lsdr-authlogic-connect 0.0.3.9

data/lib/authlogic_connect/oauth/state.rb

@@ -0,0 +1,54 @@
+# all these methods must return true or false
+module AuthlogicConnect::Oauth::State
+  
+  # 1. to call
+  # checks that we just passed parameters to it,
+  # and that the parameters say 'authentication_method' == 'oauth'
+  def oauth_request?
+    !auth_params.nil? && oauth_provider?
+  end
+  
+  # 2. from call
+  # checks that the correct session variables are there
+  def oauth_response?
+    !oauth_response.nil? && !auth_session.nil? && auth_session[:auth_request_class] == self.class.name && auth_session[:auth_method] == "oauth"
+  end
+  alias_method :oauth_complete?, :oauth_response?
+  
+  # 3. either to or from call
+  def using_oauth?
+    oauth_request? || oauth_response?
+  end
+  
+  def new_oauth_request?
+    oauth_response.blank?
+  end
+  
+  def oauth_provider?
+    !oauth_provider.nil? && !oauth_provider.empty?
+  end
+  
+  # main method we call on validation
+  def authenticating_with_oauth?
+    correct_request_class? && using_oauth?
+  end
+  
+  def allow_oauth_redirect?
+    authenticating_with_oauth? && !oauth_complete?
+  end
+  
+  # both checks if it can redirect, and does the redirect.
+  # is there a more concise way to do this?
+  def redirecting_to_oauth_server?
+    if allow_oauth_redirect?
+      redirect_to_oauth
+      return true
+    end
+    return false
+  end
+  
+  def validate_password_with_oauth?
+    !using_oauth? && require_password?
+  end
+  
+end

data/lib/authlogic_connect/oauth/tokens/facebook_token.rb

@@ -0,0 +1,11 @@
+# http://www.facebook.com/developers/apps.php
+# http://developers.facebook.com/setup/
+class FacebookToken < OauthToken
+  
+  version 2.0
+  
+  settings "https://graph.facebook.com",
+    :authorize_url => "https://graph.facebook.com/oauth/authorize",
+    :scope         => "email, offline_access"
+  
+end

data/lib/authlogic_connect/oauth/tokens/get_satisfaction_token.rb

@@ -0,0 +1,9 @@
+# http://getsatisfaction.com/developers/oauth
+class GetSatisfactionToken < OauthToken
+  
+  settings "http://getsatisfaction.com",
+    :request_token_path => "/api/request_token",
+    :authorize_url      => "/api/authorize",
+    :access_token_path  => "/api/access_token"
+  
+end

data/lib/authlogic_connect/oauth/tokens/google_token.rb

@@ -0,0 +1,41 @@
+# http://code.google.com/apis/accounts/docs/OAuth_ref.html
+# http://code.google.com/apis/accounts/docs/OpenID.html#settingup
+# http://code.google.com/apis/accounts/docs/OAuth.html
+# http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html
+# http://www.manu-j.com/blog/add-google-oauth-ruby-on-rails-sites/214/
+# http://googlecodesamples.com/oauth_playground/
+# Scopes:
+# Analytics         https://www.google.com/analytics/feeds/ 
+# Google Base       http://www.google.com/base/feeds/       
+# Book Search       http://www.google.com/books/feeds/      
+# Blogger           http://www.blogger.com/feeds/           
+# Calendar          http://www.google.com/calendar/feeds/   
+# Contacts          http://www.google.com/m8/feeds/         
+# Documents List    http://docs.google.com/feeds/           
+# Finance           http://finance.google.com/finance/feeds/
+# GMail             https://mail.google.com/mail/feed/atom
+# Health            https://www.google.com/health/feeds/
+# H9                https://www.google.com/h9/feeds/
+# Maps              http://maps.google.com/maps/feeds/
+# OpenSocial        http://www-opensocial.googleusercontent.com/api/people/
+# orkut             http://www.orkut.com/social/rest
+# Picasa Web        http://picasaweb.google.com/data/
+# Sidewiki          http://www.google.com/sidewiki/feeds/
+# Sites             http://sites.google.com/feeds/
+# Spreadsheets      http://spreadsheets.google.com/feeds/
+# Webmaster Tools   http://www.google.com/webmasters/tools/feeds/
+# YouTube           http://gdata.youtube.com
+class GoogleToken < OauthToken
+  
+  settings "https://www.google.com", 
+    :request_token_path => "/accounts/OAuthGetRequestToken",
+    :authorize_path     => "/accounts/OAuthAuthorizeToken",
+    :access_token_path  => "/accounts/OAuthGetAccessToken",
+    :scope              => "https://www.google.com/m8/feeds/"
+  
+  key do |access_token|
+    body = JSON.parse(access_token.get("https://www.google.com/m8/feeds/contacts/default/full?alt=json&max-results=0").body)
+    email = body["feed"]["author"].first["email"]["$t"] # $t is some weird google json thing
+  end
+  
+end

data/lib/authlogic_connect/oauth/tokens/linked_in_token.rb

@@ -0,0 +1,19 @@
+# http://developer.linkedin.com/docs/DOC-1008
+# https://www.linkedin.com/secure/developer
+# http://github.com/pengwynn/linkedin/tree/master/lib/linked_in/
+class LinkedInToken < OauthToken
+  
+  key do |access_token|
+    body = access_token.get("https://api.linkedin.com/v1/people/~:(id)").body
+    id = body.gsub("<id>([^><]+)</id>", "\\1") # so we don't need to also import nokogiri
+    id
+  end
+  
+  settings "https://api.linkedin.com",
+    :request_token_path => "/uas/oauth/requestToken",
+    :access_token_path  => "/uas/oauth/accessToken",
+    :authorize_path     => "/uas/oauth/authorize",
+    :http_method        => "get",
+    :scheme             => :query_string
+  
+end

data/lib/authlogic_connect/oauth/tokens/myspace_token.rb

@@ -0,0 +1,26 @@
+# http://wiki.developer.myspace.com/index.php?title=Category:MySpaceID
+# http://developerwiki.myspace.com/index.php?title=OAuth_REST_API_Usage_-_Authentication_Process
+# http://developerwiki.myspace.com/index.php?title=How_to_Set_Up_a_New_Application_for_OpenID
+# http://developer.myspace.com/Modules/Apps/Pages/ApplyDevSandbox.aspx
+# after you've signed up:
+# http://developer.myspace.com/modules/apps/pages/createappaccount.aspx
+# "Create a MySpaceID App"
+# http://developer.myspace.com/modules/apps/pages/editapp.aspx?appid=188312&mode=create
+# http://developer.myspace.com/Modules/APIs/Pages/OAuthTool.aspx
+# http://developer.myspace.com/Community/forums/p/3626/15947.aspx
+class MyspaceToken < OauthToken
+  
+  # http://wiki.developer.myspace.com/index.php?title=Portable_Contacts_REST_Resources
+  key do |access_token|
+    body = JSON.parse(access_token.get("/v2/people/@me/@self?format=json").body)
+    id = body["entry"]["id"]
+  end
+  
+  settings "http://api.myspace.com", 
+    :request_token_path => "/request_token",
+    :authorize_path     => "/authorize",
+    :access_token_path  => "/access_token",
+    :http_method        => "get",
+    :scheme             => :query_string
+  
+end

data/lib/authlogic_connect/oauth/tokens/oauth_token.rb

@@ -0,0 +1,131 @@
+class OauthToken < Token
+  
+  def client
+    unless @client
+      if oauth_version == 1.0
+        @client = OAuth::AccessToken.new(self.consumer, self.token, self.secret)
+      else
+        @client = OAuth2::AccessToken.new(self.consumer, self.token)
+      end
+    end
+    
+    @client
+  end
+  
+  def oauth_version
+    self.class.oauth_version
+  end
+  
+  def get(path, options = {})
+    client.get(path)
+  end
+  
+  class << self
+    
+    # oauth version, 1.0 or 2.0
+    def version(value)
+      @oauth_version = value
+    end
+    
+    def oauth_version
+      @oauth_version ||= 1.0
+    end
+    
+    # unique key that we will use from the AccessToken response
+    # to identify the user by.
+    # in Twitter, its "user_id".  Twitter has "screen_name", but that's
+    # more subject to change than user_id.  Pick whatever is least likely to change
+    def key(value = nil, &block)
+      if block_given?
+        @oauth_key = block
+      else
+        @oauth_key = value.is_a?(Symbol) ? value : value.to_sym
+      end
+    end
+    
+    def oauth_key
+      @oauth_key
+    end
+    
+    def consumer
+      unless @consumer
+        if oauth_version == 1.0
+          @consumer = OAuth::Consumer.new(credentials[:key], credentials[:secret], config.merge(credentials[:options] || {}))
+        else
+          @consumer = OAuth2::Client.new(credentials[:key], credentials[:secret], config)
+        end
+      end
+      
+      @consumer
+    end
+    
+    # if we're lucky we can find it by the token.
+    def find_by_key_or_token(key, token, options = {})
+      result = self.find_by_key(key, options) unless key.nil?
+      unless result
+        result = self.find_by_token(token, options) unless token.nil?
+      end
+      result 
+    end
+    
+    # this is a wrapper around oauth 1 and 2.
+    # it looks obscure, but from the api point of view
+    # you won't have to worry about it's implementation.
+    # in oauth 1.0, key = oauth_token, secret = oauth_secret
+    # in oauth 2.0, key = code, secret = access_token
+    def get_token_and_secret(options = {})
+      oauth_verifier  = options[:oauth_verifier]
+      redirect_uri    = options[:redirect_uri]
+      token           = options[:token]
+      secret          = options[:secret]
+      if oauth_version == 1.0
+        access = request_token(token, secret).get_access_token(:oauth_verifier => oauth_verifier)
+        result = {:token => access.token, :secret => access.secret, :key => nil}
+        if self.oauth_key
+          if oauth_key.is_a?(Proc)
+            result[:key] = oauth_key.call(access)
+          else
+            result[:key] = access.params[self.oauth_key] || access.params[self.oauth_key.to_s] # try both
+          end
+        else
+          puts "Access Token: #{access.inspect}"
+          raise "please set an oauth key for #{service_name.to_s}"
+        end
+      else
+        access = consumer.web_server.get_access_token(secret, :redirect_uri => redirect_uri)
+        result = {:token => access.token, :secret => secret, :key => nil}
+      end
+      result
+    end
+    
+    # this is a cleaner method so we can access the authorize_url
+    # from oauth 1 or 2
+    def authorize_url(callback_url, &block)
+      if oauth_version == 1.0
+        request = get_request_token(callback_url)
+        yield request if block_given?
+        return request.authorize_url
+      else
+        options = {:redirect_uri => callback_url}
+        options[:scope] = self.config[:scope] unless self.config[:scope].blank?
+        return consumer.web_server.authorize_url(options)
+      end
+    end
+    
+    def request_token(token, secret)
+      OAuth::RequestToken.new(consumer, token, secret)
+    end
+    
+    # if you pass a hash as the second parameter to consumer.get_request_token,
+    # ruby oauth will think this is a form and all sorts of bad things happen
+    def get_request_token(callback_url)
+      options = {:scope => config[:scope]} if config[:scope]
+      consumer.get_request_token({:oauth_callback => callback_url}, options)
+    end
+    
+    def get_access_token(oauth_verifier)
+      request_token.get_access_token(:oauth_verifier => oauth_verifier)
+    end
+  end
+  
+end

data/lib/authlogic_connect/oauth/tokens/twitter_token.rb

@@ -0,0 +1,8 @@
+class TwitterToken < OauthToken
+  
+  key :user_id
+  
+  settings "http://twitter.com",
+    :authorize_url => "http://twitter.com/oauth/authenticate"
+  
+end

data/lib/authlogic_connect/oauth/tokens/vimeo_token.rb

@@ -0,0 +1,18 @@
+# http://www.vimeo.com/api/docs/oauth
+# http://www.vimeo.com/api/applications/new
+# http://vimeo.com/api/applications
+class VimeoToken < OauthToken
+  
+  key do |access_token|
+    body = JSON.parse(access_token.get("http://vimeo.com/api/v2/#{access_token.token}/info.json"))
+    user_id = body.first["id"]
+  end
+  
+  settings "http://vimeo.com",
+    :request_token_path => "/oauth/request_token",
+    :authorize_path     => "/oauth/authorize",
+    :access_token_path  => "/oauth/access_token",
+    :http_method        => "get",
+    :scheme             => :query_string
+  
+end

data/lib/authlogic_connect/oauth/tokens/yahoo_token.rb

@@ -0,0 +1,19 @@
+# https://developer.apps.yahoo.com/dashboard/createKey.html
+# https://developer.apps.yahoo.com/projects
+# http://developer.yahoo.com/oauth/guide/oauth-accesstoken.html
+# http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html
+# http://code.google.com/apis/gadgets/docs/oauth.html
+# http://developer.yahoo.com/social/rest_api_guide/web-services-guids.html
+# A GUID identifies a person
+# http://social.yahooapis.com/v1/me/guid
+class YahooToken < OauthToken
+  
+  # http://social.yahooapis.com/v1/me/guid
+  key :xoauth_yahoo_guid
+  
+  settings "https://api.login.yahoo.com",
+    :request_token_path => '/oauth/v2/get_request_token',
+    :access_token_path  => '/oauth/v2/get_token',
+    :authorize_path     => '/oauth/v2/request_auth'
+  
+end

data/lib/authlogic_connect/oauth/user.rb

@@ -0,0 +1,68 @@
+module AuthlogicConnect::Oauth::User
+  
+  def self.included(base)
+    base.class_eval do
+      # add_acts_as_authentic_module makes sure it is
+      # only added to the user model, not all activerecord models.
+      add_acts_as_authentic_module(InstanceMethods, :prepend)
+    end
+  end
+  
+  module InstanceMethods
+    include AuthlogicConnect::Oauth::Process
+    
+    # Set up some simple validations
+    def self.included(base)
+      base.class_eval do
+        
+        validate :validate_by_oauth, :if => :authenticating_with_oauth?
+        
+        # need these validation options if you don't want it to choke
+        # on password length, which you don't need if you're using oauth
+        validates_length_of_password_field_options validates_length_of_password_field_options.merge(:if => :validate_password_with_oauth?)
+        validates_confirmation_of_password_field_options validates_confirmation_of_password_field_options.merge(:if => :validate_password_with_oauth?)
+        validates_length_of_password_confirmation_field_options validates_length_of_password_confirmation_field_options.merge(:if => :validate_password_with_oauth?)
+        validates_length_of_login_field_options validates_length_of_login_field_options.merge(:if => :validate_password_with_oauth?)
+        validates_format_of_login_field_options validates_format_of_login_field_options.merge(:if => :validate_password_with_oauth?)
+      end
+      
+      # email needs to be optional for oauth
+      base.validate_email_field = false
+    end
+        
+    # user adds a few extra things to this method from Process
+    # modules work like inheritance
+    def save_oauth_session
+      super
+      auth_session[:auth_attributes]            = attributes.reject!{|k, v| v.blank?} unless is_auth_session?
+    end
+    
+    def restore_attributes
+      # Restore any attributes which were saved before redirecting to the auth server
+      self.attributes = auth_session[:auth_attributes]
+    end
+    
+    # single implementation method for oauth.
+    # this is called after we get the callback url and we are saving the user
+    # to the database.
+    # it is called by the validation chain.
+    def complete_oauth_transaction
+      unless create_oauth_token
+        self.errors.add(:tokens, "you have already created an account using your #{token_class.service_name} account, so it")
+      end
+    end
+    
+    def create_oauth_token
+      token = token_class.new(oauth_token_and_secret)
+      
+      if has_token?(oauth_provider) || Token.find_by_key(token.key) || Token.find_by_token(token.token)
+        return false
+      else
+        self.tokens << token
+        self.active_token = token
+        return true
+      end
+    end
+    
+  end
+end

data/lib/authlogic_connect/oauth/variables.rb

@@ -0,0 +1,55 @@
+module AuthlogicConnect::Oauth::Variables
+  include AuthlogicConnect::Oauth::State
+  
+  # this doesn't do anything yet, just to show what variables
+  # we need from the form
+  def oauth_variables
+    [:oauth_provider]
+  end
+    
+  # this comes straight from either the params or session.
+  # it is required for most of the other accessors in here
+  def oauth_provider
+    from_session_or_params(:oauth_provider)
+  end
+  
+  # next is "token_class", which is found from the oauth_provider key.
+  # it is the OauthToken subclass, such as TwitterToken, which we
+  # use as the api for accessing oauth and saving the response to the database for a user.
+  def token_class
+    AuthlogicConnect.token(oauth_provider) unless oauth_provider.blank?
+  end
+  
+  # This should go...
+  def oauth_response
+    auth_params && oauth_token
+  end
+  
+  # the token from the response parameters
+  def oauth_token
+    return nil unless token_class
+    oauth_version == 1.0 ? auth_params[:oauth_token] : auth_params[:code]
+  end
+  
+  # the version of oauth we're using.  Accessed from the OauthToken subclass
+  def oauth_version
+    token_class.oauth_version
+  end
+  
+  # the Oauth gem consumer, whereby we can make requests to the server
+  def oauth_consumer
+    token_class.consumer
+  end
+  
+  # this is a thick method.
+  # it gives you the final key and secret that we will store in the database
+  def oauth_token_and_secret
+    token_class.get_token_and_secret(
+      :token          => auth_session[:oauth_request_token],
+      :secret         => oauth_version == 1.0 ? auth_session[:oauth_request_token_secret] : oauth_token,
+      :oauth_verifier => auth_params[:oauth_verifier],
+      :redirect_uri   => auth_callback_url
+    )
+  end
+  
+end