devise_oauth2_rails4 1.1.8 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 33c54215d3c1ae10af1985f18232be30930bcc19
|
|
4
|
+
data.tar.gz: 2d0a606906dc51e410d2ca8f2269b044022bfa93
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 691faeaa04261f14093c3867041dc22d6077304d0e6224baec120d00c6f46d26e57121f313ffaa2bcd8705f1b5bbee70841510670f3df7eea1b1c2d066058571
|
|
7
|
+
data.tar.gz: c51c40f5e4a52db1d850ca115609a72807798931240fedb5331c99f483ac125f5849c76258608d039dfb5556241d89abacab106957001bec8ac56f9907965f0c
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# devise_oauth2_providable
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Rails 4 engine that brings OAuth2 Provider support to your application.
|
|
4
4
|
|
|
5
5
|
Current OAuth2 Specification Draft:
|
|
6
6
|
http://tools.ietf.org/html/draft-ietf-oauth-v2-22
|
|
@@ -103,7 +103,7 @@ expires after 1min by default. to customize the duration of the
|
|
|
103
103
|
authorization code:
|
|
104
104
|
|
|
105
105
|
```ruby
|
|
106
|
-
Devise::
|
|
106
|
+
Devise::Oauth2::AuthorizationCode.default_lifetime = 5.minutes
|
|
107
107
|
```
|
|
108
108
|
|
|
109
109
|
## Routes
|
|
@@ -122,6 +122,27 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-2.2
|
|
|
122
122
|
Endpoint to request access token. See grant type documentation for
|
|
123
123
|
supported flows.
|
|
124
124
|
|
|
125
|
+
## Permissions
|
|
126
|
+
|
|
127
|
+
Rails 4 version of this gem adds support for dynamic permissions!
|
|
128
|
+
|
|
129
|
+
In the `Client` model, there is a field for `default_permissions`, which each access_token
|
|
130
|
+
will inherit from by default. Much like the Facebook Graph API, clients can specify the permissions
|
|
131
|
+
on a request-per-request basis.
|
|
132
|
+
|
|
133
|
+
```
|
|
134
|
+
http://localhost:3000/oauth/authorize?client_id=my_client_id&response_type=token&permissions=read_feed,post_to_wall,edit_profile
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
### Checking Permissions
|
|
138
|
+
|
|
139
|
+
```ruby
|
|
140
|
+
@access_token = Devise::Oauth2::AccessToken.find_by_token('my_access_token')
|
|
141
|
+
@access_token.can? :read_feed
|
|
142
|
+
# => true
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
|
|
125
146
|
## Grant Types
|
|
126
147
|
|
|
127
148
|
### Resource Owner Password Credentials Grant Type
|
|
@@ -5,6 +5,7 @@ module Devise
|
|
|
5
5
|
#include ::PermissionsHelper
|
|
6
6
|
|
|
7
7
|
before_action :authenticate_user!
|
|
8
|
+
around_action :perform_callbacks
|
|
8
9
|
|
|
9
10
|
rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
|
|
10
11
|
@error = e
|
|
@@ -51,8 +52,12 @@ module Devise
|
|
|
51
52
|
res.access_token = bearer_token
|
|
52
53
|
# res.uid = current_user.id
|
|
53
54
|
end
|
|
55
|
+
after_allowed_authorization if defined? after_allowed_authorization
|
|
56
|
+
return if performed?
|
|
54
57
|
res.approve!
|
|
55
58
|
else
|
|
59
|
+
after_denied_authorization if defined? after_denied_authorization
|
|
60
|
+
return if performed?
|
|
56
61
|
req.access_denied!
|
|
57
62
|
end
|
|
58
63
|
else
|
|
@@ -68,6 +73,14 @@ module Devise
|
|
|
68
73
|
params[:permissions] || @client.default_permissions
|
|
69
74
|
end
|
|
70
75
|
|
|
76
|
+
def perform_callbacks
|
|
77
|
+
|
|
78
|
+
before_authorize if defined? before_authorize
|
|
79
|
+
return if performed?
|
|
80
|
+
yield
|
|
81
|
+
after_authorize if defined? after_authorize
|
|
82
|
+
end
|
|
83
|
+
|
|
71
84
|
end
|
|
72
85
|
end
|
|
73
86
|
end
|
|
@@ -23,13 +23,8 @@ class Devise::Oauth2::AccessToken < ActiveRecord::Base
|
|
|
23
23
|
response
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
def
|
|
27
|
-
|
|
28
|
-
permission = method.to_s.match(/^can_(.*)\?$/)[1]
|
|
29
|
-
return true if permission.in? self.permissions
|
|
30
|
-
return false
|
|
31
|
-
end
|
|
32
|
-
super(method, *args, &block)
|
|
26
|
+
def can?(do_permission)
|
|
27
|
+
do_permission.to_s.in? Array(self.permissions)
|
|
33
28
|
end
|
|
34
29
|
|
|
35
30
|
private
|
|
@@ -1,3 +1,16 @@
|
|
|
1
1
|
class ApplicationController < ActionController::Base
|
|
2
2
|
protect_from_forgery
|
|
3
|
+
|
|
4
|
+
#def before_authorize
|
|
5
|
+
# Rails.logger.info 'We are calling before authorize! :D'
|
|
6
|
+
#end
|
|
7
|
+
#
|
|
8
|
+
#def after_authorize
|
|
9
|
+
# Rails.logger.info 'We are calling after authorize!!!'
|
|
10
|
+
#end
|
|
11
|
+
#
|
|
12
|
+
#def after_denied_authorization
|
|
13
|
+
# redirect_to '/'
|
|
14
|
+
#end
|
|
15
|
+
|
|
3
16
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_oauth2_rails4
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Wheeler
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-03-
|
|
11
|
+
date: 2014-03-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|