capcoauth 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c28503763c33f4b3e66be0e3193f0bbb44efd8bf
+  data.tar.gz: dbe45f966a2dee70221bbd639fe52e6722378c77
+SHA512:
+  metadata.gz: 22964c39f960e54d1d371fb9e5acfe047d4a262fc015a83a657625786ed7af395a2f6ef5b1d0ebb827989ec3783ab19d5c0b08287cadb7a13a46c0e2da6d8c8d
+  data.tar.gz: b1d592b706ced53f4548ce71cc4e51b71cea06fdc3db27cbd832be618c11b97a65db43e91f9950cea2d2094c1d5af58209973c01ed08ba1a8035da0573e3d325

data/.gitignore

@@ -0,0 +1,40 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# IDE
+.idea
+.editorconfig

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Adam Robertson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,3 @@
+# capcoauth-gem
+
+Ruby Gem for integrating with CapcOAuth

data/Rakefile

@@ -0,0 +1,20 @@
+require 'bundler/setup'
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task :default => :spec
+
+desc 'Run all specs'
+RSpec::Core::RakeTask.new(:spec) do |config|
+  config.verbose = false
+end
+
+namespace :capcoauth do
+  # desc 'Install Capcoauth in dummy app'
+  # task :install do
+  #   cd 'spec/dummy'
+  #   system 'bundle exec rails g capcoauth:install --force'
+  # end
+end
+
+Bundler::GemHelper.install_tasks

data/app/controllers/capcoauth/application_controller.rb

@@ -0,0 +1,11 @@
+module Capcoauth
+  class ApplicationController < ActionController::Base
+    include Helpers::Controller
+
+    if ::Rails.version.to_i < 4
+      protect_from_forgery
+    else
+      protect_from_forgery with: :exception
+    end
+  end
+end

data/app/controllers/capcoauth/application_metal_controller.rb

@@ -0,0 +1,15 @@
+module Capcoauth
+  class ApplicationMetalController < ActionController::Metal
+    MODULES = [
+      ActionController::Instrumentation,
+      AbstractController::Rendering,
+      ActionController::Rendering,
+      ActionController::Renderers::All,
+      Helpers::Controller
+    ]
+
+    MODULES.each do |mod|
+      include mod
+    end
+  end
+end

data/app/controllers/capcoauth/callback_controller.rb

@@ -0,0 +1,36 @@
+require 'httparty'
+
+module Capcoauth
+  class CallbackController < Capcoauth::ApplicationController
+    def show
+      # Abort if code not found
+      return redirect_to root_url, alert: 'Authorization was canceled' unless params[:code].present?
+
+      response = HTTParty.post('https://capcoauth.capco.com/oauth/token', {
+        body: {
+          client_id: Capcoauth.configuration.client_id,
+          client_secret: Capcoauth.configuration.client_secret,
+          code: params[:code],
+          grant_type: 'authorization_code',
+          redirect_uri: oauth_callback_url
+        }
+      })
+
+      error_message = 'There was an error logging you in'
+
+      if response.code == 200 and !response.parsed_response['access_token'].blank?
+        @access_token = OAuth::AccessToken.new(response.parsed_response['access_token']).verify
+
+        if @access_token
+          session[:capcoauth_access_token] = @access_token.token
+          session[:capcoauth_user_id] = @access_token.user_id
+          redirect_to session[:previous_url].blank? ? root_url : session.delete(:previous_url)
+        else
+          redirect_to root_url, alert: error_message
+        end
+      else
+        redirect_to root_url, alert: error_message
+      end
+    end
+  end
+end

data/app/controllers/capcoauth/login_controller.rb

@@ -0,0 +1,14 @@
+require 'uri'
+
+module Capcoauth
+  class LoginController < Capcoauth::ApplicationController
+    def show
+      if capcoauth_token
+        redirect_to session[:previous_url].blank? ? root_url : session.delete(:previous_url), notice: 'You are already logged in'
+        return
+      end
+
+      redirect_to "https://capcoauth.capco.com/oauth/authorize?client_id=#{Capcoauth.configuration.client_id}&redirect_uri=#{URI.encode(oauth_callback_url)}&response_type=code"
+    end
+  end
+end

data/app/controllers/capcoauth/logout_controller.rb

@@ -0,0 +1,14 @@
+module Capcoauth
+  class LogoutController < Capcoauth::ApplicationController
+
+    def show
+      session.delete(:capcoauth_user_id)
+      if token = session.delete(:capcoauth_access_token)
+        OAuth::TTLCache.delete(token)
+        redirect_to root_url, notice: 'You have been logged out'
+      else
+        redirect_to root_url
+      end
+    end
+  end
+end

data/capcoauth.gemspec

@@ -0,0 +1,24 @@
+$:.push File.expand_path("../lib", __FILE__)
+
+require 'capcoauth/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'capcoauth'
+  s.version     = Capcoauth::VERSION
+  s.authors     = ['Adam Robertson']
+  s.email       = %w'adam.robertson@capco.com'
+  s.homepage    = 'https://github.com/arcreative/capcoauth-gem'
+  s.summary     = 'Integration with Capcoauth authentication service'
+  s.description = 'capcoauth-gem is a library to integrate Rails applications with Capcoauth authentication service'
+  s.license     = 'MIT'
+
+  s.files         = `git ls-files`.split("\n")
+  # s.test_files    = `git ls-files -- spec/*`.split("\n")
+  s.require_paths = ['lib']
+
+  s.add_dependency 'railties', '~> 4.2'
+  s.add_dependency 'httparty', '~> 0.13'
+
+  s.add_development_dependency 'rake', '~> 10.5'
+  s.add_development_dependency 'rspec-rails', '~> 3.4'
+end

data/lib/capcoauth/config.rb

@@ -0,0 +1,71 @@
+module Capcoauth
+  class MissingConfiguration < StandardError
+    def initialize
+      super 'Capcoauth configuration is missing.  Please ensure you have an initializer in config/initializers/capcoauth.rb'
+    end
+  end
+
+  def self.configure(&block)
+    @config = Config::Builder.new(&block).build
+  end
+
+  def self.configuration
+    @config || (fail MissingConfiguration.new)
+  end
+
+  class Config
+    attr_reader :client_id
+    attr_reader :client_secret
+
+    class Builder
+      def initialize(&block)
+        @config = Config.new
+        instance_eval(&block)
+      end
+
+      def build
+        @config
+      end
+
+      def client_id(client_id)
+        @config.instance_variable_set('@client_id', client_id)
+      end
+
+      def client_secret(client_secret)
+        @config.instance_variable_set('@client_secret', client_secret)
+      end
+    end
+
+    module Option
+      def option(name, options = {})
+        attribute = options[:as] || name
+
+        Builder.instance_eval do
+          define_method name do |*args, &block|
+            value = block ? block : args.first
+
+            @config.instance_variable_set(:"@#{attribute}", value)
+          end
+        end
+
+        define_method attribute do |*args|
+          if instance_variable_defined?(:"@#{attribute}")
+            instance_variable_get(:"@#{attribute}")
+          else
+            options[:default]
+          end
+        end
+
+        public attribute
+      end
+
+      def extended(base)
+        base.send(:private, :option)
+      end
+    end
+
+    extend Option
+
+    option :token_verify_ttl, default: 10
+  end
+end

data/lib/capcoauth/engine.rb

@@ -0,0 +1,18 @@
+module Capcoauth
+  class Engine < Rails::Engine
+    initializer 'capcoauth.params.filter' do |app|
+      parameters = %w'code access_token'
+      app.config.filter_parameters << /^(#{Regexp.union parameters})$/
+    end
+
+    initializer 'capcoauth.routes' do
+      Capcoauth::Rails::Routes.install!
+    end
+
+    initializer 'capcoauth.helpers' do
+      ActiveSupport.on_load(:action_controller) do
+        include Capcoauth::Rails::Helpers
+      end
+    end
+  end
+end

data/lib/capcoauth/helpers/controller.rb

@@ -0,0 +1,17 @@
+module Capcoauth
+  module Helpers
+    module Controller
+      extend ActiveSupport::Concern
+
+      private
+
+      def capcoauth_token
+        @token ||= OAuth::AccessToken.new(session[:capcoauth_access_token]).verify
+      end
+
+      def oauth_callback_url
+        "#{root_url}auth/callback"
+      end
+    end
+  end
+end

data/lib/capcoauth/oauth/access_token.rb

@@ -0,0 +1,17 @@
+module Capcoauth
+  module OAuth
+    class AccessToken
+      attr_accessor :token
+      attr_accessor :user_id
+
+      def initialize(token)
+        @token = token
+      end
+
+      def verify
+        nil unless @token
+        TokenVerifier.verify(self)
+      end
+    end
+  end
+end

data/lib/capcoauth/oauth/token_verifier.rb

@@ -0,0 +1,27 @@
+module Capcoauth
+  module OAuth
+    class TokenVerifier
+      def self.verify(access_token)
+        return nil if access_token.blank? or access_token.token.blank?
+        return access_token if TTLCache.valid?(access_token.token)
+
+        # Call Capcoauth
+        response = HTTParty.get('https://capcoauth.capco.com/oauth/token/info', {
+          headers: {
+            'Authorization' => "Bearer #{access_token.token}"
+          }
+        })
+
+        # Set the user_id from the token response
+        if response.code == 200
+          TTLCache.update(access_token.token)
+          access_token.user_id = response.parsed_response['resource_owner_id']
+          access_token
+        else
+          TTLCache.remove(access_token.token)
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/capcoauth/oauth/ttl_cache.rb

@@ -0,0 +1,26 @@
+module Capcoauth
+  module OAuth
+    class TTLCache
+      @@cache = {}
+
+      def self.valid?(access_token)
+        purge
+        !!@@cache[access_token]
+      end
+
+      def self.update(access_token)
+        @@cache[access_token] = Time.zone.now
+      end
+
+      def self.remove(access_token)
+        @@cache.delete(access_token)
+      end
+
+      def self.purge
+        @@cache.delete_if do |k, v|
+          Time.zone.now > v + Capcoauth.configuration.token_verify_ttl
+        end
+      end
+    end
+  end
+end

data/lib/capcoauth/rails/helpers.rb

@@ -0,0 +1,24 @@
+module Capcoauth
+  module Rails
+    module Helpers
+      extend ActiveSupport::Concern
+
+      def verify_authorized!
+        if capcoauth_token
+          session.delete(:previous_url)
+        else
+          session.delete(:capcoauth_access_token)
+          session.delete(:capcoauth_user_id)
+          session[:previous_url] = request.url
+          redirect_to :auth_login
+        end
+      end
+
+      private
+
+      def capcoauth_token
+        @_capcoauth_token ||= OAuth::AccessToken.new(session[:capcoauth_access_token]).verify
+      end
+    end
+  end
+end

data/lib/capcoauth/rails/routes/mapper.rb

@@ -0,0 +1,28 @@
+module Capcoauth
+  module Rails
+    class Routes
+      class Mapper
+        def initialize(mapping = Mapping.new)
+          @mapping = mapping
+        end
+
+        def map(&block)
+          self.instance_eval(&block) if block
+          @mapping
+        end
+
+        def controllers(controller_names = {})
+          @mapping.controllers.merge!(controller_names)
+        end
+
+        def skip_controllers(*controller_names)
+          @mapping.skips = controller_names
+        end
+
+        def as(alias_names = {})
+          @mapping.as.merge!(alias_names)
+        end
+      end
+    end
+  end
+end

data/lib/capcoauth/rails/routes/mapping.rb

@@ -0,0 +1,36 @@
+module Capcoauth
+  module Rails
+    class Routes
+      class Mapping
+        attr_accessor :controllers, :as, :skips
+
+        def initialize
+          @controllers = {
+            login: 'capcoauth/login',
+            logout: 'capcoauth/logout',
+            callback: 'capcoauth/callback',
+          }
+
+          @as = {
+            login: :login,
+            logout: :logout,
+            callback: :callback
+          }
+
+          @skips = []
+        end
+
+        def [](routes)
+          {
+            controllers: @controllers[routes],
+            as: @as[routes]
+          }
+        end
+
+        def skipped?(controller)
+          @skips.include?(controller)
+        end
+      end
+    end
+  end
+end

data/lib/capcoauth/rails/routes.rb

@@ -0,0 +1,68 @@
+require 'capcoauth/rails/routes/mapping'
+require 'capcoauth/rails/routes/mapper'
+
+module Capcoauth
+  module Rails
+    class Routes
+      module Helper
+        def use_capcoauth(options = {}, &block)
+          Capcoauth::Rails::Routes.new(self, &block).generate_routes!(options)
+        end
+      end
+
+      def self.install!
+        ActionDispatch::Routing::Mapper.send :include, Capcoauth::Rails::Routes::Helper
+      end
+
+      attr_accessor :routes
+
+      def initialize(routes, &block)
+        @routes, @block = routes, block
+      end
+
+      def generate_routes!(options)
+        @mapping = Mapper.new.map(&@block)
+        routes.scope options[:scope] || 'auth', as: 'auth' do
+          map_routes(:login, :login_routes)
+          map_routes(:logout, :logout_routes)
+          map_routes(:callback, :callback_routes)
+        end
+      end
+
+      private
+
+      def map_routes(name, method)
+        unless @mapping.skipped?(name)
+          send method, @mapping[name]
+        end
+      end
+
+      def login_routes(mapping)
+        routes.resource(
+          :login,
+          path: 'login',
+          only: [:show], as: mapping[:as],
+          controller: mapping[:controllers]
+        )
+      end
+
+      def logout_routes(mapping)
+        routes.resource(
+          :logout,
+          path: 'logout',
+          only: [:show, :delete], as: mapping[:as],
+          controller: mapping[:controllers]
+        )
+      end
+
+      def callback_routes(mapping)
+        routes.resource(
+          :callback,
+          path: 'callback',
+          only: [:show], as: mapping[:as],
+          controller: mapping[:controllers]
+        )
+      end
+    end
+  end
+end

data/lib/capcoauth/version.rb

@@ -0,0 +1,3 @@
+module Capcoauth
+  VERSION = '0.1.1'
+end

data/lib/capcoauth.rb

@@ -0,0 +1,22 @@
+require 'capcoauth/version'
+require 'capcoauth/engine'
+require 'capcoauth/config'
+
+require 'capcoauth/oauth/access_token'
+require 'capcoauth/oauth/token_verifier'
+require 'capcoauth/oauth/ttl_cache'
+
+require 'capcoauth/helpers/controller'
+
+require 'capcoauth/rails/routes'
+require 'capcoauth/rails/helpers'
+
+module Capcoauth
+  def self.configured?
+    @config.present?
+  end
+
+  def self.installed?
+    configured?
+  end
+end

data/lib/generators/capcoauth/install_generator.rb

@@ -0,0 +1,11 @@
+class Capcoauth::InstallGenerator < ::Rails::Generators::Base
+  include Rails::Generators::Migration
+  source_root File.expand_path('../templates', __FILE__)
+  desc 'Installs Capcoauth'
+
+  def install
+    template 'initializer.rb', 'config/initializers/capcoauth.rb'
+    route 'use_capcoauth'
+    readme 'README'
+  end
+end

data/lib/generators/capcoauth/templates/README

@@ -0,0 +1,13 @@
+==========================================================================
+
+Before you can use Capcoauth, you need to enter some configuration details
+
+* Go to config/initializers/capcoauth.rb and add your client id and secret
+
+* Add `before_action :verify_authorized!` to your controllers where
+  Necessary.  This follows standard `except: [:index]` and
+  `only: [:secret]` Rails ActionController conventions
+
+Enjoy!
+
+==========================================================================

data/lib/generators/capcoauth/templates/initializer.rb

@@ -0,0 +1,11 @@
+Capcoauth.configure do |config|
+  # CapcOAuth Client ID
+  # config.client_id 'YOUR APPLICATION CLIENT ID'
+
+  # CapcOAuth Client Secret
+  # config.client_secret 'YOUR APPLICATION CLIENT SECRET'
+
+  # Configures how often to check CapcOAuth for access token validity, in seconds.  If this value is too high,
+  # application will continue to serve requests to users even after the token is revoked
+  # config.token_verify_ttl 10
+end

metadata

@@ -0,0 +1,126 @@
+--- !ruby/object:Gem::Specification
+name: capcoauth
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Adam Robertson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-04-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.5'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+description: capcoauth-gem is a library to integrate Rails applications with Capcoauth
+  authentication service
+email:
+- adam.robertson@capco.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- LICENSE
+- README.md
+- Rakefile
+- app/controllers/capcoauth/application_controller.rb
+- app/controllers/capcoauth/application_metal_controller.rb
+- app/controllers/capcoauth/callback_controller.rb
+- app/controllers/capcoauth/login_controller.rb
+- app/controllers/capcoauth/logout_controller.rb
+- capcoauth.gemspec
+- lib/capcoauth.rb
+- lib/capcoauth/config.rb
+- lib/capcoauth/engine.rb
+- lib/capcoauth/helpers/controller.rb
+- lib/capcoauth/oauth/access_token.rb
+- lib/capcoauth/oauth/token_verifier.rb
+- lib/capcoauth/oauth/ttl_cache.rb
+- lib/capcoauth/rails/helpers.rb
+- lib/capcoauth/rails/routes.rb
+- lib/capcoauth/rails/routes/mapper.rb
+- lib/capcoauth/rails/routes/mapping.rb
+- lib/capcoauth/version.rb
+- lib/generators/capcoauth/install_generator.rb
+- lib/generators/capcoauth/templates/README
+- lib/generators/capcoauth/templates/initializer.rb
+homepage: https://github.com/arcreative/capcoauth-gem
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Integration with Capcoauth authentication service
+test_files: []