anjlab-devise-oauth2-providable 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (89) hide show
  1. data/.gitignore +40 -0
  2. data/.rvmrc +1 -0
  3. data/CONTRIBUTORS.txt +6 -0
  4. data/Gemfile +8 -0
  5. data/LICENSE.txt +22 -0
  6. data/README.md +158 -0
  7. data/Rakefile +5 -0
  8. data/app/controllers/devise/oauth2_providable/authorizations_controller.rb +58 -0
  9. data/app/controllers/devise/oauth2_providable/tokens_controller.rb +19 -0
  10. data/app/models/devise/oauth2_providable/access_token.rb +24 -0
  11. data/app/models/devise/oauth2_providable/authorization_code.rb +4 -0
  12. data/app/models/devise/oauth2_providable/client.rb +24 -0
  13. data/app/models/devise/oauth2_providable/refresh_token.rb +7 -0
  14. data/app/views/devise/oauth2_providable/authorizations/_form.html.erb +7 -0
  15. data/app/views/devise/oauth2_providable/authorizations/error.html.erb +4 -0
  16. data/app/views/devise/oauth2_providable/authorizations/new.html.erb +4 -0
  17. data/config/routes.rb +9 -0
  18. data/db/migrate/20111014160714_create_devise_oauth2_providable_schema.rb +55 -0
  19. data/devise_oauth2_providable.gemspec +30 -0
  20. data/lib/anjlab-devise-oauth2-providable.rb +1 -0
  21. data/lib/devise/oauth2_providable/engine.rb +16 -0
  22. data/lib/devise/oauth2_providable/expirable_token.rb +57 -0
  23. data/lib/devise/oauth2_providable/models/oauth2_authorization_code_grantable.rb +6 -0
  24. data/lib/devise/oauth2_providable/models/oauth2_password_grantable.rb +6 -0
  25. data/lib/devise/oauth2_providable/models/oauth2_providable.rb +14 -0
  26. data/lib/devise/oauth2_providable/models/oauth2_refresh_token_grantable.rb +6 -0
  27. data/lib/devise/oauth2_providable/strategies/oauth2_authorization_code_grant_type_strategy.rb +21 -0
  28. data/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb +38 -0
  29. data/lib/devise/oauth2_providable/strategies/oauth2_password_grant_type_strategy.rb +22 -0
  30. data/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb +25 -0
  31. data/lib/devise/oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy.rb +22 -0
  32. data/lib/devise/oauth2_providable/version.rb +5 -0
  33. data/lib/devise_oauth2_providable.rb +41 -0
  34. data/script/rails +6 -0
  35. data/spec/controllers/authorizations_controller_spec.rb +32 -0
  36. data/spec/controllers/protected_controller_spec.rb +42 -0
  37. data/spec/dummy/Rakefile +7 -0
  38. data/spec/dummy/app/assets/javascripts/application.js +7 -0
  39. data/spec/dummy/app/assets/stylesheets/application.css +7 -0
  40. data/spec/dummy/app/controllers/application_controller.rb +3 -0
  41. data/spec/dummy/app/controllers/protected_controller.rb +6 -0
  42. data/spec/dummy/app/helpers/application_helper.rb +2 -0
  43. data/spec/dummy/app/mailers/.gitkeep +0 -0
  44. data/spec/dummy/app/models/.gitkeep +0 -0
  45. data/spec/dummy/app/models/user.rb +15 -0
  46. data/spec/dummy/app/views/layouts/application.html.erb +14 -0
  47. data/spec/dummy/config.ru +4 -0
  48. data/spec/dummy/config/application.rb +50 -0
  49. data/spec/dummy/config/boot.rb +10 -0
  50. data/spec/dummy/config/database.yml +25 -0
  51. data/spec/dummy/config/environment.rb +5 -0
  52. data/spec/dummy/config/environments/development.rb +30 -0
  53. data/spec/dummy/config/environments/production.rb +60 -0
  54. data/spec/dummy/config/environments/test.rb +39 -0
  55. data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
  56. data/spec/dummy/config/initializers/devise.rb +216 -0
  57. data/spec/dummy/config/initializers/inflections.rb +10 -0
  58. data/spec/dummy/config/initializers/mime_types.rb +5 -0
  59. data/spec/dummy/config/initializers/secret_token.rb +7 -0
  60. data/spec/dummy/config/initializers/session_store.rb +8 -0
  61. data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
  62. data/spec/dummy/config/locales/devise.en.yml +57 -0
  63. data/spec/dummy/config/locales/en.yml +5 -0
  64. data/spec/dummy/config/routes.rb +7 -0
  65. data/spec/dummy/db/migrate/20120521101005_create_users.rb +5 -0
  66. data/spec/dummy/db/migrate/20120521101006_add_devise_to_users.rb +53 -0
  67. data/spec/dummy/db/migrate/20120521101407_create_devise_oauth2_providable_schema.devise_oauth2_providable.rb +56 -0
  68. data/spec/dummy/db/schema.rb +88 -0
  69. data/spec/dummy/lib/assets/.gitkeep +0 -0
  70. data/spec/dummy/public/404.html +26 -0
  71. data/spec/dummy/public/422.html +26 -0
  72. data/spec/dummy/public/500.html +26 -0
  73. data/spec/dummy/public/favicon.ico +0 -0
  74. data/spec/dummy/script/rails +6 -0
  75. data/spec/factories.rb +19 -0
  76. data/spec/integration/oauth2_authorization_token_grant_type_strategy_spec.rb +136 -0
  77. data/spec/integration/oauth2_password_grant_type_strategy_spec.rb +198 -0
  78. data/spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb +138 -0
  79. data/spec/lib/devise_oauth2_providable_spec.rb +7 -0
  80. data/spec/models/access_token_spec.rb +51 -0
  81. data/spec/models/authorization_code_spec.rb +21 -0
  82. data/spec/models/client_spec.rb +22 -0
  83. data/spec/models/refresh_token_spec.rb +23 -0
  84. data/spec/models/user_spec.rb +6 -0
  85. data/spec/routing/authorizations_routing_spec.rb +17 -0
  86. data/spec/routing/tokens_routing_spec.rb +11 -0
  87. data/spec/spec_helper.rb +28 -0
  88. data/spec/support/match_json.rb +6 -0
  89. metadata +334 -0
@@ -0,0 +1,40 @@
1
+ # rcov generated
2
+ coverage
3
+
4
+ # rdoc generated
5
+ rdoc
6
+
7
+ # yard generated
8
+ doc
9
+ .yardoc
10
+
11
+ # bundler
12
+ .bundle
13
+ Gemfile.lock
14
+
15
+ # jeweler generated
16
+ pkg
17
+
18
+ # test files
19
+ test/*.log
20
+ test/*.sqlite3
21
+
22
+ # For vim:
23
+ *.swp
24
+
25
+ # For MacOS:
26
+ .DS_Store
27
+
28
+ # git files
29
+ *.orig
30
+
31
+ # rails files
32
+ tmp
33
+ log
34
+ *.log
35
+ *.sqlite3
36
+ # EMACS
37
+ \#*
38
+ .\#*
39
+
40
+ *.gem
data/.rvmrc ADDED
@@ -0,0 +1 @@
1
+ rvm use 1.9.3@devise_oauth2_providable --create
@@ -0,0 +1,6 @@
1
+ Ryan Sonnek - Original Author
2
+
3
+
4
+ Complete list of contributors:
5
+ https://github.com/socialcast/devise_oauth2_providable/contributors
6
+
data/Gemfile ADDED
@@ -0,0 +1,8 @@
1
+ source "http://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in the .gemspec
4
+ gemspec
5
+
6
+ gem 'sqlite3'
7
+ gem 'shoulda-matchers'
8
+ gem 'factory_girl_rails'
@@ -0,0 +1,22 @@
1
+ The MIT License
2
+
3
+ Copyright (c) 2011 Socialcast, Inc
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
22
+
@@ -0,0 +1,158 @@
1
+ # devise_oauth2_providable
2
+
3
+ Rails3 engine that brings OAuth2 Provider support to your application.
4
+
5
+ Current OAuth2 Specification Draft:
6
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-22
7
+
8
+ ## Features
9
+
10
+ * integrate OAuth2 authentication with Devise authenthentication stack
11
+ * one-stop-shop includes all Models, Controllers and Views to get up and
12
+ running quickly
13
+ * All server requests support authentication via bearer token included in
14
+ the request. http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-04
15
+ * customizable mount point for oauth2 routes (ex: /oauth2 vs /oauth)
16
+
17
+
18
+ ## Requirements
19
+
20
+ * Devise authentication library
21
+ * Rails 3.1 or higher
22
+
23
+ ## Installation
24
+
25
+ #### Install gem
26
+ ```ruby
27
+ # Gemfile
28
+ gem 'anjlab-devise-oauth2-providable'
29
+ ```
30
+
31
+ #### Migrate database for Oauth2 models
32
+ ```
33
+ $ rake devise_oauth2_providable:install:migrations
34
+ $ rake db:migrate
35
+ ```
36
+
37
+ #### Add Oauth2 Routes
38
+ ```ruby
39
+ # config/routes.rb
40
+ Rails.application.routes.draw do
41
+ # oauth routes can be mounted to any path (ex: /oauth2 or /oauth)
42
+ mount Devise::Oauth2Providable::Engine => '/oauth2'
43
+ end
44
+ ```
45
+
46
+ #### Configure User for supported Oauth2 flows
47
+ ```ruby
48
+ class User
49
+ # NOTE: include :database_authenticatable configuration
50
+ # if supporting Resource Owner Password Credentials Grant Type
51
+ devise :oauth2_providable,
52
+ :oauth2_password_grantable,
53
+ :oauth2_refresh_token_grantable,
54
+ :oauth2_authorization_code_grantable
55
+ end
56
+ ```
57
+
58
+ #### (optional) Configure token expiration settings
59
+ ```ruby
60
+ # config/application.rb
61
+ config.devise_oauth2_providable.access_token_expires_in = 1.second # 15.minute default
62
+ config.devise_oauth2_providable.refresh_token_expires_in = 1.minute # 1.month default
63
+ config.devise_oauth2_providable.authorization_token_expires_in = 5.seconds # 1.minute default
64
+ ```
65
+
66
+ ## Models
67
+
68
+ ### Client
69
+ registered OAuth2 client for storing the unique client_id and
70
+ client_secret.
71
+
72
+ ### AccessToken
73
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-1.3
74
+
75
+ Short lived token used by clients to perform subsequent requests (see
76
+ bearer token spec)
77
+
78
+ expires after 15min by default. to customize the duration of the access token:
79
+
80
+ ```ruby
81
+ Devise::Oauth2Providable::AccessToken.default_lifetime = 1.minute
82
+ ```
83
+
84
+ ### RefreshToken
85
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-1.5
86
+
87
+ Long lived token used by clients to request new access tokens without
88
+ requiring user intervention to re-authorize.
89
+
90
+ expires after 1 month by default. to customize the duration of refresh token:
91
+
92
+ ```ruby
93
+ Devise::Oauth2Providable::RefreshToken.default_lifetime = 1.year
94
+ ```
95
+
96
+ ### AuthorizationCode
97
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-1.4.1
98
+
99
+ *Very* short lived token created to allow a client to request an access
100
+ token after a user has gone through the authorization flow.
101
+
102
+ expires after 1min by default. to customize the duration of the
103
+ authorization code:
104
+
105
+ ```ruby
106
+ Devise::Oauth2Providable::AuthorizationCode.default_lifetime = 5.minutes
107
+ ```
108
+
109
+ ## Routes
110
+
111
+ ### /oauth2/authorize
112
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-2.1
113
+
114
+ Endpoint to start client authorization flow. Models, controllers and
115
+ views are included for out of the box deployment.
116
+
117
+ Supports the Authorization Code and Implicit grant types.
118
+
119
+ ### /oauth2/token
120
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-2.2
121
+
122
+ Endpoint to request access token. See grant type documentation for
123
+ supported flows.
124
+
125
+ ## Grant Types
126
+
127
+ ### Resource Owner Password Credentials Grant Type
128
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.3
129
+
130
+ in order to use the Resource Owner Password Credentials Grant Type, your
131
+ Devise model *must* be configured with the :database_authenticatable option
132
+
133
+ ### Client Credentials Grant Type
134
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.4
135
+
136
+ ### Authorization Code Grant Type
137
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.1
138
+
139
+ ### Implicit Grant Type
140
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.2
141
+
142
+ ### Refresh Token Grant Type
143
+ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-6
144
+
145
+ ## Contributing
146
+
147
+ * Fork the project
148
+ * Fix the issue
149
+ * Add unit tests
150
+ * Submit pull request on github
151
+
152
+ See CONTRIBUTORS.txt for list of project contributors
153
+
154
+ ## Copyright
155
+
156
+ Copyright (c) 2011 Socialcast, Inc.
157
+ See LICENSE.txt for further details.
158
+
@@ -0,0 +1,5 @@
1
+ require "bundler/gem_tasks"
2
+
3
+ require 'rspec/core/rake_task'
4
+ RSpec::Core::RakeTask.new('spec')
5
+ task :default => :spec
@@ -0,0 +1,58 @@
1
+ module Devise
2
+ module Oauth2Providable
3
+ class AuthorizationsController < ApplicationController
4
+ before_filter :authenticate_user!
5
+ rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
6
+ @error = e
7
+ render :error, :status => e.status, :layout => false
8
+ end
9
+
10
+ def new
11
+ respond *authorize_endpoint.call(request.env)
12
+ end
13
+
14
+ def create
15
+ respond *authorize_endpoint(:allow_approval).call(request.env)
16
+ end
17
+
18
+ private
19
+
20
+ def respond(status, header, response)
21
+ ["WWW-Authenticate"].each do |key|
22
+ headers[key] = header[key] if header[key].present?
23
+ end
24
+ if response.redirect?
25
+ redirect_to header['Location']
26
+ else
27
+ render :new, :layout => false
28
+ end
29
+ end
30
+
31
+ def authorize_endpoint(allow_approval = false)
32
+ Rack::OAuth2::Server::Authorize.new do |req, res|
33
+ @client = Client.find_by_identifier(req.client_id) || req.bad_request!
34
+ res.redirect_uri = @redirect_uri = req.verify_redirect_uri!(@client.redirect_uri)
35
+ if allow_approval
36
+ if params[:approve].present?
37
+ case req.response_type
38
+ when :code
39
+ authorization_code = current_user.authorization_codes.create!(:client => @client)
40
+ res.code = authorization_code.token
41
+ when :token
42
+ access_token = current_user.access_tokens.create!(:client => @client).token
43
+ bearer_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token)
44
+ res.access_token = bearer_token
45
+ res.uid = current_user.id
46
+ end
47
+ res.approve!
48
+ else
49
+ req.access_denied!
50
+ end
51
+ else
52
+ @response_type = req.response_type
53
+ end
54
+ end
55
+ end
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,19 @@
1
+ class Devise::Oauth2Providable::TokensController < ApplicationController
2
+ before_filter :authenticate_user!
3
+ skip_before_filter :verify_authenticity_token, :only => :create
4
+
5
+ def create
6
+ @refresh_token = oauth2_current_refresh_token || oauth2_current_client.refresh_tokens.create!(:user => current_user)
7
+ @access_token = @refresh_token.access_tokens.create!(:client => oauth2_current_client, :user => current_user)
8
+ render :json => @access_token.token_response
9
+ end
10
+
11
+ private
12
+ def oauth2_current_client
13
+ env[Devise::Oauth2Providable::CLIENT_ENV_REF]
14
+ end
15
+
16
+ def oauth2_current_refresh_token
17
+ env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF]
18
+ end
19
+ end
@@ -0,0 +1,24 @@
1
+ class Devise::Oauth2Providable::AccessToken < ActiveRecord::Base
2
+ expires_according_to :access_token_expires_in
3
+
4
+ before_validation :restrict_expires_at, :on => :create, :if => :refresh_token
5
+ belongs_to :refresh_token
6
+
7
+ attr_accessible :user, :client, :refresh_token
8
+
9
+ def token_response
10
+ response = {
11
+ :access_token => token,
12
+ :token_type => 'bearer',
13
+ :expires_in => expires_in
14
+ }
15
+ response[:refresh_token] = refresh_token.token if refresh_token
16
+ response
17
+ end
18
+
19
+ private
20
+
21
+ def restrict_expires_at
22
+ self.expires_at = [self.expires_at, refresh_token.expires_at].compact.min
23
+ end
24
+ end
@@ -0,0 +1,4 @@
1
+ class Devise::Oauth2Providable::AuthorizationCode < ActiveRecord::Base
2
+ expires_according_to :authorization_code_expires_in
3
+ attr_accessible :client
4
+ end
@@ -0,0 +1,24 @@
1
+ class Devise::Oauth2Providable::Client < ActiveRecord::Base
2
+ has_many :access_tokens
3
+ has_many :refresh_tokens
4
+ has_many :authorization_codes
5
+ belongs_to :user
6
+
7
+ before_validation :init_identifier, :on => :create, :unless => :identifier?
8
+ before_validation :init_secret, :on => :create, :unless => :secret?
9
+
10
+ validates :website, :secret, :presence => true
11
+ validates :name, :presence => true, :uniqueness => true
12
+ validates :identifier, :presence => true, :uniqueness => true
13
+
14
+ attr_accessible :name, :website, :redirect_uri, :user
15
+
16
+ private
17
+
18
+ def init_identifier
19
+ self.identifier = Devise::Oauth2Providable.random_id
20
+ end
21
+ def init_secret
22
+ self.secret = Devise::Oauth2Providable.random_id
23
+ end
24
+ end
@@ -0,0 +1,7 @@
1
+ class Devise::Oauth2Providable::RefreshToken < ActiveRecord::Base
2
+ expires_according_to :refresh_token_expires_in
3
+
4
+ attr_accessible :user, :client
5
+
6
+ has_many :access_tokens
7
+ end
@@ -0,0 +1,7 @@
1
+ <%= form_tag authorizations_path, :class => action do %>
2
+ <%= hidden_field_tag :client_id, client.identifier %>
3
+ <%= hidden_field_tag :response_type, response_type %>
4
+ <%= hidden_field_tag :redirect_uri, redirect_uri %>
5
+ <%= submit_tag action.to_s.capitalize %>
6
+ <%= hidden_field_tag action, true %>
7
+ <% end %>
@@ -0,0 +1,4 @@
1
+ <h2>Invalid Authorization Request</h2>
2
+ <h3><%= @error.error %></h3>
3
+ <p><%= @error.description %></p>
4
+
@@ -0,0 +1,4 @@
1
+ <h2><%= link_to @client.name, @client.website %> is requesting permission to access your resources.</h2>
2
+
3
+ <%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :action => :approve %>
4
+ <%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :action => :deny %>
@@ -0,0 +1,9 @@
1
+ Devise::Oauth2Providable::Engine.routes.draw do
2
+ scope defaults: {format: 'json'} do
3
+ root :to => "authorizations#new"
4
+
5
+ resources :authorizations, :only => :create
6
+ match 'authorize' => 'authorizations#new'
7
+ resource :token, :only => :create
8
+ end
9
+ end
@@ -0,0 +1,55 @@
1
+ class CreateDeviseOauth2ProvidableSchema < ActiveRecord::Migration
2
+ def change
3
+ create_table :oauth2_clients do |t|
4
+ t.belongs_to :user
5
+ t.string :name
6
+ t.string :redirect_uri
7
+ t.string :website
8
+ t.string :identifier
9
+ t.string :secret
10
+ t.timestamps
11
+ end
12
+ change_table :oauth2_clients do |t|
13
+ t.index :identifier, :unique => true
14
+ end
15
+
16
+ create_table :oauth2_access_tokens do |t|
17
+ t.belongs_to :user, :client, :refresh_token
18
+ t.string :token
19
+ t.datetime :expires_at
20
+ t.timestamps
21
+ end
22
+ change_table :oauth2_access_tokens do |t|
23
+ t.index :token, :unique => true
24
+ t.index :expires_at
25
+ t.index :user_id
26
+ t.index :client_id
27
+ end
28
+
29
+ create_table :oauth2_refresh_tokens do |t|
30
+ t.belongs_to :user, :client
31
+ t.string :token
32
+ t.datetime :expires_at
33
+ t.timestamps
34
+ end
35
+ change_table :oauth2_refresh_tokens do |t|
36
+ t.index :token, :unique => true
37
+ t.index :expires_at
38
+ t.index :user_id
39
+ t.index :client_id
40
+ end
41
+
42
+ create_table :oauth2_authorization_codes do |t|
43
+ t.belongs_to :user, :client
44
+ t.string :token
45
+ t.datetime :expires_at
46
+ t.timestamps
47
+ end
48
+ change_table :oauth2_authorization_codes do |t|
49
+ t.index :token, :unique => true
50
+ t.index :expires_at
51
+ t.index :user_id
52
+ t.index :client_id
53
+ end
54
+ end
55
+ end