brycesch-devise_oauth2_providable 1.1.7

data/config/routes.rb

@@ -0,0 +1,6 @@
+Devise::Oauth2Providable::Engine.routes.draw do
+  root :to => "authorizations#new"
+  resources :authorizations, :only => :create
+  match 'authorize' => 'authorizations#new', via: [:get, :post]
+  resource :token, :only => [:create, :destroy]
+end

data/db/migrate/20111014160714_create_devise_oauth2_providable_schema.rb

@@ -0,0 +1,58 @@
+class CreateDeviseOauth2ProvidableSchema < ActiveRecord::Migration
+  def change
+    create_table :oauth2_clients do |t|
+      t.string :name
+      t.string :redirect_uri
+      t.string :website
+      t.string :identifier
+      t.string :secret
+      t.timestamps
+    end
+
+    change_table :oauth2_clients do |t|
+      t.index :identifier, :unique => true
+    end
+
+    create_table :oauth2_access_tokens do |t|
+      t.belongs_to :user, :client, :refresh_token
+      t.string :token
+      t.datetime :expires_at
+      t.timestamps
+    end
+
+    change_table :oauth2_access_tokens do |t|
+      t.index :token, :unique => true
+      t.index :expires_at
+      t.index :user_id
+      t.index :client_id
+    end
+
+    create_table :oauth2_refresh_tokens do |t|
+      t.belongs_to :user, :client
+      t.string :token
+      t.datetime :expires_at
+      t.timestamps
+    end
+
+    change_table :oauth2_refresh_tokens do |t|
+      t.index :token, :unique => true
+      t.index :expires_at
+      t.index :user_id
+      t.index :client_id
+    end
+
+    create_table :oauth2_authorization_codes do |t|
+      t.belongs_to :user, :client
+      t.string :token
+      t.datetime :expires_at
+      t.timestamps
+    end
+
+    change_table :oauth2_authorization_codes do |t|
+      t.index :token, :unique => true
+      t.index :expires_at
+      t.index :user_id
+      t.index :client_id
+    end
+  end
+end

data/devise_oauth2_providable.gemspec

@@ -0,0 +1,33 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "devise/oauth2_providable/version"
+
+Gem::Specification.new do |spec|
+  spec.name        = "brycesch-devise_oauth2_providable"
+  spec.version     = Devise::Oauth2Providable::VERSION
+  spec.platform    = Gem::Platform::RUBY
+  spec.authors     = ["Ryan Sonnek"]
+  spec.email       = ["ryan@socialcast.com"]
+  spec.homepage    = ""
+  spec.summary     = %q{OAuth2 Provider for Rails applications}
+  spec.description = %q{Rails3 engine that adds OAuth2 Provider support to any application built with Devise authentication}
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "rails", "> 4.0.0"
+  spec.add_dependency "devise"
+  spec.add_dependency "rack-oauth2"
+
+  spec.add_development_dependency 'rspec-rails', "~> 2.14.2"
+  # spec.add_development_dependency 'minitest'
+  spec.add_development_dependency 'shoulda-matchers'
+  spec.add_development_dependency 'shoulda-kept-assign-to'
+  spec.add_development_dependency "database_cleaner", "~> 1.3.0"
+  spec.add_development_dependency "sqlite3"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "factory_girl_rails"
+end

data/lib/devise/oauth2_providable/engine.rb

@@ -0,0 +1,16 @@
+module Devise
+  module Oauth2Providable
+    class Engine < Rails::Engine
+      config.devise_oauth2_providable = ActiveSupport::OrderedOptions.new
+      config.devise_oauth2_providable.access_token_expires_in       = 15.minutes
+      config.devise_oauth2_providable.refresh_token_expires_in      = 1.month
+      config.devise_oauth2_providable.authorization_code_expires_in = 1.minute
+
+      engine_name 'oauth2'
+      isolate_namespace Devise::Oauth2Providable
+      initializer "devise_oauth2_providable.initialize_application", :before=> :load_config_initializers do |app|
+        app.config.filter_parameters << :client_secret
+      end
+    end
+  end
+end

data/lib/devise/oauth2_providable/expirable_token.rb

@@ -0,0 +1,56 @@
+require 'active_support/concern'
+require 'active_record'
+
+module Devise
+  module Oauth2Providable
+    module ExpirableToken
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def expires_according_to(config_name)
+          cattr_accessor :default_lifetime
+          self.default_lifetime = Rails.application.config.devise_oauth2_providable[config_name]
+
+          belongs_to :user
+          belongs_to :client
+
+          after_initialize :init_token, :on => :create, :unless => :token?
+          after_initialize :init_expires_at, :on => :create, :unless => :expires_at?
+          validates :expires_at, :presence => true
+          validates :client, :presence => true
+          validates :token, :presence => true, :uniqueness => true
+
+          default_scope lambda {
+            where(self.arel_table[:expires_at].gteq(Time.now.utc))
+          }
+
+          include LocalInstanceMethods
+        end
+      end
+
+      module LocalInstanceMethods
+        # number of seconds until the token expires
+        def expires_in
+          (expires_at - Time.now.utc).to_i
+        end
+
+        # forcefully expire the token
+        def expired!
+          self.expires_at = Time.now.utc
+          self.save!
+        end
+
+        private
+
+        def init_token
+          self.token = Devise::Oauth2Providable.random_id
+        end
+        def init_expires_at
+          self.expires_at = self.default_lifetime.from_now
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send :include, Devise::Oauth2Providable::ExpirableToken

data/lib/devise/oauth2_providable/models/oauth2_authorization_code_grantable.rb

@@ -0,0 +1,6 @@
+module Devise
+  module Models
+    module Oauth2AuthorizationCodeGrantable
+    end
+  end
+end

data/lib/devise/oauth2_providable/models/oauth2_password_grantable.rb

@@ -0,0 +1,6 @@
+module Devise
+  module Models
+    module Oauth2PasswordGrantable
+    end
+  end
+end

data/lib/devise/oauth2_providable/models/oauth2_providable.rb

@@ -0,0 +1,13 @@
+require 'devise/models'
+
+module Devise
+  module Models
+    module Oauth2Providable
+      extend ActiveSupport::Concern
+      included do
+        has_many :access_tokens, :class_name => 'Devise::Oauth2Providable::AccessToken'
+        has_many :authorization_codes, :class_name => 'Devise::Oauth2Providable::AuthorizationCode'
+      end
+    end
+  end
+end

data/lib/devise/oauth2_providable/models/oauth2_refresh_token_grantable.rb

@@ -0,0 +1,6 @@
+module Devise
+  module Models
+    module Oauth2RefreshTokenGrantable
+    end
+  end
+end

data/lib/devise/oauth2_providable/strategies/oauth2_authorization_code_grant_type_strategy.rb

@@ -0,0 +1,21 @@
+require 'devise/oauth2_providable/strategies/oauth2_grant_type_strategy'
+
+module Devise
+  module Strategies
+    class Oauth2AuthorizationCodeGrantTypeStrategy < Oauth2GrantTypeStrategy
+      def grant_type
+        'authorization_code'
+      end
+
+      def authenticate_grant_type(client)
+        if code = client.authorization_codes.find_by_token(params[:code])
+          success! code.user
+        else
+          oauth_error! :invalid_grant, 'invalid authorization code request'
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:oauth2_authorization_code_grantable, Devise::Strategies::Oauth2AuthorizationCodeGrantTypeStrategy)

data/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb

@@ -0,0 +1,44 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    class Oauth2GrantTypeStrategy < Authenticatable
+
+      def store?
+        false
+      end
+
+      def valid?
+        params[:controller] == 'devise/oauth2_providable/tokens' && request.post? && params[:grant_type] == grant_type
+      end
+
+      # defined by subclass
+      def grant_type
+      end
+
+      # defined by subclass
+      def authenticate_grant_type(client)
+      end
+
+      def authenticate!
+        client_id, client_secret = request.authorization ? decode_credentials : [params[:client_id], params[:client_secret]]
+        client = Devise::Oauth2Providable::Client.find_by_identifier client_id
+        if client && client.secret == client_secret
+          env[Devise::Oauth2Providable::CLIENT_ENV_REF] = client
+          authenticate_grant_type(client)
+        else
+          oauth_error! :invalid_client, 'invalid client credentials'
+        end
+      end
+
+      # return custom error response in accordance with the oauth spec
+      # see http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.3
+      def oauth_error!(error_code = :invalid_request, description = nil)
+        body = {:error => error_code}
+        body[:error_description] = description if description
+        custom! [400, {'Content-Type' => 'application/json'}, [body.to_json]]
+        throw :warden
+      end
+    end
+  end
+end

data/lib/devise/oauth2_providable/strategies/oauth2_password_grant_type_strategy.rb

@@ -0,0 +1,22 @@
+require 'devise/oauth2_providable/strategies/oauth2_grant_type_strategy'
+
+module Devise
+  module Strategies
+    class Oauth2PasswordGrantTypeStrategy < Oauth2GrantTypeStrategy
+      def grant_type
+        'password'
+      end
+
+      def authenticate_grant_type(client)
+        resource = mapping.to.find_for_database_authentication(mapping.to.authentication_keys.first => params[:username])
+        if validate(resource) { resource.valid_password?(params[:password]) }
+          success! resource
+        else
+          oauth_error! :invalid_grant, 'invalid password authentication request'
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:oauth2_password_grantable, Devise::Strategies::Oauth2PasswordGrantTypeStrategy)

data/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb

@@ -0,0 +1,31 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    class Oauth2Providable < Authenticatable
+
+      def store?
+        false
+      end
+
+      def valid?
+        @req = Rack::OAuth2::Server::Resource::Bearer::Request.new(env)
+        @req.oauth2?
+      end
+
+      def authenticate!
+        @req.setup!
+        token = Devise::Oauth2Providable::AccessToken.find_by_token @req.access_token
+        env[Devise::Oauth2Providable::CLIENT_ENV_REF] = token.client if token
+        resource = token ? token.user : nil
+        if validate(resource)
+          success! resource
+        else
+          fail(:invalid_token)
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:oauth2_providable, Devise::Strategies::Oauth2Providable)

data/lib/devise/oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy.rb

@@ -0,0 +1,22 @@
+require 'devise/oauth2_providable/strategies/oauth2_grant_type_strategy'
+
+module Devise
+  module Strategies
+    class Oauth2RefreshTokenGrantTypeStrategy < Oauth2GrantTypeStrategy
+      def grant_type
+        'refresh_token'
+      end
+
+      def authenticate_grant_type(client)
+        if refresh_token = client.refresh_tokens.find_by_token(params[:refresh_token])
+          env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF] = refresh_token
+          success! refresh_token.user
+        else
+          oauth_error! :invalid_grant, 'invalid refresh token'
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:oauth2_refresh_token_grantable, Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy)

data/lib/devise/oauth2_providable/version.rb

@@ -0,0 +1,5 @@
+module Devise
+  module Oauth2Providable
+    VERSION = "1.1.7"
+  end
+end

data/lib/devise_oauth2_providable.rb

@@ -0,0 +1,41 @@
+require 'devise'
+require 'rack/oauth2'
+require 'devise/oauth2_providable/engine'
+require 'devise/oauth2_providable/expirable_token'
+require 'devise/oauth2_providable/strategies/oauth2_providable_strategy'
+require 'devise/oauth2_providable/strategies/oauth2_password_grant_type_strategy'
+require 'devise/oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy'
+require 'devise/oauth2_providable/strategies/oauth2_authorization_code_grant_type_strategy'
+require 'devise/oauth2_providable/models/oauth2_providable'
+require 'devise/oauth2_providable/models/oauth2_password_grantable'
+require 'devise/oauth2_providable/models/oauth2_refresh_token_grantable'
+require 'devise/oauth2_providable/models/oauth2_authorization_code_grantable'
+
+module Devise
+  module Oauth2Providable
+    CLIENT_ENV_REF = 'oauth2.client'
+    REFRESH_TOKEN_ENV_REF = "oauth2.refresh_token"
+
+    class << self
+      def random_id
+        SecureRandom.hex
+      end
+      def table_name_prefix
+        'oauth2_'
+      end
+    end
+  end
+end
+
+Devise.add_module(:oauth2_providable,
+  :strategy => true,
+  :model => 'devise/oauth2_providable/models/oauth2_providable')
+Devise.add_module(:oauth2_password_grantable, 
+  :strategy => true,
+  :model => 'devise/oauth2_providable/models/oauth2_password_grantable')
+Devise.add_module(:oauth2_refresh_token_grantable, 
+  :strategy => true,
+  :model => 'devise/oauth2_providable/models/oauth2_refresh_token_grantable')
+Devise.add_module(:oauth2_authorization_code_grantable,
+  :strategy => true,
+  :model => 'devise/oauth2_providable/models/oauth2_authorization_code_grantable')

data/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+ENGINE_PATH = File.expand_path('../..',  __FILE__)
+load File.expand_path('../../spec/dummy/script/rails',  __FILE__)

data/spec/controllers/authorizations_controller_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Devise::Oauth2Providable::AuthorizationsController do
+  routes { Devise::Oauth2Providable::Engine.routes }
+  describe 'GET #new' do
+    context 'with valid redirect_uri' do
+      let(:user) { FactoryGirl.create :user }
+      let(:client) { FactoryGirl.create :client }
+      let(:redirect_uri) { client.redirect_uri }
+      before do
+        sign_in user
+        get :new, :client_id => client.identifier, :redirect_uri => redirect_uri, response_type: 'code'
+      end
+      it { should respond_with :success }
+      # it { should respond_with_content_type :html }
+      it { should assign_to(:redirect_uri).with(redirect_uri) }
+      it { should assign_to(:response_type) }
+      it { should render_template 'devise/oauth2_providable/authorizations/new' }
+    end
+    context 'with invalid redirect_uri' do
+      let(:user) { FactoryGirl.create :user }
+      let(:client) { FactoryGirl.create :client }
+      let(:redirect_uri) { 'http://example.com/foo/bar' }
+      before do
+        sign_in user
+        get :new, :client_id => client.identifier, :redirect_uri => redirect_uri, response_type: 'code'
+      end
+      it { should respond_with :bad_request }
+      # it { should respond_with_content_type :html }
+    end
+  end
+end