devise_oauth_token_authenticatable 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +4 -0
- data/README.md +1 -7
- data/Rakefile +4 -0
- data/devise_oauth_token_authenticatable.gemspec +7 -1
- data/lib/devise/oauth_token_authenticatable/strategies/oauth_token_authenticatable_strategy.rb +42 -4
- data/lib/devise/oauth_token_authenticatable/version.rb +1 -1
- data/lib/devise_oauth_token_authenticatable.rb +0 -1
- data/spec/controllers/protected_controller_spec.rb +61 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/assets/javascripts/application.js +7 -0
- data/spec/dummy/app/assets/stylesheets/application.css +7 -0
- data/spec/dummy/app/controllers/application_controller.rb +3 -0
- data/spec/dummy/app/controllers/protected_controller.rb +6 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/mailers/.gitkeep +0 -0
- data/spec/dummy/app/models/.gitkeep +0 -0
- data/spec/dummy/app/models/user.rb +12 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +51 -0
- data/spec/dummy/config/boot.rb +10 -0
- data/spec/dummy/config/database.yml +25 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +30 -0
- data/spec/dummy/config/environments/production.rb +60 -0
- data/spec/dummy/config/environments/test.rb +39 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/devise.rb +219 -0
- data/spec/dummy/config/initializers/inflections.rb +10 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +7 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/devise.en.yml +58 -0
- data/spec/dummy/config/locales/en.yml +5 -0
- data/spec/dummy/config/routes.rb +6 -0
- data/spec/dummy/db/migrate/20111014142838_create_users.rb +9 -0
- data/spec/dummy/db/migrate/20111014161437_create_devise_oauth2_providable_schema.rb +55 -0
- data/spec/dummy/db/schema.rb +78 -0
- data/spec/dummy/lib/assets/.gitkeep +0 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +26 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/spec_helper.rb +30 -0
- metadata +259 -105
data/.gitignore
CHANGED
data/README.md
CHANGED
@@ -17,11 +17,6 @@ there is a need for it anyway.
|
|
17
17
|
|
18
18
|
Comments and suggestions are welcome.
|
19
19
|
|
20
|
-
## HERE BE DRAGONS!
|
21
|
-
This gem is an extraction from another project, and I'm ashamed to say does not
|
22
|
-
have any test coverage yet. If you have any suggestions for how to properly
|
23
|
-
test a Devise module like this, please drop me a line.
|
24
|
-
|
25
20
|
## Requirements
|
26
21
|
|
27
22
|
* Devise authentication library
|
@@ -107,8 +102,7 @@ based on the session or cookie, it's based on the Access Token!
|
|
107
102
|
|
108
103
|
## To Do
|
109
104
|
|
110
|
-
* Add tests!
|
111
|
-
* Remove the dependency on `rack-oauth2`
|
105
|
+
* Add more tests!
|
112
106
|
* Better error handling
|
113
107
|
|
114
108
|
## Contributing
|
data/Rakefile
CHANGED
@@ -29,5 +29,11 @@ official OAuth 2 spec, but there is a need for it anyway.
|
|
29
29
|
gem.add_runtime_dependency("rails", [">= 3.1.0"])
|
30
30
|
gem.add_runtime_dependency("devise", [">= 2.1.0"])
|
31
31
|
gem.add_runtime_dependency("oauth2", ["~> 0.6.1"])
|
32
|
-
gem.
|
32
|
+
gem.add_development_dependency('rspec-rails', ['>= 2.6.1'])
|
33
|
+
gem.add_development_dependency('sqlite3', ['>= 1.3.5'])
|
34
|
+
gem.add_development_dependency('shoulda-matchers', ['>= 1.0.0.beta3'])
|
35
|
+
gem.add_development_dependency('factory_girl', ['>= 2.2.0'])
|
36
|
+
gem.add_development_dependency('factory_girl_rspec', ['>= 0.0.1'])
|
37
|
+
gem.add_development_dependency('rake', ['>= 0.9.2.2'])
|
38
|
+
gem.add_development_dependency('webmock', ['>= 1.8.8'])
|
33
39
|
end
|
data/lib/devise/oauth_token_authenticatable/strategies/oauth_token_authenticatable_strategy.rb
CHANGED
@@ -11,20 +11,33 @@ module Devise
|
|
11
11
|
module Strategies
|
12
12
|
class OauthTokenAuthenticatable < Authenticatable
|
13
13
|
|
14
|
+
# Return true or false, indicating if this strategy is applicable
|
14
15
|
def valid?
|
15
|
-
@
|
16
|
-
@
|
16
|
+
@token = setup!
|
17
|
+
@token.present?
|
17
18
|
end
|
18
19
|
|
19
20
|
def authenticate!
|
20
|
-
@
|
21
|
-
resource = mapping.to.find_for_oauth_token_authentication( @req.access_token )
|
21
|
+
resource = mapping.to.find_for_oauth_token_authentication( @token )
|
22
22
|
if validate(resource)
|
23
23
|
resource.after_oauth_token_authentication
|
24
24
|
success! resource
|
25
25
|
elsif !halted?
|
26
26
|
fail(:invalid_token)
|
27
27
|
end
|
28
|
+
rescue ::OAuth2::Error
|
29
|
+
oauth_error! :invalid_token, 'invalid access token'
|
30
|
+
end
|
31
|
+
|
32
|
+
# This method copied in from 'devise_oauth2_providable'
|
33
|
+
# lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb
|
34
|
+
# return custom error response in accordance with the oauth spec
|
35
|
+
# see http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.3
|
36
|
+
def oauth_error!(error_code = :invalid_request, description = nil)
|
37
|
+
body = {:error => error_code}
|
38
|
+
body[:error_description] = description if description
|
39
|
+
custom! [401, {'Content-Type' => 'application/json'}, [body.to_json]]
|
40
|
+
throw :warden
|
28
41
|
end
|
29
42
|
|
30
43
|
# Do not store OauthToken validation in session.
|
@@ -35,6 +48,31 @@ module Devise
|
|
35
48
|
|
36
49
|
private
|
37
50
|
|
51
|
+
def setup!
|
52
|
+
tokens = [access_token_in_header, access_token_in_payload].compact
|
53
|
+
return case Array(tokens).size
|
54
|
+
when 0
|
55
|
+
nil
|
56
|
+
when 1
|
57
|
+
tokens.first
|
58
|
+
else
|
59
|
+
invalid_request!('Both Authorization header and payload includes access token.')
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def access_token_in_header
|
64
|
+
@auth_header = Rack::Auth::AbstractRequest.new(env)
|
65
|
+
if @auth_header.provided? && @auth_header.scheme == :bearer
|
66
|
+
@auth_header.params
|
67
|
+
else
|
68
|
+
nil
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
def access_token_in_payload
|
73
|
+
params['access_token']
|
74
|
+
end
|
75
|
+
|
38
76
|
# Do not use remember_me behavior with token.
|
39
77
|
def remember_me?
|
40
78
|
false
|
@@ -3,7 +3,6 @@
|
|
3
3
|
|
4
4
|
require 'devise'
|
5
5
|
require 'oauth2'
|
6
|
-
require 'rack/oauth2'
|
7
6
|
require 'devise/oauth_token_authenticatable/strategies/oauth_token_authenticatable_strategy'
|
8
7
|
require 'devise/oauth_token_authenticatable/models/oauth_token_authenticatable'
|
9
8
|
require 'devise/oauth_token_authenticatable/version'
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe ProtectedController do
|
4
|
+
|
5
|
+
describe 'get :index' do
|
6
|
+
before do
|
7
|
+
@token = '1234'
|
8
|
+
stub_request(:get, "http://oauth-test.com/api/getUserInfoByAccessToken?access_token=#{@token}&client_id=this-is-a-client-id").
|
9
|
+
to_return(
|
10
|
+
body: lambda {|request| "{\"access_token\":\"#{@token}\",\"token_type\":\"bearer\"}" },
|
11
|
+
# body: lambda {|request| "{\"access_token\":\"#{@token}\",\"token_type\":\"bearer\",\"email\":\"#{user.email}\"}" },
|
12
|
+
headers: { "content-type"=>"application/json; charset=UTF-8" },
|
13
|
+
status: 200
|
14
|
+
)
|
15
|
+
|
16
|
+
stub_request(:get, "http://oauth-test.com/api/getUserInfoByAccessToken?access_token=invalid&client_id=this-is-a-client-id").
|
17
|
+
to_return(:status => 200, :body => "", :headers => {})
|
18
|
+
end
|
19
|
+
|
20
|
+
context 'with valid bearer token in header' do
|
21
|
+
before do
|
22
|
+
@request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
|
23
|
+
get :index, :format => 'json'
|
24
|
+
end
|
25
|
+
it { should respond_with :ok }
|
26
|
+
end
|
27
|
+
|
28
|
+
context 'with valid bearer token in query string' do
|
29
|
+
before do
|
30
|
+
get :index, :access_token => @token, :format => 'json'
|
31
|
+
end
|
32
|
+
it { should respond_with :ok }
|
33
|
+
end
|
34
|
+
|
35
|
+
context 'with invalid bearer token in query param' do
|
36
|
+
before do
|
37
|
+
get :index, :access_token => 'invalid', :format => 'json'
|
38
|
+
end
|
39
|
+
it { should respond_with :unauthorized }
|
40
|
+
end
|
41
|
+
|
42
|
+
context 'with valid bearer token in header and query string' do
|
43
|
+
before do
|
44
|
+
end
|
45
|
+
it 'raises error' do
|
46
|
+
lambda {
|
47
|
+
@request.env['HTTP_AUTHORIZATION'] = "Bearer #{@token}"
|
48
|
+
get :index, :access_token => @token, :format => 'json'
|
49
|
+
}.should raise_error
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
context 'with no token anywhere' do
|
54
|
+
before do
|
55
|
+
get :index, :format => 'json'
|
56
|
+
end
|
57
|
+
it { should respond_with :unauthorized }
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
end
|
data/spec/dummy/Rakefile
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
3
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
4
|
+
|
5
|
+
require File.expand_path('../config/application', __FILE__)
|
6
|
+
|
7
|
+
Dummy::Application.load_tasks
|
@@ -0,0 +1,7 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into including all the files listed below.
|
2
|
+
// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
|
3
|
+
// be included in the compiled file accessible from http://example.com/assets/application.js
|
4
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
5
|
+
// the compiled file.
|
6
|
+
//
|
7
|
+
//= require_tree .
|
@@ -0,0 +1,7 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll automatically include all the stylesheets available in this directory
|
3
|
+
* and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
|
4
|
+
* the top of the compiled file, but it's generally better to create a new file per style scope.
|
5
|
+
*= require_self
|
6
|
+
*= require_tree .
|
7
|
+
*/
|
File without changes
|
File without changes
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class User < ActiveRecord::Base
|
2
|
+
devise :database_authenticatable, :oauth_token_authenticatable
|
3
|
+
|
4
|
+
def self.find_for_oauth_token_authentication(conditions)
|
5
|
+
access_token = validate_oauth_token(conditions)
|
6
|
+
return nil unless access_token
|
7
|
+
|
8
|
+
user = User.find_or_create_by_email( access_token.params['email'] )
|
9
|
+
|
10
|
+
user
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
require 'rails/all'
|
4
|
+
|
5
|
+
Bundler.require
|
6
|
+
require "devise_oauth_token_authenticatable"
|
7
|
+
|
8
|
+
module Dummy
|
9
|
+
class Application < Rails::Application
|
10
|
+
# Settings in config/environments/* take precedence over those specified here.
|
11
|
+
# Application configuration should go into files in config/initializers
|
12
|
+
# -- all .rb files in that directory are automatically loaded.
|
13
|
+
|
14
|
+
# Custom directories with classes and modules you want to be autoloadable.
|
15
|
+
# config.autoload_paths += %W(#{config.root}/extras)
|
16
|
+
|
17
|
+
# Only load the plugins named here, in the order given (default is alphabetical).
|
18
|
+
# :all can be used as a placeholder for all plugins not explicitly named.
|
19
|
+
# config.plugins = [ :exception_notification, :ssl_requirement, :all ]
|
20
|
+
|
21
|
+
# Activate observers that should always be running.
|
22
|
+
# config.active_record.observers = :cacher, :garbage_collector, :forum_observer
|
23
|
+
|
24
|
+
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
|
25
|
+
# Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
|
26
|
+
# config.time_zone = 'Central Time (US & Canada)'
|
27
|
+
|
28
|
+
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
|
29
|
+
# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
|
30
|
+
# config.i18n.default_locale = :de
|
31
|
+
|
32
|
+
# Configure the default encoding used in templates for Ruby 1.9.
|
33
|
+
config.encoding = "utf-8"
|
34
|
+
|
35
|
+
# Configure sensitive parameters which will be filtered from the log file.
|
36
|
+
config.filter_parameters += [:password]
|
37
|
+
|
38
|
+
# Enable the asset pipeline
|
39
|
+
config.assets.enabled = true
|
40
|
+
|
41
|
+
# Version of your assets, change this if you want to expire all your assets
|
42
|
+
config.assets.version = '1.0'
|
43
|
+
|
44
|
+
|
45
|
+
# (optional) configure token expiration
|
46
|
+
# config.devise_oauth2_providable.access_token_expires_in = 1.second # 15.minute default
|
47
|
+
# config.devise_oauth2_providable.refresh_token_expires_in = 1.minute # 1.month default
|
48
|
+
# config.devise_oauth2_providable.authorization_token_expires_in = 5.seconds # 1.minute default
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# SQLite version 3.x
|
2
|
+
# gem install sqlite3
|
3
|
+
#
|
4
|
+
# Ensure the SQLite 3 gem is defined in your Gemfile
|
5
|
+
# gem 'sqlite3'
|
6
|
+
development:
|
7
|
+
adapter: sqlite3
|
8
|
+
database: db/development.sqlite3
|
9
|
+
pool: 5
|
10
|
+
timeout: 5000
|
11
|
+
|
12
|
+
# Warning: The database defined as "test" will be erased and
|
13
|
+
# re-generated from your development database when you run "rake".
|
14
|
+
# Do not set this db to the same as development or production.
|
15
|
+
test:
|
16
|
+
adapter: sqlite3
|
17
|
+
database: db/test.sqlite3
|
18
|
+
pool: 5
|
19
|
+
timeout: 5000
|
20
|
+
|
21
|
+
production:
|
22
|
+
adapter: sqlite3
|
23
|
+
database: db/production.sqlite3
|
24
|
+
pool: 5
|
25
|
+
timeout: 5000
|
@@ -0,0 +1,30 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# In the development environment your application's code is reloaded on
|
5
|
+
# every request. This slows down response time but is perfect for development
|
6
|
+
# since you don't have to restart the web server when you make code changes.
|
7
|
+
config.cache_classes = false
|
8
|
+
|
9
|
+
# Log error messages when you accidentally call methods on nil.
|
10
|
+
config.whiny_nils = true
|
11
|
+
|
12
|
+
# Show full error reports and disable caching
|
13
|
+
config.consider_all_requests_local = true
|
14
|
+
config.action_controller.perform_caching = false
|
15
|
+
|
16
|
+
# Don't care if the mailer can't send
|
17
|
+
config.action_mailer.raise_delivery_errors = false
|
18
|
+
|
19
|
+
# Print deprecation notices to the Rails logger
|
20
|
+
config.active_support.deprecation = :log
|
21
|
+
|
22
|
+
# Only use best-standards-support built into browsers
|
23
|
+
config.action_dispatch.best_standards_support = :builtin
|
24
|
+
|
25
|
+
# Do not compress assets
|
26
|
+
config.assets.compress = false
|
27
|
+
|
28
|
+
# Expands the lines which load the assets
|
29
|
+
config.assets.debug = true
|
30
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
Dummy::Application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb
|
3
|
+
|
4
|
+
# Code is not reloaded between requests
|
5
|
+
config.cache_classes = true
|
6
|
+
|
7
|
+
# Full error reports are disabled and caching is turned on
|
8
|
+
config.consider_all_requests_local = false
|
9
|
+
config.action_controller.perform_caching = true
|
10
|
+
|
11
|
+
# Disable Rails's static asset server (Apache or nginx will already do this)
|
12
|
+
config.serve_static_assets = false
|
13
|
+
|
14
|
+
# Compress JavaScripts and CSS
|
15
|
+
config.assets.compress = true
|
16
|
+
|
17
|
+
# Don't fallback to assets pipeline if a precompiled asset is missed
|
18
|
+
config.assets.compile = false
|
19
|
+
|
20
|
+
# Generate digests for assets URLs
|
21
|
+
config.assets.digest = true
|
22
|
+
|
23
|
+
# Defaults to Rails.root.join("public/assets")
|
24
|
+
# config.assets.manifest = YOUR_PATH
|
25
|
+
|
26
|
+
# Specifies the header that your server uses for sending files
|
27
|
+
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
|
28
|
+
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
|
29
|
+
|
30
|
+
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
31
|
+
# config.force_ssl = true
|
32
|
+
|
33
|
+
# See everything in the log (default is :info)
|
34
|
+
# config.log_level = :debug
|
35
|
+
|
36
|
+
# Use a different logger for distributed setups
|
37
|
+
# config.logger = SyslogLogger.new
|
38
|
+
|
39
|
+
# Use a different cache store in production
|
40
|
+
# config.cache_store = :mem_cache_store
|
41
|
+
|
42
|
+
# Enable serving of images, stylesheets, and JavaScripts from an asset server
|
43
|
+
# config.action_controller.asset_host = "http://assets.example.com"
|
44
|
+
|
45
|
+
# Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
|
46
|
+
# config.assets.precompile += %w( search.js )
|
47
|
+
|
48
|
+
# Disable delivery errors, bad email addresses will be ignored
|
49
|
+
# config.action_mailer.raise_delivery_errors = false
|
50
|
+
|
51
|
+
# Enable threaded mode
|
52
|
+
# config.threadsafe!
|
53
|
+
|
54
|
+
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
55
|
+
# the I18n.default_locale when a translation can not be found)
|
56
|
+
config.i18n.fallbacks = true
|
57
|
+
|
58
|
+
# Send deprecation notices to registered listeners
|
59
|
+
config.active_support.deprecation = :notify
|
60
|
+
end
|