RubyGems - oa2c - Versions diffs - 0.0.1 - Mend

oa2c 0.0.1

Files changed (19) hide show

data/MIT-LICENSE +20 -0
data/README.md +22 -0
data/Rakefile +29 -0
data/app/controllers/oa2c/authorizations_controller.rb +87 -0
data/app/models/oa2c/access_token.rb +29 -0
data/app/models/oa2c/authorization_code.rb +10 -0
data/app/models/oa2c/client.rb +32 -0
data/app/models/oa2c/oauth2_token.rb +39 -0
data/app/models/oa2c/refresh_token.rb +10 -0
data/app/views/oa2c/_form.html.erb +7 -0
data/app/views/oa2c/error.html.erb +3 -0
data/app/views/oa2c/new.html.erb +5 -0
data/config/routes.rb +5 -0
data/lib/oa2c.rb +6 -0
data/lib/oa2c/authentication.rb +29 -0
data/lib/oa2c/engine.rb +6 -0
data/lib/oa2c/version.rb +3 -0
data/lib/tasks/oa2c_tasks.rake +4 -0
metadata +149 -0

data/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright 2012 Anton Dieterle
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,22 @@
+# Oa2c - OAuth2 Container
+Rails OAuth2 provider engine to support embedded iframe applications from different sites. Just like games on Facebook.
+Heavily depends on [rack-oauth2](https://github.com/nov/rack-oauth2) gem.
+It's mostly extract from [rack-oauth2-sample](https://github.com/nov/rack-oauth2-sample).
+Right now it supports only Mongoid 3 as ORM.
+# TODO
+* Write specs
+* Support for ActiveRecord
+# License
+See MIT-LICENSE
+# Contribute
+Pull requests are more than welcome!

data/Rakefile ADDED Viewed

@@ -0,0 +1,29 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Oauth2Container'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+Bundler::GemHelper.install_tasks
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+task :default => :spec

data/app/controllers/oa2c/authorizations_controller.rb ADDED Viewed

@@ -0,0 +1,87 @@
+module Oa2c
+  class AuthorizationsController < ActionController::Base
+    before_filter :authorize, except: :token
+    rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
+      @error = e
+      render :error, status: e.status
+    end
+    def new
+      respond *authorize_endpoint.call(request.env)
+    end
+    def create
+      respond *authorize_endpoint(true).call(request.env)
+    end
+    def token
+      token_endpoint.call(request.env)
+    end
+    private
+    def respond(status, header, response)
+      ["WWW-Authenticate"].each do |key|
+        headers[key] = header[key] if header[key].present?
+      end
+      if response.redirect?
+        redirect_to header['Location']
+      else
+        render :new
+      end
+    end
+    def authorize_endpoint(allow_approval = false)
+      Rack::OAuth2::Server::Authorize.new do |req, res|
+        @client = Auth::Client.where(identifier: req.client_id).first || req.bad_request!
+        res.redirect_uri = @redirect_uri = req.verify_redirect_uri!(@client.redirect_uri)
+        if allow_approval
+          if params[:approve]
+            case req.response_type
+            when :code
+              authorization_code = current_user.authorization_codes.create(client_id: @client.id, redirect_uri: res.redirect_uri)
+              res.code = authorization_code.token
+            when :token
+              res.access_token = current_user.access_tokens.create(client_id: @client.id).to_bearer_token
+            end
+            res.approve!
+          else
+            req.access_denied!
+          end
+        else
+          @response_type = req.response_type
+        end
+      end
+    end
+    def token_endpoint
+      Rack::OAuth2::Server::Token.new do |req, res|
+        client = Auth::Client.where(identifier: req.client_id).first || req.invalid_client!
+        client.secret == req.client_secret || req.invalid_client!
+        case req.grant_type
+        when :authorization_code
+          code = Auth::AuthorizationCode.valid.where(token: req.code).first
+          req.invalid_grant! if code.blank? || code.redirect_uri != req.redirect_uri
+          res.access_token = code.access_token.to_bearer_token(:with_refresh_token)
+        when :password
+          # NOTE: password is not hashed in this sample app. Don't do the same on your app.
+          # FIXME
+          account = Account.find_by_username_and_password(req.username, req.password) || req.invalid_grant!
+          res.access_token = account.access_tokens.create(:client => client).to_bearer_token(:with_refresh_token)
+        when :client_credentials
+          # NOTE: client is already authenticated here.
+          res.access_token = client.access_tokens.create.to_bearer_token
+        when :refresh_token
+          refresh_token = client.refresh_tokens.valid.wehre(token: req.refresh_token).first
+          req.invalid_grant! unless refresh_token
+          res.access_token = refresh_token.access_tokens.create.to_bearer_token
+        else
+          # NOTE: extended assertion grant_types are not supported yet.
+          req.unsupported_grant_type!
+        end
+      end
+    end
+  end
+end

data/app/models/oa2c/access_token.rb ADDED Viewed

@@ -0,0 +1,29 @@
+require 'oa2c/oauth2_token'
+module Oa2c
+  class AccessToken
+    include Mongoid::Document
+    include OAuth2Token
+    belongs_to :refresh_token
+    def to_bearer_token(with_refresh_token = false)
+      Rack::OAuth2::AccessToken::Bearer.new(access_token: token, expires_in: expires_in).tap do |bearer_token|
+        if with_refresh_token
+          bearer_token.refresh_token = create_refresh_token(user: user, client: client).token
+        end
+      end
+    end
+    private
+    def setup
+      super
+      if refresh_token
+        self.user = refresh_token.user
+        self.client = refresh_token.client
+        self.expires_at = [expires_at, refresh_token.expires_at].min
+      end
+    end
+  end
+end

data/app/models/oa2c/authorization_code.rb ADDED Viewed

@@ -0,0 +1,10 @@
+module Oa2c
+  class AuthorizationCode
+    include Mongoid::Document
+    include OAuth2Token
+    def access_token
+      @access_token ||= expire! && user.access_tokens.create(client: client)
+    end
+  end
+end

data/app/models/oa2c/client.rb ADDED Viewed

@@ -0,0 +1,32 @@
+module Oa2c
+  class Client
+    include Mongoid::Document
+    field :identifier
+    field :secret
+    field :redirect_uri
+    has_many :access_tokens
+    has_many :refresh_tokens
+    before_validation :setup, on: :create
+    validates :secret, presence: true
+    validates :identifier, presence: true, uniqueness: true
+    private
+    def setup
+      self.identifier = SecureRandom.hex(16)
+      generate_secret
+    end
+    def generate_secret
+      self.secret = SecureRandom.hex(32)
+    end
+    def generate_secret!
+      generate_secret
+      save!
+    end
+  end
+end

data/app/models/oa2c/oauth2_token.rb ADDED Viewed

@@ -0,0 +1,39 @@
+module Oa2c
+  module OAuth2Token
+    extend ActiveSupport::Concern
+    included do
+      cattr_accessor :default_lifetime
+      self.default_lifetime = 15.minutes
+      field :token
+      field :expires_at, type: Time
+      belongs_to :user
+      belongs_to :client
+      before_validation :setup, on: :create
+      validates :client, :expires_at, presence: true
+      validates :token, presence: true, uniqueness: true
+      scope :valid, proc { where(:expires_at.gte => Time.now) }
+    end
+    def expires_in
+      (expires_at - Time.now).to_i
+    end
+    def expire!
+      update_attributes! expires_at: Time.now
+    end
+    private
+    def setup
+      self.token = SecureRandom.hex(32)
+      self.expires_at ||= default_lifetime.from_now
+    end
+  end
+end

data/app/models/oa2c/refresh_token.rb ADDED Viewed

@@ -0,0 +1,10 @@
+module Oa2c
+  class RefreshToken
+    include Mongoid::Document
+    include OAuth2Token
+    self.default_lifetime = 1.month
+    has_many :access_tokens
+  end
+end

data/app/views/oa2c/_form.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<%= form_tag authorizations_path, :class => action do %>
+  <%= hidden_field_tag :client_id, client.identifier %>
+  <%= hidden_field_tag :response_type, response_type %>
+  <%= hidden_field_tag :redirect_uri, redirect_uri %>
+  <%= submit_tag action.to_s.capitalize %>
+  <%= hiden_field_tag action, true %>
+<% end %>

data/app/views/oa2c/error.html.erb ADDED Viewed

@@ -0,0 +1,3 @@
+<h2>Invalid Authorization Request</h2>
+<h3><%= @error.error %></h3>
+<p><%= @error.description %></p>

data/app/views/oa2c/new.html.erb ADDED Viewed

@@ -0,0 +1,5 @@
+<h2><%= @client.name %> is requiring your resource access</h2>
+<%= render 'form', client: @client, response_type: @response_type, redirect_uri: @redirect_uri, action: :deny %>
+<%= render 'form', client: @client, response_type: @response_type, redirect_uri: @redirect_uri, action: :approve %>

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,5 @@
+Oa2c::Engine.routes.draw do
+  post 'authorizations/create'
+  match 'authorize', to: 'authorizations#new'
+  match 'token', to: proc {|env| Auth::AuthorizationsController.new.send(:token_endpoint).call(env) }
+end

data/lib/oa2c.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require 'rack/oauth2'
+require 'mongoid'
+require 'oa2c/engine'
+module Oa2c
+end

data/lib/oa2c/authentication.rb ADDED Viewed

@@ -0,0 +1,29 @@
+module Oa2c
+  module Authentication
+    def current_token
+      @current_token
+    end
+    def current_client
+      @current_client
+    end
+    def require_oauth_token
+      @current_token = Auth::AccessToken.where(token: request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN].token).first # FIXME Right now an AccessToken object is store here, need to store only token
+      raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized unless @current_token
+    end
+    def require_oauth_user_token
+      require_oauth_token
+      raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:invalid_token, 'User token is required') unless @current_token.user
+      authenticate @current_token.user
+    end
+    def require_oauth_client_token
+      require_oauth_token
+      raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:invalid_token, 'Client token is required') if @current_token.user
+      @current_client = @current_token.client
+    end
+  end
+end

data/lib/oa2c/engine.rb ADDED Viewed

@@ -0,0 +1,6 @@
+module Oa2c
+  class Engine < Rails::Engine
+    isolate_namespace Oa2c
+    config.orm = :mongoid
+  end
+end

data/lib/oa2c/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Oa2c
+  VERSION = "0.0.1"
+end

data/lib/tasks/oa2c_tasks.rake ADDED Viewed

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :oa2c do
+#   # Task goes here
+# end

metadata ADDED Viewed

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: oa2c
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease:
+platform: ruby
+authors:
+- Anton Dieterle
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2012-09-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: rack-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.14.9
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.14.9
+- !ruby/object:Gem::Dependency
+  name: mongoid
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rails engine to provide OAuth2 authorization for embedded iframe applications.
+email:
+- antondie@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- app/models/oa2c/oauth2_token.rb
+- app/models/oa2c/client.rb
+- app/models/oa2c/refresh_token.rb
+- app/models/oa2c/authorization_code.rb
+- app/models/oa2c/access_token.rb
+- app/views/oa2c/_form.html.erb
+- app/views/oa2c/error.html.erb
+- app/views/oa2c/new.html.erb
+- app/controllers/oa2c/authorizations_controller.rb
+- config/routes.rb
+- lib/tasks/oa2c_tasks.rake
+- lib/oa2c.rb
+- lib/oa2c/version.rb
+- lib/oa2c/authentication.rb
+- lib/oa2c/engine.rb
+- MIT-LICENSE
+- Rakefile
+- README.md
+homepage: https://github.com/adie/oa2c
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -181462029
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -181462029
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.24
+signing_key:
+specification_version: 3
+summary: OAuth2 authorization for embedded iframe applications.
+test_files: []