authorio 0.8.2 → 0.8.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/app/assets/stylesheets/authorio/auth.css +32 -0
- data/app/controllers/authorio/auth_controller.rb +73 -76
- data/app/controllers/authorio/authorio_controller.rb +66 -0
- data/app/controllers/authorio/sessions_controller.rb +32 -0
- data/app/controllers/authorio/users_controller.rb +24 -0
- data/app/models/authorio/request.rb +5 -0
- data/app/models/authorio/session.rb +1 -1
- data/app/models/authorio/user.rb +5 -0
- data/app/views/authorio/auth/authorization_interface.html.erb +3 -20
- data/app/views/authorio/sessions/new.html.erb +15 -0
- data/app/views/authorio/users/edit.html.erb +25 -0
- data/app/views/layouts/authorio/main.html.erb +13 -2
- data/app/views/shared/_login_form.html.erb +36 -0
- data/config/routes.rb +5 -2
- data/db/migrate/20210801184120_add_profile_to_users.rb +8 -0
- data/lib/authorio/engine.rb +1 -1
- data/lib/authorio/version.rb +1 -1
- metadata +9 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a5ecd8cf849002e116b21a3c4f0073fc17988e62791f356ab57a703397edc77c
|
4
|
+
data.tar.gz: 4c0c4908c722b65ccd1559b5fea382231933e2840e5d0b6e08271ed5efd43f15
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8bb01ec581f584fe9eadc7d77d477fa2f57e8883101ba51b5f8cb8729bf7486f061bc996a17cab023d476119dda8f37d7676a7f04e281180ad8dda8e649eb16c
|
7
|
+
data.tar.gz: 7d8e0e19113cd7748a64212ee98f514ba953027409adf20a71b47f14c3e1c5ef0db28924bca9afa4fd498ea56a686b1169f2f8ceb7f53297472c6b9cd34d86cf
|
data/README.md
CHANGED
@@ -136,6 +136,10 @@ on a public-access computer. Default is *nil* (disabled)
|
|
136
136
|
- [ ] Customizing the authentication view/UI
|
137
137
|
- [ ] Customizing the authentication method
|
138
138
|
|
139
|
+
## User Profile
|
140
|
+
|
141
|
+
You can set up your <a href="doc/profile.md">user profile</a> which can be sent to authenticating clients.
|
142
|
+
|
139
143
|
## Contributing
|
140
144
|
Send pull requests to [Authorio on GitHub](https://github.com/reiterate-app/authorio)
|
141
145
|
|
@@ -61,3 +61,35 @@ span.r-m {
|
|
61
61
|
label.remember {
|
62
62
|
margin-top: -1em;
|
63
63
|
}
|
64
|
+
|
65
|
+
div.scopes {
|
66
|
+
margin-top: -1.5em;
|
67
|
+
}
|
68
|
+
|
69
|
+
ul.scope {
|
70
|
+
list-style: none;
|
71
|
+
padding-left: 20px;
|
72
|
+
}
|
73
|
+
|
74
|
+
ul.scope li label {
|
75
|
+
font-weight: normal;
|
76
|
+
}
|
77
|
+
|
78
|
+
div.topbar {
|
79
|
+
border-bottom: 1px solid darkgray;
|
80
|
+
}
|
81
|
+
|
82
|
+
div.topbar li {
|
83
|
+
display: inline-block;
|
84
|
+
padding: 12px;
|
85
|
+
}
|
86
|
+
|
87
|
+
div.topbar ul {
|
88
|
+
margin: 0 10px;
|
89
|
+
padding: 0;
|
90
|
+
text-align: right;
|
91
|
+
}
|
92
|
+
|
93
|
+
div.topbar li:first-child {
|
94
|
+
float: left;
|
95
|
+
}
|
@@ -1,8 +1,7 @@
|
|
1
1
|
module Authorio
|
2
|
-
class AuthController <
|
2
|
+
class AuthController < AuthorioController
|
3
3
|
require 'uri'
|
4
4
|
require 'digest'
|
5
|
-
layout 'authorio/main'
|
6
5
|
|
7
6
|
# These API-only endpoints are protected by code challenge and do not need CSRF protextion
|
8
7
|
protect_from_forgery with: :exception, except: [:send_profile, :issue_token]
|
@@ -13,51 +12,45 @@ module Authorio
|
|
13
12
|
Authorio::Session.where(user: exception.session.user).delete_all
|
14
13
|
end
|
15
14
|
|
15
|
+
helper_method :user_scope_description
|
16
|
+
|
17
|
+
# GET /auth
|
16
18
|
def authorization_interface
|
17
|
-
|
18
|
-
|
19
|
-
|
19
|
+
%w(client_id redirect_uri state code_challenge).each do |param|
|
20
|
+
raise ::ActionController::ParameterMissing, param unless params[param].present?
|
21
|
+
end
|
22
|
+
@user = User.find_by_url! params[:me]
|
20
23
|
|
21
24
|
# If there are any old requests from this (client, user), delete them now
|
22
|
-
Request.where(authorio_user: @user, client:
|
23
|
-
|
24
|
-
auth_request = Request.
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
session[:state] = p[:state]
|
33
|
-
session[:code_challenge] = p[:code_challenge]
|
34
|
-
session[:client_id] = p[:client_id]
|
35
|
-
@user_logged_in_locally = !user_session.nil?
|
25
|
+
Request.where(authorio_user: @user, client: params[:client_id]).delete_all
|
26
|
+
|
27
|
+
auth_request = Request.create(
|
28
|
+
code: SecureRandom.hex(20),
|
29
|
+
redirect_uri: params[:redirect_uri],
|
30
|
+
client: params[:client_id], # IndieAuth client_id conflicts with Rails' _id foreign key convention
|
31
|
+
scope: params[:scope],
|
32
|
+
authorio_user: @user
|
33
|
+
)
|
34
|
+
session.update request.parameters.slice(*%w(state client_id code_challenge))
|
36
35
|
@rememberable = Authorio.configuration.local_session_lifetime && !@user_logged_in_locally
|
37
|
-
|
36
|
+
@scope = params[:scope]&.split
|
38
37
|
rescue ActiveRecord::RecordNotFound
|
39
38
|
redirect_back_with_error "Invalid user"
|
39
|
+
rescue ActionController::ParameterMissing => error
|
40
|
+
render oauth_error "invalid_request", "missing parameter #{error}"
|
40
41
|
end
|
41
42
|
|
43
|
+
# POST /user/:id/authorize
|
42
44
|
def authorize_user
|
43
|
-
|
44
|
-
|
45
|
-
if params[:commit] == "Cancel"
|
46
|
-
redirect_to session[:client_id] and return
|
47
|
-
end
|
45
|
+
redirect_to session[:client_id] and return if params[:commit] == "Cancel"
|
48
46
|
|
49
47
|
user = authenticate_user_from_session_or_password
|
50
|
-
if
|
51
|
-
cookies.encrypted[:user] = {
|
52
|
-
value: Authorio::Session.create(authorio_user: user).as_cookie,
|
53
|
-
expires: Authorio.configuration.local_session_lifetime
|
54
|
-
}
|
55
|
-
end
|
48
|
+
set_session_cookie(user) if auth_user_params[:remember_me]
|
56
49
|
|
57
50
|
auth_req = Request.find_by! client: session[:client_id], authorio_user: user
|
58
|
-
|
59
|
-
|
60
|
-
|
51
|
+
auth_req.update_scope(scope_params[:scope]) if params.has_key? :scope
|
52
|
+
redirect_params = { code: auth_req.code, state: session[:state] }
|
53
|
+
redirect_to "#{auth_req.redirect_uri}?#{redirect_params.to_query}"
|
61
54
|
rescue ActiveRecord::RecordNotFound
|
62
55
|
redirect_back_with_error "Invalid user"
|
63
56
|
rescue Authorio::Exceptions::InvalidPassword
|
@@ -65,24 +58,24 @@ module Authorio
|
|
65
58
|
end
|
66
59
|
|
67
60
|
def send_profile
|
68
|
-
|
69
|
-
|
70
|
-
|
61
|
+
request = validate_request
|
62
|
+
render json: profile(request)
|
63
|
+
rescue Authorio::Exceptions::InvalidGrant => error
|
64
|
+
render oauth_error 'invalid_grant', error.message
|
71
65
|
end
|
72
66
|
|
73
67
|
def issue_token
|
74
68
|
req = validate_request
|
75
|
-
raise Authorio::Exceptions::InvalidGrant
|
69
|
+
raise Authorio::Exceptions::InvalidGrant, 'missing scope' if req.scope.blank?
|
76
70
|
token = Token.create(authorio_user: req.authorio_user, scope: req.scope, client: req.client)
|
77
71
|
render json: {
|
78
|
-
'me': user_url(req.authorio_user),
|
79
72
|
'access_token': token.auth_token,
|
80
73
|
'scope': req.scope,
|
81
74
|
'expires_in': Authorio.configuration.token_expiration,
|
82
75
|
'token_type': 'Bearer'
|
83
|
-
}
|
84
|
-
rescue Authorio::Exceptions::InvalidGrant
|
85
|
-
render invalid_grant
|
76
|
+
}.merge(profile(req))
|
77
|
+
rescue Authorio::Exceptions::InvalidGrant => error
|
78
|
+
render oauth_error, 'invalid_grant', error.message
|
86
79
|
end
|
87
80
|
|
88
81
|
def verify_token
|
@@ -103,29 +96,14 @@ module Authorio
|
|
103
96
|
|
104
97
|
private
|
105
98
|
|
106
|
-
def
|
107
|
-
|
108
|
-
unless params.key?(param) && !params[param].empty?
|
109
|
-
raise ::ActionController::ParameterMissing.new(param)
|
110
|
-
end
|
111
|
-
end
|
112
|
-
params.permit(:response_type, :code_challenge, :code_challenge_method, :scope, :me, :redirect_uri, :client_id, :state)
|
113
|
-
end
|
114
|
-
|
115
|
-
def auth_user_params
|
116
|
-
params.require(:user).permit(:password, :url, :remember_me)
|
99
|
+
def scope_params
|
100
|
+
params.require(:scope).permit(scope: [])
|
117
101
|
end
|
118
102
|
|
119
|
-
def
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
def user_url(user)
|
124
|
-
"#{host_with_protocol}#{user.profile_path}"
|
125
|
-
end
|
126
|
-
|
127
|
-
def invalid_grant
|
128
|
-
{ json: { 'error': 'invalid_grant' }, status: :bad_request }
|
103
|
+
def oauth_error(error, message=nil)
|
104
|
+
resp = { json: {'error': error} }
|
105
|
+
resp[:json]['error_message'] = message unless message.nil?
|
106
|
+
{ json: resp, status: :bad_request }
|
129
107
|
end
|
130
108
|
|
131
109
|
def token_expired
|
@@ -142,33 +120,42 @@ module Authorio
|
|
142
120
|
|
143
121
|
def invalid_request?(req)
|
144
122
|
req.redirect_uri != params[:redirect_uri] \
|
145
|
-
|
146
|
-
|
123
|
+
|| req.client != params[:client_id] \
|
124
|
+
|| req.created_at < Time.now - 10.minutes
|
147
125
|
end
|
148
126
|
|
149
127
|
def validate_request
|
150
128
|
req = Request.find_by code: params[:code]
|
151
|
-
raise Authorio::Exceptions::InvalidGrant
|
129
|
+
raise Authorio::Exceptions::InvalidGrant, "code not found" if req.nil?
|
152
130
|
req.delete
|
153
|
-
raise Authorio::Exceptions::InvalidGrant
|
131
|
+
raise Authorio::Exceptions::InvalidGrant, "validation failed" if invalid_request?(req) || code_challenge_failed?
|
154
132
|
req
|
155
133
|
end
|
156
134
|
|
135
|
+
def profile(request)
|
136
|
+
profile = { me: user_url(request.authorio_user) }
|
137
|
+
if request.scope
|
138
|
+
scopes = request.scope.split
|
139
|
+
if scopes.include? 'profile'
|
140
|
+
profile['profile'] = {
|
141
|
+
name: request.authorio_user.full_name,
|
142
|
+
url: request.authorio_user.url,
|
143
|
+
photo: request.authorio_user.photo
|
144
|
+
}.compact
|
145
|
+
if scopes.include? 'email'
|
146
|
+
profile['profile']['email'] = request.authorio_user.email
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
profile
|
151
|
+
end
|
152
|
+
|
157
153
|
def bearer_token
|
158
154
|
bearer = /^Bearer /
|
159
155
|
header = request.headers['Authorization']
|
160
156
|
header.gsub(bearer, '') if header && header.match(bearer)
|
161
157
|
end
|
162
158
|
|
163
|
-
def user_session
|
164
|
-
cookie = cookies.encrypted[:user] and Session.find_by_cookie(cookie)
|
165
|
-
end
|
166
|
-
|
167
|
-
def redirect_back_with_error(error)
|
168
|
-
flash[:alert] = error
|
169
|
-
redirect_back fallback_location: Authorio.authorization_path, allow_other_host: false
|
170
|
-
end
|
171
|
-
|
172
159
|
def authenticate_user_from_session_or_password
|
173
160
|
session = user_session
|
174
161
|
if session
|
@@ -180,5 +167,15 @@ module Authorio
|
|
180
167
|
end
|
181
168
|
end
|
182
169
|
|
170
|
+
ScopeDescriptions = {
|
171
|
+
'profile': 'View basic profile information',
|
172
|
+
'email': 'View your email address',
|
173
|
+
'offline_access': 'Keep you logged in permanently (until revoked)'
|
174
|
+
}
|
175
|
+
|
176
|
+
def user_scope_description(scope)
|
177
|
+
ScopeDescriptions.dig(scope.to_sym) || scope
|
178
|
+
end
|
179
|
+
|
183
180
|
end
|
184
181
|
end
|
@@ -0,0 +1,66 @@
|
|
1
|
+
module Authorio
|
2
|
+
class AuthorioController < ActionController::Base
|
3
|
+
layout 'authorio/main'
|
4
|
+
|
5
|
+
helper_method :logged_in?, :rememberable?, :user_url, :current_user
|
6
|
+
|
7
|
+
def index
|
8
|
+
if logged_in?
|
9
|
+
redirect_to edit_user_path(1)
|
10
|
+
else
|
11
|
+
redirect_to new_session_path
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def user_session
|
16
|
+
if session[:user_id]
|
17
|
+
Session.new(authorio_user: Authorio::User.find(session[:user_id]))
|
18
|
+
else
|
19
|
+
cookie = cookies.encrypted[:user] and Session.find_by_cookie(cookie)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
def logged_in?
|
24
|
+
!user_session.nil?
|
25
|
+
end
|
26
|
+
|
27
|
+
def rememberable?
|
28
|
+
!logged_in? && Authorio.configuration.local_session_lifetime
|
29
|
+
end
|
30
|
+
|
31
|
+
def authorized?
|
32
|
+
redirect_to new_session_path unless logged_in?
|
33
|
+
end
|
34
|
+
|
35
|
+
def current_user
|
36
|
+
user_session&.authorio_user.id
|
37
|
+
end
|
38
|
+
|
39
|
+
def user_url(user)
|
40
|
+
"#{host_with_protocol}#{user.profile_path}"
|
41
|
+
end
|
42
|
+
|
43
|
+
protected
|
44
|
+
|
45
|
+
def auth_user_params
|
46
|
+
params.require(:user).permit(:password, :url, :remember_me)
|
47
|
+
end
|
48
|
+
|
49
|
+
def set_session_cookie(user)
|
50
|
+
cookies.encrypted[:user] = {
|
51
|
+
value: Authorio::Session.create(authorio_user: user).as_cookie,
|
52
|
+
expires: Authorio.configuration.local_session_lifetime
|
53
|
+
}
|
54
|
+
end
|
55
|
+
|
56
|
+
def redirect_back_with_error(error)
|
57
|
+
flash[:alert] = error
|
58
|
+
redirect_back fallback_location: Authorio.authorization_path, allow_other_host: false
|
59
|
+
end
|
60
|
+
|
61
|
+
def host_with_protocol
|
62
|
+
"#{request.scheme}://#{request.host}"
|
63
|
+
end
|
64
|
+
|
65
|
+
end
|
66
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module Authorio
|
2
|
+
class SessionsController < AuthorioController
|
3
|
+
|
4
|
+
# GET /session/new
|
5
|
+
def new
|
6
|
+
@session = Session.new(authorio_user: User.first)
|
7
|
+
end
|
8
|
+
|
9
|
+
# POST /session
|
10
|
+
def create
|
11
|
+
user = User.find_by! profile_path: URI(auth_user_params[:url]).path
|
12
|
+
raise Exceptions::InvalidPassword unless user.authenticate(auth_user_params[:password])
|
13
|
+
set_session_cookie(user) if auth_user_params[:remember_me]
|
14
|
+
|
15
|
+
# Even if we don't have a permanent remember-me session, we make a temporary session
|
16
|
+
session[:user_id] = user.id
|
17
|
+
redirect_to edit_user_path(user)
|
18
|
+
rescue Exceptions::InvalidPassword
|
19
|
+
redirect_back_with_error "Incorrect password. Try again."
|
20
|
+
end
|
21
|
+
|
22
|
+
# DELETE /session
|
23
|
+
def destroy
|
24
|
+
reset_session
|
25
|
+
if (cookie = cookies.encrypted[:user]) && session = Session.find_by_cookie(cookie)
|
26
|
+
cookies.delete :user
|
27
|
+
session.destroy
|
28
|
+
end
|
29
|
+
redirect_to new_session_path
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Authorio
|
2
|
+
class UsersController < AuthorioController
|
3
|
+
|
4
|
+
before_action :authorized?
|
5
|
+
|
6
|
+
# GET /users/:id/edit
|
7
|
+
def edit
|
8
|
+
@user = User.find(params[:id])
|
9
|
+
end
|
10
|
+
|
11
|
+
# PATCH /users/:id
|
12
|
+
def update
|
13
|
+
User.find(params[:id]).update(user_params)
|
14
|
+
flash[:info] = "Profile Saved"
|
15
|
+
redirect_to edit_user_path
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def user_params
|
21
|
+
params.require(:user).permit(:url, :photo, :full_name, :email)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/app/models/authorio/user.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
<%= stylesheet_link_tag "authorio/auth" %>
|
2
1
|
<% content_for :title, "Authorio Login" %>
|
3
2
|
|
4
3
|
<div class="container authorio-auth">
|
@@ -7,26 +6,10 @@
|
|
7
6
|
<div class="col-md-4 auth-panel">
|
8
7
|
<h3>Authorio</h3>
|
9
8
|
<div class="client-row">
|
10
|
-
|
9
|
+
<span class="client"><%= params[:client_id] %></span> wants to authenticate
|
10
|
+
<% if @scope %>and also<% end %>
|
11
11
|
</div>
|
12
|
-
<%=
|
13
|
-
<%= form.label(:url, "User URL") %>
|
14
|
-
<%= form.text_field(:url, value: params[:me], readonly: true) %>
|
15
|
-
<% unless @user_logged_in_locally %>
|
16
|
-
<%= form.label(:password, "Password") %>
|
17
|
-
<%= form.password_field(:password, autofocus: true) %>
|
18
|
-
<% if @rememberable %>
|
19
|
-
<%= label_tag(:remember_me, class: 'remember') do %>
|
20
|
-
<%= form.check_box :remember_me %>
|
21
|
-
<span class='r-m'>Remember me for <%= distance_of_time_in_words Authorio.configuration.local_session_lifetime -%></span>
|
22
|
-
<% end %>
|
23
|
-
<% end %>
|
24
|
-
<% end %>
|
25
|
-
<div class='auth-btn-row'>
|
26
|
-
<%= form.submit("Cancel", class: 'btn btn-default auth-btn') %>
|
27
|
-
<%= form.submit("Sign in", class: 'btn btn-success auth-btn') %>
|
28
|
-
</div>
|
29
|
-
<% end %>
|
12
|
+
<%= render 'shared/login_form', target: authorize_user_path(@user), user: @user, scopes: @scope, cancel: true %>
|
30
13
|
</div>
|
31
14
|
<div class="col-md-4"></div>
|
32
15
|
</div>
|
@@ -0,0 +1,15 @@
|
|
1
|
+
<%= stylesheet_link_tag "authorio/auth" %>
|
2
|
+
<% content_for :title, "Authorio Local Login" %>
|
3
|
+
|
4
|
+
<div class="container authorio-auth">
|
5
|
+
<div class="row">
|
6
|
+
<div class="col-md-4"></div>
|
7
|
+
<div class="col-md-4 auth-panel">
|
8
|
+
<h3>Authorio</h3>
|
9
|
+
<div class="client-row">Local Login</div>
|
10
|
+
<%= render 'shared/login_form', target: session_path(@session),
|
11
|
+
user: @session.authorio_user, scopes: nil, cancel: false %>
|
12
|
+
</div>
|
13
|
+
<div class="col-md-4"></div>
|
14
|
+
</div>
|
15
|
+
</div>
|
@@ -0,0 +1,25 @@
|
|
1
|
+
<%= stylesheet_link_tag "authorio/auth" %>
|
2
|
+
<% content_for :title, "Account Settings" %>
|
3
|
+
|
4
|
+
<div class="container authorio-auth">
|
5
|
+
<div class="row">
|
6
|
+
<div class="col-md-4"></div>
|
7
|
+
<div class="col-md-4 auth-panel">
|
8
|
+
<h3>Account Settings</h3>
|
9
|
+
<%= form_with model: @user do |form| %>
|
10
|
+
<%= form.label(:full_name, "Full Name") %>
|
11
|
+
<%= form.text_field(:full_name) %>
|
12
|
+
<%= form.label(:url, "URL") %>
|
13
|
+
<%= form.text_field(:url) %>
|
14
|
+
<%= form.label(:photo, "Photo URL") %>
|
15
|
+
<%= form.text_field(:photo) %>
|
16
|
+
<%= form.label(:email, "Email") %>
|
17
|
+
<%= form.text_field(:email) %>
|
18
|
+
<div class='auth-btn-row'>
|
19
|
+
<%= form.submit("Save Changes", class: 'btn btn-success auth-btn') %>
|
20
|
+
</div>
|
21
|
+
<% end -%>
|
22
|
+
</div>
|
23
|
+
<div class="col-md-4"></div>
|
24
|
+
</div>
|
25
|
+
</div>
|
@@ -11,9 +11,20 @@
|
|
11
11
|
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u"
|
12
12
|
crossorigin="anonymous">
|
13
13
|
|
14
|
-
<%= stylesheet_link_tag
|
14
|
+
<%= stylesheet_link_tag "authorio/application", media: "all" %>
|
15
|
+
<%= stylesheet_link_tag "authorio/auth" %>
|
15
16
|
</head>
|
16
|
-
<body
|
17
|
+
<body>
|
18
|
+
|
19
|
+
<% if logged_in? %>
|
20
|
+
<div class="topbar">
|
21
|
+
<ul>
|
22
|
+
<li>Authorio</li>
|
23
|
+
<li><a href="<%= edit_user_path(current_user) -%>">Account Settings</a></li>
|
24
|
+
<li><a href="<%= logout_path(method: :delete) -%>">Log Out</a></li>
|
25
|
+
</ul>
|
26
|
+
</div>
|
27
|
+
<% end -%>
|
17
28
|
|
18
29
|
<% flash.each do |key, value| %>
|
19
30
|
<div class="alert alert-warning">
|
@@ -0,0 +1,36 @@
|
|
1
|
+
<%= form_with(model: user, url: target, method: :post) do |form| %>
|
2
|
+
<% if scopes %>
|
3
|
+
<%= fields_for :scope do |req_scope| %>
|
4
|
+
<div class="scopes">
|
5
|
+
<ul class="scope">
|
6
|
+
<% for scope in scopes %>
|
7
|
+
<li>
|
8
|
+
<%= label_tag(:scope, class: 'scope-label') do %>
|
9
|
+
<%= req_scope.check_box(:scope, {multiple: true, checked: true}, scope, nil) %>
|
10
|
+
<%= user_scope_description scope %>
|
11
|
+
<% end -%>
|
12
|
+
</li>
|
13
|
+
<%- end %>
|
14
|
+
</ul>
|
15
|
+
</div>
|
16
|
+
<% end %>
|
17
|
+
<% end -%>
|
18
|
+
<%= form.label(:url, "User URL") %>
|
19
|
+
<%= form.text_field(:url, value: params[:me] || user_url(user), readonly: true) %>
|
20
|
+
<% unless logged_in? %>
|
21
|
+
<%= form.label(:password, "Password") %>
|
22
|
+
<%= form.password_field(:password, autofocus: true) %>
|
23
|
+
<% if rememberable? %>
|
24
|
+
<%= label_tag(:remember_me, class: 'remember') do %>
|
25
|
+
<%= form.check_box :remember_me %>
|
26
|
+
<span class='r-m'>Remember me for <%= distance_of_time_in_words Authorio.configuration.local_session_lifetime -%></span>
|
27
|
+
<% end %>
|
28
|
+
<% end %>
|
29
|
+
<% end %>
|
30
|
+
<div class='auth-btn-row'>
|
31
|
+
<% if cancel %>
|
32
|
+
<%= form.submit("Cancel", class: 'btn btn-default auth-btn') %>
|
33
|
+
<% end %>
|
34
|
+
<%= form.submit("Sign in", class: 'btn btn-success auth-btn') %>
|
35
|
+
</div>
|
36
|
+
<% end %>
|
data/config/routes.rb
CHANGED
@@ -1,9 +1,12 @@
|
|
1
1
|
Authorio::Engine.routes.draw do
|
2
2
|
get Authorio.configuration.authorization_endpoint, controller: 'auth', action: 'authorization_interface'
|
3
3
|
post Authorio.configuration.authorization_endpoint, controller: 'auth', action: 'send_profile'
|
4
|
-
resources :users do
|
4
|
+
resources :users, only: [:edit, :update] do
|
5
5
|
post 'authorize', on: :member, to: 'auth#authorize_user'
|
6
6
|
end
|
7
|
+
resource :session, only: [:new, :create]
|
8
|
+
get 'session' => 'sessions#destroy', as: 'logout'
|
7
9
|
get Authorio.configuration.token_endpoint, controller: 'auth', action: 'verify_token'
|
8
10
|
post Authorio.configuration.token_endpoint, controller: 'auth', action: 'issue_token'
|
9
|
-
|
11
|
+
root to: 'authorio#index'
|
12
|
+
end
|
data/lib/authorio/engine.rb
CHANGED
data/lib/authorio/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authorio
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Meckler
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-08-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -114,6 +114,9 @@ files:
|
|
114
114
|
- app/assets/stylesheets/authorio/application.css
|
115
115
|
- app/assets/stylesheets/authorio/auth.css
|
116
116
|
- app/controllers/authorio/auth_controller.rb
|
117
|
+
- app/controllers/authorio/authorio_controller.rb
|
118
|
+
- app/controllers/authorio/sessions_controller.rb
|
119
|
+
- app/controllers/authorio/users_controller.rb
|
117
120
|
- app/helpers/authorio/tag_helper.rb
|
118
121
|
- app/jobs/authorio/application_job.rb
|
119
122
|
- app/models/authorio/application_record.rb
|
@@ -122,13 +125,17 @@ files:
|
|
122
125
|
- app/models/authorio/token.rb
|
123
126
|
- app/models/authorio/user.rb
|
124
127
|
- app/views/authorio/auth/authorization_interface.html.erb
|
128
|
+
- app/views/authorio/sessions/new.html.erb
|
129
|
+
- app/views/authorio/users/edit.html.erb
|
125
130
|
- app/views/layouts/authorio/main.html.erb
|
131
|
+
- app/views/shared/_login_form.html.erb
|
126
132
|
- config/routes.rb
|
127
133
|
- db/migrate/20210627230156_create_authorio_users.rb
|
128
134
|
- db/migrate/20210627230416_create_authorio_requests.rb
|
129
135
|
- db/migrate/20210707230416_create_authorio_tokens.rb
|
130
136
|
- db/migrate/20210723161041_add_expiry_to_tokens.rb
|
131
137
|
- db/migrate/20210726164625_create_authorio_sessions.rb
|
138
|
+
- db/migrate/20210801184120_add_profile_to_users.rb
|
132
139
|
- lib/authorio.rb
|
133
140
|
- lib/authorio/configuration.rb
|
134
141
|
- lib/authorio/engine.rb
|