leash_provider 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/leash/provider/authorize_controller.rb +12 -6
- data/app/controllers/leash/provider/token_controller.rb +5 -7
- data/app/controllers/leash/provider/user_info_controller.rb +25 -0
- data/app/controllers/leash/provider_controller.rb +4 -4
- data/app/models/leash/provider/access_token.rb +13 -1
- data/app/models/leash/provider/auth_code.rb +20 -4
- data/leash_provider.gemspec +3 -2
- data/lib/generators/leash/provider/install_generator.rb +1 -1
- data/lib/leash/provider/routing.rb +3 -3
- data/lib/leash/provider/version.rb +2 -2
- metadata +9 -8
- data/lib/generators/leash/install_generator.rb +0 -20
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 719aa56e5c33922ca6caed10ca92a02ae808a864
|
|
4
|
+
data.tar.gz: 50e40b8c38cdb84f49862fb8798b2b95cf994920
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a6f8662caac58d9057afa3d84458e4cc3e1120a5424376c6b2f16b1cbc5ff8f2f84a7100bd665035dd134557c17b667cf1964c8c11525eeb84a99fbed4a9ff70
|
|
7
|
+
data.tar.gz: de659561c9cae229f1d9a7278148699f03578d040a6571140d6eed40f3c44b386d5b8fe8b6606c7194ffda2f9608b53427652886d7e7594f8960c261b27d3c27
|
|
@@ -24,15 +24,21 @@ class Leash::Provider::AuthorizeController < Leash::ProviderController
|
|
|
24
24
|
access_token = Leash::Provider::AccessToken.assign! @app_name, current_owner
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
Rails.logger.info "[Leash::Provider] Authorize ok: response_type=#{@response_type} app_name=#{@app_name} current_owner=#{current_owner} access_token=#{access_token} request_ip=#{request.remote_ip} request_user_agent=#{request.user_agent}"
|
|
27
|
+
Rails.logger.info "[Leash::Provider] Authorize ok: response_type=#{@response_type} app_name=#{@app_name} current_owner=#{current_owner.class.name}##{current_owner.id} access_token=#{access_token} request_ip=#{request.remote_ip} request_user_agent=#{request.user_agent}"
|
|
28
28
|
redirect_to params[:redirect_uri] + "#access_token=#{URI.encode(access_token)}"
|
|
29
29
|
|
|
30
30
|
when "code"
|
|
31
31
|
auth_code = Leash::Provider::AuthCode.assign! @app_name, current_owner
|
|
32
|
-
|
|
33
|
-
Rails.logger.info "[Leash::Provider] Authorize ok: response_type=#{@response_type} current_owner=#{current_owner} auth_code=#{auth_code} request_ip=#{request.remote_ip} request_user_agent=#{request.user_agent}"
|
|
34
|
-
redirect_to params[:redirect_uri] + "?code=#{URI.encode(auth_code)}"
|
|
35
32
|
|
|
33
|
+
Rails.logger.info "[Leash::Provider] Authorize ok: response_type=#{@response_type} current_owner=#{current_owner.class.name}##{current_owner.id} auth_code=#{auth_code} request_ip=#{request.remote_ip} request_user_agent=#{request.user_agent}"
|
|
34
|
+
|
|
35
|
+
if params.has_key? :state
|
|
36
|
+
redirect_to params[:redirect_uri] + "?code=#{URI.encode(auth_code)}&state=#{URI.encode(params[:state])}"
|
|
37
|
+
|
|
38
|
+
else
|
|
39
|
+
redirect_to params[:redirect_uri] + "?code=#{URI.encode(auth_code)}"
|
|
40
|
+
end
|
|
41
|
+
|
|
36
42
|
else
|
|
37
43
|
fail "Should not be reached"
|
|
38
44
|
end
|
|
@@ -55,7 +61,7 @@ class Leash::Provider::AuthorizeController < Leash::ProviderController
|
|
|
55
61
|
|
|
56
62
|
when "code"
|
|
57
63
|
render text: error_code, status: :unprocessable_entity
|
|
58
|
-
|
|
64
|
+
|
|
59
65
|
else
|
|
60
66
|
fail "Should not be reached"
|
|
61
67
|
end
|
|
@@ -89,4 +95,4 @@ class Leash::Provider::AuthorizeController < Leash::ProviderController
|
|
|
89
95
|
def authenticate_user_by_role!
|
|
90
96
|
send "authenticate_#{@user_role_underscored}!"
|
|
91
97
|
end
|
|
92
|
-
end
|
|
98
|
+
end
|
|
@@ -2,8 +2,6 @@ class Leash::Provider::TokenController < Leash::ProviderController
|
|
|
2
2
|
GRANT_TYPES = [ "authorization_code" ].freeze
|
|
3
3
|
|
|
4
4
|
before_action :determine_grant_type!
|
|
5
|
-
before_action :determine_client_id!
|
|
6
|
-
before_action :determine_client_secret!
|
|
7
5
|
|
|
8
6
|
|
|
9
7
|
def token
|
|
@@ -11,10 +9,10 @@ class Leash::Provider::TokenController < Leash::ProviderController
|
|
|
11
9
|
when "authorization_code"
|
|
12
10
|
params.require("code")
|
|
13
11
|
|
|
14
|
-
if Leash::AuthCode.valid?(params[:code])
|
|
12
|
+
if Leash::Provider::AuthCode.valid?(params[:code])
|
|
15
13
|
access_token = Leash::Provider::AccessToken.assign_from_auth_code! Leash::Provider::AuthCode.find_by_auth_code(params[:code])
|
|
16
|
-
|
|
17
|
-
render json: { access_token: access_token }
|
|
14
|
+
|
|
15
|
+
render json: { access_token: access_token, token_type: "bearer" }
|
|
18
16
|
end
|
|
19
17
|
|
|
20
18
|
else
|
|
@@ -28,7 +26,7 @@ class Leash::Provider::TokenController < Leash::ProviderController
|
|
|
28
26
|
|
|
29
27
|
def callback_with_error(error_code, message)
|
|
30
28
|
Rails.logger.warn "[Leash::Provider] Token error: #{error_code} (#{message})"
|
|
31
|
-
|
|
29
|
+
|
|
32
30
|
case @grant_type
|
|
33
31
|
when "authorization_code"
|
|
34
32
|
render json: { error: error_code }, status: :unprocessable_entity
|
|
@@ -45,4 +43,4 @@ class Leash::Provider::TokenController < Leash::ProviderController
|
|
|
45
43
|
callback_with_error "unknown_grant_type", "Unknown grant type of '#{params[:grant_type]}'"
|
|
46
44
|
end
|
|
47
45
|
end
|
|
48
|
-
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
class Leash::Provider::UserInfoController < Leash::ProviderController
|
|
2
|
+
def info
|
|
3
|
+
render text: "missing_authorization_header", status: :unauthorized unless request.headers["Authorization"]
|
|
4
|
+
render text: "missing_authorization_bearer", status: :unauthorized unless request.headers["Authorization"].starts_with? "Bearer "
|
|
5
|
+
|
|
6
|
+
access_token_raw = request.headers["Authorization"].split(" ", 2).last
|
|
7
|
+
|
|
8
|
+
render text: "invalid_access_token", status: :forbidden unless Leash::Provider::AccessToken.valid?(access_token_raw)
|
|
9
|
+
|
|
10
|
+
access_token = Leash::Provider::AccessToken.find_by_access_token(access_token_raw)
|
|
11
|
+
owner = access_token.owner_instance
|
|
12
|
+
|
|
13
|
+
if owner.respond_to? :for_leash_provider
|
|
14
|
+
data = owner.for_leash_provider
|
|
15
|
+
else
|
|
16
|
+
data = owner
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
respond_to do |format|
|
|
20
|
+
format.json do
|
|
21
|
+
render json: data
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class Leash::ProviderController < LeashController
|
|
2
2
|
include Devise::Controllers::Helpers
|
|
3
|
-
|
|
3
|
+
|
|
4
4
|
CLIENT_ID_REGEXP = /\AAPP\_([A-Z0-9\_]+)\_OAUTH2\_CLIENT\_ID\z/.freeze
|
|
5
5
|
|
|
6
6
|
protected
|
|
@@ -36,7 +36,7 @@ class Leash::ProviderController < LeashController
|
|
|
36
36
|
unless @redirect_urls.include? params[:redirect_uri]
|
|
37
37
|
callback_with_error "invalid_redirect_uri", "Redirect URL mismatch (should be '#{@redirect_url}', given '#{params[:redirect_uri]}'"
|
|
38
38
|
end
|
|
39
|
-
|
|
39
|
+
|
|
40
40
|
else
|
|
41
41
|
callback_with_error "unknown_redirect_uri", "Unable to find redirect URL associated with app '#{@app_name}'"
|
|
42
42
|
end
|
|
@@ -50,7 +50,7 @@ class Leash::ProviderController < LeashController
|
|
|
50
50
|
if @client_secret
|
|
51
51
|
unless @client_secret == params[:client_secret]
|
|
52
52
|
callback_with_error "invalid_secret", "Secret mismatch"
|
|
53
|
-
end
|
|
53
|
+
end
|
|
54
54
|
else
|
|
55
55
|
callback_with_error "unknown_secret", "Unable to find secret associated with app '#{@app_name}'"
|
|
56
56
|
end
|
|
@@ -60,4 +60,4 @@ class Leash::ProviderController < LeashController
|
|
|
60
60
|
def callback_with_error(error_code, message)
|
|
61
61
|
fail "Please override this method"
|
|
62
62
|
end
|
|
63
|
-
end
|
|
63
|
+
end
|
|
@@ -20,7 +20,7 @@ class Leash::Provider::AccessToken < Ohm::Model
|
|
|
20
20
|
|
|
21
21
|
loop do
|
|
22
22
|
begin
|
|
23
|
-
access_token = SecureRandom.
|
|
23
|
+
access_token = SecureRandom.urlsafe_base64(32)
|
|
24
24
|
timestamp = Time.now.to_i
|
|
25
25
|
self.create app_name: app_name, owner: owner_key(owner), access_token: access_token, created_at: timestamp, accessed_at: timestamp
|
|
26
26
|
break
|
|
@@ -65,4 +65,16 @@ class Leash::Provider::AccessToken < Ohm::Model
|
|
|
65
65
|
owner
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
def owner_instance
|
|
71
|
+
owner_klass, owner_id = owner.split("#", 2)
|
|
72
|
+
|
|
73
|
+
owner_klass.classify.constantize.find(owner_id)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
|
|
77
|
+
def touch!
|
|
78
|
+
update accessed_at: Time.now.to_i
|
|
79
|
+
end
|
|
68
80
|
end
|
|
@@ -17,11 +17,11 @@ class Leash::Provider::AuthCode < Ohm::Model
|
|
|
17
17
|
|
|
18
18
|
loop do
|
|
19
19
|
begin
|
|
20
|
-
auth_code = SecureRandom.
|
|
20
|
+
auth_code = SecureRandom.urlsafe_base64(32)
|
|
21
21
|
timestamp = Time.now.to_i
|
|
22
|
-
self.create app_name: app_name, owner: owner, auth_code: auth_code, created_at: timestamp
|
|
22
|
+
self.create app_name: app_name, owner: owner_key(owner), auth_code: auth_code, created_at: timestamp
|
|
23
23
|
break
|
|
24
|
-
|
|
24
|
+
|
|
25
25
|
rescue Ohm::UniqueIndexViolation => e
|
|
26
26
|
tries += 1
|
|
27
27
|
|
|
@@ -41,4 +41,20 @@ class Leash::Provider::AuthCode < Ohm::Model
|
|
|
41
41
|
def self.find_by_auth_code(auth_code)
|
|
42
42
|
self.find(auth_code: auth_code).first
|
|
43
43
|
end
|
|
44
|
-
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
def self.owner_key(owner)
|
|
47
|
+
if owner.is_a? ActiveRecord::Base
|
|
48
|
+
"#{owner.class.name}##{owner.id}"
|
|
49
|
+
else
|
|
50
|
+
owner
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
|
|
55
|
+
def owner_instance
|
|
56
|
+
owner_klass, owner_id = owner.split("#", 2)
|
|
57
|
+
|
|
58
|
+
owner_klass.classify.constantize.find(owner_id)
|
|
59
|
+
end
|
|
60
|
+
end
|
data/leash_provider.gemspec
CHANGED
|
@@ -8,8 +8,9 @@ Gem::Specification.new do |s|
|
|
|
8
8
|
s.authors = ["Marcin Lewandowski"]
|
|
9
9
|
s.email = ["marcin@saepia.net"]
|
|
10
10
|
s.homepage = "http://github.com/mspanc/leash-provider"
|
|
11
|
-
s.summary = "High-performance OAuth2 provider for a closed set of trusted apps with multiple roles
|
|
12
|
-
s.description = "Leash allows you to build an OAuth2 provider for closed set of trusted apps.
|
|
11
|
+
s.summary = "High-performance Ruby on Rails OAuth2 provider for a closed set of trusted apps with multiple user roles."
|
|
12
|
+
s.description = "Leash allows you to build an OAuth2 provider for a closed set of trusted client apps. It can support multiple user roles and is designed to handle high load."
|
|
13
|
+
s.license = "MIT"
|
|
13
14
|
|
|
14
15
|
s.add_dependency "rails", "~> 4.2"
|
|
15
16
|
s.add_dependency "ohm"
|
|
@@ -4,7 +4,7 @@ module Leash
|
|
|
4
4
|
module Provider
|
|
5
5
|
module Generators
|
|
6
6
|
class InstallGenerator < Rails::Generators::Base
|
|
7
|
-
source_root File.expand_path("
|
|
7
|
+
source_root File.expand_path("../../../templates", __FILE__)
|
|
8
8
|
|
|
9
9
|
desc "Creates a Leash initializer and route."
|
|
10
10
|
|
|
@@ -2,10 +2,10 @@ module ActionDispatch::Routing
|
|
|
2
2
|
class Mapper
|
|
3
3
|
def leash_provider
|
|
4
4
|
scope :oauth do
|
|
5
|
-
get "authorize", to: "leash/provider/authorize#authorize", as: "leash_provider_authorize"
|
|
6
|
-
post "token",
|
|
5
|
+
get "authorize/:user_role", to: "leash/provider/authorize#authorize", as: "leash_provider_authorize"
|
|
6
|
+
post "token", to: "leash/provider/token#token", as: "leash_provider_token"
|
|
7
|
+
get "user_info", to: "leash/provider/user_info#info", as: "leash_provider_user_info"
|
|
7
8
|
end
|
|
8
9
|
end
|
|
9
10
|
end
|
|
10
11
|
end
|
|
11
|
-
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: leash_provider
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marcin Lewandowski
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-05-
|
|
11
|
+
date: 2015-05-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -136,8 +136,8 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: 0.5.3
|
|
139
|
-
description: Leash allows you to build an OAuth2 provider for closed set of trusted
|
|
140
|
-
apps.
|
|
139
|
+
description: Leash allows you to build an OAuth2 provider for a closed set of trusted
|
|
140
|
+
client apps. It can support multiple user roles and is designed to handle high load.
|
|
141
141
|
email:
|
|
142
142
|
- marcin@saepia.net
|
|
143
143
|
executables: []
|
|
@@ -153,13 +153,13 @@ files:
|
|
|
153
153
|
- Rakefile
|
|
154
154
|
- app/controllers/leash/provider/authorize_controller.rb
|
|
155
155
|
- app/controllers/leash/provider/token_controller.rb
|
|
156
|
+
- app/controllers/leash/provider/user_info_controller.rb
|
|
156
157
|
- app/controllers/leash/provider_controller.rb
|
|
157
158
|
- app/controllers/leash_controller.rb
|
|
158
159
|
- app/models/leash/provider/access_token.rb
|
|
159
160
|
- app/models/leash/provider/auth_code.rb
|
|
160
161
|
- config.ru
|
|
161
162
|
- leash_provider.gemspec
|
|
162
|
-
- lib/generators/leash/install_generator.rb
|
|
163
163
|
- lib/generators/leash/provider/install_generator.rb
|
|
164
164
|
- lib/generators/templates/leash_provider.rb
|
|
165
165
|
- lib/leash/provider/engine.rb
|
|
@@ -177,7 +177,8 @@ files:
|
|
|
177
177
|
- spec/internal/public/favicon.ico
|
|
178
178
|
- spec/spec_helper.rb
|
|
179
179
|
homepage: http://github.com/mspanc/leash-provider
|
|
180
|
-
licenses:
|
|
180
|
+
licenses:
|
|
181
|
+
- MIT
|
|
181
182
|
metadata: {}
|
|
182
183
|
post_install_message:
|
|
183
184
|
rdoc_options: []
|
|
@@ -198,6 +199,6 @@ rubyforge_project:
|
|
|
198
199
|
rubygems_version: 2.4.6
|
|
199
200
|
signing_key:
|
|
200
201
|
specification_version: 4
|
|
201
|
-
summary: High-performance OAuth2 provider for a closed set of trusted
|
|
202
|
-
roles
|
|
202
|
+
summary: High-performance Ruby on Rails OAuth2 provider for a closed set of trusted
|
|
203
|
+
apps with multiple user roles.
|
|
203
204
|
test_files: []
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
require 'rails/generators/base'
|
|
2
|
-
|
|
3
|
-
module Leash
|
|
4
|
-
module Generators
|
|
5
|
-
class InstallGenerator < Rails::Generators::Base
|
|
6
|
-
source_root File.expand_path("../../templates", __FILE__)
|
|
7
|
-
|
|
8
|
-
desc "Creates a Leash initializer and copy locale files to your application."
|
|
9
|
-
|
|
10
|
-
def copy_initializer
|
|
11
|
-
template "leash.rb", "config/initializers/leash.rb"
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
def add_route
|
|
16
|
-
route "leash"
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
end
|
|
20
|
-
end
|