capcoauth 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +15 -35
- data/.rspec +1 -0
- data/.travis.yml +11 -0
- data/Gemfile +10 -0
- data/Gemfile.lock +171 -0
- data/README.md +3 -1
- data/Rakefile +7 -7
- data/app/controllers/capcoauth/application_controller.rb +8 -1
- data/app/controllers/capcoauth/login_controller.rb +5 -1
- data/app/controllers/capcoauth/logout_controller.rb +2 -6
- data/capcoauth.gemspec +13 -6
- data/lib/capcoauth/config.rb +52 -58
- data/lib/capcoauth/errors.rb +3 -0
- data/lib/capcoauth/notifications.rb +11 -9
- data/lib/capcoauth/oauth/access_token.rb +0 -1
- data/lib/capcoauth/oauth/token_verifier.rb +15 -10
- data/lib/capcoauth/rails/helpers.rb +45 -44
- data/lib/capcoauth/version.rb +11 -1
- data/lib/capcoauth.rb +1 -9
- data/lib/generators/capcoauth/templates/initializer.rb +23 -12
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/controllers/application_controller.rb +3 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +12 -0
- data/spec/dummy/app/controllers/home_controller.rb +17 -0
- data/spec/dummy/app/controllers/metal_controller.rb +11 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +11 -0
- data/spec/dummy/app/models/user.rb +3 -0
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config/application.rb +16 -0
- data/spec/dummy/config/boot.rb +6 -0
- data/spec/dummy/config/database.yml +15 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +29 -0
- data/spec/dummy/config/environments/production.rb +62 -0
- data/spec/dummy/config/environments/test.rb +42 -0
- data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +6 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/capcoauth.rb +41 -0
- data/spec/dummy/config/initializers/secret_token.rb +9 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/routes.rb +50 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +9 -0
- data/spec/dummy/db/schema.rb +22 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +26 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/generators/install_generator_spec.rb +27 -0
- data/spec/generators/templates/routes.rb +3 -0
- data/spec/lib/capcoauth/oauth/access_token_spec.rb +31 -0
- data/spec/lib/capcoauth/oauth/token_verifier_spec.rb +121 -0
- data/spec/lib/capcoauth/oauth/ttl_cache_spec.rb +88 -0
- data/spec/lib/capcoauth_spec.rb +3 -0
- data/spec/lib/config_spec.rb +215 -0
- data/spec/lib/version_spec.rb +25 -0
- data/spec/spec_helper.rb +8 -0
- data/spec/spec_helper_integration.rb +50 -0
- data/spec/support/http_method_shim.rb +38 -0
- data/spec/support/orm/active_record.rb +3 -0
- metadata +172 -12
- data/lib/capcoauth/helpers/controller.rb +0 -15
@@ -3,66 +3,55 @@ module Capcoauth
|
|
3
3
|
module Helpers
|
4
4
|
extend ActiveSupport::Concern
|
5
5
|
|
6
|
-
def
|
6
|
+
def current_user
|
7
|
+
|
8
|
+
# Don't return user for options requests
|
7
9
|
return if request.method_symbol == :options
|
8
|
-
capcoauth_token.verify
|
9
10
|
|
10
|
-
#
|
11
|
-
if
|
12
|
-
|
13
|
-
end
|
11
|
+
# Bypass if already set/verified
|
12
|
+
return @current_user if @_current_user_performed
|
13
|
+
@_current_user_performed = true
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
if handle_sessions?
|
18
|
-
session[:previous_url] = request.url
|
19
|
-
session.delete(:capcoauth_access_token)
|
20
|
-
session.delete(:capcoauth_user_id)
|
21
|
-
end
|
22
|
-
handle_unauthorized unless performed?
|
23
|
-
rescue OAuth::TokenVerifier::OtherError
|
24
|
-
if handle_sessions?
|
25
|
-
session.delete(:capcoauth_access_token)
|
26
|
-
session.delete(:capcoauth_user_id)
|
27
|
-
end
|
28
|
-
handle_internal_server_error unless performed?
|
29
|
-
end
|
15
|
+
# Get the token object
|
16
|
+
token, error = verify_token.first
|
30
17
|
|
31
|
-
|
32
|
-
|
18
|
+
# Skip lookup if application credentials or token invalid
|
19
|
+
return nil if token.blank? or error.present?
|
33
20
|
|
34
21
|
# Resolve user ID using configuration resolver unless already found
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
Capcoauth.configuration.logger.warn "[CapcOAuth] Error looking up user - #{e.message}"
|
40
|
-
end
|
22
|
+
begin
|
23
|
+
@current_user = Capcoauth.configuration.user_resolver.call(token.user_id) if token.user_id.present?
|
24
|
+
rescue ActiveRecord::RecordNotFound => e
|
25
|
+
Capcoauth.configuration.logger.info "[CapcOAuth] Error looking up user: #{e.message}"
|
41
26
|
end
|
42
27
|
|
43
28
|
@current_user
|
44
29
|
end
|
45
30
|
|
46
|
-
def
|
47
|
-
@_capcoauth_token ||= OAuth::AccessToken.new(token_from_request)
|
48
|
-
end
|
31
|
+
def verify_authorized!
|
49
32
|
|
50
|
-
|
33
|
+
# Don't verify options requests
|
34
|
+
return if request.method_symbol == :options
|
51
35
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
end
|
58
|
-
end
|
36
|
+
# Run verification
|
37
|
+
token, error, reason = verify_token
|
38
|
+
|
39
|
+
# Re-raise exceptions with human-readable reason
|
40
|
+
raise Capcoauth::AuthorizationError, reason if error == :unauthorized_error
|
59
41
|
|
60
|
-
|
61
|
-
|
42
|
+
# Raise an error if token has an ID but the user wasn't found
|
43
|
+
if Capcoauth.configuration.require_user and token.user_id.present? and current_user.blank?
|
44
|
+
Capcoauth.configuration.logger.info "[CapcOAuth] Error looking up user: Token returned ID ##{token.user_id} but resolver didn't return user"
|
45
|
+
raise Capcoauth::AuthorizationError, 'Your credentials were valid, but you aren\'t currently active in this system'
|
62
46
|
end
|
47
|
+
end
|
63
48
|
|
64
49
|
private
|
65
50
|
|
51
|
+
def capcoauth_token_unverified
|
52
|
+
@_capcoauth_token_unverified ||= OAuth::AccessToken.new(token_from_request)
|
53
|
+
end
|
54
|
+
|
66
55
|
def token_from_request
|
67
56
|
token_from_param || token_from_session || token_from_headers
|
68
57
|
end
|
@@ -80,8 +69,20 @@ module Capcoauth
|
|
80
69
|
(header_parts.length == 2 and header_parts[0].downcase == 'bearer') ? header_parts[1] : header_parts[0]
|
81
70
|
end
|
82
71
|
|
83
|
-
def
|
84
|
-
|
72
|
+
def verify_token
|
73
|
+
@_verify_token_response ||= begin
|
74
|
+
[capcoauth_token_unverified.verify, nil, nil]
|
75
|
+
rescue OAuth::TokenVerifier::UnauthorizedError => e
|
76
|
+
session.delete(:capcoauth_access_token)
|
77
|
+
session.delete(:capcoauth_user_id)
|
78
|
+
Capcoauth.configuration.logger.info "[CapcOAuth] Verification unauthorized: #{e.message}"
|
79
|
+
[nil, :unauthorized_error, e.message]
|
80
|
+
rescue OAuth::TokenVerifier::OtherError => e
|
81
|
+
session.delete(:capcoauth_access_token)
|
82
|
+
session.delete(:capcoauth_user_id)
|
83
|
+
Capcoauth.configuration.logger.info "[CapcOAuth] Verification error: #{e.message}"
|
84
|
+
[nil, :other_error, e.message]
|
85
|
+
end
|
85
86
|
end
|
86
87
|
end
|
87
88
|
end
|
data/lib/capcoauth/version.rb
CHANGED
data/lib/capcoauth.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'capcoauth/version'
|
2
2
|
require 'capcoauth/engine'
|
3
|
+
require 'capcoauth/errors'
|
3
4
|
require 'capcoauth/config'
|
4
5
|
require 'capcoauth/notifications'
|
5
6
|
|
@@ -7,17 +8,8 @@ require 'capcoauth/oauth/access_token'
|
|
7
8
|
require 'capcoauth/oauth/token_verifier'
|
8
9
|
require 'capcoauth/oauth/ttl_cache'
|
9
10
|
|
10
|
-
require 'capcoauth/helpers/controller'
|
11
|
-
|
12
11
|
require 'capcoauth/rails/routes'
|
13
12
|
require 'capcoauth/rails/helpers'
|
14
13
|
|
15
14
|
module Capcoauth
|
16
|
-
def self.configured?
|
17
|
-
@config.present?
|
18
|
-
end
|
19
|
-
|
20
|
-
def self.installed?
|
21
|
-
configured?
|
22
|
-
end
|
23
15
|
end
|
@@ -4,30 +4,41 @@ Capcoauth.configure do |config|
|
|
4
4
|
raise 'CapcOAuth Client secret not found' if ENV['CAPCOAUTH_CLIENT_SECRET'].nil?
|
5
5
|
|
6
6
|
# CapcOAuth Client ID
|
7
|
-
config.client_id ENV['CAPCOAUTH_CLIENT_ID']
|
7
|
+
# config.client_id = ENV['CAPCOAUTH_CLIENT_ID']
|
8
8
|
|
9
9
|
# CapcOAuth Client Secret
|
10
|
-
config.client_secret ENV['CAPCOAUTH_CLIENT_SECRET']
|
10
|
+
# config.client_secret = ENV['CAPCOAUTH_CLIENT_SECRET']
|
11
11
|
|
12
12
|
# Configures how often to check CapcOAuth for access token validity, in seconds. If this value is too high,
|
13
|
-
# application will continue to serve requests to users
|
14
|
-
# config.token_verify_ttl 10
|
13
|
+
# application will continue to serve requests to users after the token is revoked
|
14
|
+
# config.token_verify_ttl = 10
|
15
15
|
|
16
16
|
# Configure a cache store to use to cache access token resolutions.
|
17
|
-
# config.cache_store ActiveSupport::Cache::MemoryStore.new
|
17
|
+
# config.cache_store = ActiveSupport::Cache::MemoryStore.new
|
18
18
|
|
19
|
-
#
|
20
|
-
# config.capcoauth_url ENV['CAPCOAUTH_URL']
|
19
|
+
# CapcOAuth service URL
|
20
|
+
# config.capcoauth_url = ENV['CAPCOAUTH_URL']
|
21
21
|
|
22
22
|
# Configure the logger to use for OAuth events
|
23
|
-
config.logger Rails.logger
|
23
|
+
config.logger = Rails.logger
|
24
24
|
|
25
25
|
# Configure which ID to identify the user by. Valid options are :capcoauth, :capco (4-letter), :psoft, :e_number, and :cit
|
26
|
-
# config.user_id_field :capcoauth
|
26
|
+
# config.user_id_field = :capcoauth
|
27
27
|
|
28
28
|
# Block to resolve your user from the provided CapcOAuth ID. If you're using different primary keys than any of the
|
29
29
|
# existing services, you might consider looking up by an external ID, e.g. `User.find_by_psoft_id! capcoauth_user_id`
|
30
|
-
config.user_resolver
|
31
|
-
User.
|
32
|
-
|
30
|
+
config.user_resolver = -> capcoauth_user_id {
|
31
|
+
User.find_by! id: capcoauth_user_id # optionally, include `, inactive: false`, `, admin: true`, etc.
|
32
|
+
}
|
33
|
+
|
34
|
+
# When an access token has a user_id, but the user is not found via the above resolver, should an
|
35
|
+
# Capcoauth::AuthorizationException be raised? Helpful when you're syncing the user database separately and the user
|
36
|
+
# doesn't exist locally. Application credentials (token without a user_id) will still be allowed regardless.
|
37
|
+
# config.require_user = true
|
38
|
+
|
39
|
+
# Use CapcOAuth URL from config
|
40
|
+
# config.capcoauth_url = ENV['CAPCOAUTH_URL']
|
41
|
+
|
42
|
+
# Don't redirect to last URL on login since we don't want to see API responses
|
43
|
+
# config.perform_login_redirects = true
|
33
44
|
end
|
data/spec/dummy/Rakefile
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
3
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
4
|
+
|
5
|
+
require File.expand_path('../config/application', __FILE__)
|
6
|
+
|
7
|
+
Dummy::Application.load_tasks
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class HomeController < ApplicationController
|
2
|
+
def index
|
3
|
+
end
|
4
|
+
|
5
|
+
def sign_in
|
6
|
+
session[:user_id] = if Rails.env.development?
|
7
|
+
User.first || User.create!(name: 'Joe')
|
8
|
+
else
|
9
|
+
User.first
|
10
|
+
end
|
11
|
+
redirect_to '/'
|
12
|
+
end
|
13
|
+
|
14
|
+
def callback
|
15
|
+
render plain: 'ok'
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class MetalController < ActionController::Metal
|
2
|
+
include AbstractController::Callbacks
|
3
|
+
include ActionController::Head
|
4
|
+
include Capcoauth::Rails::Helpers
|
5
|
+
|
6
|
+
before_action :verify_authorized!
|
7
|
+
|
8
|
+
def index
|
9
|
+
self.response_body = { ok: true }.to_json
|
10
|
+
end
|
11
|
+
end
|
File without changes
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
require 'rails/all'
|
4
|
+
|
5
|
+
Bundler.require(*Rails.groups)
|
6
|
+
|
7
|
+
require 'yaml'
|
8
|
+
require 'active_record/railtie'
|
9
|
+
|
10
|
+
module Dummy
|
11
|
+
class Application < Rails::Application
|
12
|
+
# Settings in config/environments/* take precedence over those specified here.
|
13
|
+
# Application configuration should go into files in config/initializers
|
14
|
+
# -- all .rb files in that directory are automatically loaded.
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# In the development environment your application's code is reloaded on
|
5
|
+
# every request. This slows down response time but is perfect for development
|
6
|
+
# since you don't have to restart the web server when you make code changes.
|
7
|
+
config.cache_classes = false
|
8
|
+
|
9
|
+
# Show full error reports and disable caching
|
10
|
+
config.consider_all_requests_local = true
|
11
|
+
config.action_controller.perform_caching = false
|
12
|
+
|
13
|
+
# Don't care if the mailer can't send
|
14
|
+
# config.action_mailer.raise_delivery_errors = false
|
15
|
+
|
16
|
+
# Print deprecation notices to the Rails logger
|
17
|
+
config.active_support.deprecation = :log
|
18
|
+
|
19
|
+
# Only use best-standards-support built into browsers
|
20
|
+
config.action_dispatch.best_standards_support = :builtin
|
21
|
+
|
22
|
+
# Do not compress assets
|
23
|
+
config.assets.compress = false
|
24
|
+
|
25
|
+
# Expands the lines which load the assets
|
26
|
+
config.assets.debug = true
|
27
|
+
|
28
|
+
config.eager_load = false
|
29
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# Code is not reloaded between requests
|
5
|
+
config.cache_classes = true
|
6
|
+
|
7
|
+
# Full error reports are disabled and caching is turned on
|
8
|
+
config.consider_all_requests_local = false
|
9
|
+
config.action_controller.perform_caching = true
|
10
|
+
|
11
|
+
# Disable Rails's static asset server (Apache or nginx will already do this)
|
12
|
+
config.serve_static_assets = false
|
13
|
+
|
14
|
+
# Compress JavaScripts and CSS
|
15
|
+
config.assets.compress = true
|
16
|
+
|
17
|
+
# Don't fallback to assets pipeline if a precompiled asset is missed
|
18
|
+
config.assets.compile = false
|
19
|
+
|
20
|
+
# Generate digests for assets URLs
|
21
|
+
config.assets.digest = true
|
22
|
+
|
23
|
+
# Defaults to Rails.root.join("public/assets")
|
24
|
+
# config.assets.manifest = YOUR_PATH
|
25
|
+
|
26
|
+
# Specifies the header that your server uses for sending files
|
27
|
+
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
|
28
|
+
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
|
29
|
+
|
30
|
+
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
31
|
+
# config.force_ssl = true
|
32
|
+
|
33
|
+
# See everything in the log (default is :info)
|
34
|
+
# config.log_level = :debug
|
35
|
+
|
36
|
+
# Use a different logger for distributed setups
|
37
|
+
# config.logger = SyslogLogger.new
|
38
|
+
|
39
|
+
# Use a different cache store in production
|
40
|
+
# config.cache_store = :mem_cache_store
|
41
|
+
|
42
|
+
# Enable serving of images, stylesheets, and JavaScripts from an asset server
|
43
|
+
# config.action_controller.asset_host = "http://assets.example.com"
|
44
|
+
|
45
|
+
# Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
|
46
|
+
# config.assets.precompile += %w( search.js )
|
47
|
+
|
48
|
+
# Disable delivery errors, bad email addresses will be ignored
|
49
|
+
# config.action_mailer.raise_delivery_errors = false
|
50
|
+
|
51
|
+
# Enable threaded mode
|
52
|
+
# config.threadsafe!
|
53
|
+
|
54
|
+
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
55
|
+
# the I18n.default_locale when a translation can not be found)
|
56
|
+
config.i18n.fallbacks = true
|
57
|
+
|
58
|
+
# Send deprecation notices to registered listeners
|
59
|
+
config.active_support.deprecation = :notify
|
60
|
+
|
61
|
+
config.eager_load = true
|
62
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# The test environment is used exclusively to run your application's
|
5
|
+
# test suite. You never need to work with it otherwise. Remember that
|
6
|
+
# your test database is "scratch space" for the test suite and is wiped
|
7
|
+
# and recreated between test runs. Don't rely on the data there!
|
8
|
+
config.cache_classes = true
|
9
|
+
|
10
|
+
# Do not eager load code on boot. This avoids loading your whole application
|
11
|
+
# just for the purpose of running a single test. If you are using a tool that
|
12
|
+
# preloads Rails for running tests, you may have to set it to true.
|
13
|
+
config.eager_load = false
|
14
|
+
|
15
|
+
# Show full error reports and disable caching
|
16
|
+
config.consider_all_requests_local = true
|
17
|
+
config.action_controller.perform_caching = false
|
18
|
+
|
19
|
+
# Raise exceptions instead of rendering exception templates
|
20
|
+
config.action_dispatch.show_exceptions = false
|
21
|
+
|
22
|
+
# Disable request forgery protection in test environment
|
23
|
+
config.action_controller.allow_forgery_protection = false
|
24
|
+
|
25
|
+
# Tell Action Mailer not to deliver emails to the real world.
|
26
|
+
# The :test delivery method accumulates sent emails in the
|
27
|
+
# ActionMailer::Base.deliveries array.
|
28
|
+
# config.action_mailer.delivery_method = :test
|
29
|
+
|
30
|
+
# Use SQL instead of Active Record's schema dumper when creating the test database.
|
31
|
+
# This is necessary if your schema can't be completely dumped by the schema dumper,
|
32
|
+
# like if you have constraints or database-specific column types
|
33
|
+
# config.active_record.schema_format = :sql
|
34
|
+
|
35
|
+
# Print deprecation notices to the stderr
|
36
|
+
config.active_support.deprecation = :stderr
|
37
|
+
|
38
|
+
config.eager_load = true
|
39
|
+
|
40
|
+
config.active_record.table_name_prefix = TABLE_NAME_PREFIX.to_s
|
41
|
+
config.active_record.table_name_suffix = TABLE_NAME_SUFFIX.to_s
|
42
|
+
end
|
@@ -0,0 +1,6 @@
|
|
1
|
+
# Require `belongs_to` associations by default. This is a new Rails 5.0
|
2
|
+
# default, so it is introduced as a configuration option to ensure that apps
|
3
|
+
# made on earlier versions of Rails are not affected when upgrading.
|
4
|
+
if Rails.version.to_i >= 5
|
5
|
+
Rails.application.config.active_record.belongs_to_required_by_default = true
|
6
|
+
end
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
4
|
+
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
5
|
+
|
6
|
+
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
7
|
+
# Rails.backtrace_cleaner.remove_silencers!
|
@@ -0,0 +1,41 @@
|
|
1
|
+
Capcoauth.configure do |config|
|
2
|
+
|
3
|
+
# CapcOAuth Client ID
|
4
|
+
config.client_id = 'client_id_123'
|
5
|
+
|
6
|
+
# CapcOAuth Client Secret
|
7
|
+
config.client_secret = 'client_secret_456'
|
8
|
+
|
9
|
+
# Configures how often to check CapcOAuth for access token validity, in seconds. If this value is too high,
|
10
|
+
# application will continue to serve requests to users after the token is revoked
|
11
|
+
# config.token_verify_ttl = 10
|
12
|
+
|
13
|
+
# Configure a cache store to use to cache access token resolutions.
|
14
|
+
# config.cache_store = ActiveSupport::Cache::MemoryStore.new
|
15
|
+
|
16
|
+
# CapcOAuth service URL
|
17
|
+
# config.capcoauth_url = ENV['CAPCOAUTH_URL']
|
18
|
+
|
19
|
+
# Configure the logger to use for OAuth events
|
20
|
+
config.logger = Rails.logger
|
21
|
+
|
22
|
+
# Configure which ID to identify the user by. Valid options are :capcoauth, :capco (4-letter), :psoft, :e_number, and :cit
|
23
|
+
# config.user_id_field = :capcoauth
|
24
|
+
|
25
|
+
# Block to resolve your user from the provided CapcOAuth ID. If you're using different primary keys than any of the
|
26
|
+
# existing services, you might consider looking up by an external ID, e.g. `User.find_by_psoft_id! capcoauth_user_id`
|
27
|
+
config.user_resolver = -> capcoauth_user_id {
|
28
|
+
User.find_by! id: capcoauth_user_id # optionally, include `, inactive: false`, `, admin: true`, etc.
|
29
|
+
}
|
30
|
+
|
31
|
+
# When an access token has a user_id, but the user is not found via the above resolver, should an
|
32
|
+
# Capcoauth::AuthorizationException be raised? Helpful when you're syncing the user database separately and the user
|
33
|
+
# doesn't exist locally. Application credentials (token without a user_id) will still be allowed regardless.
|
34
|
+
# config.require_user = true
|
35
|
+
|
36
|
+
# Use CapcOAuth URL from config
|
37
|
+
# config.capcoauth_url = ENV['CAPCOAUTH_URL']
|
38
|
+
|
39
|
+
# Don't redirect to last URL on login since we don't want to see API responses
|
40
|
+
# config.perform_login_redirects = true
|
41
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Your secret key for verifying the integrity of signed cookies.
|
4
|
+
# If you change this key, all old signed cookies will become invalid!
|
5
|
+
# Make sure the secret is at least 30 characters and all random,
|
6
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
7
|
+
Dummy::Application.config.secret_key_base =
|
8
|
+
Dummy::Application.config.secret_token =
|
9
|
+
'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159dc74c4f0573345c1bfa713b5d756e1491fc0b098567e8a619e2f8d268eda86a20a720d05d633780'
|
@@ -0,0 +1,8 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
|
4
|
+
|
5
|
+
# Use the database for sessions instead of the cookie-based default,
|
6
|
+
# which shouldn't be used to store highly confidential information
|
7
|
+
# (create the session table with "rails generate session_migration")
|
8
|
+
# Dummy::Application.config.session_store :active_record_store
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
#
|
3
|
+
# This file contains settings for ActionController::ParamsWrapper which
|
4
|
+
# is enabled by default.
|
5
|
+
|
6
|
+
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
|
7
|
+
ActiveSupport.on_load(:action_controller) do
|
8
|
+
wrap_parameters format: [:json]
|
9
|
+
end
|
10
|
+
|
11
|
+
# Disable root element in JSON by default.
|
12
|
+
ActiveSupport.on_load(:active_record) do
|
13
|
+
self.include_root_in_json = false
|
14
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
Rails.application.routes.draw do
|
2
|
+
use_capcoauth
|
3
|
+
use_capcoauth scope: 'scope'
|
4
|
+
|
5
|
+
scope 'inner_space' do
|
6
|
+
use_capcoauth scope: 'scope' do
|
7
|
+
controllers login: 'custom_login',
|
8
|
+
logout: 'custom_logout',
|
9
|
+
callback: 'custom_callback'
|
10
|
+
|
11
|
+
as login: 'custom_in',
|
12
|
+
logout: 'custom_out',
|
13
|
+
callback: 'custom_cb'
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
scope 'space' do
|
18
|
+
use_capcoauth do
|
19
|
+
controllers login: 'custom_login',
|
20
|
+
logout: 'custom_logout',
|
21
|
+
callback: 'custom_callback'
|
22
|
+
|
23
|
+
as login: 'custom_in',
|
24
|
+
logout: 'custom_out',
|
25
|
+
callback: 'custom_cb'
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
scope 'outer_space' do
|
30
|
+
use_capcoauth do
|
31
|
+
controllers login: 'custom_login',
|
32
|
+
logout: 'custom_logout',
|
33
|
+
callback: 'custom_callback'
|
34
|
+
|
35
|
+
as login: 'custom_in',
|
36
|
+
logout: 'custom_out',
|
37
|
+
callback: 'custom_cb'
|
38
|
+
|
39
|
+
skip_controllers :login, :logout, :callback
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
get 'metal.json' => 'metal#index'
|
44
|
+
|
45
|
+
get '/callback', to: 'home#callback'
|
46
|
+
get '/sign_in', to: 'home#sign_in'
|
47
|
+
resources :semi_protected_resources
|
48
|
+
resources :full_protected_resources
|
49
|
+
root to: 'home#index'
|
50
|
+
end
|