devise_oauth_token_authenticatable 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. data/.gitignore +4 -0
  2. data/README.md +1 -7
  3. data/Rakefile +4 -0
  4. data/devise_oauth_token_authenticatable.gemspec +7 -1
  5. data/lib/devise/oauth_token_authenticatable/strategies/oauth_token_authenticatable_strategy.rb +42 -4
  6. data/lib/devise/oauth_token_authenticatable/version.rb +1 -1
  7. data/lib/devise_oauth_token_authenticatable.rb +0 -1
  8. data/spec/controllers/protected_controller_spec.rb +61 -0
  9. data/spec/dummy/Rakefile +7 -0
  10. data/spec/dummy/app/assets/javascripts/application.js +7 -0
  11. data/spec/dummy/app/assets/stylesheets/application.css +7 -0
  12. data/spec/dummy/app/controllers/application_controller.rb +3 -0
  13. data/spec/dummy/app/controllers/protected_controller.rb +6 -0
  14. data/spec/dummy/app/helpers/application_helper.rb +2 -0
  15. data/spec/dummy/app/mailers/.gitkeep +0 -0
  16. data/spec/dummy/app/models/.gitkeep +0 -0
  17. data/spec/dummy/app/models/user.rb +12 -0
  18. data/spec/dummy/app/views/layouts/application.html.erb +14 -0
  19. data/spec/dummy/config.ru +4 -0
  20. data/spec/dummy/config/application.rb +51 -0
  21. data/spec/dummy/config/boot.rb +10 -0
  22. data/spec/dummy/config/database.yml +25 -0
  23. data/spec/dummy/config/environment.rb +5 -0
  24. data/spec/dummy/config/environments/development.rb +30 -0
  25. data/spec/dummy/config/environments/production.rb +60 -0
  26. data/spec/dummy/config/environments/test.rb +39 -0
  27. data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
  28. data/spec/dummy/config/initializers/devise.rb +219 -0
  29. data/spec/dummy/config/initializers/inflections.rb +10 -0
  30. data/spec/dummy/config/initializers/mime_types.rb +5 -0
  31. data/spec/dummy/config/initializers/secret_token.rb +7 -0
  32. data/spec/dummy/config/initializers/session_store.rb +8 -0
  33. data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
  34. data/spec/dummy/config/locales/devise.en.yml +58 -0
  35. data/spec/dummy/config/locales/en.yml +5 -0
  36. data/spec/dummy/config/routes.rb +6 -0
  37. data/spec/dummy/db/migrate/20111014142838_create_users.rb +9 -0
  38. data/spec/dummy/db/migrate/20111014161437_create_devise_oauth2_providable_schema.rb +55 -0
  39. data/spec/dummy/db/schema.rb +78 -0
  40. data/spec/dummy/lib/assets/.gitkeep +0 -0
  41. data/spec/dummy/public/404.html +26 -0
  42. data/spec/dummy/public/422.html +26 -0
  43. data/spec/dummy/public/500.html +26 -0
  44. data/spec/dummy/public/favicon.ico +0 -0
  45. data/spec/dummy/script/rails +6 -0
  46. data/spec/spec_helper.rb +30 -0
  47. metadata +259 -105
data/.gitignore CHANGED
@@ -3,6 +3,7 @@
3
3
  .bundle
4
4
  .config
5
5
  .yardoc
6
+ .DS_Store
6
7
  Gemfile.lock
7
8
  InstalledFiles
8
9
  _yardoc
@@ -15,3 +16,6 @@ spec/reports
15
16
  test/tmp
16
17
  test/version_tmp
17
18
  tmp
19
+ log
20
+ *.log
21
+ *.sqlite3
data/README.md CHANGED
@@ -17,11 +17,6 @@ there is a need for it anyway.
17
17
 
18
18
  Comments and suggestions are welcome.
19
19
 
20
- ## HERE BE DRAGONS!
21
- This gem is an extraction from another project, and I'm ashamed to say does not
22
- have any test coverage yet. If you have any suggestions for how to properly
23
- test a Devise module like this, please drop me a line.
24
-
25
20
  ## Requirements
26
21
 
27
22
  * Devise authentication library
@@ -107,8 +102,7 @@ based on the session or cookie, it's based on the Access Token!
107
102
 
108
103
  ## To Do
109
104
 
110
- * Add tests!
111
- * Remove the dependency on `rack-oauth2`
105
+ * Add more tests!
112
106
  * Better error handling
113
107
 
114
108
  ## Contributing
data/Rakefile CHANGED
@@ -1,2 +1,6 @@
1
1
  #!/usr/bin/env rake
2
2
  require "bundler/gem_tasks"
3
+
4
+ require 'rspec/core/rake_task'
5
+ RSpec::Core::RakeTask.new('spec')
6
+ task :default => :spec
@@ -29,5 +29,11 @@ official OAuth 2 spec, but there is a need for it anyway.
29
29
  gem.add_runtime_dependency("rails", [">= 3.1.0"])
30
30
  gem.add_runtime_dependency("devise", [">= 2.1.0"])
31
31
  gem.add_runtime_dependency("oauth2", ["~> 0.6.1"])
32
- gem.add_runtime_dependency("rack-oauth2", [">= 0.14.0"])
32
+ gem.add_development_dependency('rspec-rails', ['>= 2.6.1'])
33
+ gem.add_development_dependency('sqlite3', ['>= 1.3.5'])
34
+ gem.add_development_dependency('shoulda-matchers', ['>= 1.0.0.beta3'])
35
+ gem.add_development_dependency('factory_girl', ['>= 2.2.0'])
36
+ gem.add_development_dependency('factory_girl_rspec', ['>= 0.0.1'])
37
+ gem.add_development_dependency('rake', ['>= 0.9.2.2'])
38
+ gem.add_development_dependency('webmock', ['>= 1.8.8'])
33
39
  end
@@ -11,20 +11,33 @@ module Devise
11
11
  module Strategies
12
12
  class OauthTokenAuthenticatable < Authenticatable
13
13
 
14
+ # Return true or false, indicating if this strategy is applicable
14
15
  def valid?
15
- @req = Rack::OAuth2::Server::Resource::Bearer::Request.new(env)
16
- @req.oauth2?
16
+ @token = setup!
17
+ @token.present?
17
18
  end
18
19
 
19
20
  def authenticate!
20
- @req.setup!
21
- resource = mapping.to.find_for_oauth_token_authentication( @req.access_token )
21
+ resource = mapping.to.find_for_oauth_token_authentication( @token )
22
22
  if validate(resource)
23
23
  resource.after_oauth_token_authentication
24
24
  success! resource
25
25
  elsif !halted?
26
26
  fail(:invalid_token)
27
27
  end
28
+ rescue ::OAuth2::Error
29
+ oauth_error! :invalid_token, 'invalid access token'
30
+ end
31
+
32
+ # This method copied in from 'devise_oauth2_providable'
33
+ # lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb
34
+ # return custom error response in accordance with the oauth spec
35
+ # see http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.3
36
+ def oauth_error!(error_code = :invalid_request, description = nil)
37
+ body = {:error => error_code}
38
+ body[:error_description] = description if description
39
+ custom! [401, {'Content-Type' => 'application/json'}, [body.to_json]]
40
+ throw :warden
28
41
  end
29
42
 
30
43
  # Do not store OauthToken validation in session.
@@ -35,6 +48,31 @@ module Devise
35
48
 
36
49
  private
37
50
 
51
+ def setup!
52
+ tokens = [access_token_in_header, access_token_in_payload].compact
53
+ return case Array(tokens).size
54
+ when 0
55
+ nil
56
+ when 1
57
+ tokens.first
58
+ else
59
+ invalid_request!('Both Authorization header and payload includes access token.')
60
+ end
61
+ end
62
+
63
+ def access_token_in_header
64
+ @auth_header = Rack::Auth::AbstractRequest.new(env)
65
+ if @auth_header.provided? && @auth_header.scheme == :bearer
66
+ @auth_header.params
67
+ else
68
+ nil
69
+ end
70
+ end
71
+
72
+ def access_token_in_payload
73
+ params['access_token']
74
+ end
75
+
38
76
  # Do not use remember_me behavior with token.
39
77
  def remember_me?
40
78
  false
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module OauthTokenAuthenticatable
3
- VERSION = "0.0.1"
3
+ VERSION = "0.0.2"
4
4
  end
5
5
  end
@@ -3,7 +3,6 @@
3
3
 
4
4
  require 'devise'
5
5
  require 'oauth2'
6
- require 'rack/oauth2'
7
6
  require 'devise/oauth_token_authenticatable/strategies/oauth_token_authenticatable_strategy'
8
7
  require 'devise/oauth_token_authenticatable/models/oauth_token_authenticatable'
9
8
  require 'devise/oauth_token_authenticatable/version'
@@ -0,0 +1,61 @@
1
+ require 'spec_helper'
2
+
3
+ describe ProtectedController do
4
+
5
+ describe 'get :index' do
6
+ before do
7
+ @token = '1234'
8
+ stub_request(:get, "http://oauth-test.com/api/getUserInfoByAccessToken?access_token=#{@token}&client_id=this-is-a-client-id").
9
+ to_return(
10
+ body: lambda {|request| "{\"access_token\":\"#{@token}\",\"token_type\":\"bearer\"}" },
11
+ # body: lambda {|request| "{\"access_token\":\"#{@token}\",\"token_type\":\"bearer\",\"email\":\"#{user.email}\"}" },
12
+ headers: { "content-type"=>"application/json; charset=UTF-8" },
13
+ status: 200
14
+ )
15
+
16
+ stub_request(:get, "http://oauth-test.com/api/getUserInfoByAccessToken?access_token=invalid&client_id=this-is-a-client-id").
17
+ to_return(:status => 200, :body => "", :headers => {})
18
+ end
19
+
20
+ context 'with valid bearer token in header' do
21
+ before do
22
+ @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
23
+ get :index, :format => 'json'
24
+ end
25
+ it { should respond_with :ok }
26
+ end
27
+
28
+ context 'with valid bearer token in query string' do
29
+ before do
30
+ get :index, :access_token => @token, :format => 'json'
31
+ end
32
+ it { should respond_with :ok }
33
+ end
34
+
35
+ context 'with invalid bearer token in query param' do
36
+ before do
37
+ get :index, :access_token => 'invalid', :format => 'json'
38
+ end
39
+ it { should respond_with :unauthorized }
40
+ end
41
+
42
+ context 'with valid bearer token in header and query string' do
43
+ before do
44
+ end
45
+ it 'raises error' do
46
+ lambda {
47
+ @request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
48
+ get :index, :access_token => @token, :format => 'json'
49
+ }.should raise_error
50
+ end
51
+ end
52
+
53
+ context 'with no token anywhere' do
54
+ before do
55
+ get :index, :format => 'json'
56
+ end
57
+ it { should respond_with :unauthorized }
58
+ end
59
+
60
+ end
61
+ end
@@ -0,0 +1,7 @@
1
+ #!/usr/bin/env rake
2
+ # Add your own tasks in files placed in lib/tasks ending in .rake,
3
+ # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
4
+
5
+ require File.expand_path('../config/application', __FILE__)
6
+
7
+ Dummy::Application.load_tasks
@@ -0,0 +1,7 @@
1
+ // This is a manifest file that'll be compiled into including all the files listed below.
2
+ // Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
3
+ // be included in the compiled file accessible from http://example.com/assets/application.js
4
+ // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
5
+ // the compiled file.
6
+ //
7
+ //= require_tree .
@@ -0,0 +1,7 @@
1
+ /*
2
+ * This is a manifest file that'll automatically include all the stylesheets available in this directory
3
+ * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
4
+ * the top of the compiled file, but it's generally better to create a new file per style scope.
5
+ *= require_self
6
+ *= require_tree .
7
+ */
@@ -0,0 +1,3 @@
1
+ class ApplicationController < ActionController::Base
2
+ protect_from_forgery
3
+ end
@@ -0,0 +1,6 @@
1
+ class ProtectedController < ApplicationController
2
+ before_filter :authenticate_user!
3
+ def index
4
+ render :nothing => true, :status => :ok
5
+ end
6
+ end
@@ -0,0 +1,2 @@
1
+ module ApplicationHelper
2
+ end
File without changes
File without changes
@@ -0,0 +1,12 @@
1
+ class User < ActiveRecord::Base
2
+ devise :database_authenticatable, :oauth_token_authenticatable
3
+
4
+ def self.find_for_oauth_token_authentication(conditions)
5
+ access_token = validate_oauth_token(conditions)
6
+ return nil unless access_token
7
+
8
+ user = User.find_or_create_by_email( access_token.params['email'] )
9
+
10
+ user
11
+ end
12
+ end
@@ -0,0 +1,14 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>Dummy</title>
5
+ <%= stylesheet_link_tag "application" %>
6
+ <%= javascript_include_tag "application" %>
7
+ <%= csrf_meta_tags %>
8
+ </head>
9
+ <body>
10
+
11
+ <%= yield %>
12
+
13
+ </body>
14
+ </html>
@@ -0,0 +1,4 @@
1
+ # This file is used by Rack-based servers to start the application.
2
+
3
+ require ::File.expand_path('../config/environment', __FILE__)
4
+ run Dummy::Application
@@ -0,0 +1,51 @@
1
+ require File.expand_path('../boot', __FILE__)
2
+
3
+ require 'rails/all'
4
+
5
+ Bundler.require
6
+ require "devise_oauth_token_authenticatable"
7
+
8
+ module Dummy
9
+ class Application < Rails::Application
10
+ # Settings in config/environments/* take precedence over those specified here.
11
+ # Application configuration should go into files in config/initializers
12
+ # -- all .rb files in that directory are automatically loaded.
13
+
14
+ # Custom directories with classes and modules you want to be autoloadable.
15
+ # config.autoload_paths += %W(#{config.root}/extras)
16
+
17
+ # Only load the plugins named here, in the order given (default is alphabetical).
18
+ # :all can be used as a placeholder for all plugins not explicitly named.
19
+ # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
20
+
21
+ # Activate observers that should always be running.
22
+ # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
23
+
24
+ # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
25
+ # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
26
+ # config.time_zone = 'Central Time (US & Canada)'
27
+
28
+ # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
29
+ # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
30
+ # config.i18n.default_locale = :de
31
+
32
+ # Configure the default encoding used in templates for Ruby 1.9.
33
+ config.encoding = "utf-8"
34
+
35
+ # Configure sensitive parameters which will be filtered from the log file.
36
+ config.filter_parameters += [:password]
37
+
38
+ # Enable the asset pipeline
39
+ config.assets.enabled = true
40
+
41
+ # Version of your assets, change this if you want to expire all your assets
42
+ config.assets.version = '1.0'
43
+
44
+
45
+ # (optional) configure token expiration
46
+ # config.devise_oauth2_providable.access_token_expires_in = 1.second # 15.minute default
47
+ # config.devise_oauth2_providable.refresh_token_expires_in = 1.minute # 1.month default
48
+ # config.devise_oauth2_providable.authorization_token_expires_in = 5.seconds # 1.minute default
49
+ end
50
+ end
51
+
@@ -0,0 +1,10 @@
1
+ require 'rubygems'
2
+ gemfile = File.expand_path('../../../../Gemfile', __FILE__)
3
+
4
+ if File.exist?(gemfile)
5
+ ENV['BUNDLE_GEMFILE'] = gemfile
6
+ require 'bundler'
7
+ Bundler.setup
8
+ end
9
+
10
+ $:.unshift File.expand_path('../../../../lib', __FILE__)
@@ -0,0 +1,25 @@
1
+ # SQLite version 3.x
2
+ # gem install sqlite3
3
+ #
4
+ # Ensure the SQLite 3 gem is defined in your Gemfile
5
+ # gem 'sqlite3'
6
+ development:
7
+ adapter: sqlite3
8
+ database: db/development.sqlite3
9
+ pool: 5
10
+ timeout: 5000
11
+
12
+ # Warning: The database defined as "test" will be erased and
13
+ # re-generated from your development database when you run "rake".
14
+ # Do not set this db to the same as development or production.
15
+ test:
16
+ adapter: sqlite3
17
+ database: db/test.sqlite3
18
+ pool: 5
19
+ timeout: 5000
20
+
21
+ production:
22
+ adapter: sqlite3
23
+ database: db/production.sqlite3
24
+ pool: 5
25
+ timeout: 5000
@@ -0,0 +1,5 @@
1
+ # Load the rails application
2
+ require File.expand_path('../application', __FILE__)
3
+
4
+ # Initialize the rails application
5
+ Dummy::Application.initialize!
@@ -0,0 +1,30 @@
1
+ Dummy::Application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb
3
+
4
+ # In the development environment your application's code is reloaded on
5
+ # every request. This slows down response time but is perfect for development
6
+ # since you don't have to restart the web server when you make code changes.
7
+ config.cache_classes = false
8
+
9
+ # Log error messages when you accidentally call methods on nil.
10
+ config.whiny_nils = true
11
+
12
+ # Show full error reports and disable caching
13
+ config.consider_all_requests_local = true
14
+ config.action_controller.perform_caching = false
15
+
16
+ # Don't care if the mailer can't send
17
+ config.action_mailer.raise_delivery_errors = false
18
+
19
+ # Print deprecation notices to the Rails logger
20
+ config.active_support.deprecation = :log
21
+
22
+ # Only use best-standards-support built into browsers
23
+ config.action_dispatch.best_standards_support = :builtin
24
+
25
+ # Do not compress assets
26
+ config.assets.compress = false
27
+
28
+ # Expands the lines which load the assets
29
+ config.assets.debug = true
30
+ end
@@ -0,0 +1,60 @@
1
+ Dummy::Application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb
3
+
4
+ # Code is not reloaded between requests
5
+ config.cache_classes = true
6
+
7
+ # Full error reports are disabled and caching is turned on
8
+ config.consider_all_requests_local = false
9
+ config.action_controller.perform_caching = true
10
+
11
+ # Disable Rails's static asset server (Apache or nginx will already do this)
12
+ config.serve_static_assets = false
13
+
14
+ # Compress JavaScripts and CSS
15
+ config.assets.compress = true
16
+
17
+ # Don't fallback to assets pipeline if a precompiled asset is missed
18
+ config.assets.compile = false
19
+
20
+ # Generate digests for assets URLs
21
+ config.assets.digest = true
22
+
23
+ # Defaults to Rails.root.join("public/assets")
24
+ # config.assets.manifest = YOUR_PATH
25
+
26
+ # Specifies the header that your server uses for sending files
27
+ # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
28
+ # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
29
+
30
+ # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
31
+ # config.force_ssl = true
32
+
33
+ # See everything in the log (default is :info)
34
+ # config.log_level = :debug
35
+
36
+ # Use a different logger for distributed setups
37
+ # config.logger = SyslogLogger.new
38
+
39
+ # Use a different cache store in production
40
+ # config.cache_store = :mem_cache_store
41
+
42
+ # Enable serving of images, stylesheets, and JavaScripts from an asset server
43
+ # config.action_controller.asset_host = "http://assets.example.com"
44
+
45
+ # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
46
+ # config.assets.precompile += %w( search.js )
47
+
48
+ # Disable delivery errors, bad email addresses will be ignored
49
+ # config.action_mailer.raise_delivery_errors = false
50
+
51
+ # Enable threaded mode
52
+ # config.threadsafe!
53
+
54
+ # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
55
+ # the I18n.default_locale when a translation can not be found)
56
+ config.i18n.fallbacks = true
57
+
58
+ # Send deprecation notices to registered listeners
59
+ config.active_support.deprecation = :notify
60
+ end