devise_oauth2_providable 0.3.8 → 1.0.0.beta1

data/.gitignore

@@ -1,4 +1,35 @@
-*.gem
+# rcov generated
+coverage
+
+# rdoc generated
+rdoc
+
+# yard generated
+doc
+.yardoc
+
+# bundler
 .bundle
 Gemfile.lock
-pkg/*
+
+# jeweler generated
+pkg
+
+# test files
+test/*.log
+test/*.sqlite3
+
+# For vim:
+*.swp
+
+# For MacOS:
+.DS_Store
+
+# git files
+*.orig
+
+# rails files
+tmp
+log
+*.log
+*.sqlite3

data/README.md

@@ -3,35 +3,47 @@
 Rails3 engine that brings OAuth2 Provider support to your application.
 
 Current OAuth2 Specification Draft:
-http://tools.ietf.org/html/draft-ietf-oauth-v2-15
+http://tools.ietf.org/html/draft-ietf-oauth-v2-22
 
 ## Features
 
-* integrates OAuth2 authentication with Devise authenthentication stack
+* integrate OAuth2 authentication with Devise authenthentication stack
 * one-stop-shop includes all Models, Controllers and Views to get up and
   running quickly
 * All server requests support authentication via bearer token included in
 the request.  http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-04
+* customizable mount point for oauth2 routes (ex: /oauth2 vs /oauth)
 
 
+## Requirements
+
+* Devise authentication library
+* Rails 3.1 or higher
+
 ## Installation
 
+#### Install gem
 ```ruby
-# Bundler Gemfile
+# Gemfile
 gem 'devise_oauth2_providable'
 ```
 
+#### Migrate database for Oauth2 models
+```
+$ rake devise_oauth2_providable:install:migrations
+$ rake db:migrate
+```
+
+#### Add Oauth2 Routes
 ```ruby
-# create new Rails migration
-class CreateOauth2Schema < ActiveRecord::Migration
-  def self.up
-    Devise::Oauth2Providable::Schema.up(self)
-  end
-  def self.down
-    Devise::Oauth2Providable::Schema.down(self)
-  end
+# config/routes.rb
+Rails.application.routes.draw do
+  # oauth routes can be mounted to any path (ex: /oauth2 or /oauth)
+  mount Devise::Oauth2Providable::Engine => '/oauth2'
 end
 ```
+
+#### Configure User for supported Oauth2 flows
 ```ruby
 class User
   # NOTE: include :database_authenticatable configuration

data/Rakefile

@@ -1,7 +1,14 @@
 require 'bundler'
 Bundler::GemHelper.install_tasks
 
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new('spec')
 task :default => :spec
-

data/app/controllers/devise/oauth2_providable/authorizations_controller.rb

@@ -0,0 +1,59 @@
+module Devise
+  module Oauth2Providable
+    class AuthorizationsController < ApplicationController
+      before_filter :authenticate_user!
+
+      rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
+        @error = e
+        render :error, :status => e.status
+      end
+
+      def new
+        respond *authorize_endpoint.call(request.env)
+      end
+
+      def create
+        respond *authorize_endpoint(:allow_approval).call(request.env)
+      end
+
+      private
+
+      def respond(status, header, response)
+        ["WWW-Authenticate"].each do |key|
+          headers[key] = header[key] if header[key].present?
+        end
+        if response.redirect?
+          redirect_to header['Location']
+        else
+          render :new
+        end
+      end
+
+      def authorize_endpoint(allow_approval = false)
+        Rack::OAuth2::Server::Authorize.new do |req, res|
+          @client = Client.find_by_identifier(req.client_id) || req.bad_request!
+          res.redirect_uri = @redirect_uri = req.verify_redirect_uri!(@client.redirect_uri)
+          if allow_approval
+            if params[:approve].present?
+              case req.response_type
+              when :code
+                authorization_code = current_user.authorization_codes.create(:client => @client, :redirect_uri => @redirect_uri)
+                res.code = authorization_code.token
+              when :token
+                access_token = current_user.access_tokens.create(:client => @client).token
+                bearer_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token)
+                res.access_token = bearer_token
+                res.uid = current_user.id
+              end
+              res.approve!
+            else
+              req.access_denied!
+            end
+          else
+            @response_type = req.response_type
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/{oauth2 → devise/oauth2_providable}/tokens_controller.rb

@@ -1,4 +1,4 @@
-class Oauth2::TokensController < ApplicationController
+class Devise::Oauth2Providable::TokensController < ApplicationController
   before_filter :authenticate_user!
 
   def create

data/app/models/{access_token.rb → devise/oauth2_providable/access_token.rb}

@@ -1,6 +1,6 @@
 require 'expirable_token'
 
-class AccessToken < ActiveRecord::Base
+class Devise::Oauth2Providable::AccessToken < ActiveRecord::Base
   include ExpirableToken
   self.default_lifetime = 15.minutes
 

data/app/models/{authorization_code.rb → devise/oauth2_providable/authorization_code.rb}

@@ -1,6 +1,6 @@
 require 'expirable_token'
 
-class AuthorizationCode < ActiveRecord::Base
+class Devise::Oauth2Providable::AuthorizationCode < ActiveRecord::Base
   include ExpirableToken
   def access_token
     @access_token ||= expired! && user.access_tokens.create(:client => client)

data/app/models/{client.rb → devise/oauth2_providable/client.rb}

@@ -1,6 +1,7 @@
-class Client < ActiveRecord::Base
+class Devise::Oauth2Providable::Client < ActiveRecord::Base
   has_many :access_tokens
   has_many :refresh_tokens
+  has_many :authorization_codes
 
   before_validation :init_identifier, :on => :create, :unless => :identifier?
   before_validation :init_secret, :on => :create, :unless => :secret?

data/app/models/{refresh_token.rb → devise/oauth2_providable/refresh_token.rb}

@@ -1,6 +1,6 @@
 require 'expirable_token'
 
-class RefreshToken < ActiveRecord::Base
+class Devise::Oauth2Providable::RefreshToken < ActiveRecord::Base
   include ExpirableToken
   self.default_lifetime = 1.month
   has_many :access_tokens

data/app/views/{oauth2 → devise/oauth2_providable}/authorizations/_form.html.erb

@@ -1,4 +1,4 @@
-<%= form_tag oauth2_authorizations_path, :class => action do %>
+<%= form_tag authorizations_path, :class => action do %>
   <%= hidden_field_tag :client_id, client.identifier %>
   <%= hidden_field_tag :response_type, response_type %>
   <%= hidden_field_tag :redirect_uri, redirect_uri %>

data/app/views/devise/oauth2_providable/authorizations/new.html.erb

@@ -0,0 +1,4 @@
+<h2><%= link_to @client.name, @client.website %> is requesting permission to access your resources.</h2>
+
+<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :action => :approve %>
+<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :action => :deny %>

data/config/routes.rb

@@ -1,7 +1,7 @@
-Rails.application.routes.draw do
-  scope '/oauth2', :as => 'oauth2' do
-    resources :authorizations, :controller => 'oauth2/authorizations', :only => :create
-    match 'authorize' => 'oauth2/authorizations#new'
-    resource :token, :controller => 'oauth2/tokens', :only => :create
-  end
+Devise::Oauth2Providable::Engine.routes.draw do
+  root :to => "authorizations#new"
+
+  resources :authorizations, :only => :create
+  match 'authorize' => 'authorizations#new'
+  resource :token, :only => :create
 end

data/db/migrate/20111014160714_create_devise_oauth2_providable_schema.rb

@@ -0,0 +1,55 @@
+class CreateDeviseOauth2ProvidableSchema < ActiveRecord::Migration
+  def change
+    create_table :oauth2_clients do |t|
+      t.string :name
+      t.string :redirect_uri
+      t.string :website
+      t.string :identifier
+      t.string :secret
+      t.timestamps
+    end
+    change_table :oauth2_clients do |t|
+      t.index :identifier, :unique => true
+    end
+
+    create_table :oauth2_access_tokens do |t|
+      t.belongs_to :user, :client, :refresh_token
+      t.string :token
+      t.datetime :expires_at
+      t.timestamps
+    end
+    change_table :oauth2_access_tokens do |t|
+      t.index :token, :unique => true
+      t.index :expires_at
+      t.index :user_id
+      t.index :client_id
+    end
+
+    create_table :oauth2_refresh_tokens do |t|
+      t.belongs_to :user, :client
+      t.string :token
+      t.datetime :expires_at
+      t.timestamps
+    end
+    change_table :oauth2_refresh_tokens do |t|
+      t.index :token, :unique => true
+      t.index :expires_at
+      t.index :user_id
+      t.index :client_id
+    end
+
+    create_table :oauth2_authorization_codes do |t|
+      t.belongs_to :user, :client
+      t.string :token
+      t.datetime :expires_at
+      t.string :redirect_uri
+      t.timestamps
+    end
+    change_table :oauth2_authorization_codes do |t|
+      t.index :token, :unique => true
+      t.index :expires_at
+      t.index :user_id
+      t.index :client_id
+    end
+  end
+end

data/devise_oauth2_providable.gemspec

@@ -1,6 +1,6 @@
 # -*- encoding: utf-8 -*-
 $:.push File.expand_path("../lib", __FILE__)
-require "devise_oauth2_providable/version"
+require "devise/oauth2_providable/version"
 
 Gem::Specification.new do |s|
   s.name        = "devise_oauth2_providable"
@@ -14,10 +14,13 @@ Gem::Specification.new do |s|
 
   s.rubyforge_project = "devise_oauth2_providable"
 
-  s.add_runtime_dependency(%q<rails>, [">= 3.0.7"])
-  s.add_runtime_dependency(%q<devise>, [">= 1.3.3"])
+  s.add_runtime_dependency(%q<rails>, [">= 3.1.0"])
+  s.add_runtime_dependency(%q<devise>, [">= 1.4.3"])
   s.add_runtime_dependency(%q<rack-oauth2>, ["~> 0.11.0"])
-  s.add_development_dependency(%q<rspec>, ['>= 2.5.0'])
+  s.add_development_dependency(%q<rspec-rails>, ['2.6.1'])
+  s.add_development_dependency(%q<sqlite3>, ['1.3.4'])
+  s.add_development_dependency(%q<shoulda-matchers>, ['1.0.0.beta3'])
+  s.add_development_dependency(%q<pry>, ['0.9.6.2'])
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/lib/{devise_oauth2_providable → devise/oauth2_providable}/engine.rb

@@ -1,10 +1,11 @@
 module Devise
   module Oauth2Providable
     class Engine < Rails::Engine
+      engine_name 'oauth2'
+      isolate_namespace Devise::Oauth2Providable
       initializer "devise_oauth2_providable.initialize_application" do |app|
         app.config.filter_parameters << :client_secret
       end
     end
   end
 end
-

data/lib/devise/oauth2_providable/models/oauth2_providable.rb

@@ -0,0 +1,13 @@
+require 'devise/models'
+
+module Devise
+  module Models
+    module Oauth2Providable
+      extend ActiveSupport::Concern
+      included do
+        has_many :access_tokens, :class_name => 'Devise::Oauth2Providable::AccessToken'
+        has_many :authorization_codes, :class_name => 'Devise::Oauth2Providable::AuthorizationCode'
+      end
+    end
+  end
+end

data/lib/{devise_oauth2_providable → devise/oauth2_providable}/strategies/oauth2_authorization_code_grant_type_strategy.rb

@@ -1,4 +1,4 @@
-require 'devise_oauth2_providable/strategies/oauth2_grant_type_strategy'
+require 'devise/oauth2_providable/strategies/oauth2_grant_type_strategy'
 
 module Devise
   module Strategies
@@ -8,7 +8,7 @@ module Devise
       end
 
       def authenticate!
-        if client && code = AuthorizationCode.valid.find_by_token(params[:code])
+        if client && code = client.authorization_codes.valid.find_by_token(params[:code])
           success! code.user
         elsif !halted?
           oauth_error! :invalid_grant, 'invalid authorization code request'

data/lib/{devise_oauth2_providable → devise/oauth2_providable}/strategies/oauth2_grant_type_strategy.rb

@@ -4,7 +4,7 @@ module Devise
   module Strategies
     class Oauth2GrantTypeStrategy < Authenticatable
       def valid?
-        params[:controller] == 'oauth2/tokens' && request.post? && params[:grant_type] == grant_type
+        params[:controller] == 'devise/oauth2_providable/tokens' && request.post? && params[:grant_type] == grant_type
       end
 
       # defined by subclass
@@ -12,7 +12,7 @@ module Devise
       end
 
       def client
-        @client ||= Client.find_by_identifier params[:client_id]
+        @client ||= Devise::Oauth2Providable::Client.find_by_identifier params[:client_id]
         env['oauth2.client'] = @client
         @client
       end

data/lib/{devise_oauth2_providable → devise/oauth2_providable}/strategies/oauth2_password_grant_type_strategy.rb

@@ -1,4 +1,4 @@
-require 'devise_oauth2_providable/strategies/oauth2_grant_type_strategy'
+require 'devise/oauth2_providable/strategies/oauth2_grant_type_strategy'
 
 module Devise
   module Strategies

data/lib/{devise_oauth2_providable/strategy.rb → devise/oauth2_providable/strategies/oauth2_providable_strategy.rb}

@@ -9,7 +9,7 @@ module Devise
       end
       def authenticate!
         @req.setup!
-        token = AccessToken.valid.find_by_token @req.access_token
+        token = Devise::Oauth2Providable::AccessToken.valid.find_by_token @req.access_token
         env['oauth2.client'] = token ? token.client : nil
         resource = token ? token.user : nil
         if validate(resource)

data/lib/{devise_oauth2_providable → devise/oauth2_providable}/strategies/oauth2_refresh_token_grant_type_strategy.rb

@@ -1,4 +1,4 @@
-require 'devise_oauth2_providable/strategies/oauth2_grant_type_strategy'
+require 'devise/oauth2_providable/strategies/oauth2_grant_type_strategy'
 
 module Devise
   module Strategies

data/lib/{devise_oauth2_providable → devise/oauth2_providable}/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module Oauth2Providable
-    VERSION = "0.3.8"
+    VERSION = "1.0.0.beta1"
   end
 end

data/lib/devise_oauth2_providable.rb

@@ -1,15 +1,14 @@
 require 'devise'
 require 'rack/oauth2'
-require 'devise_oauth2_providable/strategy'
-require 'devise_oauth2_providable/model'
-require 'devise_oauth2_providable/schema'
-require 'devise_oauth2_providable/engine'
-require 'devise_oauth2_providable/strategies/oauth2_password_grant_type_strategy'
-require 'devise_oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy'
-require 'devise_oauth2_providable/strategies/oauth2_authorization_code_grant_type_strategy'
-require 'devise_oauth2_providable/models/oauth2_password_grantable'
-require 'devise_oauth2_providable/models/oauth2_refresh_token_grantable'
-require 'devise_oauth2_providable/models/oauth2_authorization_code_grantable'
+require 'devise/oauth2_providable/engine'
+require 'devise/oauth2_providable/strategies/oauth2_providable_strategy'
+require 'devise/oauth2_providable/strategies/oauth2_password_grant_type_strategy'
+require 'devise/oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy'
+require 'devise/oauth2_providable/strategies/oauth2_authorization_code_grant_type_strategy'
+require 'devise/oauth2_providable/models/oauth2_providable'
+require 'devise/oauth2_providable/models/oauth2_password_grantable'
+require 'devise/oauth2_providable/models/oauth2_refresh_token_grantable'
+require 'devise/oauth2_providable/models/oauth2_authorization_code_grantable'
 
 module Devise
   module Oauth2Providable
@@ -17,19 +16,22 @@ module Devise
       def random_id
         SecureRandom.hex
       end
+      def table_name_prefix
+        'oauth2_'
+      end
     end
   end
 end
 
 Devise.add_module(:oauth2_providable,
   :strategy => true,
-  :model => 'devise_oauth2_providable/model')
+  :model => 'devise/oauth2_providable/models/oauth2_providable')
 Devise.add_module(:oauth2_password_grantable, 
   :strategy => true,
-  :model => 'devise_oauth2_providable/models/oauth2_password_grantable')
+  :model => 'devise/oauth2_providable/models/oauth2_password_grantable')
 Devise.add_module(:oauth2_refresh_token_grantable, 
   :strategy => true,
-  :model => 'devise_oauth2_providable/models/oauth2_refresh_token_grantable')
+  :model => 'devise/oauth2_providable/models/oauth2_refresh_token_grantable')
 Devise.add_module(:oauth2_authorization_code_grantable,
   :strategy => true,
-  :model => 'devise_oauth2_providable/models/oauth2_authorization_code_grantable')
+  :model => 'devise/oauth2_providable/models/oauth2_authorization_code_grantable')

data/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+ENGINE_PATH = File.expand_path('../..',  __FILE__)
+load File.expand_path('../../spec/dummy/script/rails',  __FILE__)

data/spec/{rails_app/spec/controllers → controllers}/protected_controller_spec.rb

@@ -4,9 +4,9 @@ describe ProtectedController do
 
   describe 'get :index' do
     before do
-      client = Client.create! :name => 'test', :redirect_uri => 'http://localhost:3000', :website => 'http://localhost'
-      @user = User.create! :name => 'ryan sonnek', :email => 'foo@example.com'
-      @token = AccessToken.create! :client => client, :user => @user
+      client = Devise::Oauth2Providable::Client.create! :name => 'test', :redirect_uri => 'http://localhost:3000', :website => 'http://localhost'
+      @user = User.create! :email => 'foo@example.com'
+      @token = Devise::Oauth2Providable::AccessToken.create! :client => client, :user => @user
     end
     context 'with valid bearer token in header' do
       before do

data/spec/{rails_app → dummy}/Rakefile

@@ -1,7 +1,7 @@
+#!/usr/bin/env rake
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
 require File.expand_path('../config/application', __FILE__)
-require 'rake'
 
-RailsApp::Application.load_tasks
+Dummy::Application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,7 @@
+// This is a manifest file that'll be compiled into including all the files listed below.
+// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
+// be included in the compiled file accessible from http://example.com/assets/application.js
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,7 @@
+/*
+ * This is a manifest file that'll automatically include all the stylesheets available in this directory
+ * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
+ * the top of the compiled file, but it's generally better to create a new file per style scope.
+ *= require_self
+ *= require_tree . 
+*/

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    "application" %>
+  <%= javascript_include_tag "application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/{rails_app → dummy}/config/application.rb

@@ -2,11 +2,10 @@ require File.expand_path('../boot', __FILE__)
 
 require 'rails/all'
 
-# If you have a Gemfile, require the gems listed there, including any gems
-# you've limited to :test, :development, or :production.
-Bundler.require(:default, Rails.env) if defined?(Bundler)
+Bundler.require
+require "devise_oauth2_providable"
 
-module RailsApp
+module Dummy
   class Application < Rails::Application
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
@@ -30,13 +29,17 @@ module RailsApp
     # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
     # config.i18n.default_locale = :de
 
-    # JavaScript files you want as :defaults (application.js is always included).
-    config.action_view.javascript_expansions[:defaults] = %w()
-
     # Configure the default encoding used in templates for Ruby 1.9.
     config.encoding = "utf-8"
 
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password]
+
+    # Enable the asset pipeline
+    config.assets.enabled = true
+
+    # Version of your assets, change this if you want to expire all your assets
+    config.assets.version = '1.0'
   end
 end
+

data/spec/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/{rails_app → dummy}/config/database.yml

@@ -1,5 +1,8 @@
 # SQLite version 3.x
 #   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
 development:
   adapter: sqlite3
   database: db/development.sqlite3

data/spec/{rails_app → dummy}/config/environment.rb

@@ -2,4 +2,4 @@
 require File.expand_path('../application', __FILE__)
 
 # Initialize the rails application
-RailsApp::Application.initialize!
+Dummy::Application.initialize!