foreverman-authlogic-connect 0.0.1

data/lib/authlogic_connect/oauth/helper.rb

@@ -0,0 +1,20 @@
+module AuthlogicConnect::Oauth::Helper
+  
+  # options include "name"
+  def oauth_register_hidden_input
+    oauth_input(:type => "user")
+  end
+  
+  def oauth_login_hidden_input
+    oauth_input(:type => "session")
+  end
+  
+  def oauth_input(options = {})
+    tag(:input, {:type => "hidden", :name => "authentication_type", :value => options[:type]})
+  end
+  
+end
+
+module AuthlogicConnect::Oauth::FormHelper
+  
+end

data/lib/authlogic_connect/oauth/process.rb

@@ -0,0 +1,75 @@
+module AuthlogicConnect::Oauth::Process
+
+  include AuthlogicConnect::Oauth::Variables
+
+  # Step 2: after save is called, it runs this method for validation
+  def validate_by_oauth
+    if processing_authentication
+      authentication_protocol(:oauth, :start) || authentication_protocol(:oauth, :complete)
+    end
+  end
+  
+  # Step 3: if new_oauth_request?, redirect to oauth provider
+  def start_oauth
+    save_oauth_session
+    authorize_url = token_class.authorize_url(auth_callback_url) do |request_token|
+      save_auth_session_token(request_token) # only for oauth version 1
+    end
+    auth_controller.redirect_to authorize_url
+  end
+  
+  # Step 4: on callback, run this method
+  def complete_oauth
+    # implemented in User and Session Oauth modules
+    unless new_oauth_request? # shouldn't be validating if it's redirecting...
+      restore_attributes
+      complete_oauth_transaction
+      return true
+    end
+    return false
+  end
+  
+  # Step 3a: save our passed-parameters into the session,
+  # so we can retrieve them after the redirect calls back
+  def save_oauth_session
+    # Store the class which is redirecting, so we can ensure other classes
+    # don't get confused and attempt to use the response
+    auth_session[:auth_request_class]         = self.class.name
+  
+    auth_session[:authentication_type]        = auth_params[:authentication_type]
+    auth_session[:oauth_provider]             = auth_params[:oauth_provider]
+    auth_session[:auth_method]                = "oauth"
+    
+    # Tell our rack callback filter what method the current request is using
+    auth_session[:auth_callback_method]       = auth_controller.request.method
+  end
+  
+  # Step 3b (if version 1.0 of oauth)
+  def save_auth_session_token(request)
+    # store token and secret
+    auth_session[:oauth_request_token]        = request.token
+    auth_session[:oauth_request_token_secret] = request.secret
+  end
+  
+  def restore_attributes
+  end
+  
+  # Step last, after the response
+  # having lots of trouble testing logging and out multiple times,
+  # so there needs to be a solid way to know when a user has messed up loggin in.
+  def cleanup_oauth_session
+    [:auth_request_class,
+      :authentication_type,
+      :auth_method,
+      :auth_attributes,
+      :oauth_provider,
+      :auth_callback_method,
+      :oauth_request_token,
+      :oauth_request_token_secret,
+      :_key,
+      :_token,
+      :_secret,
+    ].each {|key| remove_session_key(key)}
+  end
+  
+end

data/lib/authlogic_connect/oauth/session.rb

@@ -0,0 +1,62 @@
+module AuthlogicConnect::Oauth
+  # This module is responsible for adding oauth
+  # to the Authlogic::Session::Base class.
+  module Session
+    def self.included(base)
+      base.class_eval do
+        include InstanceMethods
+      end
+    end
+    
+    module InstanceMethods
+      include Process
+
+      def self.included(klass)
+        klass.class_eval do
+          validate :validate_by_oauth, :if => :authenticating_with_oauth?
+        end
+      end
+      
+      # Hooks into credentials so that you can pass a user who has already has an oauth access token.
+      def credentials=(value)
+        super
+        values = value.is_a?(Array) ? value : [value]
+        hash = values.first.is_a?(Hash) ? values.first.with_indifferent_access : nil
+        self.record = hash[:priority_record] if !hash.nil? && hash.key?(:priority_record)
+      end
+
+      def record=(record)
+        @record = record
+      end
+
+    private
+      
+      def complete_oauth_transaction
+        if @record
+          self.attempted_record = record
+        else
+          # this generated token is always the same for a user!
+          # this is searching with User.find ...
+          # attempted_record is part of AuthLogic
+          hash = oauth_token_and_secret
+          token = token_class.find_by_key_or_token(hash[:key], hash[:token], :include => [:user]) # some weird error if I leave out the include)
+          if token
+            self.attempted_record = token.user
+          elsif auto_register?
+            self.attempted_record = klass.new
+            self.attempted_record.access_tokens << token_class.new(hash)
+            self.attempted_record.save
+          else
+            auth_session[:_key] = hash[:key]
+            auth_session[:_token] = hash[:token]
+            auth_session[:_secret] = hash[:secret]
+          end
+        end
+
+        if !attempted_record
+          errors.add(:user, "Could not find user in our database, have you registered with your oauth account?")
+        end
+      end
+    end
+  end
+end

data/lib/authlogic_connect/oauth/state.rb

@@ -0,0 +1,60 @@
+# all these methods must return true or false
+module AuthlogicConnect::Oauth::State
+  
+  # 1. to call
+  # checks that we just passed parameters to it,
+  # and that the parameters say 'authentication_method' == 'oauth'
+  def oauth_request?
+    auth_params? && oauth_provider?
+  end
+  
+  # 2. from call
+  # checks that the correct session variables are there
+  def oauth_response?
+    !oauth_response.nil? && auth_session? && auth_session[:auth_request_class] == self.class.name && auth_session[:auth_method] == "oauth"
+  end
+  
+  def oauth_complete?
+    oauth_response? || stored_oauth_token_and_secret?
+  end
+  
+  # 3. either to or from call
+  def using_oauth?
+    oauth_request? || oauth_response? || stored_oauth_token_and_secret?
+  end
+  
+  def new_oauth_request?
+    return false if stored_oauth_token_and_secret?
+    return oauth_response.blank?
+  end
+  
+  def oauth_provider?
+    !oauth_provider.blank?
+  end
+  
+  # main method we call on validation
+  def authenticating_with_oauth?
+    correct_request_class? && using_oauth?
+  end
+  
+  def allow_oauth_redirect?
+    authenticating_with_oauth? && !oauth_complete?
+  end
+  
+  def start_oauth?
+    authenticating_with_oauth? && !oauth_complete?
+  end
+  
+  def complete_oauth?
+    using_oauth? && !new_oauth_request?
+  end
+  
+  def validate_password_with_oauth?
+    !using_oauth? && require_password?
+  end
+  
+  def stored_oauth_token_and_secret?
+    !is_auth_session? && auth_params? && auth_params.has_key?(:_key) && auth_params.has_key?(:_token) && auth_params.has_key?(:_secret)
+  end
+  
+end

data/lib/authlogic_connect/oauth/tokens/aol_token.rb

@@ -0,0 +1,2 @@
+# http://dev.aol.com/openauth_gettingstarted
+# https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=dev.aol.com&authLev=1&lang=en&locale=us&siteState=OrigUrl%3Dhttp%253A%252F%252Fdev.aol.com%252Fkeys

data/lib/authlogic_connect/oauth/tokens/facebook_token.rb

@@ -0,0 +1,11 @@
+# http://www.facebook.com/developers/apps.php
+# http://developers.facebook.com/setup/
+class FacebookToken < OauthToken
+  
+  version 2.0
+  
+  settings "https://graph.facebook.com",
+    :authorize_url => "https://graph.facebook.com/oauth/authorize",
+    :scope         => "email, offline_access"
+  
+end

data/lib/authlogic_connect/oauth/tokens/foursquare_token.rb

@@ -0,0 +1,15 @@
+class FoursquareToken < OauthToken
+  
+  key do |access_token|
+    body = JSON.parse(access_token.get("/user.json").body)
+    user_id = body['user']['id'].to_s
+  end
+  
+  settings "http://api.foursquare.com/:api_version",
+    :request_token_url  => "http://foursquare.com/oauth/request_token",
+    :access_token_url   => "http://foursquare.com/oauth/access_token",
+    :authorize_url      => "http://foursquare.com/oauth/authorize",
+    :api_versions       => {1 => "v1", 2 => "v2"},
+    :api_version        => 1
+  
+end

data/lib/authlogic_connect/oauth/tokens/get_satisfaction_token.rb

@@ -0,0 +1,9 @@
+# http://getsatisfaction.com/developers/oauth
+class GetSatisfactionToken < OauthToken
+  
+  settings "http://getsatisfaction.com",
+    :request_token_path => "/api/request_token",
+    :authorize_url      => "/api/authorize",
+    :access_token_path  => "/api/access_token"
+  
+end

data/lib/authlogic_connect/oauth/tokens/github_token.rb

@@ -0,0 +1,14 @@
+class GithubToken < OauthToken
+  
+  version 2
+  
+  key do |access_token|
+    user = JSON.parse(access_token.get("/api/v2/json/user/show"))
+    user["id"]
+  end
+  
+  settings "https://github.com",
+    :authorize_path     => "/login/oauth/authorize",
+    :access_token_path  => "/login/oauth/access_token"
+  
+end

data/lib/authlogic_connect/oauth/tokens/google_token.rb

@@ -0,0 +1,41 @@
+# http://code.google.com/apis/accounts/docs/OAuth_ref.html
+# http://code.google.com/apis/accounts/docs/OpenID.html#settingup
+# http://code.google.com/apis/accounts/docs/OAuth.html
+# http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html
+# http://www.manu-j.com/blog/add-google-oauth-ruby-on-rails-sites/214/
+# http://googlecodesamples.com/oauth_playground/
+# Scopes:
+# Analytics         https://www.google.com/analytics/feeds/ 
+# Google Base       http://www.google.com/base/feeds/       
+# Book Search       http://www.google.com/books/feeds/      
+# Blogger           http://www.blogger.com/feeds/           
+# Calendar          http://www.google.com/calendar/feeds/   
+# Contacts          http://www.google.com/m8/feeds/         
+# Documents List    http://docs.google.com/feeds/           
+# Finance           http://finance.google.com/finance/feeds/
+# GMail             https://mail.google.com/mail/feed/atom
+# Health            https://www.google.com/health/feeds/
+# H9                https://www.google.com/h9/feeds/
+# Maps              http://maps.google.com/maps/feeds/
+# OpenSocial        http://www-opensocial.googleusercontent.com/api/people/
+# orkut             http://www.orkut.com/social/rest
+# Picasa Web        http://picasaweb.google.com/data/
+# Sidewiki          http://www.google.com/sidewiki/feeds/
+# Sites             http://sites.google.com/feeds/
+# Spreadsheets      http://spreadsheets.google.com/feeds/
+# Webmaster Tools   http://www.google.com/webmasters/tools/feeds/
+# YouTube           http://gdata.youtube.com
+class GoogleToken < OauthToken
+  
+   settings "https://www.google.com",
+     :request_token_path => "/accounts/OAuthGetRequestToken",
+     :authorize_path     => "/accounts/OAuthAuthorizeToken",
+     :access_token_path  => "/accounts/OAuthGetAccessToken",
+     :scope              => "https://www.googleapis.com/auth/userinfo#email"
+
+   key do |access_token|
+     body = JSON.parse(access_token.get("https://www.googleapis.com/userinfo/email?alt=json").body)
+     email = body["data"]["email"]
+   end
+   
+end

data/lib/authlogic_connect/oauth/tokens/linked_in_token.rb

@@ -0,0 +1,19 @@
+# http://developer.linkedin.com/docs/DOC-1008
+# https://www.linkedin.com/secure/developer
+# http://github.com/pengwynn/linkedin/tree/master/lib/linked_in/
+class LinkedInToken < OauthToken
+  
+  key do |access_token|
+    body = access_token.get("https://api.linkedin.com/v1/people/~:(id)").body
+    id = body.gsub("<id>([^><]+)</id>", "\\1") # so we don't need to also import nokogiri
+    id
+  end
+  
+  settings "https://api.linkedin.com",
+    :request_token_path => "/uas/oauth/requestToken",
+    :access_token_path  => "/uas/oauth/accessToken",
+    :authorize_path     => "/uas/oauth/authorize",
+    :http_method        => "get",
+    :scheme             => :query_string
+  
+end

data/lib/authlogic_connect/oauth/tokens/meetup_token.rb

@@ -0,0 +1,12 @@
+# http://www.meetup.com/meetup_api/docs/#oauth
+# protected resources: http://api.meetup.com
+class MeetupToken < OauthToken
+  
+  key :user_id
+
+  settings "http://www.meetup.com/"
+    :request_token_path => "/oauth/request",
+    :authorize_path     => "/authorize",
+    :access_token_path  => "/oauth/access"
+
+end

data/lib/authlogic_connect/oauth/tokens/myspace_token.rb

@@ -0,0 +1,26 @@
+# http://wiki.developer.myspace.com/index.php?title=Category:MySpaceID
+# http://developerwiki.myspace.com/index.php?title=OAuth_REST_API_Usage_-_Authentication_Process
+# http://developerwiki.myspace.com/index.php?title=How_to_Set_Up_a_New_Application_for_OpenID
+# http://developer.myspace.com/Modules/Apps/Pages/ApplyDevSandbox.aspx
+# after you've signed up:
+# http://developer.myspace.com/modules/apps/pages/createappaccount.aspx
+# "Create a MySpaceID App"
+# http://developer.myspace.com/modules/apps/pages/editapp.aspx?appid=188312&mode=create
+# http://developer.myspace.com/Modules/APIs/Pages/OAuthTool.aspx
+# http://developer.myspace.com/Community/forums/p/3626/15947.aspx
+class MyspaceToken < OauthToken
+  
+  # http://wiki.developer.myspace.com/index.php?title=Portable_Contacts_REST_Resources
+  key do |access_token|
+    body = JSON.parse(access_token.get("/v2/people/@me/@self?format=json").body)
+    id = body["entry"]["id"]
+  end
+  
+  settings "http://api.myspace.com", 
+    :request_token_path => "/request_token",
+    :authorize_path     => "/authorize",
+    :access_token_path  => "/access_token",
+    :http_method        => "get",
+    :scheme             => :query_string
+  
+end

data/lib/authlogic_connect/oauth/tokens/netflix_token.rb

@@ -0,0 +1,10 @@
+class NetflixToken < OauthToken
+  
+  key :user_id
+
+  settings "http://api.netflix.com",
+    :request_token_path => "/oauth/request_token",
+    :access_token_path => "/oauth/access_token",
+    :authorize_path => "/oauth/login"
+
+end

data/lib/authlogic_connect/oauth/tokens/oauth_token.rb

@@ -0,0 +1,164 @@
+class OauthToken < AccessToken
+  
+  def client
+    unless @client
+      if oauth_version == 1.0
+        @client = OAuth::AccessToken.new(self.consumer, self.token, self.secret)
+      else
+        @client = OAuth2::AccessToken.new(self.consumer, self.token)
+      end
+    end
+    
+    @client
+  end
+  
+  def clear
+    @client = nil
+  end
+  
+  def oauth_version
+    self.class.oauth_version
+  end
+  
+  def get(path, headers = {})
+    client.get(path, headers)
+  end
+  
+  def post(path, body = "", headers = {})
+    client.post(path, body, headers)
+  end
+  
+  def head(path, headers = {})
+    client.head(path, headers)
+  end
+  
+  def put(path, body = "", headers = {})
+    client.put(path, body, headers)
+  end
+  
+  def delete(path, headers = {})
+    client.delete(path, headers)
+  end
+  
+  class << self
+    
+    # oauth version, 1.0 or 2.0
+    def version(value)
+      @oauth_version = value
+    end
+    
+    def oauth_version
+      @oauth_version ||= 1.0
+    end
+    
+    # unique key that we will use from the AccessToken response
+    # to identify the user by.
+    # in Twitter, its "user_id".  Twitter has "screen_name", but that's
+    # more subject to change than user_id.  Pick whatever is least likely to change
+    def key(value = nil, &block)
+      if block_given?
+        @oauth_key = block
+      else
+        @oauth_key = value.is_a?(Symbol) ? value : value.to_sym
+      end
+    end
+    
+    def oauth_key
+      @oauth_key
+    end
+    
+    def config
+      super.merge(credentials[:options] || {})
+    end
+
+    def consumer
+      if oauth_version == 1.0
+        OAuth::Consumer.new(credentials[:key], credentials[:secret], config)
+      else
+        OAuth2::Client.new(credentials[:key], credentials[:secret], config)
+      end
+    end
+    
+    # if we're lucky we can find it by the token.
+    def find_by_key_or_token(key, token, options = {})
+      result = self.find_by_key(key, options) unless key.nil?
+      unless result
+        if !token.blank? && self.respond_to?(:find_by_token)
+          result = self.find_by_token(token, options)
+        end
+      end
+      result 
+    end
+    
+    # this is a wrapper around oauth 1 and 2.
+    # it looks obscure, but from the api point of view
+    # you won't have to worry about it's implementation.
+    # in oauth 1.0, key = oauth_token, secret = oauth_secret
+    # in oauth 2.0, key = code, secret = access_token
+    def get_token_and_secret(options = {})
+      oauth_verifier  = options[:oauth_verifier]
+      redirect_uri    = options[:redirect_uri]
+      token           = options[:token]
+      secret          = options[:secret]
+      consumer        = self.consumer # cached
+      
+      if oauth_version == 1.0
+        access = request_token(token, secret).get_access_token(:oauth_verifier => oauth_verifier)
+        result = {:token => access.token, :secret => access.secret, :key => nil}
+        if self.oauth_key
+          if oauth_key.is_a?(Proc)
+            result[:key] = oauth_key.call(access)
+          else
+            result[:key] = access.params[self.oauth_key] || access.params[self.oauth_key.to_s] # try both
+          end
+        else
+          puts "Access Token: #{access.inspect}"
+          raise "please set an oauth key for #{service_name.to_s}"
+        end
+      else
+        access = consumer.web_server.get_access_token(secret, :redirect_uri => redirect_uri)
+        result = {:token => access.token, :secret => secret, :key => nil}
+      end
+      
+      result
+    end
+    
+    # this is a cleaner method so we can access the authorize_url
+    # from oauth 1 or 2
+    def authorize_url(callback_url, &block)
+      consumer        = self.consumer # cached
+
+      if oauth_version == 1.0
+        request = get_request_token(callback_url, consumer)
+        yield request if block_given?
+        return request.authorize_url
+      else
+        options = {:redirect_uri => callback_url}
+
+        unless consumer.nil? || consumer.options.empty? || consumer.options[:scope].nil?
+          options[:scope] = consumer.options[:scope]
+        else
+          options[:scope] = self.config[:scope] unless self.config[:scope].blank?
+        end
+        return consumer.web_server.authorize_url(options)
+      end
+    end
+    
+    def request_token(token, secret)
+      OAuth::RequestToken.new(consumer, token, secret)
+    end
+    
+    # if you pass a hash as the second parameter to consumer.get_request_token,
+    # ruby oauth will think this is a form and all sorts of bad things happen
+    def get_request_token(callback_url, consumer = nil)
+      options = {:scope => config[:scope]} if config[:scope]
+      consumer ||= self.consumer
+      consumer.get_request_token({:oauth_callback => callback_url}, options)
+    end
+    
+    def get_access_token(oauth_verifier)
+      request_token.get_access_token(:oauth_verifier => oauth_verifier)
+    end
+  end
+  
+end