leash_provider 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/leash/provider/authorize_controller.rb +12 -6
- data/app/controllers/leash/provider/token_controller.rb +5 -7
- data/app/controllers/leash/provider/user_info_controller.rb +25 -0
- data/app/controllers/leash/provider_controller.rb +4 -4
- data/app/models/leash/provider/access_token.rb +13 -1
- data/app/models/leash/provider/auth_code.rb +20 -4
- data/leash_provider.gemspec +3 -2
- data/lib/generators/leash/provider/install_generator.rb +1 -1
- data/lib/leash/provider/routing.rb +3 -3
- data/lib/leash/provider/version.rb +2 -2
- metadata +9 -8
- data/lib/generators/leash/install_generator.rb +0 -20
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 719aa56e5c33922ca6caed10ca92a02ae808a864
|
|
4
|
+
data.tar.gz: 50e40b8c38cdb84f49862fb8798b2b95cf994920
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a6f8662caac58d9057afa3d84458e4cc3e1120a5424376c6b2f16b1cbc5ff8f2f84a7100bd665035dd134557c17b667cf1964c8c11525eeb84a99fbed4a9ff70
|
|
7
|
+
data.tar.gz: de659561c9cae229f1d9a7278148699f03578d040a6571140d6eed40f3c44b386d5b8fe8b6606c7194ffda2f9608b53427652886d7e7594f8960c261b27d3c27
|
|
@@ -24,15 +24,21 @@ class Leash::Provider::AuthorizeController < Leash::ProviderController
|
|
|
24
24
|
access_token = Leash::Provider::AccessToken.assign! @app_name, current_owner
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
Rails.logger.info "[Leash::Provider] Authorize ok: response_type=#{@response_type} app_name=#{@app_name} current_owner=#{current_owner} access_token=#{access_token} request_ip=#{request.remote_ip} request_user_agent=#{request.user_agent}"
|
|
27
|
+
Rails.logger.info "[Leash::Provider] Authorize ok: response_type=#{@response_type} app_name=#{@app_name} current_owner=#{current_owner.class.name}##{current_owner.id} access_token=#{access_token} request_ip=#{request.remote_ip} request_user_agent=#{request.user_agent}"
|
|
28
28
|
redirect_to params[:redirect_uri] + "#access_token=#{URI.encode(access_token)}"
|
|
29
29
|
|
|
30
30
|
when "code"
|
|
31
31
|
auth_code = Leash::Provider::AuthCode.assign! @app_name, current_owner
|
|
32
|
-
|
|
33
|
-
Rails.logger.info "[Leash::Provider] Authorize ok: response_type=#{@response_type} current_owner=#{current_owner} auth_code=#{auth_code} request_ip=#{request.remote_ip} request_user_agent=#{request.user_agent}"
|
|
34
|
-
redirect_to params[:redirect_uri] + "?code=#{URI.encode(auth_code)}"
|
|
35
32
|
|
|
33
|
+
Rails.logger.info "[Leash::Provider] Authorize ok: response_type=#{@response_type} current_owner=#{current_owner.class.name}##{current_owner.id} auth_code=#{auth_code} request_ip=#{request.remote_ip} request_user_agent=#{request.user_agent}"
|
|
34
|
+
|
|
35
|
+
if params.has_key? :state
|
|
36
|
+
redirect_to params[:redirect_uri] + "?code=#{URI.encode(auth_code)}&state=#{URI.encode(params[:state])}"
|
|
37
|
+
|
|
38
|
+
else
|
|
39
|
+
redirect_to params[:redirect_uri] + "?code=#{URI.encode(auth_code)}"
|
|
40
|
+
end
|
|
41
|
+
|
|
36
42
|
else
|
|
37
43
|
fail "Should not be reached"
|
|
38
44
|
end
|
|
@@ -55,7 +61,7 @@ class Leash::Provider::AuthorizeController < Leash::ProviderController
|
|
|
55
61
|
|
|
56
62
|
when "code"
|
|
57
63
|
render text: error_code, status: :unprocessable_entity
|
|
58
|
-
|
|
64
|
+
|
|
59
65
|
else
|
|
60
66
|
fail "Should not be reached"
|
|
61
67
|
end
|
|
@@ -89,4 +95,4 @@ class Leash::Provider::AuthorizeController < Leash::ProviderController
|
|
|
89
95
|
def authenticate_user_by_role!
|
|
90
96
|
send "authenticate_#{@user_role_underscored}!"
|
|
91
97
|
end
|
|
92
|
-
end
|
|
98
|
+
end
|
|
@@ -2,8 +2,6 @@ class Leash::Provider::TokenController < Leash::ProviderController
|
|
|
2
2
|
GRANT_TYPES = [ "authorization_code" ].freeze
|
|
3
3
|
|
|
4
4
|
before_action :determine_grant_type!
|
|
5
|
-
before_action :determine_client_id!
|
|
6
|
-
before_action :determine_client_secret!
|
|
7
5
|
|
|
8
6
|
|
|
9
7
|
def token
|
|
@@ -11,10 +9,10 @@ class Leash::Provider::TokenController < Leash::ProviderController
|
|
|
11
9
|
when "authorization_code"
|
|
12
10
|
params.require("code")
|
|
13
11
|
|
|
14
|
-
if Leash::AuthCode.valid?(params[:code])
|
|
12
|
+
if Leash::Provider::AuthCode.valid?(params[:code])
|
|
15
13
|
access_token = Leash::Provider::AccessToken.assign_from_auth_code! Leash::Provider::AuthCode.find_by_auth_code(params[:code])
|
|
16
|
-
|
|
17
|
-
render json: { access_token: access_token }
|
|
14
|
+
|
|
15
|
+
render json: { access_token: access_token, token_type: "bearer" }
|
|
18
16
|
end
|
|
19
17
|
|
|
20
18
|
else
|
|
@@ -28,7 +26,7 @@ class Leash::Provider::TokenController < Leash::ProviderController
|
|
|
28
26
|
|
|
29
27
|
def callback_with_error(error_code, message)
|
|
30
28
|
Rails.logger.warn "[Leash::Provider] Token error: #{error_code} (#{message})"
|
|
31
|
-
|
|
29
|
+
|
|
32
30
|
case @grant_type
|
|
33
31
|
when "authorization_code"
|
|
34
32
|
render json: { error: error_code }, status: :unprocessable_entity
|
|
@@ -45,4 +43,4 @@ class Leash::Provider::TokenController < Leash::ProviderController
|
|
|
45
43
|
callback_with_error "unknown_grant_type", "Unknown grant type of '#{params[:grant_type]}'"
|
|
46
44
|
end
|
|
47
45
|
end
|
|
48
|
-
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
class Leash::Provider::UserInfoController < Leash::ProviderController
|
|
2
|
+
def info
|
|
3
|
+
render text: "missing_authorization_header", status: :unauthorized unless request.headers["Authorization"]
|
|
4
|
+
render text: "missing_authorization_bearer", status: :unauthorized unless request.headers["Authorization"].starts_with? "Bearer "
|
|
5
|
+
|
|
6
|
+
access_token_raw = request.headers["Authorization"].split(" ", 2).last
|
|
7
|
+
|
|
8
|
+
render text: "invalid_access_token", status: :forbidden unless Leash::Provider::AccessToken.valid?(access_token_raw)
|
|
9
|
+
|
|
10
|
+
access_token = Leash::Provider::AccessToken.find_by_access_token(access_token_raw)
|
|
11
|
+
owner = access_token.owner_instance
|
|
12
|
+
|
|
13
|
+
if owner.respond_to? :for_leash_provider
|
|
14
|
+
data = owner.for_leash_provider
|
|
15
|
+
else
|
|
16
|
+
data = owner
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
respond_to do |format|
|
|
20
|
+
format.json do
|
|
21
|
+
render json: data
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class Leash::ProviderController < LeashController
|
|
2
2
|
include Devise::Controllers::Helpers
|
|
3
|
-
|
|
3
|
+
|
|
4
4
|
CLIENT_ID_REGEXP = /\AAPP\_([A-Z0-9\_]+)\_OAUTH2\_CLIENT\_ID\z/.freeze
|
|
5
5
|
|
|
6
6
|
protected
|
|
@@ -36,7 +36,7 @@ class Leash::ProviderController < LeashController
|
|
|
36
36
|
unless @redirect_urls.include? params[:redirect_uri]
|
|
37
37
|
callback_with_error "invalid_redirect_uri", "Redirect URL mismatch (should be '#{@redirect_url}', given '#{params[:redirect_uri]}'"
|
|
38
38
|
end
|
|
39
|
-
|
|
39
|
+
|
|
40
40
|
else
|
|
41
41
|
callback_with_error "unknown_redirect_uri", "Unable to find redirect URL associated with app '#{@app_name}'"
|
|
42
42
|
end
|
|
@@ -50,7 +50,7 @@ class Leash::ProviderController < LeashController
|
|
|
50
50
|
if @client_secret
|
|
51
51
|
unless @client_secret == params[:client_secret]
|
|
52
52
|
callback_with_error "invalid_secret", "Secret mismatch"
|
|
53
|
-
end
|
|
53
|
+
end
|
|
54
54
|
else
|
|
55
55
|
callback_with_error "unknown_secret", "Unable to find secret associated with app '#{@app_name}'"
|
|
56
56
|
end
|
|
@@ -60,4 +60,4 @@ class Leash::ProviderController < LeashController
|
|
|
60
60
|
def callback_with_error(error_code, message)
|
|
61
61
|
fail "Please override this method"
|
|
62
62
|
end
|
|
63
|
-
end
|
|
63
|
+
end
|
|
@@ -20,7 +20,7 @@ class Leash::Provider::AccessToken < Ohm::Model
|
|
|
20
20
|
|
|
21
21
|
loop do
|
|
22
22
|
begin
|
|
23
|
-
access_token = SecureRandom.
|
|
23
|
+
access_token = SecureRandom.urlsafe_base64(32)
|
|
24
24
|
timestamp = Time.now.to_i
|
|
25
25
|
self.create app_name: app_name, owner: owner_key(owner), access_token: access_token, created_at: timestamp, accessed_at: timestamp
|
|
26
26
|
break
|
|
@@ -65,4 +65,16 @@ class Leash::Provider::AccessToken < Ohm::Model
|
|
|
65
65
|
owner
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
def owner_instance
|
|
71
|
+
owner_klass, owner_id = owner.split("#", 2)
|
|
72
|
+
|
|
73
|
+
owner_klass.classify.constantize.find(owner_id)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
|
|
77
|
+
def touch!
|
|
78
|
+
update accessed_at: Time.now.to_i
|
|
79
|
+
end
|
|
68
80
|
end
|
|
@@ -17,11 +17,11 @@ class Leash::Provider::AuthCode < Ohm::Model
|
|
|
17
17
|
|
|
18
18
|
loop do
|
|
19
19
|
begin
|
|
20
|
-
auth_code = SecureRandom.
|
|
20
|
+
auth_code = SecureRandom.urlsafe_base64(32)
|
|
21
21
|
timestamp = Time.now.to_i
|
|
22
|
-
self.create app_name: app_name, owner: owner, auth_code: auth_code, created_at: timestamp
|
|
22
|
+
self.create app_name: app_name, owner: owner_key(owner), auth_code: auth_code, created_at: timestamp
|
|
23
23
|
break
|
|
24
|
-
|
|
24
|
+
|
|
25
25
|
rescue Ohm::UniqueIndexViolation => e
|
|
26
26
|
tries += 1
|
|
27
27
|
|
|
@@ -41,4 +41,20 @@ class Leash::Provider::AuthCode < Ohm::Model
|
|
|
41
41
|
def self.find_by_auth_code(auth_code)
|
|
42
42
|
self.find(auth_code: auth_code).first
|
|
43
43
|
end
|
|
44
|
-
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
def self.owner_key(owner)
|
|
47
|
+
if owner.is_a? ActiveRecord::Base
|
|
48
|
+
"#{owner.class.name}##{owner.id}"
|
|
49
|
+
else
|
|
50
|
+
owner
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
|
|
55
|
+
def owner_instance
|
|
56
|
+
owner_klass, owner_id = owner.split("#", 2)
|
|
57
|
+
|
|
58
|
+
owner_klass.classify.constantize.find(owner_id)
|
|
59
|
+
end
|
|
60
|
+
end
|
data/leash_provider.gemspec
CHANGED
|
@@ -8,8 +8,9 @@ Gem::Specification.new do |s|
|
|
|
8
8
|
s.authors = ["Marcin Lewandowski"]
|
|
9
9
|
s.email = ["marcin@saepia.net"]
|
|
10
10
|
s.homepage = "http://github.com/mspanc/leash-provider"
|
|
11
|
-
s.summary = "High-performance OAuth2 provider for a closed set of trusted apps with multiple roles
|
|
12
|
-
s.description = "Leash allows you to build an OAuth2 provider for closed set of trusted apps.
|
|
11
|
+
s.summary = "High-performance Ruby on Rails OAuth2 provider for a closed set of trusted apps with multiple user roles."
|
|
12
|
+
s.description = "Leash allows you to build an OAuth2 provider for a closed set of trusted client apps. It can support multiple user roles and is designed to handle high load."
|
|
13
|
+
s.license = "MIT"
|
|
13
14
|
|
|
14
15
|
s.add_dependency "rails", "~> 4.2"
|
|
15
16
|
s.add_dependency "ohm"
|
|
@@ -4,7 +4,7 @@ module Leash
|
|
|
4
4
|
module Provider
|
|
5
5
|
module Generators
|
|
6
6
|
class InstallGenerator < Rails::Generators::Base
|
|
7
|
-
source_root File.expand_path("
|
|
7
|
+
source_root File.expand_path("../../../templates", __FILE__)
|
|
8
8
|
|
|
9
9
|
desc "Creates a Leash initializer and route."
|
|
10
10
|
|
|
@@ -2,10 +2,10 @@ module ActionDispatch::Routing
|
|
|
2
2
|
class Mapper
|
|
3
3
|
def leash_provider
|
|
4
4
|
scope :oauth do
|
|
5
|
-
get "authorize", to: "leash/provider/authorize#authorize", as: "leash_provider_authorize"
|
|
6
|
-
post "token",
|
|
5
|
+
get "authorize/:user_role", to: "leash/provider/authorize#authorize", as: "leash_provider_authorize"
|
|
6
|
+
post "token", to: "leash/provider/token#token", as: "leash_provider_token"
|
|
7
|
+
get "user_info", to: "leash/provider/user_info#info", as: "leash_provider_user_info"
|
|
7
8
|
end
|
|
8
9
|
end
|
|
9
10
|
end
|
|
10
11
|
end
|
|
11
|
-
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: leash_provider
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marcin Lewandowski
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-05-
|
|
11
|
+
date: 2015-05-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -136,8 +136,8 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: 0.5.3
|
|
139
|
-
description: Leash allows you to build an OAuth2 provider for closed set of trusted
|
|
140
|
-
apps.
|
|
139
|
+
description: Leash allows you to build an OAuth2 provider for a closed set of trusted
|
|
140
|
+
client apps. It can support multiple user roles and is designed to handle high load.
|
|
141
141
|
email:
|
|
142
142
|
- marcin@saepia.net
|
|
143
143
|
executables: []
|
|
@@ -153,13 +153,13 @@ files:
|
|
|
153
153
|
- Rakefile
|
|
154
154
|
- app/controllers/leash/provider/authorize_controller.rb
|
|
155
155
|
- app/controllers/leash/provider/token_controller.rb
|
|
156
|
+
- app/controllers/leash/provider/user_info_controller.rb
|
|
156
157
|
- app/controllers/leash/provider_controller.rb
|
|
157
158
|
- app/controllers/leash_controller.rb
|
|
158
159
|
- app/models/leash/provider/access_token.rb
|
|
159
160
|
- app/models/leash/provider/auth_code.rb
|
|
160
161
|
- config.ru
|
|
161
162
|
- leash_provider.gemspec
|
|
162
|
-
- lib/generators/leash/install_generator.rb
|
|
163
163
|
- lib/generators/leash/provider/install_generator.rb
|
|
164
164
|
- lib/generators/templates/leash_provider.rb
|
|
165
165
|
- lib/leash/provider/engine.rb
|
|
@@ -177,7 +177,8 @@ files:
|
|
|
177
177
|
- spec/internal/public/favicon.ico
|
|
178
178
|
- spec/spec_helper.rb
|
|
179
179
|
homepage: http://github.com/mspanc/leash-provider
|
|
180
|
-
licenses:
|
|
180
|
+
licenses:
|
|
181
|
+
- MIT
|
|
181
182
|
metadata: {}
|
|
182
183
|
post_install_message:
|
|
183
184
|
rdoc_options: []
|
|
@@ -198,6 +199,6 @@ rubyforge_project:
|
|
|
198
199
|
rubygems_version: 2.4.6
|
|
199
200
|
signing_key:
|
|
200
201
|
specification_version: 4
|
|
201
|
-
summary: High-performance OAuth2 provider for a closed set of trusted
|
|
202
|
-
roles
|
|
202
|
+
summary: High-performance Ruby on Rails OAuth2 provider for a closed set of trusted
|
|
203
|
+
apps with multiple user roles.
|
|
203
204
|
test_files: []
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
require 'rails/generators/base'
|
|
2
|
-
|
|
3
|
-
module Leash
|
|
4
|
-
module Generators
|
|
5
|
-
class InstallGenerator < Rails::Generators::Base
|
|
6
|
-
source_root File.expand_path("../../templates", __FILE__)
|
|
7
|
-
|
|
8
|
-
desc "Creates a Leash initializer and copy locale files to your application."
|
|
9
|
-
|
|
10
|
-
def copy_initializer
|
|
11
|
-
template "leash.rb", "config/initializers/leash.rb"
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
def add_route
|
|
16
|
-
route "leash"
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
end
|
|
20
|
-
end
|