authlogic-oauth 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +7 -0
- data/README.rdoc +4 -27
- data/lib/authlogic_oauth/acts_as_authentic.rb +1 -1
- data/lib/authlogic_oauth/oauth_process.rb +7 -6
- data/lib/authlogic_oauth/session.rb +1 -1
- data/lib/authlogic_oauth/version.rb +1 -1
- data/rails/init.rb +9 -1
- data/test/session_test.rb +3 -7
- data/test/test_helper.rb +29 -4
- metadata +4 -6
data/CHANGELOG.rdoc
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
== 1.0.2 released 2009-6-27
|
2
|
+
|
3
|
+
* Using oauth's callback_url parameter to control where the oauth server returns the user to the application.
|
4
|
+
The callback_url parameter was temporarily disabled on major oauth sites due to security concerns, but has been resolved.
|
5
|
+
|
6
|
+
* Removed the need to add specific oauth routes and an oauth_controller (YAY!). This makes using the plugin much easier.
|
7
|
+
|
1
8
|
== 1.0.1 released 2009-6-4
|
2
9
|
|
3
10
|
* Adding helpers for the login/register buttons to be used in conjunction with authlogic_oauth
|
data/README.rdoc
CHANGED
@@ -6,7 +6,7 @@ Authlogic OAuth is an extension of the Authlogic library to add OAuth support. O
|
|
6
6
|
|
7
7
|
* <b>Authlogic:</b> http://github.com/binarylogic/authlogic
|
8
8
|
* <b>OAuth Example Project:</b> http://github.com/jrallison/authlogic_example/tree/with-oauth
|
9
|
-
* <b>Live example:</b> http://authlogic-oauth.heroku.com/
|
9
|
+
* <b>Live example with Twitter:</b> http://authlogic-oauth.heroku.com/
|
10
10
|
|
11
11
|
== Install and use
|
12
12
|
|
@@ -72,29 +72,7 @@ You should save your @user objects this way as well, because you also want the u
|
|
72
72
|
|
73
73
|
Notice we are saving with a block. Why? Because we need to redirect the user to their OAuth provider so that they can authenticate. When we do this, we don't want to execute that block of code, because if we do, we will get a DoubleRender error. This lets us skip that entire block and send the user along their way without any problems.
|
74
74
|
|
75
|
-
=== 5.
|
76
|
-
|
77
|
-
This area needs improvement. Also, because of security issues with OAuth callbacks, this is a bit more complicated then it needs to be.
|
78
|
-
|
79
|
-
Add the following routes to your routes.rb file:
|
80
|
-
|
81
|
-
map.oauth_login '/oauth_login', { :controller => 'user_sessions', :action => 'create', :method => 'get' }
|
82
|
-
map.oauth_register '/oauth_register', { :controller => 'users', :action => 'create', :method => 'get' }
|
83
|
-
map.authorize_oauth '/oauth', { :controller => 'oauth', :action => 'authorize', :method => 'get' }
|
84
|
-
|
85
|
-
Add an OAuth controller to handle the callback from your OAuth provider, and send it on it's way.
|
86
|
-
|
87
|
-
class OauthController < ApplicationController
|
88
|
-
def authorize
|
89
|
-
redirect_to session[:oauth_redirect].merge(:oauth_token => params[:oauth_token])
|
90
|
-
end
|
91
|
-
end
|
92
|
-
|
93
|
-
=== 6. Config your OAuth provider's callback url
|
94
|
-
|
95
|
-
You're callback url should point to the authorize route you added in step 5.
|
96
|
-
|
97
|
-
=== 7. Define the oauth_consumer class method on your UserSession model
|
75
|
+
=== 5. Define the oauth_consumer class method on your UserSession model
|
98
76
|
|
99
77
|
The oauth_consumer should return an OAuth::Consumer which is configured for your OAuth provider. Here's an example for Twitter:
|
100
78
|
|
@@ -108,7 +86,7 @@ The oauth_consumer should return an OAuth::Consumer which is configured for your
|
|
108
86
|
|
109
87
|
end
|
110
88
|
|
111
|
-
===
|
89
|
+
=== 6. Add login and register buttons to your views
|
112
90
|
|
113
91
|
<%= oauth_register_button :value => "Register with Twitter" %>
|
114
92
|
<%= oauth_register_button :value => "Login with Twitter" %>
|
@@ -118,6 +96,5 @@ That's it! The rest is taken care of for you.
|
|
118
96
|
= Here are some next steps for the plugin.
|
119
97
|
|
120
98
|
1. Safe OAuth error handling.
|
121
|
-
|
122
|
-
5. Cleaning up OAuth controller and routes when OAuth callback_url parameter is fixed ... or discovered an alternative way of handling it.
|
99
|
+
2. Remove oauth request from the Rails request cycle.
|
123
100
|
|
@@ -79,7 +79,7 @@ module AuthlogicOauth
|
|
79
79
|
private
|
80
80
|
|
81
81
|
def authenticating_with_oauth?
|
82
|
-
!session_class.controller.params[:register_with_oauth].blank? || oauth_response
|
82
|
+
(session_class.controller.params && !session_class.controller.params[:register_with_oauth].blank?) || oauth_response
|
83
83
|
end
|
84
84
|
|
85
85
|
def authenticate_with_oauth
|
@@ -18,17 +18,18 @@ module AuthlogicOauth
|
|
18
18
|
end
|
19
19
|
|
20
20
|
def redirect_to_oauth
|
21
|
-
request = oauth.get_request_token
|
21
|
+
request = oauth.get_request_token :oauth_callback => build_callback_url
|
22
22
|
oauth_controller.session[:oauth_request_token] = request.token
|
23
23
|
oauth_controller.session[:oauth_request_token_secret] = request.secret
|
24
24
|
|
25
|
-
#
|
26
|
-
oauth_controller.session[:
|
25
|
+
# Tell our rack callback filter what method the current request is using
|
26
|
+
oauth_controller.session[:oauth_callback_method] = oauth_controller.request.method
|
27
|
+
|
27
28
|
oauth_controller.redirect_to request.authorize_url
|
28
29
|
end
|
29
30
|
|
30
31
|
def build_callback_url
|
31
|
-
|
32
|
+
oauth_controller.url_for :controller => oauth_controller.controller_name, :action => oauth_controller.action_name
|
32
33
|
end
|
33
34
|
|
34
35
|
def request_token
|
@@ -38,11 +39,11 @@ module AuthlogicOauth
|
|
38
39
|
end
|
39
40
|
|
40
41
|
def generate_access_token
|
41
|
-
request_token.get_access_token
|
42
|
+
request_token.get_access_token(:oauth_verifier => oauth_controller.params[:oauth_verifier])
|
42
43
|
end
|
43
44
|
|
44
45
|
def oauth_response
|
45
|
-
oauth_controller.params[:oauth_token]
|
46
|
+
oauth_controller.params && oauth_controller.params[:oauth_token]
|
46
47
|
end
|
47
48
|
|
48
49
|
def oauth_controller
|
@@ -49,7 +49,7 @@ module AuthlogicOauth
|
|
49
49
|
private
|
50
50
|
|
51
51
|
def authenticating_with_oauth?
|
52
|
-
!controller.params[:login_with_oauth].blank? || oauth_response
|
52
|
+
(controller.params && !controller.params[:login_with_oauth].blank?) || oauth_response
|
53
53
|
end
|
54
54
|
|
55
55
|
def authenticate_with_oauth
|
data/rails/init.rb
CHANGED
@@ -1 +1,9 @@
|
|
1
|
-
require "authlogic_oauth"
|
1
|
+
require "authlogic_oauth"
|
2
|
+
|
3
|
+
# Throw callback rack app into the middleware stack
|
4
|
+
ActionController::Dispatcher.middleware = ActionController::MiddlewareStack.new do |m|
|
5
|
+
ActionController::Dispatcher.middleware.each do |klass|
|
6
|
+
m.use klass
|
7
|
+
end
|
8
|
+
m.use OauthCallbackFilter
|
9
|
+
end
|
data/test/session_test.rb
CHANGED
@@ -11,17 +11,13 @@ class SessionTest < ActiveSupport::TestCase
|
|
11
11
|
def test_validate_by_nil_oauth_token
|
12
12
|
session = UserSession.new
|
13
13
|
assert !session.save
|
14
|
-
|
15
|
-
end
|
16
|
-
|
17
|
-
def test_auth_session
|
18
|
-
session = UserSession.new
|
19
|
-
#assert session.is_auth_session?
|
14
|
+
assert !redirecting_to_oauth?
|
20
15
|
end
|
21
16
|
|
22
17
|
def test_validate_by_oauth
|
18
|
+
controller.stubs(:params).returns({ :login_with_oauth => true })
|
23
19
|
session = UserSession.new
|
24
20
|
assert !session.save
|
25
|
-
|
21
|
+
assert redirecting_to_oauth?
|
26
22
|
end
|
27
23
|
end
|
data/test/test_helper.rb
CHANGED
@@ -1,9 +1,7 @@
|
|
1
1
|
require "test/unit"
|
2
2
|
require "rubygems"
|
3
|
-
require "oauth"
|
4
3
|
require "ruby-debug"
|
5
4
|
require "active_record"
|
6
|
-
require "active_record/fixtures"
|
7
5
|
|
8
6
|
ActiveRecord::Schema.verbose = false
|
9
7
|
ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :dbfile => ":memory:")
|
@@ -32,12 +30,26 @@ ActiveRecord::Schema.define(:version => 1) do
|
|
32
30
|
end
|
33
31
|
end
|
34
32
|
|
35
|
-
require
|
36
|
-
require
|
33
|
+
require "active_record/fixtures"
|
34
|
+
require "action_controller"
|
35
|
+
require "oauth"
|
36
|
+
Rails = true # to trick authlogic into loading the rails adapter
|
37
|
+
require File.dirname(__FILE__) + "/../../authlogic/lib/authlogic"
|
38
|
+
require File.dirname(__FILE__) + "/../../authlogic/lib/authlogic/test_case"
|
37
39
|
require File.dirname(__FILE__) + '/../lib/authlogic_oauth' unless defined?(AuthlogicOauth)
|
38
40
|
require File.dirname(__FILE__) + '/lib/user'
|
39
41
|
require File.dirname(__FILE__) + '/lib/user_session'
|
40
42
|
|
43
|
+
class ActionController::Base
|
44
|
+
def redirecting_to
|
45
|
+
@redirect_to
|
46
|
+
end
|
47
|
+
|
48
|
+
def redirect_to(*args)
|
49
|
+
@redirect_to = args
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
41
53
|
class ActiveSupport::TestCase
|
42
54
|
include ActiveRecord::TestFixtures
|
43
55
|
self.fixture_path = File.dirname(__FILE__) + "/fixtures"
|
@@ -46,4 +58,17 @@ class ActiveSupport::TestCase
|
|
46
58
|
self.pre_loaded_fixtures = false
|
47
59
|
fixtures :all
|
48
60
|
setup :activate_authlogic
|
61
|
+
|
62
|
+
|
63
|
+
def activate_authlogic
|
64
|
+
Authlogic::Session::Base.controller = controller
|
65
|
+
end
|
66
|
+
|
67
|
+
def controller
|
68
|
+
@controller ||= Authlogic::ControllerAdapters::RailsAdapter.new(ActionController::Base.new)
|
69
|
+
end
|
70
|
+
|
71
|
+
def redirecting_to_oauth?
|
72
|
+
controller.redirecting_to.to_s =~ /^http:\/\/example.com/
|
73
|
+
end
|
49
74
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authlogic-oauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Allison
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-06-
|
12
|
+
date: 2009-06-27 00:00:00 -04:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -64,8 +64,6 @@ files:
|
|
64
64
|
- test/test_helper.rb
|
65
65
|
has_rdoc: true
|
66
66
|
homepage: http://github.com/jrallison/authlogic_oauth
|
67
|
-
licenses: []
|
68
|
-
|
69
67
|
post_install_message:
|
70
68
|
rdoc_options:
|
71
69
|
- --main
|
@@ -87,9 +85,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
87
85
|
requirements: []
|
88
86
|
|
89
87
|
rubyforge_project: authlogic-oauth
|
90
|
-
rubygems_version: 1.3.
|
88
|
+
rubygems_version: 1.3.1
|
91
89
|
signing_key:
|
92
|
-
specification_version:
|
90
|
+
specification_version: 2
|
93
91
|
summary: An authlogic extension for authenticating via OAuth. (I.E. Twitter login)
|
94
92
|
test_files:
|
95
93
|
- test/acts_as_authentic_test.rb
|