couchkeeper 0.6.7

data/lib/doorkeeper/oauth/helpers/scope_checker.rb

@@ -0,0 +1,18 @@
+module Doorkeeper
+  module OAuth
+    module Helpers
+      module ScopeChecker
+        def self.matches?(current_scopes, scopes)
+          return false if current_scopes.nil? || scopes.nil?
+          current_scopes == scopes
+        end
+
+        def self.valid?(scope, server_scopes)
+          scope.present? &&
+          scope !~ /[\n|\r|\t]/ &&
+          server_scopes.has_scopes?(Doorkeeper::OAuth::Scopes.from_string(scope))
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/helpers/unique_token.rb

@@ -0,0 +1,13 @@
+module Doorkeeper
+  module OAuth
+    module Helpers
+      module UniqueToken
+        def self.generate(options = {})
+          generator_method = options.delete(:generator) || SecureRandom.method(:hex)
+          token_size       = options.delete(:size)      || 32
+          generator_method.call(token_size)
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/helpers/uri_checker.rb

@@ -0,0 +1,32 @@
+module Doorkeeper
+  module OAuth
+    module Helpers
+      module URIChecker
+        def self.valid?(url)
+          uri = as_uri(url)
+          uri.fragment.nil? && !uri.host.nil? && !uri.scheme.nil?
+        rescue URI::InvalidURIError
+          false
+        end
+
+        def self.matches?(url, client_url)
+          url, client_url = as_uri(url), as_uri(client_url)
+          url.query = nil
+          url == client_url
+        end
+
+        def self.valid_for_authorization?(url, client_url)
+          valid?(url) && matches?(url, client_url)
+        end
+
+        def self.as_uri(url)
+          URI.parse(url)
+        end
+
+        def self.test_uri?(url)
+          url == Doorkeeper.configuration.test_redirect_uri
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/password_access_token_request.rb

@@ -0,0 +1,84 @@
+module Doorkeeper::OAuth
+  class PasswordAccessTokenRequest
+    include Doorkeeper::Validations
+    include Doorkeeper::OAuth::Helpers
+
+    validate :client,         :error => :invalid_client
+    validate :resource_owner, :error => :invalid_resource_owner
+    validate :scopes,         :error => :invalid_scope
+
+    attr_accessor :server, :resource_owner, :client
+
+    def initialize(server, client, resource_owner, parameters = {})
+      @server          = server
+      @resource_owner  = resource_owner
+      @client          = client
+      @original_scopes = parameters[:scope]
+    end
+
+    def authorize
+      validate
+      @response = if valid?
+        find_or_create_access_token
+        TokenResponse.new access_token
+      else
+        ErrorResponse.from_request self
+      end
+    end
+
+    def valid?
+      self.error.nil?
+    end
+
+    def access_token
+      return unless client.present? && resource_owner.present?
+      @access_token ||= Doorkeeper::AccessToken.matching_token_for client, resource_owner.id, scopes
+    end
+
+    def scopes
+      @scopes ||= if @original_scopes.present?
+        Doorkeeper::OAuth::Scopes.from_string(@original_scopes)
+      else
+        server.default_scopes
+      end
+    end
+
+  private
+
+    def find_or_create_access_token
+      if access_token
+        access_token.expired? ? revoke_and_create_access_token : access_token
+      else
+        create_access_token
+      end
+    end
+
+    def revoke_and_create_access_token
+      access_token.revoke
+      create_access_token
+    end
+
+    def create_access_token
+      @access_token = Doorkeeper::AccessToken.create!({
+        :application_id     => client.id,
+        :resource_owner_id  => resource_owner.id,
+        :scopes             => scopes.to_s,
+        :expires_in         => server.access_token_expires_in,
+        :use_refresh_token  => server.refresh_token_enabled?
+      })
+    end
+
+    def validate_client
+      !!client
+    end
+
+    def validate_scopes
+      return true unless @original_scopes.present?
+      ScopeChecker.valid?(@original_scopes, @server.scopes)
+    end
+
+    def validate_resource_owner
+      !!resource_owner
+    end
+  end
+end

data/lib/doorkeeper/oauth/pre_authorization.rb

@@ -0,0 +1,62 @@
+module Doorkeeper
+  module OAuth
+    class PreAuthorization
+      include Doorkeeper::Validations
+
+      validate :response_type, :error => :unsupported_response_type
+      validate :client, :error => :invalid_client
+      validate :scopes, :error => :invalid_scope
+      validate :redirect_uri, :error => :invalid_redirect_uri
+
+      attr_accessor :server, :client, :response_type, :redirect_uri, :state
+      attr_writer   :scope
+
+      def initialize(server, client, attrs = {})
+        @server        = server
+        @client        = client
+        @response_type = attrs[:response_type]
+        @redirect_uri  = attrs[:redirect_uri]
+        @scope         = attrs[:scope]
+        @state         = attrs[:state]
+      end
+
+      def authorizable?
+        return true
+      end
+
+      def scopes
+        Scopes.from_string scope
+      end
+
+      def scope
+        @scope.presence || server.default_scopes.to_s
+      end
+
+      def error_response
+        Doorkeeper::OAuth::ErrorResponse.from_request(self)
+      end
+
+    private
+
+      def validate_response_type
+        %w[code token].include? response_type
+      end
+
+      def validate_client
+        client.present?
+      end
+
+      def validate_scopes
+        return true unless scope.present?
+        Helpers::ScopeChecker.valid? scope, server.scopes
+      end
+
+      # TODO: test uri should be matched against the client's one
+      def validate_redirect_uri
+        return false unless redirect_uri.present?
+        Helpers::URIChecker.test_uri?(redirect_uri) ||
+        Helpers::URIChecker.valid_for_authorization?(redirect_uri, client.redirect_uri)
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/refresh_token_request.rb

@@ -0,0 +1,58 @@
+module Doorkeeper
+  module OAuth
+    class RefreshTokenRequest
+      include Doorkeeper::Validations
+
+      validate :token,  :error => :invalid_request
+      validate :client, :error => :invalid_client
+
+      attr_accessor :server, :refresh_token, :client, :access_token
+
+      # TODO: refresh token can receive scope as parameters
+      def initialize(server, refresh_token, client)
+        @server        = server
+        @refresh_token = refresh_token
+        @client        = client
+      end
+
+      def authorize
+        validate
+        @response = if valid?
+          revoke_and_create_access_token
+          OAuth::TokenResponse.new access_token
+        else
+          OAuth::ErrorResponse.from_request(self)
+        end
+      end
+
+      def valid?
+        self.error.nil?
+      end
+
+    private
+
+      def revoke_and_create_access_token
+        refresh_token.revoke
+        create_access_token
+      end
+
+      def create_access_token
+        @access_token = Doorkeeper::AccessToken.create!({
+          :application_id    => refresh_token.application_id,
+          :resource_owner_id => refresh_token.resource_owner_id,
+          :scopes            => refresh_token.scopes_string,
+          :expires_in        => server.access_token_expires_in,
+          :use_refresh_token => true
+        })
+      end
+
+      def validate_token
+        refresh_token.present? && !refresh_token.revoked?
+      end
+
+      def validate_client
+        client.present? && refresh_token.application_id == client.id
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/scopes.rb

@@ -0,0 +1,60 @@
+module Doorkeeper
+  module OAuth
+    class Scopes
+      include Enumerable
+      include Comparable
+
+      def self.from_string(string)
+        string ||= ""
+        new.tap do |scope|
+          scope.add *string.split
+        end
+      end
+
+      def self.from_array(array)
+        new.tap do |scope|
+          scope.add *array
+        end
+      end
+
+      delegate :each, :to => :@scopes
+
+      def initialize
+        @scopes = []
+      end
+
+      def exists?(scope)
+        @scopes.include? scope.to_sym
+      end
+
+      def add(*scopes)
+        @scopes.push *scopes.map(&:to_sym)
+        @scopes.uniq!
+      end
+
+      def all
+        @scopes
+      end
+
+      def to_s
+        @scopes.join(" ")
+      end
+
+      def has_scopes?(scopes)
+        scopes.all? { |s| exists?(s) }
+      end
+
+      def +(other)
+        if other.is_a? Scopes
+          self.class.from_array(self.all + other.all)
+        else
+          super(other)
+        end
+      end
+
+      def <=>(other)
+        self.map(&:to_s).sort <=> other.map(&:to_s).sort
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/token.rb

@@ -0,0 +1,36 @@
+module Doorkeeper
+  module OAuth
+    class Token
+      module Methods
+        def from_access_token_param(request)
+          request.parameters[:access_token]
+        end
+
+        def from_bearer_param(request)
+          request.parameters[:bearer_token]
+        end
+
+        def from_bearer_authorization(request)
+          pattern = /^Bearer /
+          header  = request.authorization
+          header.gsub pattern, '' if header && header.match(pattern)
+        end
+      end
+
+      extend Methods
+
+      def self.from_request(request, *methods)
+        methods.inject(nil) do |credentials, method|
+          method = self.method(method) if method.is_a?(Symbol)
+          credentials = method.call(request)
+          break credentials unless credentials.blank?
+        end
+      end
+
+      def self.authenticate(request, *methods)
+        token = from_request request, *methods
+        Doorkeeper::AccessToken.authenticate(token) if token
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/token_request.rb

@@ -0,0 +1,28 @@
+module Doorkeeper
+  module OAuth
+    class TokenRequest
+      attr_accessor :pre_auth, :resource_owner, :client
+
+      def initialize(pre_auth, resource_owner)
+        @pre_auth       = pre_auth
+        @client         = pre_auth.client
+        @resource_owner = resource_owner
+      end
+
+      def authorize
+        @response = if pre_auth.authorizable?
+          auth = Authorization::Token.new(pre_auth, resource_owner)
+          auth.issue_token
+          CodeResponse.new pre_auth, auth, :response_on_fragment => true
+        else
+          ErrorResponse.from_request pre_auth, :redirect_uri => pre_auth.redirect_uri, :response_on_fragment => true
+        end
+      end
+
+      def deny
+        pre_auth.error = :access_denied
+        ErrorResponse.from_request(pre_auth, :redirect_uri => pre_auth.redirect_uri, :response_on_fragment => true)
+      end
+    end
+  end
+end

data/lib/doorkeeper/oauth/token_response.rb

@@ -0,0 +1,29 @@
+module Doorkeeper
+  module OAuth
+    class TokenResponse
+      attr_accessor :token
+
+      def initialize(token)
+        @token = token
+      end
+
+      def body
+        {
+          'access_token'  => token.token,
+          'token_type'    => token.token_type,
+          'expires_in'    => token.expires_in,
+          'refresh_token' => token.refresh_token,
+          'scope'         => token.scopes_string
+        }
+      end
+
+      def status
+        :ok
+      end
+
+      def headers
+        { 'Cache-Control' => 'no-store', 'Pragma' => 'no-cache', 'Content-Type' => 'application/json; charset=utf-8' }
+      end
+    end
+  end
+end

data/lib/doorkeeper/rails/routes.rb

@@ -0,0 +1,90 @@
+require 'doorkeeper/rails/routes/mapping'
+require 'doorkeeper/rails/routes/mapper'
+
+module Doorkeeper
+  module Rails
+    class Routes
+      module Helper
+        # TODO: options hash is not being used
+        def use_doorkeeper(options = {}, &block)
+          Doorkeeper::Rails::Routes.new(self, &block).generate_routes!(options)
+        end
+      end
+
+      def self.install!
+        ActionDispatch::Routing::Mapper.send :include, Doorkeeper::Rails::Routes::Helper
+      end
+
+      def self.warn_if_using_mount_method!
+        paths = ::Rails.application.config.paths["config/routes"] ||
+          ::Rails.application.config.paths["config/routes.rb"]
+
+        paths.each do |path|
+          if File.read(::Rails.root.join(path)) =~ %r[mount Doorkeeper::Engine]
+            warn "\n[DOORKEEPER] `mount Doorkeeper::Engine` is not being used anymore. Please replace it with `use_doorkeeper` in your #{path} file\n"
+          end
+        end
+      end
+
+      attr_accessor :routes
+
+      def initialize(routes, &options)
+        @routes, @options = routes, options
+      end
+
+      def generate_routes!(options)
+        @mapping = Mapper.new.map(&@options)
+        routes.scope 'oauth', :as => 'oauth' do
+          map_route(:authorizations, :authorization_routes)
+          map_route(:tokens, :token_routes)
+          map_route(:applications, :application_routes)
+          map_route(:authorized_applications, :authorized_applications_routes)
+          map_route(:token_info, :token_info_routes)
+        end
+      end
+
+    private
+      def map_route(name, method)
+        unless @mapping.skipped?(name)
+          send method, @mapping[name]
+        end
+      end
+
+      def authorization_routes(mapping)
+          routes.resource(
+            :authorization, :path => 'authorize',
+            :only => [:create, :update, :destroy],
+            :as => mapping[:as],
+            :controller => mapping[:controllers]
+          ) do
+            routes.get '/:code', :action => :show, :on => :member
+            routes.get '/', :action => :new, :on => :member
+          end
+      end
+
+      def token_routes(mapping)
+        routes.resource(
+          :token, :path => 'token',
+          :only => [:create], :as => mapping[:as],
+          :controller => mapping[:controllers]
+        )
+      end
+
+      def token_info_routes(mapping)
+        routes.resource(
+          :token_info, :path => 'token/info',
+          :only => [:show], :as => mapping[:as],
+          :controller => mapping[:controllers]
+        )
+      end
+
+      def application_routes(mapping)
+        routes.resources :applications, :controller => mapping[:controllers]
+      end
+
+      def authorized_applications_routes(mapping)
+        routes.resources :authorized_applications, :only => [:index, :destroy], :controller => mapping[:controllers]
+      end
+    end
+  end
+end