danski-ooh-auth 0.1.2

data/app/views/authenticating_clients/_help.html.erb

@@ -0,0 +1 @@
+<h2>Developer Documentation partial</h2>

data/app/views/authenticating_clients/edit.html.erb

@@ -0,0 +1,27 @@
+<h1>Edit your Application</h1>
+
+<%= form_for @authenticating_client, 
+						:action=>slice_url(:authenticating_client, @authenticating_client), 
+						:method=>"put", :class=>"authenticating_client" do %>
+	
+	<%= error_messages_for @authenticating_client %>
+	
+	<fieldset>
+		<legend>Application information</legend>
+		
+		<dl>
+			<dt><label for="ooh_auth_authenticating_clients_name">Application name</label></dt>
+			<dd><%= text_field :name, :name=>"authenticating_client[name]", :value=>h(@authenticating_client.name) %></dd>
+			
+			<dt><label for="ooh_auth_authenticating_clients_name">Web URL</label></dt>
+			<dd><%= text_field :web_url, :name=>"authenticating_client[web_url]", :value=>h(@authenticating_client.web_url) %></dd>
+		</dl>
+		
+	</fieldset>
+	
+	<fieldset class="buttons">
+		<input type="hidden" name="_method" value="put" />
+		<%= submit "Submit changes" %>
+	</fieldset>
+	
+<% end =%>

data/app/views/authenticating_clients/index.html.erb

@@ -0,0 +1,24 @@
+<h1>Developer API</h1>
+
+<% if session.user %>
+
+	<h2>Your Applications</h2>
+
+	<ul class="authenticating_clients">
+		<li class="new"><%= link_to "Register a new Application", slice_url(:new_authenticating_client), :class=>"new" %></li>
+		<% @authenticating_clients.each do |ac| %>
+			<li>
+				<%= link_to h(ac.name), slice_url(:authenticating_client, ac), :class=>"show" %>
+				<%= link_to "Edit", slice_url(:edit_authenticating_client, ac), :class=>"edit" %>
+				<%= link_to "Unregister", slice_url(:delete_authenticating_client, ac), :class=>"delete" %>
+			</li>
+		<% end %>
+	</ul>
+
+<% else %>
+	
+	<p>In order to use the Developer API, you'll need to register for an API key. Please log in to begin the process.</p>
+	
+<% end %>
+
+<%= partial "help" %>

data/app/views/authenticating_clients/new.html.erb

@@ -0,0 +1,47 @@
+<h1>Register for a new API Key</h1>
+
+<p>
+	<strong>Important!</strong> Upon successfully adding your application, you will be shown two pieces of information. 
+	You'll be given your <strong>API Key</strong>, which will allow you to interact with the API, and you'll be given a
+	<strong>shared secret</strong> which will allow you to verify your requests to the API. <strong>Note both of these down.</strong>
+</p>
+
+<%= form_for @authenticating_client, :action=>resource(:ooh_auth, :authenticating_clients), :class=>"authenticating_client" do %>
+	
+	<%= error_messages_for @authenticating_client %>
+	
+	<fieldset>
+		<legend>Some information about your application</legend>
+		
+		<dl>
+			<dt><label for="ooh_auth_authenticating_clients_name">Application name</label></dt>
+			<dd><%= text_field :name, :name=>"authenticating_client[name]", :value=>h(@authenticating_client.name) %></dd>
+			
+			<dt><label for="ooh_auth_authenticating_clients_name">Web URL</label></dt>
+			<dd><%= text_field :web_url, :name=>"authenticating_client[web_url]", :value=>h(@authenticating_client.web_url) %></dd>
+		</dl>
+		
+	</fieldset>
+	
+	<fieldset>
+		<legend>Application type</legend>
+		
+		<dl class="checkboxes">
+			<dt><label for="ooh_auth_authenticating_clients_kind_web">This is a web-based application</label></dt>
+			<dd><%= radio_button :kind, :value=>"web", :name=>"authenticating_client[kind]", :id=>"ooh_auth_authenticating_clients_kind_web", :checked=>@authenticating_client.is_webapp? %></dd>
+			
+			<dt><label for="ooh_auth_authenticating_clients_kind_desktop">This is a desktop or mobile application</label></dt>
+			<dd><%= radio_button :kind, :value=>"desktop", :name=>"authenticating_client[kind]", :id=>"ooh_auth_authenticating_clients_kind_desktop", :checked=>!@authenticating_client.is_webapp? %></dd>
+		</dl>
+	</fieldset>
+	
+	<fieldset class="buttons">
+		<p>
+			When you submit this form, we will generate both two pieces of information for you - an <strong>API Key</strong> and a <strong>Shared Secret</strong>. 
+			They will be shown on the next page. Be sure to record them.
+		</p>
+		
+		<%= submit "Get my API Key" %>
+	</fieldset>
+	
+<% end =%>

data/app/views/authenticating_clients/show.html.erb

@@ -0,0 +1,40 @@
+<%
+	ac = @authenticating_client
+%>
+
+<h1><%=h ac.name %></h1>
+
+<div id="facts">
+	<h2>About your application:</h2>
+	
+	<ul>
+		<li>This application was registered on <%= ac.created_at.strftime("%d/%b/%Y") %></li>
+	</ul>
+</div>
+
+<div id="api_secrets">
+	<h2>Your API key details for <em><%=h ac.name %></em></h2>
+	<p>
+		Your <strong>Consumer Key</strong> will for the most part be public, although it is useless without the <strong>Consumer Secret</strong> that goes with it. 
+		You should under no circumstances make your Consumer Secret known by another party, as it can be used to sign the authorization requests that your application
+		will send.
+	</p>
+	
+	<dl>
+		<dt>Your OAuth Consumer Key</dt>
+		<dd>
+			<a href="#api_key" onclick="this.style.display = 'none'; document.getElementById('api_key').style.display = 'block'; return false;">Show my API Key</a> 
+			<span id="api_key" class="secret shared" style="display: none;"><%=h ac.api_key %></span>
+		</dd>
+		
+		<dt>Your OAuth Consumer Secret</dt>
+		<dd>
+			<a href="#shared_secret" id="shared_secret_toggle" onclick="this.style.display = 'none'; document.getElementById('shared_secret').style.display = 'block'; return false;">
+				Nobody but myself can see. I have closed my doors, shuttered my windows and, just for today, shunned my loved ones. It is safe to show my Consumer Secret.
+			</a> 
+			<span id="shared_secret" class="secret shared" style="display: none;"><%=h ac.secret %></span>
+		</dd>
+	</dl>
+</div>
+
+<%= partial "help" %>

data/app/views/layout/ooh_auth.html.erb

@@ -0,0 +1,23 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
+	<head>
+		<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+		<title>OohAuth Slice</title>
+	</head>
+<!-- you can override this layout at slices/ooh-auth/app/views/layout/ooh-auth.html.erb -->
+	<body class="ooh-auth">
+		<div id="root">
+			<h1>OohAuth Slice</h1>
+			
+			<% unless message.blank? %>
+				<div id="_message">
+						<%=h message %>
+				</div>
+			<% end %>
+			
+			<div id="main">
+				<%= catch_content :for_layout %>
+			</div>
+		</div>
+	</body>
+</html>

data/app/views/tokens/create.html.erb

@@ -0,0 +1,34 @@
+<%
+	ac = @authenticating_client
+%>
+
+<% if @activated %>
+
+<h1 class="win">You successfully authorized <%=h ac.name %></h1>
+
+<div id="win facts">
+	<h2>To access your account:</h2>
+	
+	<ul>
+		<li>Until <%= @token.expires.strftime("%d/%b/%Y") %></li>
+		<li>With permission to <%= OohAuth[:client_permission_levels][@token.permissions.to_sym][:able_to] %>.</li>
+	</ul>
+	
+	<p>
+		<strong>You may now close this window or navigate away from this page.</strong>
+	</p>
+</div>
+
+<% else %>
+
+<h1 class="fail">You denied <%=h ac.name %> access to your content</h1>
+
+<div id="fail facts">
+	<h2>This application will not be able to access your account.</h2>
+	
+	<p>
+		<strong>You may now close this window or navigate away from this page.</strong>
+	</p>
+</div>
+
+<% end %>

data/app/views/tokens/edit.html.erb

@@ -0,0 +1,4 @@
+<h1>Authentications controller, edit action</h1>
+
+<p>Edit this file in <tt>app/views/authentications/edit.html.erb</tt></p>
+<p>For more information and examples of CRUD views read <a href="http://wiki.merbivore.com/howto/crud_view_example_with_merb_using_erb"> this wiki page</a>

data/app/views/tokens/new.html.erb

@@ -0,0 +1,52 @@
+<h1><%=h @authenticating_client.name %> wants access to your account!</h1>
+
+<p class="abstract">
+	The application <%= link_to h(@authenticating_client.name), @authenticating_client.web_url %> wants access to your content.
+</p>
+
+<h2>Grant this application access to your account</h2>
+<%= form_for @authenticating_client, :action=>slice_url(:tokens), :class=>"authentication" do %>
+	<fieldset>
+		<p class="confirmation">
+			<%=h @authenticating_client.name %> will be granted access to your data. 
+			The application will <strong>not</strong> have the ability to grant access to other applications.
+			You will be able to revoke this access at a later date if you so choose.
+		</p>
+
+		<input type="hidden" name="oauth_token" value="<%=h @token.token_key %>" />
+		<% if request.callback %>
+			<input type="hidden" name="oauth_callback" value="<%=h request.callback %>" />
+		<% end %>
+	</fieldset>
+	
+	<fieldset>
+		<legend>Options</legend>
+		
+		<dl>
+			<dt><label for="token_expires">Allow access until</label></dt>
+			<dd>
+				<select name="token[expires]" id="token_expires">
+					<option value="2999-12-31">Further notice</option> <!-- or when Philip J. Fry wakes up -->
+					<option value="<%= (Date.today + 1.year).strftime("%Y-%m-%d") %>">1 year from now</option>
+					<option value="<%= (Date.today + 1.month).strftime("%Y-%m-%d") %>">1 month from now</option>
+					<option value="<%= (Date.today + 1.week).strftime("%Y-%m-%d") %>">1 week from now</option>
+					<option value="<%= (Date.today + 1.day).strftime("%Y-%m-%d") %>">this time tomorrow</option>
+				</select>
+			</dd>
+			
+			<dt><label for="token_permissions">Allow this application to</label></dt>
+			<dd>
+				<select name="token[permissions]" id="token_permissions">
+					<% OohAuth[:client_permission_levels].each do |name, opts| %>
+						<option value="<%=h name %>"><%=h opts[:able_to] %></option>
+					<% end %>
+				</select>
+			</dd>
+		</dl>
+	</fieldset>
+
+	<fieldset class="buttons">
+		<%= submit "Grant access", 	:name=>"commit", 	:value=>"allow" %>
+		<%= submit "Deny access", 	:name=>"commit", 	:value=>"deny"%>
+	</fieldset>
+<% end =%>

data/app/views/tokens/show.html.erb

@@ -0,0 +1 @@
+oauth_token=<%= @token.token_key %>&oauth_token_secret=<%= @token.secret %>

data/lib/ooh-auth.rb

@@ -0,0 +1,103 @@
+if defined?(Merb::Plugins)
+
+  $:.unshift File.dirname(__FILE__)
+
+  dependency "merb-action-args"
+  dependency 'merb-auth-core'
+  dependency 'merb-auth-more'
+  dependency 'merb-slices'
+  dependency "merb-helpers"
+  dependency "merb-assets"
+  
+  Merb::Plugins.add_rakefiles "ooh-auth/merbtasks", "ooh-auth/slicetasks", "ooh-auth/spectasks"
+
+  # Register the Slice for the current host application
+  Merb::Slices::register(__FILE__)
+  
+  # Slice configuration - set this in a before_app_loads callback.
+  # By default a Slice uses its own layout, so you can swicht to 
+  # the main application layout or no layout at all if needed.
+  # 
+  # Configuration options:
+  # :layout - the layout to use; defaults to :ooh-auth
+  # :mirror - which path component types to use on copy operations; defaults to all.  
+  Merb::Slices::config[:ooh_auth][:layout] ||= :ooh_auth
+  Merb::Slices::config[:ooh_auth].merge!({
+    :path_prefix=>"auth",
+    # Authenticating clients can ask for a certain level of permissions chosen from a list. You can alter that list below:
+    :client_permission_levels =>  {
+      :read=>   {:able_to=>"read your content, but not to alter it"},
+      :write=>  {:able_to=>"both read and make changes to your content, but not to delete it"},
+      :delete=> {:able_to=>"read, change, and delete your content"}
+    },
+    # If no permission level is specifically requested during the auth process, the client will be granted:
+    :default_permissions      =>"write".freeze,
+    # Reserved for now
+    :client_kinds=>%w(web desktop)
+  })
+  
+  # SliceRestful uses merb-auth-more's configuration options:
+  # Merb::Plugins.config[:"merb-auth"][:new_session_param] => key to use when looking up the LOGIN in requests.
+  # Merb::Plugins.config[:"merb-auth"][:password_param] => key to use when looking up the PASSWORD in requests.
+  # Merb::Authentication.user_class => the class to use when calling #authenticate on your user model.
+
+  
+  # All Slice code is expected to be namespaced inside a module
+  module OohAuth
+    
+    # Slice metadata
+    self.description = "OohAuth is Merb slice that extends merb-auth-more with RESTful authentication"
+    self.version = "0.1.2"
+    self.author = "Dan Glegg"
+    self.identifier = "ooh-auth"
+    
+    # Stub classes loaded hook - runs before LoadClasses BootLoader
+    # right after a slice's classes have been loaded internally.
+    def self.loaded
+    end
+    
+    # Initialization hook - runs before AfterAppLoads BootLoader
+    def self.init
+      require "ooh-auth/authentication_mixin"
+      require "ooh-auth/key_generators"
+      require "ooh-auth/request_verification_mixin.rb"
+      require "ooh-auth/controller_mixin.rb"
+      require "ooh-auth/strategies/oauth.rb"
+      Merb::Request.send(:include, OohAuth::Request::VerificationMixin)
+      Merb::Controller.send(:include, OohAuth::ControllerMixin)
+      
+      # Register strategies
+      Merb::Authentication.register :oauth, "ooh-auth/strategies/oauth.rb"
+      Merb::Authentication.activate! :oauth
+      
+      unless OohAuth[:no_default_strategies]
+        ::Merb::Authentication.activate!(:default_password_form)
+      end
+    end
+    
+    # Activation hook - runs after AfterAppLoads BootLoader
+    def self.activate
+    end
+    
+    # Deactivation hook - triggered by Merb::Slices.deactivate(OohAuth)
+    def self.deactivate
+    end
+    
+    # Add the following to your app's router to mount SliceRestful at the root:
+    # Merb::Router.prepare do
+    #   slice( :OohAuth, :name_prefix => nil, :path_prefix => "auth", :default_routes => false )
+    # end
+    def self.setup_router(scope)
+      scope.resources :authenticating_clients
+      scope.resources :tokens
+      scope.default_routes
+    end
+    
+  end
+  
+  OohAuth.setup_default_structure!
+  
+  # Add dependencies for other OohAuth classes below. Example:
+  
+  
+end

data/lib/ooh-auth/authentication_mixin.rb

@@ -0,0 +1,13 @@
+module Merb
+  class Authentication
+   
+   def store_user(user)
+     user.id
+   end
+   
+   def fetch_user(session_contents = session[:user])
+     Merb::Authentication.user_class.get(session_contents)
+   end
+    
+  end
+end

data/lib/ooh-auth/controller_mixin.rb

@@ -0,0 +1,38 @@
+module OohAuth
+  module ControllerMixin
+    
+    private
+    
+    # Raises a NotAcceptable (HTTP 406) unless the request is satisfactorily signed by
+    # an authenticating client.
+    def ensure_signed
+      unless request.signed?
+        raise Merb::Controller::NotAcceptable, 
+        "request improperly signed. Given request: #{request.inspect}, expected signature base string #{request.signature_base_string.inspect} to be encryped with key #{request.signature_secret} resulting in #{request.build_signature}"
+      end
+    end
+    
+    # Shortcut for ensure_authenticated :with=>[LongPasswordFormClassName].
+    # ensures that the request is authenticated via personal form login, and excludes API login.
+    def forbid_authentication_with_oauth
+      raise Merb::Controller::Unauthenticated if request.oauth_request?
+    end
+    
+    # Raises a Forbidden (HTTP 403) unless the request carries the desired authorisation or above.
+    # Special notes: permission levels are taken from OohAuth[:client_permission_levels] in order. A call to 
+    # ensure_authorisation(:write) will by default return true, for example, if the current request is authorised with :write 
+    # or :delete, as :delete is more powerful than :write. 
+    # A special level named :root is available. A call to ensure_authorisation with :root as an argument will ensure that the
+    # user herself is currently authenticated, rather than one of her authorised agents.
+    # ensure_authorisation(:root) is therefore a suitable choice for protecting user profile forms, password change forms and 
+    # other similar content.
+    def ensure_authorisation(level=:root)
+      keys = MerbAuthSlicePassword[:client_permission_levels].keys
+      raise Merb::Controller::Forbidden unless (
+        (level == :root and !request.api_request?) or
+        (keys.index(level) > keys.index(authorisation_level))
+      )
+    end
+        
+  end
+end

data/lib/ooh-auth/key_generators.rb

@@ -0,0 +1,57 @@
+# OohAuth::KeyGenerators
+# ==========================================
+# A set of generators for common password types.
+# Usage:
+# OohAuth::KeyGenerators::<type>.new(length_if_applicable)
+# where <type> is any of:
+# Password: a memorable password such as 254yellowShoes or 869spaceageBiplanes
+# Passphrase: a memorable passphrase made up of [length] words.
+# Alphanum: a gibberish string [length] characters long.
+
+module OohAuth
+  module KeyGenerators
+    
+    ALPHANUM =    (('a'..'z').to_a + ('A'..'Z').to_a + (0..9).to_a).freeze
+                  # Want to make an absurdly easy contribution to open source software? Think of more adjectives and nouns that don't
+                  # result in potentially offensive combinations. but DO result in a wider password namespace.
+                  # In particular, avoid adjectives like moist, gristly, or veiny.
+                  # and avoid nouns like penis.
+    ADJECTIVES =  %w(blue green red orange purple grey yellow scarlet flying edible tasty noisy giant tiny angry great terrific
+                     improvised tiny magnificent futuristic anachronistic cromulent fashionable trendy spaceage vintage classic
+                     speedy slow loud quiet
+                  ).freeze                  
+    NOUNS =       %w(ninjas nostrils suitcases earlobes houses cakes pies shoes dinosaurs robots androids antelope bees 
+                    insects chickens apples guitars trombones baloons suitcases pineapples cheeses teeth mice castles
+                    monsters bicycles kippers turtles bongos words phrases tables desks couches biplanes beans neighbours
+                    telephones yetis sentries cupboards
+                  ).freeze
+    
+    # A memorable password based on the pattern XXadjectiveNouns, for example 67blueTeeth or 267noisySandboxes.
+    class Password < String
+      def self.gen(len=0)
+        return "#{rand(999)}#{ADJECTIVES[rand(ADJECTIVES.length)]}#{NOUNS[rand(NOUNS.length)].capitalize}"
+      end
+    end
+  
+    # A multi-word passphrase based on the dictionary, containing spaces.
+    class Passphrase < String
+      def self.gen(len=3)
+        p = []
+        len.times do |i|
+          pool = NOUNS.select {|w| !p.include?(w)}
+          p << pool[rand(pool.length)]
+        end
+        return p.join(" ")
+      end
+    end
+  
+    # A good ol' fashioned incomprehensible string of alphanumeric characters.
+    class Alphanum < String
+      def self.gen(len=18)
+        return((0..(len-1)).collect {|x| ALPHANUM[rand(ALPHANUM.length)] }.join(""))
+      end
+    end
+    
+    
+  end # module KeyGenerators
+end # module OohAuth