oauned 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
require 'uri'
|
|
2
|
+
|
|
3
|
+
class Oauned::OauthController < ApplicationController
|
|
4
|
+
before_filter :validate_params
|
|
5
|
+
before_filter :oauned_check_authentication, :except => :token
|
|
6
|
+
skip_before_filter :verify_authenticity_token, :only => :token
|
|
7
|
+
|
|
8
|
+
def index
|
|
9
|
+
##
|
|
10
|
+
# If the application has the no_confirmation attribute set to true, we don't ask for confirmation.
|
|
11
|
+
# See https://github.com/dmathieu/oauned/wiki/Skip-Authorization
|
|
12
|
+
#
|
|
13
|
+
return authorize if client.respond_to?(:no_confirmation) && client.no_confirmation
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def authorize
|
|
17
|
+
authorization = client.authorize!(current_user)
|
|
18
|
+
state_param = params[:state].blank? ? "" : "&state=#{CGI.escape(params[:state])}"
|
|
19
|
+
redirect_to "#{params[:redirect_uri]}?code=#{authorization.code}&expires_in=#{authorization.expires_in}#{state_param}"
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def token
|
|
23
|
+
if refresh_token?
|
|
24
|
+
original_token = Oauned::Models['connection'].where(['refresh_token LIKE ?', params[:refresh_token]]).first
|
|
25
|
+
if original_token.nil? || original_token.application_id != client.id
|
|
26
|
+
return render_error("Refresh token is invalid", "invalid-grant")
|
|
27
|
+
end
|
|
28
|
+
token = original_token.refresh
|
|
29
|
+
else
|
|
30
|
+
authorization = Oauned::Models['authorization'].where(['code LIKE ?', params[:code]]).first
|
|
31
|
+
if authorization.nil? || authorization.expired? || authorization.application_id != client.id
|
|
32
|
+
return render_error("Authorization expired or invalid", "invalid-grant")
|
|
33
|
+
end
|
|
34
|
+
token = authorization.tokenize!
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
render :json => {
|
|
38
|
+
:access_token => token.access_token,
|
|
39
|
+
:refresh_token => token.refresh_token,
|
|
40
|
+
:expired_in => token.expires_in
|
|
41
|
+
}
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
private
|
|
45
|
+
def client
|
|
46
|
+
@client ||= Oauned::Models['application'].find params[:client_id]
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def validate_params
|
|
50
|
+
validate_client && validate_uri
|
|
51
|
+
!performed?
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def validate_client
|
|
55
|
+
if params[:client_id].blank? || (action_needs_client_secret? && client.try(:consumer_secret) != params[:client_secret])
|
|
56
|
+
render_error "Invalid client credentials", "invalid-client-credentials"
|
|
57
|
+
elsif client.nil?
|
|
58
|
+
render_error "Invalid client id", "invalid-client-id"
|
|
59
|
+
end
|
|
60
|
+
!performed?
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def validate_uri
|
|
64
|
+
if params[:redirect_uri].blank?
|
|
65
|
+
render_error "You did not specify the 'redirect_uri' parameter", "invalid-redirect-uri"
|
|
66
|
+
elsif URI.parse(client.redirect_uri).host != URI.parse(params[:redirect_uri]).host
|
|
67
|
+
render_error "The redirect_uri mismatch the one in the application", "redirect-uri-mismatch"
|
|
68
|
+
end
|
|
69
|
+
!performed?
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def oauned_check_authentication
|
|
73
|
+
return if !!current_user
|
|
74
|
+
session[:redirect_uri] = request.fullpath
|
|
75
|
+
redirect_to self.respond_to?(:new_user_session_url) ? new_user_session_url : '/'
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def render_error(message, code)
|
|
79
|
+
if action_needs_client_secret? || !params[:redirect_uri]
|
|
80
|
+
render :status => :bad_request,
|
|
81
|
+
:json => {:error => code, :error_description => message}
|
|
82
|
+
else
|
|
83
|
+
redirect_to "#{params[:redirect_uri]}?error=#{code}"
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def action_needs_client_secret?
|
|
88
|
+
params[:action] == "token"
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def refresh_token?
|
|
92
|
+
params[:grant_type] == 'refresh-token'
|
|
93
|
+
end
|
|
94
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
<div id="#oauth">
|
|
2
|
+
<div class="explanation">
|
|
3
|
+
The application <strong><%= @client.name %></strong> wished to access your account.
|
|
4
|
+
</div>
|
|
5
|
+
<div class="buttons">
|
|
6
|
+
<div class="cancel">
|
|
7
|
+
<%= form_tag params[:redirect_uri] || root_url do %>
|
|
8
|
+
<div class="field submit">
|
|
9
|
+
<%= submit_tag 'Deny' %>
|
|
10
|
+
</div>
|
|
11
|
+
<% end %>
|
|
12
|
+
</div>
|
|
13
|
+
|
|
14
|
+
<div class="connect">
|
|
15
|
+
<%= form_tag(:action => :authorize) do %>
|
|
16
|
+
<%= hidden_field_tag "client_id", params[:client_id] %>
|
|
17
|
+
<%= hidden_field_tag "redirect_uri", params[:redirect_uri] %>
|
|
18
|
+
<%= hidden_field_tag "response_type", params[:response_type] %>
|
|
19
|
+
<%= hidden_field_tag "state", params[:state] %>
|
|
20
|
+
|
|
21
|
+
<div class="field submit">
|
|
22
|
+
<%= submit_tag 'Autoriser' %>
|
|
23
|
+
</div>
|
|
24
|
+
<% end %>
|
|
25
|
+
</div>
|
|
26
|
+
</div>
|
|
27
|
+
</div>
|
data/lib/oauned/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oauned
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -17,6 +17,8 @@ executables: []
|
|
|
17
17
|
extensions: []
|
|
18
18
|
extra_rdoc_files: []
|
|
19
19
|
files:
|
|
20
|
+
- app/controllers/oauned/oauth_controller.rb
|
|
21
|
+
- app/views/oauned/oauth/index.html.erb
|
|
20
22
|
- lib/generators/oauned/helpers.rb
|
|
21
23
|
- lib/generators/oauned/install_generator.rb
|
|
22
24
|
- lib/generators/oauned/templates/migration.rb
|