grape_oauth2 0.1.1

data/Rakefile

@@ -0,0 +1,11 @@
+require 'bundler/setup'
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task default: :spec
+
+RSpec::Core::RakeTask.new(:spec) do |config|
+  config.verbose = false
+end
+
+Bundler::GemHelper.install_tasks

data/gemfiles/active_record.rb

@@ -0,0 +1,25 @@
+source 'https://rubygems.org'
+
+gemspec path: '../'
+
+platforms :jruby do
+  gem 'jdbc-sqlite3'
+end
+
+platforms :ruby, :mswin, :mswin64, :mingw, :x64_mingw do
+  gem 'sqlite3'
+end
+
+gem 'otr-activerecord'
+
+gem 'activerecord'
+gem 'bcrypt'
+
+group :test do
+  gem 'rspec-rails', '~> 3.5'
+  gem 'database_cleaner'
+  gem 'rack-test', require: 'rack/test'
+  gem 'coveralls', require: false
+end
+
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

data/gemfiles/mongoid.rb

@@ -0,0 +1,14 @@
+source 'https://rubygems.org'
+
+gemspec path: '../'
+
+gem 'mongoid', '~> 6'
+
+group :test do
+  gem 'rspec-rails', '~> 3.4'
+  gem 'database_cleaner'
+  gem 'rack-test', require: 'rack/test'
+  gem 'coveralls', require: false
+end
+
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

data/gemfiles/sequel.rb

@@ -0,0 +1,24 @@
+source 'https://rubygems.org'
+
+gemspec path: '../'
+
+platforms :jruby do
+  gem 'jdbc-sqlite3'
+end
+
+platforms :ruby, :mswin, :mswin64, :mingw, :x64_mingw do
+  gem 'sqlite3'
+end
+
+gem 'bcrypt'
+gem 'sequel'
+gem 'sequel_secure_password'
+
+group :test do
+  gem 'rspec-rails', '~> 3.4'
+  gem 'database_cleaner'
+  gem 'rack-test', require: 'rack/test'
+  gem 'coveralls', require: false
+end
+
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

data/grape_oauth2.gemspec

@@ -0,0 +1,27 @@
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
+
+require 'grape_oauth2/version'
+
+Gem::Specification.new do |gem|
+  gem.name        = 'grape_oauth2'
+  gem.version     = Grape::OAuth2.gem_version
+  gem.authors     = ['Nikita Bulai']
+  gem.date        = '2016-05-31'
+  gem.email       = ['bulajnikita@gmail.com']
+  gem.homepage    = 'http://github.com/nbulaj/grape-oauth2'
+  gem.summary     = 'Grape OAuth2 provider'
+  gem.description = 'Provides flexible, ORM-agnostic, fully customizable and simple OAuth2 support for Grape APIs'
+  gem.license     = 'MIT'
+
+  gem.require_paths = %w(lib)
+  gem.files = `git ls-files`.split($RS)
+  gem.test_files = Dir['spec/**/*']
+
+  gem.required_ruby_version = '>= 2.2.2'
+
+  gem.add_runtime_dependency 'grape', '~> 0.16'
+  gem.add_runtime_dependency 'rack-oauth2', '~> 1.3.0', '>= 1.3.0'
+
+  gem.add_development_dependency 'rspec-rails', '~> 3.4.0', '>= 3.4.0'
+  gem.add_development_dependency 'database_cleaner', '~> 1.5.0', '>= 1.5.0'
+end

data/lib/grape_oauth2.rb

@@ -0,0 +1,129 @@
+require 'grape'
+require 'rack/oauth2'
+
+require 'grape_oauth2/version'
+require 'grape_oauth2/configuration/validation'
+require 'grape_oauth2/configuration/class_accessors'
+require 'grape_oauth2/configuration'
+require 'grape_oauth2/scopes'
+require 'grape_oauth2/unique_token'
+
+# NOTE: Extract to separate gems!!!
+# This gem should contains only the core functionality and all mixins
+# need to be moved to their own repos with their own tests.
+
+# Mixins
+if defined?(ActiveRecord::Base)
+  require 'grape_oauth2/mixins/active_record/access_token'
+  require 'grape_oauth2/mixins/active_record/access_grant'
+  require 'grape_oauth2/mixins/active_record/client'
+end
+
+if defined?(Sequel::Model)
+  require 'grape_oauth2/mixins/sequel/access_token'
+  require 'grape_oauth2/mixins/sequel/access_grant'
+  require 'grape_oauth2/mixins/sequel/client'
+end
+
+if defined?(Mongoid::Document)
+  require 'grape_oauth2/mixins/mongoid/access_token'
+  require 'grape_oauth2/mixins/mongoid/access_grant'
+  require 'grape_oauth2/mixins/mongoid/client'
+end
+
+# Authorization Grants aka Flows (Strategies)
+require 'grape_oauth2/strategies/base'
+require 'grape_oauth2/strategies/authorization_code'
+require 'grape_oauth2/strategies/password'
+require 'grape_oauth2/strategies/client_credentials'
+require 'grape_oauth2/strategies/refresh_token'
+
+# Generators
+require 'grape_oauth2/generators/base'
+require 'grape_oauth2/generators/token'
+require 'grape_oauth2/generators/authorization'
+
+# Grape Helpers
+require 'grape_oauth2/helpers/access_token_helpers'
+require 'grape_oauth2/helpers/oauth_params'
+
+# Responses
+require 'grape_oauth2/responses/base'
+require 'grape_oauth2/responses/authorization'
+require 'grape_oauth2/responses/token'
+
+# Grape Endpoints
+require 'grape_oauth2/endpoints/token'
+require 'grape_oauth2/endpoints/authorize'
+
+# Use Grape namespace for the gem.
+module Grape
+  # Main Grape::OAuth2 module.
+  module OAuth2
+    class << self
+      # Grape::OAuth2 configuration.
+      #
+      # @return [Grape::OAuth2::Configuration]
+      #   configuration object
+      #
+      def config
+        @config ||= Grape::OAuth2::Configuration.new
+      end
+
+      # Configures Grape::OAuth2.
+      # Yields Grape::OAuth2::Configuration instance to the block.
+      def configure
+        yield config
+      end
+
+      # Validates Grape::OAuth2 configuration to be set correctly.
+      def check_configuration!
+        config.check!
+      end
+
+      # Grape::OAuth2 default middleware.
+      def middleware
+        [Rack::OAuth2::Server::Resource::Bearer, config.realm, config.token_authenticator]
+      end
+
+      # Method for injecting Grape::OAuth2 endpoints and helpers
+      # into Grape API class. Automatically set required middleware,
+      # OAuth2 helpers and mounts all (or configured) endpoints.
+      #
+      # @param endpoints [Array<Symbol>, Array<String>] endpoints to add
+      #
+      def api(*endpoints)
+        inject_to_api do |api|
+          api.use(*Grape::OAuth2.middleware)
+          api.helpers(Grape::OAuth2::Helpers::AccessTokenHelpers)
+
+          (endpoints.presence || endpoints_mapping.keys).each do |name|
+            endpoint = endpoints_mapping[name.to_sym]
+            raise ArgumentError, "Unrecognized endpoint: #{endpoint}" if endpoint.nil?
+
+            api.mount(endpoint)
+          end
+        end
+      end
+
+      private
+
+      def endpoints_mapping
+        {
+          token: ::Grape::OAuth2::Endpoints::Token,
+          authorize: ::Grape::OAuth2::Endpoints::Authorize
+        }
+      end
+
+      def inject_to_api(&_block)
+        raise ArgumentError, 'block must be specified!' unless block_given?
+
+        Module.new do |mod|
+          mod.define_singleton_method :included do |base|
+            yield base
+          end
+        end
+      end
+    end
+  end
+end

data/lib/grape_oauth2/configuration.rb

@@ -0,0 +1,143 @@
+module Grape
+  module OAuth2
+    # Grape::OAuth2 configuration class.
+    # Contains default or customized options that would be used
+    # in OAuth2 endpoints and helpers.
+    class Configuration
+      # Default Grape::OAuth2 configuration error class.
+      Error = Class.new(StandardError)
+      # Grape::OAuth2 configuration error for missing API required for OAuth2 classes.
+      APIMissing = Class.new(Error)
+
+      include Validation
+      include ClassAccessors
+
+      # Default Access Token TTL (in seconds)
+      DEFAULT_TOKEN_LIFETIME = 7200
+      # Default Authorization Code TTL ()in seconds)
+      DEFAULT_CODE_LIFETIME = 1800
+
+      # Default realm value
+      DEFAULT_REALM = 'OAuth 2.0'.freeze
+
+      # Currently supported (be the gem) OAuth2 grant types
+      SUPPORTED_GRANT_TYPES = %w(password client_credentials refresh_token).freeze
+
+      # The names of the classes that represents OAuth2 roles
+      #
+      # @return [String] class name
+      #
+      attr_accessor :access_token_class_name, :access_grant_class_name,
+                    :client_class_name, :resource_owner_class_name
+
+      # Class name for the OAuth2 helper class that validates requested scopes against Access Token scopes
+      #
+      # @return [String] scopes validator class name
+      #
+      attr_accessor :scopes_validator_class_name
+
+      # Class name for the OAuth2 helper class that generates unique token values
+      #
+      # @return [String] token generator class name
+      #
+      attr_accessor :token_generator_class_name
+
+      #  OAuth2 grant types (flows) allowed to be processed
+      #
+      # @return [Array<String>] grant types
+      #
+      attr_accessor :allowed_grant_types
+
+      # Access Token and Authorization Code lifetime in seconds
+      attr_accessor :authorization_code_lifetime, :access_token_lifetime
+
+      # Specifies whether to generate a Refresh Token when creating an Access Token
+      #
+      # @return [Boolean] true if need to generate refresh token, false in other case
+      #
+      attr_accessor :issue_refresh_token
+
+      # Realm value
+      #
+      # @return [String] realm
+      #
+      attr_accessor :realm
+
+      # Access Token authenticator block option for customization
+      attr_accessor :token_authenticator
+
+      # Callback that would be invoked during processing of Refresh Token request for
+      # the original Access Token found by token value
+      attr_accessor :on_refresh
+
+      def initialize
+        reset!
+      end
+
+      # Default Access Token authenticator block.
+      # Validates token value passed with the request params.
+      def default_token_authenticator
+        lambda do |request|
+          access_token_class.authenticate(request.access_token) || request.invalid_token!
+        end
+      end
+
+      # Accessor for Access Token authenticator block. Set it to proc
+      # if called with block or returns current value of the accessor.
+      def token_authenticator(&block)
+        if block_given?
+          instance_variable_set(:'@token_authenticator', block)
+        else
+          instance_variable_get(:'@token_authenticator')
+        end
+      end
+
+      # Accessor for on_refresh callback. Set callback proc
+      # if called with block or returns current value of the accessor.
+      def on_refresh(&block)
+        if block_given?
+          instance_variable_set(:'@on_refresh', block)
+        else
+          instance_variable_get(:'@on_refresh')
+        end
+      end
+
+      # Indicates if on_refresh callback can be invoked.
+      #
+      # @return [Boolean]
+      #   true if callback can be invoked and false in other cases
+      #
+      def on_refresh_runnable?
+        !on_refresh.nil? && on_refresh != :nothing
+      end
+
+      # Reset configuration to default options values.
+      def reset!
+        initialize_classes
+        initialize_authenticators
+
+        self.access_token_lifetime = DEFAULT_TOKEN_LIFETIME
+        self.authorization_code_lifetime = DEFAULT_CODE_LIFETIME
+        self.allowed_grant_types = %w(password client_credentials)
+
+        self.issue_refresh_token = false
+        self.on_refresh = :nothing
+
+        self.realm = DEFAULT_REALM
+      end
+
+      private
+
+      # Sets OAuth2 helpers classes to gem defaults.
+      def initialize_classes
+        self.scopes_validator_class_name = Grape::OAuth2::Scopes.name
+        self.token_generator_class_name = Grape::OAuth2::UniqueToken.name
+      end
+
+      # Sets authenticators to gem defaults.
+      def initialize_authenticators
+        self.token_authenticator = default_token_authenticator
+      end
+    end
+  end
+end

data/lib/grape_oauth2/configuration/class_accessors.rb

@@ -0,0 +1,36 @@
+module Grape
+  module OAuth2
+    # Grape::OAuth2 accessors for configured classes.
+    module ClassAccessors
+      # Returns Access Token class by configured name
+      def access_token_class
+        @_access_token_class ||= access_token_class_name.constantize
+      end
+
+      # Returns Resource Owner class by configured name
+      def resource_owner_class
+        @_resource_owner_class ||= resource_owner_class_name.constantize
+      end
+
+      # Returns Client class by configured name
+      def client_class
+        @_client_class ||= client_class_name.constantize
+      end
+
+      # Returns Access Grant class by configured name
+      def access_grant_class
+        @_access_grant_class ||= access_grant_class_name.constantize
+      end
+
+      # Returns Scopes Validator class by configured name
+      def scopes_validator
+        scopes_validator_class_name.constantize
+      end
+
+      # Returns Token Generator class by configured name
+      def token_generator
+        token_generator_class_name.constantize
+      end
+    end
+  end
+end

data/lib/grape_oauth2/configuration/validation.rb

@@ -0,0 +1,71 @@
+module Grape
+  module OAuth2
+    class Configuration
+      # Validates Grape::OAuth2 configuration.
+      module Validation
+        # Checks configuration to be set correctly
+        # (required classes must be defined and implement specific set of API).
+        def check!
+          check_required_classes!
+          check_required_classes_api!
+        end
+
+        private
+
+        # API mapping.
+        # Classes, that represents OAuth2 roles, must have described methods.
+        REQUIRED_CLASSES_API = {
+          access_token_class: {
+            class_methods: %i(authenticate create_for),
+            instance_methods: %i(expired? revoked? revoke! to_bearer_token)
+          },
+          client_class: {
+            class_methods: %i(authenticate)
+          },
+          token_generator: {
+            class_methods: %i(generate)
+          },
+          scopes_validator: {
+            instance_methods: %i(valid_for?)
+          }
+        }.freeze
+
+        # Validates that required classes defined.
+        def check_required_classes!
+          REQUIRED_CLASSES_API.keys.each do |klass|
+            begin
+              object = send(klass)
+            rescue NoMethodError
+              raise Error, "'#{klass}' must be defined!" if object.nil? || !defined?(object)
+            end
+          end
+        end
+
+        # Validates that required classes have all the API.
+        def check_required_classes_api!
+          REQUIRED_CLASSES_API.each do |klass, api_methods|
+            check_class_methods(klass, api_methods[:class_methods])
+            check_instance_methods(klass, api_methods[:instance_methods])
+          end
+        end
+
+        # Validates that required classes have required class methods.
+        def check_class_methods(klass, required_methods)
+          (required_methods || []).each do |method|
+            method_exist = send(klass).respond_to?(method)
+            raise APIMissing, "Class method '#{method}' must be defined for the '#{klass}'!" unless method_exist
+          end
+        end
+
+        # Validates that required classes have required instance methods.
+        def check_instance_methods(klass, required_methods)
+          (required_methods || []).each do |method|
+            unless send(klass).method_defined?(method)
+              raise APIMissing, "Instance method '#{method}' must be defined for the '#{klass}'!"
+            end
+          end
+        end
+      end
+    end
+  end
+end