authlogic-oauth 1.0.1 → 1.0.2

data/CHANGELOG.rdoc

@@ -1,3 +1,10 @@
+== 1.0.2 released 2009-6-27
+
+* Using oauth's callback_url parameter to control where the oauth server returns the user to the application.
+  The callback_url parameter was temporarily disabled on major oauth sites due to security concerns, but has been resolved.
+  
+* Removed the need to add specific oauth routes and an oauth_controller (YAY!).  This makes using the plugin much easier.
+
 == 1.0.1 released 2009-6-4
 
 * Adding helpers for the login/register buttons to be used in conjunction with authlogic_oauth

data/README.rdoc

@@ -6,7 +6,7 @@ Authlogic OAuth is an extension of the Authlogic library to add OAuth support. O
 
 *	<b>Authlogic:</b> http://github.com/binarylogic/authlogic
 *	<b>OAuth Example Project:</b> http://github.com/jrallison/authlogic_example/tree/with-oauth
-*	<b>Live example:</b> http://authlogic-oauth.heroku.com/
+*	<b>Live example with Twitter:</b> http://authlogic-oauth.heroku.com/
 
 == Install and use
 
@@ -72,29 +72,7 @@ You should save your @user objects this way as well, because you also want the u
 
 Notice we are saving with a block. Why? Because we need to redirect the user to their OAuth provider so that they can authenticate. When we do this, we don't want to execute that block of code, because if we do, we will get a DoubleRender error. This lets us skip that entire block and send the user along their way without any problems.
 
-=== 5. Add a few routes and a OAuth controller
-
-This area needs improvement.  Also, because of security issues with OAuth callbacks, this is a bit more complicated then it needs to be.
-
-Add the following routes to your routes.rb file:
-
-  map.oauth_login '/oauth_login', { :controller => 'user_sessions', :action => 'create', :method => 'get' }
-  map.oauth_register '/oauth_register', { :controller => 'users', :action => 'create', :method => 'get' }
-  map.authorize_oauth '/oauth', { :controller => 'oauth', :action => 'authorize', :method => 'get' }
-  
-Add an OAuth controller to handle the callback from your OAuth provider, and send it on it's way.
-
-  class OauthController < ApplicationController
-    def authorize
-      redirect_to session[:oauth_redirect].merge(:oauth_token => params[:oauth_token])
-    end
-  end
-
-=== 6. Config your OAuth provider's callback url
-
-You're callback url should point to the authorize route you added in step 5.
-
-=== 7. Define the oauth_consumer class method on your UserSession model
+=== 5. Define the oauth_consumer class method on your UserSession model
 
 The oauth_consumer should return an OAuth::Consumer which is configured for your OAuth provider.  Here's an example for Twitter:
 
@@ -108,7 +86,7 @@ The oauth_consumer should return an OAuth::Consumer which is configured for your
 
   end
   
-=== 8. Add login and register buttons to your views
+=== 6. Add login and register buttons to your views
 
   <%= oauth_register_button :value => "Register with Twitter" %>
   <%= oauth_register_button :value => "Login with Twitter" %>
@@ -118,6 +96,5 @@ That's it! The rest is taken care of for you.
 = Here are some next steps for the plugin.
 
 1. Safe OAuth error handling.
-4. Remove oauth request from the Rails request cycle.
-5. Cleaning up OAuth controller and routes when OAuth callback_url parameter is fixed ... or discovered an alternative way of handling it.
+2. Remove oauth request from the Rails request cycle.
 

data/lib/authlogic_oauth/acts_as_authentic.rb

@@ -79,7 +79,7 @@ module AuthlogicOauth
     private
     
       def authenticating_with_oauth?
-        !session_class.controller.params[:register_with_oauth].blank? || oauth_response
+        (session_class.controller.params && !session_class.controller.params[:register_with_oauth].blank?) || oauth_response
       end
     
       def authenticate_with_oauth

data/lib/authlogic_oauth/oauth_process.rb

@@ -18,17 +18,18 @@ module AuthlogicOauth
     end
     
     def redirect_to_oauth
-      request = oauth.get_request_token
+      request = oauth.get_request_token :oauth_callback => build_callback_url
       oauth_controller.session[:oauth_request_token]        = request.token
       oauth_controller.session[:oauth_request_token_secret] = request.secret
       
-      # Send to oauth authorize url and redirect back to the current action
-      oauth_controller.session[:oauth_redirect] = build_callback_url
+      # Tell our rack callback filter what method the current request is using
+      oauth_controller.session[:oauth_callback_method]      = oauth_controller.request.method
+      
       oauth_controller.redirect_to request.authorize_url
     end
     
     def build_callback_url
-      { :controller => oauth_controller.controller_name, :action => oauth_controller.action_name }
+      oauth_controller.url_for :controller => oauth_controller.controller_name, :action => oauth_controller.action_name
     end
     
     def request_token
@@ -38,11 +39,11 @@ module AuthlogicOauth
     end
     
     def generate_access_token
-      request_token.get_access_token
+      request_token.get_access_token(:oauth_verifier => oauth_controller.params[:oauth_verifier])
     end
     
     def oauth_response
-      oauth_controller.params[:oauth_token]
+      oauth_controller.params && oauth_controller.params[:oauth_token]
     end
     
     def oauth_controller

data/lib/authlogic_oauth/session.rb

@@ -49,7 +49,7 @@ module AuthlogicOauth
     private
       
       def authenticating_with_oauth?
-        !controller.params[:login_with_oauth].blank? || oauth_response
+        (controller.params && !controller.params[:login_with_oauth].blank?) || oauth_response
       end
       
       def authenticate_with_oauth

data/lib/authlogic_oauth/version.rb

@@ -41,7 +41,7 @@ module AuthlogicOauth
  
     MAJOR = 1
     MINOR = 0
-    TINY  = 1
+    TINY  = 2
  
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/rails/init.rb

@@ -1 +1,9 @@
-require "authlogic_oauth"
+require "authlogic_oauth"
+
+# Throw callback rack app into the middleware stack
+ActionController::Dispatcher.middleware = ActionController::MiddlewareStack.new do |m|
+  ActionController::Dispatcher.middleware.each do |klass|
+    m.use klass
+  end
+  m.use OauthCallbackFilter
+end

data/test/session_test.rb

@@ -11,17 +11,13 @@ class SessionTest < ActiveSupport::TestCase
   def test_validate_by_nil_oauth_token
     session = UserSession.new
     assert !session.save
-    #assert !redirecting_to_yahoo?
-  end
-  
-  def test_auth_session
-    session = UserSession.new
-    #assert session.is_auth_session?
+    assert !redirecting_to_oauth?
   end
   
   def test_validate_by_oauth
+    controller.stubs(:params).returns({ :login_with_oauth => true })
     session = UserSession.new
     assert !session.save
-    #assert redirecting_to_yahoo?
+    assert redirecting_to_oauth?
   end
 end

data/test/test_helper.rb

@@ -1,9 +1,7 @@
 require "test/unit"
 require "rubygems"
-require "oauth"
 require "ruby-debug"
 require "active_record"
-require "active_record/fixtures"
 
 ActiveRecord::Schema.verbose = false
 ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :dbfile => ":memory:")
@@ -32,12 +30,26 @@ ActiveRecord::Schema.define(:version => 1) do
   end
 end
 
-require File.dirname(__FILE__) + '/../../authlogic/lib/authlogic' unless defined?(Authlogic)
-require File.dirname(__FILE__) + '/../../authlogic/lib/authlogic/test_case'
+require "active_record/fixtures"
+require "action_controller"
+require "oauth"
+Rails = true # to trick authlogic into loading the rails adapter
+require File.dirname(__FILE__) + "/../../authlogic/lib/authlogic"
+require File.dirname(__FILE__) + "/../../authlogic/lib/authlogic/test_case"
 require File.dirname(__FILE__) + '/../lib/authlogic_oauth' unless defined?(AuthlogicOauth)
 require File.dirname(__FILE__) + '/lib/user'
 require File.dirname(__FILE__) + '/lib/user_session'
 
+class ActionController::Base
+  def redirecting_to
+    @redirect_to
+  end
+  
+  def redirect_to(*args)
+    @redirect_to = args
+  end
+end
+
 class ActiveSupport::TestCase
   include ActiveRecord::TestFixtures
   self.fixture_path = File.dirname(__FILE__) + "/fixtures"
@@ -46,4 +58,17 @@ class ActiveSupport::TestCase
   self.pre_loaded_fixtures = false
   fixtures :all
   setup :activate_authlogic
+
+  
+    def activate_authlogic
+      Authlogic::Session::Base.controller = controller
+    end
+
+    def controller
+      @controller ||= Authlogic::ControllerAdapters::RailsAdapter.new(ActionController::Base.new)
+    end
+
+    def redirecting_to_oauth?
+      controller.redirecting_to.to_s =~ /^http:\/\/example.com/
+    end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: authlogic-oauth
 version: !ruby/object:Gem::Version 
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors: 
 - John Allison
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-06-04 00:00:00 -04:00
+date: 2009-06-27 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -64,8 +64,6 @@ files:
 - test/test_helper.rb
 has_rdoc: true
 homepage: http://github.com/jrallison/authlogic_oauth
-licenses: []
-
 post_install_message: 
 rdoc_options: 
 - --main
@@ -87,9 +85,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: authlogic-oauth
-rubygems_version: 1.3.2
+rubygems_version: 1.3.1
 signing_key: 
-specification_version: 3
+specification_version: 2
 summary: An authlogic extension for authenticating via OAuth. (I.E. Twitter login)
 test_files: 
 - test/acts_as_authentic_test.rb