capcoauth 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +15 -35
  3. data/.rspec +1 -0
  4. data/.travis.yml +11 -0
  5. data/Gemfile +10 -0
  6. data/Gemfile.lock +171 -0
  7. data/README.md +3 -1
  8. data/Rakefile +7 -7
  9. data/app/controllers/capcoauth/application_controller.rb +8 -1
  10. data/app/controllers/capcoauth/login_controller.rb +5 -1
  11. data/app/controllers/capcoauth/logout_controller.rb +2 -6
  12. data/capcoauth.gemspec +13 -6
  13. data/lib/capcoauth/config.rb +52 -58
  14. data/lib/capcoauth/errors.rb +3 -0
  15. data/lib/capcoauth/notifications.rb +11 -9
  16. data/lib/capcoauth/oauth/access_token.rb +0 -1
  17. data/lib/capcoauth/oauth/token_verifier.rb +15 -10
  18. data/lib/capcoauth/rails/helpers.rb +45 -44
  19. data/lib/capcoauth/version.rb +11 -1
  20. data/lib/capcoauth.rb +1 -9
  21. data/lib/generators/capcoauth/templates/initializer.rb +23 -12
  22. data/spec/dummy/Rakefile +7 -0
  23. data/spec/dummy/app/controllers/application_controller.rb +3 -0
  24. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +12 -0
  25. data/spec/dummy/app/controllers/home_controller.rb +17 -0
  26. data/spec/dummy/app/controllers/metal_controller.rb +11 -0
  27. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +11 -0
  28. data/spec/dummy/app/models/user.rb +3 -0
  29. data/spec/dummy/app/views/home/index.html.erb +0 -0
  30. data/spec/dummy/app/views/layouts/application.html.erb +14 -0
  31. data/spec/dummy/config/application.rb +16 -0
  32. data/spec/dummy/config/boot.rb +6 -0
  33. data/spec/dummy/config/database.yml +15 -0
  34. data/spec/dummy/config/environment.rb +5 -0
  35. data/spec/dummy/config/environments/development.rb +29 -0
  36. data/spec/dummy/config/environments/production.rb +62 -0
  37. data/spec/dummy/config/environments/test.rb +42 -0
  38. data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +6 -0
  39. data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
  40. data/spec/dummy/config/initializers/capcoauth.rb +41 -0
  41. data/spec/dummy/config/initializers/secret_token.rb +9 -0
  42. data/spec/dummy/config/initializers/session_store.rb +8 -0
  43. data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
  44. data/spec/dummy/config/routes.rb +50 -0
  45. data/spec/dummy/config.ru +4 -0
  46. data/spec/dummy/db/migrate/20111122132257_create_users.rb +9 -0
  47. data/spec/dummy/db/schema.rb +22 -0
  48. data/spec/dummy/public/404.html +26 -0
  49. data/spec/dummy/public/422.html +26 -0
  50. data/spec/dummy/public/500.html +26 -0
  51. data/spec/dummy/public/favicon.ico +0 -0
  52. data/spec/dummy/script/rails +6 -0
  53. data/spec/generators/install_generator_spec.rb +27 -0
  54. data/spec/generators/templates/routes.rb +3 -0
  55. data/spec/lib/capcoauth/oauth/access_token_spec.rb +31 -0
  56. data/spec/lib/capcoauth/oauth/token_verifier_spec.rb +121 -0
  57. data/spec/lib/capcoauth/oauth/ttl_cache_spec.rb +88 -0
  58. data/spec/lib/capcoauth_spec.rb +3 -0
  59. data/spec/lib/config_spec.rb +215 -0
  60. data/spec/lib/version_spec.rb +25 -0
  61. data/spec/spec_helper.rb +8 -0
  62. data/spec/spec_helper_integration.rb +50 -0
  63. data/spec/support/http_method_shim.rb +38 -0
  64. data/spec/support/orm/active_record.rb +3 -0
  65. metadata +172 -12
  66. data/lib/capcoauth/helpers/controller.rb +0 -15
@@ -3,66 +3,55 @@ module Capcoauth
3
3
  module Helpers
4
4
  extend ActiveSupport::Concern
5
5
 
6
- def verify_authorized!
6
+ def current_user
7
+
8
+ # Don't return user for options requests
7
9
  return if request.method_symbol == :options
8
- capcoauth_token.verify
9
10
 
10
- # Browser client
11
- if handle_sessions?
12
- session.delete(:previous_url)
13
- end
11
+ # Bypass if already set/verified
12
+ return @current_user if @_current_user_performed
13
+ @_current_user_performed = true
14
14
 
15
- @capcoauth_user_id ||= capcoauth_token.user_id
16
- rescue OAuth::TokenVerifier::UnauthorizedError
17
- if handle_sessions?
18
- session[:previous_url] = request.url
19
- session.delete(:capcoauth_access_token)
20
- session.delete(:capcoauth_user_id)
21
- end
22
- handle_unauthorized unless performed?
23
- rescue OAuth::TokenVerifier::OtherError
24
- if handle_sessions?
25
- session.delete(:capcoauth_access_token)
26
- session.delete(:capcoauth_user_id)
27
- end
28
- handle_internal_server_error unless performed?
29
- end
15
+ # Get the token object
16
+ token, error = verify_token.first
30
17
 
31
- def current_user
32
- verify_authorized!
18
+ # Skip lookup if application credentials or token invalid
19
+ return nil if token.blank? or error.present?
33
20
 
34
21
  # Resolve user ID using configuration resolver unless already found
35
- unless @current_user
36
- begin
37
- @current_user = Capcoauth.configuration.user_resolver.call(@capcoauth_user_id)
38
- rescue ActiveRecord::RecordNotFound => e
39
- Capcoauth.configuration.logger.warn "[CapcOAuth] Error looking up user - #{e.message}"
40
- end
22
+ begin
23
+ @current_user = Capcoauth.configuration.user_resolver.call(token.user_id) if token.user_id.present?
24
+ rescue ActiveRecord::RecordNotFound => e
25
+ Capcoauth.configuration.logger.info "[CapcOAuth] Error looking up user: #{e.message}"
41
26
  end
42
27
 
43
28
  @current_user
44
29
  end
45
30
 
46
- def capcoauth_token
47
- @_capcoauth_token ||= OAuth::AccessToken.new(token_from_request)
48
- end
31
+ def verify_authorized!
49
32
 
50
- protected
33
+ # Don't verify options requests
34
+ return if request.method_symbol == :options
51
35
 
52
- def handle_unauthorized
53
- if handle_sessions?
54
- redirect_to :auth_login
55
- else
56
- render plain: 'Unauthorized', status: :unauthorized
57
- end
58
- end
36
+ # Run verification
37
+ token, error, reason = verify_token
38
+
39
+ # Re-raise exceptions with human-readable reason
40
+ raise Capcoauth::AuthorizationError, reason if error == :unauthorized_error
59
41
 
60
- def handle_internal_server_error
61
- render plain: 'Internal server error', status: :internal_server_error
42
+ # Raise an error if token has an ID but the user wasn't found
43
+ if Capcoauth.configuration.require_user and token.user_id.present? and current_user.blank?
44
+ Capcoauth.configuration.logger.info "[CapcOAuth] Error looking up user: Token returned ID ##{token.user_id} but resolver didn't return user"
45
+ raise Capcoauth::AuthorizationError, 'Your credentials were valid, but you aren\'t currently active in this system'
62
46
  end
47
+ end
63
48
 
64
49
  private
65
50
 
51
+ def capcoauth_token_unverified
52
+ @_capcoauth_token_unverified ||= OAuth::AccessToken.new(token_from_request)
53
+ end
54
+
66
55
  def token_from_request
67
56
  token_from_param || token_from_session || token_from_headers
68
57
  end
@@ -80,8 +69,20 @@ module Capcoauth
80
69
  (header_parts.length == 2 and header_parts[0].downcase == 'bearer') ? header_parts[1] : header_parts[0]
81
70
  end
82
71
 
83
- def handle_sessions?
84
- request.format.html? and Capcoauth.configuration.using_routes
72
+ def verify_token
73
+ @_verify_token_response ||= begin
74
+ [capcoauth_token_unverified.verify, nil, nil]
75
+ rescue OAuth::TokenVerifier::UnauthorizedError => e
76
+ session.delete(:capcoauth_access_token)
77
+ session.delete(:capcoauth_user_id)
78
+ Capcoauth.configuration.logger.info "[CapcOAuth] Verification unauthorized: #{e.message}"
79
+ [nil, :unauthorized_error, e.message]
80
+ rescue OAuth::TokenVerifier::OtherError => e
81
+ session.delete(:capcoauth_access_token)
82
+ session.delete(:capcoauth_user_id)
83
+ Capcoauth.configuration.logger.info "[CapcOAuth] Verification error: #{e.message}"
84
+ [nil, :other_error, e.message]
85
+ end
85
86
  end
86
87
  end
87
88
  end
@@ -1,3 +1,13 @@
1
1
  module Capcoauth
2
- VERSION = '0.4.0'
2
+ def self.gem_version
3
+ Gem::Version.new VERSION::STRING
4
+ end
5
+
6
+ module VERSION
7
+ MAJOR = 0
8
+ MINOR = 5
9
+ PATCH = 0
10
+
11
+ STRING = [MAJOR, MINOR, PATCH].compact.join(".")
12
+ end
3
13
  end
data/lib/capcoauth.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  require 'capcoauth/version'
2
2
  require 'capcoauth/engine'
3
+ require 'capcoauth/errors'
3
4
  require 'capcoauth/config'
4
5
  require 'capcoauth/notifications'
5
6
 
@@ -7,17 +8,8 @@ require 'capcoauth/oauth/access_token'
7
8
  require 'capcoauth/oauth/token_verifier'
8
9
  require 'capcoauth/oauth/ttl_cache'
9
10
 
10
- require 'capcoauth/helpers/controller'
11
-
12
11
  require 'capcoauth/rails/routes'
13
12
  require 'capcoauth/rails/helpers'
14
13
 
15
14
  module Capcoauth
16
- def self.configured?
17
- @config.present?
18
- end
19
-
20
- def self.installed?
21
- configured?
22
- end
23
15
  end
@@ -4,30 +4,41 @@ Capcoauth.configure do |config|
4
4
  raise 'CapcOAuth Client secret not found' if ENV['CAPCOAUTH_CLIENT_SECRET'].nil?
5
5
 
6
6
  # CapcOAuth Client ID
7
- config.client_id ENV['CAPCOAUTH_CLIENT_ID']
7
+ # config.client_id = ENV['CAPCOAUTH_CLIENT_ID']
8
8
 
9
9
  # CapcOAuth Client Secret
10
- config.client_secret ENV['CAPCOAUTH_CLIENT_SECRET']
10
+ # config.client_secret = ENV['CAPCOAUTH_CLIENT_SECRET']
11
11
 
12
12
  # Configures how often to check CapcOAuth for access token validity, in seconds. If this value is too high,
13
- # application will continue to serve requests to users even after the token is revoked
14
- # config.token_verify_ttl 10
13
+ # application will continue to serve requests to users after the token is revoked
14
+ # config.token_verify_ttl = 10
15
15
 
16
16
  # Configure a cache store to use to cache access token resolutions.
17
- # config.cache_store ActiveSupport::Cache::MemoryStore.new
17
+ # config.cache_store = ActiveSupport::Cache::MemoryStore.new
18
18
 
19
- # Configure CapcOAuth service URL
20
- # config.capcoauth_url ENV['CAPCOAUTH_URL']
19
+ # CapcOAuth service URL
20
+ # config.capcoauth_url = ENV['CAPCOAUTH_URL']
21
21
 
22
22
  # Configure the logger to use for OAuth events
23
- config.logger Rails.logger
23
+ config.logger = Rails.logger
24
24
 
25
25
  # Configure which ID to identify the user by. Valid options are :capcoauth, :capco (4-letter), :psoft, :e_number, and :cit
26
- # config.user_id_field :capcoauth
26
+ # config.user_id_field = :capcoauth
27
27
 
28
28
  # Block to resolve your user from the provided CapcOAuth ID. If you're using different primary keys than any of the
29
29
  # existing services, you might consider looking up by an external ID, e.g. `User.find_by_psoft_id! capcoauth_user_id`
30
- config.user_resolver do |capcoauth_user_id|
31
- User.find capcoauth_user_id
32
- end
30
+ config.user_resolver = -> capcoauth_user_id {
31
+ User.find_by! id: capcoauth_user_id # optionally, include `, inactive: false`, `, admin: true`, etc.
32
+ }
33
+
34
+ # When an access token has a user_id, but the user is not found via the above resolver, should an
35
+ # Capcoauth::AuthorizationException be raised? Helpful when you're syncing the user database separately and the user
36
+ # doesn't exist locally. Application credentials (token without a user_id) will still be allowed regardless.
37
+ # config.require_user = true
38
+
39
+ # Use CapcOAuth URL from config
40
+ # config.capcoauth_url = ENV['CAPCOAUTH_URL']
41
+
42
+ # Don't redirect to last URL on login since we don't want to see API responses
43
+ # config.perform_login_redirects = true
33
44
  end
@@ -0,0 +1,7 @@
1
+ #!/usr/bin/env rake
2
+ # Add your own tasks in files placed in lib/tasks ending in .rake,
3
+ # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
4
+
5
+ require File.expand_path('../config/application', __FILE__)
6
+
7
+ Dummy::Application.load_tasks
@@ -0,0 +1,3 @@
1
+ class ApplicationController < ActionController::Base
2
+ protect_from_forgery
3
+ end
@@ -0,0 +1,12 @@
1
+ class FullProtectedResourcesController < ApplicationController
2
+ before_action :verify_authorized!, only: :show
3
+ before_action :verify_authorized!, only: :index
4
+
5
+ def index
6
+ render plain: 'index'
7
+ end
8
+
9
+ def show
10
+ render plain: 'show'
11
+ end
12
+ end
@@ -0,0 +1,17 @@
1
+ class HomeController < ApplicationController
2
+ def index
3
+ end
4
+
5
+ def sign_in
6
+ session[:user_id] = if Rails.env.development?
7
+ User.first || User.create!(name: 'Joe')
8
+ else
9
+ User.first
10
+ end
11
+ redirect_to '/'
12
+ end
13
+
14
+ def callback
15
+ render plain: 'ok'
16
+ end
17
+ end
@@ -0,0 +1,11 @@
1
+ class MetalController < ActionController::Metal
2
+ include AbstractController::Callbacks
3
+ include ActionController::Head
4
+ include Capcoauth::Rails::Helpers
5
+
6
+ before_action :verify_authorized!
7
+
8
+ def index
9
+ self.response_body = { ok: true }.to_json
10
+ end
11
+ end
@@ -0,0 +1,11 @@
1
+ class SemiProtectedResourcesController < ApplicationController
2
+ before_action :verify_authorized!, only: :index
3
+
4
+ def index
5
+ render plain: 'protected index'
6
+ end
7
+
8
+ def show
9
+ render plain: 'non protected show'
10
+ end
11
+ end
@@ -0,0 +1,3 @@
1
+ class User < ActiveRecord::Base
2
+ validates_presence_of :name
3
+ end
File without changes
@@ -0,0 +1,14 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>Dummy</title>
5
+ <%= csrf_meta_tags %>
6
+ </head>
7
+ <body>
8
+
9
+ <%= link_to "Sign in", '/auth/login' %>
10
+
11
+ <%= yield %>
12
+
13
+ </body>
14
+ </html>
@@ -0,0 +1,16 @@
1
+ require File.expand_path('../boot', __FILE__)
2
+
3
+ require 'rails/all'
4
+
5
+ Bundler.require(*Rails.groups)
6
+
7
+ require 'yaml'
8
+ require 'active_record/railtie'
9
+
10
+ module Dummy
11
+ class Application < Rails::Application
12
+ # Settings in config/environments/* take precedence over those specified here.
13
+ # Application configuration should go into files in config/initializers
14
+ # -- all .rb files in that directory are automatically loaded.
15
+ end
16
+ end
@@ -0,0 +1,6 @@
1
+ require 'rubygems'
2
+ require 'bundler/setup'
3
+
4
+ orm = ENV['BUNDLE_GEMFILE'].match(/Gemfile\.(.+)\.rb/)
5
+
6
+ $LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)
@@ -0,0 +1,15 @@
1
+ development:
2
+ adapter: sqlite3
3
+ database: db/development.sqlite3
4
+ pool: 5
5
+ timeout: 5000
6
+
7
+ test:
8
+ adapter: sqlite3
9
+ database: ":memory:"
10
+ timeout: 500
11
+
12
+ production:
13
+ adapter: sqlite3
14
+ database: ":memory:"
15
+ timeout: 500
@@ -0,0 +1,5 @@
1
+ # Load the rails application
2
+ require File.expand_path('../application', __FILE__)
3
+
4
+ # Initialize the rails application
5
+ Rails.application.initialize!
@@ -0,0 +1,29 @@
1
+ Dummy::Application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb
3
+
4
+ # In the development environment your application's code is reloaded on
5
+ # every request. This slows down response time but is perfect for development
6
+ # since you don't have to restart the web server when you make code changes.
7
+ config.cache_classes = false
8
+
9
+ # Show full error reports and disable caching
10
+ config.consider_all_requests_local = true
11
+ config.action_controller.perform_caching = false
12
+
13
+ # Don't care if the mailer can't send
14
+ # config.action_mailer.raise_delivery_errors = false
15
+
16
+ # Print deprecation notices to the Rails logger
17
+ config.active_support.deprecation = :log
18
+
19
+ # Only use best-standards-support built into browsers
20
+ config.action_dispatch.best_standards_support = :builtin
21
+
22
+ # Do not compress assets
23
+ config.assets.compress = false
24
+
25
+ # Expands the lines which load the assets
26
+ config.assets.debug = true
27
+
28
+ config.eager_load = false
29
+ end
@@ -0,0 +1,62 @@
1
+ Dummy::Application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb
3
+
4
+ # Code is not reloaded between requests
5
+ config.cache_classes = true
6
+
7
+ # Full error reports are disabled and caching is turned on
8
+ config.consider_all_requests_local = false
9
+ config.action_controller.perform_caching = true
10
+
11
+ # Disable Rails's static asset server (Apache or nginx will already do this)
12
+ config.serve_static_assets = false
13
+
14
+ # Compress JavaScripts and CSS
15
+ config.assets.compress = true
16
+
17
+ # Don't fallback to assets pipeline if a precompiled asset is missed
18
+ config.assets.compile = false
19
+
20
+ # Generate digests for assets URLs
21
+ config.assets.digest = true
22
+
23
+ # Defaults to Rails.root.join("public/assets")
24
+ # config.assets.manifest = YOUR_PATH
25
+
26
+ # Specifies the header that your server uses for sending files
27
+ # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
28
+ # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
29
+
30
+ # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
31
+ # config.force_ssl = true
32
+
33
+ # See everything in the log (default is :info)
34
+ # config.log_level = :debug
35
+
36
+ # Use a different logger for distributed setups
37
+ # config.logger = SyslogLogger.new
38
+
39
+ # Use a different cache store in production
40
+ # config.cache_store = :mem_cache_store
41
+
42
+ # Enable serving of images, stylesheets, and JavaScripts from an asset server
43
+ # config.action_controller.asset_host = "http://assets.example.com"
44
+
45
+ # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
46
+ # config.assets.precompile += %w( search.js )
47
+
48
+ # Disable delivery errors, bad email addresses will be ignored
49
+ # config.action_mailer.raise_delivery_errors = false
50
+
51
+ # Enable threaded mode
52
+ # config.threadsafe!
53
+
54
+ # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
55
+ # the I18n.default_locale when a translation can not be found)
56
+ config.i18n.fallbacks = true
57
+
58
+ # Send deprecation notices to registered listeners
59
+ config.active_support.deprecation = :notify
60
+
61
+ config.eager_load = true
62
+ end
@@ -0,0 +1,42 @@
1
+ Dummy::Application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb
3
+
4
+ # The test environment is used exclusively to run your application's
5
+ # test suite. You never need to work with it otherwise. Remember that
6
+ # your test database is "scratch space" for the test suite and is wiped
7
+ # and recreated between test runs. Don't rely on the data there!
8
+ config.cache_classes = true
9
+
10
+ # Do not eager load code on boot. This avoids loading your whole application
11
+ # just for the purpose of running a single test. If you are using a tool that
12
+ # preloads Rails for running tests, you may have to set it to true.
13
+ config.eager_load = false
14
+
15
+ # Show full error reports and disable caching
16
+ config.consider_all_requests_local = true
17
+ config.action_controller.perform_caching = false
18
+
19
+ # Raise exceptions instead of rendering exception templates
20
+ config.action_dispatch.show_exceptions = false
21
+
22
+ # Disable request forgery protection in test environment
23
+ config.action_controller.allow_forgery_protection = false
24
+
25
+ # Tell Action Mailer not to deliver emails to the real world.
26
+ # The :test delivery method accumulates sent emails in the
27
+ # ActionMailer::Base.deliveries array.
28
+ # config.action_mailer.delivery_method = :test
29
+
30
+ # Use SQL instead of Active Record's schema dumper when creating the test database.
31
+ # This is necessary if your schema can't be completely dumped by the schema dumper,
32
+ # like if you have constraints or database-specific column types
33
+ # config.active_record.schema_format = :sql
34
+
35
+ # Print deprecation notices to the stderr
36
+ config.active_support.deprecation = :stderr
37
+
38
+ config.eager_load = true
39
+
40
+ config.active_record.table_name_prefix = TABLE_NAME_PREFIX.to_s
41
+ config.active_record.table_name_suffix = TABLE_NAME_SUFFIX.to_s
42
+ end
@@ -0,0 +1,6 @@
1
+ # Require `belongs_to` associations by default. This is a new Rails 5.0
2
+ # default, so it is introduced as a configuration option to ensure that apps
3
+ # made on earlier versions of Rails are not affected when upgrading.
4
+ if Rails.version.to_i >= 5
5
+ Rails.application.config.active_record.belongs_to_required_by_default = true
6
+ end
@@ -0,0 +1,7 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4
+ # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5
+
6
+ # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7
+ # Rails.backtrace_cleaner.remove_silencers!
@@ -0,0 +1,41 @@
1
+ Capcoauth.configure do |config|
2
+
3
+ # CapcOAuth Client ID
4
+ config.client_id = 'client_id_123'
5
+
6
+ # CapcOAuth Client Secret
7
+ config.client_secret = 'client_secret_456'
8
+
9
+ # Configures how often to check CapcOAuth for access token validity, in seconds. If this value is too high,
10
+ # application will continue to serve requests to users after the token is revoked
11
+ # config.token_verify_ttl = 10
12
+
13
+ # Configure a cache store to use to cache access token resolutions.
14
+ # config.cache_store = ActiveSupport::Cache::MemoryStore.new
15
+
16
+ # CapcOAuth service URL
17
+ # config.capcoauth_url = ENV['CAPCOAUTH_URL']
18
+
19
+ # Configure the logger to use for OAuth events
20
+ config.logger = Rails.logger
21
+
22
+ # Configure which ID to identify the user by. Valid options are :capcoauth, :capco (4-letter), :psoft, :e_number, and :cit
23
+ # config.user_id_field = :capcoauth
24
+
25
+ # Block to resolve your user from the provided CapcOAuth ID. If you're using different primary keys than any of the
26
+ # existing services, you might consider looking up by an external ID, e.g. `User.find_by_psoft_id! capcoauth_user_id`
27
+ config.user_resolver = -> capcoauth_user_id {
28
+ User.find_by! id: capcoauth_user_id # optionally, include `, inactive: false`, `, admin: true`, etc.
29
+ }
30
+
31
+ # When an access token has a user_id, but the user is not found via the above resolver, should an
32
+ # Capcoauth::AuthorizationException be raised? Helpful when you're syncing the user database separately and the user
33
+ # doesn't exist locally. Application credentials (token without a user_id) will still be allowed regardless.
34
+ # config.require_user = true
35
+
36
+ # Use CapcOAuth URL from config
37
+ # config.capcoauth_url = ENV['CAPCOAUTH_URL']
38
+
39
+ # Don't redirect to last URL on login since we don't want to see API responses
40
+ # config.perform_login_redirects = true
41
+ end
@@ -0,0 +1,9 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Your secret key for verifying the integrity of signed cookies.
4
+ # If you change this key, all old signed cookies will become invalid!
5
+ # Make sure the secret is at least 30 characters and all random,
6
+ # no regular words or you'll be exposed to dictionary attacks.
7
+ Dummy::Application.config.secret_key_base =
8
+ Dummy::Application.config.secret_token =
9
+ 'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159dc74c4f0573345c1bfa713b5d756e1491fc0b098567e8a619e2f8d268eda86a20a720d05d633780'
@@ -0,0 +1,8 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
4
+
5
+ # Use the database for sessions instead of the cookie-based default,
6
+ # which shouldn't be used to store highly confidential information
7
+ # (create the session table with "rails generate session_migration")
8
+ # Dummy::Application.config.session_store :active_record_store
@@ -0,0 +1,14 @@
1
+ # Be sure to restart your server when you modify this file.
2
+ #
3
+ # This file contains settings for ActionController::ParamsWrapper which
4
+ # is enabled by default.
5
+
6
+ # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
7
+ ActiveSupport.on_load(:action_controller) do
8
+ wrap_parameters format: [:json]
9
+ end
10
+
11
+ # Disable root element in JSON by default.
12
+ ActiveSupport.on_load(:active_record) do
13
+ self.include_root_in_json = false
14
+ end
@@ -0,0 +1,50 @@
1
+ Rails.application.routes.draw do
2
+ use_capcoauth
3
+ use_capcoauth scope: 'scope'
4
+
5
+ scope 'inner_space' do
6
+ use_capcoauth scope: 'scope' do
7
+ controllers login: 'custom_login',
8
+ logout: 'custom_logout',
9
+ callback: 'custom_callback'
10
+
11
+ as login: 'custom_in',
12
+ logout: 'custom_out',
13
+ callback: 'custom_cb'
14
+ end
15
+ end
16
+
17
+ scope 'space' do
18
+ use_capcoauth do
19
+ controllers login: 'custom_login',
20
+ logout: 'custom_logout',
21
+ callback: 'custom_callback'
22
+
23
+ as login: 'custom_in',
24
+ logout: 'custom_out',
25
+ callback: 'custom_cb'
26
+ end
27
+ end
28
+
29
+ scope 'outer_space' do
30
+ use_capcoauth do
31
+ controllers login: 'custom_login',
32
+ logout: 'custom_logout',
33
+ callback: 'custom_callback'
34
+
35
+ as login: 'custom_in',
36
+ logout: 'custom_out',
37
+ callback: 'custom_cb'
38
+
39
+ skip_controllers :login, :logout, :callback
40
+ end
41
+ end
42
+
43
+ get 'metal.json' => 'metal#index'
44
+
45
+ get '/callback', to: 'home#callback'
46
+ get '/sign_in', to: 'home#sign_in'
47
+ resources :semi_protected_resources
48
+ resources :full_protected_resources
49
+ root to: 'home#index'
50
+ end
@@ -0,0 +1,4 @@
1
+ # This file is used by Rack-based servers to start the application.
2
+
3
+ require ::File.expand_path('../config/environment', __FILE__)
4
+ run Dummy::Application
@@ -0,0 +1,9 @@
1
+ class CreateUsers < ActiveRecord::Migration
2
+ def change
3
+ create_table :users do |t|
4
+ t.string :name
5
+
6
+ t.timestamps
7
+ end
8
+ end
9
+ end