devise_oauth2_providable 0.2.4 → 0.3.0

data/README.md

@@ -36,7 +36,9 @@ end
 class User
   # NOTE: include :database_authenticatable configuration
   # if supporting Resource Owner Password Credentials Grant Type
-  devise :oauth2_providable
+  devise :oauth2_providable, 
+    :oauth2_password_grantable,
+    :oauth2_refresh_token_grantable
 end
 ```
 

data/app/controllers/oauth2/tokens_controller.rb

@@ -0,0 +1,16 @@
+class Oauth2::TokensController < ApplicationController
+  before_filter :authenticate_user!
+
+  def create
+    @refresh_token = oauth2_current_refresh_token || oauth2_current_client.refresh_tokens.create!(:user => current_user)
+    @access_token = @refresh_token.access_tokens.create!(:client => oauth2_current_client, :user => current_user)
+    render :json => @access_token.token_response
+  end
+  private
+  def oauth2_current_client
+   env['oauth2.client'] 
+  end
+  def oauth2_current_refresh_token
+    env['oauth2.refresh_token']
+  end
+end

data/app/models/access_token.rb

@@ -7,12 +7,14 @@ class AccessToken < ActiveRecord::Base
   before_validation :restrict_expires_at, :if => :refresh_token
   belongs_to :refresh_token
 
-  def to_bearer_token
-    bearer_token = Rack::OAuth2::AccessToken::Bearer.new :access_token => self.token, :expires_in => self.expires_in
-    if refresh_token
-      bearer_token.refresh_token = refresh_token.token
-    end
-    bearer_token
+  def token_response
+    response = {
+      :access_token => token,
+      :token_type => 'bearer',
+      :expires_in => expires_in
+    }
+    response[:refresh_token] = refresh_token.token if refresh_token
+    response
   end
 
   private

data/config/routes.rb

@@ -2,8 +2,8 @@ require 'token_endpoint'
 Rails.application.routes.draw do |map|
   namespace 'oauth2' do
     resources :authorizations, :only => :create
+    resource :token, :only => :create
   end
 
   match 'oauth2/authorize' => 'oauth2/authorizations#new'
-  post 'oauth2/token' => TokenEndpoint.new
 end

data/lib/devise_oauth2_providable/models/oauth2_password_grantable.rb

@@ -0,0 +1,6 @@
+module Devise
+  module Models
+    module Oauth2PasswordGrantable
+    end
+  end
+end

data/lib/devise_oauth2_providable/models/oauth2_refresh_token_grantable.rb

@@ -0,0 +1,6 @@
+module Devise
+  module Models
+    module Oauth2RefreshTokenGrantable
+    end
+  end
+end

data/lib/devise_oauth2_providable/strategies/oauth2_grant_type_strategy.rb

@@ -0,0 +1,28 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    class Oauth2GrantTypeStrategy < Authenticatable
+      def valid?
+        params[:controller] == 'oauth2/tokens' && request.post? && params[:grant_type] == grant_type
+      end
+
+      # defined by subclass
+      def grant_type
+      end
+
+      def client
+        @client ||= Client.find_by_identifier params[:client_id]
+        env['oauth2.client'] = @client
+        @client
+      end
+      # return custom error response in accordance with the oauth spec
+      # see http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.3
+      def oauth_error!(error_code = :invalid_request, description = nil)
+        body = {:error => error_code}
+        body[:error_description] = description if description
+        custom! [400, {'Content-Type' => 'application/json'}, [body.to_json]]
+      end
+    end
+  end
+end

data/lib/devise_oauth2_providable/strategies/oauth2_password_grant_type_strategy.rb

@@ -0,0 +1,22 @@
+require 'devise_oauth2_providable/strategies/oauth2_grant_type_strategy'
+
+module Devise
+  module Strategies
+    class Oauth2PasswordGrantTypeStrategy < Oauth2GrantTypeStrategy
+      def grant_type
+        'password'
+      end
+
+      def authenticate!
+        resource = mapping.to.find_for_authentication(mapping.to.authentication_keys.first => params[:username])
+        if client && validate(resource) { resource.valid_password?(params[:password]) }
+          success! resource
+        elsif !halted?
+          oauth_error! :invalid_grant, 'invalid password authentication request'
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:oauth2_password_grantable, Devise::Strategies::Oauth2PasswordGrantTypeStrategy)

data/lib/devise_oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy.rb

@@ -0,0 +1,22 @@
+require 'devise_oauth2_providable/strategies/oauth2_grant_type_strategy'
+
+module Devise
+  module Strategies
+    class Oauth2RefreshTokenGrantTypeStrategy < Oauth2GrantTypeStrategy
+      def grant_type
+        'refresh_token'
+      end
+
+      def authenticate!
+        if client && refresh_token = client.refresh_tokens.valid.find_by_token(params[:refresh_token])
+          env['oauth2.refresh_token'] = refresh_token
+          success! refresh_token.user
+        elsif !halted?
+          oauth_error! :invalid_grant, 'invalid refresh token'
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:oauth2_refresh_token_grantable, Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy)

data/lib/devise_oauth2_providable/strategy.rb

@@ -2,7 +2,7 @@ require 'devise/strategies/base'
 
 module Devise
   module Strategies
-    class Oauth2Providable < Base
+    class Oauth2Providable < Authenticatable
       def valid?
         @req = Rack::OAuth2::Server::Resource::Bearer::Request.new(env)
         @req.oauth2?
@@ -17,22 +17,6 @@ module Devise
           fail(:invalid_token)
         end
       end
-
-      private
-      # Simply invokes valid_for_authentication? with the given block and deal with the result.
-      def validate(resource, &block)
-        result = resource && resource.valid_for_authentication?(&block)
-
-        case result
-        when String, Symbol
-          fail!(result)
-          false
-        when TrueClass
-          true
-        else
-          result
-        end
-      end
     end
   end
 end

data/lib/devise_oauth2_providable/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module Oauth2Providable
-    VERSION = "0.2.4"
+    VERSION = "0.3.0"
   end
 end

data/lib/devise_oauth2_providable.rb

@@ -4,6 +4,10 @@ require 'devise_oauth2_providable/strategy'
 require 'devise_oauth2_providable/model'
 require 'devise_oauth2_providable/schema'
 require 'devise_oauth2_providable/engine'
+require 'devise_oauth2_providable/strategies/oauth2_password_grant_type_strategy'
+require 'devise_oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy'
+require 'devise_oauth2_providable/models/oauth2_password_grantable'
+require 'devise_oauth2_providable/models/oauth2_refresh_token_grantable'
 
 module Devise
   module Oauth2Providable
@@ -18,4 +22,9 @@ end
 Devise.add_module(:oauth2_providable,
   :strategy => true,
   :model => 'devise_oauth2_providable/model')
-
+Devise.add_module(:oauth2_password_grantable, 
+  :strategy => true,
+  :model => 'devise_oauth2_providable/models/oauth2_password_grantable')
+Devise.add_module(:oauth2_refresh_token_grantable, 
+  :strategy => true,
+  :model => 'devise_oauth2_providable/models/oauth2_refresh_token_grantable')

data/spec/rails_app/app/models/user.rb

@@ -1,3 +1,3 @@
 class User < ActiveRecord::Base
-  devise :database_authenticatable, :oauth2_providable
+  devise :database_authenticatable, :oauth2_providable, :oauth2_password_grantable, :oauth2_refresh_token_grantable
 end

data/spec/rails_app/config/initializers/devise.rb

@@ -191,4 +191,8 @@ Devise.setup do |config|
   #   manager.intercept_401 = false
   #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
   # end
+  # config.warden do |manager|
+  #   manager.default_strategies(:scope => :user).unshift :oauth2_password_grant_type
+  #   manager.default_strategies(:scope => :user).unshift :oauth2_refresh_token_grant_type
+  # end
 end

data/spec/rails_app/spec/controllers/tokens_controller_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe Oauth2::TokensController do
+  describe 'routing' do
+    it 'routes POST /oauth2/token' do
+      {:post => '/oauth2/token'}.should route_to(:controller => 'oauth2/tokens', :action => 'create')
+    end
+  end
+end

data/spec/rails_app/spec/integration/oauth2_password_grant_type_strategy_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper'
+
+describe Devise::Strategies::Oauth2PasswordGrantTypeStrategy do
+  describe 'POST /oauth2/token' do
+    describe 'with grant_type=password' do
+      context 'with valid params' do
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :name => 'ryan sonnek', :password => 'test'
+          @client = Client.create! :name => 'example', :redirect_uri => 'http://localhost', :website => 'http://localhost'
+
+          params = {
+            :grant_type => 'password',
+            :client_id => @client.identifier,
+            :client_secret => @client.secret,
+            :username => @user.email,
+            :password => 'test'
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 200 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          token = AccessToken.last
+          expected = token.token_response
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid params' do
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :name => 'ryan sonnek', :password => 'test'
+          @client = Client.create! :name => 'example', :redirect_uri => 'http://localhost', :website => 'http://localhost'
+
+          params = {
+            :grant_type => 'password',
+            :client_id => @client.identifier,
+            :client_secret => @client.secret,
+            :username => @user.email,
+            :password => 'bar'
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json'  }
+        it 'returns json' do
+          expected = {
+            :error_description => "invalid password authentication request",
+            :error => "invalid_grant"
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid client' do
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :name => 'ryan sonnek', :password => 'test'
+
+          params = {
+            :grant_type => 'password',
+            :client_id => '123',
+            :client_secret => 'invalid',
+            :username => @user.email,
+            :password => 'test'
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json'  }
+        it 'returns json' do
+          expected = {
+            :error_description => "invalid password authentication request",
+            :error => "invalid_grant"
+          }
+          response.body.should match_json(expected)
+        end
+      end
+    end
+  end
+end

data/spec/rails_app/spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb

@@ -0,0 +1,62 @@
+require 'spec_helper'
+
+describe Devise::Strategies::Oauth2RefreshTokenGrantTypeStrategy do
+  describe 'POST /oauth2/token' do
+    describe 'with grant_type=refresh_token' do
+      context 'with valid params' do
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :name => 'ryan sonnek', :password => 'test'
+          @client = Client.create! :name => 'example', :redirect_uri => 'http://localhost', :website => 'http://localhost'
+          @refresh_token = @client.refresh_tokens.create! :user => @user
+          params = {
+            :grant_type => 'refresh_token',
+            :client_id => @client.identifier,
+            :client_secret => @client.secret,
+            :refresh_token => @refresh_token.token
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 200 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          token = AccessToken.last
+          refresh_token = @refresh_token
+          expected = {
+            :token_type => 'bearer',
+            :expires_in => 899,
+            :refresh_token => refresh_token.token,
+            :access_token => token.token
+          }
+          response.body.should match_json(expected)
+        end
+      end
+      context 'with invalid refresh_token' do
+        before do
+          @user = User.create! :email => 'ryan@socialcast.com', :name => 'ryan sonnek', :password => 'test'
+          @client = Client.create! :name => 'example', :redirect_uri => 'http://localhost', :website => 'http://localhost'
+          @refresh_token = @client.refresh_tokens.create! :user => @user
+          params = {
+            :grant_type => 'refresh_token',
+            :client_id => @client.identifier,
+            :client_secret => @client.secret,
+            :refresh_token => 'invalid'
+          }
+
+          post '/oauth2/token', params
+        end
+        it { response.code.to_i.should == 400 }
+        it { response.content_type.should == 'application/json' }
+        it 'returns json' do
+          token = AccessToken.last
+          refresh_token = @refresh_token
+          expected = {
+            :error => 'invalid_grant',
+            :error_description => 'invalid refresh token'
+          }
+          response.body.should match_json(expected)
+        end
+      end
+    end
+  end
+end

data/spec/rails_app/spec/spec_helper.rb

@@ -7,6 +7,13 @@ require 'rspec/rails'
 # in spec/support/ and its subdirectories.
 Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
 
+# "{'foo': 'bar'}".should match_json {:foo => :bar}
+RSpec::Matchers.define :match_json do |expected|
+  match do |actual|
+    ActiveSupport::JSON.backend.decode(actual) == ActiveSupport::JSON.backend.decode(expected.to_json)
+  end
+end
+
 RSpec.configure do |config|
   config.include Devise::TestHelpers, :type => :controller
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise_oauth2_providable
 version: !ruby/object:Gem::Version 
-  hash: 31
+  hash: 19
   prerelease: 
   segments: 
   - 0
-  - 2
-  - 4
-  version: 0.2.4
+  - 3
+  - 0
+  version: 0.3.0
 platform: ruby
 authors: 
 - Ryan Sonnek
@@ -15,12 +15,10 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-05-19 00:00:00 Z
+date: 2011-06-21 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: rails
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -31,12 +29,12 @@ dependencies:
         - 0
         - 7
         version: 3.0.7
+  name: rails
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: devise
+  requirement: *id001
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -47,12 +45,12 @@ dependencies:
         - 3
         - 3
         version: 1.3.3
+  name: devise
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: rack-oauth2
+  requirement: *id002
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -63,12 +61,12 @@ dependencies:
         - 6
         - 3
         version: 0.6.3
+  name: rack-oauth2
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: rspec
+  requirement: *id003
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -79,8 +77,10 @@ dependencies:
         - 5
         - 0
         version: 2.5.0
+  name: rspec
   type: :development
-  version_requirements: *id004
+  requirement: *id004
+  prerelease: false
 description: Rails3 engine that adds OAuth2 Provider support to any application built with Devise authentication
 email: 
 - ryan@socialcast.com
@@ -99,6 +99,7 @@ files:
 - README.md
 - Rakefile
 - app/controllers/oauth2/authorizations_controller.rb
+- app/controllers/oauth2/tokens_controller.rb
 - app/models/access_token.rb
 - app/models/authorization_code.rb
 - app/models/client.rb
@@ -111,7 +112,12 @@ files:
 - lib/devise_oauth2_providable.rb
 - lib/devise_oauth2_providable/engine.rb
 - lib/devise_oauth2_providable/model.rb
+- lib/devise_oauth2_providable/models/oauth2_password_grantable.rb
+- lib/devise_oauth2_providable/models/oauth2_refresh_token_grantable.rb
 - lib/devise_oauth2_providable/schema.rb
+- lib/devise_oauth2_providable/strategies/oauth2_grant_type_strategy.rb
+- lib/devise_oauth2_providable/strategies/oauth2_password_grant_type_strategy.rb
+- lib/devise_oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy.rb
 - lib/devise_oauth2_providable/strategy.rb
 - lib/devise_oauth2_providable/version.rb
 - lib/expirable_token.rb
@@ -162,7 +168,9 @@ files:
 - spec/rails_app/public/stylesheets/.gitkeep
 - spec/rails_app/script/rails
 - spec/rails_app/spec/controllers/protected_controller_spec.rb
-- spec/rails_app/spec/integration/token_endpoint_spec.rb
+- spec/rails_app/spec/controllers/tokens_controller_spec.rb
+- spec/rails_app/spec/integration/oauth2_password_grant_type_strategy_spec.rb
+- spec/rails_app/spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb
 - spec/rails_app/spec/models/access_token_spec.rb
 - spec/rails_app/spec/models/authorization_code_spec.rb
 - spec/rails_app/spec/models/client_spec.rb
@@ -252,7 +260,9 @@ test_files:
 - spec/rails_app/public/stylesheets/.gitkeep
 - spec/rails_app/script/rails
 - spec/rails_app/spec/controllers/protected_controller_spec.rb
-- spec/rails_app/spec/integration/token_endpoint_spec.rb
+- spec/rails_app/spec/controllers/tokens_controller_spec.rb
+- spec/rails_app/spec/integration/oauth2_password_grant_type_strategy_spec.rb
+- spec/rails_app/spec/integration/oauth2_refresh_token_grant_type_strategy_spec.rb
 - spec/rails_app/spec/models/access_token_spec.rb
 - spec/rails_app/spec/models/authorization_code_spec.rb
 - spec/rails_app/spec/models/client_spec.rb

data/spec/rails_app/spec/integration/token_endpoint_spec.rb

@@ -1,87 +0,0 @@
-require 'spec_helper'
-
-describe TokenEndpoint do
-  describe 'refresh_token grant type' do
-    context 'with valid params' do
-      before do
-        @user = User.create! :email => 'ryan@socialcast.com', :name => 'ryan sonnek', :password => 'test'
-        @client = Client.create! :name => 'example', :redirect_uri => 'http://localhost', :website => 'http://localhost'
-        @refresh_token = @client.refresh_tokens.create! :user => @user
-        params = {
-          :grant_type => 'refresh_token',
-          :client_id => @client.identifier,
-          :client_secret => @client.secret,
-          :refresh_token => @refresh_token.token
-        }
-
-        post '/oauth2/token', params
-      end
-      it { response.code.to_i.should == 200 }
-      it 'returns json' do
-        token = AccessToken.last
-        refresh_token = @refresh_token
-        expected = {
-          :token_type => 'bearer',
-          :expires_in => 899,
-          :refresh_token => refresh_token.token,
-          :access_token => token.token
-        }
-        response.body.should == expected.to_json
-      end
-    end
-  end
-  describe 'password grant type' do
-    context 'with valid params' do
-      before do
-        @user = User.create! :email => 'ryan@socialcast.com', :name => 'ryan sonnek', :password => 'test'
-        @client = Client.create! :name => 'example', :redirect_uri => 'http://localhost', :website => 'http://localhost'
-
-        params = {
-          :grant_type => 'password',
-          :client_id => @client.identifier,
-          :client_secret => @client.secret,
-          :username => @user.email,
-          :password => 'test'
-        }
-
-        post '/oauth2/token', params
-      end
-      it { response.code.to_i.should == 200 }
-      it 'returns json' do
-        token = AccessToken.last
-        refresh_token = RefreshToken.last
-        expected = {
-          :token_type => 'bearer',
-          :expires_in => 899,
-          :refresh_token => refresh_token.token,
-          :access_token => token.token
-        }
-        response.body.should == expected.to_json
-      end
-    end
-    context 'with invalid params' do
-      before do
-        @user = User.create! :email => 'ryan@socialcast.com', :name => 'ryan sonnek', :password => 'test'
-        @client = Client.create! :name => 'example', :redirect_uri => 'http://localhost', :website => 'http://localhost'
-
-        params = {
-          :grant_type => 'password',
-          :client_id => @client.identifier,
-          :client_secret => @client.secret,
-          :username => @user.email,
-          :password => 'bar'
-        }
-
-        post '/oauth2/token', params
-      end
-      it { response.code.to_i.should == 400 }
-      it 'returns json' do
-        expected = {
-          :error_description => "The provided access grant is invalid, expired, or revoked (e.g. invalid assertion, expired authorization token, bad end-user password credentials, or mismatching authorization code and redirection URI).",
-          :error => "invalid_grant"
-        }
-        response.body.should == expected.to_json
-      end
-    end
-  end
-end