope.user, 'prod_deploy')
        res.send "Sorry, (#{res.message.user.name}) hasn't been added to the 'prod_deploy' role"
        res.send "An administrator has to approve you for this role using: eve #{res.message.user.name} has prod_deploy role"
        return

What am I doing wrong? Can someone please help, this is awfully frustrating to experience during a release.

Tests are currently the default and don't work. We should get them working :)
https://github.com/patcon/hubot-auth/blob/master/test/auth-test.coffee

After upgrade from 1.2 to 1.3, admin role seem not work correctly.
I try both new variable HUBOT_AUTH_ROLES="admin=USERID" and old one HUBOT_AUTH_ADMIN=USERID and both not work.

bot always return There are no people that have the 'admin' role, I do see the log message show WARNING The HUBOT_AUTH_ADMIN environment variable has been deprecated in favor of HUBOT_AUTH_ROLES and both variable should still support on v1.3 (after I trace the source code).

Any advice? Thanks

ps: I works perfect after I downgrade to v1.2.

@technicalpickles Sorry, did I do this the right way? I just assigned it to hubot-scripts as I didn't really care to keep it on my account :)

Has anyone written unit tests for scripts that include/call hubot-auth? I haven't found any solid examples of how to stub out the 'hasRole' or 'isAdmin' functions. I've played around with my own using sinonjs, but when I finally get it passing, the script actually doesn't work in chat, and a working script doesn't pass the unit tests. It also requires modification to auth.coffee in order to get it to pass the test.

I'm guessing I'm probably doing it wrong. Has anyone stubbed this out before?

I think the above mentioned feature would make hubot-auth alot more intuitive.
The feature would be quite simple to implement aswell, instead of using this:

class Auth
    isAdmin: (user) ->
      user.id.toString() in admins

using this would provide username support:

class Auth
    isAdmin: (user) ->
      (user.id.toString() in admins) or (user.name.toString() in admins)

Please think about it, i will provide and link a pull request aswell

Thanks for hubot-auth. It really helped to restrict commands, which is great. I integrated hubot with hipchat. Assigned roles and its working good. While un-assigning role, instead of

hubot jester doesn't have deploy role I typed
hubot jester doesnt have deploy role `

Hubot replied as
jester doesn't does not exist.

But when I typed
hubot jester doesn't have deploy role
Hubot replied as

jester doesn't does not exist
OK, jester doesn't have the 'deploy' role.

On whole it works, but is there a way to not display unnecessary messages. Am I missing something? Thanks!

It looks like hubot-auth doesn't actually store the roles assigned in any persistent fashion.

This makes it relatively useless for anything but admin roles, which are provided externally.

Is this deliberate, or an oversight that user roles are not stored in the brain?

I've recently attempted to upgrade from 1.2.0 to 2.0.0 and found that it no longer accepts usernames with spaces when assigning roles.

hubot: 2.19.0
adapter: HipChat
nodejs: 4.5
hubot-auth: 2.0.0

When I attempt the following, I get no response.

hubot Joe User has developer role

I tracked the problem down to the @?([^\s]+) regex block which only grabs the first word. Version 1.2.0 used @?(.+) which does support spaces in usernames.

If the intent for this change was to force the use of @joeuser instead of Joe User, the field that needs to be referenced for HipChat is 'mention_name', not 'name'.

"123456": {
"id": "123456",
"jid": "[email protected]",
"name": "Joe User",
"mention_name": "JoeUser",
"email_address": "[email protected]",
"room": "[email protected]",
"roles": [
"my"
]
}

Using hubot-auth and hubot-slack the roles dont persist in redis brain, can this be added?

thanks!

I have set the environment variable properly but it fails with this error:
ERROR Unable to load /opt/bot/node_modules/hubot-auth/src/auth: TypeError: Cannot read property '0' of null
at module.exports (/opt/bot/node_modules/hubot-auth/src/auth.coffee:48:36, :35:70)
at Robot.loadFile (/opt/bot/node_modules/hubot/src/robot.coffee:358:11, :226:13)
at /opt/bot/node_modules/hubot-auth/index.coffee:12:11, :26:33
at FSReqWrap.cb [as oncomplete] (fs.js:240:19)

I would like a way to pre-load/bulk-load user roles at build/deploy time via an environment variable.

Example

HUBOT_AUTH_ROLES="role1:user1,user2,user3;role2:user1,user2,user3"

This could be handled similarly to the HUBOT_ADMIN_USERS environment variable.

Happy to do a PR for this. Happy to take input on variable format and separators.

I'm trying to remove a role from a user but apparently the user doesn't exist. Here's the chat log.

Having a few issues (aplogies if I'm just being stupid):

When I run "what roles do I have" hubot returns nothing, debug looks like:

[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG From: 1gu5otii6baaaaamanz3h1kear, To: 5cdpm7euotaaaaaa1ca5agt8je
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG Received message from user_mcuser: what roles do I have
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG Message sent to hubot brain.
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG Message 'bob what roles do I have' matched regex //^\s*[@]?bob[:,]?\s*(?:what roles? do(es)? @?([^\s]+) have\?*$)/i/; listener.options = { id: null }
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] DEBUG Executing listener callback for Message 'bob what roles do I have'
[Wed Jul 06 2016 13:27:50 GMT+0100 (BST)] ERROR TypeError: Cannot read property 'length' of undefined
  at TextListener.callback (/opt/hubot/node_modules/hubot-auth/src/auth.coffee:136:17)
  at /opt/hubot/node_modules/hubot/src/listener.coffee:65:12
  at allDone (/opt/hubot/node_modules/hubot/src/middleware.coffee:44:37)
  at /opt/hubot/node_modules/hubot/node_modules/async/lib/async.js:274:13
  at Object.async.eachSeries (/opt/hubot/node_modules/hubot/node_modules/async/lib/async.js:142:20)
  at Object.async.reduce (/opt/hubot/node_modules/hubot/node_modules/async/lib/async.js:268:15)
  at /opt/hubot/node_modules/hubot/src/middleware.coffee:49:13
  at nextTickCallbackWith0Args (node.js:420:9)
  at process._tickCallback (node.js:349:13)

Additionally despite having set the env variable:

echo $HUBOT_AUTH_ROLES
admin=1gu5otii6baaaaamanz3h1kear

Running "list assigned roles" returns:
@bob Sorry, only admins can list assigned roles.

Any tips on what might be occuring?

I use hubot-auth for a bot on my XMPP server.
On XMPP server, users are identified with a JID, something that looks like an email:
[email protected]
HUBOT_AUTH_ADMIN works fine if i set just the username.
But if I set a the JID, so [email protected], then this person is not recognized as an admin.

The problem is that on a XMPP server [email protected] and [email protected] are two different persons! So right now, if I set HUBOT_AUTH_ADMIN=david, both of them would have admin rights. That's not what i want...

I don't see any mechanism to pre-configure some roles automatically (with an environment variable for instance).
I can install hubot-auth, setup some roles persisted in Redis Brain using hubot commands.

But, if my redis or hubot crash, I have to setup roles again.

What do you think ?

Best Regards

It looks like the tests have been failing for a while, because of some issue with mock-adaptor and the latest version of hubot?

@michaelansel: Do you have recommendations for how @patcon can fix the tests?

It looks like https://github.com/michaelansel/hubot-approval/blob/master/test/approval-test.coffee is using a combination of chai, sinon, and sinon-chai. I don't know what those things are because I'm new to NodeJS, but I saw hubot-approval using them, so maybe they're the current state of the art?

Hi All,

Does this plugin work with hipchat. If so, what would be user naming convention for assigning an admin role ?

Hi,

Found an issue with Hangups adapter where ID of user is random for each conversation ... Is there anyway to assign rights based on username or email ID ?

Regards
Chakri

Had to go looking for how to use this in another script, found it on StackOverflow. Something like the following in the README would help.

## Using hubot-auth in other scripts
Wrap restricted commands in a conditional like the following to ensure that only authorized users can execute them:

``` coffeescript
authorizedRoles = [
  'admin'
  'oss'
]

module.exports = (robot) ->
  robot.respond /do something/i, (msg) ->
    if (r for r in robot.auth.userRoles(msg.envelope.user) when r in authorizedRoles).length > 0
      # Restricted actions here
    else
      robot.reply "Only members of these groups #{authorizedRoles} can perform this command."
```

Will submit a PR when I have a chance, just dropping a note here until I can get that done.

I am having issue getting this to work. I keep getting "<username> does not exist" message back when I run "<username> has <role> role".

hubot version: 2.19.0
hubot-auth version: 2.0.0
hubot-redis-brain version: 0.0.3
hubot-slack version: 4.3.0

Any help is appreciated.

Thanks

Here's my log:

[Sun Jan 15 2017 04:21:34 GMT+0000 (UTC)] DEBUG Loading adapter slack
[Sun Jan 15 2017 04:21:38 GMT+0000 (UTC)] INFO Logged in as angelo_sanramon_hubot of t+p
[Sun Jan 15 2017 04:21:38 GMT+0000 (UTC)] INFO Slack client now connected
[Sun Jan 15 2017 04:21:38 GMT+0000 (UTC)] DEBUG Loading scripts from /home/asanra001c/myhubot/scripts
[Sun Jan 15 2017 04:21:38 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/scripts/example.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/scripts/route53-healthchecks.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/scripts/x1sports_service.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Loading scripts from /home/asanra001c/myhubot/src/scripts
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Loading external-scripts from npm packages
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-diagnostics/src/diagnostics.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-help/src/help.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-google-images/src/google-images.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-google-translate/src/google-translate.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-pugme/src/pugme.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-maps/src/maps.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] INFO hubot-redis-brain: Using default redis on localhost:6379
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-redis-brain/src/redis-brain.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-rules/src/rules.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-shipit/src/shipit.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-reload-scripts/src/reload-scripts.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG Parsing help for /home/asanra001c/myhubot/node_modules/hubot-auth/src/auth.coffee
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] DEBUG hubot-redis-brain: Successfully connected to Redis
[Sun Jan 15 2017 04:21:39 GMT+0000 (UTC)] INFO hubot-redis-brain: Data for hubot brain retrieved from Redis
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Received message: 'angelo_sanramon_hubot angelo_sanramon has support role' in channel: DM, from: angelo_sanramon
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Message 'angelo_sanramon_hubot angelo_sanramon has support role' matched regex //^\s*[@]?angelo_sanramon_hubot[:,]?\s*(?:@?([^\s]+) ha(?:s|ve) (["'\w: -_]+) role)/i/; listener.options = { id: null }
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Executing listener callback for Message 'angelo_sanramon_hubot angelo_sanramon has support role'
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Sending to D3K5FJS7Q: angelo_sanramon does not exist
[Sun Jan 15 2017 04:22:33 GMT+0000 (UTC)] DEBUG Sending to D3K5FJS7Q: angelo_sanramon does not exist

Ref. https://issues.jenkins-ci.org/browse/JENKINS-31350

We're deploying hubot with Docker and the docker-build-step plugin in Jenkins comma-delimits the container environment variables. This means we can only specify one user id when deploying this from Jenkins.

While I've filed a bug against the Jenkins plugin, it's possible this issue may come up for others, and adding a second delimiter in hubot-auth is a much easier task, given the user id format and code simplicity.

The list assigned roles command gets no response when I issue it with hubot. No errors or any messages from hubot. Just nothing as if the command weren't recognized. All other commands are fine (if I ask it what roles I have, or what roles a specific user has, or who has a specific role, it works fine). I think this may have something to do with my hubot standup script not recognizing any members of roles.

Hey all,

Is it possible to save a new custom role upon adding it to user (making a new section in hubot's brain for custom roles) and then listing them when asked?

I'll try to make a PR when I get some code up.

Regards.

Looks like the authors part of the documentation was removed in the port.

hubotio/hubot@708a73e