capcoauth 0.1.4 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9a84d574dab09d66611c3a8d525d0480cb5aeabf
-  data.tar.gz: aab1b067b415ffad7199f4a3174e84e7c2fec81f
+  metadata.gz: 413293494a485db6a7d32e5f7ebb599b0a140dd1
+  data.tar.gz: f37a26cb400e3c5092b2958799551e13ee433af0
 SHA512:
-  metadata.gz: aa9cf3ee808b75df538536d81040544faa5251d6450fcd1c95416d8d731276361fa9b10fa73448562da5df13e4b6caeecb1d1ef51dc0da00c3661cd18c7195da
-  data.tar.gz: e220ad1bbefff4ba8f399b75c1acb6a6045fedce7eb46d5f575049a17bc5118dab6a2836b6ac11fbd823dc17733270b3b731536f10987ffa1eb24242556a319c
+  metadata.gz: a6401723ff07e5dc867d4fbbac9a2142c5bba2139d34b0c5969ff1737cb83f5d90fa261103e689eb289b23dce44ba0b046a488f1845496d1554d277ec1878162
+  data.tar.gz: 2d591b42756602ac29116859f224a0780408ddefaf303f53ce3b41d5340504d61fbc49a84242bcb32c655f2b9f5f39830749ca4bf43f5d62753f677e5452e606

data/README.md

@@ -79,6 +79,15 @@ whatever TTL value you set in your initializer.  This saves time by preventing e
 CapcOAuth for approval.  This can be increased or decreased at your discretion, but should be kept to a relatively low
 value.
 
+## API-only applications
+
+Simply remove `use_capcoauth` from `routes.rb`, or don't add it if you created your own initializer.
+
+By default, this gem assumes you're using a normal Rails application, and thus adds `use_capcoauth` to your `routes.rb`
+file.  When `use_capcoauth` is used, it signals the gem to allow redirects and session variables whenever an HTML
+request type is detected.  For API-only applications, it will only parse the `access_token` query param and
+`Authorization` headers.
+
 ## Bugs? Feature requests? Pull requests?
 
 Email me or submit via issue/pull request.

data/app/controllers/capcoauth/callback_controller.rb

@@ -3,10 +3,11 @@ require 'httparty'
 module Capcoauth
   class CallbackController < Capcoauth::ApplicationController
     def show
+
       # Abort if code not found
       return redirect_to root_url, alert: 'Authorization was canceled' unless params[:code].present?
 
-      response = HTTParty.post('https://capcoauth.capco.com/oauth/token', {
+      response = ::HTTParty.post("#{Capcoauth.configuration.capcoauth_url}/oauth/token", {
         body: {
           client_id: Capcoauth.configuration.client_id,
           client_secret: Capcoauth.configuration.client_secret,

data/app/controllers/capcoauth/login_controller.rb

@@ -3,12 +3,20 @@ require 'uri'
 module Capcoauth
   class LoginController < Capcoauth::ApplicationController
     def show
-      if capcoauth_token
-        redirect_to session[:previous_url].blank? ? root_url : session.delete(:previous_url), notice: 'You are already logged in'
-        return
+
+      # If set in session
+      if session[:capcoauth_access_token]
+
+        # Attempt to verify
+        begin
+          capcoauth_token.verify
+          redirect_to session.delete(:previous_url) || root_url, notice: 'You are already logged in'
+          return
+        rescue; end
       end
 
-      redirect_to "https://capcoauth.capco.com/oauth/authorize?client_id=#{Capcoauth.configuration.client_id}&redirect_uri=#{URI.encode(oauth_callback_url)}&response_type=code"
+      # Otherwise, redirect
+      redirect_to "#{Capcoauth.configuration.capcoauth_url}/oauth/authorize?client_id=#{Capcoauth.configuration.client_id}&redirect_uri=#{URI.encode(oauth_callback_url)}&response_type=code"
     end
   end
 end

data/app/controllers/capcoauth/logout_controller.rb

@@ -1,10 +1,10 @@
 module Capcoauth
   class LogoutController < Capcoauth::ApplicationController
-
     def show
       session.delete(:capcoauth_user_id)
-      if token = session.delete(:capcoauth_access_token)
-        OAuth::TTLCache.delete(token)
+      token = session.delete(:capcoauth_access_token)
+      if token
+        OAuth::TTLCache.remove(token)
         redirect_to root_url, notice: 'You have been logged out'
       else
         redirect_to root_url

data/capcoauth.gemspec

@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
   # s.test_files    = `git ls-files -- spec/*`.split("\n")
   s.require_paths = ['lib']
 
-  s.add_dependency 'railties', '~> 4.2'
+  s.add_dependency 'railties', ['>= 4.2', '< 6.0']
   s.add_dependency 'httparty', '~> 0.13'
 
   s.add_development_dependency 'rake', '~> 10.5'

data/lib/capcoauth/config.rb

@@ -16,6 +16,8 @@ module Capcoauth
   class Config
     attr_reader :client_id
     attr_reader :client_secret
+    attr_reader :logger
+    attr_accessor :using_routes
 
     class Builder
       def initialize(&block)
@@ -34,6 +36,10 @@ module Capcoauth
       def client_secret(client_secret)
         @config.instance_variable_set('@client_secret', client_secret)
       end
+
+      def logger(logger)
+        @config.instance_variable_set('@logger', logger)
+      end
     end
 
     module Option
@@ -67,5 +73,6 @@ module Capcoauth
     extend Option
 
     option :token_verify_ttl, default: 10
+    option :capcoauth_url, default: 'https://capcoauth.capco.com'
   end
 end

data/lib/capcoauth/helpers/controller.rb

@@ -3,10 +3,8 @@ module Capcoauth
     module Controller
       extend ActiveSupport::Concern
 
-      private
-
       def capcoauth_token
-        @token ||= OAuth::AccessToken.new(session[:capcoauth_access_token]).verify
+        @capcoauth_token ||= OAuth::AccessToken.new(session[:capcoauth_access_token])
       end
 
       def oauth_callback_url

data/lib/capcoauth/oauth/token_verifier.rb

@@ -1,27 +1,50 @@
+require 'httparty'
+
 module Capcoauth
   module OAuth
     class TokenVerifier
+
+      class UnauthorizedError < StandardError; end
+      class OtherError < StandardError; end
+
       def self.verify(access_token)
-        return nil if access_token.blank? or access_token.token.blank?
+        raise UnauthorizedError if access_token.blank? or access_token.token.blank?
         return access_token if TTLCache.valid?(access_token.token)
 
         # Call Capcoauth
-        response = HTTParty.get('https://capcoauth.capco.com/oauth/token/info', {
+        response = ::HTTParty.get("#{Capcoauth.configuration.capcoauth_url}/oauth/token/info", {
           headers: {
-            'Authorization' => "Bearer #{access_token.token}"
+            :'Authorization' => "Bearer #{access_token.token}"
           }
         })
 
         # Set the user_id from the token response
         if response.code == 200
-          TTLCache.update(access_token.token)
           access_token.user_id = response.parsed_response['resource_owner_id']
-          access_token
-        else
+          if response.parsed_response.fetch('application', {}).fetch('uid', nil) === Capcoauth.configuration.client_id
+            logger.info("CapcOAuth: The access token for user ##{access_token.user_id} was verified successfully") unless logger.nil?
+            TTLCache.update(access_token.token)
+            access_token
+          else
+            logger.info("CapcOAuth: The access token for user ##{access_token.user_id} was valid, but for a different OAuth client ID") unless logger.nil?
+            raise UnauthorizedError
+          end
+        elsif response.code == 401
           TTLCache.remove(access_token.token)
-          nil
+          logger.info("CapcOAuth: The access token was invalid, expired, or revoked") unless logger.nil?
+          raise UnauthorizedError
+        else
+          logger.info("CapcOAuth: Received unknown response") unless logger.nil?
+          logger.info(JSON.pretty_generate(response)) unless logger.nil?
+          raise OtherError
         end
       end
+
+      private
+
+      def self.logger
+        Capcoauth.configuration.logger
+      end
     end
   end
 end

data/lib/capcoauth/rails/helpers.rb

@@ -4,25 +4,74 @@ module Capcoauth
       extend ActiveSupport::Concern
 
       def verify_authorized!
-        if capcoauth_token
+        return if request.method_symbol == :options
+        capcoauth_token.verify
+
+        # Browser client
+        if handle_sessions?
           session.delete(:previous_url)
-        else
+        end
+
+        @current_user_id ||= capcoauth_token.user_id
+      rescue OAuth::TokenVerifier::UnauthorizedError
+        if handle_sessions?
+          session[:previous_url] = request.url
           session.delete(:capcoauth_access_token)
           session.delete(:capcoauth_user_id)
-          session[:previous_url] = request.url
-          redirect_to :auth_login
         end
+        handle_unauthorized
+      rescue OAuth::TokenVerifier::OtherError
+        if handle_sessions?
+          session.delete(:capcoauth_access_token)
+          session.delete(:capcoauth_user_id)
+        end
+        handle_internal_server_error
       end
 
       def current_user
-        User.find session[:capcoauth_user_id] if session[:capcoauth_user_id]
+        @user ||= User.find_by_id verify_authorized!
       end
 
+      protected
+
+        def handle_unauthorized
+          if handle_sessions?
+            redirect_to :auth_login
+          else
+            render plain: 'Unauthorized', status: :unauthorized
+          end
+        end
+
+        def handle_internal_server_error
+          render plain: 'Internal server error', status: :internal_server_error
+        end
+
       private
 
-      def capcoauth_token
-        @_capcoauth_token ||= OAuth::AccessToken.new(session[:capcoauth_access_token]).verify
-      end
+        def capcoauth_token
+          @_capcoauth_token ||= OAuth::AccessToken.new(token_from_request)
+        end
+
+        def token_from_request
+          token_from_param || token_from_session || token_from_headers
+        end
+
+        def token_from_param
+          params[:access_token]
+        end
+
+        def token_from_session
+          session[:capcoauth_access_token]
+        end
+
+        def token_from_headers
+          header_parts = (request.headers['AUTHORIZATION'] || '').split(' ')
+          (header_parts.length == 2 and header_parts[0].downcase == 'bearer') ? header_parts[1] : header_parts[0]
+        end
+
+        def handle_sessions?
+          request.format.html? and Capcoauth.configuration.using_routes
+        end
     end
   end
 end

data/lib/capcoauth/rails/routes.rb

@@ -7,6 +7,7 @@ module Capcoauth
       module Helper
         def use_capcoauth(options = {}, &block)
           Capcoauth::Rails::Routes.new(self, &block).generate_routes!(options)
+          Capcoauth.configuration.using_routes = true
         end
       end
 

data/lib/capcoauth/version.rb

@@ -1,3 +1,3 @@
 module Capcoauth
-  VERSION = '0.1.4'
+  VERSION = '0.2.0'
 end

data/lib/generators/capcoauth/templates/initializer.rb

@@ -1,11 +1,21 @@
 Capcoauth.configure do |config|
+
+  raise 'CapcOAuth Client ID not found' if ENV['CAPCOAUTH_CLIENT_ID'].nil?
+  raise 'CapcOAuth Client secret not found' if ENV['CAPCOAUTH_CLIENT_SECRET'].nil?
+
   # CapcOAuth Client ID
-  config.client_id 'YOUR APPLICATION CLIENT ID'
+  config.client_id ENV['CAPCOAUTH_CLIENT_ID']
 
   # CapcOAuth Client Secret
-  config.client_secret 'YOUR APPLICATION CLIENT SECRET'
+  config.client_secret ENV['CAPCOAUTH_CLIENT_SECRET']
 
   # Configures how often to check CapcOAuth for access token validity, in seconds.  If this value is too high,
   # application will continue to serve requests to users even after the token is revoked
   # config.token_verify_ttl 10
+
+  # Configure CapcOAuth service URL
+  # config.capcoauth_url ENV['CAPCOAUTH_URL']
+
+  # Configure the logger to use for OAuth events
+  config.logger Rails.logger
 end

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: capcoauth
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.2.0
 platform: ruby
 authors:
 - Adam Robertson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-07 00:00:00.000000000 Z
+date: 2016-09-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -79,7 +85,6 @@ files:
 - README.md
 - Rakefile
 - app/controllers/capcoauth/application_controller.rb
-- app/controllers/capcoauth/application_metal_controller.rb
 - app/controllers/capcoauth/callback_controller.rb
 - app/controllers/capcoauth/login_controller.rb
 - app/controllers/capcoauth/logout_controller.rb
@@ -119,7 +124,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Integration with Capcoauth authentication service

data/app/controllers/capcoauth/application_metal_controller.rb

@@ -1,15 +0,0 @@
-module Capcoauth
-  class ApplicationMetalController < ActionController::Metal
-    MODULES = [
-      ActionController::Instrumentation,
-      AbstractController::Rendering,
-      ActionController::Rendering,
-      ActionController::Renderers::All,
-      Helpers::Controller
-    ]
-
-    MODULES.each do |mod|
-      include mod
-    end
-  end
-end