devise_oauth_token_authenticatable 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +4 -0
- data/README.md +1 -7
- data/Rakefile +4 -0
- data/devise_oauth_token_authenticatable.gemspec +7 -1
- data/lib/devise/oauth_token_authenticatable/strategies/oauth_token_authenticatable_strategy.rb +42 -4
- data/lib/devise/oauth_token_authenticatable/version.rb +1 -1
- data/lib/devise_oauth_token_authenticatable.rb +0 -1
- data/spec/controllers/protected_controller_spec.rb +61 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/assets/javascripts/application.js +7 -0
- data/spec/dummy/app/assets/stylesheets/application.css +7 -0
- data/spec/dummy/app/controllers/application_controller.rb +3 -0
- data/spec/dummy/app/controllers/protected_controller.rb +6 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/mailers/.gitkeep +0 -0
- data/spec/dummy/app/models/.gitkeep +0 -0
- data/spec/dummy/app/models/user.rb +12 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +51 -0
- data/spec/dummy/config/boot.rb +10 -0
- data/spec/dummy/config/database.yml +25 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +30 -0
- data/spec/dummy/config/environments/production.rb +60 -0
- data/spec/dummy/config/environments/test.rb +39 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/devise.rb +219 -0
- data/spec/dummy/config/initializers/inflections.rb +10 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +7 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/devise.en.yml +58 -0
- data/spec/dummy/config/locales/en.yml +5 -0
- data/spec/dummy/config/routes.rb +6 -0
- data/spec/dummy/db/migrate/20111014142838_create_users.rb +9 -0
- data/spec/dummy/db/migrate/20111014161437_create_devise_oauth2_providable_schema.rb +55 -0
- data/spec/dummy/db/schema.rb +78 -0
- data/spec/dummy/lib/assets/.gitkeep +0 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +26 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/spec_helper.rb +30 -0
- metadata +259 -105
data/.gitignore
CHANGED
data/README.md
CHANGED
@@ -17,11 +17,6 @@ there is a need for it anyway.
|
|
17
17
|
|
18
18
|
Comments and suggestions are welcome.
|
19
19
|
|
20
|
-
## HERE BE DRAGONS!
|
21
|
-
This gem is an extraction from another project, and I'm ashamed to say does not
|
22
|
-
have any test coverage yet. If you have any suggestions for how to properly
|
23
|
-
test a Devise module like this, please drop me a line.
|
24
|
-
|
25
20
|
## Requirements
|
26
21
|
|
27
22
|
* Devise authentication library
|
@@ -107,8 +102,7 @@ based on the session or cookie, it's based on the Access Token!
|
|
107
102
|
|
108
103
|
## To Do
|
109
104
|
|
110
|
-
* Add tests!
|
111
|
-
* Remove the dependency on `rack-oauth2`
|
105
|
+
* Add more tests!
|
112
106
|
* Better error handling
|
113
107
|
|
114
108
|
## Contributing
|
data/Rakefile
CHANGED
@@ -29,5 +29,11 @@ official OAuth 2 spec, but there is a need for it anyway.
|
|
29
29
|
gem.add_runtime_dependency("rails", [">= 3.1.0"])
|
30
30
|
gem.add_runtime_dependency("devise", [">= 2.1.0"])
|
31
31
|
gem.add_runtime_dependency("oauth2", ["~> 0.6.1"])
|
32
|
-
gem.
|
32
|
+
gem.add_development_dependency('rspec-rails', ['>= 2.6.1'])
|
33
|
+
gem.add_development_dependency('sqlite3', ['>= 1.3.5'])
|
34
|
+
gem.add_development_dependency('shoulda-matchers', ['>= 1.0.0.beta3'])
|
35
|
+
gem.add_development_dependency('factory_girl', ['>= 2.2.0'])
|
36
|
+
gem.add_development_dependency('factory_girl_rspec', ['>= 0.0.1'])
|
37
|
+
gem.add_development_dependency('rake', ['>= 0.9.2.2'])
|
38
|
+
gem.add_development_dependency('webmock', ['>= 1.8.8'])
|
33
39
|
end
|
data/lib/devise/oauth_token_authenticatable/strategies/oauth_token_authenticatable_strategy.rb
CHANGED
@@ -11,20 +11,33 @@ module Devise
|
|
11
11
|
module Strategies
|
12
12
|
class OauthTokenAuthenticatable < Authenticatable
|
13
13
|
|
14
|
+
# Return true or false, indicating if this strategy is applicable
|
14
15
|
def valid?
|
15
|
-
@
|
16
|
-
@
|
16
|
+
@token = setup!
|
17
|
+
@token.present?
|
17
18
|
end
|
18
19
|
|
19
20
|
def authenticate!
|
20
|
-
@
|
21
|
-
resource = mapping.to.find_for_oauth_token_authentication( @req.access_token )
|
21
|
+
resource = mapping.to.find_for_oauth_token_authentication( @token )
|
22
22
|
if validate(resource)
|
23
23
|
resource.after_oauth_token_authentication
|
24
24
|
success! resource
|
25
25
|
elsif !halted?
|
26
26
|
fail(:invalid_token)
|
27
27
|
end
|
28
|
+
rescue ::OAuth2::Error
|
29
|
+
oauth_error! :invalid_token, 'invalid access token'
|
30
|
+
end
|
31
|
+
|
32
|
+
# This method copied in from 'devise_oauth2_providable'
|
33
|
+
# lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb
|
34
|
+
# return custom error response in accordance with the oauth spec
|
35
|
+
# see http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.3
|
36
|
+
def oauth_error!(error_code = :invalid_request, description = nil)
|
37
|
+
body = {:error => error_code}
|
38
|
+
body[:error_description] = description if description
|
39
|
+
custom! [401, {'Content-Type' => 'application/json'}, [body.to_json]]
|
40
|
+
throw :warden
|
28
41
|
end
|
29
42
|
|
30
43
|
# Do not store OauthToken validation in session.
|
@@ -35,6 +48,31 @@ module Devise
|
|
35
48
|
|
36
49
|
private
|
37
50
|
|
51
|
+
def setup!
|
52
|
+
tokens = [access_token_in_header, access_token_in_payload].compact
|
53
|
+
return case Array(tokens).size
|
54
|
+
when 0
|
55
|
+
nil
|
56
|
+
when 1
|
57
|
+
tokens.first
|
58
|
+
else
|
59
|
+
invalid_request!('Both Authorization header and payload includes access token.')
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def access_token_in_header
|
64
|
+
@auth_header = Rack::Auth::AbstractRequest.new(env)
|
65
|
+
if @auth_header.provided? && @auth_header.scheme == :bearer
|
66
|
+
@auth_header.params
|
67
|
+
else
|
68
|
+
nil
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
def access_token_in_payload
|
73
|
+
params['access_token']
|
74
|
+
end
|
75
|
+
|
38
76
|
# Do not use remember_me behavior with token.
|
39
77
|
def remember_me?
|
40
78
|
false
|
@@ -3,7 +3,6 @@
|
|
3
3
|
|
4
4
|
require 'devise'
|
5
5
|
require 'oauth2'
|
6
|
-
require 'rack/oauth2'
|
7
6
|
require 'devise/oauth_token_authenticatable/strategies/oauth_token_authenticatable_strategy'
|
8
7
|
require 'devise/oauth_token_authenticatable/models/oauth_token_authenticatable'
|
9
8
|
require 'devise/oauth_token_authenticatable/version'
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe ProtectedController do
|
4
|
+
|
5
|
+
describe 'get :index' do
|
6
|
+
before do
|
7
|
+
@token = '1234'
|
8
|
+
stub_request(:get, "http://oauth-test.com/api/getUserInfoByAccessToken?access_token=#{@token}&client_id=this-is-a-client-id").
|
9
|
+
to_return(
|
10
|
+
body: lambda {|request| "{\"access_token\":\"#{@token}\",\"token_type\":\"bearer\"}" },
|
11
|
+
# body: lambda {|request| "{\"access_token\":\"#{@token}\",\"token_type\":\"bearer\",\"email\":\"#{user.email}\"}" },
|
12
|
+
headers: { "content-type"=>"application/json; charset=UTF-8" },
|
13
|
+
status: 200
|
14
|
+
)
|
15
|
+
|
16
|
+
stub_request(:get, "http://oauth-test.com/api/getUserInfoByAccessToken?access_token=invalid&client_id=this-is-a-client-id").
|
17
|
+
to_return(:status => 200, :body => "", :headers => {})
|
18
|
+
end
|
19
|
+
|
20
|
+
context 'with valid bearer token in header' do
|
21
|
+
before do
|
22
|
+
@request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
|
23
|
+
get :index, :format => 'json'
|
24
|
+
end
|
25
|
+
it { should respond_with :ok }
|
26
|
+
end
|
27
|
+
|
28
|
+
context 'with valid bearer token in query string' do
|
29
|
+
before do
|
30
|
+
get :index, :access_token => @token, :format => 'json'
|
31
|
+
end
|
32
|
+
it { should respond_with :ok }
|
33
|
+
end
|
34
|
+
|
35
|
+
context 'with invalid bearer token in query param' do
|
36
|
+
before do
|
37
|
+
get :index, :access_token => 'invalid', :format => 'json'
|
38
|
+
end
|
39
|
+
it { should respond_with :unauthorized }
|
40
|
+
end
|
41
|
+
|
42
|
+
context 'with valid bearer token in header and query string' do
|
43
|
+
before do
|
44
|
+
end
|
45
|
+
it 'raises error' do
|
46
|
+
lambda {
|
47
|
+
@request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
|
48
|
+
get :index, :access_token => @token, :format => 'json'
|
49
|
+
}.should raise_error
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
context 'with no token anywhere' do
|
54
|
+
before do
|
55
|
+
get :index, :format => 'json'
|
56
|
+
end
|
57
|
+
it { should respond_with :unauthorized }
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
end
|
data/spec/dummy/Rakefile
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
3
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
4
|
+
|
5
|
+
require File.expand_path('../config/application', __FILE__)
|
6
|
+
|
7
|
+
Dummy::Application.load_tasks
|
@@ -0,0 +1,7 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into including all the files listed below.
|
2
|
+
// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
|
3
|
+
// be included in the compiled file accessible from http://example.com/assets/application.js
|
4
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
5
|
+
// the compiled file.
|
6
|
+
//
|
7
|
+
//= require_tree .
|
@@ -0,0 +1,7 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll automatically include all the stylesheets available in this directory
|
3
|
+
* and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
|
4
|
+
* the top of the compiled file, but it's generally better to create a new file per style scope.
|
5
|
+
*= require_self
|
6
|
+
*= require_tree .
|
7
|
+
*/
|
File without changes
|
File without changes
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class User < ActiveRecord::Base
|
2
|
+
devise :database_authenticatable, :oauth_token_authenticatable
|
3
|
+
|
4
|
+
def self.find_for_oauth_token_authentication(conditions)
|
5
|
+
access_token = validate_oauth_token(conditions)
|
6
|
+
return nil unless access_token
|
7
|
+
|
8
|
+
user = User.find_or_create_by_email( access_token.params['email'] )
|
9
|
+
|
10
|
+
user
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
require 'rails/all'
|
4
|
+
|
5
|
+
Bundler.require
|
6
|
+
require "devise_oauth_token_authenticatable"
|
7
|
+
|
8
|
+
module Dummy
|
9
|
+
class Application < Rails::Application
|
10
|
+
# Settings in config/environments/* take precedence over those specified here.
|
11
|
+
# Application configuration should go into files in config/initializers
|
12
|
+
# -- all .rb files in that directory are automatically loaded.
|
13
|
+
|
14
|
+
# Custom directories with classes and modules you want to be autoloadable.
|
15
|
+
# config.autoload_paths += %W(#{config.root}/extras)
|
16
|
+
|
17
|
+
# Only load the plugins named here, in the order given (default is alphabetical).
|
18
|
+
# :all can be used as a placeholder for all plugins not explicitly named.
|
19
|
+
# config.plugins = [ :exception_notification, :ssl_requirement, :all ]
|
20
|
+
|
21
|
+
# Activate observers that should always be running.
|
22
|
+
# config.active_record.observers = :cacher, :garbage_collector, :forum_observer
|
23
|
+
|
24
|
+
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
|
25
|
+
# Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
|
26
|
+
# config.time_zone = 'Central Time (US & Canada)'
|
27
|
+
|
28
|
+
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
|
29
|
+
# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
|
30
|
+
# config.i18n.default_locale = :de
|
31
|
+
|
32
|
+
# Configure the default encoding used in templates for Ruby 1.9.
|
33
|
+
config.encoding = "utf-8"
|
34
|
+
|
35
|
+
# Configure sensitive parameters which will be filtered from the log file.
|
36
|
+
config.filter_parameters += [:password]
|
37
|
+
|
38
|
+
# Enable the asset pipeline
|
39
|
+
config.assets.enabled = true
|
40
|
+
|
41
|
+
# Version of your assets, change this if you want to expire all your assets
|
42
|
+
config.assets.version = '1.0'
|
43
|
+
|
44
|
+
|
45
|
+
# (optional) configure token expiration
|
46
|
+
# config.devise_oauth2_providable.access_token_expires_in = 1.second # 15.minute default
|
47
|
+
# config.devise_oauth2_providable.refresh_token_expires_in = 1.minute # 1.month default
|
48
|
+
# config.devise_oauth2_providable.authorization_token_expires_in = 5.seconds # 1.minute default
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# SQLite version 3.x
|
2
|
+
# gem install sqlite3
|
3
|
+
#
|
4
|
+
# Ensure the SQLite 3 gem is defined in your Gemfile
|
5
|
+
# gem 'sqlite3'
|
6
|
+
development:
|
7
|
+
adapter: sqlite3
|
8
|
+
database: db/development.sqlite3
|
9
|
+
pool: 5
|
10
|
+
timeout: 5000
|
11
|
+
|
12
|
+
# Warning: The database defined as "test" will be erased and
|
13
|
+
# re-generated from your development database when you run "rake".
|
14
|
+
# Do not set this db to the same as development or production.
|
15
|
+
test:
|
16
|
+
adapter: sqlite3
|
17
|
+
database: db/test.sqlite3
|
18
|
+
pool: 5
|
19
|
+
timeout: 5000
|
20
|
+
|
21
|
+
production:
|
22
|
+
adapter: sqlite3
|
23
|
+
database: db/production.sqlite3
|
24
|
+
pool: 5
|
25
|
+
timeout: 5000
|
@@ -0,0 +1,30 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# In the development environment your application's code is reloaded on
|
5
|
+
# every request. This slows down response time but is perfect for development
|
6
|
+
# since you don't have to restart the web server when you make code changes.
|
7
|
+
config.cache_classes = false
|
8
|
+
|
9
|
+
# Log error messages when you accidentally call methods on nil.
|
10
|
+
config.whiny_nils = true
|
11
|
+
|
12
|
+
# Show full error reports and disable caching
|
13
|
+
config.consider_all_requests_local = true
|
14
|
+
config.action_controller.perform_caching = false
|
15
|
+
|
16
|
+
# Don't care if the mailer can't send
|
17
|
+
config.action_mailer.raise_delivery_errors = false
|
18
|
+
|
19
|
+
# Print deprecation notices to the Rails logger
|
20
|
+
config.active_support.deprecation = :log
|
21
|
+
|
22
|
+
# Only use best-standards-support built into browsers
|
23
|
+
config.action_dispatch.best_standards_support = :builtin
|
24
|
+
|
25
|
+
# Do not compress assets
|
26
|
+
config.assets.compress = false
|
27
|
+
|
28
|
+
# Expands the lines which load the assets
|
29
|
+
config.assets.debug = true
|
30
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# Code is not reloaded between requests
|
5
|
+
config.cache_classes = true
|
6
|
+
|
7
|
+
# Full error reports are disabled and caching is turned on
|
8
|
+
config.consider_all_requests_local = false
|
9
|
+
config.action_controller.perform_caching = true
|
10
|
+
|
11
|
+
# Disable Rails's static asset server (Apache or nginx will already do this)
|
12
|
+
config.serve_static_assets = false
|
13
|
+
|
14
|
+
# Compress JavaScripts and CSS
|
15
|
+
config.assets.compress = true
|
16
|
+
|
17
|
+
# Don't fallback to assets pipeline if a precompiled asset is missed
|
18
|
+
config.assets.compile = false
|
19
|
+
|
20
|
+
# Generate digests for assets URLs
|
21
|
+
config.assets.digest = true
|
22
|
+
|
23
|
+
# Defaults to Rails.root.join("public/assets")
|
24
|
+
# config.assets.manifest = YOUR_PATH
|
25
|
+
|
26
|
+
# Specifies the header that your server uses for sending files
|
27
|
+
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
|
28
|
+
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
|
29
|
+
|
30
|
+
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
31
|
+
# config.force_ssl = true
|
32
|
+
|
33
|
+
# See everything in the log (default is :info)
|
34
|
+
# config.log_level = :debug
|
35
|
+
|
36
|
+
# Use a different logger for distributed setups
|
37
|
+
# config.logger = SyslogLogger.new
|
38
|
+
|
39
|
+
# Use a different cache store in production
|
40
|
+
# config.cache_store = :mem_cache_store
|
41
|
+
|
42
|
+
# Enable serving of images, stylesheets, and JavaScripts from an asset server
|
43
|
+
# config.action_controller.asset_host = "http://assets.example.com"
|
44
|
+
|
45
|
+
# Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
|
46
|
+
# config.assets.precompile += %w( search.js )
|
47
|
+
|
48
|
+
# Disable delivery errors, bad email addresses will be ignored
|
49
|
+
# config.action_mailer.raise_delivery_errors = false
|
50
|
+
|
51
|
+
# Enable threaded mode
|
52
|
+
# config.threadsafe!
|
53
|
+
|
54
|
+
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
55
|
+
# the I18n.default_locale when a translation can not be found)
|
56
|
+
config.i18n.fallbacks = true
|
57
|
+
|
58
|
+
# Send deprecation notices to registered listeners
|
59
|
+
config.active_support.deprecation = :notify
|
60
|
+
end
|