couchkeeper 0.6.7

data/lib/doorkeeper/engine.rb

@@ -0,0 +1,19 @@
+module Doorkeeper
+  class Engine < Rails::Engine
+    initializer "doorkeeper.routes" do
+      Doorkeeper::Rails::Routes.warn_if_using_mount_method!
+      Doorkeeper::Rails::Routes.install!
+    end
+
+    initializer "couchbase.add_design_documents", :before => "couchbase.upgrade_design_documents"  do
+      ::Couchbase::Model::Configuration.design_documents_paths = [File.join(File.dirname(__FILE__), "models"), "app/models"]
+    end
+    
+    initializer "doorkeeper.helpers" do
+
+      ActiveSupport.on_load(:action_controller) do
+        include Doorkeeper::Helpers::Filter
+      end
+    end
+  end
+end

data/lib/doorkeeper/errors.rb

@@ -0,0 +1,15 @@
+module Doorkeeper
+  module Errors
+    class DoorkeeperError < StandardError
+    end
+
+    class InvalidAuthorizationStrategy < DoorkeeperError
+    end
+
+    class InvalidTokenStrategy < DoorkeeperError
+    end
+
+    class MissingRequestStrategy < DoorkeeperError
+    end
+  end
+end

data/lib/doorkeeper/helpers/controller.rb

@@ -0,0 +1,58 @@
+module Doorkeeper
+  module Helpers
+    module Controller
+      def self.included(base)
+        base.send :private,
+                  :authenticate_resource_owner!,
+                  :authenticate_admin!,
+                  :current_resource_owner,
+                  :resource_owner_from_credentials,
+                  :skip_authorization?
+      end
+
+      def authenticate_resource_owner!
+        current_resource_owner
+      end
+
+      def current_resource_owner
+        instance_eval &Doorkeeper.configuration.authenticate_resource_owner
+      end
+
+      def resource_owner_from_credentials
+        instance_eval &Doorkeeper.configuration.resource_owner_from_credentials
+      end
+
+      def authenticate_admin!
+        instance_eval &Doorkeeper.configuration.authenticate_admin
+      end
+
+      def server
+        @server ||= Server.new(self)
+      end
+
+      def get_error_response_from_exception(exception)
+        error_name = case exception
+        when Errors::InvalidTokenStrategy
+          :unsupported_grant_type
+        when Errors::InvalidAuthorizationStrategy
+          :unsupported_response_type
+        when Errors::MissingRequestStrategy
+          :invalid_request
+        end
+
+        OAuth::ErrorResponse.new :name => error_name, :state => params[:state]
+      end
+
+      def handle_token_exception(exception)
+        error = get_error_response_from_exception exception
+        self.headers.merge!  error.headers
+        self.response_body = error.body.to_json
+        self.status        = error.status
+      end
+
+      def skip_authorization?
+        !!instance_exec([@server.current_resource_owner, @pre_auth.client], &Doorkeeper.configuration.skip_authorization)
+      end
+    end
+  end
+end

data/lib/doorkeeper/helpers/filter.rb

@@ -0,0 +1,38 @@
+module Doorkeeper
+  module Helpers
+    module Filter
+      module ClassMethods
+        def doorkeeper_for(*args)
+          doorkeeper_for = DoorkeeperForBuilder.create_doorkeeper_for(*args)
+
+          before_filter doorkeeper_for.filter_options do
+            return if doorkeeper_for.validate_token(doorkeeper_token)
+            # TODO: use ErrorRespose class for this
+            render_options = doorkeeper_unauthorized_render_options
+            if render_options.nil? || render_options.empty?
+              head :unauthorized
+            else
+              render_options[:status] = :unauthorized
+              render_options[:layout] = false if render_options[:layout].nil?
+              render render_options
+            end
+          end
+        end
+      end
+
+      def self.included(base)
+        base.extend ClassMethods
+        base.send :private, :doorkeeper_token, :doorkeeper_unauthorized_render_options
+      end
+
+      def doorkeeper_token
+        methods = Doorkeeper.configuration.access_token_methods
+        @token ||= OAuth::Token.authenticate request, *methods
+      end
+
+      def doorkeeper_unauthorized_render_options
+        nil
+      end
+    end
+  end
+end

data/lib/doorkeeper/models/access_grant.rb

@@ -0,0 +1,24 @@
+module Doorkeeper
+  class AccessGrant
+    include Doorkeeper::OAuth::Helpers
+    include Doorkeeper::Models::Scopes
+
+    belongs_to :application, :class_name => "Doorkeeper::Application", :inverse_of => :access_grants
+
+    validates :resource_owner_id, :application_id, :token, :expires_in, :redirect_uri, :presence => true
+
+    before_create :generate_token
+
+    def self.authenticate(token)
+      where(:token => token).first
+    end
+
+    private
+
+    def generate_token
+      # This is wrong! Token should be the id of the AccessGrant class not independently added.... (same as AccessToken)
+      # There should be a way to make it raise an error using the ruby model
+      # self.add('token', UniqueToken.generate)
+    end
+  end
+end

data/lib/doorkeeper/models/access_token.rb

@@ -0,0 +1,95 @@
+module Doorkeeper
+  class AccessToken < Couchbase::Model
+    include Doorkeeper::OAuth::Helpers
+    include Doorkeeper::Models::Scopes
+
+    attribute :resource_owner_id, :token, :expires_at
+    attribute :created_at, :default => lambda { Time.now.utc }
+    view :by_resource_owner_id, :by_token, :by_refresh_token, :by_application_id_and_resource_owner_id
+
+    belongs_to :application, :class_name => "Doorkeeper::Application", :inverse_of => :access_tokens
+    alias_attribute :token, :id
+    validates :application_id, :token, :presence => true
+
+    attr_accessor :use_refresh_token
+
+    before_create :generate_token
+    before_create :generate_refresh_token, :if => :use_refresh_token?
+
+
+
+    def expires_in
+      30
+    end
+
+
+    def self.authenticate(token)
+      find(token)
+    end
+
+    def self.where_owner_id(id)
+      Application.find(*by_resource_owner_id({:key => id}))
+    end
+
+    def self.by_refresh_token(refresh_token)
+      by_refresh_token({:key => refresh_token})
+    end
+
+    def self.revoke_all_for(application_id, resource_owner)
+      AccessToken.find(*by_application_id_and_resource_owner_id({:key => [application_id, resource_owner]})).delete
+    end
+
+    def self.matching_token_for(application, resource_owner_or_id, scopes)
+      resource_owner_id = resource_owner_or_id.respond_to?(:to_key) ? resource_owner_or_id.id : resource_owner_or_id
+      token = last_authorized_token_for(application, resource_owner_id)
+      token if token
+    end
+
+    def token_type
+      "bearer"
+    end
+
+    def use_refresh_token?
+      self.use_refresh_token
+    end
+
+    def as_json(options={})
+      {
+        :resource_owner_id => self.resource_owner_id,
+        :scopes => self.scopes,
+        :expires_in_seconds => self.expires_at - Time.now,
+        :application => { :uid => self.application.id }
+      }
+    end
+
+    def self.last_authorized_token_for(application, resource_owner_id)
+      by_application_id_and_resource_owner_id({:key => [application.id, resource_owner_id]})
+    end
+    private_class_method :last_authorized_token_for
+
+
+
+
+    def self.delete_all_for(application_id, resource_owner)
+      where(:application_id => application_id,
+            :resource_owner_id => resource_owner.id).delete_all
+    end
+    private_class_method :delete_all_for
+
+ 
+
+    private
+
+    def generate_refresh_token
+      if use_refresh_token
+        self.refresh_token = UniqueToken.generate
+      end
+    end
+
+    def generate_token
+      self.id = UniqueToken.generate
+    end
+    
+
+  end
+end

data/lib/doorkeeper/models/accessible.rb

@@ -0,0 +1,9 @@
+module Doorkeeper
+  module Models
+    module Accessible
+      def accessible?
+        !expired? && !revoked?
+      end
+    end
+  end
+end

data/lib/doorkeeper/models/active_record/access_grant.rb

@@ -0,0 +1,5 @@
+module Doorkeeper
+  class AccessGrant < ActiveRecord::Base
+    self.table_name = :oauth_access_grants
+  end
+end

data/lib/doorkeeper/models/active_record/access_token.rb

@@ -0,0 +1,21 @@
+module Doorkeeper
+  class AccessToken < ActiveRecord::Base
+    self.table_name = :oauth_access_tokens
+
+    def self.delete_all_for(application_id, resource_owner)
+      where(:application_id => application_id,
+            :resource_owner_id => resource_owner.id).delete_all
+    end
+    private_class_method :delete_all_for
+
+    def self.last_authorized_token_for(application, resource_owner_id)
+      where(:application_id => application.id,
+            :resource_owner_id => resource_owner_id,
+            :revoked_at => nil).
+      order('created_at desc').
+      limit(1).
+      first
+    end
+    private_class_method :last_authorized_token_for
+  end
+end

data/lib/doorkeeper/models/active_record/application.rb

@@ -0,0 +1,20 @@
+module Doorkeeper
+  class Application < ActiveRecord::Base
+    self.table_name = :oauth_applications
+
+    has_many :authorized_tokens, :class_name => "AccessToken", :conditions => { :revoked_at => nil }
+    has_many :authorized_applications, :through => :authorized_tokens, :source => :application
+
+    def self.column_names_with_table
+      self.column_names.map { |c| "#{self.table_name}.#{c}" }
+    end
+
+    def self.authorized_for(resource_owner)
+      # SELECT "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."application_id" = 5 
+      # AND "oauth_access_tokens"."resource_owner_id" = 45 AND "oauth_access_tokens "."revoked_at" IS NULL ORDER BY created_at desc LIMIT 1
+      joins(:authorized_applications).
+        where(:oauth_access_tokens => { :resource_owner_id => resource_owner.id, :revoked_at => nil }).
+        group(column_names_with_table.join(','))
+    end
+  end
+end

data/lib/doorkeeper/models/application.rb

@@ -0,0 +1,33 @@
+module Doorkeeper
+  class Application
+    include Doorkeeper::OAuth::Helpers
+
+
+    validates :name, :secret, :redirect_uri, :presence => true
+    validates :redirect_uri, :redirect_uri => true
+
+    before_create :generate_uid, :generate_secret
+
+    def self.model_name
+      ActiveModel::Name.new(self, Doorkeeper, 'Application')
+    end
+
+    def self.authenticate(uid, secret)
+      self.where(:uid => uid, :secret => secret).first
+    end
+
+    def self.by_uid(uid)
+      find_by_id(uid)
+    end
+
+    private
+
+    def generate_uid
+      self.id = UniqueToken.generate
+    end
+
+    def generate_secret
+      self.secret = UniqueToken.generate
+    end
+  end
+end

data/lib/doorkeeper/models/couchbase/access_grant.rb

@@ -0,0 +1,10 @@
+module Doorkeeper
+  class AccessGrant < Couchbase::Model
+
+    attribute :resource_owner_id, :application_id, :token, :expires_in, :redirect_uri, :revoked_at
+
+  	def self.authenticate(token)
+      by_token({:key => token})
+    end
+  end
+end

data/lib/doorkeeper/models/couchbase/access_token.rb

@@ -0,0 +1,7 @@
+module Doorkeeper
+  class AccessToken < Couchbase::Model
+
+    
+
+	end
+end

data/lib/doorkeeper/models/couchbase/application.rb

@@ -0,0 +1,35 @@
+module Doorkeeper
+  class Application < Couchbase::Model
+ 	include Doorkeeper::OAuth::Helpers
+	attribute   :name, :secret, :redirect_uri
+  attribute :created_at, :default => lambda { Time.now.utc }
+  alias_attribute :uid, :id
+	
+  view :by_uid_and_secret, :by_uid, :show_all
+  	def self.authorized_for(resource_owner)
+		AccessToken.where_owner_id(resource_owner.id)
+    end
+
+    def self.authenticate(uid, secret)
+      by_uid_and_secret({:key => [uid, secret]})
+    end
+
+    def self.by_uid(uid)
+      by_uid({:key => uid})
+    end
+
+    def self.find_all
+      show_all({:key => nil, :include_docs => true, :stale => false})
+    end
+
+    private
+
+    def generate_uid
+      self.id = UniqueToken.generate
+    end
+
+    def generate_secret
+      self.secret = UniqueToken.generate
+    end
+  end
+end

data/lib/doorkeeper/models/doorkeeper_access_grant/by_token/map.js

@@ -0,0 +1,5 @@
+function(doc) {
+  if(doc.type == "doorkeeper_access_token") {
+    emit([doc.token]);
+  }
+}

data/lib/doorkeeper/models/doorkeeper_access_token/by_application_id/map.js

@@ -0,0 +1,5 @@
+function(doc) {
+  if(doc.type == "doorkeeper_access_token" && doc.application_id && doc.revoked != true) {
+    emit(doc.resource_owner_id, doc.application_id);
+  }
+}

data/lib/doorkeeper/models/doorkeeper_access_token/by_application_id_and_resource_owner_id/map.js

@@ -0,0 +1,5 @@
+function(doc) {
+  if(doc.type == "doorkeeper_access_token" && doc.application_id && doc.resource_owner_id && doc.revoked != true) {
+    emit([doc.application_id, doc.resource_owner_id, doc.created_at]);
+  }
+}

data/lib/doorkeeper/models/doorkeeper_access_token/by_refresh_token/map.js

@@ -0,0 +1,5 @@
+function(doc) {
+  if(doc.type == "doorkeeper_access_token") {
+    emit([doc.refresh_token]);
+  }
+}

data/lib/doorkeeper/models/doorkeeper_access_token/by_resource_owner_id/map.js

@@ -0,0 +1,5 @@
+function(doc) {
+  if(doc.resource_owner_id) {
+    emit([doc.resource_owner_id], null);
+  }
+}

data/lib/doorkeeper/models/doorkeeper_access_token/by_token/map.js

@@ -0,0 +1,5 @@
+function(doc) {
+  if(doc.type == "access_token") {
+    emit([doc.token]);
+  }
+}