grape_token_auth 0.0.0 → 0.1.0.rc1

data/lib/grape_token_auth/mail/messages/confirmation/confirmation.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
+  </head>
+  <body>
+    <h1>Email Confirmation</h1>
+	<p>Hello,</p>
+
+	<p>To activate your account please confirm your email by clicking the link below:</p>
+
+	<a href="<%= confirmation_link %>"><%= confirmation_link %></a>
+
+	<p>If you did not submit this request, please ignore this email</p>
+  </body>
+</html>

data/lib/grape_token_auth/mail/messages/confirmation/confirmation.text.erb

@@ -0,0 +1,8 @@
+Hello,
+
+To activate your account please confirm your email by clicking the link below:
+
+<%= confirmation_link %>
+
+If you did not submit this request, please ignore this email.
+

data/lib/grape_token_auth/mail/messages/confirmation/confirmation_email.rb

@@ -0,0 +1,27 @@
+module GrapeTokenAuth
+  module Mail
+    class ConfirmationEmail < MessageBase
+      TEXT_TEMPLATE = File.expand_path('../confirmation.text.erb', __FILE__)
+      HTML_TEMPLATE = File.expand_path('../confirmation.html.erb', __FILE__)
+
+      def initialize(opts)
+        @subject = opts[:subject] || 'Confirm your email'
+        super(opts)
+      end
+
+      def confirmation_link
+        protocol = url_options[:ssl] ? URI::HTTPS : URI::HTTP
+        options = url_options.merge(query: confirmation_params.to_query)
+        protocol.build(options).to_s
+      end
+
+      def confirmation_params
+        {
+          redirect_url: opts[:redirect_url],
+          config: opts[:client_config],
+          confirmation_token: opts[:token]
+        }
+      end
+    end
+  end
+end

data/lib/grape_token_auth/mail/messages/password_reset/password_reset.html.erb

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
+  </head>
+  <body>
+    <h1>Password Reset</h1>
+	<p>Hello,</p>
+
+	<p> A password request has been submitted for your account, in order to
+	reset your password, please click the link below or copy it into your
+	browser:</p>
+
+	<a href="<%= reset_link %>"><%= reset_link %></a>
+
+	<p>If you did not submit this request, please ignore this email</p>
+  </body>
+</html>

data/lib/grape_token_auth/mail/messages/password_reset/password_reset.text.erb

@@ -0,0 +1,9 @@
+Hello,
+
+A password request has been submitted for your account, in order to
+reset your password, please follow the  link below:
+
+<%= reset_link %>
+
+If you did not submit this request, please ignore this email.
+

data/lib/grape_token_auth/mail/messages/password_reset/password_reset_email.rb

@@ -0,0 +1,27 @@
+module GrapeTokenAuth
+  module Mail
+    class PasswordResetEmail < MessageBase
+      TEXT_TEMPLATE = File.expand_path('../password_reset.text.erb', __FILE__)
+      HTML_TEMPLATE = File.expand_path('../password_reset.html.erb', __FILE__)
+
+      def initialize(opts)
+        @subject = opts[:subject] || 'Password Reset'
+        super(opts)
+      end
+
+      def reset_link
+        protocol = url_options[:ssl] ? URI::HTTPS : URI::HTTP
+        options = url_options.merge(query: reset_params.to_query, path: opts[:edit_path])
+        protocol.build(options).to_s
+      end
+
+      def reset_params
+        {
+          redirect_url: opts[:redirect_url],
+          config: opts[:client_config],
+          reset_password_token: opts[:token]
+        }
+      end
+    end
+  end
+end

data/lib/grape_token_auth/mail/smtp_mailer.rb

@@ -0,0 +1,50 @@
+module GrapeTokenAuth
+  module Mail
+    class SMTPMailer
+      def initialize(message, opts)
+        @message = message
+        @opts = opts
+        @to_address = opts[:to] || opts['to']
+      end
+
+      def send_mail
+        email.deliver
+      end
+
+      def prepare_email!
+        @email = ::Mail.new
+        @email.to = to_address
+        @email.subject = message.subject
+        @email.from = GrapeTokenAuth.configuration.from_address
+        @email.text_part = prepare_text
+        @email.html_part = prepare_html
+        self
+      end
+
+      def self.send!(message, options)
+        new(message, options).prepare_email!.send_mail
+      end
+
+      def valid_options?
+        return false unless to_address
+        true
+      end
+
+      protected
+
+      def prepare_html
+        part = ::Mail::Part.new
+        part.body = message.html_body
+        part
+      end
+
+      def prepare_text
+        part = ::Mail::Part.new
+        part.body = message.text_body
+        part
+      end
+
+      attr_reader :message, :email, :opts, :to_address
+    end
+  end
+end

data/lib/grape_token_auth/middleware.rb

@@ -0,0 +1,42 @@
+module GrapeTokenAuth
+  class Middleware
+    def initialize(app, _options)
+      @app = app
+    end
+
+    def call(env)
+      setup(env)
+      begin
+        responses_with_auth_headers(*@app.call(env))
+      rescue Unauthorized
+        return unauthorized
+      end
+    end
+
+    private
+
+    attr_reader :app, :request_start, :authorizer_data, :scope
+
+    def unauthorized
+      [401,
+       { 'Content-Type' => 'application/json'
+       },
+       []
+      ]
+    end
+
+    def setup(env)
+      @request_start    = Time.now
+      @authorizer_data  = AuthorizerData.from_env(env)
+    end
+
+    def responses_with_auth_headers(status, headers, response)
+      auth_headers = AuthenticationHeader.new(authorizer_data, request_start)
+      [
+        status,
+        headers.merge(auth_headers.headers),
+        response
+      ]
+    end
+  end
+end

data/lib/grape_token_auth/mount_helpers.rb

@@ -0,0 +1,80 @@
+module GrapeTokenAuth
+  module MountHelpers
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def mount_registration(opts = {})
+        mount_api('RegistrationAPI', opts)
+      end
+
+      def mount_sessions(opts = {})
+        mount_api('SessionsAPI', opts)
+      end
+
+      def mount_confirmation(opts = {})
+        opts[:to] = opts[:to].to_s.chomp('/') + '/confirmation'
+        mount_api('ConfirmationAPI', opts)
+      end
+
+      def mount_token_validation(opts = {})
+        mount_api('TokenValidationAPI', opts)
+      end
+
+      def mount_password_reset(opts = {})
+        opts[:to] = opts[:to].to_s.chomp('/') + '/password'
+        mount_api('PasswordAPI', opts)
+      end
+
+      def mount_omniauth(opts = {})
+        path = opts[:to] || '/'
+
+        if mapping = opts[:for]
+          api = create_api_subclass('OmniAuthAPI', mapping)
+        else
+          api = GrapeTokenAuth::OmniAuthAPI
+        end
+
+        mount api => path
+      end
+
+      def mount_omniauth_callbacks(opts = {})
+        fail 'Oauth callback API is not scope specific. Only mount it once and do not pass a "for" option' if opts[:for]
+        fail 'Oauth callback API path is specificed in the configuration. Do not pass a "to" option' if opts[:to]
+        prefix = GrapeTokenAuth.set_omniauth_path_prefix!
+        mount GrapeTokenAuth::OmniAuthCallBackRouterAPI => prefix
+      end
+
+      private
+
+      def mount_api(api_class_name, opts)
+        path = opts[:to] || '/'
+
+        if opts[:for]
+          api = create_api_subclass(api_class_name, opts[:for])
+        else
+          api = GrapeTokenAuth.const_get(api_class_name)
+        end
+
+        mount api => path
+      end
+
+      def create_api_subclass(class_name, mapping)
+        resource_class = GrapeTokenAuth.configuration.scope_to_class(mapping)
+        fail ScopeUndefinedError.new(nil, mapping) unless resource_class
+        scope_name = mapping.to_s.split('_').collect(&:capitalize).join
+        klass = Class.new(Grape::API) do
+          class << self
+            def resource_scope
+              @resource_scope
+            end
+          end
+        end
+        klass.instance_variable_set(:@resource_scope, mapping)
+        klass.include(GrapeTokenAuth.const_get("#{class_name}Core"))
+        GrapeTokenAuth.const_set("#{scope_name}#{class_name}", klass)
+      end
+    end
+  end
+end

data/lib/grape_token_auth/omniauth/omniauth_failure_html.rb

@@ -0,0 +1,26 @@
+require_relative './omniauth_html_base.rb'
+
+module GrapeTokenAuth
+  class OmniAuthFailureHTML < OmniAuthHTMLBase
+    FAILURE_MESSAGE = 'authFailure'
+
+    def initialize(error_message)
+      @error_message = error_message
+    end
+
+    def auth_origin_url
+      "/#?error=#{error_message}"
+    end
+
+    def json_post_data
+      {
+        'message' => FAILURE_MESSAGE,
+        'error'   => error_message
+      }.to_json
+    end
+
+    private
+
+    attr_reader :error_message
+  end
+end

data/lib/grape_token_auth/omniauth/omniauth_html_base.rb

@@ -0,0 +1,23 @@
+require 'erb'
+require 'json'
+
+module GrapeTokenAuth
+  class OmniAuthHTMLBase
+    def render_html
+      unless respond_to?(:json_post_data) && respond_to?(:auth_origin_url)
+        fail 'Invalid OmniAuthHTMLBase class'
+      end
+      template.result(binding)
+    end
+
+    private
+
+    def template_path
+      File.expand_path('../response_template.html.erb', __FILE__)
+    end
+
+    def template
+      ERB.new(File.read(template_path))
+    end
+  end
+end

data/lib/grape_token_auth/omniauth/omniauth_resource.rb

@@ -0,0 +1,109 @@
+module GrapeTokenAuth
+  class OmniAuthResource
+    extend Forwardable
+
+    attr_reader :resource
+
+    def_delegators :token, :expiry, :client_id
+    def_delegator :resource, :uid
+
+    def initialize(resource, auth_hash, omniauth_params)
+      @resource        = resource
+      @auth_hash       = auth_hash
+      @omniauth_params = omniauth_params
+    end
+
+    def persist_oauth_attributes!
+      set_crazy_password
+      sync_token_to_resource
+      sync_attributes_to_resource
+      # skip_confirmable_email
+      resource.save!
+    end
+
+    def self.fetch_or_create(resource_class, auth_hash, oauth_params)
+      resource = resource_class.where(
+        uid:      auth_hash['uid'],
+        provider: auth_hash['provider']).first_or_initialize
+      new(resource, auth_hash, oauth_params)
+    end
+
+    def token
+      @token ||= Token.new
+    end
+
+    def token_value
+      token.to_s
+    end
+
+    def attributes
+      { 'auth_token' => token_value,
+        'client_id' => token.client_id,
+        'expiry' => token.expiry }.merge(resource.serializable_hash)
+    end
+
+    private
+
+    attr_reader :auth_hash, :omniauth_params
+
+    def set_crazy_password
+      # set crazy password for new oauth users. this is only used to prevent
+      # access via email sign-in.
+      return if resource.id
+      p = SecureRandom.urlsafe_base64(nil, false)
+      resource.password = p
+      resource.password_confirmation = p
+    end
+
+    def sync_attributes_to_resource
+      # sync user info with provider, update/generate auth token
+      assign_provider_attrs
+
+      # assign any additional (whitelisted) attributes
+      assign_extra_attributes
+    end
+
+    def assign_provider_attrs
+      info_hash = auth_hash['info']
+      attrs = %i(nickname name image email).each_with_object({}) do |k, hsh|
+        hsh[k] = info_hash.fetch(k, '')
+      end
+      resource.assign_attributes(attrs)
+    end
+
+    def assign_extra_attributes
+      extra_params = whitelisted_params
+      resource.assign_attributes(extra_params) if extra_params
+    end
+
+    def whitelisted_params
+      whitelist = GrapeTokenAuth.configuration.param_white_list
+      return unless whitelist
+      scoped_list = whitelist[scope] || whitelist[scope.to_s]
+      return unless scoped_list
+      scoped_list.each_with_object({}) do |key, permitted|
+        value = find_with_indifference(omniauth_params, key)
+        permitted[key] = value if value
+      end
+    end
+
+    def scope
+      klass = resource.class
+      @scope ||= GrapeTokenAuth.configuration.mappings
+                 .find { |k,v| v == klass }.try(:[], 0)
+    end
+
+    def find_with_indifference(hash, key)
+      if hash.key?(key.to_sym)
+        return hash[key.to_sym]
+      elsif hash.key?(key.to_s)
+        return hash[key.to_s]
+      end
+      nil
+    end
+
+    def sync_token_to_resource
+      resource.tokens[token.client_id] = token.to_h
+    end
+  end
+end

data/lib/grape_token_auth/omniauth/omniauth_success_html.rb

@@ -0,0 +1,61 @@
+require_relative './omniauth_html_base.rb'
+
+module GrapeTokenAuth
+  class OmniAuthSuccessHTML < OmniAuthHTMLBase
+    extend Forwardable
+
+    SUCCESS_MESSAGE = 'deliverCredentials'
+
+    def_delegators :oauth_resource, :resource, :persist_oauth_attributes!
+
+    def initialize(oauth_resource, auth_hash, omniauth_params)
+      @oauth_resource  = oauth_resource
+      @auth_hash       = auth_hash
+      @omniauth_params = omniauth_params
+    end
+
+    def self.build(resource_class, auth_hash, omniauth_params)
+      oauth_resource = OmniAuthResource.fetch_or_create(resource_class,
+                                                        auth_hash,
+                                                        omniauth_params)
+      new(oauth_resource, auth_hash, omniauth_params)
+    end
+
+    def auth_origin_url
+      @omniauth_params['auth_origin_url'] || @omniauth_params[:auth_origin_url]
+    end
+
+    def window_type
+      @omniauth_params['omniauth_window_type'] ||
+        @omniauth_params[:omniauth_window_type]
+    end
+
+    def full_redirect_url
+      "#{auth_origin_url}?#{auth_origin_query_params.to_query}"
+    end
+
+    def json_post_data
+      success_attributes = { 'message' => SUCCESS_MESSAGE,
+                             'config' => omniauth_params['config'] }
+      oauth_resource.attributes.merge(success_attributes).to_json
+    end
+
+    private
+
+    attr_reader :oauth_resource, :omniauth_params
+
+    def config
+      omniauth_params['config_name']
+    end
+
+    def auth_origin_query_params
+      {
+        auth_token: oauth_resource.token,
+        client_id:  oauth_resource.client_id,
+        uid:        oauth_resource.uid,
+        expiry:     oauth_resource.expiry,
+        config:     config
+      }
+    end
+  end
+end

data/lib/grape_token_auth/omniauth/response_template.html.erb

@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script>
+      /*
+        The data is accessible in two ways:
+
+        1. Using the postMessage api, this window will respond to a
+            'message' event with a post of all the data. (This can
+            be used by browsers other than IE if this window was
+            opened with window.open())
+        2. This window has a function called requestCredentials which,
+            when called, will return the data. (This can be
+            used if this window was opened in an inAppBrowser using
+            Cordova / PhoneGap)
+      */
+
+      var data = <%= json_post_data %>;
+
+      window.addEventListener("message", function(ev) {
+        if (ev.data === "requestCredentials") {
+          ev.source.postMessage(data, '*');
+          window.close();
+        }
+      });
+      function requestCredentials() {
+        return data;
+      }
+      setTimeout(function() {
+        document.getElementById('text').innerHTML = (data && data.error) || 'Redirecting...';
+      }, 1000);
+    </script>
+  </head>
+  <body>
+    <pre id="text">
+    </pre>
+  </body>
+</html>