doorkeeper 0.1.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2011 Applicake. http://applicake.com
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,106 @@
+# Doorkeeper - awesome oauth provider for your Rails app.
+
+[![Build Status](https://secure.travis-ci.org/applicake/doorkeeper.png)](http://travis-ci.org/applicake/doorkeeper)
+
+Doorkeeper is a gem that makes it easy to introduce oauth2 provider
+functionality to your application.
+
+So far it supports only Authorization Code
+flow, but we will gradually introduce other flows.
+
+For more information about Oauth2 go to
+[Oauth2 Specs (Draft)](http://tools.ietf.org/html/draft-ietf-oauth-v2-22)
+
+## Installation
+
+Put this in your Gemfile:
+
+    gem 'doorkeeper'
+
+Run the installation generator with:
+
+    rails generate doorkeeper:install
+
+This will generate the doorkeeper initializer and the oauth tables migration. Don't forget to run the migration in your application:
+
+    rake db:migrate
+
+## Configuration
+
+The installation will mount the Doorkeeper routes to your app like this:
+
+    Rails.application.routes.draw do
+      mount Doorkeeper::Engine => "/oauth"
+      # your routes
+    end
+
+This will mount following routes:
+
+    GET       /oauth/authorize
+    POST      /oauth/authorize
+    DELETE    /oauth/authorize
+    POST      /oauth/token
+    resources /oauth/applications
+
+You need to configure Doorkeeper in order to provide resource_owner model and authentication block `initializers/doorkeeper.rb`
+
+    Doorkeeper.configure do
+      resource_owner_authenticator do |routes|
+        current_user || redirect_to('/sign_in', :alert => "Needs sign in.") # returns nil if current_user is not logged in
+      end
+    end
+
+If you use devise, you may want to use warden to authenticate the block:
+
+    resource_owner_authenticator do |routes|
+      current_user || warden.authenticate!(:scope => :user)
+    end
+
+## Protecting resources (a.k.a your API endpoint)
+
+In the controller add the before_filter to authorize the token
+
+    class ProtectedResourcesController < ApplicationController
+      doorkeeper_for :all # For all actions
+      doorkeeper_for :only   => :index # Require token only for index action
+      doorkeeper_for :except => :show  # Require token for all actions except show
+    end
+
+## Creating and using client applications
+
+To start using OAuth 2 as a client first fire up the server with `rails server`, go to `/oauth/applications` and create an application for your client.
+
+Choose a name and a callback url for it. If you use oauth2 gem you can specify your just generated client as:
+
+    require 'oauth2'
+    client_id     = '...' # your client's id
+    client_secret = '...' # your client's secret
+    redirect_uri  = '...' # your client's redirect uri
+    client = OAuth2::Client.new(
+      client_id,
+      client_secret,
+      :site => "http://localhost:3000"
+    )
+
+If you changed the default mount path `/oauth` in your `routes.rb` you need to specify it in the oauth client as `:authorize_url` and `:token_url`. For more information, check the oauth2 gem documentation.
+
+After that you can try to request an authorization code with the oauth2 gem as follow:
+
+    client.auth_code.authorize_url(:redirect_uri => redirect_uri)
+    # => http://localhost:3000/oauth/authorize?response_type=code&client_id=...&redirect_uri=...
+
+If you visit the returned url, you'll see a screen to authorize your app. Click on `authorize` and you'll be redirected to your client redirect url.
+
+Grab the code from the redirect url and request a access token with the following:
+
+    token = client.auth_code.get_token(parms[:code], :redirect_uri => redirect_uri)
+
+You now have an access token to access you protected resources.
+
+## Contributing/Development
+
+Check our [contributing guidelines page in the wiki](https://github.com/applicake/doorkeeper/wiki/Contributing)
+
+## Supported ruby versions
+
+All supported ruby versions are [listed here](https://github.com/applicake/doorkeeper/wiki/Supported-Ruby-versions)

data/Rakefile

@@ -0,0 +1,42 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Doorkeeper'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task :default => :spec
+
+desc "Run all specs"
+RSpec::Core::RakeTask.new(:spec => "app:test:prepare")
+
+namespace :doorkeeper do
+  desc "Install doorkeeper in dummy app"
+  task :install do
+    cd 'spec/dummy'
+    system 'bundle exec rails g doorkeeper:install --force'
+  end
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks

data/app/assets/javascripts/doorkeeper/application.js

@@ -0,0 +1,9 @@
+// This is a manifest file that'll be compiled into including all the files listed below.
+// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
+// be included in the compiled file accessible from http://example.com/assets/application.js
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/app/assets/stylesheets/doorkeeper/application.css

@@ -0,0 +1,7 @@
+/*
+ * This is a manifest file that'll automatically include all the stylesheets available in this directory
+ * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
+ * the top of the compiled file, but it's generally better to create a new file per style scope.
+ *= require_self
+ *= require_tree . 
+*/

data/app/assets/stylesheets/doorkeeper/form.css

@@ -0,0 +1,8 @@
+.error input {
+  color: #B94A48;
+  border-color: #EE5F5B;
+}
+
+.error .help-inline {
+  color: #B94A48;
+}

data/app/controllers/doorkeeper/application_controller.rb

@@ -0,0 +1,27 @@
+module Doorkeeper
+  class ApplicationController < ActionController::Base
+    private
+
+    def authenticate_resource_owner!
+      current_resource_owner
+    end
+
+    def current_resource_owner
+      instance_exec(main_app, &Doorkeeper.authenticate_resource_owner)
+    end
+
+    def authenticate_admin!
+      if block = Doorkeeper.authenticate_admin
+        instance_exec(main_app, &block)
+      end
+    end
+
+    def method_missing(method, *args, &block)
+      if method =~ /_(url|path)$/
+        raise "Your path has not been found. Didn't you mean to call routes.#{method} in doorkeeper configuration blocks?"
+      else
+        super
+      end
+    end
+  end
+end

data/app/controllers/doorkeeper/applications_controller.rb

@@ -0,0 +1,35 @@
+module Doorkeeper
+  class ApplicationsController < ApplicationController
+    respond_to :html
+
+    before_filter :authenticate_admin!
+
+    def index
+      @applications = Application.all
+    end
+
+    def new
+      @application = Application.new
+    end
+
+    def create
+      @application = Application.new(params[:application])
+      flash[:notice] = "Application created" if @application.save
+      respond_with @application
+    end
+
+    def show
+      @application = Application.find(params[:id])
+    end
+
+    def edit
+      @application = Application.find(params[:id])
+    end
+
+    def update
+      @application = Application.find(params[:id])
+      flash[:notice] = "Application updated" if @application.update_attributes(params[:application])
+      respond_with @application
+    end
+  end
+end

data/app/controllers/doorkeeper/authorizations_controller.rb

@@ -0,0 +1,26 @@
+class Doorkeeper::AuthorizationsController < Doorkeeper::ApplicationController
+  before_filter :authenticate_resource_owner!
+
+  def new
+    render :error unless authorization.valid?
+  end
+
+  def create
+    if authorization.authorize
+      redirect_to authorization.success_redirect_uri
+    else
+      render :error
+    end
+  end
+
+  def destroy
+    authorization.deny
+    redirect_to authorization.invalid_redirect_uri
+  end
+
+  private
+
+  def authorization
+    @authorization ||= Doorkeeper::OAuth::AuthorizationRequest.new(current_resource_owner, params)
+  end
+end

data/app/controllers/doorkeeper/tokens_controller.rb

@@ -0,0 +1,15 @@
+class Doorkeeper::TokensController < Doorkeeper::ApplicationController
+  def create
+    if token.authorize
+      render :json => token.authorization
+    else
+      render :json => token.error_response
+    end
+  end
+
+  private
+
+  def token
+    @token ||= Doorkeeper::OAuth::AccessTokenRequest.new(params)
+  end
+end

data/app/helpers/doorkeeper/application_helper.rb

@@ -0,0 +1,4 @@
+module Doorkeeper
+  module ApplicationHelper
+  end
+end

data/app/models/access_grant.rb

@@ -0,0 +1,29 @@
+class AccessGrant < ActiveRecord::Base
+  include Doorkeeper::OAuth::RandomString
+
+  self.table_name = "oauth_access_grants"
+
+  belongs_to :application
+
+  validates :resource_owner_id, :application_id, :token, :expires_in, :redirect_uri, :presence => true
+
+  before_validation :generate_token, :on => :create
+
+  def expired?
+    expires_in.present? && Time.now > expired_time
+  end
+
+  def accessible?
+    !expired?
+  end
+
+  private
+
+  def expired_time
+    self.created_at + expires_in.seconds
+  end
+
+  def generate_token
+    self.token = unique_random_string_for(:token)
+  end
+end

data/app/models/access_token.rb

@@ -0,0 +1,35 @@
+class AccessToken < ActiveRecord::Base
+  include Doorkeeper::OAuth::RandomString
+
+  self.table_name = "oauth_access_tokens"
+
+  belongs_to :application
+
+  scope :accessible, where(:revoked_at => nil)
+
+  validates :application_id, :resource_owner_id, :token, :presence => true
+
+  before_validation :generate_token, :on => :create
+
+  def revoke!
+    update_attribute :revoked_at, DateTime.now
+  end
+
+  def revoked?
+    self.revoked_at.present?
+  end
+
+  def expired?
+    self.expires_at.present? && DateTime.now > self.expires_at
+  end
+
+  def accessible?
+    !expired? && !revoked?
+  end
+
+  private
+
+  def generate_token
+    self.token = unique_random_string_for(:token)
+  end
+end

data/app/models/application.rb

@@ -0,0 +1,20 @@
+class Application < ActiveRecord::Base
+  include Doorkeeper::OAuth::RandomString
+  set_table_name 'oauth_applications'
+
+  has_many :access_grants
+
+  validates :name, :secret, :redirect_uri, :presence => true
+  validates :uid, :presence => true, :uniqueness => true
+
+  before_validation :generate_uid, :generate_secret, :on => :create
+
+  private
+  def generate_uid
+    self.uid = unique_random_string_for(:uid)
+  end
+
+  def generate_secret
+    self.secret = random_string
+  end
+end

data/app/views/doorkeeper/applications/_form.html.erb

@@ -0,0 +1,27 @@
+<%= form_for(application) do |f| %>
+  <fieldset>
+    <% if @application.errors.any? %>
+      <div class="alert-message error" data-alert><a class="close" href="#">×</a><p>Whoops! Check your form for possible errors</p></div>
+    <% end %>
+
+    <div class="clearfix">
+      <%= f.label :name %>
+      <div class="input">
+        <%= f.text_field :name %>
+      </div>
+    </div>
+
+    <div class="clearfix">
+      <%= f.label :redirect_uri %>
+      <div class="input">
+        <%= f.text_field :redirect_uri %>
+      </div>
+    </div class="clearfix">
+
+    <div class="actions">
+      <%= f.submit :Submit, :class => "btn primary" %>
+      <%= link_to "Cancel", applications_path, :class => "btn" %>
+    </div>
+  </fieldset>
+<% end %>
+

data/app/views/doorkeeper/applications/edit.html.erb

@@ -0,0 +1,13 @@
+<div class="span16">
+  <header class="page-header"><h2>Edit application</h2></header>
+</div>
+
+<div class="span10">
+  <%= render 'form', :application => @application %>
+</div>
+
+<div class="span6">
+  <h3>Actions</h3>
+  <p><%= link_to 'Back to application list', applications_path %></p>
+</div>
+

data/app/views/doorkeeper/applications/index.html.erb

@@ -0,0 +1,29 @@
+<div class="span16">
+  <header class="page-header">
+    <h2>Your applications</h2>
+  </header>
+
+  <p><%= link_to 'New Application', new_application_path %></p>
+
+  <table class="zebra-striped">
+    <thead>
+      <tr>
+        <th>Name</th>
+        <th>Callback url</th>
+        <th></th>
+        <th></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% @applications.each do |application| %>
+        <tr>
+          <td><%= link_to application.name, application %></td>
+          <td><%= application.redirect_uri %></td>
+          <td><%= link_to 'Edit', edit_application_path(application) %></td>
+          <td><%= link_to 'Destroy', application, :confirm => 'Are you sure?', :method => :delete %></td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+
+</div>

data/app/views/doorkeeper/applications/new.html.erb

@@ -0,0 +1,13 @@
+<div class="span16">
+  <header class="page-header"><h2>New application</h2></header>
+</div>
+
+<div class="span10">
+  <%= render 'form', :application => @application %>
+</div>
+
+<div class="span6">
+  <h3>Actions</h3>
+  <p><%= link_to 'Back to application list', applications_path %></p>
+</div>
+

data/app/views/doorkeeper/applications/show.html.erb

@@ -0,0 +1,23 @@
+<div class="span16">
+  <header class="page-header">
+    <h1>Application: <%= @application.name %></h1>
+  </header>
+</div>
+
+<div class="span10">
+  <h4>Callback url:</h4>
+  <p><%= @application.redirect_uri %></p>
+
+  <h4>Application Id:</h4>
+  <p><code><%= @application.uid %></code></p>
+
+  <h4>Secret:</h4>
+  <p><code><%= @application.secret %></code></p>
+</div>
+
+<div class="span6">
+  <h3>Actions</h3>
+  <p><%= link_to 'List all', applications_path %></p>
+  <p><%= link_to 'Edit', edit_application_path(@application) %></p>
+  <p><%= link_to 'Remove', @application, :method => :delete, :confirm => "Are you sure?" %></p>
+</div>

data/app/views/doorkeeper/authorizations/error.html.erb

@@ -0,0 +1 @@
+<p>An error has occurred</p>

data/app/views/doorkeeper/authorizations/new.html.erb

@@ -0,0 +1,18 @@
+<div class="span16">
+  <h2>Authorize <%= @authorization.client.name %> to use your account?</h2>
+</div>
+
+<div class="span16">
+  <%= form_tag authorization_path do %>
+    <%= hidden_field_tag :client_id, @authorization.client_id %>
+    <%= hidden_field_tag :redirect_uri, @authorization.redirect_uri %>
+    <%= hidden_field_tag :response_type, @authorization.response_type %>
+    <%= submit_tag "Authorize", :class => "btn primary" %> or
+  <% end %>
+  <%= form_tag authorization_path, :method => :delete do %>
+    <%= hidden_field_tag :client_id, @authorization.client_id %>
+    <%= hidden_field_tag :redirect_uri, @authorization.redirect_uri %>
+    <%= hidden_field_tag :response_type, @authorization.response_type %>
+    <%= button_tag "Deny", :class => "btn" %>
+  <% end %>
+</div>

data/app/views/layouts/doorkeeper/application.html.erb

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Doorkeeper</title>
+  <%= stylesheet_link_tag    "http://twitter.github.com/bootstrap/1.4.0/bootstrap.min.css" %>
+  <%= stylesheet_link_tag    "doorkeeper/application" %>
+  <%= javascript_include_tag "doorkeeper/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+  <section id="main" class="container">
+    <div class="content">
+      <div class="row">
+        <% flash.each do |key, message| %>
+          <div class="span16">
+            <div class="alert-message <%= key %>" data-alert><a class="close" href="#">×</a><p><%= message %></p></div>
+          </div>
+        <% end %>
+
+        <%= yield %>
+      </div>
+    </div>
+  </section>
+</body>
+</html>

data/config/initializers/form_errors.rb

@@ -0,0 +1,14 @@
+ActionView::Base.field_error_proc = Proc.new do |html_tag, instance|
+  if html_tag.match("input")
+    message = (error = instance.error_message).respond_to?(:join) ? error.join(",") : error
+    %(<span class="error">
+        #{html_tag}
+        <span class="help-inline">
+          #{message}
+        </span>
+      </span>
+    ).html_safe
+  else
+    html_tag
+  end
+end

data/config/routes.rb

@@ -0,0 +1,8 @@
+Doorkeeper::Engine.routes.draw do
+  get    'authorize', :to => "authorizations#new",     :as => :authorization
+  post   'authorize', :to => "authorizations#create",  :as => :authorization
+  delete 'authorize', :to => "authorizations#destroy", :as => :authorization
+  post   'token',     :to => "tokens#create",          :as => :token
+
+  resources :applications
+end

data/lib/doorkeeper.rb

@@ -0,0 +1,19 @@
+require "doorkeeper/engine"
+require "doorkeeper/config"
+require "doorkeeper/doorkeeper_for"
+
+module Doorkeeper
+  autoload :Validations, "doorkeeper/validations"
+
+  module OAuth
+    class MismatchRedirectURI < StandardError; end
+
+    autoload :RandomString,         "doorkeeper/oauth/random_string"
+    autoload :AuthorizationRequest, "doorkeeper/oauth/authorization_request"
+    autoload :AccessTokenRequest,   "doorkeeper/oauth/access_token_request"
+  end
+
+  def self.setup
+    yield self
+  end
+end

data/lib/doorkeeper/config.rb

@@ -0,0 +1,42 @@
+module Doorkeeper
+  def self.configure(&block)
+    @@config = Config.new(&block)
+  end
+
+  class Config
+    module ConfigOptions
+      def register_config_option(name, attribute, receives_block = true)
+        define_method name do |*args, &block|
+          if receives_block
+            self.instance_variable_set(:"@#{attribute}", block)
+          else
+            self.instance_variable_set(:"@#{attribute}", args[0])
+          end
+        end
+
+        attr_reader attribute
+        public attribute
+
+        Doorkeeper.class_eval "
+            def self.#{attribute}
+              @@config.#{attribute}
+            end
+          "
+      end
+
+      def extended(base)
+        base.send(:private, :register_method)
+      end
+    end
+
+    extend ConfigOptions
+
+    register_config_option :resource_owner_authenticator, :authenticate_resource_owner
+    register_config_option :admin_authenticator, :authenticate_admin
+
+    def initialize(&block)
+      instance_eval &block
+    end
+  end
+end
+

data/lib/doorkeeper/doorkeeper_for.rb

@@ -0,0 +1,42 @@
+module Doorkeeper
+  module Controller
+    module ClassMethods
+      def doorkeeper_for(options)
+        raise "You have to specify some option for doorkeeper_for method" unless options.present?
+        options = nil if options == :all
+        if options
+          before_filter :doorkeeper_before_filter, options
+        else
+          before_filter :doorkeeper_before_filter
+        end
+      end
+    end
+
+    def self.included(base)
+      base.extend ClassMethods
+      base.send(:private, :doorkeeper_before_filter, :doorkeeper_token, :doorkeeper_valid_token, :get_doorkeeper_token)
+    end
+
+    def doorkeeper_before_filter
+      head :unauthorized unless doorkeeper_valid_token
+    end
+
+    def doorkeeper_valid_token
+      doorkeeper_token and doorkeeper_token.accessible?
+    end
+
+    def doorkeeper_token
+      @token ||= get_doorkeeper_token
+    end
+
+    def get_doorkeeper_token
+      token = params[:access_token] || params[:bearer_token] || request.env['HTTP_AUTHORIZATION']
+      if token
+        token.gsub!(/Bearer /, '')
+      end
+      AccessToken.find_by_token(token)
+    end
+  end
+end
+
+ActionController::Base.send(:include, Doorkeeper::Controller)

data/lib/doorkeeper/engine.rb

@@ -0,0 +1,9 @@
+module Doorkeeper
+  class Engine < Rails::Engine
+    isolate_namespace Doorkeeper
+
+    config.generators do |g|
+      g.test_framework :rspec, :view_specs => false
+    end
+  end
+end

data/lib/doorkeeper/oauth/access_token_request.rb

@@ -0,0 +1,84 @@
+module Doorkeeper::OAuth
+  class AccessTokenRequest
+    include Doorkeeper::Validations
+
+    ATTRIBUTES = [
+      :client_id,
+      :client_secret,
+      :grant_type,
+      :code,
+      :redirect_uri,
+    ]
+
+    validate :attributes, :error => :invalid_request
+    validate :client,     :error => :invalid_client
+    validate :grant,      :error => :invalid_grant
+    validate :grant_type, :error => :unsupported_grant_type
+
+    attr_accessor *ATTRIBUTES
+
+    def initialize(attributes = {})
+      ATTRIBUTES.each { |attr| instance_variable_set("@#{attr}", attributes[attr]) }
+      validate
+    end
+
+    def authorize
+      create_access_token if valid?
+    end
+
+    def authorization
+      { 'access_token' => access_token,
+        'token_type'   => token_type
+      }
+    end
+
+    def valid?
+      self.error.nil?
+    end
+
+    def access_token
+      @access_token.token
+    end
+
+    def token_type
+      "bearer"
+    end
+
+    def error_response
+      { 'error' => error.to_s }
+    end
+
+    private
+
+    def grant
+      @grant ||= AccessGrant.find_by_token(@code)
+    end
+
+    def client
+      @client ||= Application.find_by_uid_and_secret(@client_id, @client_secret)
+    end
+
+    def create_access_token
+      @access_token = AccessToken.create!({
+        :application_id    => client.uid,
+        :resource_owner_id => grant.resource_owner_id,
+      })
+    end
+
+    def validate_attributes
+      code.present? && grant_type.present? && redirect_uri.present?
+    end
+
+    def validate_client
+      !!client
+    end
+
+    def validate_grant
+      grant && grant.accessible? && grant.application_id == client.id && grant.redirect_uri == redirect_uri
+    end
+
+    def validate_grant_type
+      grant_type == "authorization_code"
+    end
+  end
+end

data/lib/doorkeeper/oauth/authorization_request.rb

@@ -0,0 +1,95 @@
+module Doorkeeper::OAuth
+  class AuthorizationRequest
+    include Doorkeeper::Validations
+
+    DEFAULT_EXPIRATION_TIME = 600
+
+    ATTRIBUTES = [
+      :response_type,
+      :client_id,
+      :redirect_uri,
+      :scope,
+      :state
+    ]
+
+    validate :attributes,    :error => :invalid_request
+    validate :client,        :error => :invalid_client
+    validate :redirect_uri,  :error => :invalid_redirect_uri
+    validate :response_type, :error => :unsupported_response_type
+
+    attr_accessor *ATTRIBUTES
+    attr_accessor :resource_owner, :error
+
+    def initialize(resource_owner, attributes)
+      ATTRIBUTES.each { |attr| instance_variable_set("@#{attr}", attributes[attr]) }
+      @resource_owner = resource_owner
+      @grant          = nil
+      validate
+    end
+
+    def authorize
+      create_authorization if valid?
+    end
+
+    def deny
+      self.error = :access_denied
+    end
+
+    def success_redirect_uri
+      build_uri do |uri|
+        query = "code=#{token}"
+        query << "&state=#{state}" if has_state?
+        uri.query = query
+      end
+    end
+
+    def invalid_redirect_uri
+      build_uri { |uri| uri.query = "error=#{error}" }
+    end
+
+    def client
+      @client ||= Application.find_by_uid(client_id)
+    end
+
+    private
+
+    def create_authorization
+      @grant = AccessGrant.create!(
+        :application_id    => client.id,
+        :resource_owner_id => resource_owner.id,
+        :expires_in        => DEFAULT_EXPIRATION_TIME,
+        :redirect_uri      => redirect_uri
+      )
+    end
+
+    def has_state?
+      state.present?
+    end
+
+    def token
+      @grant.token
+    end
+
+    def build_uri
+      uri = URI.parse(client.redirect_uri)
+      yield uri
+      uri.to_s
+    end
+
+    def validate_attributes
+      %w(response_type client_id redirect_uri).all? { |attr| send(attr).present? }
+    end
+
+    def validate_client
+      !!client
+    end
+
+    def validate_redirect_uri
+      client.redirect_uri == redirect_uri
+    end
+
+    def validate_response_type
+      response_type == "code"
+    end
+  end
+end

data/lib/doorkeeper/oauth/random_string.rb

@@ -0,0 +1,15 @@
+module Doorkeeper::OAuth
+  module RandomString
+    def random_string
+      SecureRandom.hex(32)
+    end
+
+    def unique_random_string_for(attribute)
+      loop do
+        token = random_string
+        break token unless self.class.send("find_by_#{attribute}", token)
+      end
+    end
+  end
+end
+

data/lib/doorkeeper/validations.rb

@@ -0,0 +1,29 @@
+module Doorkeeper
+  module Validations
+    extend ActiveSupport::Concern
+
+    attr_accessor :error
+
+    def validate
+      @error = nil
+      self.class.validations.each do |validation|
+        break if @error
+        @error = validation.last unless send("validate_#{validation.first}")
+      end
+    end
+
+    def valid?
+      @error.nil?
+    end
+
+    module ClassMethods
+      def validate(attribute, options = {})
+        validations << [attribute, options[:error]]
+      end
+
+      def validations
+        @validations ||= []
+      end
+    end
+  end
+end

data/lib/doorkeeper/version.rb

@@ -0,0 +1,3 @@
+module Doorkeeper
+  VERSION = "0.1.0"
+end

data/lib/generators/doorkeeper/install_generator.rb

@@ -0,0 +1,17 @@
+require 'rails/generators/active_record'
+
+class Doorkeeper::InstallGenerator < Rails::Generators::Base
+  include Rails::Generators::Migration
+  source_root File.expand_path('../templates', __FILE__)
+
+  def install
+    migration_template 'migration.rb', 'db/migrate/create_doorkeeper_tables.rb'
+    template "initializer.rb", "config/initializers/doorkeeper.rb"
+    route "mount Doorkeeper::Engine => '/oauth'"
+    readme "README"
+  end
+
+  def self.next_migration_number(dirname)
+    ActiveRecord::Generators::Base.next_migration_number(dirname)
+  end
+end

data/lib/generators/doorkeeper/templates/README

@@ -0,0 +1,13 @@
+===============================================================================
+
+There is a setup that you need to do before you can use doorkeeper.
+
+Step 1.
+Go to config/initializers/doorkeeper.rb and configure
+resource_owner_authenticator block.
+
+Step 2.
+That's it, that's all. Enjoy!
+
+===============================================================================
+

data/lib/generators/doorkeeper/templates/initializer.rb

@@ -0,0 +1,23 @@
+Doorkeeper.configure do
+  # This block will be called to check whether the
+  # resource owner is authenticated or not
+  resource_owner_authenticator do |routes|
+    raise "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
+    # Put your resource owner authentication logic here.
+    # If you want to use named routes from your app you need
+    # to call them on routes object eg.
+    # routes.new_user_session_path
+    # e.g. User.find_by_id(session[:user_id]) || redirect_to routes.new_user_seesion_path
+  end
+
+  # If you want to restrict the access to the web interface for
+  # adding oauth authorized applications you need to declare the
+  # block below
+  # admin_authenticator do |routes|
+  #   # Put your admin authentication logic here.
+  #   # If you want to use named routes from your app you need
+  #   # to call them on routes object eg.
+  #   # routes.new_admin_session_path
+  #   Admin.find_by_id(session[:admin_id]) || redirect_to routes.new_admin_session_path
+  # end
+end

data/lib/generators/doorkeeper/templates/migration.rb

@@ -0,0 +1,29 @@
+class CreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications do |t|
+      t.string :name,         :null => false
+      t.string :uid,          :null => false
+      t.string :secret,       :null => false
+      t.string :redirect_uri, :null => false
+      t.timestamps
+    end
+
+    create_table :oauth_access_grants do |t|
+      t.integer  :resource_owner_id, :null => false
+      t.integer  :application_id,    :null => false
+      t.string   :token,             :null => false
+      t.integer  :expires_in,        :null => false
+      t.string   :redirect_uri,      :null => false
+      t.datetime :created_at,        :null => false
+    end
+
+    create_table :oauth_access_tokens do |t|
+      t.integer  :resource_owner_id, :null => false
+      t.integer  :application_id,    :null => false
+      t.string   :token,             :null => false
+      t.datetime :expires_at
+      t.datetime :revoked_at
+      t.datetime :created_at,        :null => false
+    end
+  end
+end

data/lib/tasks/doorkeeper_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :doorkeeper do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,162 @@
+--- !ruby/object:Gem::Specification
+name: doorkeeper
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Felipe Elias Philipp
+- Piotr Jakubowski
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-11-28 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: &70336834072240 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: *70336834072240
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: &70336834071600 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70336834071600
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: &70336834070820 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70336834070820
+- !ruby/object:Gem::Dependency
+  name: capybara
+  requirement: &70336834070040 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70336834070040
+- !ruby/object:Gem::Dependency
+  name: generator_spec
+  requirement: &70336834069340 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70336834069340
+- !ruby/object:Gem::Dependency
+  name: factory_girl_rails
+  requirement: &70336834068500 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70336834068500
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: &70336834068020 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70336834068020
+description: Doorkeeper is an OAuth 2 provider for Rails.
+email:
+- felipe@applicake.com
+- piotr.jakubowski@applicake.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- app/assets/javascripts/doorkeeper/application.js
+- app/assets/stylesheets/doorkeeper/application.css
+- app/assets/stylesheets/doorkeeper/form.css
+- app/controllers/doorkeeper/application_controller.rb
+- app/controllers/doorkeeper/applications_controller.rb
+- app/controllers/doorkeeper/authorizations_controller.rb
+- app/controllers/doorkeeper/tokens_controller.rb
+- app/helpers/doorkeeper/application_helper.rb
+- app/models/access_grant.rb
+- app/models/access_token.rb
+- app/models/application.rb
+- app/views/doorkeeper/applications/_form.html.erb
+- app/views/doorkeeper/applications/edit.html.erb
+- app/views/doorkeeper/applications/index.html.erb
+- app/views/doorkeeper/applications/new.html.erb
+- app/views/doorkeeper/applications/show.html.erb
+- app/views/doorkeeper/authorizations/error.html.erb
+- app/views/doorkeeper/authorizations/new.html.erb
+- app/views/layouts/doorkeeper/application.html.erb
+- config/initializers/form_errors.rb
+- config/routes.rb
+- lib/doorkeeper/config.rb
+- lib/doorkeeper/doorkeeper_for.rb
+- lib/doorkeeper/engine.rb
+- lib/doorkeeper/oauth/access_token_request.rb
+- lib/doorkeeper/oauth/authorization_request.rb
+- lib/doorkeeper/oauth/random_string.rb
+- lib/doorkeeper/validations.rb
+- lib/doorkeeper/version.rb
+- lib/doorkeeper.rb
+- lib/generators/doorkeeper/install_generator.rb
+- lib/generators/doorkeeper/templates/initializer.rb
+- lib/generators/doorkeeper/templates/migration.rb
+- lib/generators/doorkeeper/templates/README
+- lib/tasks/doorkeeper_tasks.rake
+- MIT-LICENSE
+- Rakefile
+- README.md
+homepage: https://github.com/applicake/doorkeeper
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Doorkeeper is an OAuth 2 provider for Rails.
+test_files: []