RubyGems - oa2c - Versions diffs - 0.0.1 - Mend

oa2c 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

data/MIT-LICENSE +20 -0
data/README.md +22 -0
data/Rakefile +29 -0
data/app/controllers/oa2c/authorizations_controller.rb +87 -0
data/app/models/oa2c/access_token.rb +29 -0
data/app/models/oa2c/authorization_code.rb +10 -0
data/app/models/oa2c/client.rb +32 -0
data/app/models/oa2c/oauth2_token.rb +39 -0
data/app/models/oa2c/refresh_token.rb +10 -0
data/app/views/oa2c/_form.html.erb +7 -0
data/app/views/oa2c/error.html.erb +3 -0
data/app/views/oa2c/new.html.erb +5 -0
data/config/routes.rb +5 -0
data/lib/oa2c.rb +6 -0
data/lib/oa2c/authentication.rb +29 -0
data/lib/oa2c/engine.rb +6 -0
data/lib/oa2c/version.rb +3 -0
data/lib/tasks/oa2c_tasks.rake +4 -0
metadata +149 -0

data/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright 2012 Anton Dieterle
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,22 @@
+# Oa2c - OAuth2 Container
+Rails OAuth2 provider engine to support embedded iframe applications from different sites. Just like games on Facebook.
+Heavily depends on [rack-oauth2](https://github.com/nov/rack-oauth2) gem.
+It's mostly extract from [rack-oauth2-sample](https://github.com/nov/rack-oauth2-sample).
+Right now it supports only Mongoid 3 as ORM.
+# TODO
+* Write specs
+* Support for ActiveRecord
+# License
+See MIT-LICENSE
+# Contribute
+Pull requests are more than welcome!

data/Rakefile ADDED Viewed

@@ -0,0 +1,29 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Oauth2Container'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+Bundler::GemHelper.install_tasks
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+task :default => :spec

data/app/controllers/oa2c/authorizations_controller.rb ADDED Viewed

@@ -0,0 +1,87 @@
+module Oa2c
+  class AuthorizationsController < ActionController::Base
+    before_filter :authorize, except: :token
+    rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
+      @error = e
+      render :error, status: e.status
+    end
+    def new
+      respond *authorize_endpoint.call(request.env)
+    end
+    def create
+      respond *authorize_endpoint(true).call(request.env)
+    end
+    def token
+      token_endpoint.call(request.env)
+    end
+    private
+    def respond(status, header, response)
+      ["WWW-Authenticate"].each do |key|
+        headers[key] = header[key] if header[key].present?
+      end
+      if response.redirect?
+        redirect_to header['Location']
+      else
+        render :new
+      end
+    end
+    def authorize_endpoint(allow_approval = false)
+      Rack::OAuth2::Server::Authorize.new do |req, res|
+        @client = Auth::Client.where(identifier: req.client_id).first || req.bad_request!
+        res.redirect_uri = @redirect_uri = req.verify_redirect_uri!(@client.redirect_uri)
+        if allow_approval
+          if params[:approve]
+            case req.response_type
+            when :code
+              authorization_code = current_user.authorization_codes.create(client_id: @client.id, redirect_uri: res.redirect_uri)
+              res.code = authorization_code.token
+            when :token
+              res.access_token = current_user.access_tokens.create(client_id: @client.id).to_bearer_token
+            end
+            res.approve!
+          else
+            req.access_denied!
+          end
+        else
+          @response_type = req.response_type
+        end
+      end
+    end
+    def token_endpoint
+      Rack::OAuth2::Server::Token.new do |req, res|
+        client = Auth::Client.where(identifier: req.client_id).first || req.invalid_client!
+        client.secret == req.client_secret || req.invalid_client!
+        case req.grant_type
+        when :authorization_code
+          code = Auth::AuthorizationCode.valid.where(token: req.code).first
+          req.invalid_grant! if code.blank? || code.redirect_uri != req.redirect_uri
+          res.access_token = code.access_token.to_bearer_token(:with_refresh_token)
+        when :password
+          # NOTE: password is not hashed in this sample app. Don't do the same on your app.
+          # FIXME
+          account = Account.find_by_username_and_password(req.username, req.password) || req.invalid_grant!
+          res.access_token = account.access_tokens.create(:client => client).to_bearer_token(:with_refresh_token)
+        when :client_credentials
+          # NOTE: client is already authenticated here.
+          res.access_token = client.access_tokens.create.to_bearer_token
+        when :refresh_token
+          refresh_token = client.refresh_tokens.valid.wehre(token: req.refresh_token).first
+          req.invalid_grant! unless refresh_token
+          res.access_token = refresh_token.access_tokens.create.to_bearer_token
+        else
+          # NOTE: extended assertion grant_types are not supported yet.
+          req.unsupported_grant_type!
+        end
+      end
+    end
+  end
+end

data/app/models/oa2c/access_token.rb ADDED Viewed

@@ -0,0 +1,29 @@
+require 'oa2c/oauth2_token'
+module Oa2c
+  class AccessToken
+    include Mongoid::Document
+    include OAuth2Token
+    belongs_to :refresh_token
+    def to_bearer_token(with_refresh_token = false)
+      Rack::OAuth2::AccessToken::Bearer.new(access_token: token, expires_in: expires_in).tap do |bearer_token|
+        if with_refresh_token
+          bearer_token.refresh_token = create_refresh_token(user: user, client: client).token
+        end
+      end
+    end
+    private
+    def setup
+      super
+      if refresh_token
+        self.user = refresh_token.user
+        self.client = refresh_token.client
+        self.expires_at = [expires_at, refresh_token.expires_at].min
+      end
+    end
+  end
+end

data/app/models/oa2c/authorization_code.rb ADDED Viewed

@@ -0,0 +1,10 @@
+module Oa2c
+  class AuthorizationCode
+    include Mongoid::Document
+    include OAuth2Token
+    def access_token
+      @access_token ||= expire! && user.access_tokens.create(client: client)
+    end
+  end
+end

data/app/models/oa2c/client.rb ADDED Viewed

@@ -0,0 +1,32 @@
+module Oa2c
+  class Client
+    include Mongoid::Document
+    field :identifier
+    field :secret
+    field :redirect_uri
+    has_many :access_tokens
+    has_many :refresh_tokens
+    before_validation :setup, on: :create
+    validates :secret, presence: true
+    validates :identifier, presence: true, uniqueness: true
+    private
+    def setup
+      self.identifier = SecureRandom.hex(16)
+      generate_secret
+    end
+    def generate_secret
+      self.secret = SecureRandom.hex(32)
+    end
+    def generate_secret!
+      generate_secret
+      save!
+    end
+  end
+end

data/app/models/oa2c/oauth2_token.rb ADDED Viewed

@@ -0,0 +1,39 @@
+module Oa2c
+  module OAuth2Token
+    extend ActiveSupport::Concern
+    included do
+      cattr_accessor :default_lifetime
+      self.default_lifetime = 15.minutes
+      field :token
+      field :expires_at, type: Time
+      belongs_to :user
+      belongs_to :client
+      before_validation :setup, on: :create
+      validates :client, :expires_at, presence: true
+      validates :token, presence: true, uniqueness: true
+      scope :valid, proc { where(:expires_at.gte => Time.now) }
+    end
+    def expires_in
+      (expires_at - Time.now).to_i
+    end
+    def expire!
+      update_attributes! expires_at: Time.now
+    end
+    private
+    def setup
+      self.token = SecureRandom.hex(32)
+      self.expires_at ||= default_lifetime.from_now
+    end
+  end
+end

data/app/models/oa2c/refresh_token.rb ADDED Viewed

@@ -0,0 +1,10 @@
+module Oa2c
+  class RefreshToken
+    include Mongoid::Document
+    include OAuth2Token
+    self.default_lifetime = 1.month
+    has_many :access_tokens
+  end
+end

data/app/views/oa2c/_form.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<%= form_tag authorizations_path, :class => action do %>
+  <%= hidden_field_tag :client_id, client.identifier %>
+  <%= hidden_field_tag :response_type, response_type %>
+  <%= hidden_field_tag :redirect_uri, redirect_uri %>
+  <%= submit_tag action.to_s.capitalize %>
+  <%= hiden_field_tag action, true %>
+<% end %>

data/app/views/oa2c/error.html.erb ADDED Viewed

@@ -0,0 +1,3 @@
+<h2>Invalid Authorization Request</h2>
+<h3><%= @error.error %></h3>
+<p><%= @error.description %></p>

data/app/views/oa2c/new.html.erb ADDED Viewed

@@ -0,0 +1,5 @@
+<h2><%= @client.name %> is requiring your resource access</h2>
+<%= render 'form', client: @client, response_type: @response_type, redirect_uri: @redirect_uri, action: :deny %>
+<%= render 'form', client: @client, response_type: @response_type, redirect_uri: @redirect_uri, action: :approve %>

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,5 @@
+Oa2c::Engine.routes.draw do
+  post 'authorizations/create'
+  match 'authorize', to: 'authorizations#new'
+  match 'token', to: proc {|env| Auth::AuthorizationsController.new.send(:token_endpoint).call(env) }
+end

data/lib/oa2c.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require 'rack/oauth2'
+require 'mongoid'
+require 'oa2c/engine'
+module Oa2c
+end

data/lib/oa2c/authentication.rb ADDED Viewed

@@ -0,0 +1,29 @@
+module Oa2c
+  module Authentication
+    def current_token
+      @current_token
+    end
+    def current_client
+      @current_client
+    end
+    def require_oauth_token
+      @current_token = Auth::AccessToken.where(token: request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN].token).first # FIXME Right now an AccessToken object is store here, need to store only token
+      raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized unless @current_token
+    end
+    def require_oauth_user_token
+      require_oauth_token
+      raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:invalid_token, 'User token is required') unless @current_token.user
+      authenticate @current_token.user
+    end
+    def require_oauth_client_token
+      require_oauth_token
+      raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:invalid_token, 'Client token is required') if @current_token.user
+      @current_client = @current_token.client
+    end
+  end
+end

data/lib/oa2c/engine.rb ADDED Viewed

@@ -0,0 +1,6 @@
+module Oa2c
+  class Engine < Rails::Engine
+    isolate_namespace Oa2c
+    config.orm = :mongoid
+  end
+end

data/lib/oa2c/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Oa2c
+  VERSION = "0.0.1"
+end

data/lib/tasks/oa2c_tasks.rake ADDED Viewed

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :oa2c do
+#   # Task goes here
+# end

metadata ADDED Viewed

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: oa2c
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease:
+platform: ruby
+authors:
+- Anton Dieterle
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2012-09-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: rack-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.14.9
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.14.9
+- !ruby/object:Gem::Dependency
+  name: mongoid
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rails engine to provide OAuth2 authorization for embedded iframe applications.
+email:
+- antondie@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- app/models/oa2c/oauth2_token.rb
+- app/models/oa2c/client.rb
+- app/models/oa2c/refresh_token.rb
+- app/models/oa2c/authorization_code.rb
+- app/models/oa2c/access_token.rb
+- app/views/oa2c/_form.html.erb
+- app/views/oa2c/error.html.erb
+- app/views/oa2c/new.html.erb
+- app/controllers/oa2c/authorizations_controller.rb
+- config/routes.rb
+- lib/tasks/oa2c_tasks.rake
+- lib/oa2c.rb
+- lib/oa2c/version.rb
+- lib/oa2c/authentication.rb
+- lib/oa2c/engine.rb
+- MIT-LICENSE
+- Rakefile
+- README.md
+homepage: https://github.com/adie/oa2c
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -181462029
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -181462029
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.24
+signing_key:
+specification_version: 3
+summary: OAuth2 authorization for embedded iframe applications.
+test_files: []