exvo_auth 0.15.0

data/.gitignore

@@ -0,0 +1,7 @@
+*.gem
+.bundle
+.rvmrc
+Gemfile.lock
+coverage/*
+pkg/*
+log/*

data/Gemfile

@@ -0,0 +1,4 @@
+source :gemcutter
+
+# Specify your gem's dependencies in exvo_auth.gemspec
+gemspec

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright © 2011-2012 Exvo.com Development BV
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,245 @@
+# exvo_auth
+
+This gem supplements the [omniauth-exvo](https://github.com/Exvo/omniauth-exvo/) gem. Together they implement the oauth2 protocol for handling users and applications authentication at Exvo.
+
+This gem depends on the [exvo_helpers](https://github.com/Exvo/exvo_helpers) gem for all of its configuration.
+
+
+Note, that this gem was previously named "exvo-auth".
+
+
+
+## Requirements
+
+* Runs on Ruby 1.8.7 & 1.9.2 (preferred version)
+* Rails 3.0+ (works with Rails 3.1) or Merb
+
+
+
+## Installation
+
+Add it to Gemfile:
+
+```ruby
+gem "exvo_auth"
+```
+
+Run bundle:
+
+```bash
+$ bundle
+```
+
+The preferred way to configure this gem is via the ENV variables:
+
+```ruby
+ENV['AUTH_CLIENT_ID']     = "foo"
+ENV['AUTH_CLIENT_SECRET'] = "bar"
+ENV['AUTH_DEBUG']         = "true"          # [OPTIONAL] dumps all HTTP traffic to STDERR, useful during development; it *has to be a string, not a boolean*
+ENV['AUTH_REQUIRE_SSL']   = "false"         # [OPTIONAL] disable SSL, useful in development (note that all apps API urls must be http, not https); it *has to be a string, not a boolean*
+ENV['AUTH_HOST']          = "test.exvo.com" # [OPTIONAL] override the default auth host
+```
+
+But you can also set things directly in the `config/application.rb` file (before the middleware declaration):
+
+```ruby
+Exvo::Helpers.auth_client_id     = "foo"
+Exvo::Helpers.auth_client_secret = "bar"
+Exvo::Helpers.auth_debug         = true            # boolean
+Exvo::Helpers.auth_require_ssl   = false           # boolean
+Exvo::Helpers.auth_host          = "test.exvo.com"
+```
+
+Add this line to `config/application.rb`:
+
+```ruby
+config.middleware.use ExvoAuth::Middleware
+```
+
+Add routes (Rails example):
+
+```ruby
+match "/auth/exvo/callback" => "sessions#create"
+match "/auth/failure"       => "sessions#failure"
+match "/sign_out"           => "sessions#destroy"
+```
+
+Include controller helpers in your `ApplicationController.rb`:
+
+```ruby
+include ExvoAuth::Controllers::Rails # (or Merb)
+```
+
+Implement a sessions controller (Rails example):
+
+```ruby
+class SessionsController < ApplicationController
+  def create
+    sign_in_and_redirect!
+  end
+
+  def destroy
+    sign_out_and_redirect!
+  end
+
+  def failure
+    render :text => "Sorry!"
+  end
+end
+```
+
+It's good to have your `SessionsController`'s `#create` action a little more extended, so that each time the user logs in into the app, his user data (like email, nickname, etc.) is updated from the auth app (i.e. from his profile):
+
+```ruby
+def create
+  auth_hash = request.env["omniauth.auth"]
+  user = User.find_or_create_by_uid(auth_hash["uid"])
+
+  if user && user.update_from_auth_hash(auth_hash)
+    sign_in_and_redirect!
+  else
+    fail "Could not update user"
+  end
+end
+```
+
+and your `#update_from_auth_hash` method at `User` model might look like this:
+
+```ruby
+def update_from_auth_hash(auth_hash)
+  update_attributes({
+    :nickname => auth_hash["info"]["nickname"],
+    :email => auth_hash["info"]["email"],
+    :plan => auth_hash["extra"]["raw_info"]["plan"],
+    :language => auth_hash["extra"]["raw_info"]["language"]
+  })
+end
+```
+
+Note, that you don't have to update all user attributes. You can update only ones you want.
+
+
+This is what you get (and what you can use/save for the local user) from auth (example data as of 2012-01):
+
+```ruby
+request.env["omniauth.auth"].to_hash.inspect
+
+  {
+    "provider" => "exvo",
+    "uid" => 1,
+
+    "credentials" => {
+      "token" => "a2d09701559b9f26a8284d6f94670477d882ad6d9f3d92ce9917262a6b54085fa3fb99e111340459",
+      "expires" => false
+    },
+
+    "info" => {
+      "nickname" => "Pawel",
+      "email" => "pawel@exvo.com",
+      "name" => "Pawel"
+    },
+
+    "extra" => {
+      "raw_info" => {
+        "id" => 1,
+        "nickname" => "Pawel",
+        "country_code" => nil,
+        "plan" => "basic",
+        "language" => "en",
+        "email" => "pawel@exvo.com",
+        "referring_user_id" => nil
+      }
+    }
+  }
+```
+
+
+Implement `#find_or_create_user_by_uid(uid)` in your `ApplicationController`:
+
+This method will be called by `#current_user`. Previously we did this in `sessions_controller` but since the sharing sessions changes this controller will not be used in most cases because the session comes from another app through a shared cookie. This method should find user by uid or create it.
+
+Exemplary implementation (Rails):
+
+```ruby
+def find_or_create_user_by_uid(uid)
+  User.find_or_create_by_uid(uid)
+end
+```
+
+It's best to leave this method as it is (without updating any user data inside this method, better to do this in the SessionsController#create action). Updating user in this method might lead to some very hard to debug cyclic executions possibly leading to stack-level too deep errors and/or general slowness, so please proceed with extreme caution.
+
+
+## Sign up and sign in paths for use in links
+
+```ruby
+sign in path:                       "/auth/exvo"
+sign up path:                       "/auth/exvo?x_sign_up=true" # this is OAuth2 custom param
+sign in path with a return address: "/auth/exvo?state=url"      # using OAuth2 state param
+```
+
+You have a handy methods available in controllers (and views in Rails): `sign_in_path` and `sign_up_path`.
+
+
+## Require authentication in your controllers
+
+In `ApplicationController` (for all controllers) or in some controller just add:
+
+```ruby
+before_filter :authenticate_user!
+```
+
+## Fetching user information
+
+All info about any particular user can be obtained using auth api (`/users/uid.json` path).
+
+
+
+## Inter-Application Communication
+
+You need to have "App Authorization" created by Exvo first.
+
+Contact us and provide following details:
+
+* `consumer_id` - Id of an app that will be a consumer (this is you)
+* `provider_id` - Id of the provider app
+* `scope`       - The tag associated with the api you want to use in the provider app
+
+
+### Consumer side
+
+```ruby
+consumer = ExvoAuth::Autonomous::Consumer.new(
+  :app_id => "this is client_id of the app you want to connect to"
+)
+consumer.get(*args) # interface is exactly the same like in HTTParty. All http methods are available (post, put, delete, head, options).
+```
+
+
+### Provider side
+
+See `#authenticate_app_in_scope!(scope)` method in `ExvoAuth::Controllers::Rails` (or Merb). This method lets you create a before filter.
+Scopes are used by providing app to check if a given consuming app should have access to a given resource inside a scope.
+If scopes are empty, then provider app should not present any resources to consumer.
+
+
+Example of the before filter for provider controller:
+
+```ruby
+before_filter { |c| c.authenticate_app_in_scope!("payments") }
+```
+
+In the provider controller, which is just a fancy name for API controller, you can use `#current_app_id` method to get the `app_id` of the app connecting.
+
+
+## Dejavu
+
+Replay non-GET requests after authentication redirects.
+
+Limitations:
+
+* doesn't work with file uploads
+* all request params become query params when replayed
+
+
+
+Copyright © 2011-2012 Exvo.com Development BV, released under the MIT license

data/Rakefile

@@ -0,0 +1,11 @@
+require 'bundler'
+require 'rake/testtask'
+
+Bundler::GemHelper.install_tasks
+
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+task :default => :test

data/exvo_auth.gemspec

@@ -0,0 +1,33 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "exvo_auth/version"
+
+Gem::Specification.new do |gem|
+  gem.name        = "exvo_auth"
+  gem.version     = ExvoAuth::VERSION
+  gem.authors     = ["Jacek Becela", "Paweł Gościcki"]
+  gem.email       = ["jacek.becela@gmail.com", "pawel.goscicki@gmail.com"]
+  gem.homepage    = "https://github.com/Exvo/exvo_auth"
+  gem.summary     = "User and App authentication for Exvo"
+  gem.description = "Collection of users and applications authentication methods for use when you want your users or applications authorize using the Exvo platform."
+
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency "httparty"
+  gem.add_dependency "activemodel", "~> 3.0"
+  gem.add_dependency "actionpack",  "~> 3.0"
+  gem.add_dependency "exvo_helpers", "~> 0.2"
+
+  gem.add_development_dependency "mocha"
+  gem.add_development_dependency "test-unit"
+  gem.add_development_dependency "rake"
+  gem.add_development_dependency "guard"
+  gem.add_development_dependency "guard-test"
+  gem.add_development_dependency "rb-fsevent"
+  gem.add_development_dependency "rb-inotify"
+  gem.add_development_dependency "simplecov"
+  gem.add_development_dependency "simplecov-rcov"
+end

data/lib/exvo_auth.rb

@@ -0,0 +1,31 @@
+require 'multi_json'
+require 'httparty'
+require 'uri'
+require 'base64'
+require 'exvo_helpers'
+
+module ExvoAuth
+  autoload :Middleware,   'exvo_auth/middleware'
+  autoload :SessionStore, 'exvo_auth/session_store'
+  autoload :Dejavu,       'exvo_auth/dejavu'
+  autoload :VERSION,      'exvo_auth/version'
+
+  module Controllers
+    autoload :Base,  'exvo_auth/controllers/base'
+    autoload :Rails, 'exvo_auth/controllers/rails'
+    autoload :Merb,  'exvo_auth/controllers/merb'
+  end
+
+  module Models
+    autoload :Message, 'exvo_auth/models/message'
+  end
+
+  module Autonomous
+    autoload :Base,     'exvo_auth/autonomous/base'
+    autoload :Consumer, 'exvo_auth/autonomous/consumer'
+    autoload :Provider, 'exvo_auth/autonomous/provider'
+    autoload :Cache,    'exvo_auth/autonomous/cache'
+    autoload :Auth,     'exvo_auth/autonomous/auth'
+    autoload :Http,     'exvo_auth/autonomous/http'
+  end
+end

data/lib/exvo_auth/autonomous/auth.rb

@@ -0,0 +1,18 @@
+require 'singleton'
+
+class ExvoAuth::Autonomous::Auth
+  include Singleton
+  include ExvoAuth::Autonomous::Http
+
+  def base_uri
+    Exvo::Helpers.auth_uri
+  end
+
+  def username
+    Exvo::Helpers.auth_client_id
+  end
+
+  def password
+    Exvo::Helpers.auth_client_secret
+  end
+end

data/lib/exvo_auth/autonomous/base.rb

@@ -0,0 +1,20 @@
+class ExvoAuth::Autonomous::Base
+  attr_reader :params
+  @@cache = ExvoAuth::Autonomous::Cache.new
+  
+  def initialize(params = {})
+    @params = params
+  end
+  
+  protected
+  
+  def validate_params!(*keys)
+    missing = keys - params.keys
+    raise(ArgumentError, "Please configure following keys: #{missing.join(", ")}") if missing.any?
+  end
+  
+  # Makes testing easy
+  def auth
+    ExvoAuth::Autonomous::Auth.instance
+  end
+end

data/lib/exvo_auth/autonomous/cache.rb

@@ -0,0 +1,33 @@
+class ExvoAuth::Autonomous::Cache
+  def initialize
+    @data = {}
+  end
+  
+  def read(key)
+    o = @data[key]
+    o[:value] if o && (now - o[:timestamp]) < 3600 # cache for one hour
+  end
+  
+  def write(key, value)
+    @data[key] = {
+      :value     => value,
+      :timestamp => now
+    }
+    
+    value
+  end
+  
+  def fetch(key)
+    if block_given?
+      read(key) || write(key, yield)
+    else
+      read(key)
+    end
+  end
+  
+  private
+  
+  def now
+    Time.now
+  end
+end

data/lib/exvo_auth/autonomous/consumer.rb

@@ -0,0 +1,36 @@
+class ExvoAuth::Autonomous::Consumer < ExvoAuth::Autonomous::Base
+  include ExvoAuth::Autonomous::Http
+
+  def initialize(params = {})
+    super
+    validate_params!(:app_id)
+  end
+
+  def base_uri
+    authorization["url"]
+  end
+
+  def username
+    Exvo::Helpers.auth_client_id
+  end
+
+  def password
+    authorization["access_token"]
+  end
+
+  def authorization
+    @@cache.fetch(params) do
+      authorization!
+    end
+  end
+
+  def authorization!
+    response = auth.get("/apps/consumer/authorizations/#{URI.escape(params[:app_id])}.json")
+
+    if response["authorization"]
+      @@cache.write(params, response["authorization"])
+    else
+      raise "Authorization not found. You need an auhorization to contact provider app (#{ params[:app_id] })"
+    end
+  end
+end

data/lib/exvo_auth/autonomous/http.rb

@@ -0,0 +1,43 @@
+module ExvoAuth::Autonomous::Http
+  def get(*args)
+    http.get(*args)
+  end
+
+  def post(*args)
+    http.post(*args)
+  end
+
+  def put(path, options = {})
+    # This fixes 411 responses from nginx (on heroku)
+    # when Content-Length is missing on put requests.
+    options[:body] ||= ""
+    http.put(path, options)
+  end
+
+  def delete(*args)
+    http.delete(*args)
+  end
+
+  def head(*args)
+    http.head(*args)
+  end
+
+  def options(*args)
+    http.options(*args)
+  end
+
+  protected
+
+  def http
+    basement.base_uri(base_uri)
+    basement.basic_auth(username, password)
+    basement
+  end
+
+  def basement
+    @basement ||= Class.new do
+      include HTTParty
+      debug_output if Exvo::Helpers.auth_debug
+    end
+  end
+end

data/lib/exvo_auth/autonomous/provider.rb

@@ -0,0 +1,24 @@
+class ExvoAuth::Autonomous::Provider < ExvoAuth::Autonomous::Base
+  def initialize(params = {})
+    super
+    validate_params!(:app_id, :access_token)
+  end
+  
+  def scopes
+    @@cache.fetch(params) do
+      scopes!
+    end
+  end
+  
+  def scopes!
+    response = auth.get("/apps/provider/authorizations/#{URI.escape(params[:app_id])}.json",
+      :query => { :access_token => params[:access_token] }
+    )
+
+    if scope = response["scope"] 
+      @@cache.write(params, scope.split)
+    else
+      [] # only cache positive responses
+    end
+  end
+end

data/lib/exvo_auth/controllers/base.rb

@@ -0,0 +1,123 @@
+module ExvoAuth::Controllers::Base
+  # A before filter to protect your sensitive actions.
+  def authenticate_user!(opts = {})
+    if !signed_in?
+      store_request!
+
+      callback_value = params[callback_key]
+
+      if callback_value
+        redirect_to non_interactive_sign_in_path(callback_key => callback_value)
+      else
+        redirect_to opts[:redirect_to] || sign_in_path
+      end
+    end
+  end
+
+  # Usually this method is called from your sessions#create.
+  def sign_in_and_redirect!
+    session[:user_uid] = request.env["omniauth.auth"]["uid"]
+
+    url = if params[:state] == "popup"
+      Exvo::Helpers..auth_uri + "/close_popup.html"
+    elsif params[:state] # if not popup then an url
+      params[:state]
+    else
+      request_replay_url || "/"
+    end
+
+    redirect_to url
+  end
+
+  # Redirect to sign_out_url, signs out and redirects back to "/" (by default).
+  # Usuallly this method is called from your sessions#destroy.
+  def sign_out_and_redirect!(return_to = "/")
+    session.clear
+    remove_instance_variable(:@current_user) if instance_variable_defined?(:@current_user)
+    redirect_to sign_out_url(return_to)
+  end
+
+  def authenticate_app_in_scope!(scope)
+    raise("SSL not configured. Your api needs to be exposed using https protocol.") unless request.ssl? || Exvo::Helpers.auth_require_ssl == false
+
+    send(basic_authentication_method_name) do |app_id, access_token|
+      current_scopes = ExvoAuth::Autonomous::Provider.new(
+        :app_id       => app_id,
+        :access_token => access_token
+      ).scopes
+
+      @current_app_id = app_id
+
+      current_scopes.include?(scope.to_s)
+    end
+  end
+
+  def sign_in_path
+    "/auth/exvo"
+  end
+
+  def sign_up_path
+    "/auth/exvo?x_sign_up=true"
+  end
+
+  def callback_key
+    "_callback"
+  end
+
+  def current_user
+    return @current_user unless @current_user.nil?
+    @current_user = session[:user_uid] && find_or_create_user_by_uid(session[:user_uid])
+  end
+
+  def current_app_id
+    @current_app_id
+  end
+
+  def signed_in?
+    !!current_user
+  end
+
+  protected
+
+  def find_or_create_user_by_uid(uid)
+    raise "Implement find_or_create_user_by_uid in a controller"
+  end
+
+  def sign_out_url(return_to)
+    Exvo::Helpers.auth_uri + "/users/sign_out?" + Rack::Utils.build_query({ :return_to => return_to })
+  end
+
+  def non_interactive_sign_in_path(params = {})
+    path  = "/auth/exvo"
+    query = Rack::Utils.build_query(params)
+    query.empty? ? path : "#{path}?#{query}"
+  end
+
+  def current_request
+    request.params.reject{ |k, v| ["controller", "action"].include?(k) || v.nil? }.merge(
+      :_dejavu => {
+        :script_name  => request.script_name, # for Rack::Request
+        :path_info    => request.path_info,   # for Rack::Request
+        :request_path => request.path,        # for Merb::Request
+        :method       => request_method,
+        :content_type => request.content_type
+      }
+    )
+  end
+
+  def store_request!
+    session[:stored_request] = Base64.encode64(MultiJson.encode(current_request))
+  end
+
+  def request_replay_url
+    if stored_request = session.delete(:stored_request)
+      params = MultiJson.decode(Base64.decode64(stored_request))
+      dejavu = params.delete("_dejavu")
+      if dejavu["method"] == "GET"
+        dejavu["script_name"] + dejavu["path_info"] + (params.any? ? "?" + Rack::Utils.build_nested_query(params) : "")
+      else
+        "/auth/dejavu?" + Rack::Utils.build_nested_query(params.merge(:_dejavu => dejavu))
+      end
+    end
+  end
+end

data/lib/exvo_auth/controllers/merb.rb

@@ -0,0 +1,27 @@
+module ExvoAuth::Controllers::Merb
+  def self.included(base)
+    base.send :include, ExvoAuth::Controllers::Base
+    base.send :include, InstanceMethods
+  end
+  
+  module InstanceMethods
+    def authenticate_user!
+      super
+      throw :halt unless signed_in?
+    end
+    
+    protected
+
+    def request_method
+      request.method.to_s.upcase
+    end
+
+    def basic_authentication_method_name
+      :basic_authentication
+    end
+
+    def redirect_to(*args)
+      redirect(*args)
+    end
+  end
+end

data/lib/exvo_auth/controllers/rails.rb

@@ -0,0 +1,19 @@
+module ExvoAuth::Controllers::Rails
+  def self.included(base)
+    base.send :include, ExvoAuth::Controllers::Base
+    base.send :include, InstanceMethods
+    base.helper_method :current_user, :signed_in?, :sign_up_path, :sign_in_path
+  end
+    
+  module InstanceMethods    
+    protected
+    
+    def request_method
+      request.request_method
+    end
+    
+    def basic_authentication_method_name
+      :authenticate_or_request_with_http_basic
+    end    
+  end
+end

data/lib/exvo_auth/dejavu.rb

@@ -0,0 +1,24 @@
+class ExvoAuth::Dejavu
+  def initialize(app)
+    @app = app
+  end
+  
+  def call(env)
+    dejavu(env) if Rack::Request.new(env).path == "/auth/dejavu"
+    @app.call(env)
+  end
+  
+  private
+  
+  def dejavu(env)
+    params = Rack::Request.new(env).params
+    dejavu = params.delete("_dejavu")
+
+    env["QUERY_STRING"]   = Rack::Utils.build_nested_query(params) # Will not work with file uploads.
+    env["SCRIPT_NAME"]    = dejavu["script_name"]  # for Rack::Request
+    env["PATH_INFO"]      = dejavu["path_info"]    # for Rack::Request
+    env["REQUEST_PATH"]   = dejavu["request_path"] # for Merb::Request
+    env["REQUEST_METHOD"] = dejavu["method"]
+    env["CONTENT_TYPE"]   = dejavu["content_type"]
+  end
+end

data/lib/exvo_auth/middleware.rb

@@ -0,0 +1,15 @@
+class ExvoAuth::Middleware
+  def initialize(app)
+    @app = middlewares.inject(app){ |a, m| a = m.new(a) }
+  end
+  
+  def call(env)
+    @app.call(env)
+  end
+  
+  private
+  
+  def middlewares
+    [ExvoAuth::Dejavu]
+  end
+end

data/lib/exvo_auth/models/message.rb

@@ -0,0 +1,72 @@
+class ExvoAuth::Models::Message
+  include ActiveModel::Validations
+  include ActiveModel::Serialization
+  
+  class RecordInvalid < StandardError; end
+  class RecordNotFound < StandardError; end
+  
+  validates :label,    :presence => true, :format => /^[_a-z0-9]+$/ix
+  validates :text,     :presence => true
+  validates :user_uid, :presence => true, :numericality => true
+
+  attr_accessor :id, :label, :text, :user_uid, :created_at, :read
+  
+  def initialize(attributes = {})
+    attributes.each do |name, value|
+      send("#{name}=", value)
+    end
+  end
+  
+  def self.create(attributes = {})
+    message = new(attributes)
+    if message.valid?
+      message.deliver
+      message
+    else
+      raise RecordInvalid, message.errors.full_messages.join(", ")
+    end
+  end
+  
+  def self.all
+    auth = ExvoAuth::Autonomous::Auth.instance
+    response = auth.get("/api/private/app_messages.json")
+    response.map{ |m| new(m) }
+  end
+  
+  def self.find(id)
+    auth = ExvoAuth::Autonomous::Auth.instance
+    response = auth.get("/api/private/app_messages/#{id}.json")
+    if response.code == 200
+      new(response)
+    else
+      raise RecordNotFound, "Couldn't find #{model_name} with ID=#{id}"
+    end
+  end
+  
+  def deliver
+    auth = ExvoAuth::Autonomous::Auth.instance
+    attributes = {
+      :label    => label,
+      :text     => text,
+      :user_uid => user_uid
+    }
+    response = auth.post("/api/private/app_messages.json", :body => attributes)
+    case response.code
+      when 201 then
+        response.parsed_response.each do |k, v|
+          send("#{k}=", v)
+        end
+      when 422 then
+        response.parsed_response.each{ |attr, error| errors.add(attr, error) }
+        raise RecordInvalid, errors.full_messages.join(", ")
+      else
+        raise "Unknown error"  
+    end
+
+  end
+  
+  def persisted?
+    !!id
+  end
+
+end

data/lib/exvo_auth/session_store.rb

@@ -0,0 +1,37 @@
+require "action_dispatch"
+require 'active_support/core_ext/hash/reverse_merge'
+
+# For Merb apps only. This replaces merb sessions with Rails3 sessions. We use this to share sessions between merb and rails apps.
+class ExvoAuth::SessionStore
+  def initialize(app, options = {})
+    raise "Please configure :secret_token" unless @secret_token = options[:secret_token]
+    raise "Please configure :domain"       unless @domain       = options[:domain]
+    
+    @app = ActionDispatch::Cookies.new(ActionDispatch::Session::CookieStore.new(ActionDispatch::Flash.new(app), :key => "_exvo_session", :domain => @domain, :expire_after => 2.weeks))
+  end
+  def call(env)
+    @app.call(env.reverse_merge!(env_defaults))
+  end
+  def env_defaults
+    @env_defaults ||= { 
+      "action_dispatch.secret_token" => @secret_token
+    }
+  end
+  def self.replace_merb_sessions_with_rails_3_sessions! # this is crazy
+    [Merb::BootLoader::MixinSession, Merb::BootLoader::SetupSession, Merb::BootLoader::Cookies].each do |c| 
+      c.class_eval do
+        def self.run; end
+      end
+    end
+    Merb::Controller.class_eval do
+      def session; request.session end
+      def cookies; request.env["action_dispatch.cookies"] ||= ActionDispatch::Cookies::CookieJar.build(request) end
+    end
+    Merb::Request.class_eval do
+      def session?; true end
+      def session; Rack::Request.new(env).session end
+      def cookies; Rack::Request.new(env).cookies end
+    end
+  end
+end
+

data/lib/exvo_auth/version.rb

@@ -0,0 +1,3 @@
+module ExvoAuth
+  VERSION = "0.15.0"
+end

data/test/helper.rb

@@ -0,0 +1,9 @@
+require 'simplecov'
+require 'simplecov-rcov'
+SimpleCov.formatter = SimpleCov::Formatter::RcovFormatter
+SimpleCov.start
+
+require 'rubygems'
+require 'test/unit'
+require 'mocha'
+require 'exvo_auth'

data/test/test_exvo_auth.rb

@@ -0,0 +1,42 @@
+require 'helper'
+
+class TestExvoAuth < Test::Unit::TestCase
+  def setup
+    Exvo::Helpers.auth_client_id     = "foo"
+    Exvo::Helpers.auth_client_secret = "bar"
+  end
+
+  test "consumer sanity" do
+    c = ExvoAuth::Autonomous::Consumer.new(:app_id => "baz")
+    authorization = { "access_token" => "qux", "url" => "https://foo/api" }
+    auth = stub(:get => { "authorization" => authorization })
+    c.expects(:auth).returns(auth)
+
+    assert_equal authorization, c.send(:authorization)
+    assert_equal authorization, c.send(:authorization) # second time from cache, without touching httparty
+  end
+
+  test "provider sanity" do
+    p = ExvoAuth::Autonomous::Provider.new(:app_id => "baz", :access_token => "qux")
+    auth = stub(:get => {"scope" => "qux quux"})
+    p.expects(:auth).returns(auth)
+
+    assert_equal ["qux", "quux"], p.scopes
+    assert_equal ["qux", "quux"], p.scopes # second time from cache, without touching httparty
+  end
+
+  test "integration of httparty interface with auth" do
+    c = ExvoAuth::Autonomous::Consumer.new(:app_id => "baz")
+    basement = mock("basement")
+    basement.expects(:base_uri)
+    basement.expects(:basic_auth)
+    basement.expects(:get).with("/bar").returns(true)
+    c.expects(:basement).at_least_once.returns(basement)
+    assert_true c.get("/bar")
+  end
+
+  test "basement includes httparty" do
+    c = ExvoAuth::Autonomous::Consumer.new(:app_id => "baz")
+    assert_true c.send(:basement).included_modules.include?(HTTParty)
+  end
+end

data/test/test_integration.rb

@@ -0,0 +1,17 @@
+require 'helper'
+
+class TestIntegration < Test::Unit::TestCase
+  def setup
+    Exvo::Helpers.auth_host          = "staging.auth.exvo.com"
+    Exvo::Helpers.auth_client_id     = "foo"
+    Exvo::Helpers.auth_client_secret = "bar"
+    Exvo::Helpers.auth_require_ssl   = true
+  end
+
+  test "integration with staging.auth.exvo.com" do
+    c = ExvoAuth::Autonomous::Consumer.new(:app_id => "bar")
+    authorization = c.send(:authorization)
+    assert authorization["access_token"].size > 0
+    assert_equal "https://bar/api", authorization["url"]
+  end
+end

metadata

@@ -0,0 +1,216 @@
+--- !ruby/object:Gem::Specification
+name: exvo_auth
+version: !ruby/object:Gem::Version
+  version: 0.15.0
+  prerelease: 
+platform: ruby
+authors:
+- Jacek Becela
+- Paweł Gościcki
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-01-26 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: &77112060 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *77112060
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: &77110930 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *77110930
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: &77108390 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *77108390
+- !ruby/object:Gem::Dependency
+  name: exvo_helpers
+  requirement: &77089050 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: *77089050
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: &77087470 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *77087470
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: &77086220 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *77086220
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &77085280 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *77085280
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: &77082500 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *77082500
+- !ruby/object:Gem::Dependency
+  name: guard-test
+  requirement: &77030890 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *77030890
+- !ruby/object:Gem::Dependency
+  name: rb-fsevent
+  requirement: &76952630 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *76952630
+- !ruby/object:Gem::Dependency
+  name: rb-inotify
+  requirement: &76941060 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *76941060
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: &76936810 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *76936810
+- !ruby/object:Gem::Dependency
+  name: simplecov-rcov
+  requirement: &76882790 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *76882790
+description: Collection of users and applications authentication methods for use when
+  you want your users or applications authorize using the Exvo platform.
+email:
+- jacek.becela@gmail.com
+- pawel.goscicki@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- MIT-LICENSE
+- README.md
+- Rakefile
+- exvo_auth.gemspec
+- lib/exvo_auth.rb
+- lib/exvo_auth/autonomous/auth.rb
+- lib/exvo_auth/autonomous/base.rb
+- lib/exvo_auth/autonomous/cache.rb
+- lib/exvo_auth/autonomous/consumer.rb
+- lib/exvo_auth/autonomous/http.rb
+- lib/exvo_auth/autonomous/provider.rb
+- lib/exvo_auth/controllers/base.rb
+- lib/exvo_auth/controllers/merb.rb
+- lib/exvo_auth/controllers/rails.rb
+- lib/exvo_auth/dejavu.rb
+- lib/exvo_auth/middleware.rb
+- lib/exvo_auth/models/message.rb
+- lib/exvo_auth/session_store.rb
+- lib/exvo_auth/version.rb
+- test/helper.rb
+- test/test_exvo_auth.rb
+- test/test_integration.rb
+homepage: https://github.com/Exvo/exvo_auth
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: User and App authentication for Exvo
+test_files: []
+has_rdoc: