cosmos_authentication 0.0.1 → 0.0.2

data/lib/cosmos_authentication/middleware/use_token.rb

@@ -0,0 +1,17 @@
+module CosmosAuthentication
+  module Middleware
+    class UseToken
+      def initialize(app, key = :current_body)
+        @app = app
+        @key = key
+      end
+
+      def call(env)
+        access_token = env[@key]['access_token']
+        header = {'Authentication' => "Bearer #{access_token}"}
+        env[:client].tap { |client| client.headers.merge!(header) }
+        @app.call env
+      end
+    end
+  end
+end

data/lib/cosmos_authentication/rack_middleware.rb

@@ -0,0 +1,137 @@
+require 'cosmos_authentication/service'
+
+module CosmosAuthentication
+  class RackMiddleware
+    class Authenticator
+      attr_reader :current
+
+      def initialize(opts, env)
+        @opts = opts
+        @env  = env
+      end
+
+      def authenticate(scope = '')
+        begin
+          token = access_token(scope)
+          @current = service.resource_owner(token)
+        rescue Cosmos::UnknownLinkError => e
+          session[:access_token] = nil
+          authenticate
+        end
+
+        nil
+      end
+
+      def logged_in?
+        !!current
+      end
+
+      def logout
+        session[:access_token]   = nil
+        session[:refresh_token]  = nil
+
+        nil
+      end
+
+      private
+      def access_token(scope)
+        unless token = access_token_from_header
+          ensure_token(scope)
+          token = access_token_from_session
+        end
+
+        token
+      end
+
+      def access_token_from_header
+        if has_header? && match = header.match(/Bearer\s+(\w+)/i)
+          {'access_token'  => match[1]}
+        end
+      end
+
+      def access_token_from_session
+        {'access_token'  => session[:access_token]}
+      end
+
+      def code_available?
+        request.get? && !!params['code']
+      end
+
+      def get_token(scope)
+        if code_available?
+          service.get_token_via_code(params['code'])
+        elsif password_available?
+          service.get_token_via_password(
+            params['username'],
+            params['password'],
+            scope
+          )
+        elsif refresh_token_available?
+          service.get_token_via_refresh_token(
+            session[:refresh_token],
+            scope
+          )
+        end
+      end
+
+      def ensure_token(scope)
+        unless session[:access_token]
+          if token = get_token(scope)
+            session[:access_token]   = token['access_token']
+            session[:refresh_token]  = token['refresh_token']
+          end
+        end
+      end
+
+      def has_header?
+        !!header
+      end
+
+      def header
+        @env['HTTP_AUTHENTICATION']
+      end
+
+      def params
+        request.params
+      end
+
+      def password_available?
+        request.post? && !!params['username'] && !!params['password']
+      end
+
+      def refresh_token_available?
+        !!session[:refresh_token]
+      end
+
+      def request
+        @req ||= Rack::Request.new(@env)
+      end
+
+      def session
+        @env['rack.session']
+      end
+
+      def service
+        @service ||= Service.new do |config|
+          config.client_id      = @opts[:client_id]
+          config.client_secret  = @opts[:client_secret]
+          config.endpoint       = @opts[:endpoint]
+          config.cache          = @opts[:cache] if @opts[:cache]
+          if @opts[:resource_owner_class]
+            config.resource_owner_class = @opts[:resource_owner_class]
+          end
+        end
+      end
+    end
+
+    def initialize(app, opts = {})
+      @app  = app
+      @opts = opts
+    end
+
+    def call(env)
+      env['authentication'] = Authenticator.new(@opts, env)
+      @app.call env
+    end
+  end
+end

data/lib/cosmos_authentication/resource_owner.rb

@@ -1,25 +1,13 @@
-require "cosmos_authentication/stub"
-require "cosmos_authentication/resources"
+module CosmosAuthentication
+  class ResourceOwner
+    attr_accessor :collection
 
-module Cosmos
-  module Authentication
-    class ResourceOwner
-      def initialize(client, collection)
-        @client = client
-        @collection = collection
-      end
+    extend Forwardable
+    def_delegators :item, :data, :datum, :href, :link, :links
 
-      def data
-        @data ||= @collection.items.first.data.inject({}) do |hash, data|
-          hash.merge!({data.name => data.value})
-        end
-      end
-
-      def resources
-        @resources ||= @collection.links.inject({}) do |hash, link|
-          hash.merge!({link.rel => Stub.new(@client, Resources, link.href)})
-        end
-      end
+    private
+    def item
+      @item ||= @collection.items.first
     end
   end
 end

data/lib/cosmos_authentication/service.rb

@@ -1,71 +1,96 @@
 require "cosmos/service"
 require "cosmos_authentication/resource_owner"
+require "cosmos_authentication/middleware/use_token"
 
-module Cosmos
-  module Authentication
-    class Service < Cosmos::Service
-      attr_accessor :client_id, :client_secret
+module CosmosAuthentication
+  class Service < Cosmos::Service
+    attr_accessor :client_id, :client_secret
+    attr_writer :resource_owner_class
 
-      def client_with_credentials
-        raise "No credentials configured." unless client_id && client_secret
-        @client_with_credentials ||= client.dup.tap do |client|
-          client.params['client_id'] = client_id
-          client.params['client_secret'] = client_secret
-        end
-      end
+    def default_env
+      super.merge({
+        data: {
+          client_id:      client_id,
+          client_secret:  client_secret
+        }
+      })
+    end
 
-      def client_with_token(access_token)
-        client.dup.tap do |client|
-          client.headers['Authentication'] = "Bearer #{access_token}"
-        end
-      end
+    def get_token_via_code(code)
+      get_token({
+        client_id:      client_id,
+        client_secret:  client_secret,
+        grant_type:     'code',
+        code:           code
+      })
+    end
 
-      def get_token_with_code(code)
-        client = client_with_credentials
-        response = client.post token_link.href, {
-          grant_type:     'code',
-          code:           code
-        }
-        response.body
-      end
+    def get_token_via_password(username, password, scope = '')
+      get_token({
+        client_id:      client_id,
+        client_secret:  client_secret,
+        grant_type:     'password',
+        username:       username,
+        password:       password,
+        scope:          scope
+      })
+    end
 
-      def get_token_with_refresh_token(refresh_token)
-        client = client_with_credentials
-        response = client.post token_link.href, {
-          :grant_type => 'refresh_token',
-          :refresh_token => refresh_token
-        }
-        response.body
-      end
+    def get_token_via_refresh_token(refresh_token, scope = '')
+      get_token({
+        client_id:      client_id,
+        client_secret:  client_secret,
+        grant_type:     'refresh_token',
+        refresh_token:  refresh_token
+      })
+    end
 
-      def get_token_with_username_and_password(username, password, scope = '')
-        client = client_with_credentials
-        response = client.post token_link.href, {
-          :grant_type       => 'password',
-          :username         => username,
-          :password         => password,
-          :scope            => 'manage_companies'
-        }
-        response.body
+    def providers
+      get_providers
+    end
+
+    def resource_owner(access_token)
+      resource_owner_class.new.tap do |resource_owner|
+        resource_owner.collection = get_resource_owner(access_token)
       end
+    end
+
+    def resource_owner_class
+      @resource_owner_class || ResourceOwner
+    end
 
-      def resource_owner(access_token, klass = ResourceOwner)
-        client = client_with_token(access_token)
-        href = endpoint.link('resource_owner').href
-        response = client.get(href).body
-        if response.items.length > 0
-          response = client.get(response.items.first.href).body
-          klass.new(client, response)
-        end
+    private
+    def get_token(data)
+      output = call(data: data) do
+        use Cosmos::Middleware::Discover
+        use Cosmos::Middleware::Traverse, 'oauth2-token'
+        use Cosmos::Middleware::Submit
+        use Cosmos::Middleware::Save, :token
       end
 
-      def token_link
-        endpoint.link('oauth2_token')
+      output[:token]
+    end
+
+    def get_providers
+      output = call do
+        use Cosmos::Middleware::Discover
+        use Cosmos::Middleware::Traverse, 'providers'
+        use Cosmos::Middleware::Save, :providers
       end
 
-      def use_for_warden_authentication
-        Cosmos::Authentication.warden_service self
+      output[:providers]
+    end
+
+    def get_resource_owner(access_token)
+      output = call(access_token: access_token) do
+        use Middleware::UseToken, :access_token
+        use Cosmos::Middleware::Discover
+        use Cosmos::Middleware::Traverse, 'resource-owners'
+        use Cosmos::Middleware::Traverse, 'current'
+        use Cosmos::Middleware::Save, :resource_owner
       end
+
+      output[:resource_owner]
     end
   end
 end

data/lib/cosmos_authentication/version.rb

@@ -1,3 +1,3 @@
 module CosmosAuthentication
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/lib/cosmos_authentication.rb

@@ -1,12 +1,5 @@
 require "cosmos_authentication/version"
 require "cosmos_authentication/service"
-require "cosmos_authentication/warden" if Warden
 
-module Cosmos
-  module Authentication
-    def self.warden_service(service = nil)
-      @warden_service = service unless service.nil?
-      @warden_service || raise('No authentication service configured for warden.'.inspect)
-    end
-  end
+module CosmosAuthentication
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cosmos_authentication
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-22 00:00:00.000000000 Z
+date: 2012-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cosmos
-  requirement: &70098052432800 !ruby/object:Gem::Requirement
+  requirement: &70219771179280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,7 +21,7 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70098052432800
+  version_requirements: *70219771179280
 description: A client for the cosmos authentication service.
 email:
 - sebastian@uprise.co.nz
@@ -34,16 +34,11 @@ files:
 - Rakefile
 - cosmos_authentication.gemspec
 - lib/cosmos_authentication.rb
+- lib/cosmos_authentication/middleware/use_token.rb
+- lib/cosmos_authentication/rack_middleware.rb
 - lib/cosmos_authentication/resource_owner.rb
-- lib/cosmos_authentication/resources.rb
 - lib/cosmos_authentication/service.rb
-- lib/cosmos_authentication/stub.rb
 - lib/cosmos_authentication/version.rb
-- lib/cosmos_authentication/warden.rb
-- lib/cosmos_authentication/warden_strategies/access_token.rb
-- lib/cosmos_authentication/warden_strategies/code.rb
-- lib/cosmos_authentication/warden_strategies/password.rb
-- lib/cosmos_authentication/warden_strategies/refresh_token.rb
 homepage: https://github.com/SebastianEdwards/cosmos_authentication
 licenses: []
 post_install_message: 

data/lib/cosmos_authentication/resources.rb

@@ -1,29 +0,0 @@
-module Cosmos
-  module Authentication
-    class Resources
-      def initialize(client, collection)
-        @client = client
-        @collection = collection
-      end
-
-      def has_resource?(uri)
-        matches = @collection.items.select do |item|
-          item.href == uri
-        end.length > 0
-      end
-
-      def all
-        @collection.items.map do |item|
-          Stub.new(@client, Resource, item.href)
-        end
-      end
-    end
-
-    class Resource
-      def initialize(client, collection)
-        @client = client
-        @collection = collection
-      end
-    end
-  end
-end

data/lib/cosmos_authentication/stub.rb

@@ -1,22 +0,0 @@
-module Cosmos
-  module Authentication
-    class Stub
-      attr_reader :href
-
-      def initialize(client, klass, href)
-        @client = client
-        @klass = klass
-        @href = href
-      end
-
-      def method_missing(method_sym, *args)
-        @object ||= @klass.new(@client, @client.get(href).body)
-        if @object.respond_to?(method_sym)
-          @object.send method_sym, *args
-        else
-          super
-        end
-      end
-    end
-  end
-end

data/lib/cosmos_authentication/warden.rb

@@ -1,28 +0,0 @@
-module Cosmos
-  module Authentication
-    module Warden
-      module StrategyMixin
-        def service
-          Cosmos::Authentication.warden_service
-        end
-
-        def resource_owner(access_token)
-          service.resource_owner access_token
-        end
-
-        def find_user_by_access_token(access_token)
-          if ro = resource_owner(access_token)
-            success!(ro)
-          else
-            session[:access_token] = nil
-          end
-        end
-      end
-
-      require "cosmos_authentication/warden_strategies/access_token"
-      require "cosmos_authentication/warden_strategies/code"
-      require "cosmos_authentication/warden_strategies/password"
-      require "cosmos_authentication/warden_strategies/refresh_token"
-    end
-  end
-end

data/lib/cosmos_authentication/warden_strategies/access_token.rb

@@ -1,17 +0,0 @@
-module Cosmos
-  module Authentication
-    module Warden
-      ::Warden::Strategies.add(:access_token) do
-        include StrategyMixin
-
-        def valid?
-          session[:access_token]
-        end
-
-        def authenticate!
-          find_user_by_access_token(session[:access_token])
-        end
-      end
-    end
-  end
-end

data/lib/cosmos_authentication/warden_strategies/code.rb

@@ -1,20 +0,0 @@
-module Cosmos
-  module Authentication
-    module Warden
-      ::Warden::Strategies.add(:code) do
-        include StrategyMixin
-
-        def valid?
-          params[:code]
-        end
-
-        def authenticate!
-          if token = service.get_token_with_code(params[:code])
-            session[:refresh_token] = token['refresh_token']
-            session[:access_token] = token['access_token']
-          end
-        end
-      end
-    end
-  end
-end

data/lib/cosmos_authentication/warden_strategies/password.rb

@@ -1,21 +0,0 @@
-module Cosmos
-  module Authentication
-    module Warden
-      ::Warden::Strategies.add(:password) do
-        include StrategyMixin
-
-        def valid?
-          params[:username] && params[:password]
-        end
-
-        def authenticate!
-          args = [params[:username], params[:password]]
-          if token = service.get_token_with_username_and_password(*args)
-            session[:refresh_token] = token['refresh_token']
-            session[:access_token]  = token['access_token']
-          end
-        end
-      end
-    end
-  end
-end

data/lib/cosmos_authentication/warden_strategies/refresh_token.rb

@@ -1,21 +0,0 @@
-module Cosmos
-  module Authentication
-    module Warden
-      ::Warden::Strategies.add(:refresh_token) do
-        include StrategyMixin
-
-        def valid?
-          session[:refresh_token]
-        end
-
-        def authenticate!
-          if token = service.get_token_with_refresh_token(session[:refresh_token])
-            session[:refresh_token] = token['refresh_token']
-            session[:access_token]  = token['access_token']
-            find_user_by_access_token(session[:access_token])
-          end
-        end
-      end
-    end
-  end
-end