oauth-plugin 0.3.5

data/generators/oauth_provider/templates/edit.html.erb

@@ -0,0 +1,7 @@
+<h1>Edit your application</h1>
+<%% form_for :client_application, @client_application, :url => oauth_client_path(@client_application), :html => {:method => :put}  do |f| %>
+       <%%= render :partial => "form", :locals => { :f => f } %>
+       <%%= submit_tag "Edit" %>
+<%% end %>
+<%%= link_to 'Show', oauth_client_path(@client_application) %> |
+<%%= link_to 'Back', oauth_clients_path %>

data/generators/oauth_provider/templates/edit.html.haml

@@ -0,0 +1,4 @@
+%h1 Edit your application
+- form_for :client_application do |f|
+  = render :partial => "form", :locals => { :f => f }
+  = submit_tag "Edit"

data/generators/oauth_provider/templates/index.html.erb

@@ -0,0 +1,43 @@
+<div class="flash"><%%= flash[:notice] %></div>
+<h1>OAuth Client Applications</h1>
+<%% unless @tokens.empty? %>
+<p>The following tokens have been issued to applications in your name</p>
+<table>
+  <tr><th>Application</th><th>Issued</th><th>&nbsp;</th></tr>
+  <%% @tokens.each do |token|%>
+    <%% content_tag_for :tr, token do %>
+      <td><%%= link_to token.client_application.name, token.client_application.url %></td>
+      <td><%%= token.authorized_at %></td>
+      <td>
+        <%% form_tag :controller => 'oauth', :action => 'revoke' do %>
+        <%%= hidden_field_tag 'token', token.token %>
+        <%%= submit_tag "Revoke!" %>
+        <%% end %>
+      </td>
+    <%% end %>
+  <%% end %>
+  
+</table>
+<%% end %>
+<h3>Application Developers</h3>
+<%% if @client_applications.empty? %>
+  <p>
+    Do you have an application you would like to register for use with us using the <a href="http://oauth.net">OAuth</a> standard?
+  </p>
+  <p>
+    You must register your web application before it can make OAuth requests to this service
+  </p>
+<%% else %>
+  <p>
+    You have the following client applications registered:
+  </p>
+  <%% @client_applications.each do |client|%>
+    <%% div_for client do %>
+      <%%= link_to client.name, oauth_client_path(client) %>- 
+        <%%= link_to 'Edit', edit_oauth_client_path(client) %>
+        <%%= link_to 'Delete', oauth_client_path(client), :confirm => "Are you sure?", :method => :delete %>
+    <%% end %>
+  <%% end %>
+<%% end %>
+<br />
+<h3><%%= link_to "Register your application", :action => :new %></h3>

data/generators/oauth_provider/templates/index.html.haml

@@ -0,0 +1,39 @@
+.flash= flash[:notice]
+%h1 OAuth Client Applications
+- unless @tokens.empty?
+
+  %p 
+    The following tokens have been issued to applications in your name
+    
+  %table
+    %tr
+      %th Application
+      %th Issued
+      %th  
+    - @tokens.each do |token|
+      - content_tag_for :tr, token do
+        %td= link_to token.client_application.name, token.client_application.url
+        %td= token.authorized_at
+        %td
+          - form_tag :controller => 'oauth', :action => 'revoke' do
+            = hidden_field_tag 'token', token.token
+            = submit_tag "Revoke!"
+
+%h3 Application Developers
+
+- if @client_applications.empty?
+  %p
+    Do you have an application you would like to register for use with us using the <a href="http://oauth.net">OAuth</a> standard?
+    You must register your web application before it can make OAuth requests to this service
+- else
+  %p
+    You have the following client applications registered:
+
+  - @client_applications.each do |client|
+    - div_for client do
+      = link_to client.name, :action => :show, :id => client.id
+      = link_to 'Edit', edit_oauth_client_path(client)
+      = link_to 'Delete', oauth_client_path(client), :confirm => "Are you sure?", :method => :delete
+%br
+%h3
+  = link_to "Register your application", :action => :new

data/generators/oauth_provider/templates/migration.rb

@@ -0,0 +1,46 @@
+class CreateOauthTables < ActiveRecord::Migration
+  def self.up
+    create_table :client_applications do |t|
+      t.string :name
+      t.string :url
+      t.string :support_url
+      t.string :callback_url
+      t.string :key, :limit => 20
+      t.string :secret, :limit => 40
+      t.integer :user_id
+
+      t.timestamps
+    end
+    add_index :client_applications, :key, :unique
+    
+    create_table :oauth_tokens do |t|
+      t.integer :user_id
+      t.string :type, :limit => 20
+      t.integer :client_application_id
+      t.string :token, :limit => 20
+      t.string :secret, :limit => 40
+      t.string :callback_url
+      t.string :verifier, :limit => 20
+      t.timestamp :authorized_at, :invalidated_at
+      t.timestamps
+    end
+    
+    add_index :oauth_tokens, :token, :unique
+    
+    create_table :oauth_nonces do |t|
+      t.string :nonce
+      t.integer :timestamp
+
+      t.timestamps
+    end
+    add_index :oauth_nonces,[:nonce, :timestamp], :unique
+    
+  end
+
+  def self.down
+    drop_table :client_applications
+    drop_table :oauth_tokens
+    drop_table :oauth_nonces
+  end
+
+end

data/generators/oauth_provider/templates/new.html.erb

@@ -0,0 +1,5 @@
+<h1>Register a new application</h1>
+<%% form_for :client_application, :url => { :action => :create } do |f| %>
+   <%%= render :partial => "form", :locals => { :f => f } %>
+   <%%= submit_tag "Register" %>
+<%% end %>

data/generators/oauth_provider/templates/new.html.haml

@@ -0,0 +1,5 @@
+%h1 Register a new application
+
+- form_for :client_application, :url => { :action => :create } do |f|
+  = render :partial => "form", :locals => { :f => f }
+  = submit_tag "Register"

data/generators/oauth_provider/templates/oauth_nonce.rb

@@ -0,0 +1,13 @@
+# Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique.
+# Thus you can use the same nonce with a different timestamp and viceversa.
+class OauthNonce < ActiveRecord::Base
+  validates_presence_of :nonce, :timestamp
+  validates_uniqueness_of :nonce, :scope => :timestamp
+  
+  # Remembers a nonce and it's associated timestamp. It returns false if it has already been used
+  def self.remember(nonce, timestamp)
+    oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp)
+    return false if oauth_nonce.new_record?
+    oauth_nonce
+  end
+end

data/generators/oauth_provider/templates/oauth_nonce_spec.rb

@@ -0,0 +1,24 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+require 'oauth/helper'
+describe OauthNonce do
+  include OAuth::Helper
+  before(:each) do
+    @oauth_nonce = OauthNonce.remember(generate_key, Time.now.to_i)
+  end
+
+  it "should be valid" do
+    @oauth_nonce.should be_valid
+  end
+  
+  it "should not have errors" do
+    @oauth_nonce.errors.full_messages.should == []
+  end
+  
+  it "should not be a new record" do
+    @oauth_nonce.should_not be_new_record
+  end
+  
+  it "should not allow a second one with the same values" do
+    OauthNonce.remember(@oauth_nonce.nonce,@oauth_nonce.timestamp).should == false
+  end
+end

data/generators/oauth_provider/templates/oauth_nonce_test.rb

@@ -0,0 +1,26 @@
+require 'oauth/helper'
+require File.dirname(__FILE__) + '/../test_helper'
+
+class ClientNoneTest < ActiveSupport::TestCase
+  include OAuth::Helper
+  
+  def setup
+    @oauth_nonce = OauthNonce.remember(generate_key,Time.now.to_i)
+  end
+
+  def test_should_be_valid
+    assert @oauth_nonce.valid?
+  end
+  
+  def test_should_not_have_errors
+    assert_equal [], @oauth_nonce.errors.full_messages
+  end
+  
+  def test_should_not_be_a_new_record
+    assert !@oauth_nonce.new_record?
+  end
+  
+  def test_shuold_not_allow_a_second_one_with_the_same_values
+    assert_equal false, OauthNonce.remember(@oauth_nonce.nonce, @oauth_nonce.timestamp)
+  end
+end

data/generators/oauth_provider/templates/oauth_nonces.yml

@@ -0,0 +1,13 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+one:
+  id: 1
+  nonce: a_nonce
+  timestamp: 1
+  created_at: 2007-11-25 17:27:04
+  updated_at: 2007-11-25 17:27:04
+two:
+  id: 2
+  nonce: b_nonce
+  timestamp: 2
+  created_at: 2007-11-25 17:27:04
+  updated_at: 2007-11-25 17:27:04

data/generators/oauth_provider/templates/oauth_token.rb

@@ -0,0 +1,31 @@
+class OauthToken < ActiveRecord::Base
+  belongs_to :client_application
+  belongs_to :user
+  validates_uniqueness_of :token
+  validates_presence_of :client_application, :token, :secret
+  before_validation_on_create :generate_keys
+  
+  def invalidated?
+    invalidated_at != nil
+  end
+  
+  def invalidate!
+    update_attribute(:invalidated_at, Time.now)
+  end
+  
+  def authorized?
+    authorized_at != nil && !invalidated?
+  end
+    
+  def to_query
+    "oauth_token=#{token}&oauth_token_secret=#{secret}"
+  end
+    
+  protected
+  
+  def generate_keys
+    oauth_token = client_application.oauth_server.generate_credentials
+    self.token = oauth_token[0][0,20]
+    self.secret = oauth_token[1][0,40]
+  end
+end

data/generators/oauth_provider/templates/oauth_token_spec.rb

@@ -0,0 +1,309 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe RequestToken do
+  fixtures :client_applications, :users, :oauth_tokens
+  before(:each) do
+    @token = RequestToken.create :client_application => client_applications(:one)
+  end
+
+  it "should be valid" do
+    @token.should be_valid
+  end
+  
+  it "should not have errors" do
+    @token.errors.should_not == []
+  end
+  
+  it "should have a token" do
+    @token.token.should_not be_nil
+  end
+
+  it "should have a secret" do
+    @token.secret.should_not be_nil
+  end
+  
+  it "should not be authorized" do 
+    @token.should_not be_authorized
+  end
+
+  it "should not be invalidated" do
+    @token.should_not be_invalidated
+  end
+  
+  it "should not have a verifier" do
+    @token.verifier.should be_nil
+  end
+  
+  it "should not be oob" do
+    @token.should_not be_oob
+  end
+  
+  describe "OAuth 1.0a" do
+    
+    describe "with provided callback" do
+      before(:each) do
+        @token.callback_url="http://test.com/callback"        
+      end
+
+      it "should not be oauth10" do
+        @token.should_not be_oauth10
+      end
+      
+      it "should not be oob" do
+        @token.should_not be_oob
+      end
+
+      describe "authorize request" do
+        before(:each) do
+          @token.authorize!(users(:quentin))      
+        end
+
+        it "should be authorized" do
+          @token.should be_authorized      
+        end
+
+        it "should have authorized at" do
+          @token.authorized_at.should_not be_nil      
+        end
+
+        it "should have user set" do
+          @token.user.should == users(:quentin)      
+        end
+
+        it "should have verifier" do
+          @token.verifier.should_not be_nil      
+        end
+
+        describe "exchange for access token" do
+
+          before(:each) do
+            @token.provided_oauth_verifier=@token.verifier
+            @access = @token.exchange!
+          end
+          
+          it "should be valid" do
+            @access.should be_valid
+          end
+          
+          it "should have no error messages" do
+            @access.errors.full_messages.should==[]
+          end
+          
+          it "should invalidate request token" do
+            @token.should be_invalidated
+          end
+
+          it "should set user on access token" do
+            @access.user.should == users(:quentin)        
+          end
+          
+          it "should authorize accesstoken" do
+            @access.should be_authorized        
+          end
+        end
+
+        describe "attempt exchange with invalid verifier (OAuth 1.0a)" do
+
+          before(:each) do
+            @value = @token.exchange!
+          end
+
+          it "should return false" do
+            @value.should==false
+          end
+
+          it "should not invalidate request token" do
+            @token.should_not be_invalidated
+          end
+        end
+
+      end
+
+      describe "attempt exchange with out authorization" do
+
+        before(:each) do
+          @value = @token.exchange!
+        end
+
+        it "should return false" do
+          @value.should==false
+        end
+
+        it "should not invalidate request token" do
+          @token.should_not be_invalidated
+        end
+      end
+
+      it "should return 1.0a style to_query" do
+        @token.to_query.should=="oauth_token=#{@token.token}&oauth_token_secret=#{@token.secret}&oauth_callback_confirmed=true"
+      end
+
+    end
+
+    describe "with oob callback" do
+      before(:each) do
+        @token.callback_url='oob'
+      end
+
+      it "should not be oauth10" do
+        @token.should_not be_oauth10
+      end
+      
+      it "should be oob" do
+        @token.should be_oob
+      end
+
+      describe "authorize request" do
+        before(:each) do
+          @token.authorize!(users(:quentin))      
+        end
+
+        it "should be authorized" do
+          @token.should be_authorized      
+        end
+
+        it "should have authorized at" do
+          @token.authorized_at.should_not be_nil      
+        end
+
+        it "should have user set" do
+          @token.user.should == users(:quentin)      
+        end
+
+        it "should have verifier" do
+          @token.verifier.should_not be_nil      
+        end
+
+        describe "exchange for access token" do
+
+          before(:each) do
+            @token.provided_oauth_verifier=@token.verifier
+            @access = @token.exchange!
+          end
+
+          it "should invalidate request token" do
+            @token.should be_invalidated
+          end
+
+          it "should set user on access token" do
+            @access.user.should == users(:quentin)        
+          end
+
+          it "should authorize accesstoken" do
+            @access.should be_authorized        
+          end
+        end
+
+        describe "attempt exchange with invalid verifier (OAuth 1.0a)" do
+
+          before(:each) do
+            @value = @token.exchange!
+          end
+
+          it "should return false" do
+            @value.should==false
+          end
+
+          it "should not invalidate request token" do
+            @token.should_not be_invalidated
+          end
+        end
+
+      end
+
+      describe "attempt exchange with out authorization invalid verifier" do
+
+        before(:each) do
+          @value = @token.exchange!
+        end
+
+        it "should return false" do
+          @value.should==false
+        end
+
+        it "should not invalidate request token" do
+          @token.should_not be_invalidated
+        end
+      end
+
+      it "should return 1.0 style to_query" do
+        @token.to_query.should=="oauth_token=#{@token.token}&oauth_token_secret=#{@token.secret}&oauth_callback_confirmed=true"
+      end
+    end
+  end
+
+  if defined? OAUTH_10_SUPPORT && OAUTH_10_SUPPORT
+    describe "OAuth 1.0" do
+    
+      it "should be oauth10" do
+        @token.should be_oauth10
+      end
+      
+      it "should not be oob" do
+        @token.should_not be_oob
+      end
+
+      describe "authorize request" do
+        before(:each) do
+          @token.authorize!(users(:quentin))      
+        end
+
+        it "should be authorized" do
+          @token.should be_authorized      
+        end
+
+        it "should have authorized at" do
+          @token.authorized_at.should_not be_nil      
+        end
+
+        it "should have user set" do
+          @token.user.should == users(:quentin)      
+        end
+
+        it "should not have verifier" do
+          @token.verifier.should be_nil      
+        end
+
+        describe "exchange for access token" do
+
+          before(:each) do
+            @access = @token.exchange!
+          end
+
+          it "should invalidate request token" do
+            @token.should be_invalidated
+          end
+
+          it "should set user on access token" do
+            @access.user.should == users(:quentin)        
+          end
+
+          it "should authorize accesstoken" do
+            @access.should be_authorized        
+          end
+        end
+
+      end
+
+      describe "attempt exchange with out authorization" do
+
+        before(:each) do
+          @value = @token.exchange!
+        end
+
+        it "should return false" do
+          @value.should==false
+        end
+
+        it "should not invalidate request token" do
+          @token.should_not be_invalidated
+        end
+      end
+
+      it "should return 1.0 style to_query" do
+        @token.to_query.should=="oauth_token=#{@token.token}&oauth_token_secret=#{@token.secret}"
+      end
+
+    end
+  end
+end