filiptepper-oauth-plugin 0.3.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (74) hide show
  1. data/.gitignore +5 -0
  2. data/CHANGELOG +101 -0
  3. data/MIT-LICENSE +20 -0
  4. data/README.rdoc +376 -0
  5. data/Rakefile +38 -0
  6. data/VERSION +1 -0
  7. data/generators/oauth_consumer/USAGE +10 -0
  8. data/generators/oauth_consumer/oauth_consumer_generator.rb +50 -0
  9. data/generators/oauth_consumer/templates/consumer_token.rb +5 -0
  10. data/generators/oauth_consumer/templates/controller.rb +19 -0
  11. data/generators/oauth_consumer/templates/index.html.erb +29 -0
  12. data/generators/oauth_consumer/templates/index.html.haml +18 -0
  13. data/generators/oauth_consumer/templates/migration.rb +20 -0
  14. data/generators/oauth_consumer/templates/oauth_config.rb +41 -0
  15. data/generators/oauth_consumer/templates/show.html.erb +7 -0
  16. data/generators/oauth_consumer/templates/show.html.haml +8 -0
  17. data/generators/oauth_provider/USAGE +20 -0
  18. data/generators/oauth_provider/lib/insert_routes.rb +67 -0
  19. data/generators/oauth_provider/oauth_provider_generator.rb +125 -0
  20. data/generators/oauth_provider/templates/_form.html.erb +17 -0
  21. data/generators/oauth_provider/templates/_form.html.haml +21 -0
  22. data/generators/oauth_provider/templates/access_token.rb +16 -0
  23. data/generators/oauth_provider/templates/authorize.html.erb +14 -0
  24. data/generators/oauth_provider/templates/authorize.html.haml +16 -0
  25. data/generators/oauth_provider/templates/authorize_failure.html.erb +1 -0
  26. data/generators/oauth_provider/templates/authorize_failure.html.haml +1 -0
  27. data/generators/oauth_provider/templates/authorize_success.html.erb +1 -0
  28. data/generators/oauth_provider/templates/authorize_success.html.haml +1 -0
  29. data/generators/oauth_provider/templates/client_application.rb +55 -0
  30. data/generators/oauth_provider/templates/client_application_spec.rb +29 -0
  31. data/generators/oauth_provider/templates/client_application_test.rb +42 -0
  32. data/generators/oauth_provider/templates/client_applications.yml +23 -0
  33. data/generators/oauth_provider/templates/clients_controller.rb +52 -0
  34. data/generators/oauth_provider/templates/clients_controller_spec.rb +239 -0
  35. data/generators/oauth_provider/templates/clients_controller_test.rb +280 -0
  36. data/generators/oauth_provider/templates/controller.rb +11 -0
  37. data/generators/oauth_provider/templates/controller_spec.rb +367 -0
  38. data/generators/oauth_provider/templates/controller_spec_helper.rb +80 -0
  39. data/generators/oauth_provider/templates/controller_test.rb +310 -0
  40. data/generators/oauth_provider/templates/controller_test_helper.rb +115 -0
  41. data/generators/oauth_provider/templates/edit.html.erb +7 -0
  42. data/generators/oauth_provider/templates/edit.html.haml +4 -0
  43. data/generators/oauth_provider/templates/index.html.erb +43 -0
  44. data/generators/oauth_provider/templates/index.html.haml +39 -0
  45. data/generators/oauth_provider/templates/migration.rb +46 -0
  46. data/generators/oauth_provider/templates/new.html.erb +5 -0
  47. data/generators/oauth_provider/templates/new.html.haml +5 -0
  48. data/generators/oauth_provider/templates/oauth_nonce.rb +13 -0
  49. data/generators/oauth_provider/templates/oauth_nonce_spec.rb +24 -0
  50. data/generators/oauth_provider/templates/oauth_nonce_test.rb +26 -0
  51. data/generators/oauth_provider/templates/oauth_nonces.yml +13 -0
  52. data/generators/oauth_provider/templates/oauth_token.rb +31 -0
  53. data/generators/oauth_provider/templates/oauth_token_spec.rb +309 -0
  54. data/generators/oauth_provider/templates/oauth_token_test.rb +57 -0
  55. data/generators/oauth_provider/templates/oauth_tokens.yml +17 -0
  56. data/generators/oauth_provider/templates/request_token.rb +40 -0
  57. data/generators/oauth_provider/templates/show.html.erb +27 -0
  58. data/generators/oauth_provider/templates/show.html.haml +30 -0
  59. data/init.rb +1 -0
  60. data/install.rb +2 -0
  61. data/lib/oauth-plugin.rb +1 -0
  62. data/lib/oauth/controllers/application_controller_methods.rb +110 -0
  63. data/lib/oauth/controllers/consumer_controller.rb +76 -0
  64. data/lib/oauth/controllers/provider_controller.rb +111 -0
  65. data/lib/oauth/models/consumers/service_loader.rb +18 -0
  66. data/lib/oauth/models/consumers/services/agree2_token.rb +15 -0
  67. data/lib/oauth/models/consumers/services/fireeagle_token.rb +39 -0
  68. data/lib/oauth/models/consumers/services/twitter_token.rb +18 -0
  69. data/lib/oauth/models/consumers/token.rb +60 -0
  70. data/oauth-plugin.gemspec +112 -0
  71. data/rails/init.rb +7 -0
  72. data/tasks/oauth_tasks.rake +4 -0
  73. data/uninstall.rb +1 -0
  74. metadata +136 -0
@@ -0,0 +1,7 @@
1
+ <h1>Edit your application</h1>
2
+ <%% form_for :client_application, @client_application, :url => oauth_client_path(@client_application), :html => {:method => :put} do |f| %>
3
+ <%%= render :partial => "form", :locals => { :f => f } %>
4
+ <%%= submit_tag "Edit" %>
5
+ <%% end %>
6
+ <%%= link_to 'Show', oauth_client_path(@client_application) %> |
7
+ <%%= link_to 'Back', oauth_clients_path %>
@@ -0,0 +1,4 @@
1
+ %h1 Edit your application
2
+ - form_for :client_application do |f|
3
+ = render :partial => "form", :locals => { :f => f }
4
+ = submit_tag "Edit"
@@ -0,0 +1,43 @@
1
+ <div class="flash"><%%= flash[:notice] %></div>
2
+ <h1>OAuth Client Applications</h1>
3
+ <%% unless @tokens.empty? %>
4
+ <p>The following tokens have been issued to applications in your name</p>
5
+ <table>
6
+ <tr><th>Application</th><th>Issued</th><th>&nbsp;</th></tr>
7
+ <%% @tokens.each do |token|%>
8
+ <%% content_tag_for :tr, token do %>
9
+ <td><%%= link_to token.client_application.name, token.client_application.url %></td>
10
+ <td><%%= token.authorized_at %></td>
11
+ <td>
12
+ <%% form_tag :controller => 'oauth', :action => 'revoke' do %>
13
+ <%%= hidden_field_tag 'token', token.token %>
14
+ <%%= submit_tag "Revoke!" %>
15
+ <%% end %>
16
+ </td>
17
+ <%% end %>
18
+ <%% end %>
19
+
20
+ </table>
21
+ <%% end %>
22
+ <h3>Application Developers</h3>
23
+ <%% if @client_applications.empty? %>
24
+ <p>
25
+ Do you have an application you would like to register for use with us using the <a href="http://oauth.net">OAuth</a> standard?
26
+ </p>
27
+ <p>
28
+ You must register your web application before it can make OAuth requests to this service
29
+ </p>
30
+ <%% else %>
31
+ <p>
32
+ You have the following client applications registered:
33
+ </p>
34
+ <%% @client_applications.each do |client|%>
35
+ <%% div_for client do %>
36
+ <%%= link_to client.name, oauth_client_path(client) %>-
37
+ <%%= link_to 'Edit', edit_oauth_client_path(client) %>
38
+ <%%= link_to 'Delete', oauth_client_path(client), :confirm => "Are you sure?", :method => :delete %>
39
+ <%% end %>
40
+ <%% end %>
41
+ <%% end %>
42
+ <br />
43
+ <h3><%%= link_to "Register your application", :action => :new %></h3>
@@ -0,0 +1,39 @@
1
+ .flash= flash[:notice]
2
+ %h1 OAuth Client Applications
3
+ - unless @tokens.empty?
4
+
5
+ %p
6
+ The following tokens have been issued to applications in your name
7
+
8
+ %table
9
+ %tr
10
+ %th Application
11
+ %th Issued
12
+ %th &nbsp;
13
+ - @tokens.each do |token|
14
+ - content_tag_for :tr, token do
15
+ %td= link_to token.client_application.name, token.client_application.url
16
+ %td= token.authorized_at
17
+ %td
18
+ - form_tag :controller => 'oauth', :action => 'revoke' do
19
+ = hidden_field_tag 'token', token.token
20
+ = submit_tag "Revoke!"
21
+
22
+ %h3 Application Developers
23
+
24
+ - if @client_applications.empty?
25
+ %p
26
+ Do you have an application you would like to register for use with us using the <a href="http://oauth.net">OAuth</a> standard?
27
+ You must register your web application before it can make OAuth requests to this service
28
+ - else
29
+ %p
30
+ You have the following client applications registered:
31
+
32
+ - @client_applications.each do |client|
33
+ - div_for client do
34
+ = link_to client.name, :action => :show, :id => client.id
35
+ = link_to 'Edit', edit_oauth_client_path(client)
36
+ = link_to 'Delete', oauth_client_path(client), :confirm => "Are you sure?", :method => :delete
37
+ %br
38
+ %h3
39
+ = link_to "Register your application", :action => :new
@@ -0,0 +1,46 @@
1
+ class CreateOauthTables < ActiveRecord::Migration
2
+ def self.up
3
+ create_table :client_applications do |t|
4
+ t.string :name
5
+ t.string :url
6
+ t.string :support_url
7
+ t.string :callback_url
8
+ t.string :key, :limit => 20
9
+ t.string :secret, :limit => 40
10
+ t.integer :user_id
11
+
12
+ t.timestamps
13
+ end
14
+ add_index :client_applications, :key, :unique
15
+
16
+ create_table :oauth_tokens do |t|
17
+ t.integer :user_id
18
+ t.string :type, :limit => 20
19
+ t.integer :client_application_id
20
+ t.string :token, :limit => 20
21
+ t.string :secret, :limit => 40
22
+ t.string :callback_url
23
+ t.string :verifier, :limit => 20
24
+ t.timestamp :authorized_at, :invalidated_at
25
+ t.timestamps
26
+ end
27
+
28
+ add_index :oauth_tokens, :token, :unique
29
+
30
+ create_table :oauth_nonces do |t|
31
+ t.string :nonce
32
+ t.integer :timestamp
33
+
34
+ t.timestamps
35
+ end
36
+ add_index :oauth_nonces,[:nonce, :timestamp], :unique
37
+
38
+ end
39
+
40
+ def self.down
41
+ drop_table :client_applications
42
+ drop_table :oauth_tokens
43
+ drop_table :oauth_nonces
44
+ end
45
+
46
+ end
@@ -0,0 +1,5 @@
1
+ <h1>Register a new application</h1>
2
+ <%% form_for :client_application, :url => { :action => :create } do |f| %>
3
+ <%%= render :partial => "form", :locals => { :f => f } %>
4
+ <%%= submit_tag "Register" %>
5
+ <%% end %>
@@ -0,0 +1,5 @@
1
+ %h1 Register a new application
2
+
3
+ - form_for :client_application, :url => { :action => :create } do |f|
4
+ = render :partial => "form", :locals => { :f => f }
5
+ = submit_tag "Register"
@@ -0,0 +1,13 @@
1
+ # Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique.
2
+ # Thus you can use the same nonce with a different timestamp and viceversa.
3
+ class OauthNonce < ActiveRecord::Base
4
+ validates_presence_of :nonce, :timestamp
5
+ validates_uniqueness_of :nonce, :scope => :timestamp
6
+
7
+ # Remembers a nonce and it's associated timestamp. It returns false if it has already been used
8
+ def self.remember(nonce, timestamp)
9
+ oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp)
10
+ return false if oauth_nonce.new_record?
11
+ oauth_nonce
12
+ end
13
+ end
@@ -0,0 +1,24 @@
1
+ require File.dirname(__FILE__) + '/../spec_helper'
2
+ require 'oauth/helper'
3
+ describe OauthNonce do
4
+ include OAuth::Helper
5
+ before(:each) do
6
+ @oauth_nonce = OauthNonce.remember(generate_key, Time.now.to_i)
7
+ end
8
+
9
+ it "should be valid" do
10
+ @oauth_nonce.should be_valid
11
+ end
12
+
13
+ it "should not have errors" do
14
+ @oauth_nonce.errors.full_messages.should == []
15
+ end
16
+
17
+ it "should not be a new record" do
18
+ @oauth_nonce.should_not be_new_record
19
+ end
20
+
21
+ it "should not allow a second one with the same values" do
22
+ OauthNonce.remember(@oauth_nonce.nonce,@oauth_nonce.timestamp).should == false
23
+ end
24
+ end
@@ -0,0 +1,26 @@
1
+ require 'oauth/helper'
2
+ require File.dirname(__FILE__) + '/../test_helper'
3
+
4
+ class ClientNoneTest < ActiveSupport::TestCase
5
+ include OAuth::Helper
6
+
7
+ def setup
8
+ @oauth_nonce = OauthNonce.remember(generate_key,Time.now.to_i)
9
+ end
10
+
11
+ def test_should_be_valid
12
+ assert @oauth_nonce.valid?
13
+ end
14
+
15
+ def test_should_not_have_errors
16
+ assert_equal [], @oauth_nonce.errors.full_messages
17
+ end
18
+
19
+ def test_should_not_be_a_new_record
20
+ assert !@oauth_nonce.new_record?
21
+ end
22
+
23
+ def test_shuold_not_allow_a_second_one_with_the_same_values
24
+ assert_equal false, OauthNonce.remember(@oauth_nonce.nonce, @oauth_nonce.timestamp)
25
+ end
26
+ end
@@ -0,0 +1,13 @@
1
+ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
2
+ one:
3
+ id: 1
4
+ nonce: a_nonce
5
+ timestamp: 1
6
+ created_at: 2007-11-25 17:27:04
7
+ updated_at: 2007-11-25 17:27:04
8
+ two:
9
+ id: 2
10
+ nonce: b_nonce
11
+ timestamp: 2
12
+ created_at: 2007-11-25 17:27:04
13
+ updated_at: 2007-11-25 17:27:04
@@ -0,0 +1,31 @@
1
+ class OauthToken < ActiveRecord::Base
2
+ belongs_to :client_application
3
+ belongs_to :user
4
+ validates_uniqueness_of :token
5
+ validates_presence_of :client_application, :token, :secret
6
+ before_validation_on_create :generate_keys
7
+
8
+ def invalidated?
9
+ invalidated_at != nil
10
+ end
11
+
12
+ def invalidate!
13
+ update_attribute(:invalidated_at, Time.now)
14
+ end
15
+
16
+ def authorized?
17
+ authorized_at != nil && !invalidated?
18
+ end
19
+
20
+ def to_query
21
+ "oauth_token=#{token}&oauth_token_secret=#{secret}"
22
+ end
23
+
24
+ protected
25
+
26
+ def generate_keys
27
+ oauth_token = client_application.oauth_server.generate_credentials
28
+ self.token = oauth_token[0][0,20]
29
+ self.secret = oauth_token[1][0,40]
30
+ end
31
+ end
@@ -0,0 +1,309 @@
1
+ require File.dirname(__FILE__) + '/../spec_helper'
2
+
3
+ describe RequestToken do
4
+ fixtures :client_applications, :users, :oauth_tokens
5
+ before(:each) do
6
+ @token = RequestToken.create :client_application => client_applications(:one)
7
+ end
8
+
9
+ it "should be valid" do
10
+ @token.should be_valid
11
+ end
12
+
13
+ it "should not have errors" do
14
+ @token.errors.should_not == []
15
+ end
16
+
17
+ it "should have a token" do
18
+ @token.token.should_not be_nil
19
+ end
20
+
21
+ it "should have a secret" do
22
+ @token.secret.should_not be_nil
23
+ end
24
+
25
+ it "should not be authorized" do
26
+ @token.should_not be_authorized
27
+ end
28
+
29
+ it "should not be invalidated" do
30
+ @token.should_not be_invalidated
31
+ end
32
+
33
+ it "should not have a verifier" do
34
+ @token.verifier.should be_nil
35
+ end
36
+
37
+ it "should not be oob" do
38
+ @token.should_not be_oob
39
+ end
40
+
41
+ describe "OAuth 1.0a" do
42
+
43
+ describe "with provided callback" do
44
+ before(:each) do
45
+ @token.callback_url="http://test.com/callback"
46
+ end
47
+
48
+ it "should not be oauth10" do
49
+ @token.should_not be_oauth10
50
+ end
51
+
52
+ it "should not be oob" do
53
+ @token.should_not be_oob
54
+ end
55
+
56
+ describe "authorize request" do
57
+ before(:each) do
58
+ @token.authorize!(users(:quentin))
59
+ end
60
+
61
+ it "should be authorized" do
62
+ @token.should be_authorized
63
+ end
64
+
65
+ it "should have authorized at" do
66
+ @token.authorized_at.should_not be_nil
67
+ end
68
+
69
+ it "should have user set" do
70
+ @token.user.should == users(:quentin)
71
+ end
72
+
73
+ it "should have verifier" do
74
+ @token.verifier.should_not be_nil
75
+ end
76
+
77
+ describe "exchange for access token" do
78
+
79
+ before(:each) do
80
+ @token.provided_oauth_verifier=@token.verifier
81
+ @access = @token.exchange!
82
+ end
83
+
84
+ it "should be valid" do
85
+ @access.should be_valid
86
+ end
87
+
88
+ it "should have no error messages" do
89
+ @access.errors.full_messages.should==[]
90
+ end
91
+
92
+ it "should invalidate request token" do
93
+ @token.should be_invalidated
94
+ end
95
+
96
+ it "should set user on access token" do
97
+ @access.user.should == users(:quentin)
98
+ end
99
+
100
+ it "should authorize accesstoken" do
101
+ @access.should be_authorized
102
+ end
103
+ end
104
+
105
+ describe "attempt exchange with invalid verifier (OAuth 1.0a)" do
106
+
107
+ before(:each) do
108
+ @value = @token.exchange!
109
+ end
110
+
111
+ it "should return false" do
112
+ @value.should==false
113
+ end
114
+
115
+ it "should not invalidate request token" do
116
+ @token.should_not be_invalidated
117
+ end
118
+ end
119
+
120
+ end
121
+
122
+ describe "attempt exchange with out authorization" do
123
+
124
+ before(:each) do
125
+ @value = @token.exchange!
126
+ end
127
+
128
+ it "should return false" do
129
+ @value.should==false
130
+ end
131
+
132
+ it "should not invalidate request token" do
133
+ @token.should_not be_invalidated
134
+ end
135
+ end
136
+
137
+ it "should return 1.0a style to_query" do
138
+ @token.to_query.should=="oauth_token=#{@token.token}&oauth_token_secret=#{@token.secret}&oauth_callback_confirmed=true"
139
+ end
140
+
141
+ end
142
+
143
+ describe "with oob callback" do
144
+ before(:each) do
145
+ @token.callback_url='oob'
146
+ end
147
+
148
+ it "should not be oauth10" do
149
+ @token.should_not be_oauth10
150
+ end
151
+
152
+ it "should be oob" do
153
+ @token.should be_oob
154
+ end
155
+
156
+ describe "authorize request" do
157
+ before(:each) do
158
+ @token.authorize!(users(:quentin))
159
+ end
160
+
161
+ it "should be authorized" do
162
+ @token.should be_authorized
163
+ end
164
+
165
+ it "should have authorized at" do
166
+ @token.authorized_at.should_not be_nil
167
+ end
168
+
169
+ it "should have user set" do
170
+ @token.user.should == users(:quentin)
171
+ end
172
+
173
+ it "should have verifier" do
174
+ @token.verifier.should_not be_nil
175
+ end
176
+
177
+ describe "exchange for access token" do
178
+
179
+ before(:each) do
180
+ @token.provided_oauth_verifier=@token.verifier
181
+ @access = @token.exchange!
182
+ end
183
+
184
+ it "should invalidate request token" do
185
+ @token.should be_invalidated
186
+ end
187
+
188
+ it "should set user on access token" do
189
+ @access.user.should == users(:quentin)
190
+ end
191
+
192
+ it "should authorize accesstoken" do
193
+ @access.should be_authorized
194
+ end
195
+ end
196
+
197
+ describe "attempt exchange with invalid verifier (OAuth 1.0a)" do
198
+
199
+ before(:each) do
200
+ @value = @token.exchange!
201
+ end
202
+
203
+ it "should return false" do
204
+ @value.should==false
205
+ end
206
+
207
+ it "should not invalidate request token" do
208
+ @token.should_not be_invalidated
209
+ end
210
+ end
211
+
212
+ end
213
+
214
+ describe "attempt exchange with out authorization invalid verifier" do
215
+
216
+ before(:each) do
217
+ @value = @token.exchange!
218
+ end
219
+
220
+ it "should return false" do
221
+ @value.should==false
222
+ end
223
+
224
+ it "should not invalidate request token" do
225
+ @token.should_not be_invalidated
226
+ end
227
+ end
228
+
229
+ it "should return 1.0 style to_query" do
230
+ @token.to_query.should=="oauth_token=#{@token.token}&oauth_token_secret=#{@token.secret}&oauth_callback_confirmed=true"
231
+ end
232
+ end
233
+ end
234
+
235
+ if defined? OAUTH_10_SUPPORT && OAUTH_10_SUPPORT
236
+ describe "OAuth 1.0" do
237
+
238
+ it "should be oauth10" do
239
+ @token.should be_oauth10
240
+ end
241
+
242
+ it "should not be oob" do
243
+ @token.should_not be_oob
244
+ end
245
+
246
+ describe "authorize request" do
247
+ before(:each) do
248
+ @token.authorize!(users(:quentin))
249
+ end
250
+
251
+ it "should be authorized" do
252
+ @token.should be_authorized
253
+ end
254
+
255
+ it "should have authorized at" do
256
+ @token.authorized_at.should_not be_nil
257
+ end
258
+
259
+ it "should have user set" do
260
+ @token.user.should == users(:quentin)
261
+ end
262
+
263
+ it "should not have verifier" do
264
+ @token.verifier.should be_nil
265
+ end
266
+
267
+ describe "exchange for access token" do
268
+
269
+ before(:each) do
270
+ @access = @token.exchange!
271
+ end
272
+
273
+ it "should invalidate request token" do
274
+ @token.should be_invalidated
275
+ end
276
+
277
+ it "should set user on access token" do
278
+ @access.user.should == users(:quentin)
279
+ end
280
+
281
+ it "should authorize accesstoken" do
282
+ @access.should be_authorized
283
+ end
284
+ end
285
+
286
+ end
287
+
288
+ describe "attempt exchange with out authorization" do
289
+
290
+ before(:each) do
291
+ @value = @token.exchange!
292
+ end
293
+
294
+ it "should return false" do
295
+ @value.should==false
296
+ end
297
+
298
+ it "should not invalidate request token" do
299
+ @token.should_not be_invalidated
300
+ end
301
+ end
302
+
303
+ it "should return 1.0 style to_query" do
304
+ @token.to_query.should=="oauth_token=#{@token.token}&oauth_token_secret=#{@token.secret}"
305
+ end
306
+
307
+ end
308
+ end
309
+ end