doorkeeper-grants_assertion 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +10 -0
  3. data/Gemfile +12 -0
  4. data/MIT-LICENSE +21 -0
  5. data/README.md +30 -0
  6. data/Rakefile +18 -0
  7. data/config/locales/en.yml +5 -0
  8. data/doorkeeper-grants_assertion.gemspec +22 -0
  9. data/lib/doorkeeper/grants_assertion.rb +27 -0
  10. data/lib/doorkeeper/request/assertion.rb +29 -0
  11. data/spec/dummy/Rakefile +7 -0
  12. data/spec/dummy/app/controllers/application_controller.rb +3 -0
  13. data/spec/dummy/app/controllers/custom_authorizations_controller.rb +7 -0
  14. data/spec/dummy/app/controllers/full_protected_resources_controller.rb +12 -0
  15. data/spec/dummy/app/controllers/home_controller.rb +17 -0
  16. data/spec/dummy/app/controllers/metal_controller.rb +11 -0
  17. data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +11 -0
  18. data/spec/dummy/app/helpers/application_helper.rb +5 -0
  19. data/spec/dummy/app/models/user.rb +9 -0
  20. data/spec/dummy/app/views/home/index.html.erb +0 -0
  21. data/spec/dummy/app/views/layouts/application.html.erb +14 -0
  22. data/spec/dummy/config.ru +4 -0
  23. data/spec/dummy/config/application.rb +47 -0
  24. data/spec/dummy/config/boot.rb +4 -0
  25. data/spec/dummy/config/database.yml +15 -0
  26. data/spec/dummy/config/environment.rb +5 -0
  27. data/spec/dummy/config/environments/development.rb +29 -0
  28. data/spec/dummy/config/environments/production.rb +62 -0
  29. data/spec/dummy/config/environments/test.rb +51 -0
  30. data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
  31. data/spec/dummy/config/initializers/doorkeeper.rb +92 -0
  32. data/spec/dummy/config/initializers/secret_token.rb +9 -0
  33. data/spec/dummy/config/initializers/session_store.rb +8 -0
  34. data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
  35. data/spec/dummy/config/locales/doorkeeper.en.yml +74 -0
  36. data/spec/dummy/config/routes.rb +52 -0
  37. data/spec/dummy/db/migrate/20111122132257_create_users.rb +10 -0
  38. data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +41 -0
  39. data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +7 -0
  40. data/spec/dummy/db/schema.rb +66 -0
  41. data/spec/dummy/script/rails +6 -0
  42. data/spec/factories/access_grant.rb +9 -0
  43. data/spec/factories/access_token.rb +11 -0
  44. data/spec/factories/application.rb +6 -0
  45. data/spec/requests/flows/assertion_spec.rb +74 -0
  46. data/spec/spec_helper.rb +2 -0
  47. data/spec/spec_helper_integration.rb +29 -0
  48. data/spec/support/dependencies/factory_girl.rb +2 -0
  49. data/spec/support/helpers/config_helper.rb +9 -0
  50. data/spec/support/helpers/model_helper.rb +45 -0
  51. data/spec/support/helpers/request_spec_helper.rb +76 -0
  52. data/spec/support/helpers/url_helper.rb +19 -0
  53. data/spec/support/shared/controllers_shared_context.rb +60 -0
  54. data/spec/support/shared/models_shared_examples.rb +52 -0
  55. metadata +195 -0
@@ -0,0 +1,51 @@
1
+ Dummy::Application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb
3
+
4
+ # The test environment is used exclusively to run your application's
5
+ # test suite. You never need to work with it otherwise. Remember that
6
+ # your test database is "scratch space" for the test suite and is wiped
7
+ # and recreated between test runs. Don't rely on the data there!
8
+ config.cache_classes = true
9
+
10
+ # Configure static asset server for tests with Cache-Control for performance
11
+ config.serve_static_assets = true
12
+ config.static_cache_control = 'public, max-age=3600'
13
+
14
+ if Rails.version.to_i < 4
15
+ # Log error messages when you accidentally call methods on nil
16
+ config.whiny_nils = true
17
+ end
18
+
19
+ if Rails.version.to_i >= 4
20
+ # Do not eager load code on boot. This avoids loading your whole application
21
+ # just for the purpose of running a single test. If you are using a tool that
22
+ # preloads Rails for running tests, you may have to set it to true.
23
+ config.eager_load = false
24
+ config.i18n.enforce_available_locales = true
25
+ end
26
+
27
+ # Show full error reports and disable caching
28
+ config.consider_all_requests_local = true
29
+ config.action_controller.perform_caching = false
30
+
31
+ # Raise exceptions instead of rendering exception templates
32
+ config.action_dispatch.show_exceptions = false
33
+
34
+ # Disable request forgery protection in test environment
35
+ config.action_controller.allow_forgery_protection = false
36
+
37
+ # Tell Action Mailer not to deliver emails to the real world.
38
+ # The :test delivery method accumulates sent emails in the
39
+ # ActionMailer::Base.deliveries array.
40
+ # config.action_mailer.delivery_method = :test
41
+
42
+ # Use SQL instead of Active Record's schema dumper when creating the test database.
43
+ # This is necessary if your schema can't be completely dumped by the schema dumper,
44
+ # like if you have constraints or database-specific column types
45
+ # config.active_record.schema_format = :sql
46
+
47
+ # Print deprecation notices to the stderr
48
+ config.active_support.deprecation = :stderr
49
+
50
+ config.eager_load = true
51
+ end
@@ -0,0 +1,7 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4
+ # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5
+
6
+ # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7
+ # Rails.backtrace_cleaner.remove_silencers!
@@ -0,0 +1,92 @@
1
+ Doorkeeper.configure do
2
+ # Change the ORM that doorkeeper will use.
3
+ # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
4
+ orm :active_record
5
+
6
+ # This block will be called to check whether the resource owner is authenticated or not.
7
+ resource_owner_authenticator do
8
+ # Put your resource owner authentication logic here.
9
+ # Example implementation:
10
+ # User.find_by_id(session[:user_id]) || redirect_to(new_user_session_url)
11
+ User.find_by_id(session[:user_id]) || redirect_to(root_url, alert: 'Needs sign in.')
12
+ end
13
+
14
+ # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
15
+ # admin_authenticator do
16
+ # # Put your admin authentication logic here.
17
+ # # Example implementation:
18
+ # Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
19
+ # end
20
+
21
+ # Authorization Code expiration time (default 10 minutes).
22
+ # authorization_code_expires_in 10.minutes
23
+
24
+ # Access token expiration time (default 2 hours).
25
+ # If you want to disable expiration, set this to nil.
26
+ # access_token_expires_in 2.hours
27
+
28
+ # Reuse access token for the same resource owner within an application (disabled by default)
29
+ # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
30
+ # reuse_access_token
31
+
32
+ # Issue access tokens with refresh token (disabled by default)
33
+ # use_refresh_token
34
+
35
+ # Provide support for an owner to be assigned to each registered application (disabled by default)
36
+ # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
37
+ # a registered application
38
+ # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
39
+ # enable_application_owner :confirmation => false
40
+
41
+ # Define access token scopes for your provider
42
+ # For more information go to
43
+ # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
44
+ # default_scopes :public
45
+ # optional_scopes :write, :update
46
+
47
+ # Change the way client credentials are retrieved from the request object.
48
+ # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
49
+ # falls back to the `:client_id` and `:client_secret` params from the `params` object.
50
+ # Check out the wiki for more information on customization
51
+ # client_credentials :from_basic, :from_params
52
+
53
+ # Change the way access token is authenticated from the request object.
54
+ # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
55
+ # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
56
+ # Check out the wiki for more information on customization
57
+ # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
58
+
59
+ # Change the test redirect uri for client apps
60
+ # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
61
+ # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
62
+ # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
63
+ #
64
+ # test_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
65
+
66
+ # Specify what grant flows are enabled in array of Strings. The valid
67
+ # strings and the flows they enable are:
68
+ #
69
+ # "authorization_code" => Authorization Code Grant Flow
70
+ # "implicit" => Implicit Grant Flow
71
+ # "password" => Resource Owner Password Credentials Grant Flow
72
+ # "client_credentials" => Client Credentials Grant Flow
73
+ #
74
+ # If not specified, Doorkeeper enables all the four grant flows.
75
+ #
76
+ grant_flows %w(authorization_code implicit password client_credentials assertion)
77
+
78
+ # Under some circumstances you might want to have applications auto-approved,
79
+ # so that the user skips the authorization step.
80
+ # For example if dealing with trusted a application.
81
+ # skip_authorization do |resource_owner, client|
82
+ # client.superapp? or resource_owner.admin?
83
+ # end
84
+
85
+ # WWW-Authenticate Realm (default "Doorkeeper").
86
+ # realm "Doorkeeper"
87
+
88
+ # Allow dynamic query parameters (disabled by default)
89
+ # Some applications require dynamic query parameters on their request_uri
90
+ # set to true if you want this to be allowed
91
+ # wildcard_redirect_uri false
92
+ end
@@ -0,0 +1,9 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Your secret key for verifying the integrity of signed cookies.
4
+ # If you change this key, all old signed cookies will become invalid!
5
+ # Make sure the secret is at least 30 characters and all random,
6
+ # no regular words or you'll be exposed to dictionary attacks.
7
+ Dummy::Application.config.secret_key_base =
8
+ Dummy::Application.config.secret_token =
9
+ 'c00157b5a1bb6181792f0f4a8a080485de7bab9987e6cf159dc74c4f0573345c1bfa713b5d756e1491fc0b098567e8a619e2f8d268eda86a20a720d05d633780'
@@ -0,0 +1,8 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
4
+
5
+ # Use the database for sessions instead of the cookie-based default,
6
+ # which shouldn't be used to store highly confidential information
7
+ # (create the session table with "rails generate session_migration")
8
+ # Dummy::Application.config.session_store :active_record_store
@@ -0,0 +1,14 @@
1
+ # Be sure to restart your server when you modify this file.
2
+ #
3
+ # This file contains settings for ActionController::ParamsWrapper which
4
+ # is enabled by default.
5
+
6
+ # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
7
+ ActiveSupport.on_load(:action_controller) do
8
+ wrap_parameters format: [:json]
9
+ end
10
+
11
+ # Disable root element in JSON by default.
12
+ ActiveSupport.on_load(:active_record) do
13
+ self.include_root_in_json = false
14
+ end
@@ -0,0 +1,74 @@
1
+ en:
2
+ activerecord:
3
+ errors:
4
+ models:
5
+ application:
6
+ attributes:
7
+ redirect_uri:
8
+ fragment_present: 'cannot contain a fragment.'
9
+ has_query_parameter: 'cannot contain a query parameter.'
10
+ invalid_uri: 'must be a valid URI.'
11
+ relative_uri: 'must be an absolute URI.'
12
+ mongoid:
13
+ errors:
14
+ models:
15
+ application:
16
+ attributes:
17
+ redirect_uri:
18
+ fragment_present: 'cannot contain a fragment.'
19
+ has_query_parameter: 'cannot contain a query parameter.'
20
+ invalid_uri: 'must be a valid URI.'
21
+ relative_uri: 'must be an absolute URI.'
22
+ mongo_mapper:
23
+ errors:
24
+ models:
25
+ application:
26
+ attributes:
27
+ redirect_uri:
28
+ fragment_present: 'cannot contain a fragment.'
29
+ has_query_parameter: 'cannot contain a query parameter.'
30
+ invalid_uri: 'must be a valid URI.'
31
+ relative_uri: 'must be an absolute URI.'
32
+ doorkeeper:
33
+ errors:
34
+ messages:
35
+ # Common error messages
36
+ invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
37
+ invalid_redirect_uri: 'The redirect uri included is not valid.'
38
+ unauthorized_client: 'The client is not authorized to perform this request using this method.'
39
+ access_denied: 'The resource owner or authorization server denied the request.'
40
+ invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
41
+ server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
42
+ temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
43
+
44
+ #configuration error messages
45
+ credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
46
+ resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.'
47
+
48
+ # Access grant errors
49
+ unsupported_response_type: 'The authorization server does not support this response type.'
50
+
51
+ # Access token errors
52
+ invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.'
53
+ invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
54
+ unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
55
+
56
+ # Password Access token errors
57
+ invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
58
+
59
+ invalid_token:
60
+ revoked: "The access token was revoked"
61
+ expired: "The access token expired"
62
+ unknown: "The access token is invalid"
63
+
64
+ flash:
65
+ applications:
66
+ create:
67
+ notice: 'Application created.'
68
+ destroy:
69
+ notice: 'Application deleted.'
70
+ update:
71
+ notice: 'Application updated.'
72
+ authorized_applications:
73
+ destroy:
74
+ notice: 'Application revoked.'
@@ -0,0 +1,52 @@
1
+ Rails.application.routes.draw do
2
+ use_doorkeeper
3
+ use_doorkeeper scope: 'scope'
4
+
5
+ scope 'inner_space' do
6
+ use_doorkeeper scope: 'scope' do
7
+ controllers authorizations: 'custom_authorizations',
8
+ tokens: 'custom_authorizations',
9
+ applications: 'custom_authorizations',
10
+ token_info: 'custom_authorizations'
11
+
12
+ as authorizations: 'custom_auth',
13
+ tokens: 'custom_token',
14
+ token_info: 'custom_token_info'
15
+ end
16
+ end
17
+
18
+ scope 'space' do
19
+ use_doorkeeper do
20
+ controllers authorizations: 'custom_authorizations',
21
+ tokens: 'custom_authorizations',
22
+ applications: 'custom_authorizations',
23
+ token_info: 'custom_authorizations'
24
+
25
+ as authorizations: 'custom_auth',
26
+ tokens: 'custom_token',
27
+ token_info: 'custom_token_info'
28
+ end
29
+ end
30
+
31
+ scope 'outer_space' do
32
+ use_doorkeeper do
33
+ controllers authorizations: 'custom_authorizations',
34
+ tokens: 'custom_authorizations',
35
+ token_info: 'custom_authorizations'
36
+
37
+ as authorizations: 'custom_auth',
38
+ tokens: 'custom_token',
39
+ token_info: 'custom_token_info'
40
+
41
+ skip_controllers :tokens, :applications, :token_info
42
+ end
43
+ end
44
+
45
+ get 'metal.json' => 'metal#index'
46
+
47
+ get '/callback', to: 'home#callback'
48
+ get '/sign_in', to: 'home#sign_in'
49
+ resources :semi_protected_resources
50
+ resources :full_protected_resources
51
+ root to: 'home#index'
52
+ end
@@ -0,0 +1,10 @@
1
+ class CreateUsers < ActiveRecord::Migration
2
+ def change
3
+ create_table :users do |t|
4
+ t.string :name
5
+ t.string :password
6
+ t.string :assertion
7
+ t.timestamps
8
+ end
9
+ end
10
+ end
@@ -0,0 +1,41 @@
1
+ class CreateDoorkeeperTables < ActiveRecord::Migration
2
+ def change
3
+ create_table :oauth_applications do |t|
4
+ t.string :name, null: false
5
+ t.string :uid, null: false
6
+ t.string :secret, null: false
7
+ t.string :redirect_uri, null: false, limit: 2048
8
+ t.timestamps
9
+ end
10
+
11
+ add_index :oauth_applications, :uid, unique: true
12
+
13
+ create_table :oauth_access_grants do |t|
14
+ t.integer :resource_owner_id, null: false
15
+ t.integer :application_id, null: false
16
+ t.string :token, null: false
17
+ t.integer :expires_in, null: false
18
+ t.string :redirect_uri, null: false, limit: 2048
19
+ t.datetime :created_at, null: false
20
+ t.datetime :revoked_at
21
+ t.string :scopes
22
+ end
23
+
24
+ add_index :oauth_access_grants, :token, unique: true
25
+
26
+ create_table :oauth_access_tokens do |t|
27
+ t.integer :resource_owner_id
28
+ t.integer :application_id
29
+ t.string :token, null: false
30
+ t.string :refresh_token
31
+ t.integer :expires_in
32
+ t.datetime :revoked_at
33
+ t.datetime :created_at, null: false
34
+ t.string :scopes
35
+ end
36
+
37
+ add_index :oauth_access_tokens, :token, unique: true
38
+ add_index :oauth_access_tokens, :resource_owner_id
39
+ add_index :oauth_access_tokens, :refresh_token, unique: true
40
+ end
41
+ end
@@ -0,0 +1,7 @@
1
+ class AddOwnerToApplication < ActiveRecord::Migration
2
+ def change
3
+ add_column :oauth_applications, :owner_id, :integer, null: true
4
+ add_column :oauth_applications, :owner_type, :string, null: true
5
+ add_index :oauth_applications, [:owner_id, :owner_type]
6
+ end
7
+ end
@@ -0,0 +1,66 @@
1
+ # encoding: UTF-8
2
+ # This file is auto-generated from the current state of the database. Instead
3
+ # of editing this file, please use the migrations feature of Active Record to
4
+ # incrementally modify your database, and then regenerate this schema definition.
5
+ #
6
+ # Note that this schema.rb definition is the authoritative source for your
7
+ # database schema. If you need to create the application database on another
8
+ # system, you should be using db:schema:load, not running all the migrations
9
+ # from scratch. The latter is a flawed and unsustainable approach (the more migrations
10
+ # you'll amass, the slower it'll run and the greater likelihood for issues).
11
+ #
12
+ # It's strongly recommended that you check this file into your version control system.
13
+
14
+ ActiveRecord::Schema.define(version: 20130902175349) do
15
+
16
+ create_table "oauth_access_grants", force: true do |t|
17
+ t.integer "resource_owner_id", null: false
18
+ t.integer "application_id", null: false
19
+ t.string "token", null: false
20
+ t.integer "expires_in", null: false
21
+ t.string "redirect_uri", limit: 2048, null: false
22
+ t.datetime "created_at", null: false
23
+ t.datetime "revoked_at"
24
+ t.string "scopes"
25
+ end
26
+
27
+ add_index "oauth_access_grants", ["token"], name: "index_oauth_access_grants_on_token", unique: true
28
+
29
+ create_table "oauth_access_tokens", force: true do |t|
30
+ t.integer "resource_owner_id"
31
+ t.integer "application_id"
32
+ t.string "token", null: false
33
+ t.string "refresh_token"
34
+ t.integer "expires_in"
35
+ t.datetime "revoked_at"
36
+ t.datetime "created_at", null: false
37
+ t.string "scopes"
38
+ end
39
+
40
+ add_index "oauth_access_tokens", ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
41
+ add_index "oauth_access_tokens", ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
42
+ add_index "oauth_access_tokens", ["token"], name: "index_oauth_access_tokens_on_token", unique: true
43
+
44
+ create_table "oauth_applications", force: true do |t|
45
+ t.string "name", null: false
46
+ t.string "uid", null: false
47
+ t.string "secret", null: false
48
+ t.string "redirect_uri", limit: 2048, null: false
49
+ t.datetime "created_at"
50
+ t.datetime "updated_at"
51
+ t.integer "owner_id"
52
+ t.string "owner_type"
53
+ end
54
+
55
+ add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
56
+ add_index "oauth_applications", ["uid"], name: "index_oauth_applications_on_uid", unique: true
57
+
58
+ create_table "users", force: true do |t|
59
+ t.string "name"
60
+ t.string "password"
61
+ t.string "assertion"
62
+ t.datetime "created_at"
63
+ t.datetime "updated_at"
64
+ end
65
+
66
+ end