leash_provider 0.0.1

data/spec/internal/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/internal/app/models/admin.rb

@@ -0,0 +1,6 @@
+class Admin < ActiveRecord::Base
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable,
+         :confirmable, :lockable
+
+end

data/spec/internal/config/database.yml

@@ -0,0 +1,3 @@
+test:
+  adapter:  sqlite3
+  database: db/combustion_test.sqlite

data/spec/internal/config/initializers/devise.rb

@@ -0,0 +1,228 @@
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
+Devise.setup do |config|
+    # The secret key used by Devise. Devise uses this key to generate
+    # random tokens. Changing this key will render invalid all existing
+    # confirmation, reset password and unlock tokens in the database.
+    config.secret_key = "dummy"
+
+    # ==> Mailer Configuration
+    # Configure the e-mail address which will be shown in Devise::Mailer,
+    # note that it will be overwritten if you use your own mailer class
+    # with default "from" parameter.
+    config.mailer_sender = "dummy@dummy.org"
+
+    # Configure the class responsible to send e-mails.
+    # config.mailer = 'Devise::Mailer'
+
+    # ==> ORM configuration
+    # Load and configure the ORM. Supports :active_record (default) and
+    # :mongoid (bson_ext recommended) by default. Other ORMs may be
+    # available as additional gems.
+    require 'devise/orm/active_record'
+
+    # ==> Configuration for any authentication mechanism
+    # Configure which keys are used when authenticating a user. The default is
+    # just :email. You can configure it to use [:username, :subdomain], so for
+    # authenticating a user, both parameters are required. Remember that those
+    # parameters are used only when authenticating and not when retrieving from
+    # session. If you need permissions, you should implement that in a before filter.
+    # You can also supply a hash where the value is a boolean determining whether
+    # or not authentication should be aborted when the value is not present.
+    # config.authentication_keys = [ :email ]
+
+    # Configure parameters from the request object used for authentication. Each entry
+    # given should be a request method and it will automatically be passed to the
+    # find_for_authentication method and considered in your model lookup. For instance,
+    # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
+    # The same considerations mentioned for authentication_keys also apply to request_keys.
+    # config.request_keys = []
+
+    # Configure which authentication keys should be case-insensitive.
+    # These keys will be downcased upon creating or modifying a user and when used
+    # to authenticate or find a user. Default is :email.
+    config.case_insensitive_keys = [ :email ]
+
+    # Configure which authentication keys should have whitespace stripped.
+    # These keys will have whitespace before and after removed upon creating or
+    # modifying a user and when used to authenticate or find a user. Default is :email.
+    config.strip_whitespace_keys = [ :email ]
+
+    # Tell if authentication through request.params is enabled. True by default.
+    # It can be set to an array that will enable params authentication only for the
+    # given strategies, for example, `config.params_authenticatable = [:database]` will
+    # enable it only for database (email + password) authentication.
+    # config.params_authenticatable = true
+
+    # Tell if authentication through HTTP Auth is enabled. False by default.
+    # It can be set to an array that will enable http authentication only for the
+    # given strategies, for example, `config.http_authenticatable = [:database]` will
+    # enable it only for database authentication. The supported strategies are:
+    # :database      = Support basic authentication with authentication key + password
+    # config.http_authenticatable = false
+
+    # If http headers should be returned for AJAX requests. True by default.
+    # config.http_authenticatable_on_xhr = true
+
+    # The realm used in Http Basic Authentication. 'Application' by default.
+    # config.http_authentication_realm = 'Application'
+
+    # It will change confirmation, password recovery and other workflows
+    # to behave the same regardless if the e-mail provided was right or wrong.
+    # Does not affect registerable.
+    config.paranoid = true
+
+    # By default Devise will store the user in session. You can skip storage for
+    # particular strategies by setting this option.
+    # Notice that if you are skipping storage for all authentication paths, you
+    # may want to disable generating routes to Devise's sessions controller by
+    # passing :skip => :sessions to `devise_for` in your config/routes.rb
+    config.skip_session_storage = [:http_auth]
+
+    # By default, Devise cleans up the CSRF token on authentication to
+    # avoid CSRF token fixation attacks. This means that, when using AJAX
+    # requests for sign in and sign up, you need to get a new CSRF token
+    # from the server. You can disable this option at your own risk.
+    # config.clean_up_csrf_token_on_authentication = true
+
+    # ==> Configuration for :database_authenticatable
+    # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+    # using other encryptors, it sets how many times you want the password re-encrypted.
+    #
+    # Limiting the stretches to just one in testing will increase the performance of
+    # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
+    # a value less than 10 in other environments.
+    config.stretches = Rails.env.test? ? 1 : 10
+
+    # Setup a pepper to generate the encrypted password.
+    # config.pepper = 'fc188c0c44df8a6f0911e4d872688965d5c0e7812d6490848d699057b98ce96049b10caf44942b33047efa6adb866754377a9f00edbb45c94045a06104aa40b5'
+
+    # ==> Configuration for :confirmable
+    # A period that the user is allowed to access the website even without
+    # confirming his account. For instance, if set to 2.days, the user will be
+    # able to access the website for two days without confirming his account,
+    # access will be blocked just in the third day. Default is 0.days, meaning
+    # the user cannot access the website without confirming his account.
+    # config.allow_unconfirmed_access_for = 2.days
+
+    # A period that the user is allowed to confirm their account before their
+    # token becomes invalid. For example, if set to 3.days, the user can confirm
+    # their account within 3 days after the mail was sent, but on the fourth day
+    # their account can't be confirmed with the token any more.
+    # Default is nil, meaning there is no restriction on how long a user can take
+    # before confirming their account.
+    # config.confirm_within = 3.days
+
+    # If true, requires any email changes to be confirmed (exactly the same way as
+    # initial account confirmation) to be applied. Requires additional unconfirmed_email
+    # db field (see migrations). Until confirmed new email is stored in
+    # unconfirmed email column, and copied to email column on successful confirmation.
+    # config.reconfirmable = true
+
+    # Defines which key will be used when confirming an account
+    # config.confirmation_keys = [ :email ]
+
+    # ==> Configuration for :rememberable
+    # The time the user will be remembered without asking for credentials again.
+    # config.remember_for = 2.weeks
+
+    # If true, extends the user's remember period when remembered via cookie.
+    # config.extend_remember_period = false
+
+    # Options to be passed to the created cookie. For instance, you can set
+    # :secure => true in order to force SSL only cookies.
+    # config.rememberable_options = {}
+
+    # ==> Configuration for :validatable
+    # Range for password length. Default is 8..128.
+    config.password_length = 8..128
+
+    # Email regex used to validate email formats. It simply asserts that
+    # one (and only one) @ exists in the given string. This is mainly
+    # to give user feedback and not to assert the e-mail validity.
+    # config.email_regexp = /\A[^@]+@[^@]+\z/
+
+    # ==> Configuration for :timeoutable
+    # The time you want to timeout the user session without activity. After this
+    # time the user will be asked for credentials again. Default is 30 minutes.
+    # config.timeout_in = 30.minutes
+
+    # If true, expires auth token on session timeout.
+    # config.expire_auth_token_on_timeout = false
+
+    # ==> Configuration for :lockable
+    # Defines which strategy will be used to lock an account.
+    # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+    # :none            = No lock strategy. You should handle locking by yourself.
+    config.lock_strategy = :failed_attempts
+
+    # Defines which key will be used when locking and unlocking an account
+    config.unlock_keys = [ :email ]
+
+    # Defines which strategy will be used to unlock an account.
+    # :email = Sends an unlock link to the user email
+    # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
+    # :both  = Enables both strategies
+    # :none  = No unlock strategy. You should handle unlocking by yourself.
+    config.unlock_strategy = :time
+
+    # Number of authentication tries before locking an account if lock_strategy
+    # is failed attempts.
+    config.maximum_attempts = 20
+
+    # Time interval to unlock the account if :time is enabled as unlock_strategy.
+    config.unlock_in = 1.hour
+
+    # Warn on the last attempt before the account is locked.
+    # config.last_attempt_warning = false
+
+    # ==> Configuration for :recoverable
+    #
+    # Defines which key will be used when recovering the password for an account
+    # config.reset_password_keys = [ :email ]
+
+    # Time interval you can reset your password with a reset password key.
+    # Don't put a too small interval or your users won't have the time to
+    # change their passwords.
+    config.reset_password_within = 6.hours
+
+    # ==> Configuration for :encryptable
+    # Allow you to use another encryption algorithm besides bcrypt (default). You can use
+    # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
+    # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
+    # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
+    # REST_AUTH_SITE_KEY to pepper).
+    #
+    # Require the `devise-encryptable` gem when using anything other than bcrypt
+    # config.encryptor = :sha512
+
+    # ==> Scopes configuration
+    # Turn scoped views on. Before rendering "sessions/new", it will first check for
+    # "users/sessions/new". It's turned off by default because it's slower if you
+    # are using only default views.
+    config.scoped_views = true
+
+    # Configure the default scope given to Warden. By default it's the first
+    # devise role declared in your routes (usually :user).
+    # config.default_scope = :user
+
+    # Set this configuration to false if you want /users/sign_out to sign out
+    # only the current scope. By default, Devise signs out all scopes.
+    config.sign_out_all_scopes = false
+
+    # ==> Navigation configuration
+    # Lists the formats that should be treated as navigational. Formats like
+    # :html, should redirect to the sign in page when the user does not have
+    # access, but formats like :xml or :json, should return 401.
+    #
+    # If you have any extra navigational formats, like :iphone or :mobile, you
+    # should add them to the navigational formats lists.
+    #
+    # The "*/*" below is required to match Internet Explorer requests.
+    # config.navigational_formats = ['*/*', :html]
+
+    # The default HTTP method used to sign out a resource. Default is :delete.
+    config.sign_out_via = :delete
+
+
+end

data/spec/internal/config/routes.rb

@@ -0,0 +1,5 @@
+Rails.application.routes.draw do
+  leash_provider
+
+  devise_for :admins
+end

data/spec/internal/db/schema.rb

@@ -0,0 +1,28 @@
+ActiveRecord::Schema.define do
+  create_table "admins", force: :cascade do |t|
+    t.string   "email",                  default: "", null: false
+    t.string   "encrypted_password",     default: "", null: false
+    t.string   "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.datetime "remember_created_at"
+    t.integer  "sign_in_count",          default: 0,  null: false
+    t.datetime "current_sign_in_at"
+    t.datetime "last_sign_in_at"
+    t.string   "current_sign_in_ip"
+    t.string   "last_sign_in_ip"
+    t.string   "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.string   "unconfirmed_email"
+    t.integer  "failed_attempts",        default: 0,  null: false
+    t.string   "unlock_token"
+    t.datetime "locked_at"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "admins", ["confirmation_token"], name: "index_admins_on_confirmation_token", unique: true, using: :btree
+  add_index "admins", ["email"], name: "index_admins_on_email", unique: true, using: :btree
+  add_index "admins", ["reset_password_token"], name: "index_admins_on_reset_password_token", unique: true, using: :btree
+  add_index "admins", ["unlock_token"], name: "index_editors_on_unlock_token", unique: true, using: :btree
+end

data/spec/spec_helper.rb

@@ -0,0 +1,30 @@
+require 'rubygems'
+require 'bundler/setup'
+
+require 'combustion'
+require 'factory_girl_rails'
+
+Combustion.initialize! :action_controller, :active_record
+
+FactoryGirl.define do
+  factory :admin do
+    sequence :email do |n| 
+      "admin#{n}@example.com"
+    end
+    
+    confirmed_at { Time.now }
+    password "qwerty123"
+  end
+end
+
+require 'rspec/rails'
+
+RSpec.configure do |config|
+  config.include Devise::TestHelpers, :type => :controller
+  config.include FactoryGirl::Syntax::Methods
+  config.use_transactional_fixtures = true
+
+  config.before(:suite) do
+    Ohm.redis.call "FLUSHALL"
+  end
+end

metadata

@@ -0,0 +1,203 @@
+--- !ruby/object:Gem::Specification
+name: leash_provider
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Marcin Lewandowski
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-05-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: ohm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_girl_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.3
+description: Leash allows you to build an OAuth2 provider for closed set of trusted
+  apps. I can support multiple user types and is designed with high load in mind.
+email:
+- marcin@saepia.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- app/controllers/leash/provider/authorize_controller.rb
+- app/controllers/leash/provider/token_controller.rb
+- app/controllers/leash/provider_controller.rb
+- app/controllers/leash_controller.rb
+- app/models/leash/provider/access_token.rb
+- app/models/leash/provider/auth_code.rb
+- config.ru
+- leash_provider.gemspec
+- lib/generators/leash/install_generator.rb
+- lib/generators/leash/provider/install_generator.rb
+- lib/generators/templates/leash_provider.rb
+- lib/leash/provider/engine.rb
+- lib/leash/provider/routing.rb
+- lib/leash/provider/version.rb
+- lib/leash_provider.rb
+- spec/controllers/leash/provider/authorize_controller_spec.rb
+- spec/internal/app/controllers/application_controller.rb
+- spec/internal/app/models/admin.rb
+- spec/internal/config/database.yml
+- spec/internal/config/initializers/devise.rb
+- spec/internal/config/routes.rb
+- spec/internal/db/schema.rb
+- spec/internal/log/.gitignore
+- spec/internal/public/favicon.ico
+- spec/spec_helper.rb
+homepage: http://github.com/mspanc/leash-provider
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: High-performance OAuth2 provider for a closed set of trusted apps with multiple
+  roles support
+test_files: []