oauth-bwergemn 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +14 -0
- data/.rspec +2 -0
- data/.rubocop.yml +1149 -0
- data/.travis.yml +7 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +8 -0
- data/Gemfile.lock +100 -0
- data/LICENSE.txt +21 -0
- data/README.md +114 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/lib/generators/oauth_bwergemn/install_generator.rb +11 -0
- data/lib/generators/templates/initializer.rb +5 -0
- data/lib/oauth-bwergemn.rb +28 -0
- data/lib/oauth_bwergemn/auth_methods/auth_methods.rb +50 -0
- data/lib/oauth_bwergemn/auth_strategies/hub.rb +45 -0
- data/lib/oauth_bwergemn/base_strategy.rb +7 -0
- data/lib/oauth_bwergemn/configuration.rb +29 -0
- data/lib/oauth_bwergemn/errors/invalid_scope.rb +11 -0
- data/lib/oauth_bwergemn/errors/invalid_token.rb +11 -0
- data/lib/oauth_bwergemn/extension.rb +28 -0
- data/lib/oauth_bwergemn/helpers.rb +6 -0
- data/lib/oauth_bwergemn/oauth2.rb +125 -0
- data/lib/oauth_bwergemn/version.rb +6 -0
- data/oauth-bwergemn.gemspec +42 -0
- metadata +155 -0
data/.travis.yml
ADDED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
2
|
+
|
3
|
+
## Our Pledge
|
4
|
+
|
5
|
+
In the interest of fostering an open and welcoming environment, we as
|
6
|
+
contributors and maintainers pledge to making participation in our project and
|
7
|
+
our community a harassment-free experience for everyone, regardless of age, body
|
8
|
+
size, disability, ethnicity, gender identity and expression, level of experience,
|
9
|
+
nationality, personal appearance, race, religion, or sexual identity and
|
10
|
+
orientation.
|
11
|
+
|
12
|
+
## Our Standards
|
13
|
+
|
14
|
+
Examples of behavior that contributes to creating a positive environment
|
15
|
+
include:
|
16
|
+
|
17
|
+
* Using welcoming and inclusive language
|
18
|
+
* Being respectful of differing viewpoints and experiences
|
19
|
+
* Gracefully accepting constructive criticism
|
20
|
+
* Focusing on what is best for the community
|
21
|
+
* Showing empathy towards other community members
|
22
|
+
|
23
|
+
Examples of unacceptable behavior by participants include:
|
24
|
+
|
25
|
+
* The use of sexualized language or imagery and unwelcome sexual attention or
|
26
|
+
advances
|
27
|
+
* Trolling, insulting/derogatory comments, and personal or political attacks
|
28
|
+
* Public or private harassment
|
29
|
+
* Publishing others' private information, such as a physical or electronic
|
30
|
+
address, without explicit permission
|
31
|
+
* Other conduct which could reasonably be considered inappropriate in a
|
32
|
+
professional setting
|
33
|
+
|
34
|
+
## Our Responsibilities
|
35
|
+
|
36
|
+
Project maintainers are responsible for clarifying the standards of acceptable
|
37
|
+
behavior and are expected to take appropriate and fair corrective action in
|
38
|
+
response to any instances of unacceptable behavior.
|
39
|
+
|
40
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
41
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
42
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
43
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
44
|
+
threatening, offensive, or harmful.
|
45
|
+
|
46
|
+
## Scope
|
47
|
+
|
48
|
+
This Code of Conduct applies both within project spaces and in public spaces
|
49
|
+
when an individual is representing the project or its community. Examples of
|
50
|
+
representing a project or community include using an official project e-mail
|
51
|
+
address, posting via an official social media account, or acting as an appointed
|
52
|
+
representative at an online or offline event. Representation of a project may be
|
53
|
+
further defined and clarified by project maintainers.
|
54
|
+
|
55
|
+
## Enforcement
|
56
|
+
|
57
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
+
reported by contacting the project team at namakukingkong@gmail.com. All
|
59
|
+
complaints will be reviewed and investigated and will result in a response that
|
60
|
+
is deemed necessary and appropriate to the circumstances. The project team is
|
61
|
+
obligated to maintain confidentiality with regard to the reporter of an incident.
|
62
|
+
Further details of specific enforcement policies may be posted separately.
|
63
|
+
|
64
|
+
Project maintainers who do not follow or enforce the Code of Conduct in good
|
65
|
+
faith may face temporary or permanent repercussions as determined by other
|
66
|
+
members of the project's leadership.
|
67
|
+
|
68
|
+
## Attribution
|
69
|
+
|
70
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
|
71
|
+
available at [http://contributor-covenant.org/version/1/4][version]
|
72
|
+
|
73
|
+
[homepage]: http://contributor-covenant.org
|
74
|
+
[version]: http://contributor-covenant.org/version/1/4/
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,100 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
oauth_bwergemn (1.0.0)
|
5
|
+
grape (~> 1.1.0)
|
6
|
+
|
7
|
+
GEM
|
8
|
+
remote: https://rubygems.org/
|
9
|
+
specs:
|
10
|
+
activesupport (6.0.2.1)
|
11
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
12
|
+
i18n (>= 0.7, < 2)
|
13
|
+
minitest (~> 5.1)
|
14
|
+
tzinfo (~> 1.1)
|
15
|
+
zeitwerk (~> 2.2)
|
16
|
+
ast (2.4.0)
|
17
|
+
axiom-types (0.1.1)
|
18
|
+
descendants_tracker (~> 0.0.4)
|
19
|
+
ice_nine (~> 0.11.0)
|
20
|
+
thread_safe (~> 0.3, >= 0.3.1)
|
21
|
+
builder (3.2.4)
|
22
|
+
coercible (1.0.0)
|
23
|
+
descendants_tracker (~> 0.0.1)
|
24
|
+
concurrent-ruby (1.1.5)
|
25
|
+
descendants_tracker (0.0.4)
|
26
|
+
thread_safe (~> 0.3, >= 0.3.1)
|
27
|
+
diff-lcs (1.3)
|
28
|
+
equalizer (0.0.11)
|
29
|
+
grape (1.1.0)
|
30
|
+
activesupport
|
31
|
+
builder
|
32
|
+
mustermann-grape (~> 1.0.0)
|
33
|
+
rack (>= 1.3.0)
|
34
|
+
rack-accept
|
35
|
+
virtus (>= 1.0.0)
|
36
|
+
i18n (1.8.1)
|
37
|
+
concurrent-ruby (~> 1.0)
|
38
|
+
ice_nine (0.11.2)
|
39
|
+
jaro_winkler (1.5.4)
|
40
|
+
minitest (5.13.0)
|
41
|
+
mustermann (1.1.1)
|
42
|
+
ruby2_keywords (~> 0.0.1)
|
43
|
+
mustermann-grape (1.0.1)
|
44
|
+
mustermann (>= 1.0.0)
|
45
|
+
parallel (1.19.1)
|
46
|
+
parser (2.7.0.2)
|
47
|
+
ast (~> 2.4.0)
|
48
|
+
rack (2.0.8)
|
49
|
+
rack-accept (0.4.5)
|
50
|
+
rack (>= 0.4)
|
51
|
+
rainbow (3.0.0)
|
52
|
+
rake (10.5.0)
|
53
|
+
rspec (3.7.0)
|
54
|
+
rspec-core (~> 3.7.0)
|
55
|
+
rspec-expectations (~> 3.7.0)
|
56
|
+
rspec-mocks (~> 3.7.0)
|
57
|
+
rspec-core (3.7.1)
|
58
|
+
rspec-support (~> 3.7.0)
|
59
|
+
rspec-expectations (3.7.0)
|
60
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
61
|
+
rspec-support (~> 3.7.0)
|
62
|
+
rspec-mocks (3.7.0)
|
63
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
64
|
+
rspec-support (~> 3.7.0)
|
65
|
+
rspec-support (3.7.1)
|
66
|
+
rubocop (0.79.0)
|
67
|
+
jaro_winkler (~> 1.5.1)
|
68
|
+
parallel (~> 1.10)
|
69
|
+
parser (>= 2.7.0.1)
|
70
|
+
rainbow (>= 2.2.2, < 4.0)
|
71
|
+
ruby-progressbar (~> 1.7)
|
72
|
+
unicode-display_width (>= 1.4.0, < 1.7)
|
73
|
+
rubocop-performance (1.5.2)
|
74
|
+
rubocop (>= 0.71.0)
|
75
|
+
ruby-progressbar (1.10.1)
|
76
|
+
ruby2_keywords (0.0.2)
|
77
|
+
thread_safe (0.3.6)
|
78
|
+
tzinfo (1.2.6)
|
79
|
+
thread_safe (~> 0.1)
|
80
|
+
unicode-display_width (1.6.0)
|
81
|
+
virtus (1.0.5)
|
82
|
+
axiom-types (~> 0.1)
|
83
|
+
coercible (~> 1.0)
|
84
|
+
descendants_tracker (~> 0.0, >= 0.0.3)
|
85
|
+
equalizer (~> 0.0, >= 0.0.9)
|
86
|
+
zeitwerk (2.2.2)
|
87
|
+
|
88
|
+
PLATFORMS
|
89
|
+
ruby
|
90
|
+
|
91
|
+
DEPENDENCIES
|
92
|
+
bundler (~> 2.1.0)
|
93
|
+
oauth_bwergemn!
|
94
|
+
rake (~> 10.0)
|
95
|
+
rspec (~> 3.7.0)
|
96
|
+
rubocop (~> 0.79.0)
|
97
|
+
rubocop-performance (~> 1.5.2)
|
98
|
+
|
99
|
+
BUNDLED WITH
|
100
|
+
2.1.0
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2018 Namakukingkong
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,114 @@
|
|
1
|
+
# Oauth Bwergemn on Grape API
|
2
|
+
|
3
|
+
Oauth Bwergemn is a Grape middleware to connect your API resources with your API authenticator.
|
4
|
+
|
5
|
+
|
6
|
+
## Installation
|
7
|
+
|
8
|
+
Add this line to your application's Gemfile:
|
9
|
+
|
10
|
+
```ruby
|
11
|
+
gem 'oauth-bwergemn'
|
12
|
+
```
|
13
|
+
|
14
|
+
And then execute:
|
15
|
+
|
16
|
+
$ bundle
|
17
|
+
|
18
|
+
Or install it yourself as:
|
19
|
+
|
20
|
+
$ gem install oauth-bwergemn
|
21
|
+
|
22
|
+
## Usage
|
23
|
+
|
24
|
+
### Install generator
|
25
|
+
|
26
|
+
On your first install, run this generator :
|
27
|
+
|
28
|
+
```ruby
|
29
|
+
rails g oauth_bwergemn:install
|
30
|
+
```
|
31
|
+
|
32
|
+
### Usage with Grape
|
33
|
+
|
34
|
+
You will need to use the middleware in your main API :
|
35
|
+
|
36
|
+
```ruby
|
37
|
+
# use middleware
|
38
|
+
use ::OauthBwergemn::Oauth2
|
39
|
+
```
|
40
|
+
|
41
|
+
You could also use the helpers :
|
42
|
+
|
43
|
+
```ruby
|
44
|
+
# use helpers
|
45
|
+
helpers ::OauthBwergemn::Helpers
|
46
|
+
```
|
47
|
+
|
48
|
+
And also don't forget to rescue the invalid token :
|
49
|
+
|
50
|
+
```ruby
|
51
|
+
# rescue invalid token
|
52
|
+
rescue_from OauthBwergemn::Errors::InvalidToken do |e|
|
53
|
+
error!(e, 401)
|
54
|
+
end
|
55
|
+
rescue_from OauthBwergemn::Errors::InvalidScope do |e|
|
56
|
+
error!(e, 401)
|
57
|
+
end
|
58
|
+
```
|
59
|
+
|
60
|
+
### Protecting your endpoint
|
61
|
+
|
62
|
+
In your endpoint you need to define which protected endpoint by adding this DSL :
|
63
|
+
|
64
|
+
1. `oauth2`
|
65
|
+
2. `oauth2 "email"`
|
66
|
+
|
67
|
+
Example :
|
68
|
+
|
69
|
+
```ruby
|
70
|
+
desc "Your protected endpoint"
|
71
|
+
oauth2
|
72
|
+
get :protected do
|
73
|
+
# your code goes here
|
74
|
+
end
|
75
|
+
```
|
76
|
+
|
77
|
+
```ruby
|
78
|
+
desc "Your protected endpoint with defined scope"
|
79
|
+
oauth2 "email"
|
80
|
+
get :protected do
|
81
|
+
# your code goes here
|
82
|
+
end
|
83
|
+
```
|
84
|
+
|
85
|
+
## Nice feature
|
86
|
+
|
87
|
+
From your protected endpoint you could get :
|
88
|
+
|
89
|
+
1. `resource_access_token` => Your access token
|
90
|
+
2. `resource_credentials` => Full credentials
|
91
|
+
3. `resource_owner` => Current Object
|
92
|
+
|
93
|
+
|
94
|
+
## TODO
|
95
|
+
|
96
|
+
- Add rspec test
|
97
|
+
|
98
|
+
## Development
|
99
|
+
|
100
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
101
|
+
|
102
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
103
|
+
|
104
|
+
## Contributing
|
105
|
+
|
106
|
+
Bug reports and pull requests are welcome on GitHub at [ https://github.com/namakukingkong/oauth-bwergemn ] . This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
107
|
+
|
108
|
+
## License
|
109
|
+
|
110
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
111
|
+
|
112
|
+
## Code of Conduct
|
113
|
+
|
114
|
+
Everyone interacting in the Oauth Bwergemn project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/namakukingkong/oauth-bwergemn/blob/master/CODE_OF_CONDUCT.md).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "oauth-bwergemn"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module OauthBwergemn
|
4
|
+
class InstallGenerator < Rails::Generators::Base
|
5
|
+
source_root File.expand_path('../../templates', __FILE__)
|
6
|
+
|
7
|
+
def copy_initializer
|
8
|
+
template 'initializer.rb', 'config/initializers/oauth_bwergemn.rb'
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'oauth_bwergemn/version'
|
4
|
+
|
5
|
+
require 'grape'
|
6
|
+
|
7
|
+
require 'oauth_bwergemn/configuration'
|
8
|
+
|
9
|
+
require 'oauth_bwergemn/oauth2'
|
10
|
+
require 'oauth_bwergemn/extension'
|
11
|
+
require 'oauth_bwergemn/helpers'
|
12
|
+
|
13
|
+
require 'oauth_bwergemn/base_strategy'
|
14
|
+
require 'oauth_bwergemn/auth_strategies/hub'
|
15
|
+
require 'oauth_bwergemn/auth_methods/auth_methods'
|
16
|
+
|
17
|
+
require 'oauth_bwergemn/errors/invalid_token'
|
18
|
+
require 'oauth_bwergemn/errors/invalid_scope'
|
19
|
+
|
20
|
+
module OauthBwergemn
|
21
|
+
extend OauthBwergemn::Configuration
|
22
|
+
define_setting :auth_strategy, 'hub'
|
23
|
+
define_setting :resources, user: 'User'
|
24
|
+
|
25
|
+
def self.config_resources
|
26
|
+
resources
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module OauthBwergemn
|
4
|
+
module AuthMethods
|
5
|
+
attr_accessor :the_access_token, :current_user, :credentials
|
6
|
+
attr_accessor :resource__token, :resource_owner, :resource_credentials
|
7
|
+
|
8
|
+
def protected_endpoint=(protected)
|
9
|
+
@protected_endpoint = protected
|
10
|
+
end
|
11
|
+
|
12
|
+
def protected_endpoint?
|
13
|
+
@protected_endpoint || false
|
14
|
+
end
|
15
|
+
|
16
|
+
def optional_endpoint=(opt)
|
17
|
+
@optional_endpoint = opt
|
18
|
+
end
|
19
|
+
|
20
|
+
def optional_endpoint?
|
21
|
+
@optional_endpoint || false
|
22
|
+
end
|
23
|
+
|
24
|
+
# rubocop:disable Lint/DuplicateMethods
|
25
|
+
def resource_token
|
26
|
+
@_resource_token
|
27
|
+
end
|
28
|
+
|
29
|
+
def resource_token=(token)
|
30
|
+
@_resource_token = token
|
31
|
+
end
|
32
|
+
|
33
|
+
def resource_owner=(resource)
|
34
|
+
@_resource_owner = resource
|
35
|
+
end
|
36
|
+
|
37
|
+
def resource_owner
|
38
|
+
@_resource_owner
|
39
|
+
end
|
40
|
+
|
41
|
+
def resource_credentials=(credentials)
|
42
|
+
@_resource_credentials = credentials
|
43
|
+
end
|
44
|
+
|
45
|
+
def resource_credentials
|
46
|
+
@_resource_credentials
|
47
|
+
end
|
48
|
+
# rubocop:enable Lint/DuplicateMethods
|
49
|
+
end
|
50
|
+
end
|