authlogic-connect 0.0.3.4 → 0.0.3.6

data/lib/authlogic_connect/common/variables.rb

@@ -1,21 +1,73 @@
-module AuthlogicConnect::Common
-  module Variables
-    
-    def auth_controller
-      is_auth_session? ? controller : session_class.controller
-    end
-    
-    def auth_session
-      auth_controller.session
+module AuthlogicConnect::Common::Variables
+  include AuthlogicConnect::Common::State
+  
+  def auth_controller
+    is_auth_session? ? controller : session_class.controller
+  end
+  
+  def auth_session
+    auth_controller.session.symbolize_keys!
+    auth_controller.session.keys.each do |key|
+      auth_controller.session[key.to_s] = auth_controller.session.delete(key) if key.to_s =~ /^OpenID/
     end
-    
-    def auth_params
-      auth_controller.params
+    auth_controller.session
+  end
+  
+  def auth_params
+    auth_controller.params.symbolize_keys!
+    auth_controller.params.keys.each do |key|
+      auth_controller.params[key.to_s] = auth_controller.params.delete(key) if key.to_s =~ /^OpenID/
     end
-    
-    def is_auth_session?
-      self.is_a?(Authlogic::Session::Base)
+    auth_controller.params
+  end
+  
+  def auth_callback_url(options = {})
+    auth_controller.url_for({:controller => auth_controller.controller_name, :action => auth_controller.action_name}.merge(options))
+  end
+  
+  # if we've said it's a "user" (registration), or a "session" (login)
+  def auth_type
+    from_session_or_params(:authentication_type)
+  end
+  
+  # auth_params and auth_session attributes are all String!
+  def from_session_or_params(by)
+    key = by.is_a?(Symbol) ? by : by.to_sym
+    result = auth_params[key] if (auth_params && auth_params[key])
+    result = auth_session[key] if result.blank? # might be null here too
+    result
+  end
+  
+  # because user and session are so closely tied together, I am still
+  # uncertain as to how they are saved.  So this makes sure if we are
+  # logging in, it must be saving the session, otherwise the user.
+  def correct_request_class?
+    if is_auth_session?
+      auth_type.to_s == "session"
+    else
+      auth_type.to_s == "user"
     end
+  end
+  
+  def add_session_key(key, value)
     
   end
-end
+  
+  # because we may need to store 6+ session variables, all with pretty lengthy names,
+  # might as well just tinify them.
+  # just an idea
+  def optimized_session_key(key)
+    @optimized_session_keys ||= {
+      :auth_request_class         => :authcl,
+      :authentication_method      => :authme,
+      :authentication_type        => :authty,
+      :oauth_provider             => :authpr,
+      :auth_callback_method       => :authcb,
+      :oauth_request_token        => :authtk,
+      :oauth_request_token_secret => :authsc,
+      :auth_attributes            => :authat
+    }
+    @optimized_session_keys[key]
+  end
+  
+end

data/lib/authlogic_connect/engine.rb

@@ -1,6 +1,5 @@
 module AuthlogicConnect
   class Engine < Rails::Engine
-    engine_name :authlogic_connect
     
     initializer "authlogic_connect.authentication_hook" do |app|
       app.middleware.use AuthlogicConnect::CallbackFilter

data/lib/authlogic_connect/{common/ext.rb → ext.rb}

@@ -1,3 +1,4 @@
+# these are extensions I've found useful for this project
 class String
   # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
   def normalize_identifier

data/lib/authlogic_connect/oauth.rb

@@ -1,6 +1,7 @@
 module AuthlogicConnect::Oauth
 end
 
+require File.dirname(__FILE__) + "/oauth/state"
 require File.dirname(__FILE__) + "/oauth/variables"
 require File.dirname(__FILE__) + "/oauth/process"
 require File.dirname(__FILE__) + "/oauth/user"
@@ -9,4 +10,5 @@ require File.dirname(__FILE__) + "/oauth/helper"
 
 ActiveRecord::Base.send(:include, AuthlogicConnect::Oauth::User)
 Authlogic::Session::Base.send(:include, AuthlogicConnect::Oauth::Session)
-ActionController::Base.helper AuthlogicConnect::Oauth::Helper
+ActionController::Base.helper AuthlogicConnect::Oauth::Helper
+ActionView::Helpers::FormBuilder.send(:include, AuthlogicConnect::Oauth::FormHelper)

data/lib/authlogic_connect/oauth/helper.rb

@@ -1,16 +1,20 @@
-module AuthlogicConnect::Oauth
-  module Helper
-    def oauth_register_button(options = {})
-      oauth_button('register_with_oauth', options)
-    end
-    
-    def oauth_login_button(options = {})
-      oauth_button('login_with_oauth', options)
-    end
+module AuthlogicConnect::Oauth::Helper
   
-  private
-    def oauth_button(name, options = {})
-      "<input type='submit' value='#{options[:value]}' name='#{name}' id='user_submit' class='#{options[:class]}'/>"
-    end
+  # options include "name"
+  def oauth_register_hidden_input
+    oauth_input(:type => "user")
   end
+  
+  def oauth_login_hidden_input
+    oauth_input(:type => "session")
+  end
+  
+  def oauth_input(options = {})
+    tag(:input, {:type => "hidden", :name => "authentication_type", :value => options[:type]})
+  end
+  
+end
+
+module AuthlogicConnect::Oauth::FormHelper
+  
 end

data/lib/authlogic_connect/oauth/process.rb

@@ -1,83 +1,68 @@
-module AuthlogicConnect::Oauth
-  module Process
+module AuthlogicConnect::Oauth::Process
 
-  private
-    include AuthlogicConnect::Oauth::Variables
+  include AuthlogicConnect::Oauth::Variables
 
-    def validate_by_oauth
-      validate_email_field = false
-
-      if oauth_response.blank?
-        redirect_to_oauth
-      else
-        authenticate_with_oauth
-      end
-    end
-    
-    def redirecting_to_oauth_server?
-      authenticating_with_oauth? && oauth_response.blank?
-    end
-    
-    def redirect_to_oauth
-      save_oauth_callback
-
-      if oauth_version == 1.0
-        request = oauth_token.get_request_token(oauth_callback_url)
-        save_auth_session(request)
-        auth_controller.redirect_to request.authorize_url
-      else
-        auth_controller.redirect_to oauth_consumer.web_server.authorize_url(
-          :redirect_uri => oauth_callback_url,
-          :scope => oauth_token.config[:scope]
-        )
-      end
-    end
-    
-    def save_oauth_callback
-      puts "save_oauth_callback"
-      # Store the class which is redirecting, so we can ensure other classes
-      # don't get confused and attempt to use the response
-      auth_session[:oauth_request_class]        = self.class.name
-      auth_session[:oauth_provider]             = auth_params[:oauth_provider]
-
-      # Tell our rack callback filter what method the current request is using
-      auth_session[:auth_callback_method]      = auth_controller.request.method
-    end
-    
-    def save_auth_session(request)
-      # store token and secret
-      auth_session[:oauth_request_token]        = request.token
-      auth_session[:oauth_request_token_secret] = request.secret
-    end
-
-    def oauth_callback_url
-      auth_controller.url_for :controller => auth_controller.controller_name, :action => auth_controller.action_name
+  # Step 2: after save is called, it runs this method for validation
+  def validate_by_oauth
+    validate_email_field = false
+    unless new_oauth_request? # shouldn't be validating if it's redirecting...
+      restore_attributes
+      complete_oauth_transaction
     end
-    
-    def request_token
-      oauth_token.request_token(auth_session[:oauth_request_token], auth_session[:oauth_request_token_secret])
-    end
-    
-    # in oauth 1.0, key = oauth_token, secret = oauth_secret
-    # in oauth 2.0, key = code, secret = access_token
-    def oauth_key_and_secret
-      if oauth_version == 1.0
-        result = request_token.get_access_token(:oauth_verifier => auth_params[:oauth_verifier])
-        result = {:key => result.token, :secret => result.secret}
-      else
-        result = oauth_consumer.web_server.get_access_token(oauth_key, :redirect_uri => oauth_callback_url)
-        result = {:key => result.token, :secret => oauth_key}
-      end
-      result
-    end
-
-    def generate_access_token
-      if oauth_version == 1.0
-        request_token.get_access_token(:oauth_verifier => auth_params[:oauth_verifier])
-      else
-        oauth_consumer.web_server.get_access_token(oauth_key, :redirect_uri => oauth_callback_url)
-      end
+  end
+  
+  # Step 3: if new_oauth_request?, redirect to oauth provider
+  def redirect_to_oauth
+    save_oauth_session
+    authorize_url = token_class.authorize_url(auth_callback_url) do |request_token|
+      save_auth_session_token(request_token) # only for oauth version 1
     end
+    auth_controller.redirect_to authorize_url
+  end
+  
+  # Step 3a: save our passed-parameters into the session,
+  # so we can retrieve them after the redirect calls back
+  def save_oauth_session
+    # Store the class which is redirecting, so we can ensure other classes
+    # don't get confused and attempt to use the response
+    auth_session[:auth_request_class]         = self.class.name
+  
+    auth_session[:authentication_type]        = auth_params[:authentication_type]
+    auth_session[:oauth_provider]             = auth_params[:oauth_provider]
+    auth_session[:auth_method]                = "oauth"
     
+    # Tell our rack callback filter what method the current request is using
+    auth_session[:auth_callback_method]       = auth_controller.request.method
+  end
+  
+  # Step 3b (if version 1.0 of oauth)
+  def save_auth_session_token(request)
+    # store token and secret
+    auth_session[:oauth_request_token]        = request.token
+    auth_session[:oauth_request_token_secret] = request.secret
+  end
+  
+  def restore_attributes
   end
+  
+  # Step 4: on callback, run this method
+  def authenticate_with_oauth
+    # implemented in User and Session Oauth modules
+  end
+  
+  # Step last, after the response
+  # having lots of trouble testing logging and out multiple times,
+  # so there needs to be a solid way to know when a user has messed up loggin in.
+  def cleanup_oauth_session
+    [:auth_request_class,
+      :authentication_type,
+      :auth_method,
+      :auth_attributes,
+      :oauth_provider,
+      :auth_callback_method,
+      :oauth_request_token,
+      :oauth_request_token_secret
+    ].each {|key| auth_session.delete(key)}
+  end
+    
 end

data/lib/authlogic_connect/oauth/session.rb

@@ -37,26 +37,15 @@ module AuthlogicConnect::Oauth
         return block.nil?
       end
       
-      def authenticating_with_oauth?
-        return false unless oauth_provider
-        
-        # Initial request when user presses one of the button helpers
-        initial_request = (controller.params && !controller.params[:login_with_oauth].blank?)
-        # When the oauth provider responds and we made the initial request
-        initial_response = (oauth_response && auth_session && auth_session[:oauth_request_class] == self.class.name)
-        
-        return initial_request || initial_response
-      end
-      
-      def authenticate_with_oauth
+      def complete_oauth_transaction
         if @record
           self.attempted_record = record
         else
           # this generated token is always the same for a user!
           # this is searching with User.find ...
           # attempted_record is part of AuthLogic
-          key = oauth_key_and_secret[:key]
-          token = oauth_token.find_by_key(key, :include => [:user]) # some weird error if I leave out the include
+          hash = oauth_token_and_secret
+          token = token_class.find_by_key_or_token(hash[:key], hash[:token], :include => [:user]) # some weird error if I leave out the include)
           self.attempted_record = token.user
         end
         

data/lib/authlogic_connect/oauth/state.rb

@@ -0,0 +1,54 @@
+# all these methods must return true or false
+module AuthlogicConnect::Oauth::State
+  
+  # 1. to call
+  # checks that we just passed parameters to it,
+  # and that the parameters say 'authentication_method' == 'oauth'
+  def oauth_request?
+    !auth_params.nil? && oauth_provider?
+  end
+  
+  # 2. from call
+  # checks that the correct session variables are there
+  def oauth_response?
+    !oauth_response.nil? && !auth_session.nil? && auth_session[:auth_request_class] == self.class.name && auth_session[:auth_method] == "oauth"
+  end
+  alias_method :oauth_complete?, :oauth_response?
+  
+  # 3. either to or from call
+  def using_oauth?
+    oauth_request? || oauth_response?
+  end
+  
+  def new_oauth_request?
+    oauth_response.blank?
+  end
+  
+  def oauth_provider?
+    !oauth_provider.nil? && !oauth_provider.empty?
+  end
+  
+  # main method we call on validation
+  def authenticating_with_oauth?
+    correct_request_class? && using_oauth?
+  end
+  
+  def allow_oauth_redirect?
+    authenticating_with_oauth? && !oauth_complete?
+  end
+  
+  # both checks if it can redirect, and does the redirect.
+  # is there a more concise way to do this?
+  def redirecting_to_oauth_server?
+    if allow_oauth_redirect?
+      redirect_to_oauth
+      return true
+    end
+    return false
+  end
+  
+  def validate_password_with_oauth?
+    !using_oauth? && require_password?
+  end
+  
+end

data/lib/authlogic_connect/oauth/tokens/google_token.rb

@@ -1,5 +1,8 @@
+# http://code.google.com/apis/accounts/docs/OAuth_ref.html
+# http://code.google.com/apis/accounts/docs/OpenID.html#settingup
 # http://code.google.com/apis/accounts/docs/OAuth.html
 # http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html
+# http://www.manu-j.com/blog/add-google-oauth-ruby-on-rails-sites/214/
 # http://googlecodesamples.com/oauth_playground/
 # Scopes:
 # Analytics         https://www.google.com/analytics/feeds/ 
@@ -30,4 +33,9 @@ class GoogleToken < OauthToken
     :access_token_path  => "/accounts/OAuthGetAccessToken",
     :scope              => "https://www.google.com/m8/feeds/"
   
-end
+  key do |access_token|
+    body = JSON.parse(access_token.get("https://www.google.com/m8/feeds/contacts/default/full?alt=json&max-results=0").body)
+    email = body["feed"]["author"].first["email"]["$t"] # $t is some weird google json thing
+  end
+  
+end

data/lib/authlogic_connect/oauth/tokens/oauth_token.rb

@@ -3,9 +3,9 @@ class OauthToken < Token
   def client
     unless @client
       if oauth_version == 1.0
-        @client = OAuth::AccessToken.new(self.consumer, self.key, self.secret)
+        @client = OAuth::AccessToken.new(self.consumer, self.token, self.secret)
       else
-        @client = OAuth2::AccessToken.new(self.consumer, self.key)
+        @client = OAuth2::AccessToken.new(self.consumer, self.token)
       end
     end
     
@@ -22,6 +22,7 @@ class OauthToken < Token
   
   class << self
     
+    # oauth version, 1.0 or 2.0
     def version(value)
       @oauth_version = value
     end
@@ -30,6 +31,22 @@ class OauthToken < Token
       @oauth_version ||= 1.0
     end
     
+    # unique key that we will use from the AccessToken response
+    # to identify the user by.
+    # in Twitter, its "user_id".  Twitter has "screen_name", but that's
+    # more subject to change than user_id.  Pick whatever is least likely to change
+    def key(value = nil, &block)
+      if block_given?
+        @oauth_key = block
+      else
+        @oauth_key = value.is_a?(Symbol) ? value : value.to_sym
+      end
+    end
+    
+    def oauth_key
+      @oauth_key
+    end
+    
     def consumer
       unless @consumer
         if oauth_version == 1.0
@@ -42,6 +59,54 @@ class OauthToken < Token
       @consumer
     end
     
+    # if we're lucky we can find it by the token.
+    def find_by_key_or_token(key, token, options = {})
+      result = self.find_by_key(key, options) unless key.nil?
+      unless result
+        result = self.find_by_token(token, options) unless token.nil?
+      end
+      result 
+    end
+    
+    # this is a wrapper around oauth 1 and 2.
+    # it looks obscure, but from the api point of view
+    # you won't have to worry about it's implementation.
+    # in oauth 1.0, key = oauth_token, secret = oauth_secret
+    # in oauth 2.0, key = code, secret = access_token
+    def get_token_and_secret(options = {})
+      oauth_verifier  = options[:oauth_verifier]
+      redirect_uri    = options[:redirect_uri]
+      token           = options[:token]
+      secret          = options[:secret]
+      if oauth_version == 1.0
+        access = request_token(token, secret).get_access_token(:oauth_verifier => oauth_verifier)
+        result = {:token => access.token, :secret => access.secret, :key => nil}
+        if self.oauth_key
+          if oauth_key.is_a?(Proc)
+            result[:key] = oauth_key.call(access)
+          else
+            result[:key] = access.params[self.oauth_key] || access.params[self.oauth_key.to_s] # try both
+          end
+        end
+      else
+        access = consumer.web_server.get_access_token(secret, :redirect_uri => redirect_uri)
+        result = {:token => access.token, :secret => secret, :key => nil}
+      end
+      result
+    end
+    
+    # this is a cleaner method so we can access the authorize_url
+    # from oauth 1 or 2
+    def authorize_url(callback_url, &block)
+      if oauth_version == 1.0
+        request = get_request_token(callback_url)
+        yield request if block_given?
+        return request.authorize_url
+      else
+        return consumer.web_server.authorize_url(:redirect_uri => callback_url, :scope => self.config[:scope])
+      end
+    end
+    
     def request_token(token, secret)
       OAuth::RequestToken.new(consumer, token, secret)
     end