houston-oauth-plugin 0.5.1

data/lib/generators/test_unit/templates/oauth_nonces.yml

@@ -0,0 +1,13 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+one:
+  id: 1
+  nonce: a_nonce
+  timestamp: 1
+  created_at: 2007-11-25 17:27:04
+  updated_at: 2007-11-25 17:27:04
+two:
+  id: 2
+  nonce: b_nonce
+  timestamp: 2
+  created_at: 2007-11-25 17:27:04
+  updated_at: 2007-11-25 17:27:04

data/lib/generators/test_unit/templates/oauth_token_test.rb

@@ -0,0 +1,57 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class RequestTokenTest < ActiveSupport::TestCase
+
+  fixtures :client_applications, :users, :oauth_tokens
+
+  def setup
+    @token = RequestToken.create :client_application=>client_applications(:one)
+  end
+
+  def test_should_be_valid
+    assert @token.valid?
+  end
+
+  def test_should_not_have_errors
+    assert @token.errors.empty?
+  end
+
+  def test_should_have_a_token
+    assert_not_nil @token.token
+  end
+
+  def test_should_have_a_secret
+    assert_not_nil @token.secret
+  end
+
+  def test_should_not_be_authorized
+    assert !@token.authorized?
+  end
+
+  def test_should_not_be_invalidated
+    assert !@token.invalidated?
+  end
+
+  def test_should_authorize_request
+    @token.authorize!(users(:quentin))
+    assert @token.authorized?
+    assert_not_nil @token.authorized_at
+    assert_equal users(:quentin), @token.user
+  end
+
+  def test_should_not_exchange_without_approval
+    assert_equal false, @token.exchange!
+    assert_equal false, @token.invalidated?
+  end
+
+  def test_should_not_exchange_without_approval
+    @token.authorize!(users(:quentin))
+    @access = @token.exchange!
+    assert_not_equal false, @access
+    assert @token.invalidated?
+
+    assert_equal users(:quentin), @access.user
+    assert @access.authorized?
+  end
+
+end

data/lib/generators/test_unit/templates/oauth_tokens.yml

@@ -0,0 +1,17 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+one:
+  id: 1
+  user_id: 1
+  client_application_id: 1
+  token: one
+  secret: MyString
+  created_at: 2007-11-19 07:31:46
+  updated_at: 2007-11-19 07:31:46
+two:
+  id: 2
+  user_id: 1
+  client_application_id: 1
+  token: two
+  secret: MyString
+  created_at: 2007-11-19 07:31:46
+  updated_at: 2007-11-19 07:31:46

data/lib/oauth-plugin.rb

@@ -0,0 +1,24 @@
+require 'oauth'
+require 'oauth/signature/hmac/sha1'
+require 'oauth/request_proxy/rack_request'
+require 'oauth/server'
+require 'oauth/controllers/application_controller_methods'
+if Rails::VERSION::MAJOR >= 3
+  require 'oauth/request_proxy/rack_request'
+else
+  require 'oauth/request_proxy/action_controller_request'
+  ActionController::Base.send :include, OAuth::Controllers::ApplicationControllerMethods
+end
+
+
+if Rails::VERSION::MAJOR >= 3
+  module OAuth
+    module Plugin
+      class OAuthRailtie < Rails::Railtie
+        initializer "oauth-plugin.configure_rails_initialization" do |app|
+          ActionController::Base.send :include, OAuth::Controllers::ApplicationControllerMethods
+        end
+      end
+    end
+  end
+end

data/lib/oauth-plugin/version.rb

@@ -0,0 +1,5 @@
+module Oauth
+  module Plugin
+    VERSION = "0.5.1"
+  end
+end

data/lib/oauth/controllers/application_controller_methods.rb

@@ -0,0 +1,140 @@
+module OAuth
+  module Controllers
+
+    module ApplicationControllerMethods
+
+      def self.included(controller)
+        controller.class_eval do
+          extend ClassMethods
+        end
+      end
+
+      module ClassMethods
+        def oauthenticate(options={})
+          filter_options = {}
+          filter_options[:only]   = options.delete(:only) if options[:only]
+          filter_options[:except] = options.delete(:except) if options[:except]
+          before_filter Filter.new(options), filter_options
+        end
+      end
+
+      class Filter
+        def initialize(options={})
+          @options={
+              :interactive=>true,
+              :strategies => [:token,:two_legged]
+            }.merge(options)
+          @strategies = Array(@options[:strategies])
+          @strategies << :interactive if @options[:interactive]
+        end
+
+        def before(controller)
+          Authenticator.new(controller,@strategies).allow?
+        end
+      end
+
+      class Authenticator
+        attr_accessor :controller, :strategies, :strategy
+        def initialize(controller,strategies)
+          @controller = controller
+          @strategies = strategies
+        end
+
+        def allow?
+          if @strategies.include?(:interactive) && interactive
+            true
+          elsif !(@strategies & env["oauth.strategies"].to_a).empty?
+            if token.present?
+              @controller.send :current_user=, token.user
+              true
+            else
+              false
+            end
+          else
+            if @strategies.include?(:interactive)
+              controller.send :access_denied
+            else
+              controller.send :invalid_oauth_response
+            end
+          end
+        end
+
+        def oauth20_token
+           env["oauth.version"]==2 && env["oauth.token"]
+        end
+
+        def oauth10_token
+          env["oauth.version"]==1 && env["oauth.token"]
+        end
+
+        def oauth10_request_token
+          oauth10_token && oauth10_token.is_a?(::RequestToken) ? oauth10_token : nil
+        end
+
+        def oauth10_access_token
+          oauth10_token && oauth10_token.is_a?(::AccessToken) ? oauth10_token : nil
+        end
+
+        def token
+          oauth20_token || oauth10_access_token || nil
+        end
+
+        def client_application
+          env["oauth.version"]==1 && env["oauth.client_application"] || oauth20_token.try(:client_application)
+        end
+
+        def two_legged
+           env["oauth.version"]==1 && client_application
+        end
+
+        def interactive
+          @controller.send :logged_in?
+        end
+
+        def env
+          request.env
+        end
+
+        def request
+          controller.send :request
+        end
+
+      end
+
+      protected
+
+      def current_token
+        request.env["oauth.token"]
+      end
+
+      def current_client_application
+        request.env["oauth.version"]==1 && request.env["oauth.client_application"] || current_token.try(:client_application)
+      end
+
+      def oauth?
+        current_token
+      end
+
+      # use in a before_filter. Note this is for compatibility purposes. Better to use oauthenticate now
+      def oauth_required
+        Authenticator.new(self,[:oauth10_access_token]).allow?
+      end
+
+      # use in before_filter. Note this is for compatibility purposes. Better to use oauthenticate now
+      def login_or_oauth_required
+        Authenticator.new(self,[:oauth10_access_token,:interactive]).allow?
+      end
+
+      def invalid_oauth_response(code=401,message="Invalid OAuth Request")
+        render :text => message, :status => code
+        false
+      end
+
+      # override this in your controller
+      def access_denied
+        head 401
+      end
+
+    end
+  end
+end

data/lib/oauth/controllers/consumer_controller.rb

@@ -0,0 +1,153 @@
+module Oauth
+  module Controllers
+    module ConsumerController
+      def self.included(controller)
+        controller.class_eval do
+          before_filter :load_consumer, :except=>:index
+          skip_before_filter :verify_authenticity_token,:only=>:callback
+        end
+      end
+
+      def index
+        @consumer_tokens=ConsumerToken.all :conditions=>{:user_id=>current_user.id}
+        # The services the user hasn't already connected to
+        @services=OAUTH_CREDENTIALS.keys-@consumer_tokens.collect{|c| c.class.service_name}
+      end      
+      
+      # If the user has no token or <tt>force</tt> is set as a param, creates request token and
+      # redirects on to oauth provider's auth page.  Otherwise it displays a page with an option
+      # to disconnect and redo
+      def show
+        if @token && params[:force]
+          @token.destroy
+          @token = nil
+        end
+
+        unless @token
+          if @consumer.ancestors.include?(Oauth2Token)
+            request_url = callback2_oauth_consumer_url + callback2_querystring
+            redirect_to @consumer.authorize_url(request_url)
+          else
+            request_url = callback_oauth_consumer_url(params[:id]) + callback2_querystring
+            @request_token = @consumer.get_request_token(request_url)
+            session[@request_token.token]=@request_token.secret
+            if @request_token.callback_confirmed?
+              redirect_to @request_token.authorize_url
+            else
+              redirect_to(@request_token.authorize_url + "&oauth_callback=#{callback_oauth_consumer_url(params[:id])}")
+            end
+          end
+        end
+      end
+      
+      def callback2_querystring
+        request.query_string.blank? ? '' : '?' + request.query_string
+      end
+      
+      def callback2
+        @token = @consumer.access_token(current_user,params[:code], callback2_oauth_consumer_url)
+        if @token
+          # Log user in
+          if logged_in?
+            flash[:notice] = "#{params[:id].humanize} was successfully connected to your account"
+          else
+            self.current_user = @token.user
+            flash[:notice] = "You logged in with #{params[:id].humanize}"
+          end
+          go_back
+        else
+          flash[:error] = "An error happened, please try connecting again"
+          redirect_to oauth_consumer_url(params[:id])
+        end
+
+      end
+
+      def callback
+        logger.info "CALLBACK"
+        @request_token_secret=session[params[:oauth_token]]
+        if @request_token_secret
+          @token=@consumer.find_or_create_from_request_token(current_user,params[:oauth_token],@request_token_secret,params[:oauth_verifier])
+          session[params[:oauth_token]] = nil
+          if @token
+            # Log user in
+            if logged_in?
+              flash[:notice] = "#{params[:id].humanize} was successfully connected to your account"
+            else
+              self.current_user = @token.user
+              flash[:notice] = "You logged in with #{params[:id].humanize}"
+            end
+            go_back
+          else
+            flash[:error] = "An error happened, please try connecting again"
+            redirect_to oauth_consumer_url(params[:id])
+          end
+        end
+
+      end
+
+      def client
+        method = request.method.downcase.to_sym
+        path = "/#{params[:endpoint]}?#{request.query_string}"
+        if consumer_credentials[:expose]
+          if @token
+            oauth_response = @token.client.send(method, path)
+            if oauth_response.is_a? Net::HTTPRedirection
+              # follow redirect
+              oauth_response = @token.client.send(method, oauth_response['Location'])
+            end
+
+            render :text => oauth_response.body
+          else
+            render :text => "Token needed.", :status => 403
+          end
+        else
+          render :text => "Not allowed", :status => 403
+        end
+      end
+
+      def destroy
+        throw RecordNotFound unless @token
+        @token.destroy
+        if params[:commit]=="Reconnect"
+          redirect_to oauth_consumer_url(params[:id])
+        else
+          flash[:notice] = "#{params[:id].humanize} was successfully disconnected from your account"
+
+          go_back
+        end
+      end
+
+      def callback2_oauth_consumer_url
+        @consumer.consumer.options[:redirect_uri]
+      end
+
+      protected
+
+      # Override this in your controller to decide where you want to redirect user to after callback is finished.
+      def go_back
+        redirect_to root_url
+      end
+
+      def consumer_credentials
+        OAUTH_CREDENTIALS[consumer_key]
+      end
+
+      def consumer_key
+        @consumer_key ||= params[:id].to_sym
+      end
+
+      def load_consumer
+        throw RecordNotFound unless OAUTH_CREDENTIALS.include?(consumer_key)
+        deny_access! unless logged_in? || consumer_credentials[:allow_login]
+        @consumer = "#{consumer_key.to_s.camelcase}Token".constantize
+        @token = @consumer.where(user_id: current_user.id.to_s).first if logged_in?
+      end
+
+      # Override this in you controller to deny user or redirect to login screen.
+      def deny_access!
+        head 401
+      end
+
+    end
+  end
+end

data/lib/oauth/controllers/provider_controller.rb

@@ -0,0 +1,181 @@
+require 'oauth/provider/authorizer'
+module OAuth
+  module Controllers
+
+    module ProviderController
+      def self.included(controller)
+        controller.class_eval do
+          before_filter :login_required, :only => [:authorize,:revoke]
+          oauthenticate :only => [:test_request]
+          oauthenticate :strategies => :token, :interactive => false, :only => [:invalidate,:capabilities]
+          oauthenticate :strategies => :two_legged, :interactive => false, :only => [:request_token]
+          oauthenticate :strategies => :oauth10_request_token, :interactive => false, :only => [:access_token]
+          skip_before_filter :verify_authenticity_token, :only=>[:request_token, :access_token, :invalidate, :test_request, :token]
+        end
+      end
+
+      def request_token
+        @token = current_client_application.create_request_token params
+        if @token
+          render :text => @token.to_query
+        else
+          render :nothing => true, :status => 401
+        end
+      end
+
+      def access_token
+        @token = current_token && current_token.exchange!
+        if @token
+          render :text => @token.to_query
+        else
+          render :nothing => true, :status => 401
+        end
+      end
+
+      def token
+        @client_application = ClientApplication.find_by_key! params[:client_id]
+        if @client_application.secret != params[:client_secret]
+          oauth2_error "invalid_client"
+          return
+        end
+        # older drafts used none for client_credentials
+        params[:grant_type] = 'client_credentials' if params[:grant_type] == 'none'
+        logger.info "grant_type=#{params[:grant_type]}"
+        if ["authorization_code", "password", "client_credentials"].include?(params[:grant_type])
+          send "oauth2_token_#{params[:grant_type].underscore}"
+        else
+          oauth2_error "unsupported_grant_type"
+        end
+      end
+
+      def test_request
+        render :text => params.collect{|k,v|"#{k}=#{v}"}.join("&")
+      end
+
+      def authorize
+        if params[:oauth_token]
+          @token = ::RequestToken.find_by_token! params[:oauth_token]
+          oauth1_authorize
+        else
+          if request.post?
+            @authorizer = OAuth::Provider::Authorizer.new current_user, user_authorizes_token?, params
+            redirect_to @authorizer.redirect_uri
+          else
+            @client_application = ClientApplication.find_by_key! params[:client_id]
+            render :action => "oauth2_authorize"
+          end
+        end
+      end
+
+      def revoke
+        @token = current_user.tokens.find_by_token! params[:token]
+        if @token
+          @token.invalidate!
+          flash[:notice] = "You've revoked the token for #{@token.client_application.name}"
+        end
+        redirect_to oauth_clients_url
+      end
+
+      # Invalidate current token
+      def invalidate
+        current_token.invalidate!
+        head :status=>410
+      end
+
+      # Capabilities of current_token
+      def capabilities
+        if current_token.respond_to?(:capabilities)
+          @capabilities=current_token.capabilities
+        else
+          @capabilities={:invalidate=>url_for(:action=>:invalidate)}
+        end
+
+        respond_to do |format|
+          format.json {render :json=>@capabilities}
+          format.xml {render :xml=>@capabilities}
+        end
+      end
+
+      protected
+
+      def oauth1_authorize
+        unless @token
+          render :action=>"authorize_failure"
+          return
+        end
+
+        unless @token.invalidated?
+          if request.post?
+            if user_authorizes_token?
+              @token.authorize!(current_user)
+              callback_url  = @token.oob? ? @token.client_application.callback_url : @token.callback_url
+              @redirect_url = URI.parse(callback_url) unless callback_url.blank?
+
+              unless @redirect_url.to_s.blank?
+                @redirect_url.query = @redirect_url.query.blank? ?
+                                      "oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" :
+                                      @redirect_url.query + "&oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}"
+                redirect_to @redirect_url.to_s
+              else
+                render :action => "authorize_success"
+              end
+            else
+              @token.invalidate!
+              render :action => "authorize_failure"
+            end
+          end
+        else
+          render :action => "authorize_failure"
+        end
+      end
+
+
+      # http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1.1
+      def oauth2_token_authorization_code
+        @verification_code =  @client_application.oauth2_verifiers.find_by_token params[:code]
+        unless @verification_code
+          oauth2_error
+          return
+        end
+        if @verification_code.redirect_url != params[:redirect_uri]
+          oauth2_error
+          return
+        end
+        @token = @verification_code.exchange!
+        render :json=>@token
+      end
+
+      # http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1.2
+      def oauth2_token_password
+        @user = authenticate_user( params[:username], params[:password])
+        unless @user
+          oauth2_error
+          return
+        end
+        @token = Oauth2Token.create :client_application=>@client_application, :user=>@user, :scope=>params[:scope]
+        render :json=>@token
+      end
+
+      # should authenticate and return a user if valid password. Override in your own controller
+      def authenticate_user(username,password)
+        User.authenticate(username,password)
+      end
+
+      # autonomous authorization which creates a token for client_applications user
+      def oauth2_token_client_credentials
+        @token = Oauth2Token.create :client_application=>@client_application, :user=>@client_application.user, :scope=>params[:scope]
+        render :json=>@token
+      end
+
+      # Override this to match your authorization page form
+      def user_authorizes_token?
+        params[:authorize] == '1'
+      end
+
+      def oauth2_error(error="invalid_grant")
+        render :json=>{:error=>error}.to_json, :status => 400
+      end
+
+    end
+  end
+end