devise_oauth2_rails4 1.1.8 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +23 -2
  3. data/app/controllers/devise/oauth2/authorizations_controller.rb +13 -0
  4. data/app/models/devise/oauth2/access_token.rb +2 -7
  5. data/lib/devise/oauth2/version.rb +1 -1
  6. data/spec/dummy/app/controllers/application_controller.rb +13 -0
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: dde5059996e6ed80714f26ee8fceea75f5986338
4
- data.tar.gz: b2e8d105f9cd9e9578dc4fb30ac7b67c834477ca
3
+ metadata.gz: 33c54215d3c1ae10af1985f18232be30930bcc19
4
+ data.tar.gz: 2d0a606906dc51e410d2ca8f2269b044022bfa93
5
5
  SHA512:
6
- metadata.gz: 470bfe61faeb2a2b3c914ca9018a8f29c5a4e16fe30d90b64539d4b77b18fe4c13d65004c5e35f947226ee301bb36545faa69900de798eadaf764e0b2987a4fb
7
- data.tar.gz: aec96500ab3a0b4df580e51d5d45c99bd6712cd5dc207a2558a0b0f66542df25a0378e70c01118b0d4c374826a9f92cb13ce8260d70fe7fb32653f59cd6d0f4f
6
+ metadata.gz: 691faeaa04261f14093c3867041dc22d6077304d0e6224baec120d00c6f46d26e57121f313ffaa2bcd8705f1b5bbee70841510670f3df7eea1b1c2d066058571
7
+ data.tar.gz: c51c40f5e4a52db1d850ca115609a72807798931240fedb5331c99f483ac125f5849c76258608d039dfb5556241d89abacab106957001bec8ac56f9907965f0c
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # devise_oauth2_providable
2
2
 
3
- Rails3 engine that brings OAuth2 Provider support to your application.
3
+ Rails 4 engine that brings OAuth2 Provider support to your application.
4
4
 
5
5
  Current OAuth2 Specification Draft:
6
6
  http://tools.ietf.org/html/draft-ietf-oauth-v2-22
@@ -103,7 +103,7 @@ expires after 1min by default. to customize the duration of the
103
103
  authorization code:
104
104
 
105
105
  ```ruby
106
- Devise::Oauth2Providable::AuthorizationCode.default_lifetime = 5.minutes
106
+ Devise::Oauth2::AuthorizationCode.default_lifetime = 5.minutes
107
107
  ```
108
108
 
109
109
  ## Routes
@@ -122,6 +122,27 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-2.2
122
122
  Endpoint to request access token. See grant type documentation for
123
123
  supported flows.
124
124
 
125
+ ## Permissions
126
+
127
+ Rails 4 version of this gem adds support for dynamic permissions!
128
+
129
+ In the `Client` model, there is a field for `default_permissions`, which each access_token
130
+ will inherit from by default. Much like the Facebook Graph API, clients can specify the permissions
131
+ on a request-per-request basis.
132
+
133
+ ```
134
+ http://localhost:3000/oauth/authorize?client_id=my_client_id&response_type=token&permissions=read_feed,post_to_wall,edit_profile
135
+ ```
136
+
137
+ ### Checking Permissions
138
+
139
+ ```ruby
140
+ @access_token = Devise::Oauth2::AccessToken.find_by_token('my_access_token')
141
+ @access_token.can? :read_feed
142
+ # => true
143
+ ```
144
+
145
+
125
146
  ## Grant Types
126
147
 
127
148
  ### Resource Owner Password Credentials Grant Type
data/app/controllers/devise/oauth2/authorizations_controller.rb CHANGED
@@ -5,6 +5,7 @@ module Devise
5
5
  #include ::PermissionsHelper
6
6
 
7
7
  before_action :authenticate_user!
8
+ around_action :perform_callbacks
8
9
 
9
10
  rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
10
11
  @error = e
@@ -51,8 +52,12 @@ module Devise
51
52
  res.access_token = bearer_token
52
53
  # res.uid = current_user.id
53
54
  end
55
+ after_allowed_authorization if defined? after_allowed_authorization
56
+ return if performed?
54
57
  res.approve!
55
58
  else
59
+ after_denied_authorization if defined? after_denied_authorization
60
+ return if performed?
56
61
  req.access_denied!
57
62
  end
58
63
  else
@@ -68,6 +73,14 @@ module Devise
68
73
  params[:permissions] || @client.default_permissions
69
74
  end
70
75
 
76
+ def perform_callbacks
77
+
78
+ before_authorize if defined? before_authorize
79
+ return if performed?
80
+ yield
81
+ after_authorize if defined? after_authorize
82
+ end
83
+
71
84
  end
72
85
  end
73
86
  end
data/app/models/devise/oauth2/access_token.rb CHANGED
@@ -23,13 +23,8 @@ class Devise::Oauth2::AccessToken < ActiveRecord::Base
23
23
  response
24
24
  end
25
25
 
26
- def method_missing(method, *args, &block)
27
- if method.to_s.match /^can_.*\?$/
28
- permission = method.to_s.match(/^can_(.*)\?$/)[1]
29
- return true if permission.in? self.permissions
30
- return false
31
- end
32
- super(method, *args, &block)
26
+ def can?(do_permission)
27
+ do_permission.to_s.in? Array(self.permissions)
33
28
  end
34
29
 
35
30
  private
data/lib/devise/oauth2/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module Oauth2
3
- VERSION = "1.1.8"
3
+ VERSION = "2.0.0"
4
4
  end
5
5
  end
data/spec/dummy/app/controllers/application_controller.rb CHANGED
@@ -1,3 +1,16 @@
1
1
  class ApplicationController < ActionController::Base
2
2
  protect_from_forgery
3
+
4
+ #def before_authorize
5
+ # Rails.logger.info 'We are calling before authorize! :D'
6
+ #end
7
+ #
8
+ #def after_authorize
9
+ # Rails.logger.info 'We are calling after authorize!!!'
10
+ #end
11
+ #
12
+ #def after_denied_authorization
13
+ # redirect_to '/'
14
+ #end
15
+
3
16
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_oauth2_rails4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.8
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Wheeler
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-03-07 00:00:00.000000000 Z
11
+ date: 2014-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails