auth_tool 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +32 -0
- data/Rakefile +2 -0
- data/auth_tool.gemspec +33 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/client_secrets/README.md +33 -0
- data/client_secrets/client_secrets.json +41 -0
- data/examples/oauth1-twitter.rb +11 -0
- data/examples/oauth2-github.rb +12 -0
- data/lib/auth_tool.rb +110 -0
- data/lib/auth_tool/client.rb +128 -0
- data/lib/auth_tool/helper.rb +33 -0
- data/lib/auth_tool/oauth_1.rb +70 -0
- data/lib/auth_tool/oauth_2.rb +59 -0
- data/lib/auth_tool/version.rb +3 -0
- metadata +91 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 5d56792e99a023ce052116b150b3bc522ffc6056
|
4
|
+
data.tar.gz: c4f27a14ea74ddcc4399315c8f04958df1338991
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 1e3de273379e2ac32cfece719ea7d047337391258fec315fd489b8ac437dfa7c83598d557575ff5062b1281a635f0c80079b974133abcac5b00a8c188be5d19c
|
7
|
+
data.tar.gz: 37b3e51fc31bda161153a959bc5b5df44bf496f2a54ccfe216a71e30fc322dc95b87e8171e47b38feeb32b071cda517c7e46a02a17a626d05ee56cdd8357f06f
|
data/.gitignore
ADDED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
2
|
+
|
3
|
+
## Our Pledge
|
4
|
+
|
5
|
+
In the interest of fostering an open and welcoming environment, we as
|
6
|
+
contributors and maintainers pledge to making participation in our project and
|
7
|
+
our community a harassment-free experience for everyone, regardless of age, body
|
8
|
+
size, disability, ethnicity, gender identity and expression, level of experience,
|
9
|
+
nationality, personal appearance, race, religion, or sexual identity and
|
10
|
+
orientation.
|
11
|
+
|
12
|
+
## Our Standards
|
13
|
+
|
14
|
+
Examples of behavior that contributes to creating a positive environment
|
15
|
+
include:
|
16
|
+
|
17
|
+
* Using welcoming and inclusive language
|
18
|
+
* Being respectful of differing viewpoints and experiences
|
19
|
+
* Gracefully accepting constructive criticism
|
20
|
+
* Focusing on what is best for the community
|
21
|
+
* Showing empathy towards other community members
|
22
|
+
|
23
|
+
Examples of unacceptable behavior by participants include:
|
24
|
+
|
25
|
+
* The use of sexualized language or imagery and unwelcome sexual attention or
|
26
|
+
advances
|
27
|
+
* Trolling, insulting/derogatory comments, and personal or political attacks
|
28
|
+
* Public or private harassment
|
29
|
+
* Publishing others' private information, such as a physical or electronic
|
30
|
+
address, without explicit permission
|
31
|
+
* Other conduct which could reasonably be considered inappropriate in a
|
32
|
+
professional setting
|
33
|
+
|
34
|
+
## Our Responsibilities
|
35
|
+
|
36
|
+
Project maintainers are responsible for clarifying the standards of acceptable
|
37
|
+
behavior and are expected to take appropriate and fair corrective action in
|
38
|
+
response to any instances of unacceptable behavior.
|
39
|
+
|
40
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
41
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
42
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
43
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
44
|
+
threatening, offensive, or harmful.
|
45
|
+
|
46
|
+
## Scope
|
47
|
+
|
48
|
+
This Code of Conduct applies both within project spaces and in public spaces
|
49
|
+
when an individual is representing the project or its community. Examples of
|
50
|
+
representing a project or community include using an official project e-mail
|
51
|
+
address, posting via an official social media account, or acting as an appointed
|
52
|
+
representative at an online or offline event. Representation of a project may be
|
53
|
+
further defined and clarified by project maintainers.
|
54
|
+
|
55
|
+
## Enforcement
|
56
|
+
|
57
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
+
reported by contacting the project team at dfan14051@gmail.com. All
|
59
|
+
complaints will be reviewed and investigated and will result in a response that
|
60
|
+
is deemed necessary and appropriate to the circumstances. The project team is
|
61
|
+
obligated to maintain confidentiality with regard to the reporter of an incident.
|
62
|
+
Further details of specific enforcement policies may be posted separately.
|
63
|
+
|
64
|
+
Project maintainers who do not follow or enforce the Code of Conduct in good
|
65
|
+
faith may face temporary or permanent repercussions as determined by other
|
66
|
+
members of the project's leadership.
|
67
|
+
|
68
|
+
## Attribution
|
69
|
+
|
70
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
|
71
|
+
available at [http://contributor-covenant.org/version/1/4][version]
|
72
|
+
|
73
|
+
[homepage]: http://contributor-covenant.org
|
74
|
+
[version]: http://contributor-covenant.org/version/1/4/
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2017 Securable.io
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
AuthTool
|
2
|
+
===
|
3
|
+
General purpose OAuth tool for API integrations. Utilizes [signet](https://github.com/google/signet).
|
4
|
+
|
5
|
+
Usage
|
6
|
+
---
|
7
|
+
```
|
8
|
+
require 'auth_tool'
|
9
|
+
|
10
|
+
client = AuthTool::get_client 'twitter'
|
11
|
+
AuthTool::get_redirect_url client
|
12
|
+
|
13
|
+
# receive data from front-end
|
14
|
+
|
15
|
+
AuthTool::receive(client,response)
|
16
|
+
AuthTool::call(client, "https://api.example.com/endpoint", params)
|
17
|
+
```
|
18
|
+
GET
|
19
|
+
---
|
20
|
+
All query parameters just go into the params array for AuthTool::call. Any headers must go into the params hash as a :headers hash.
|
21
|
+
|
22
|
+
Example:
|
23
|
+
```
|
24
|
+
params = {"username" => "user", "created" => "date", :headers => {"headerKey" => headerHash}}
|
25
|
+
```
|
26
|
+
POST
|
27
|
+
---
|
28
|
+
Headers go into the params hash as a :headers hash. Body goes into params as a :body hash. Anything else can just go into params.
|
29
|
+
Example:
|
30
|
+
```
|
31
|
+
params = {:headers => {"key" => "value"}, :body => {"key" => "value"}, "something_else" => "else"}
|
32
|
+
```
|
data/Rakefile
ADDED
data/auth_tool.gemspec
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'auth_tool/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "auth_tool"
|
8
|
+
spec.version = AuthTool::VERSION
|
9
|
+
spec.authors = ["David Fan"]
|
10
|
+
spec.email = ["david.fan@securable.io"]
|
11
|
+
|
12
|
+
spec.summary = %q{General Purpose OAuth Tool}
|
13
|
+
spec.homepage = "https://github.com/SecurableIO/Auth-Tool"
|
14
|
+
|
15
|
+
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
16
|
+
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
17
|
+
if spec.respond_to?(:metadata)
|
18
|
+
spec.metadata['allowed_push_host'] = "https://rubygems.org"
|
19
|
+
else
|
20
|
+
raise "RubyGems 2.0 or newer is required to protect against " \
|
21
|
+
"public gem pushes."
|
22
|
+
end
|
23
|
+
|
24
|
+
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
25
|
+
f.match(%r{^(test|spec|features)/})
|
26
|
+
end
|
27
|
+
spec.bindir = "exe"
|
28
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
29
|
+
spec.require_paths = ["lib"]
|
30
|
+
|
31
|
+
spec.add_development_dependency "bundler", "~> 1.14"
|
32
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
33
|
+
end
|
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "auth_tool"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
client_secrets.json
|
2
|
+
===
|
3
|
+
|
4
|
+
Format for basic 3-legged OAuth entries:
|
5
|
+
---
|
6
|
+
```
|
7
|
+
{
|
8
|
+
"api_name":{
|
9
|
+
"temporary_credential_uri": "oauth/request_token",
|
10
|
+
"authorization_uri": "oauth/authorize",
|
11
|
+
"token_credential_uri": "oauth/access_token",
|
12
|
+
"client_credential_key": "key",
|
13
|
+
"client_credential_secret": "secret",
|
14
|
+
"callback": "callback",
|
15
|
+
"verifier": "verifier",
|
16
|
+
"oauth_version": "version",
|
17
|
+
"params:"{
|
18
|
+
"sample_param": "sample"
|
19
|
+
}
|
20
|
+
}
|
21
|
+
```
|
22
|
+
Parameters:
|
23
|
+
---
|
24
|
+
- **api_name**: Lowercase name of the API/company.
|
25
|
+
- **temporary_credential_uri**: Full URL of the request token endpoint.
|
26
|
+
- **authorization_uri**: URL to redirect the user to so they can authenticate with the service.
|
27
|
+
- **token_credential_uri**: Full URL of the access token endpoint.
|
28
|
+
- **client_credential_key**: Client key (ID) provided by the service's API dashboard.
|
29
|
+
- **client_credential_secret**: Client secret provided by the service's API dashboard.
|
30
|
+
- **callback**: Securable callback URL (**TODO:** update once we figure out the endpoint).
|
31
|
+
- **verifier**: Name of the verifier key that the Auth server passes back after the user successfully authenticates with them.
|
32
|
+
- **oauth_version**: Either 1 or 2 depending on the OAuth implementation of the API.
|
33
|
+
- **params**: (Optional) Hash of extra parameter values that the API requests.
|
@@ -0,0 +1,41 @@
|
|
1
|
+
{
|
2
|
+
"twitter":{
|
3
|
+
"temporary_credential_uri": "https://api.twitter.com/oauth/request_token",
|
4
|
+
"authorization_uri": "https://api.twitter.com/oauth/authorize",
|
5
|
+
"token_credential_uri": "https://api.twitter.com/oauth/access_token",
|
6
|
+
"client_credential_key": "ajkMgzvyhFwZV9hBgQjlW0rrG",
|
7
|
+
"client_credential_secret": "BKorJt4MRMpGxCGXNWGz0nFBhd7XfRx3vOHQpL24LKImcLlKXU",
|
8
|
+
"callback": "http://localhost:4567/callback",
|
9
|
+
"verifier": "oauth_verifier",
|
10
|
+
"oauth_version": "1"
|
11
|
+
},
|
12
|
+
"cacoo":{
|
13
|
+
"temporary_credential_uri": "https://cacoo.com/oauth/request_token",
|
14
|
+
"authorization_uri": "https://cacoo.com/oauth/authorize",
|
15
|
+
"token_credential_uri": "https://cacoo.com/oauth/access_token",
|
16
|
+
"client_credential_key": "GSObuYmNbvzIRWlDRiHLyI",
|
17
|
+
"client_credential_secret": "pHCMknNDivnkAeSreVpKZZhNdAasUGGimBmBagSDlj",
|
18
|
+
"callback": "http://localhost:4567/",
|
19
|
+
"verifier": "oauth_verifier",
|
20
|
+
"oauth_version": "1"
|
21
|
+
},
|
22
|
+
"google":{
|
23
|
+
"client_id":"915626980700-ks501tpkrffod16sjvbumikt1q3s5q5m.apps.googleusercontent.com",
|
24
|
+
"project_id":"atomic-optics-168719",
|
25
|
+
"authorization_uri":"https://accounts.google.com/o/oauth2/auth",
|
26
|
+
"token_credential_uri":"https://accounts.google.com/o/oauth2/token",
|
27
|
+
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
|
28
|
+
"client_secret":"N7ceZl5u0mGZ8E-v-2hNj6Iz",
|
29
|
+
"oauth_version": "2",
|
30
|
+
"redirect_uri": "http://localhost:4567/",
|
31
|
+
"scope":"https://www.googleapis.com/auth/adsensehost"},
|
32
|
+
"github":{
|
33
|
+
"client_id":"c1d4265302eba1aa4f37",
|
34
|
+
"authorization_uri":"https://github.com/login/oauth/authorize",
|
35
|
+
"token_credential_uri":"https://github.com/login/oauth/access_token",
|
36
|
+
"client_secret":"7be3891166bdfc95193b20bf3e65dbf0844e2121",
|
37
|
+
"oauth_version": "2",
|
38
|
+
"redirect_uri": "http://localhost:4567/callback",
|
39
|
+
"scope": "user"
|
40
|
+
}
|
41
|
+
}
|
@@ -0,0 +1,11 @@
|
|
1
|
+
require 'sinatra'
|
2
|
+
require_relative '../auth_tool'
|
3
|
+
client = AuthTool::get_client 'twitter'
|
4
|
+
get '/' do
|
5
|
+
redirect AuthTool::get_redirect_url client
|
6
|
+
end
|
7
|
+
|
8
|
+
get '/callback' do
|
9
|
+
AuthTool::receive(client, params)
|
10
|
+
AuthTool::call(client,"get", "https://api.twitter.com/1.1/account/settings.json")
|
11
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'sinatra'
|
2
|
+
require_relative '../auth_tool'
|
3
|
+
client = AuthTool::get_client 'github'
|
4
|
+
get '/' do
|
5
|
+
redirect AuthTool::get_redirect_url client
|
6
|
+
end
|
7
|
+
|
8
|
+
get '/callback' do
|
9
|
+
AuthTool::receive(client, params)
|
10
|
+
puts client.to_json
|
11
|
+
AuthTool::call(client,"get", "https://api.github.com/user")
|
12
|
+
end
|
data/lib/auth_tool.rb
ADDED
@@ -0,0 +1,110 @@
|
|
1
|
+
require_relative 'auth_tool/client'
|
2
|
+
require_relative 'auth_tool/helper'
|
3
|
+
require_relative 'auth_tool/oauth_1'
|
4
|
+
require_relative 'auth_tool/oauth_2'
|
5
|
+
|
6
|
+
module AuthTool
|
7
|
+
##
|
8
|
+
# Creates a client object for the specified API.
|
9
|
+
#
|
10
|
+
# @param [String] api_name
|
11
|
+
# The name of the API/company.
|
12
|
+
#
|
13
|
+
# @return [AuthTool::Client] The client.
|
14
|
+
def self.get_client api_name
|
15
|
+
client = create_client(read_config(api_name))
|
16
|
+
return client
|
17
|
+
end
|
18
|
+
|
19
|
+
##
|
20
|
+
# Returns the redirect url so the user can authenticate with the service.
|
21
|
+
#
|
22
|
+
# @param [AuthTool::Client] client
|
23
|
+
# The client containing the API information.
|
24
|
+
#
|
25
|
+
# @return [String] The redirect url.
|
26
|
+
def self.get_redirect_url client
|
27
|
+
params = client.params if client.has_params?
|
28
|
+
params ||= {}
|
29
|
+
redirect_url = client.oauth_version == 1 ? AuthTool::OAuth1.redirect_url(client, params) : AuthTool::OAuth2.redirect_url(client)
|
30
|
+
return redirect_url
|
31
|
+
end
|
32
|
+
|
33
|
+
##
|
34
|
+
# Handles service's user authentication response delivered by the front-end.
|
35
|
+
# Sets the client's access_token.
|
36
|
+
#
|
37
|
+
# @param [AuthTool::Client] client
|
38
|
+
# The client containing the API information.
|
39
|
+
#
|
40
|
+
# @param [String] response
|
41
|
+
# The service's response to the callback url
|
42
|
+
def self.receive(client, response)
|
43
|
+
client.oauth_version == 1 ? AuthTool::OAuth1.receive(client, response) : AuthTool::OAuth2.receive(client,response)
|
44
|
+
end
|
45
|
+
|
46
|
+
##
|
47
|
+
# Returns the authentication token information of the client
|
48
|
+
#
|
49
|
+
# @param [AuthTool::Client] client
|
50
|
+
# The client.
|
51
|
+
#
|
52
|
+
# @return [Hash] The token hash for the client.
|
53
|
+
def self.get_token client
|
54
|
+
return client.token
|
55
|
+
end
|
56
|
+
|
57
|
+
##
|
58
|
+
# Attempts to refresh the auth token for the client
|
59
|
+
#
|
60
|
+
# @param [AuthTool::Client] client
|
61
|
+
def self.refresh client
|
62
|
+
client.refresh
|
63
|
+
end
|
64
|
+
|
65
|
+
##
|
66
|
+
# Makes an authenticated call to the API resource.
|
67
|
+
#
|
68
|
+
# @param [AuthTool::Client] client
|
69
|
+
# The client containing the API information.
|
70
|
+
#
|
71
|
+
# @param [String] uri
|
72
|
+
# The API endpoint to hit.
|
73
|
+
#
|
74
|
+
# @param [Hash] params
|
75
|
+
# Optional. Hash of additional parameters for the call.
|
76
|
+
#
|
77
|
+
# @return [Hash] The endpoint's response.
|
78
|
+
#
|
79
|
+
# @example
|
80
|
+
# response = AuthTool.call(
|
81
|
+
# client, "get", "https://api.twitter.com/1.1/users/show.json",
|
82
|
+
# {:screen_name => "username"})
|
83
|
+
def self.call(client, http_verb, uri, params = {})
|
84
|
+
response = client.oauth_version == 1 ? AuthTool::OAuth1.call(client, http_verb, uri, params) : AuthTool::OAuth2.call(client, http_verb, uri, params)
|
85
|
+
return response
|
86
|
+
end
|
87
|
+
|
88
|
+
# TODO: Refresh Token method for OAuth2
|
89
|
+
|
90
|
+
private
|
91
|
+
##
|
92
|
+
# Creates an OAuth client.
|
93
|
+
#
|
94
|
+
# @param [Hash] options
|
95
|
+
# Configuration options for the client.
|
96
|
+
#
|
97
|
+
# @return [AuthTool::Client] New client object
|
98
|
+
def self.create_client options
|
99
|
+
AuthTool::Client.new options
|
100
|
+
end
|
101
|
+
|
102
|
+
##
|
103
|
+
# Gets config hash for the given API
|
104
|
+
#
|
105
|
+
# @param [String] api_name
|
106
|
+
# The name of the API/Company as it appears in the database
|
107
|
+
def self.read_config api_name
|
108
|
+
AuthTool::Helper.read_secrets(api_name)
|
109
|
+
end
|
110
|
+
end
|
@@ -0,0 +1,128 @@
|
|
1
|
+
require 'signet/oauth_1/client'
|
2
|
+
require 'signet/oauth_2/client'
|
3
|
+
require 'json'
|
4
|
+
|
5
|
+
module AuthTool
|
6
|
+
class Client
|
7
|
+
##
|
8
|
+
# Creates either a signet OAuth 1.0 or 2.0 client with additional params.
|
9
|
+
#
|
10
|
+
# @param [Hash] options
|
11
|
+
# Configuration parameters for the client.
|
12
|
+
def initialize(options, *credentials)
|
13
|
+
config = options
|
14
|
+
@has_params = config.has_key?('params')
|
15
|
+
self.oauth_version = config.delete('oauth_version')
|
16
|
+
self.params = config.delete('params') if @has_params
|
17
|
+
if @oauth_version == 1
|
18
|
+
oauth1 config
|
19
|
+
self.signet.token_credential_key = credentials["oauth_token"] if credentials.has_key? "oauth_token"
|
20
|
+
self.signet.token_credential_secret = credentials["oauth_token_secret"] if credentials.has_key? "oauth_token_secret"
|
21
|
+
elsif @oauth_version == 2
|
22
|
+
oauth2 config
|
23
|
+
self.signet.access_token = credentials["oauth_token"] if credentials.has_key? "oauth_token"
|
24
|
+
self.signet.refresh_token = credentials["refresh_token"] if credentialsl.has_key? "refresh_token"
|
25
|
+
else
|
26
|
+
raise "Unexpected oauth_version: #{@oauth_version}"
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
|
31
|
+
def oauth1 config
|
32
|
+
config[:callback] = config.delete(:redirect_uri) if config.has_key?(:redirect_uri)
|
33
|
+
self.signet = Signet::OAuth1::Client.new(config)
|
34
|
+
end
|
35
|
+
|
36
|
+
def oauth2 config
|
37
|
+
config[:redirect_uri] = config.delete(:callback) if config.has_key?(:callback)
|
38
|
+
self.signet = Signet::OAuth2::Client.new(config)
|
39
|
+
@signet.additional_parameters = @params if @has_params
|
40
|
+
end
|
41
|
+
|
42
|
+
##
|
43
|
+
# Attempts to refresh the access token of the client
|
44
|
+
def self.refresh
|
45
|
+
raise "Incorrect OAuth Version" if @oauth_version != 2
|
46
|
+
raise "Missing Refresh Token" if self.signet.refresh_token == nil
|
47
|
+
self.signet.refresh!
|
48
|
+
end
|
49
|
+
|
50
|
+
##
|
51
|
+
# Returns the OAuth version for this client.
|
52
|
+
#
|
53
|
+
# @return [Integer] The OAuth version.
|
54
|
+
def oauth_version
|
55
|
+
return @oauth_version
|
56
|
+
end
|
57
|
+
|
58
|
+
##
|
59
|
+
# Returns the parameters hash for this client.
|
60
|
+
#
|
61
|
+
# @return [Hash] The additional parameters.
|
62
|
+
def params
|
63
|
+
return @params
|
64
|
+
end
|
65
|
+
|
66
|
+
##
|
67
|
+
# Returns the signet OAuth object for this client.
|
68
|
+
#
|
69
|
+
# @return [Signet::OAuth1::Client, Signet::OAuth2::Client] The signet OAuth object.
|
70
|
+
def signet
|
71
|
+
return @signet
|
72
|
+
end
|
73
|
+
|
74
|
+
##
|
75
|
+
# Returns the final authentication token for the client.
|
76
|
+
#
|
77
|
+
# @return [Hash] The token.
|
78
|
+
def token
|
79
|
+
@token
|
80
|
+
end
|
81
|
+
|
82
|
+
##
|
83
|
+
# Sets the final authentication token for the client.
|
84
|
+
#
|
85
|
+
# @param [Hash] token
|
86
|
+
# The hash containing the token & secret or the token and refresh token.
|
87
|
+
def token= token
|
88
|
+
@token = token
|
89
|
+
end
|
90
|
+
|
91
|
+
##
|
92
|
+
# Returns if the client has additional parameters.
|
93
|
+
#
|
94
|
+
# @return [Boolean] If the client has additional params.
|
95
|
+
def has_params?
|
96
|
+
return @has_params
|
97
|
+
end
|
98
|
+
private
|
99
|
+
##
|
100
|
+
# Sets the oauth_version for this client.
|
101
|
+
#
|
102
|
+
# @param [String] oauth_version
|
103
|
+
# OAuth version of the API.
|
104
|
+
def oauth_version=(oauth_version)
|
105
|
+
raise "Missing OAuth version parameter" unless !oauth_version.is_a? NilClass
|
106
|
+
raise "OAuth Version must be 1 or 2" unless oauth_version.to_i == 1 || oauth_version.to_i == 2
|
107
|
+
@oauth_version = oauth_version.to_i
|
108
|
+
end
|
109
|
+
##
|
110
|
+
# Sets the parameters hash for this client.
|
111
|
+
#
|
112
|
+
# @param [Hash] params
|
113
|
+
# The parameters hash.
|
114
|
+
def params=(params)
|
115
|
+
raise "Expected Hash, got #{params.class}." unless params.is_a? Hash
|
116
|
+
@params = params
|
117
|
+
end
|
118
|
+
|
119
|
+
##
|
120
|
+
# Sets the signet OAuth client for this client.
|
121
|
+
#
|
122
|
+
# @param [Signet::OAuth1::Client, Signet::OAuth2::Client] signet
|
123
|
+
# The signet client object.
|
124
|
+
def signet=(signet)
|
125
|
+
@signet = signet
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'json'
|
2
|
+
require 'faraday'
|
3
|
+
|
4
|
+
f = File.new('../client_secrets/client_secrets.json', 'r')
|
5
|
+
Client_secrets = JSON.parse(f.read).freeze
|
6
|
+
|
7
|
+
module AuthTool
|
8
|
+
module Helper
|
9
|
+
##
|
10
|
+
# Returns the configuration hash for the given API.
|
11
|
+
#
|
12
|
+
# @param [String] api_name
|
13
|
+
# The api you wish to authenticate against (i.e., twitter)
|
14
|
+
#
|
15
|
+
# @return [Hash] The configuration hash for api_name
|
16
|
+
def self.read_secrets api_name
|
17
|
+
raise "API not found" unless Client_secrets.has_key?(api_name.downcase)
|
18
|
+
return Client_secrets[api_name.downcase]
|
19
|
+
end
|
20
|
+
|
21
|
+
##
|
22
|
+
# Returns a Faraday Connetion object
|
23
|
+
#
|
24
|
+
# @param [Hash] params
|
25
|
+
# The additional parameters hash.
|
26
|
+
#
|
27
|
+
# @return [Faraday::Connection]
|
28
|
+
def self.get_connection(params)
|
29
|
+
connection = Faraday.new(:params => params)
|
30
|
+
return connection
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,70 @@
|
|
1
|
+
require_relative 'client'
|
2
|
+
require 'json'
|
3
|
+
|
4
|
+
module AuthTool
|
5
|
+
module OAuth1
|
6
|
+
##
|
7
|
+
# Returns redirect url for user authentication with the service
|
8
|
+
#
|
9
|
+
# @param [AuthTool::Client] client
|
10
|
+
# The AuthTool Client object.
|
11
|
+
#
|
12
|
+
# @param [Hash] options
|
13
|
+
# The signet configuration options.
|
14
|
+
# - :signature_method
|
15
|
+
# The signature method. Defaults to 'HMAC-SHA1'.
|
16
|
+
# - :additional_parameters
|
17
|
+
# Non-standard additional parameters.
|
18
|
+
# - :realm
|
19
|
+
# The Authorization realm. See RFC 2617.
|
20
|
+
# - :connection
|
21
|
+
# The HTTP connection to use.
|
22
|
+
# Must be of type Faraday::Connection
|
23
|
+
#
|
24
|
+
# @return [String] The url to redirect to.
|
25
|
+
def self.redirect_url(client,options = {})
|
26
|
+
client.signet.fetch_temporary_credential!(options)
|
27
|
+
url = client.signet.authorization_uri
|
28
|
+
return url
|
29
|
+
end
|
30
|
+
|
31
|
+
##
|
32
|
+
# Handles OAuth 1.0 callback procedure.
|
33
|
+
# Called by AuthTool::receive.
|
34
|
+
#
|
35
|
+
# @param [AuthTool::Client] client
|
36
|
+
# The client containing the API information.
|
37
|
+
#
|
38
|
+
# @param [Hash] response
|
39
|
+
# The response to the callback url (verification information).
|
40
|
+
def self.receive(client, response)
|
41
|
+
verifier = response['oauth_verifier'] if response.has_key?('oauth_verifier')
|
42
|
+
verifier = response[:oauth_verifier] if response.has_key?(:oauth_verifier)
|
43
|
+
credential = client.signet.fetch_token_credential!(:verifier => verifier)
|
44
|
+
client.token = credential.to_hash
|
45
|
+
end
|
46
|
+
|
47
|
+
##
|
48
|
+
# Makes an authenticated call to the API resource.
|
49
|
+
# Called by AuthTool::call.
|
50
|
+
#
|
51
|
+
# @param [AuthTool::Client] client
|
52
|
+
# The client containing the API information.
|
53
|
+
#
|
54
|
+
# @param [String] uri
|
55
|
+
# The API endpoint to hit.
|
56
|
+
#
|
57
|
+
# @param [Hash] params
|
58
|
+
# Hash of additional parameters for the call.
|
59
|
+
#
|
60
|
+
# @return [Hash] The endpoint's response.
|
61
|
+
def self.call(client, http_verb = 'get', uri, params)
|
62
|
+
header = params.delete('header') if params.has_key? 'header'
|
63
|
+
body = params.delete('body') if params.has_key? 'body'
|
64
|
+
conn = AuthTool::Helper.get_connection(params)
|
65
|
+
options = {:method => http_verb, :header => header, :body => body, :uri => uri, :connection => conn}
|
66
|
+
response = client.signet.fetch_protected_resource(options)
|
67
|
+
return JSON.parse(response.body)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
require_relative 'client'
|
2
|
+
|
3
|
+
module AuthTool
|
4
|
+
module OAuth2
|
5
|
+
##
|
6
|
+
# Returns redirect url for user authentication with the service
|
7
|
+
#
|
8
|
+
# @param [AuthTool::Client] client
|
9
|
+
# The AuthTool Client object.
|
10
|
+
#
|
11
|
+
# @return [String] The url to redirect to.
|
12
|
+
def self.redirect_url client
|
13
|
+
url = client.signet.authorization_uri
|
14
|
+
return url
|
15
|
+
end
|
16
|
+
|
17
|
+
##
|
18
|
+
# Handles OAuth 2.0 callback procedure
|
19
|
+
# Called by AuthTool::receive.
|
20
|
+
#
|
21
|
+
# @param [AuthTool::Client] client
|
22
|
+
# The client containing the API information.
|
23
|
+
#
|
24
|
+
# @param [Hash] response
|
25
|
+
# The response to the callback url (authentication token).
|
26
|
+
def self.receive(client, response)
|
27
|
+
client.signet.code = response["code"] if response.has_key?("code")
|
28
|
+
client.signet.code = response[:code] if response.has_key?(:code)
|
29
|
+
credentials = {}
|
30
|
+
credentials[:access] = (client.signet.fetch_access_token!)["access_token"]
|
31
|
+
credentials[:refresh] = client.signet.refresh_token
|
32
|
+
client.token = credentials
|
33
|
+
end
|
34
|
+
|
35
|
+
##
|
36
|
+
# Makes an authenticated call to the API resource.
|
37
|
+
# Called by AuthTool::call.
|
38
|
+
#
|
39
|
+
# @param [AuthTool::Client] client
|
40
|
+
# The client containing the API information.
|
41
|
+
#
|
42
|
+
# @param [String] uri
|
43
|
+
# The API endpoint to hit.
|
44
|
+
#
|
45
|
+
# @param [Hash] params
|
46
|
+
# Hash of additional parameters for the call.
|
47
|
+
#
|
48
|
+
# @return [Hash] The endpoint's response.
|
49
|
+
#
|
50
|
+
def self.call(client,http_verb = 'get', uri, params)
|
51
|
+
header = params.delete('header') if params.has_key? 'header'
|
52
|
+
body = params.delete('body') if params.has_key? 'body'
|
53
|
+
conn = AuthTool::Helper.get_connection(params)
|
54
|
+
options = {:method => http_verb, :header => header, :body => body, :uri => uri, :connection => conn}
|
55
|
+
response = client.signet.fetch_protected_resource(options)
|
56
|
+
return JSON.parse(response.body)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
metadata
ADDED
@@ -0,0 +1,91 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: auth_tool
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- David Fan
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-05-31 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.14'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.14'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '10.0'
|
41
|
+
description:
|
42
|
+
email:
|
43
|
+
- david.fan@securable.io
|
44
|
+
executables: []
|
45
|
+
extensions: []
|
46
|
+
extra_rdoc_files: []
|
47
|
+
files:
|
48
|
+
- ".gitignore"
|
49
|
+
- CODE_OF_CONDUCT.md
|
50
|
+
- Gemfile
|
51
|
+
- LICENSE.txt
|
52
|
+
- README.md
|
53
|
+
- Rakefile
|
54
|
+
- auth_tool.gemspec
|
55
|
+
- bin/console
|
56
|
+
- bin/setup
|
57
|
+
- client_secrets/README.md
|
58
|
+
- client_secrets/client_secrets.json
|
59
|
+
- examples/oauth1-twitter.rb
|
60
|
+
- examples/oauth2-github.rb
|
61
|
+
- lib/auth_tool.rb
|
62
|
+
- lib/auth_tool/client.rb
|
63
|
+
- lib/auth_tool/helper.rb
|
64
|
+
- lib/auth_tool/oauth_1.rb
|
65
|
+
- lib/auth_tool/oauth_2.rb
|
66
|
+
- lib/auth_tool/version.rb
|
67
|
+
homepage: https://github.com/SecurableIO/Auth-Tool
|
68
|
+
licenses: []
|
69
|
+
metadata:
|
70
|
+
allowed_push_host: https://rubygems.org
|
71
|
+
post_install_message:
|
72
|
+
rdoc_options: []
|
73
|
+
require_paths:
|
74
|
+
- lib
|
75
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
76
|
+
requirements:
|
77
|
+
- - ">="
|
78
|
+
- !ruby/object:Gem::Version
|
79
|
+
version: '0'
|
80
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
81
|
+
requirements:
|
82
|
+
- - ">="
|
83
|
+
- !ruby/object:Gem::Version
|
84
|
+
version: '0'
|
85
|
+
requirements: []
|
86
|
+
rubyforge_project:
|
87
|
+
rubygems_version: 2.5.1
|
88
|
+
signing_key:
|
89
|
+
specification_version: 4
|
90
|
+
summary: General Purpose OAuth Tool
|
91
|
+
test_files: []
|