authlogic-oauth 1.0.0

data/.git/info/exclude

@@ -0,0 +1,6 @@
+# git-ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~

data/.git/logs/HEAD

@@ -0,0 +1,8 @@
+0000000000000000000000000000000000000000 6976eeb5a95a2b5f48cfea6041b0290b11f90597 jrallison <jrallison@gmail.com> 1243800566 -0400	clone: from git://github.com/jrallison/authlogic_oauth.git
+6976eeb5a95a2b5f48cfea6041b0290b11f90597 6976eeb5a95a2b5f48cfea6041b0290b11f90597 jrallison <jrallison@gmail.com> 1243800566 -0400	checkout: moving from master to 6976eeb5a95a2b5f48cfea6041b0290b11f90597
+6976eeb5a95a2b5f48cfea6041b0290b11f90597 6976eeb5a95a2b5f48cfea6041b0290b11f90597 jrallison <jrallison@gmail.com> 1243800602 -0400	checkout: moving from 6976eeb5a95a2b5f48cfea6041b0290b11f90597 to master
+6976eeb5a95a2b5f48cfea6041b0290b11f90597 ab14db4dd48cb6f4c3688eb65513afac383d3584 jrallison <jrallison@gmail.com> 1243800623 -0400	commit: Adding link to oauth example app
+ab14db4dd48cb6f4c3688eb65513afac383d3584 1a7e60fbbc011b519f1f19dbca839cfd907924a3 jrallison <jrallison@gmail.com> 1243801464 -0400	commit: Updating README
+1a7e60fbbc011b519f1f19dbca839cfd907924a3 e374f7848330d167432299a84e43c7af18a51b87 jrallison <jrallison@gmail.com> 1243801583 -0400	commit: Changing next steps area for better readablility
+e374f7848330d167432299a84e43c7af18a51b87 42607cc77682553f3d71ef40e5fae408ac3351f4 jrallison <jrallison@gmail.com> 1243803219 -0400	commit: Updating summary and description
+42607cc77682553f3d71ef40e5fae408ac3351f4 41029da703a9502cada88f88b58facd4dc023d53 jrallison <jrallison@gmail.com> 1243803541 -0400	commit: Updating Manifest

data/.git/logs/refs/heads/master

@@ -0,0 +1,6 @@
+0000000000000000000000000000000000000000 6976eeb5a95a2b5f48cfea6041b0290b11f90597 jrallison <jrallison@gmail.com> 1243800566 -0400	clone: from git://github.com/jrallison/authlogic_oauth.git
+6976eeb5a95a2b5f48cfea6041b0290b11f90597 ab14db4dd48cb6f4c3688eb65513afac383d3584 jrallison <jrallison@gmail.com> 1243800623 -0400	commit: Adding link to oauth example app
+ab14db4dd48cb6f4c3688eb65513afac383d3584 1a7e60fbbc011b519f1f19dbca839cfd907924a3 jrallison <jrallison@gmail.com> 1243801464 -0400	commit: Updating README
+1a7e60fbbc011b519f1f19dbca839cfd907924a3 e374f7848330d167432299a84e43c7af18a51b87 jrallison <jrallison@gmail.com> 1243801583 -0400	commit: Changing next steps area for better readablility
+e374f7848330d167432299a84e43c7af18a51b87 42607cc77682553f3d71ef40e5fae408ac3351f4 jrallison <jrallison@gmail.com> 1243803219 -0400	commit: Updating summary and description
+42607cc77682553f3d71ef40e5fae408ac3351f4 41029da703a9502cada88f88b58facd4dc023d53 jrallison <jrallison@gmail.com> 1243803541 -0400	commit: Updating Manifest

data/.git/logs/refs/remotes/origin/HEAD

@@ -0,0 +1 @@
+0000000000000000000000000000000000000000 6976eeb5a95a2b5f48cfea6041b0290b11f90597 jrallison <jrallison@gmail.com> 1243800566 -0400	clone: from git://github.com/jrallison/authlogic_oauth.git

data/.git/logs/refs/remotes/origin/master

@@ -0,0 +1,5 @@
+6976eeb5a95a2b5f48cfea6041b0290b11f90597 ab14db4dd48cb6f4c3688eb65513afac383d3584 John Allison <jallison@jrallison.local> 1243800663 -0400	update by push
+ab14db4dd48cb6f4c3688eb65513afac383d3584 1a7e60fbbc011b519f1f19dbca839cfd907924a3 John Allison <jallison@jrallison.local> 1243801484 -0400	update by push
+1a7e60fbbc011b519f1f19dbca839cfd907924a3 e374f7848330d167432299a84e43c7af18a51b87 John Allison <jallison@jrallison.local> 1243801613 -0400	update by push
+e374f7848330d167432299a84e43c7af18a51b87 42607cc77682553f3d71ef40e5fae408ac3351f4 John Allison <jallison@jrallison.local> 1243803245 -0400	update by push
+42607cc77682553f3d71ef40e5fae408ac3351f4 41029da703a9502cada88f88b58facd4dc023d53 John Allison <jallison@jrallison.local> 1243803554 -0400	update by push

data/.git/objects/e3/74f7848330d167432299a84e43c7af18a51b87

@@ -0,0 +1,2 @@
+x
��Qj�0D�S���lIJ�'ٕV��,[�����
�7�`��m+�.�
6�s��t�ɣK&��,{��O�8b�z�!���Eg�yƐ1cH�O!���Ҥ����Zν��?~��z���h��5�~�7m�V��./L���Z�
+M�;�]�'m�<LX�^GMĵ���/�U�

data/.git/packed-refs

@@ -0,0 +1,2 @@
+# pack-refs with: peeled 
+6976eeb5a95a2b5f48cfea6041b0290b11f90597 refs/remotes/origin/master

data/.git/refs/heads/master

@@ -0,0 +1 @@
+41029da703a9502cada88f88b58facd4dc023d53

data/.git/refs/remotes/origin/HEAD

@@ -0,0 +1 @@
+ref: refs/remotes/origin/master

data/.git/refs/remotes/origin/master

@@ -0,0 +1 @@
+41029da703a9502cada88f88b58facd4dc023d53

data/CHANGELOG.rdoc

@@ -0,0 +1,4 @@
+= Authlogic OAuth
+
+Authlogic OAuth
+

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 John Allison (johnallison.me)
+ 
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+ 
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+ 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Manifest.txt

@@ -0,0 +1,57 @@
+.git/COMMIT_EDITMSG
+.git/FETCH_HEAD
+.git/HEAD
+.git/config
+.git/description
+.git/hooks/applypatch-msg.sample
+.git/hooks/commit-msg.sample
+.git/hooks/post-commit.sample
+.git/hooks/post-receive.sample
+.git/hooks/post-update.sample
+.git/hooks/pre-applypatch.sample
+.git/hooks/pre-commit.sample
+.git/hooks/pre-rebase.sample
+.git/hooks/prepare-commit-msg.sample
+.git/hooks/update.sample
+.git/index
+.git/info/exclude
+.git/logs/HEAD
+.git/logs/refs/heads/master
+.git/logs/refs/remotes/origin/HEAD
+.git/logs/refs/remotes/origin/master
+.git/objects/1a/7e60fbbc011b519f1f19dbca839cfd907924a3
+.git/objects/2e/f242d63b205e88b003d10e96d7d31269bd7073
+.git/objects/41/6b196f0d3fa02be32bdd0bd7d6a3fd7d57844d
+.git/objects/42/607cc77682553f3d71ef40e5fae408ac3351f4
+.git/objects/56/6625e05678ab5d52511225fa360e6934e049f6
+.git/objects/56/947322f2e948b597b9e692320ecada30315e45
+.git/objects/87/a7f6af123ffd70a8cd751b80ec4d4a9de69ab9
+.git/objects/ab/14db4dd48cb6f4c3688eb65513afac383d3584
+.git/objects/b2/9bfce970d5a817d2f7626b2984dc8de67ab774
+.git/objects/e0/a81debca6c11c68732b3769d1f83c5c3c97c09
+.git/objects/e3/74f7848330d167432299a84e43c7af18a51b87
+.git/objects/f3/5e9e44d75a11221b0c2f2b2a0bdb5b37bfbaa1
+.git/objects/pack/pack-2b55f15bfde87d738b79905b5c0788e4a4cbf3af.idx
+.git/objects/pack/pack-2b55f15bfde87d738b79905b5c0788e4a4cbf3af.pack
+.git/packed-refs
+.git/refs/heads/master
+.git/refs/remotes/origin/HEAD
+.git/refs/remotes/origin/master
+CHANGELOG.rdoc
+MIT-LICENSE
+Manifest.txt
+README.rdoc
+Rakefile
+init.rb
+lib/authlogic_oauth.rb
+lib/authlogic_oauth/acts_as_authentic.rb
+lib/authlogic_oauth/oauth_process.rb
+lib/authlogic_oauth/session.rb
+lib/authlogic_oauth/version.rb
+rails/init.rb
+test/acts_as_authentic_test.rb
+test/fixtures/users.yml
+test/lib/user.rb
+test/lib/user_session.rb
+test/session_test.rb
+test/test_helper.rb

data/README.rdoc

@@ -0,0 +1,120 @@
+= Authlogic OAuth
+
+Authlogic OAuth is an extension of the Authlogic library to add OAuth support. One use case for authentication with OAuth is allowing users to log in with their Twitter credentials.
+
+== Helpful links
+
+*	<b>Authlogic:</b> http://github.com/binarylogic/authlogic
+*	<b>OAuth Example Project:</b> http://github.com/jrallison/authlogic_example/tree/with-oauth
+*	<b>Live example:</b> *coming soon*
+
+== Install and use
+
+=== 1. Install Authlogic and setup your application
+
+  <b>Authlogic:</b> http://github.com/binarylogic/authlogic
+  <b>Authlogic Example:</b> http://github.com/binarylogic/authlogic_example
+
+=== 2. Install OAuth and Authlogic_Oauth
+
+  $ sudo gem install oauth
+  $ sudo gem install authlogic-oauth
+
+Now add the gem dependencies in your config:
+
+  config.gem "oauth"
+  config.gem "authlogic-oauth", :lib => "authlogic_oauth"
+  
+Or for older version of rails, install it as a plugin:
+
+  $ script/plugin install git://github.com/jrallison/authlogic_oauth.git
+
+=== 3. Make some simple changes to your database:
+
+  class AddUsersOauthFields < ActiveRecord::Migration
+    def self.up
+      add_column :users, :oauth_token, :string
+      add_column :users, :oauth_secret, :string
+      add_index :users, :oauth_token
+
+      change_column :users, :login, :string, :default => nil, :null => true
+      change_column :users, :crypted_password, :string, :default => nil, :null => true
+      change_column :users, :password_salt, :string, :default => nil, :null => true
+    end
+
+    def self.down
+      remove_column :users, :oauth_token
+      remove_column :users, :oauth_secret
+
+      [:login, :crypted_password, :password_salt].each do |field|
+        User.all(:conditions => "#{field} is NULL").each { |user| user.update_attribute(field, "") if user.send(field).nil? }
+        change_column :users, field, :string, :default => "", :null => false
+      end
+    end
+  end
+  
+=== 4. Make sure you save your objects properly
+
+You only need to save your objects this way if you want the user to authenticate with their OAuth provider.
+
+That being said, you probably want to do this in your controllers. You should do this for BOTH your User objects and UserSession objects (assuming you are authenticating users). It should look something like this:
+
+  @user_session.save do |result|
+    if result
+      flash[:notice] = "Login successful!"
+      redirect_back_or_default account_url
+    else
+      render :action => :new
+    end
+  end
+
+You should save your @user objects this way as well, because you also want the user to authenticate with OAuth.
+
+Notice we are saving with a block. Why? Because we need to redirect the user to their OAuth provider so that they can authenticate. When we do this, we don't want to execute that block of code, because if we do, we will get a DoubleRender error. This lets us skip that entire block and send the user along their way without any problems.
+
+=== 5. Add a few routes and a OAuth controller
+
+This area needs improvement.  Also, because of security issues with OAuth callbacks, this is a bit more complicated then it needs to be.
+
+Add the following routes to your routes.rb file:
+
+  map.oauth_login '/oauth_login', { :controller => 'user_sessions', :action => 'create', :method => 'get' }
+  map.oauth_register '/oauth_register', { :controller => 'users', :action => 'create', :method => 'get' }
+  map.authorize_oauth '/oauth', { :controller => 'oauth', :action => 'authorize', :method => 'get' }
+  
+Add an OAuth controller to handle the callback from your OAuth provider, and send it on it's way.
+
+  class OauthController < ApplicationController
+    def authorize
+      redirect_to session[:oauth_redirect].merge(:oauth_token => params[:oauth_token])
+    end
+  end
+
+=== 6. Config your OAuth provider's callback url
+
+You're callback url should point to the authorize route you added in step 5.
+
+=== 7. Define the oauth_consumer class method on your UserSession model
+
+The oauth_consumer should return an OAuth::Consumer which is configured for your OAuth provider.  Here's an example for Twitter:
+
+  class UserSession < Authlogic::Session::Base
+
+    def self.oauth_consumer
+      OAuth::Consumer.new("TOKEN", "SECRET",
+      { :site=>"http://twitter.com",
+        :authorize_url => "http://twitter.com/oauth/authenticate" })
+    end
+
+  end
+
+That's it! The rest is taken care of for you.
+
+= Here are some next steps for the plugin.
+
+1. Safe OAuth error handling.
+2. Helpers for login/register with oauth form buttons.
+3. Add callback for populating user fields with data retrieved from OAuth before account is saved during registration.
+4. Remove oauth request from the Rails request cycle.
+5. Cleaning up OAuth controller and routes when OAuth callback_url parameter is fixed ... or discovered an alternative way of handling it.
+

data/Rakefile

@@ -0,0 +1,20 @@
+ENV['RDOCOPT'] = "-S -f html -T hanna"
+
+require "rubygems"
+require "hoe"
+require File.dirname(__FILE__) << "/lib/authlogic_oauth/version"
+
+Hoe.new("authlogic-oauth", AuthlogicOauth::Version::STRING) do |p|
+  p.name = "authlogic-oauth"
+  p.author = "John Allison"
+  p.email  = 'jrallison@gmail.com'
+  p.summary = "An authlogic extension for authenticating via OAuth. (I.E. Twitter login)"
+  p.description = "An authlogic extension for authenticating via OAuth.  This can be helpful for adding support for login/registration with Twitter credentials."
+  p.url = "http://github.com/jrallison/authlogic_oauth"
+  p.history_file = "CHANGELOG.rdoc"
+  p.readme_file = "README.rdoc"
+  p.extra_rdoc_files = ["CHANGELOG.rdoc", "README.rdoc"]
+  p.remote_rdoc_dir = ''
+  p.test_globs = ["test/*/test_*.rb", "test/*_test.rb", "test/*/*_test.rb"]
+  p.extra_deps = %w(activesupport)
+end

data/init.rb

@@ -0,0 +1 @@
+File.dirname(__FILE__) + "/rails/init.rb"

data/lib/authlogic_oauth/acts_as_authentic.rb

@@ -0,0 +1,116 @@
+module AuthlogicOauth
+  module ActsAsAuthentic
+    def self.included(klass)
+      klass.class_eval do
+        extend Config
+        add_acts_as_authentic_module(Methods, :prepend)
+      end
+    end
+    
+    module Config
+      # The name of the oauth token field in the database.
+      #
+      # * <tt>Default:</tt> :oauth_token
+      # * <tt>Accepts:</tt> Symbol
+      def oauth_token_field(value = nil)
+        rw_config(:oauth_token_field, value, :oauth_token)
+      end
+      alias_method :oauth_token_field=, :oauth_token_field
+      
+      # The name of the oauth token secret field in the database.
+      #
+      # * <tt>Default:</tt> :oauth_secret
+      # * <tt>Accepts:</tt> Symbol
+      def oauth_secret_field(value = nil)
+        rw_config(:oauth_secret_field, value, :oauth_secret)
+      end
+      alias_method :oauth_secret_field=, :oauth_secret_field
+    end
+    
+    module Methods
+      include OauthProcess
+      
+      # Set up some simple validations
+      def self.included(klass)
+        klass.class_eval do
+          alias_method "#{oauth_token_field.to_s}=".to_sym, :oauth_token=
+          alias_method "#{oauth_secret_field.to_s}=".to_sym, :oauth_secret=
+        end
+        
+        return if !klass.column_names.include?(klass.oauth_token_field.to_s)
+
+        klass.class_eval do
+          validate :validate_by_oauth, :if => :authenticating_with_oauth?
+          
+          validates_uniqueness_of klass.oauth_token_field, :scope => validations_scope, :if => :using_oauth?
+          validates_presence_of klass.oauth_secret_field, :scope => validations_scope, :if => :using_oauth?
+          
+          validates_length_of_password_field_options validates_length_of_password_field_options.merge(:if => :validate_password_with_oauth?)
+          validates_confirmation_of_password_field_options validates_confirmation_of_password_field_options.merge(:if => :validate_password_with_oauth?)
+          validates_length_of_password_confirmation_field_options validates_length_of_password_confirmation_field_options.merge(:if => :validate_password_with_oauth?)
+          validates_length_of_login_field_options validates_length_of_login_field_options.merge(:if => :validate_password_with_oauth?)
+          validates_format_of_login_field_options validates_format_of_login_field_options.merge(:if => :validate_password_with_oauth?)
+        end
+        
+        # email needs to be optional for oauth
+        klass.validate_email_field = false
+      end
+      
+      def save(perform_validation = true, &block)
+        if perform_validation && block_given? && redirecting_to_oauth_server?
+          redirect_to_oauth
+          return false
+        end
+        
+        result = super
+        yield(result) if block_given?
+        result
+      end
+      
+      # Set the oauth fields
+      def oauth_token=(value)
+        write_attribute(oauth_token_field, value.blank? ? nil : value)
+      end
+      
+      def oauth_secret=(value)
+        write_attribute(oauth_secret_field, value.blank? ? nil : value)
+      end
+      
+    private
+    
+      def authenticating_with_oauth?
+        !session_class.controller.params[:register_with_oauth].blank? || oauth_response
+      end
+    
+      def authenticate_with_oauth
+        access_token = generate_access_token
+      
+        self.oauth_token = access_token.token
+        self.oauth_secret = access_token.secret
+      end
+      
+      def access_token
+        OAuth::AccessToken.new(oauth,
+        read_attribute(oauth_token_field),
+        read_attribute(oauth_secret_field))
+      end
+    
+      def using_oauth?
+        respond_to?(oauth_token_field) && !oauth_token.blank?
+      end
+      
+      def validate_password_with_oauth?
+        !using_oauth? && require_password?
+      end
+      
+      def oauth_token_field
+        self.class.oauth_token_field
+      end
+      
+      def oauth_secret_field
+        self.class.oauth_secret_field
+      end
+      
+    end
+  end
+end

data/lib/authlogic_oauth/oauth_process.rb

@@ -0,0 +1,61 @@
+module AuthlogicOauth
+  module OauthProcess
+    
+  private
+  
+    def validate_by_oauth
+      validate_email_field = false
+      
+      if oauth_response.blank?
+        redirect_to_oauth
+      else
+        authenticate_with_oauth
+      end
+    end
+    
+    def redirecting_to_oauth_server?
+      authenticating_with_oauth? && oauth_response.blank?
+    end
+    
+    def redirect_to_oauth
+      request = oauth.get_request_token
+      oauth_controller.session[:oauth_request_token]        = request.token
+      oauth_controller.session[:oauth_request_token_secret] = request.secret
+      
+      # Send to oauth authorize url and redirect back to the current action
+      oauth_controller.session[:oauth_redirect] = build_callback_url
+      oauth_controller.redirect_to request.authorize_url
+    end
+    
+    def build_callback_url
+      { :controller => oauth_controller.controller_name, :action => oauth_controller.action_name }
+    end
+    
+    def request_token
+      OAuth::RequestToken.new(oauth,
+      oauth_controller.session[:oauth_request_token],
+      oauth_controller.session[:oauth_request_token_secret])
+    end
+    
+    def generate_access_token
+      request_token.get_access_token
+    end
+    
+    def oauth_response
+      oauth_controller.params[:oauth_token]
+    end
+    
+    def oauth_controller
+      is_auth_session? ? controller : session_class.controller
+    end
+    
+    def oauth
+      is_auth_session? ? self.class.oauth_consumer : session_class.oauth_consumer
+    end
+    
+    def is_auth_session?
+      self.is_a?(Authlogic::Session::Base)
+    end
+    
+  end
+end