capcoauth 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +15 -35
- data/.rspec +1 -0
- data/.travis.yml +11 -0
- data/Gemfile +10 -0
- data/Gemfile.lock +171 -0
- data/README.md +3 -1
- data/Rakefile +7 -7
- data/app/controllers/capcoauth/application_controller.rb +8 -1
- data/app/controllers/capcoauth/login_controller.rb +5 -1
- data/app/controllers/capcoauth/logout_controller.rb +2 -6
- data/capcoauth.gemspec +13 -6
- data/lib/capcoauth/config.rb +52 -58
- data/lib/capcoauth/errors.rb +3 -0
- data/lib/capcoauth/notifications.rb +11 -9
- data/lib/capcoauth/oauth/access_token.rb +0 -1
- data/lib/capcoauth/oauth/token_verifier.rb +15 -10
- data/lib/capcoauth/rails/helpers.rb +45 -44
- data/lib/capcoauth/version.rb +11 -1
- data/lib/capcoauth.rb +1 -9
- data/lib/generators/capcoauth/templates/initializer.rb +23 -12
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/controllers/application_controller.rb +3 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +12 -0
- data/spec/dummy/app/controllers/home_controller.rb +17 -0
- data/spec/dummy/app/controllers/metal_controller.rb +11 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +11 -0
- data/spec/dummy/app/models/user.rb +3 -0
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config/application.rb +16 -0
- data/spec/dummy/config/boot.rb +6 -0
- data/spec/dummy/config/database.yml +15 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +29 -0
- data/spec/dummy/config/environments/production.rb +62 -0
- data/spec/dummy/config/environments/test.rb +42 -0
- data/spec/dummy/config/initializers/active_record_belongs_to_required_by_default.rb +6 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/capcoauth.rb +41 -0
- data/spec/dummy/config/initializers/secret_token.rb +9 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/routes.rb +50 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +9 -0
- data/spec/dummy/db/schema.rb +22 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +26 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/generators/install_generator_spec.rb +27 -0
- data/spec/generators/templates/routes.rb +3 -0
- data/spec/lib/capcoauth/oauth/access_token_spec.rb +31 -0
- data/spec/lib/capcoauth/oauth/token_verifier_spec.rb +121 -0
- data/spec/lib/capcoauth/oauth/ttl_cache_spec.rb +88 -0
- data/spec/lib/capcoauth_spec.rb +3 -0
- data/spec/lib/config_spec.rb +215 -0
- data/spec/lib/version_spec.rb +25 -0
- data/spec/spec_helper.rb +8 -0
- data/spec/spec_helper_integration.rb +50 -0
- data/spec/support/http_method_shim.rb +38 -0
- data/spec/support/orm/active_record.rb +3 -0
- metadata +172 -12
- data/lib/capcoauth/helpers/controller.rb +0 -15
@@ -3,66 +3,55 @@ module Capcoauth
|
|
3
3
|
module Helpers
|
4
4
|
extend ActiveSupport::Concern
|
5
5
|
|
6
|
-
def
|
6
|
+
def current_user
|
7
|
+
|
8
|
+
# Don't return user for options requests
|
7
9
|
return if request.method_symbol == :options
|
8
|
-
capcoauth_token.verify
|
9
10
|
|
10
|
-
#
|
11
|
-
if
|
12
|
-
|
13
|
-
end
|
11
|
+
# Bypass if already set/verified
|
12
|
+
return @current_user if @_current_user_performed
|
13
|
+
@_current_user_performed = true
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
if handle_sessions?
|
18
|
-
session[:previous_url] = request.url
|
19
|
-
session.delete(:capcoauth_access_token)
|
20
|
-
session.delete(:capcoauth_user_id)
|
21
|
-
end
|
22
|
-
handle_unauthorized unless performed?
|
23
|
-
rescue OAuth::TokenVerifier::OtherError
|
24
|
-
if handle_sessions?
|
25
|
-
session.delete(:capcoauth_access_token)
|
26
|
-
session.delete(:capcoauth_user_id)
|
27
|
-
end
|
28
|
-
handle_internal_server_error unless performed?
|
29
|
-
end
|
15
|
+
# Get the token object
|
16
|
+
token, error = verify_token.first
|
30
17
|
|
31
|
-
|
32
|
-
|
18
|
+
# Skip lookup if application credentials or token invalid
|
19
|
+
return nil if token.blank? or error.present?
|
33
20
|
|
34
21
|
# Resolve user ID using configuration resolver unless already found
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
Capcoauth.configuration.logger.warn "[CapcOAuth] Error looking up user - #{e.message}"
|
40
|
-
end
|
22
|
+
begin
|
23
|
+
@current_user = Capcoauth.configuration.user_resolver.call(token.user_id) if token.user_id.present?
|
24
|
+
rescue ActiveRecord::RecordNotFound => e
|
25
|
+
Capcoauth.configuration.logger.info "[CapcOAuth] Error looking up user: #{e.message}"
|
41
26
|
end
|
42
27
|
|
43
28
|
@current_user
|
44
29
|
end
|
45
30
|
|
46
|
-
def
|
47
|
-
@_capcoauth_token ||= OAuth::AccessToken.new(token_from_request)
|
48
|
-
end
|
31
|
+
def verify_authorized!
|
49
32
|
|
50
|
-
|
33
|
+
# Don't verify options requests
|
34
|
+
return if request.method_symbol == :options
|
51
35
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
end
|
58
|
-
end
|
36
|
+
# Run verification
|
37
|
+
token, error, reason = verify_token
|
38
|
+
|
39
|
+
# Re-raise exceptions with human-readable reason
|
40
|
+
raise Capcoauth::AuthorizationError, reason if error == :unauthorized_error
|
59
41
|
|
60
|
-
|
61
|
-
|
42
|
+
# Raise an error if token has an ID but the user wasn't found
|
43
|
+
if Capcoauth.configuration.require_user and token.user_id.present? and current_user.blank?
|
44
|
+
Capcoauth.configuration.logger.info "[CapcOAuth] Error looking up user: Token returned ID ##{token.user_id} but resolver didn't return user"
|
45
|
+
raise Capcoauth::AuthorizationError, 'Your credentials were valid, but you aren\'t currently active in this system'
|
62
46
|
end
|
47
|
+
end
|
63
48
|
|
64
49
|
private
|
65
50
|
|
51
|
+
def capcoauth_token_unverified
|
52
|
+
@_capcoauth_token_unverified ||= OAuth::AccessToken.new(token_from_request)
|
53
|
+
end
|
54
|
+
|
66
55
|
def token_from_request
|
67
56
|
token_from_param || token_from_session || token_from_headers
|
68
57
|
end
|
@@ -80,8 +69,20 @@ module Capcoauth
|
|
80
69
|
(header_parts.length == 2 and header_parts[0].downcase == 'bearer') ? header_parts[1] : header_parts[0]
|
81
70
|
end
|
82
71
|
|
83
|
-
def
|
84
|
-
|
72
|
+
def verify_token
|
73
|
+
@_verify_token_response ||= begin
|
74
|
+
[capcoauth_token_unverified.verify, nil, nil]
|
75
|
+
rescue OAuth::TokenVerifier::UnauthorizedError => e
|
76
|
+
session.delete(:capcoauth_access_token)
|
77
|
+
session.delete(:capcoauth_user_id)
|
78
|
+
Capcoauth.configuration.logger.info "[CapcOAuth] Verification unauthorized: #{e.message}"
|
79
|
+
[nil, :unauthorized_error, e.message]
|
80
|
+
rescue OAuth::TokenVerifier::OtherError => e
|
81
|
+
session.delete(:capcoauth_access_token)
|
82
|
+
session.delete(:capcoauth_user_id)
|
83
|
+
Capcoauth.configuration.logger.info "[CapcOAuth] Verification error: #{e.message}"
|
84
|
+
[nil, :other_error, e.message]
|
85
|
+
end
|
85
86
|
end
|
86
87
|
end
|
87
88
|
end
|
data/lib/capcoauth/version.rb
CHANGED
data/lib/capcoauth.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'capcoauth/version'
|
2
2
|
require 'capcoauth/engine'
|
3
|
+
require 'capcoauth/errors'
|
3
4
|
require 'capcoauth/config'
|
4
5
|
require 'capcoauth/notifications'
|
5
6
|
|
@@ -7,17 +8,8 @@ require 'capcoauth/oauth/access_token'
|
|
7
8
|
require 'capcoauth/oauth/token_verifier'
|
8
9
|
require 'capcoauth/oauth/ttl_cache'
|
9
10
|
|
10
|
-
require 'capcoauth/helpers/controller'
|
11
|
-
|
12
11
|
require 'capcoauth/rails/routes'
|
13
12
|
require 'capcoauth/rails/helpers'
|
14
13
|
|
15
14
|
module Capcoauth
|
16
|
-
def self.configured?
|
17
|
-
@config.present?
|
18
|
-
end
|
19
|
-
|
20
|
-
def self.installed?
|
21
|
-
configured?
|
22
|
-
end
|
23
15
|
end
|
@@ -4,30 +4,41 @@ Capcoauth.configure do |config|
|
|
4
4
|
raise 'CapcOAuth Client secret not found' if ENV['CAPCOAUTH_CLIENT_SECRET'].nil?
|
5
5
|
|
6
6
|
# CapcOAuth Client ID
|
7
|
-
config.client_id ENV['CAPCOAUTH_CLIENT_ID']
|
7
|
+
# config.client_id = ENV['CAPCOAUTH_CLIENT_ID']
|
8
8
|
|
9
9
|
# CapcOAuth Client Secret
|
10
|
-
config.client_secret ENV['CAPCOAUTH_CLIENT_SECRET']
|
10
|
+
# config.client_secret = ENV['CAPCOAUTH_CLIENT_SECRET']
|
11
11
|
|
12
12
|
# Configures how often to check CapcOAuth for access token validity, in seconds. If this value is too high,
|
13
|
-
# application will continue to serve requests to users
|
14
|
-
# config.token_verify_ttl 10
|
13
|
+
# application will continue to serve requests to users after the token is revoked
|
14
|
+
# config.token_verify_ttl = 10
|
15
15
|
|
16
16
|
# Configure a cache store to use to cache access token resolutions.
|
17
|
-
# config.cache_store ActiveSupport::Cache::MemoryStore.new
|
17
|
+
# config.cache_store = ActiveSupport::Cache::MemoryStore.new
|
18
18
|
|
19
|
-
#
|
20
|
-
# config.capcoauth_url ENV['CAPCOAUTH_URL']
|
19
|
+
# CapcOAuth service URL
|
20
|
+
# config.capcoauth_url = ENV['CAPCOAUTH_URL']
|
21
21
|
|
22
22
|
# Configure the logger to use for OAuth events
|
23
|
-
config.logger Rails.logger
|
23
|
+
config.logger = Rails.logger
|
24
24
|
|
25
25
|
# Configure which ID to identify the user by. Valid options are :capcoauth, :capco (4-letter), :psoft, :e_number, and :cit
|
26
|
-
# config.user_id_field :capcoauth
|
26
|
+
# config.user_id_field = :capcoauth
|
27
27
|
|
28
28
|
# Block to resolve your user from the provided CapcOAuth ID. If you're using different primary keys than any of the
|
29
29
|
# existing services, you might consider looking up by an external ID, e.g. `User.find_by_psoft_id! capcoauth_user_id`
|
30
|
-
config.user_resolver
|
31
|
-
User.
|
32
|
-
|
30
|
+
config.user_resolver = -> capcoauth_user_id {
|
31
|
+
User.find_by! id: capcoauth_user_id # optionally, include `, inactive: false`, `, admin: true`, etc.
|
32
|
+
}
|
33
|
+
|
34
|
+
# When an access token has a user_id, but the user is not found via the above resolver, should an
|
35
|
+
# Capcoauth::AuthorizationException be raised? Helpful when you're syncing the user database separately and the user
|
36
|
+
# doesn't exist locally. Application credentials (token without a user_id) will still be allowed regardless.
|
37
|
+
# config.require_user = true
|
38
|
+
|
39
|
+
# Use CapcOAuth URL from config
|
40
|
+
# config.capcoauth_url = ENV['CAPCOAUTH_URL']
|
41
|
+
|
42
|
+
# Don't redirect to last URL on login since we don't want to see API responses
|
43
|
+
# config.perform_login_redirects = true
|
33
44
|
end
|
data/spec/dummy/Rakefile
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
3
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
4
|
+
|
5
|
+
require File.expand_path('../config/application', __FILE__)
|
6
|
+
|
7
|
+
Dummy::Application.load_tasks
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class HomeController < ApplicationController
|
2
|
+
def index
|
3
|
+
end
|
4
|
+
|
5
|
+
def sign_in
|
6
|
+
session[:user_id] = if Rails.env.development?
|
7
|
+
User.first || User.create!(name: 'Joe')
|
8
|
+
else
|
9
|
+
User.first
|
10
|
+
end
|
11
|
+
redirect_to '/'
|
12
|
+
end
|
13
|
+
|
14
|
+
def callback
|
15
|
+
render plain: 'ok'
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class MetalController < ActionController::Metal
|
2
|
+
include AbstractController::Callbacks
|
3
|
+
include ActionController::Head
|
4
|
+
include Capcoauth::Rails::Helpers
|
5
|
+
|
6
|
+
before_action :verify_authorized!
|
7
|
+
|
8
|
+
def index
|
9
|
+
self.response_body = { ok: true }.to_json
|
10
|
+
end
|
11
|
+
end
|
File without changes
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
require 'rails/all'
|
4
|
+
|
5
|
+
Bundler.require(*Rails.groups)
|
6
|
+
|
7
|
+
require 'yaml'
|
8
|
+
require 'active_record/railtie'
|
9
|
+
|
10
|
+
module Dummy
|
11
|
+
class Application < Rails::Application
|
12
|
+
# Settings in config/environments/* take precedence over those specified here.
|
13
|
+
# Application configuration should go into files in config/initializers
|
14
|
+
# -- all .rb files in that directory are automatically loaded.
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# In the development environment your application's code is reloaded on
|
5
|
+
# every request. This slows down response time but is perfect for development
|
6
|
+
# since you don't have to restart the web server when you make code changes.
|
7
|
+
config.cache_classes = false
|
8
|
+
|
9
|
+
# Show full error reports and disable caching
|
10
|
+
config.consider_all_requests_local = true
|
11
|
+
config.action_controller.perform_caching = false
|
12
|
+
|
13
|
+
# Don't care if the mailer can't send
|
14
|
+
# config.action_mailer.raise_delivery_errors = false
|
15
|
+
|
16
|
+
# Print deprecation notices to the Rails logger
|
17
|
+
config.active_support.deprecation = :log
|
18
|
+
|
19
|
+
# Only use best-standards-support built into browsers
|
20
|
+
config.action_dispatch.best_standards_support = :builtin
|
21
|
+
|
22
|
+
# Do not compress assets
|
23
|
+
config.assets.compress = false
|
24
|
+
|
25
|
+
# Expands the lines which load the assets
|
26
|
+
config.assets.debug = true
|
27
|
+
|
28
|
+
config.eager_load = false
|
29
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# Code is not reloaded between requests
|
5
|
+
config.cache_classes = true
|
6
|
+
|
7
|
+
# Full error reports are disabled and caching is turned on
|
8
|
+
config.consider_all_requests_local = false
|
9
|
+
config.action_controller.perform_caching = true
|
10
|
+
|
11
|
+
# Disable Rails's static asset server (Apache or nginx will already do this)
|
12
|
+
config.serve_static_assets = false
|
13
|
+
|
14
|
+
# Compress JavaScripts and CSS
|
15
|
+
config.assets.compress = true
|
16
|
+
|
17
|
+
# Don't fallback to assets pipeline if a precompiled asset is missed
|
18
|
+
config.assets.compile = false
|
19
|
+
|
20
|
+
# Generate digests for assets URLs
|
21
|
+
config.assets.digest = true
|
22
|
+
|
23
|
+
# Defaults to Rails.root.join("public/assets")
|
24
|
+
# config.assets.manifest = YOUR_PATH
|
25
|
+
|
26
|
+
# Specifies the header that your server uses for sending files
|
27
|
+
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
|
28
|
+
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
|
29
|
+
|
30
|
+
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
31
|
+
# config.force_ssl = true
|
32
|
+
|
33
|
+
# See everything in the log (default is :info)
|
34
|
+
# config.log_level = :debug
|
35
|
+
|
36
|
+
# Use a different logger for distributed setups
|
37
|
+
# config.logger = SyslogLogger.new
|
38
|
+
|
39
|
+
# Use a different cache store in production
|
40
|
+
# config.cache_store = :mem_cache_store
|
41
|
+
|
42
|
+
# Enable serving of images, stylesheets, and JavaScripts from an asset server
|
43
|
+
# config.action_controller.asset_host = "http://assets.example.com"
|
44
|
+
|
45
|
+
# Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
|
46
|
+
# config.assets.precompile += %w( search.js )
|
47
|
+
|
48
|
+
# Disable delivery errors, bad email addresses will be ignored
|
49
|
+
# config.action_mailer.raise_delivery_errors = false
|
50
|
+
|
51
|
+
# Enable threaded mode
|
52
|
+
# config.threadsafe!
|
53
|
+
|
54
|
+
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
55
|
+
# the I18n.default_locale when a translation can not be found)
|
56
|
+
config.i18n.fallbacks = true
|
57
|
+
|
58
|
+
# Send deprecation notices to registered listeners
|
59
|
+
config.active_support.deprecation = :notify
|
60
|
+
|
61
|
+
config.eager_load = true
|
62
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# The test environment is used exclusively to run your application's
|
5
|
+
# test suite. You never need to work with it otherwise. Remember that
|
6
|
+
# your test database is "scratch space" for the test suite and is wiped
|
7
|
+
# and recreated between test runs. Don't rely on the data there!
|
8
|
+
config.cache_classes = true
|
9
|
+
|
10
|
+
# Do not eager load code on boot. This avoids loading your whole application
|
11
|
+
# just for the purpose of running a single test. If you are using a tool that
|
12
|
+
# preloads Rails for running tests, you may have to set it to true.
|
13
|
+
config.eager_load = false
|
14
|
+
|
15
|
+
# Show full error reports and disable caching
|
16
|
+
config.consider_all_requests_local = true
|
17
|
+
config.action_controller.perform_caching = false
|
18
|
+
|
19
|
+
# Raise exceptions instead of rendering exception templates
|
20
|
+
config.action_dispatch.show_exceptions = false
|
21
|
+
|
22
|
+
# Disable request forgery protection in test environment
|
23
|
+
config.action_controller.allow_forgery_protection = false
|
24
|
+
|
25
|
+
# Tell Action Mailer not to deliver emails to the real world.
|
26
|
+
# The :test delivery method accumulates sent emails in the
|
27
|
+
# ActionMailer::Base.deliveries array.
|
28
|
+
# config.action_mailer.delivery_method = :test
|
29
|
+
|
30
|
+
# Use SQL instead of Active Record's schema dumper when creating the test database.
|
31
|
+
# This is necessary if your schema can't be completely dumped by the schema dumper,
|
32
|
+
# like if you have constraints or database-specific column types
|
33
|
+
# config.active_record.schema_format = :sql
|
34
|
+
|
35
|
+
# Print deprecation notices to the stderr
|
36
|
+
config.active_support.deprecation = :stderr
|
37
|
+
|
38
|
+
config.eager_load = true
|
39
|
+
|
40
|
+
config.active_record.table_name_prefix = TABLE_NAME_PREFIX.to_s
|
41
|
+
config.active_record.table_name_suffix = TABLE_NAME_SUFFIX.to_s
|
42
|
+
end
|
@@ -0,0 +1,6 @@
|
|
1
|
+
# Require `belongs_to` associations by default. This is a new Rails 5.0
|
2
|
+
# default, so it is introduced as a configuration option to ensure that apps
|
3
|
+
# made on earlier versions of Rails are not affected when upgrading.
|
4
|
+
if Rails.version.to_i >= 5
|
5
|
+
Rails.application.config.active_record.belongs_to_required_by_default = true
|
6
|
+
end
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
4
|
+
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
5
|
+
|
6
|
+
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
7
|
+
# Rails.backtrace_cleaner.remove_silencers!
|
@@ -0,0 +1,41 @@
|
|
1
|
+
Capcoauth.configure do |config|
|
2
|
+
|
3
|
+
# CapcOAuth Client ID
|
4
|
+
config.client_id = 'client_id_123'
|
5
|
+
|
6
|
+
# CapcOAuth Client Secret
|
7
|
+
config.client_secret = 'client_secret_456'
|
8
|
+
|
9
|
+
# Configures how often to check CapcOAuth for access token validity, in seconds. If this value is too high,
|
10
|
+
# application will continue to serve requests to users after the token is revoked
|
11
|
+
# config.token_verify_ttl = 10
|
12
|
+
|
13
|
+
# Configure a cache store to use to cache access token resolutions.
|
14
|
+
# config.cache_store = ActiveSupport::Cache::MemoryStore.new
|
15
|
+
|
16
|
+
# CapcOAuth service URL
|
17
|
+
# config.capcoauth_url = ENV['CAPCOAUTH_URL']
|
18
|
+
|
19
|
+
# Configure the logger to use for OAuth events
|
20
|
+
config.logger = Rails.logger
|
21
|
+
|
22
|
+
# Configure which ID to identify the user by. Valid options are :capcoauth, :capco (4-letter), :psoft, :e_number, and :cit
|
23
|
+
# config.user_id_field = :capcoauth
|
24
|
+
|
25
|
+
# Block to resolve your user from the provided CapcOAuth ID. If you're using different primary keys than any of the
|
26
|
+
# existing services, you might consider looking up by an external ID, e.g. `User.find_by_psoft_id! capcoauth_user_id`
|
27
|
+
config.user_resolver = -> capcoauth_user_id {
|
28
|
+
User.find_by! id: capcoauth_user_id # optionally, include `, inactive: false`, `, admin: true`, etc.
|
29
|
+
}
|
30
|
+
|
31
|
+
# When an access token has a user_id, but the user is not found via the above resolver, should an
|
32
|
+
# Capcoauth::AuthorizationException be raised? Helpful when you're syncing the user database separately and the user
|
33
|
+
# doesn't exist locally. Application credentials (token without a user_id) will still be allowed regardless.
|
34
|
+
# config.require_user = true
|
35
|
+
|
36
|
+
# Use CapcOAuth URL from config
|
37
|
+
# config.capcoauth_url = ENV['CAPCOAUTH_URL']
|
38
|
+
|
39
|
+
# Don't redirect to last URL on login since we don't want to see API responses
|
40
|
+
# config.perform_login_redirects = true
|
41
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Your secret key for verifying the integrity of signed cookies.
|
4
|
+
# If you change this key, all old signed cookies will become invalid!
|
5
|
+
# Make sure the secret is at least 30 characters and all random,
|
6
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
7
|
+
Dummy::Application.config.secret_key_base =
|
8
|
+
Dummy::Application.config.secret_token =
|
9
|
+
'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159dc74c4f0573345c1bfa713b5d756e1491fc0b098567e8a619e2f8d268eda86a20a720d05d633780'
|
@@ -0,0 +1,8 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
|
4
|
+
|
5
|
+
# Use the database for sessions instead of the cookie-based default,
|
6
|
+
# which shouldn't be used to store highly confidential information
|
7
|
+
# (create the session table with "rails generate session_migration")
|
8
|
+
# Dummy::Application.config.session_store :active_record_store
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
#
|
3
|
+
# This file contains settings for ActionController::ParamsWrapper which
|
4
|
+
# is enabled by default.
|
5
|
+
|
6
|
+
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
|
7
|
+
ActiveSupport.on_load(:action_controller) do
|
8
|
+
wrap_parameters format: [:json]
|
9
|
+
end
|
10
|
+
|
11
|
+
# Disable root element in JSON by default.
|
12
|
+
ActiveSupport.on_load(:active_record) do
|
13
|
+
self.include_root_in_json = false
|
14
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
Rails.application.routes.draw do
|
2
|
+
use_capcoauth
|
3
|
+
use_capcoauth scope: 'scope'
|
4
|
+
|
5
|
+
scope 'inner_space' do
|
6
|
+
use_capcoauth scope: 'scope' do
|
7
|
+
controllers login: 'custom_login',
|
8
|
+
logout: 'custom_logout',
|
9
|
+
callback: 'custom_callback'
|
10
|
+
|
11
|
+
as login: 'custom_in',
|
12
|
+
logout: 'custom_out',
|
13
|
+
callback: 'custom_cb'
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
scope 'space' do
|
18
|
+
use_capcoauth do
|
19
|
+
controllers login: 'custom_login',
|
20
|
+
logout: 'custom_logout',
|
21
|
+
callback: 'custom_callback'
|
22
|
+
|
23
|
+
as login: 'custom_in',
|
24
|
+
logout: 'custom_out',
|
25
|
+
callback: 'custom_cb'
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
scope 'outer_space' do
|
30
|
+
use_capcoauth do
|
31
|
+
controllers login: 'custom_login',
|
32
|
+
logout: 'custom_logout',
|
33
|
+
callback: 'custom_callback'
|
34
|
+
|
35
|
+
as login: 'custom_in',
|
36
|
+
logout: 'custom_out',
|
37
|
+
callback: 'custom_cb'
|
38
|
+
|
39
|
+
skip_controllers :login, :logout, :callback
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
get 'metal.json' => 'metal#index'
|
44
|
+
|
45
|
+
get '/callback', to: 'home#callback'
|
46
|
+
get '/sign_in', to: 'home#sign_in'
|
47
|
+
resources :semi_protected_resources
|
48
|
+
resources :full_protected_resources
|
49
|
+
root to: 'home#index'
|
50
|
+
end
|