RubyGems - doorkeeper-openid_connect - Versions diffs - 1.0.0 - Mend

doorkeeper-openid_connect 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

checksums.yaml +7 -0
data/.gitignore +18 -0
data/.ruby-version +1 -0
data/Gemfile +10 -0
data/LICENSE.txt +22 -0
data/README.md +90 -0
data/Rakefile +7 -0
data/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb +19 -0
data/config/locales/en.yml +20 -0
data/doorkeeper-openid_connect.gemspec +27 -0
data/lib/doorkeeper/openid_connect.rb +65 -0
data/lib/doorkeeper/openid_connect/claims_builder.rb +24 -0
data/lib/doorkeeper/openid_connect/config.rb +125 -0
data/lib/doorkeeper/openid_connect/engine.rb +9 -0
data/lib/doorkeeper/openid_connect/models/claims/aggregated_claim.rb +11 -0
data/lib/doorkeeper/openid_connect/models/claims/claim.rb +15 -0
data/lib/doorkeeper/openid_connect/models/claims/distributed_claim.rb +11 -0
data/lib/doorkeeper/openid_connect/models/claims/normal_claim.rb +28 -0
data/lib/doorkeeper/openid_connect/models/id_token.rb +63 -0
data/lib/doorkeeper/openid_connect/models/user_info.rb +39 -0
data/lib/doorkeeper/openid_connect/rails/routes.rb +50 -0
data/lib/doorkeeper/openid_connect/rails/routes/mapper.rb +30 -0
data/lib/doorkeeper/openid_connect/rails/routes/mapping.rb +34 -0
data/lib/doorkeeper/openid_connect/version.rb +5 -0
data/spec/dummy/Rakefile +7 -0
data/spec/dummy/app/controllers/application_controller.rb +3 -0
data/spec/dummy/app/controllers/custom_authorizations_controller.rb +7 -0
data/spec/dummy/app/controllers/full_protected_resources_controller.rb +12 -0
data/spec/dummy/app/controllers/home_controller.rb +17 -0
data/spec/dummy/app/controllers/metal_controller.rb +11 -0
data/spec/dummy/app/controllers/semi_protected_resources_controller.rb +11 -0
data/spec/dummy/app/helpers/application_helper.rb +5 -0
data/spec/dummy/app/models/user.rb +31 -0
data/spec/dummy/app/views/home/index.html.erb +0 -0
data/spec/dummy/app/views/layouts/application.html.erb +14 -0
data/spec/dummy/config.ru +4 -0
data/spec/dummy/config/application.rb +55 -0
data/spec/dummy/config/boot.rb +6 -0
data/spec/dummy/config/database.yml +15 -0
data/spec/dummy/config/environment.rb +5 -0
data/spec/dummy/config/environments/development.rb +29 -0
data/spec/dummy/config/environments/production.rb +62 -0
data/spec/dummy/config/environments/test.rb +56 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/spec/dummy/config/initializers/doorkeeper.rb +59 -0
data/spec/dummy/config/initializers/secret_token.rb +9 -0
data/spec/dummy/config/initializers/session_store.rb +8 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
data/spec/dummy/config/locales/doorkeeper.en.yml +5 -0
data/spec/dummy/config/mongo.yml +11 -0
data/spec/dummy/config/mongoid2.yml +9 -0
data/spec/dummy/config/mongoid3.yml +18 -0
data/spec/dummy/config/mongoid4.yml +19 -0
data/spec/dummy/config/routes.rb +52 -0
data/spec/dummy/db/migrate/20111122132257_create_users.rb +9 -0
data/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb +5 -0
data/spec/dummy/db/migrate/20130902165751_create_doorkeeper_tables.rb +41 -0
data/spec/dummy/db/migrate/20130902175349_add_owner_to_application.rb +7 -0
data/spec/dummy/db/schema.rb +65 -0
data/spec/dummy/log/test.log +16605 -0
data/spec/dummy/public/404.html +26 -0
data/spec/dummy/public/422.html +26 -0
data/spec/dummy/public/500.html +26 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/dummy/script/rails +6 -0
data/spec/lib/doorkeeper/openid_connect/config_spec.rb +65 -0
data/spec/spec_helper.rb +2 -0
data/spec/spec_helper_integration.rb +48 -0
metadata +239 -0

data/lib/doorkeeper/openid_connect/engine.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module Doorkeeper
+  module OpenidConnect
+    class Engine < ::Rails::Engine
+      initializer 'doorkeeper.openid_connect.routes' do
+        Doorkeeper::OpenidConnect::Rails::Routes.install!
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/models/claims/aggregated_claim.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Doorkeeper
+  module OpenidConnect
+    module Models
+      module Claims
+        class AggregatedClaim < Claim
+          attr_accessor :jwt
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/models/claims/claim.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Doorkeeper
+  module OpenidConnect
+    module Models
+      module Claims
+        class Claim
+          attr_accessor :name
+          def initialize(options = {})
+            @name = options[:name]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/models/claims/distributed_claim.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Doorkeeper
+  module OpenidConnect
+    module Models
+      module Claims
+        class DistributedClaim < Claim
+          attr_accessor :endpoint, :access_token
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/models/claims/normal_claim.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Doorkeeper
+  module OpenidConnect
+    module Models
+      module Claims
+        class NormalClaim < Claim
+          attr_reader :value
+          def initialize(options = {})
+            super(options)
+            @value = options[:value]
+          end
+          def type
+            :normal
+          end
+          def method_missing(method_sym, *arguments, &block)
+            @value
+          end
+          def response_to?(method_sym, *arguments, &block)
+            method_sym.to_s == @name
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/models/id_token.rb ADDED Viewed

@@ -0,0 +1,63 @@
+require 'sandal'
+module Doorkeeper
+  module OpenidConnect
+    module Models
+      class IdToken
+        include ActiveModel::Validations
+        def initialize(access_token)
+          @access_token = access_token
+          @resource_owner = access_token.instance_eval(&Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token)
+          @issued_at = Time.now
+          @signer = Sandal::Sig::RS256.new(Doorkeeper::OpenidConnect.configuration.jws_private_key)
+          @public_key = Doorkeeper::OpenidConnect.configuration.jws_public_key
+        end
+        def claims
+          {
+            iss: issuer,
+            sub: subject,
+            aud: audience,
+            exp: expiration,
+            iat: issued_at
+          }
+        end
+        def as_json(options = {})
+          claims
+        end
+        # TODO make signature strategy configurable with keys?
+        # TODO move this out of the model
+        def as_jws_token
+          Sandal.encode_token(claims, @signer, {
+            kid: @public_key
+          })
+        end
+        private
+        def issuer
+          Doorkeeper::OpenidConnect.configuration.issuer
+        end
+        def subject
+          @resource_owner.instance_eval(&Doorkeeper::OpenidConnect.configuration.subject).to_s
+        end
+        def audience
+          @access_token.application.uid
+        end
+        def expiration
+          (@issued_at.utc + Doorkeeper::OpenidConnect.configuration.expiration).to_i
+        end
+        def issued_at
+          @issued_at.utc.to_i
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/models/user_info.rb ADDED Viewed

@@ -0,0 +1,39 @@
+module Doorkeeper
+  module OpenidConnect
+    module Models
+      class UserInfo
+        include ActiveModel::Validations
+        def initialize(resource_owner)
+          @resource_owner = resource_owner
+        end
+        def claims
+          base_claims.merge resource_owner_claims
+        end
+        def as_json(options = {})
+          claims
+        end
+        private
+        def base_claims
+          {
+            sub: subject
+          }
+        end
+        def resource_owner_claims
+          Doorkeeper::OpenidConnect.configuration.claims.to_h.map do |claim_name, claim_value|
+            [claim_name, @resource_owner.instance_eval(&claim_value)]
+          end.to_h
+        end
+        def subject
+          @resource_owner.instance_eval(&Doorkeeper::OpenidConnect.configuration.subject).to_s
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/rails/routes.rb ADDED Viewed

@@ -0,0 +1,50 @@
+require 'doorkeeper/openid_connect/rails/routes/mapping'
+require 'doorkeeper/openid_connect/rails/routes/mapper'
+module Doorkeeper
+  module OpenidConnect
+    module Rails
+      class Routes
+        module Helper
+          def use_doorkeeper_openid_connect(options = {}, &block)
+            Doorkeeper::OpenidConnect::Rails::Routes.new(self, &block).generate_routes!(options)
+          end
+        end
+        def self.install!
+          ActionDispatch::Routing::Mapper.send :include, Doorkeeper::OpenidConnect::Rails::Routes::Helper
+        end
+        attr_accessor :routes
+        def initialize(routes, &block)
+          @routes, @block = routes, block
+        end
+        def generate_routes!(options)
+          @mapping = Mapper.new.map(&@block)
+          routes.scope options[:scope] || 'oauth', as: 'oauth' do
+            map_route(:userinfo, :userinfo_routes)
+          end
+        end
+        private
+        def map_route(name, method)
+          unless @mapping.skipped?(name)
+            send method, @mapping[name]
+          end
+        end
+        def userinfo_routes(mapping)
+          routes.resource(
+            :userinfo,
+            path: 'userinfo',
+            only: [:show], as: mapping[:as],
+            controller: mapping[:controllers]
+          )
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/rails/routes/mapper.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Doorkeeper
+  module OpenidConnect
+    module Rails
+      class Routes
+        class Mapper
+          def initialize(mapping = Mapping.new)
+            @mapping = mapping
+          end
+          def map(&block)
+            self.instance_eval(&block) if block
+            @mapping
+          end
+          def controllers(controller_names = {})
+            @mapping.controllers.merge!(controller_names)
+          end
+          def skip_controllers(*controller_names)
+            @mapping.skips = controller_names
+          end
+          def as(alias_names = {})
+            @mapping.as.merge!(alias_names)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/rails/routes/mapping.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module Doorkeeper
+  module OpenidConnect
+    module Rails
+      class Routes
+        class Mapping
+          attr_accessor :controllers, :as, :skips
+          def initialize
+            @controllers = {
+              userinfo: 'doorkeeper/openid_connect/userinfo'
+            }
+            @as = {
+              userinfo: :userinfo
+            }
+            @skips = []
+          end
+          def [](routes)
+            {
+              controllers: @controllers[routes],
+              as: @as[routes]
+            }
+          end
+          def skipped?(controller)
+            @skips.include?(controller)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/doorkeeper/openid_connect/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Doorkeeper
+  module OpenidConnect
+    VERSION = '1.0.0'
+  end
+end

data/spec/dummy/Rakefile ADDED Viewed

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+require File.expand_path('../config/application', __FILE__)
+Dummy::Application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/dummy/app/controllers/custom_authorizations_controller.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class CustomAuthorizationsController < ::ApplicationController
+  %w(index show new create edit update destroy).each do |action|
+    define_method action do
+      render nothing: true
+    end
+  end
+end

data/spec/dummy/app/controllers/full_protected_resources_controller.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class FullProtectedResourcesController < ApplicationController
+  # doorkeeper_for :index
+  # doorkeeper_for :show, scopes: [:admin]
+  def index
+    render text: 'index'
+  end
+  def show
+    render text: 'show'
+  end
+end

data/spec/dummy/app/controllers/home_controller.rb ADDED Viewed

@@ -0,0 +1,17 @@
+class HomeController < ApplicationController
+  def index
+  end
+  def sign_in
+    session[:user_id] = if Rails.env.development?
+                          User.first || User.create!(name: 'Joe', password: 'sekret')
+                        else
+                          User.first
+                        end
+    redirect_to '/'
+  end
+  def callback
+    render text: 'ok'
+  end
+end

data/spec/dummy/app/controllers/metal_controller.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class MetalController < ActionController::Metal
+  include AbstractController::Callbacks
+  include ActionController::Head
+  # include Doorkeeper::Helpers::Filter
+  # doorkeeper_for :all
+  def index
+    self.response_body = { ok: true }.to_json
+  end
+end

data/spec/dummy/app/controllers/semi_protected_resources_controller.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class SemiProtectedResourcesController < ApplicationController
+  # doorkeeper_for :index
+  def index
+    render text: 'protected index'
+  end
+  def show
+    render text: 'protected show'
+  end
+end

data/spec/dummy/app/helpers/application_helper.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module ApplicationHelper
+  def current_user
+    @current_user ||= User.find_by_id(session[:user_id])
+  end
+end

data/spec/dummy/app/models/user.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# case DOORKEEPER_ORM
+# when :active_record
+#   class User < ActiveRecord::Base
+#   end
+# when :mongoid2, :mongoid3, :mongoid4
+#   class User
+#     include Mongoid::Document
+#     include Mongoid::Timestamps
+#
+#     field :name, type: String
+#     field :password, type: String
+#   end
+# when :mongo_mapper
+#   class User
+#     include MongoMapper::Document
+#     timestamps!
+#
+#     key :name,     String
+#     key :password, String
+#   end
+# end
+#
+# class User
+#   if ::Rails.version.to_i < 4
+#     attr_accessible :name, :password
+#   end
+#
+#   def self.authenticate!(name, password)
+#     User.where(name: name, password: password).first
+#   end
+# end

data/spec/dummy/app/views/home/index.html.erb ADDED Viewed

File without changes

data/spec/dummy/app/views/layouts/application.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+<%= link_to "Sign in", '/sign_in' %>
+<%= yield %>
+</body>
+</html>