exvo-auth 0.12.1 → 0.12.2

data/README.markdown

@@ -0,0 +1,108 @@
+#OAuth2
+
+- Get familiar with OmniAuth by Intridea: http://github.com/intridea/omniauth. Read about OAuth2.
+- Obtain client_id and client_secret for your app from Exvo.
+- Install exvo-auth gem or add it to your Gemfile.
+
+
+##Configure middleware.
+
+In Rails, the relevant lines could look like this:
+
+    ExvoAuth::Config.client_id     = "foo"
+    ExvoAuth::Config.client_secret = "bar"
+    ExvoAuth::Config.debug         = true # dumps all HTTP traffic to STDERR, useful during development.
+    config.middleware.use ExvoAuth::Middleware
+
+
+##Add routes.
+
+The following comes from Rails config/routes.rb file:
+
+    match "/auth/failure"                  => "sessions#failure"
+    match "/auth/interactive/callback"     => "sessions#create"
+    match "/auth/non_interactive/callback" => "sessions#create" # only if you use json-based login
+    match "/sign_out"                      => "sessions#destroy"
+
+Failure url is called whenever there's a failure (d'oh).
+You can have separate callbacks for interactive and non-interactive
+callback routes but you can also route both callbacks to the same controller method
+like shown above.
+
+##Include controller helpers into your application controller.
+
+    include ExvoAuth::Controllers::Rails (or Merb)
+
+##Implement a sessions controller.
+
+Sample implementation (Rails):
+
+    class SessionsController < ApplicationController
+      def create
+        sign_in_and_redirect!
+      end
+
+      def destroy
+        sign_out_and_redirect!
+      end
+
+      def failure
+        render :text => "Sorry!"
+      end
+    end
+
+##Implement #find_or_create_user_by_uid(uid) in your Application Controller.
+
+This method will be called by #current_user. Previously we did this in sessions_controller but since the sharing sessions changes this controller
+will not be used in most cases because the session comes from another app through a shared cookie. This method should find user by uid or create it.
+Additional info (emails, etc) can be obtained using auth api (/users/uid.json path).
+
+In short: you get params[:auth]. Do what you want to do with it: store the data, create session, etc.
+
+
+##Sign up and sign in paths for use in links.
+
+    sign in path:                       "/auth/interactive"
+    sign up path:                       "/auth/interactive?x_sign_up=true" # this is OAuth2 custom param
+    sign in path with a return address: "/auth/interactive?state=url"      # using OAuth2 state param
+
+You have a handy methods available in controllers (and views in Rails): sign_in_path and sign_up_path.
+
+##Read the source, there are few features not mentioned in this README.
+
+
+#Inter-Application Communication
+
+You need to have "App Authorization" created by Exvo first.
+Contact us and provide following details:
+
+- consumer_id - Id of an app that will be a consumer (this is you)
+- provider_id - Id of the provider app
+- scope       - The tag associated with the api you want to use in the provider app
+
+##Consumer side
+
+    consumer = ExvoAuth::Autonomous::Consumer.new(
+      :app_id => "this is client_id of the app you want to connect to"
+    )
+    consumer.get(*args) - interface is exactly the same like in HTTParty. All http methods are available (post, put, delete, head, options).
+
+##Provider side
+
+See #authenticate_app_in_scope!(scope) method in ExvoAuth::Controllers::Rails (or Merb). This method lets you create a before filter.
+Scopes are used by providing app to check if a given consuming app should have access to a given resource inside a scope.
+If scopes are empty, then provider app should not present any resources to consumer.
+
+##Example of the before filter for provider controller:
+
+    before_filter {|c| c.authenticate_app_in_scope!("payments") }
+
+In provider controller which is just a fancy name for API controller you can use #current_app_id method to get the app_id of the app connecting.
+
+
+#Dejavu - replay non-GET requests after authentication redirects
+
+##Limitations:
+
+- doesn't work with file uploads
+- all request params become query params when replayed

data/lib/exvo_auth/controllers/base.rb

@@ -1,6 +1,6 @@
 module ExvoAuth::Controllers::Base
   # A before filter to protect your sensitive actions.
-  def authenticate_user!
+  def authenticate_user!(opts = {})
     if !signed_in?
       store_request!
 
@@ -10,7 +10,7 @@ module ExvoAuth::Controllers::Base
       if callback_value
         redirect_to non_interactive_sign_in_path(callback_key => callback_value)
       else
-        redirect_to sign_up_path # for the first few weekes. after that, change back to: sign_in_path
+        redirect_to opts[:redirect_to] || sign_in_path
       end
     end
   end

data/lib/exvo_auth/version.rb

@@ -1,3 +1,3 @@
 module ExvoAuth
-  VERSION = "0.12.1"
+  VERSION = "0.12.2"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: exvo-auth
 version: !ruby/object:Gem::Version 
-  hash: 45
+  hash: 43
   prerelease: false
   segments: 
   - 0
   - 12
-  - 1
-  version: 0.12.1
+  - 2
+  version: 0.12.2
 platform: ruby
 authors: 
 - Jacek Becela
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-14 00:00:00 +01:00
+date: 2011-09-19 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -142,7 +142,7 @@ extra_rdoc_files: []
 files: 
 - .gitignore
 - Gemfile
-- README
+- README.markdown
 - Rakefile
 - exvo-auth.gemspec
 - lib/exvo-auth.rb

data/README

@@ -1,119 +0,0 @@
-OAuth2
-======
-
--1. Get familiar with OmniAuth by Intridea: http://github.com/intridea/omniauth. Read about OAuth2.
-
-
-0. Obtain client_id and client_secret for your app from Exvo.
-
-
-1. Install exvo-auth gem or add it to your Gemfile.
-
-
-2. Configure middleware.
-
-In Rails, the relevant lines could look like this:
-
-  ExvoAuth::Config.client_id     = "foo"
-  ExvoAuth::Config.client_secret = "bar" 
-  ExvoAuth::Config.debug         = true # dumps all HTTP traffic to STDERR, useful during development.
-  config.middleware.use ExvoAuth::Middleware
-
-    
-3. Add routes.
-
-The following comes from Rails config/routes.rb file:
-
-  match "/auth/failure"                  => "sessions#failure"
-  match "/auth/interactive/callback"     => "sessions#create"
-  match "/auth/non_interactive/callback" => "sessions#create" # only if you use json-based login
-  match "/sign_out"                      => "sessions#destroy"
-
-Failure url is called whenever there's a failure (d'oh).
-You can have separate callbacks for interactive and non-interactive
-callback routes but you can also route both callbacks to the same controller method
-like shown above.
-
-4. Include controller helpers into your application controller.
-
-include ExvoAuth::Controllers::Rails (or Merb)
-
-5. Implement a sessions controller.
-
-Sample implementation (Rails):
-
-class SessionsController < ApplicationController
-  def create
-    sign_in_and_redirect!
-  end
-  
-  def destroy
-    sign_out_and_redirect!
-  end
-  
-  def failure
-    render :text => "Sorry!"
-  end
-end
-
-
-6. Implement #find_or_create_user_by_uid(uid) in your Application Controller.
-
-This method will be called by #current_user. Previously we did this in sessions_controller but since the sharing sessions changes this controller
-will not be used in most cases because the session comes from another app through a shared cookie. This method should find user by uid or create it. 
-Additional info (emails, etc) can be obtained using auth api (/users/uid.json path).
-
-  
-In short: you get params[:auth]. Do what you want to do with it: store the data, create session, etc.
-
-
-7. Sign up and sign in paths for use in links.
-
-sign in path:                       "/auth/interactive"
-sign up path:                       "/auth/interactive?x_sign_up=true" # this is OAuth2 custom param
-sign in path with a return address: "/auth/interactive?state=url"      # using OAuth2 state param
-
-You have a handy methods available in controllers (and views in Rails): sign_in_path and sign_up_path.
-
-
-8. Read the source, there are few features not mentioned in this README.
-
-
-Inter-Application Communication
-===============================
-
-You need to have "App Authorization" created by Exvo first.
-Contact us and provide following details:
-
-  * consumer_id - Id of an app that will be a consumer (this is you)
-  * provider_id - Id of the provider app
-  * scope       - The tag associated with the api you want to use in the provider app
-
-# Consumer side
-
-consumer = ExvoAuth::Autonomous::Consumer.new(
-  :app_id => "this is client_id of the app you want to connect to"
-)
-consumer.get(*args) - interface is exactly the same like in HTTParty. All http methods are available (post, put, delete, head, options).
-
-
-# Provider side
-
-See #authenticate_app_in_scope!(scope) method in ExvoAuth::Controllers::Rails (or Merb). This method lets you create a before filter.
-Scopes are used by providing app to check if a given consuming app should have access to a given resource inside a scope.
-If scopes are empty, then provider app should not present any resources to consumer.
-
-# Example of the before filter for provider controller:
-
-before_filter {|c| c.authenticate_app_in_scope!("payments") }
-
-In provider controller which is just a fancy name for API controller you can use #current_app_id method to get the app_id of the app connecting.
-
-
-Dejavu - replay non-GET requests after authentication redirects
-===============================================================
-
-Limitations: 
-
-* doesn't work with file uploads
-* all request params become query params when replayed