couchkeeper 0.6.7
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +14 -0
- data/.rspec +1 -0
- data/.travis.yml +28 -0
- data/CHANGELOG.md +198 -0
- data/Gemfile +32 -0
- data/MIT-LICENSE +20 -0
- data/README.md +290 -0
- data/Rakefile +18 -0
- data/app/assets/javascripts/doorkeeper/application.js +2 -0
- data/app/assets/stylesheets/doorkeeper/application.css +18 -0
- data/app/assets/stylesheets/doorkeeper/form.css +13 -0
- data/app/controllers/doorkeeper/application_controller.rb +7 -0
- data/app/controllers/doorkeeper/applications_controller.rb +60 -0
- data/app/controllers/doorkeeper/authorizations_controller.rb +57 -0
- data/app/controllers/doorkeeper/authorized_applications_controller.rb +12 -0
- data/app/controllers/doorkeeper/token_info_controller.rb +12 -0
- data/app/controllers/doorkeeper/tokens_controller.rb +20 -0
- data/app/helpers/doorkeeper/form_errors_helper.rb +9 -0
- data/app/validators/redirect_uri_validator.rb +23 -0
- data/app/views/doorkeeper/applications/_form.html.erb +34 -0
- data/app/views/doorkeeper/applications/edit.html.erb +13 -0
- data/app/views/doorkeeper/applications/index.html.erb +29 -0
- data/app/views/doorkeeper/applications/new.html.erb +13 -0
- data/app/views/doorkeeper/applications/show.html.erb +26 -0
- data/app/views/doorkeeper/authorizations/error.html.erb +6 -0
- data/app/views/doorkeeper/authorizations/new.html.erb +37 -0
- data/app/views/doorkeeper/authorizations/show.html.erb +4 -0
- data/app/views/doorkeeper/authorized_applications/index.html.erb +25 -0
- data/app/views/layouts/doorkeeper/application.html.erb +33 -0
- data/config/locales/en.yml +68 -0
- data/doorkeeper.gemspec +28 -0
- data/lib/doorkeeper.rb +64 -0
- data/lib/doorkeeper/config.rb +194 -0
- data/lib/doorkeeper/doorkeeper_for.rb +76 -0
- data/lib/doorkeeper/engine.rb +19 -0
- data/lib/doorkeeper/errors.rb +15 -0
- data/lib/doorkeeper/helpers/controller.rb +58 -0
- data/lib/doorkeeper/helpers/filter.rb +38 -0
- data/lib/doorkeeper/models/access_grant.rb +24 -0
- data/lib/doorkeeper/models/access_token.rb +95 -0
- data/lib/doorkeeper/models/accessible.rb +9 -0
- data/lib/doorkeeper/models/active_record/access_grant.rb +5 -0
- data/lib/doorkeeper/models/active_record/access_token.rb +21 -0
- data/lib/doorkeeper/models/active_record/application.rb +20 -0
- data/lib/doorkeeper/models/application.rb +33 -0
- data/lib/doorkeeper/models/couchbase/access_grant.rb +10 -0
- data/lib/doorkeeper/models/couchbase/access_token.rb +7 -0
- data/lib/doorkeeper/models/couchbase/application.rb +35 -0
- data/lib/doorkeeper/models/doorkeeper_access_grant/by_token/map.js +5 -0
- data/lib/doorkeeper/models/doorkeeper_access_token/by_application_id/map.js +5 -0
- data/lib/doorkeeper/models/doorkeeper_access_token/by_application_id_and_resource_owner_id/map.js +5 -0
- data/lib/doorkeeper/models/doorkeeper_access_token/by_refresh_token/map.js +5 -0
- data/lib/doorkeeper/models/doorkeeper_access_token/by_resource_owner_id/map.js +5 -0
- data/lib/doorkeeper/models/doorkeeper_access_token/by_token/map.js +5 -0
- data/lib/doorkeeper/models/doorkeeper_application/by_uid/map.js +5 -0
- data/lib/doorkeeper/models/doorkeeper_application/by_uid_and_secret/map.js +5 -0
- data/lib/doorkeeper/models/doorkeeper_application/show_all/map.js +6 -0
- data/lib/doorkeeper/models/expirable.rb +21 -0
- data/lib/doorkeeper/models/mongo_mapper/access_grant.rb +28 -0
- data/lib/doorkeeper/models/mongo_mapper/access_token.rb +51 -0
- data/lib/doorkeeper/models/mongo_mapper/application.rb +30 -0
- data/lib/doorkeeper/models/mongo_mapper/revocable.rb +15 -0
- data/lib/doorkeeper/models/mongoid/revocable.rb +15 -0
- data/lib/doorkeeper/models/mongoid/scopes.rb +15 -0
- data/lib/doorkeeper/models/mongoid2/access_grant.rb +22 -0
- data/lib/doorkeeper/models/mongoid2/access_token.rb +41 -0
- data/lib/doorkeeper/models/mongoid2/application.rb +22 -0
- data/lib/doorkeeper/models/mongoid3/access_grant.rb +22 -0
- data/lib/doorkeeper/models/mongoid3/access_token.rb +41 -0
- data/lib/doorkeeper/models/mongoid3/application.rb +22 -0
- data/lib/doorkeeper/models/ownership.rb +16 -0
- data/lib/doorkeeper/models/scopes.rb +17 -0
- data/lib/doorkeeper/oauth/authorization.rb +10 -0
- data/lib/doorkeeper/oauth/authorization/code.rb +32 -0
- data/lib/doorkeeper/oauth/authorization/token.rb +28 -0
- data/lib/doorkeeper/oauth/authorization/uri_builder.rb +29 -0
- data/lib/doorkeeper/oauth/authorization_code_request.rb +82 -0
- data/lib/doorkeeper/oauth/client.rb +29 -0
- data/lib/doorkeeper/oauth/client/credentials.rb +21 -0
- data/lib/doorkeeper/oauth/client/methods.rb +18 -0
- data/lib/doorkeeper/oauth/client_credentials/creator.rb +29 -0
- data/lib/doorkeeper/oauth/client_credentials/issuer.rb +35 -0
- data/lib/doorkeeper/oauth/client_credentials/validation.rb +33 -0
- data/lib/doorkeeper/oauth/client_credentials_request.rb +47 -0
- data/lib/doorkeeper/oauth/code_request.rb +28 -0
- data/lib/doorkeeper/oauth/code_response.rb +37 -0
- data/lib/doorkeeper/oauth/error.rb +9 -0
- data/lib/doorkeeper/oauth/error_response.rb +44 -0
- data/lib/doorkeeper/oauth/helpers/scope_checker.rb +18 -0
- data/lib/doorkeeper/oauth/helpers/unique_token.rb +13 -0
- data/lib/doorkeeper/oauth/helpers/uri_checker.rb +32 -0
- data/lib/doorkeeper/oauth/password_access_token_request.rb +84 -0
- data/lib/doorkeeper/oauth/pre_authorization.rb +62 -0
- data/lib/doorkeeper/oauth/refresh_token_request.rb +58 -0
- data/lib/doorkeeper/oauth/scopes.rb +60 -0
- data/lib/doorkeeper/oauth/token.rb +36 -0
- data/lib/doorkeeper/oauth/token_request.rb +28 -0
- data/lib/doorkeeper/oauth/token_response.rb +29 -0
- data/lib/doorkeeper/rails/routes.rb +90 -0
- data/lib/doorkeeper/rails/routes/mapper.rb +28 -0
- data/lib/doorkeeper/rails/routes/mapping.rb +39 -0
- data/lib/doorkeeper/request.rb +33 -0
- data/lib/doorkeeper/request/authorization_code.rb +23 -0
- data/lib/doorkeeper/request/client_credentials.rb +23 -0
- data/lib/doorkeeper/request/code.rb +24 -0
- data/lib/doorkeeper/request/password.rb +23 -0
- data/lib/doorkeeper/request/refresh_token.rb +23 -0
- data/lib/doorkeeper/request/token.rb +24 -0
- data/lib/doorkeeper/server.rb +54 -0
- data/lib/doorkeeper/validations.rb +30 -0
- data/lib/doorkeeper/version.rb +3 -0
- data/lib/generators/doorkeeper/application_owner_generator.rb +15 -0
- data/lib/generators/doorkeeper/install_generator.rb +12 -0
- data/lib/generators/doorkeeper/migration_generator.rb +15 -0
- data/lib/generators/doorkeeper/mongo_mapper/indexes_generator.rb +12 -0
- data/lib/generators/doorkeeper/templates/README +44 -0
- data/lib/generators/doorkeeper/templates/add_owner_to_application_migration.rb +7 -0
- data/lib/generators/doorkeeper/templates/indexes.rb +3 -0
- data/lib/generators/doorkeeper/templates/initializer.rb +67 -0
- data/lib/generators/doorkeeper/templates/migration.rb +42 -0
- data/lib/generators/doorkeeper/views_generator.rb +15 -0
- data/script/rails +6 -0
- data/script/run_all +14 -0
- data/spec/controllers/applications_controller_spec.rb +18 -0
- data/spec/controllers/authorizations_controller_spec.rb +154 -0
- data/spec/controllers/protected_resources_controller_spec.rb +304 -0
- data/spec/controllers/token_info_controller_spec.rb +54 -0
- data/spec/controllers/tokens_controller_spec.rb +36 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/assets/javascripts/application.js +9 -0
- data/spec/dummy/app/assets/stylesheets/application.css +7 -0
- data/spec/dummy/app/controllers/application_controller.rb +3 -0
- data/spec/dummy/app/controllers/custom_authorizations_controller.rb +7 -0
- data/spec/dummy/app/controllers/full_protected_resources_controller.rb +12 -0
- data/spec/dummy/app/controllers/home_controller.rb +17 -0
- data/spec/dummy/app/controllers/metal_controller.rb +11 -0
- data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +11 -0
- data/spec/dummy/app/helpers/application_helper.rb +5 -0
- data/spec/dummy/app/models/user.rb +27 -0
- data/spec/dummy/app/views/home/index.html.erb +0 -0
- data/spec/dummy/app/views/layouts/application.html.erb +16 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +54 -0
- data/spec/dummy/config/boot.rb +6 -0
- data/spec/dummy/config/database.yml +15 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +30 -0
- data/spec/dummy/config/environments/production.rb +60 -0
- data/spec/dummy/config/environments/test.rb +39 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/doorkeeper.rb +56 -0
- data/spec/dummy/config/initializers/secret_token.rb +9 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/doorkeeper.en.yml +5 -0
- data/spec/dummy/config/mongo.yml +11 -0
- data/spec/dummy/config/mongoid2.yml +9 -0
- data/spec/dummy/config/mongoid3.yml +18 -0
- data/spec/dummy/config/routes.rb +38 -0
- data/spec/dummy/db/migrate/20111122132257_create_users.rb +9 -0
- data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +5 -0
- data/spec/dummy/db/migrate/20120524202412_create_doorkeeper_tables.rb +44 -0
- data/spec/dummy/db/schema.rb +64 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +26 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/factories/access_grant.rb +9 -0
- data/spec/factories/access_token.rb +7 -0
- data/spec/factories/application.rb +6 -0
- data/spec/generators/application_owner_generator_spec.rb +23 -0
- data/spec/generators/install_generator_spec.rb +31 -0
- data/spec/generators/migration_generator_spec.rb +20 -0
- data/spec/generators/templates/routes.rb +3 -0
- data/spec/generators/views_generator_spec.rb +27 -0
- data/spec/lib/config_spec.rb +170 -0
- data/spec/lib/models/expirable_spec.rb +51 -0
- data/spec/lib/models/revocable_spec.rb +31 -0
- data/spec/lib/models/scopes_spec.rb +32 -0
- data/spec/lib/oauth/authorization/uri_builder_spec.rb +37 -0
- data/spec/lib/oauth/authorization_code_request_spec.rb +80 -0
- data/spec/lib/oauth/client/credentials_spec.rb +47 -0
- data/spec/lib/oauth/client/methods_spec.rb +54 -0
- data/spec/lib/oauth/client_credentials/creator_spec.rb +47 -0
- data/spec/lib/oauth/client_credentials/issuer_spec.rb +57 -0
- data/spec/lib/oauth/client_credentials/validation_spec.rb +29 -0
- data/spec/lib/oauth/client_credentials_integration_spec.rb +27 -0
- data/spec/lib/oauth/client_credentials_request_spec.rb +64 -0
- data/spec/lib/oauth/client_spec.rb +39 -0
- data/spec/lib/oauth/code_request_spec.rb +44 -0
- data/spec/lib/oauth/error_response_spec.rb +40 -0
- data/spec/lib/oauth/error_spec.rb +19 -0
- data/spec/lib/oauth/helpers/scope_checker_spec.rb +74 -0
- data/spec/lib/oauth/helpers/unique_token_spec.rb +20 -0
- data/spec/lib/oauth/helpers/uri_checker_spec.rb +64 -0
- data/spec/lib/oauth/password_access_token_request_spec.rb +65 -0
- data/spec/lib/oauth/pre_authorization_spec.rb +80 -0
- data/spec/lib/oauth/refresh_token_request_spec.rb +56 -0
- data/spec/lib/oauth/scopes_spec.rb +115 -0
- data/spec/lib/oauth/token_request_spec.rb +46 -0
- data/spec/lib/oauth/token_response_spec.rb +52 -0
- data/spec/lib/oauth/token_spec.rb +83 -0
- data/spec/lib/server_spec.rb +24 -0
- data/spec/models/doorkeeper/access_grant_spec.rb +36 -0
- data/spec/models/doorkeeper/access_token_spec.rb +153 -0
- data/spec/models/doorkeeper/application_spec.rb +162 -0
- data/spec/requests/applications/applications_request_spec.rb +92 -0
- data/spec/requests/applications/authorized_applications_spec.rb +30 -0
- data/spec/requests/endpoints/authorization_spec.rb +47 -0
- data/spec/requests/endpoints/token_spec.rb +46 -0
- data/spec/requests/flows/authorization_code_errors_spec.rb +66 -0
- data/spec/requests/flows/authorization_code_spec.rb +135 -0
- data/spec/requests/flows/client_credentials_spec.rb +58 -0
- data/spec/requests/flows/implicit_grant_errors_spec.rb +31 -0
- data/spec/requests/flows/implicit_grant_spec.rb +19 -0
- data/spec/requests/flows/password_spec.rb +78 -0
- data/spec/requests/flows/refresh_token_spec.rb +71 -0
- data/spec/requests/flows/skip_authorization_spec.rb +40 -0
- data/spec/requests/protected_resources/metal_spec.rb +14 -0
- data/spec/requests/protected_resources/private_api_spec.rb +50 -0
- data/spec/routing/custom_controller_routes_spec.rb +44 -0
- data/spec/routing/default_routes_spec.rb +32 -0
- data/spec/spec_helper.rb +2 -0
- data/spec/spec_helper_integration.rb +40 -0
- data/spec/support/dependencies/factory_girl.rb +2 -0
- data/spec/support/helpers/access_token_request_helper.rb +11 -0
- data/spec/support/helpers/authorization_request_helper.rb +32 -0
- data/spec/support/helpers/config_helper.rb +9 -0
- data/spec/support/helpers/model_helper.rb +45 -0
- data/spec/support/helpers/request_spec_helper.rb +72 -0
- data/spec/support/helpers/url_helper.rb +51 -0
- data/spec/support/orm/active_record.rb +11 -0
- data/spec/support/orm/mongo_mapper.rb +26 -0
- data/spec/support/orm/mongoid.rb +31 -0
- data/spec/support/shared/controllers_shared_context.rb +60 -0
- data/spec/support/shared/models_shared_examples.rb +60 -0
- data/spec/validators/redirect_uri_validator_spec.rb +47 -0
- data/vendor/assets/stylesheets/doorkeeper/bootstrap.min.css +356 -0
- metadata +430 -0
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
module Authorization
|
|
4
|
+
class Token
|
|
5
|
+
attr_accessor :pre_auth, :resource_owner, :token
|
|
6
|
+
|
|
7
|
+
def initialize(pre_auth, resource_owner)
|
|
8
|
+
@pre_auth = pre_auth
|
|
9
|
+
@resource_owner = resource_owner
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def issue_token
|
|
13
|
+
@token ||= AccessToken.create!({
|
|
14
|
+
:application_id => pre_auth.client.id,
|
|
15
|
+
:resource_owner_id => resource_owner.id,
|
|
16
|
+
:scopes => pre_auth.scopes.to_s,
|
|
17
|
+
:ttl => configuration.access_token_expires_in,
|
|
18
|
+
:use_refresh_token => false
|
|
19
|
+
})
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def configuration
|
|
23
|
+
Doorkeeper.configuration
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
module Authorization
|
|
4
|
+
module URIBuilder
|
|
5
|
+
include Rack::Utils
|
|
6
|
+
|
|
7
|
+
extend self
|
|
8
|
+
|
|
9
|
+
def uri_with_query(url, parameters = {})
|
|
10
|
+
uri = URI.parse(url)
|
|
11
|
+
original_query = parse_query(uri.query)
|
|
12
|
+
uri.query = build_query(original_query.merge(parameters))
|
|
13
|
+
uri.to_s
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def uri_with_fragment(url, parameters = {})
|
|
17
|
+
uri = URI.parse(url)
|
|
18
|
+
uri.fragment = build_query(parameters)
|
|
19
|
+
uri.to_s
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def build_query(parameters = {})
|
|
23
|
+
parameters = parameters.reject { |k, v| v.blank? }
|
|
24
|
+
super parameters
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
class AuthorizationCodeRequest
|
|
4
|
+
include Doorkeeper::Validations
|
|
5
|
+
|
|
6
|
+
validate :attributes, :error => :invalid_request
|
|
7
|
+
validate :client, :error => :invalid_client
|
|
8
|
+
validate :grant, :error => :invalid_grant
|
|
9
|
+
validate :redirect_uri, :error => :invalid_grant
|
|
10
|
+
|
|
11
|
+
attr_accessor :server, :grant, :client, :redirect_uri
|
|
12
|
+
|
|
13
|
+
def initialize(server, grant, client, parameters = {})
|
|
14
|
+
@server = server
|
|
15
|
+
@client = client
|
|
16
|
+
@grant = grant
|
|
17
|
+
@redirect_uri = parameters[:redirect_uri]
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def authorize
|
|
21
|
+
validate
|
|
22
|
+
@response = if valid?
|
|
23
|
+
grant.revoke
|
|
24
|
+
find_or_create_access_token
|
|
25
|
+
TokenResponse.new access_token
|
|
26
|
+
else
|
|
27
|
+
ErrorResponse.from_request self
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def valid?
|
|
32
|
+
self.error.nil?
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def access_token
|
|
36
|
+
@access_token ||= Doorkeeper::AccessToken.matching_token_for client, grant.resource_owner_id, grant.scopes
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
private
|
|
40
|
+
|
|
41
|
+
def find_or_create_access_token
|
|
42
|
+
if access_token
|
|
43
|
+
access_token.expired? ? revoke_and_create_access_token : access_token
|
|
44
|
+
else
|
|
45
|
+
create_access_token
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def revoke_and_create_access_token
|
|
50
|
+
access_token.revoke
|
|
51
|
+
create_access_token
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def create_access_token
|
|
55
|
+
@access_token = Doorkeeper::AccessToken.create!({
|
|
56
|
+
:application_id => grant.application_id,
|
|
57
|
+
:resource_owner_id => grant.resource_owner_id,
|
|
58
|
+
:scopes => grant.scopes_string,
|
|
59
|
+
:expires_in => server.access_token_expires_in,
|
|
60
|
+
:use_refresh_token => server.refresh_token_enabled?
|
|
61
|
+
})
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def validate_attributes
|
|
65
|
+
redirect_uri.present?
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def validate_client
|
|
69
|
+
!!client
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def validate_grant
|
|
73
|
+
return false unless grant && grant.application_id == client.id
|
|
74
|
+
grant.accessible?
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def validate_redirect_uri
|
|
78
|
+
grant.redirect_uri == redirect_uri
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
end
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
require 'doorkeeper/oauth/client/methods'
|
|
2
|
+
require 'doorkeeper/oauth/client/credentials'
|
|
3
|
+
|
|
4
|
+
module Doorkeeper
|
|
5
|
+
module OAuth
|
|
6
|
+
class Client
|
|
7
|
+
def self.find(uid, method = Doorkeeper::Application.method(:by_uid))
|
|
8
|
+
if application = method.call(uid)
|
|
9
|
+
new(application)
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.authenticate(credentials, method = Doorkeeper::Application.method(:authenticate))
|
|
14
|
+
return false if credentials.blank?
|
|
15
|
+
if application = method.call(credentials.uid, credentials.secret)
|
|
16
|
+
new(application)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
delegate :id, :name, :uid, :redirect_uri, :to => :@application
|
|
21
|
+
|
|
22
|
+
def initialize(application)
|
|
23
|
+
@application = application
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
attr_accessor :application
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
class Client
|
|
4
|
+
class Credentials < Struct.new(:uid, :secret)
|
|
5
|
+
extend Methods
|
|
6
|
+
|
|
7
|
+
def self.from_request(request, *credentials_methods)
|
|
8
|
+
credentials_methods.inject(nil) do |credentials, method|
|
|
9
|
+
method = self.method(method) if method.is_a?(Symbol)
|
|
10
|
+
credentials = Credentials.new *method.call(request)
|
|
11
|
+
break credentials unless credentials.blank?
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def blank?
|
|
16
|
+
uid.blank? || secret.blank?
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
class Client
|
|
4
|
+
module Methods
|
|
5
|
+
def from_params(request)
|
|
6
|
+
request.parameters.values_at(:client_id, :client_secret)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def from_basic(request)
|
|
10
|
+
authorization = request.authorization
|
|
11
|
+
if authorization.present? && authorization =~ /^Basic (.*)/m
|
|
12
|
+
Base64.decode64($1).split(/:/, 2)
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
class ClientCredentialsRequest
|
|
4
|
+
class Creator
|
|
5
|
+
def call(client, scopes, attributes = {})
|
|
6
|
+
existing_token = existing_token_for(client, scopes)
|
|
7
|
+
if existing_token
|
|
8
|
+
return existing_token if existing_token.accessible?
|
|
9
|
+
existing_token.revoke
|
|
10
|
+
end
|
|
11
|
+
create(client, scopes, attributes)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def existing_token_for(client, scopes)
|
|
17
|
+
Doorkeeper::AccessToken.matching_token_for client, nil, scopes
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def create(client, scopes, attributes = {})
|
|
21
|
+
Doorkeeper::AccessToken.create(attributes.merge({
|
|
22
|
+
:application_id => client.id,
|
|
23
|
+
:scopes => scopes.to_s
|
|
24
|
+
}))
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
require 'doorkeeper/oauth/client_credentials/validation'
|
|
2
|
+
|
|
3
|
+
module Doorkeeper
|
|
4
|
+
module OAuth
|
|
5
|
+
class ClientCredentialsRequest
|
|
6
|
+
class Issuer
|
|
7
|
+
attr_accessor :token, :validation, :error
|
|
8
|
+
|
|
9
|
+
def initialize(server, validation)
|
|
10
|
+
@server, @validation = server, validation
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def create(client, scopes, creator = Creator.new)
|
|
14
|
+
if validation.valid?
|
|
15
|
+
@token = create_token(client, scopes, creator)
|
|
16
|
+
@error = :server_error unless @token
|
|
17
|
+
else
|
|
18
|
+
@token = false
|
|
19
|
+
@error = validation.error
|
|
20
|
+
end
|
|
21
|
+
@token
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
private
|
|
25
|
+
|
|
26
|
+
def create_token(client, scopes, creator)
|
|
27
|
+
creator.call(client, scopes, {
|
|
28
|
+
:use_refresh_token => false,
|
|
29
|
+
:expires_in => @server.access_token_expires_in
|
|
30
|
+
})
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require 'doorkeeper/validations'
|
|
2
|
+
require 'doorkeeper/oauth/scopes'
|
|
3
|
+
require 'doorkeeper/oauth/helpers/scope_checker'
|
|
4
|
+
|
|
5
|
+
module Doorkeeper
|
|
6
|
+
module OAuth
|
|
7
|
+
class ClientCredentialsRequest
|
|
8
|
+
class Validation
|
|
9
|
+
include Doorkeeper::Validations
|
|
10
|
+
include Doorkeeper::OAuth::Helpers
|
|
11
|
+
|
|
12
|
+
validate :client, :error => :invalid_client
|
|
13
|
+
validate :scopes, :error => :invalid_scope
|
|
14
|
+
|
|
15
|
+
def initialize(server, request)
|
|
16
|
+
@server, @request = server, request
|
|
17
|
+
validate
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def validate_client
|
|
23
|
+
@request.client.present?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def validate_scopes
|
|
27
|
+
return true unless @request.original_scopes.present?
|
|
28
|
+
ScopeChecker.valid?(@request.original_scopes, @server.scopes)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
require 'doorkeeper/oauth/error'
|
|
2
|
+
require 'doorkeeper/oauth/error_response'
|
|
3
|
+
require 'doorkeeper/oauth/scopes'
|
|
4
|
+
require 'doorkeeper/oauth/token_response'
|
|
5
|
+
require 'doorkeeper/oauth/client_credentials/creator'
|
|
6
|
+
require 'doorkeeper/oauth/client_credentials/issuer'
|
|
7
|
+
require 'doorkeeper/oauth/client_credentials/validation'
|
|
8
|
+
|
|
9
|
+
module Doorkeeper
|
|
10
|
+
module OAuth
|
|
11
|
+
class ClientCredentialsRequest
|
|
12
|
+
attr_accessor :issuer, :server, :client, :original_scopes, :scopes
|
|
13
|
+
attr_reader :response
|
|
14
|
+
alias :error_response :response
|
|
15
|
+
|
|
16
|
+
delegate :error, :to => :issuer
|
|
17
|
+
|
|
18
|
+
def issuer
|
|
19
|
+
@issuer ||= Issuer.new(server, Validation.new(server, self))
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def initialize(server, client, parameters = {})
|
|
23
|
+
@client, @server = client, server
|
|
24
|
+
@response = nil
|
|
25
|
+
@original_scopes = parameters[:scope]
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def authorize
|
|
29
|
+
status = issuer.create(client, scopes)
|
|
30
|
+
@response = if status
|
|
31
|
+
TokenResponse.new(issuer.token)
|
|
32
|
+
else
|
|
33
|
+
ErrorResponse.from_request(self)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
# TODO: duplicated code in all flows
|
|
38
|
+
def scopes
|
|
39
|
+
@scopes ||= if @original_scopes.present?
|
|
40
|
+
Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
|
|
41
|
+
else
|
|
42
|
+
server.default_scopes
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
class CodeRequest
|
|
4
|
+
attr_accessor :pre_auth, :resource_owner, :client
|
|
5
|
+
|
|
6
|
+
def initialize(pre_auth, resource_owner)
|
|
7
|
+
@pre_auth = pre_auth
|
|
8
|
+
@client = pre_auth.client
|
|
9
|
+
@resource_owner = resource_owner
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def authorize
|
|
13
|
+
@response = if pre_auth.authorizable?
|
|
14
|
+
auth = Authorization::Code.new(pre_auth, resource_owner)
|
|
15
|
+
auth.issue_token
|
|
16
|
+
CodeResponse.new pre_auth, auth
|
|
17
|
+
else
|
|
18
|
+
ErrorResponse.from_request pre_auth
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def deny
|
|
23
|
+
pre_auth.error = :access_denied
|
|
24
|
+
ErrorResponse.from_request(pre_auth, :redirect_uri => pre_auth.redirect_uri)
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
class CodeResponse
|
|
4
|
+
include Doorkeeper::OAuth::Authorization::URIBuilder
|
|
5
|
+
include Doorkeeper::OAuth::Helpers
|
|
6
|
+
|
|
7
|
+
attr_accessor :pre_auth, :auth, :response_on_fragment
|
|
8
|
+
|
|
9
|
+
def initialize(pre_auth, auth, options = {})
|
|
10
|
+
@pre_auth, @auth = pre_auth, auth
|
|
11
|
+
@response_on_fragment = options[:response_on_fragment]
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def redirectable?
|
|
15
|
+
true
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
# TODO: configure the test oauth path?
|
|
19
|
+
def redirect_uri
|
|
20
|
+
if URIChecker.test_uri? pre_auth.redirect_uri
|
|
21
|
+
"/oauth/authorize/#{auth.token.token}"
|
|
22
|
+
else
|
|
23
|
+
if response_on_fragment
|
|
24
|
+
uri_with_fragment(pre_auth.redirect_uri, {
|
|
25
|
+
:access_token => auth.token.token,
|
|
26
|
+
:token_type => auth.token.token_type,
|
|
27
|
+
:expires_in => auth.token.expires_in,
|
|
28
|
+
:state => pre_auth.state
|
|
29
|
+
})
|
|
30
|
+
else
|
|
31
|
+
uri_with_query pre_auth.redirect_uri, :code => auth.token.token, :state => pre_auth.state
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
module Doorkeeper
|
|
2
|
+
module OAuth
|
|
3
|
+
class ErrorResponse
|
|
4
|
+
include Doorkeeper::OAuth::Authorization::URIBuilder
|
|
5
|
+
|
|
6
|
+
def self.from_request(request, attributes = {})
|
|
7
|
+
state = request.state if request.respond_to?(:state)
|
|
8
|
+
new(attributes.merge(:name => request.error, :state => state))
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
delegate :name, :description, :state, :to => :@error
|
|
12
|
+
|
|
13
|
+
def initialize(attributes = {})
|
|
14
|
+
@error = Doorkeeper::OAuth::Error.new(*attributes.values_at(:name, :state))
|
|
15
|
+
@redirect_uri = attributes[:redirect_uri]
|
|
16
|
+
@response_on_fragment = attributes[:response_on_fragment]
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def body
|
|
20
|
+
{ :error => name, :error_description => description, :state => state }.reject { |k, v| v.blank? }
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def status
|
|
24
|
+
:unauthorized
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def redirectable?
|
|
28
|
+
(name != :invalid_redirect_uri) && (name != :invalid_client)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def redirect_uri
|
|
32
|
+
if @response_on_fragment
|
|
33
|
+
uri_with_fragment @redirect_uri, body
|
|
34
|
+
else
|
|
35
|
+
uri_with_query @redirect_uri, body
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def headers
|
|
40
|
+
{ 'Cache-Control' => 'no-store', 'Pragma' => 'no-cache', 'Content-Type' => 'application/json; charset=utf-8' }
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|