oauth-plugin 0.4.0.rc2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +7 -0
- data/README.rdoc +1 -1
- data/UPGRADE.rdoc +1 -1
- data/generators/oauth_consumer/oauth_consumer_generator.rb +9 -9
- data/generators/oauth_consumer/templates/consumer_token.rb +3 -3
- data/generators/oauth_consumer/templates/controller.rb +5 -5
- data/generators/oauth_consumer/templates/migration.rb +3 -3
- data/generators/oauth_consumer/templates/oauth_config.rb +3 -3
- data/generators/oauth_consumer/templates/show.html.haml +1 -1
- data/generators/oauth_provider/USAGE +1 -1
- data/generators/oauth_provider/lib/insert_routes.rb +8 -8
- data/generators/oauth_provider/oauth_provider_generator.rb +10 -10
- data/generators/oauth_provider/templates/_form.html.haml +4 -4
- data/generators/oauth_provider/templates/access_token.rb +4 -4
- data/generators/oauth_provider/templates/client_application.rb +8 -8
- data/generators/oauth_provider/templates/client_application_spec.rb +5 -5
- data/generators/oauth_provider/templates/client_application_test.rb +7 -7
- data/generators/oauth_provider/templates/clients_controller.rb +4 -4
- data/generators/oauth_provider/templates/clients_controller_spec.rb +30 -30
- data/generators/oauth_provider/templates/clients_controller_test.rb +54 -54
- data/generators/oauth_provider/templates/controller.rb +3 -3
- data/generators/oauth_provider/templates/index.html.erb +2 -2
- data/generators/oauth_provider/templates/index.html.haml +2 -2
- data/generators/oauth_provider/templates/migration.rb +5 -5
- data/generators/oauth_provider/templates/oauth2_authorize.html.erb +1 -1
- data/generators/oauth_provider/templates/oauth_nonce.rb +1 -1
- data/generators/oauth_provider/templates/oauth_nonce_spec.rb +3 -3
- data/generators/oauth_provider/templates/oauth_nonce_test.rb +4 -4
- data/generators/oauth_provider/templates/oauth_token.rb +6 -6
- data/generators/oauth_provider/templates/oauth_token_spec.rb +38 -38
- data/generators/oauth_provider/templates/oauth_token_test.rb +10 -10
- data/generators/oauth_provider/templates/request_token.rb +7 -7
- data/generators/oauth_provider/templates/show.html.haml +3 -3
- data/init.rb +1 -1
- data/lib/generators/active_record/oauth_consumer_templates/consumer_token.rb +3 -3
- data/lib/generators/active_record/oauth_consumer_templates/migration.rb +3 -3
- data/lib/generators/active_record/oauth_provider_templates/migration.rb +1 -1
- data/lib/generators/active_record/oauth_provider_templates/request_token.rb +1 -1
- data/lib/generators/haml/oauth_consumer_templates/show.html.haml +1 -1
- data/lib/generators/mongoid/oauth_consumer_templates/consumer_token.rb +6 -6
- data/lib/generators/mongoid/oauth_provider_templates/oauth_token.rb +1 -1
- data/lib/generators/mongoid/oauth_provider_templates/request_token.rb +1 -1
- data/lib/generators/oauth_consumer/oauth_consumer_generator.rb +6 -6
- data/lib/generators/oauth_consumer/templates/controller.rb +10 -10
- data/lib/generators/oauth_consumer/templates/oauth_config.rb +3 -3
- data/lib/oauth-plugin.rb +7 -5
- data/lib/oauth-plugin/version.rb +1 -1
- data/lib/oauth/controllers/application_controller_methods.rb +19 -19
- data/lib/oauth/controllers/consumer_controller.rb +25 -15
- data/lib/oauth/models/consumers/service_loader.rb +1 -1
- data/lib/oauth/models/consumers/services/agree2_token.rb +2 -2
- data/lib/oauth/models/consumers/services/fireeagle_token.rb +7 -7
- data/lib/oauth/models/consumers/services/oauth2_token.rb +9 -9
- data/lib/oauth/models/consumers/services/opentransact_token.rb +4 -4
- data/lib/oauth/models/consumers/services/picomoney_token.rb +2 -2
- data/lib/oauth/models/consumers/services/twitter_token.rb +5 -5
- data/lib/oauth/models/consumers/simple_client.rb +5 -5
- data/lib/oauth/models/consumers/token.rb +13 -14
- data/oauth-plugin.gemspec +1 -1
- metadata +160 -111
@@ -1,14 +1,14 @@
|
|
1
1
|
require 'oauth/controllers/provider_controller'
|
2
2
|
class OauthController < ApplicationController
|
3
3
|
include OAuth::Controllers::ProviderController
|
4
|
-
|
4
|
+
|
5
5
|
protected
|
6
6
|
# Override this to match your authorization page form
|
7
7
|
# It currently expects a checkbox called authorize
|
8
8
|
# def user_authorizes_token?
|
9
9
|
# params[:authorize] == '1'
|
10
10
|
# end
|
11
|
-
|
11
|
+
|
12
12
|
# should authenticate and return a user if valid password.
|
13
13
|
# This example should work with most Authlogic or Devise. Uncomment it
|
14
14
|
# def authenticate_user(username,password)
|
@@ -19,5 +19,5 @@ class OauthController < ApplicationController
|
|
19
19
|
# nil
|
20
20
|
# end
|
21
21
|
# end
|
22
|
-
|
22
|
+
|
23
23
|
end
|
@@ -16,7 +16,7 @@
|
|
16
16
|
</td>
|
17
17
|
<%% end %>
|
18
18
|
<%% end %>
|
19
|
-
|
19
|
+
|
20
20
|
</table>
|
21
21
|
<%% end %>
|
22
22
|
<h3>Application Developers</h3>
|
@@ -33,7 +33,7 @@
|
|
33
33
|
</p>
|
34
34
|
<%% @client_applications.each do |client|%>
|
35
35
|
<%% div_for client do %>
|
36
|
-
<%%= link_to client.name, oauth_client_path(client) %>-
|
36
|
+
<%%= link_to client.name, oauth_client_path(client) %>-
|
37
37
|
<%%= link_to 'Edit', edit_oauth_client_path(client) %>
|
38
38
|
<%%= link_to 'Delete', oauth_client_path(client), :confirm => "Are you sure?", :method => :delete %>
|
39
39
|
<%% end %>
|
@@ -12,7 +12,7 @@ class CreateOauthTables < ActiveRecord::Migration
|
|
12
12
|
t.timestamps
|
13
13
|
end
|
14
14
|
add_index :client_applications, :key, :unique => true
|
15
|
-
|
15
|
+
|
16
16
|
create_table :oauth_tokens do |t|
|
17
17
|
t.integer :user_id
|
18
18
|
t.string :type, :limit => 20
|
@@ -22,12 +22,12 @@ class CreateOauthTables < ActiveRecord::Migration
|
|
22
22
|
t.string :callback_url
|
23
23
|
t.string :verifier, :limit => 20
|
24
24
|
t.string :scope
|
25
|
-
t.timestamp :authorized_at, :invalidated_at, :
|
25
|
+
t.timestamp :authorized_at, :invalidated_at, :expires_at
|
26
26
|
t.timestamps
|
27
27
|
end
|
28
|
-
|
28
|
+
|
29
29
|
add_index :oauth_tokens, :token, :unique => true
|
30
|
-
|
30
|
+
|
31
31
|
create_table :oauth_nonces do |t|
|
32
32
|
t.string :nonce
|
33
33
|
t.integer :timestamp
|
@@ -35,7 +35,7 @@ class CreateOauthTables < ActiveRecord::Migration
|
|
35
35
|
t.timestamps
|
36
36
|
end
|
37
37
|
add_index :oauth_nonces,[:nonce, :timestamp], :unique
|
38
|
-
|
38
|
+
|
39
39
|
end
|
40
40
|
|
41
41
|
def self.down
|
@@ -3,7 +3,7 @@
|
|
3
3
|
class OauthNonce < ActiveRecord::Base
|
4
4
|
validates_presence_of :nonce, :timestamp
|
5
5
|
validates_uniqueness_of :nonce, :scope => :timestamp
|
6
|
-
|
6
|
+
|
7
7
|
# Remembers a nonce and it's associated timestamp. It returns false if it has already been used
|
8
8
|
def self.remember(nonce, timestamp)
|
9
9
|
oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp)
|
@@ -9,15 +9,15 @@ describe OauthNonce do
|
|
9
9
|
it "should be valid" do
|
10
10
|
@oauth_nonce.should be_valid
|
11
11
|
end
|
12
|
-
|
12
|
+
|
13
13
|
it "should not have errors" do
|
14
14
|
@oauth_nonce.errors.full_messages.should == []
|
15
15
|
end
|
16
|
-
|
16
|
+
|
17
17
|
it "should not be a new record" do
|
18
18
|
@oauth_nonce.should_not be_new_record
|
19
19
|
end
|
20
|
-
|
20
|
+
|
21
21
|
it "should not allow a second one with the same values" do
|
22
22
|
OauthNonce.remember(@oauth_nonce.nonce,@oauth_nonce.timestamp).should == false
|
23
23
|
end
|
@@ -3,7 +3,7 @@ require 'oauth/helper'
|
|
3
3
|
|
4
4
|
class ClientNoneTest < ActiveSupport::TestCase
|
5
5
|
include OAuth::Helper
|
6
|
-
|
6
|
+
|
7
7
|
def setup
|
8
8
|
@oauth_nonce = OauthNonce.remember(generate_key,Time.now.to_i)
|
9
9
|
end
|
@@ -11,15 +11,15 @@ class ClientNoneTest < ActiveSupport::TestCase
|
|
11
11
|
def test_should_be_valid
|
12
12
|
assert @oauth_nonce.valid?
|
13
13
|
end
|
14
|
-
|
14
|
+
|
15
15
|
def test_should_not_have_errors
|
16
16
|
assert_equal [], @oauth_nonce.errors.full_messages
|
17
17
|
end
|
18
|
-
|
18
|
+
|
19
19
|
def test_should_not_be_a_new_record
|
20
20
|
assert !@oauth_nonce.new_record?
|
21
21
|
end
|
22
|
-
|
22
|
+
|
23
23
|
def test_shuold_not_allow_a_second_one_with_the_same_values
|
24
24
|
assert_equal false, OauthNonce.remember(@oauth_nonce.nonce, @oauth_nonce.timestamp)
|
25
25
|
end
|
@@ -4,25 +4,25 @@ class OauthToken < ActiveRecord::Base
|
|
4
4
|
validates_uniqueness_of :token
|
5
5
|
validates_presence_of :client_application, :token
|
6
6
|
before_validation_on_create :generate_keys
|
7
|
-
|
7
|
+
|
8
8
|
def invalidated?
|
9
9
|
invalidated_at != nil
|
10
10
|
end
|
11
|
-
|
11
|
+
|
12
12
|
def invalidate!
|
13
13
|
update_attribute(:invalidated_at, Time.now)
|
14
14
|
end
|
15
|
-
|
15
|
+
|
16
16
|
def authorized?
|
17
17
|
authorized_at != nil && !invalidated?
|
18
18
|
end
|
19
|
-
|
19
|
+
|
20
20
|
def to_query
|
21
21
|
"oauth_token=#{token}&oauth_token_secret=#{secret}"
|
22
22
|
end
|
23
|
-
|
23
|
+
|
24
24
|
protected
|
25
|
-
|
25
|
+
|
26
26
|
def generate_keys
|
27
27
|
self.token = OAuth::Helper.generate_key(40)[0,40]
|
28
28
|
self.secret = OAuth::Helper.generate_key(40)[0,40]
|
@@ -9,11 +9,11 @@ describe RequestToken do
|
|
9
9
|
it "should be valid" do
|
10
10
|
@token.should be_valid
|
11
11
|
end
|
12
|
-
|
12
|
+
|
13
13
|
it "should not have errors" do
|
14
14
|
@token.errors.should_not == []
|
15
15
|
end
|
16
|
-
|
16
|
+
|
17
17
|
it "should have a token" do
|
18
18
|
@token.token.should_not be_nil
|
19
19
|
end
|
@@ -21,57 +21,57 @@ describe RequestToken do
|
|
21
21
|
it "should have a secret" do
|
22
22
|
@token.secret.should_not be_nil
|
23
23
|
end
|
24
|
-
|
25
|
-
it "should not be authorized" do
|
24
|
+
|
25
|
+
it "should not be authorized" do
|
26
26
|
@token.should_not be_authorized
|
27
27
|
end
|
28
28
|
|
29
29
|
it "should not be invalidated" do
|
30
30
|
@token.should_not be_invalidated
|
31
31
|
end
|
32
|
-
|
32
|
+
|
33
33
|
it "should not have a verifier" do
|
34
34
|
@token.verifier.should be_nil
|
35
35
|
end
|
36
|
-
|
36
|
+
|
37
37
|
it "should not be oob" do
|
38
38
|
@token.should_not be_oob
|
39
39
|
end
|
40
|
-
|
40
|
+
|
41
41
|
describe "OAuth 1.0a" do
|
42
|
-
|
42
|
+
|
43
43
|
describe "with provided callback" do
|
44
44
|
before(:each) do
|
45
|
-
@token.callback_url="http://test.com/callback"
|
45
|
+
@token.callback_url="http://test.com/callback"
|
46
46
|
end
|
47
47
|
|
48
48
|
it "should not be oauth10" do
|
49
49
|
@token.should_not be_oauth10
|
50
50
|
end
|
51
|
-
|
51
|
+
|
52
52
|
it "should not be oob" do
|
53
53
|
@token.should_not be_oob
|
54
54
|
end
|
55
55
|
|
56
56
|
describe "authorize request" do
|
57
57
|
before(:each) do
|
58
|
-
@token.authorize!(users(:quentin))
|
58
|
+
@token.authorize!(users(:quentin))
|
59
59
|
end
|
60
60
|
|
61
61
|
it "should be authorized" do
|
62
|
-
@token.should be_authorized
|
62
|
+
@token.should be_authorized
|
63
63
|
end
|
64
64
|
|
65
65
|
it "should have authorized at" do
|
66
|
-
@token.authorized_at.should_not be_nil
|
66
|
+
@token.authorized_at.should_not be_nil
|
67
67
|
end
|
68
68
|
|
69
69
|
it "should have user set" do
|
70
|
-
@token.user.should == users(:quentin)
|
70
|
+
@token.user.should == users(:quentin)
|
71
71
|
end
|
72
72
|
|
73
73
|
it "should have verifier" do
|
74
|
-
@token.verifier.should_not be_nil
|
74
|
+
@token.verifier.should_not be_nil
|
75
75
|
end
|
76
76
|
|
77
77
|
describe "exchange for access token" do
|
@@ -80,25 +80,25 @@ describe RequestToken do
|
|
80
80
|
@token.provided_oauth_verifier=@token.verifier
|
81
81
|
@access = @token.exchange!
|
82
82
|
end
|
83
|
-
|
83
|
+
|
84
84
|
it "should be valid" do
|
85
85
|
@access.should be_valid
|
86
86
|
end
|
87
|
-
|
87
|
+
|
88
88
|
it "should have no error messages" do
|
89
89
|
@access.errors.full_messages.should==[]
|
90
90
|
end
|
91
|
-
|
91
|
+
|
92
92
|
it "should invalidate request token" do
|
93
93
|
@token.should be_invalidated
|
94
94
|
end
|
95
95
|
|
96
96
|
it "should set user on access token" do
|
97
|
-
@access.user.should == users(:quentin)
|
97
|
+
@access.user.should == users(:quentin)
|
98
98
|
end
|
99
|
-
|
99
|
+
|
100
100
|
it "should authorize accesstoken" do
|
101
|
-
@access.should be_authorized
|
101
|
+
@access.should be_authorized
|
102
102
|
end
|
103
103
|
end
|
104
104
|
|
@@ -148,30 +148,30 @@ describe RequestToken do
|
|
148
148
|
it "should not be oauth10" do
|
149
149
|
@token.should_not be_oauth10
|
150
150
|
end
|
151
|
-
|
151
|
+
|
152
152
|
it "should be oob" do
|
153
153
|
@token.should be_oob
|
154
154
|
end
|
155
155
|
|
156
156
|
describe "authorize request" do
|
157
157
|
before(:each) do
|
158
|
-
@token.authorize!(users(:quentin))
|
158
|
+
@token.authorize!(users(:quentin))
|
159
159
|
end
|
160
160
|
|
161
161
|
it "should be authorized" do
|
162
|
-
@token.should be_authorized
|
162
|
+
@token.should be_authorized
|
163
163
|
end
|
164
164
|
|
165
165
|
it "should have authorized at" do
|
166
|
-
@token.authorized_at.should_not be_nil
|
166
|
+
@token.authorized_at.should_not be_nil
|
167
167
|
end
|
168
168
|
|
169
169
|
it "should have user set" do
|
170
|
-
@token.user.should == users(:quentin)
|
170
|
+
@token.user.should == users(:quentin)
|
171
171
|
end
|
172
172
|
|
173
173
|
it "should have verifier" do
|
174
|
-
@token.verifier.should_not be_nil
|
174
|
+
@token.verifier.should_not be_nil
|
175
175
|
end
|
176
176
|
|
177
177
|
describe "exchange for access token" do
|
@@ -186,11 +186,11 @@ describe RequestToken do
|
|
186
186
|
end
|
187
187
|
|
188
188
|
it "should set user on access token" do
|
189
|
-
@access.user.should == users(:quentin)
|
189
|
+
@access.user.should == users(:quentin)
|
190
190
|
end
|
191
191
|
|
192
192
|
it "should authorize accesstoken" do
|
193
|
-
@access.should be_authorized
|
193
|
+
@access.should be_authorized
|
194
194
|
end
|
195
195
|
end
|
196
196
|
|
@@ -234,34 +234,34 @@ describe RequestToken do
|
|
234
234
|
|
235
235
|
if defined? OAUTH_10_SUPPORT && OAUTH_10_SUPPORT
|
236
236
|
describe "OAuth 1.0" do
|
237
|
-
|
237
|
+
|
238
238
|
it "should be oauth10" do
|
239
239
|
@token.should be_oauth10
|
240
240
|
end
|
241
|
-
|
241
|
+
|
242
242
|
it "should not be oob" do
|
243
243
|
@token.should_not be_oob
|
244
244
|
end
|
245
245
|
|
246
246
|
describe "authorize request" do
|
247
247
|
before(:each) do
|
248
|
-
@token.authorize!(users(:quentin))
|
248
|
+
@token.authorize!(users(:quentin))
|
249
249
|
end
|
250
250
|
|
251
251
|
it "should be authorized" do
|
252
|
-
@token.should be_authorized
|
252
|
+
@token.should be_authorized
|
253
253
|
end
|
254
254
|
|
255
255
|
it "should have authorized at" do
|
256
|
-
@token.authorized_at.should_not be_nil
|
256
|
+
@token.authorized_at.should_not be_nil
|
257
257
|
end
|
258
258
|
|
259
259
|
it "should have user set" do
|
260
|
-
@token.user.should == users(:quentin)
|
260
|
+
@token.user.should == users(:quentin)
|
261
261
|
end
|
262
262
|
|
263
263
|
it "should not have verifier" do
|
264
|
-
@token.verifier.should be_nil
|
264
|
+
@token.verifier.should be_nil
|
265
265
|
end
|
266
266
|
|
267
267
|
describe "exchange for access token" do
|
@@ -275,11 +275,11 @@ describe RequestToken do
|
|
275
275
|
end
|
276
276
|
|
277
277
|
it "should set user on access token" do
|
278
|
-
@access.user.should == users(:quentin)
|
278
|
+
@access.user.should == users(:quentin)
|
279
279
|
end
|
280
280
|
|
281
281
|
it "should authorize accesstoken" do
|
282
|
-
@access.should be_authorized
|
282
|
+
@access.should be_authorized
|
283
283
|
end
|
284
284
|
end
|
285
285
|
|
@@ -3,7 +3,7 @@ require File.dirname(__FILE__) + '/../test_helper'
|
|
3
3
|
class RequestTokenTest < ActiveSupport::TestCase
|
4
4
|
|
5
5
|
fixtures :client_applications, :users, :oauth_tokens
|
6
|
-
|
6
|
+
|
7
7
|
def setup
|
8
8
|
@token = RequestToken.create :client_application=>client_applications(:one)
|
9
9
|
end
|
@@ -11,11 +11,11 @@ class RequestTokenTest < ActiveSupport::TestCase
|
|
11
11
|
def test_should_be_valid
|
12
12
|
assert @token.valid?
|
13
13
|
end
|
14
|
-
|
14
|
+
|
15
15
|
def test_should_not_have_errors
|
16
16
|
assert @token.errors.empty?
|
17
17
|
end
|
18
|
-
|
18
|
+
|
19
19
|
def test_should_have_a_token
|
20
20
|
assert_not_nil @token.token
|
21
21
|
end
|
@@ -23,35 +23,35 @@ class RequestTokenTest < ActiveSupport::TestCase
|
|
23
23
|
def test_should_have_a_secret
|
24
24
|
assert_not_nil @token.secret
|
25
25
|
end
|
26
|
-
|
27
|
-
def test_should_not_be_authorized
|
26
|
+
|
27
|
+
def test_should_not_be_authorized
|
28
28
|
assert !@token.authorized?
|
29
29
|
end
|
30
30
|
|
31
31
|
def test_should_not_be_invalidated
|
32
32
|
assert !@token.invalidated?
|
33
33
|
end
|
34
|
-
|
34
|
+
|
35
35
|
def test_should_authorize_request
|
36
36
|
@token.authorize!(users(:quentin))
|
37
37
|
assert @token.authorized?
|
38
38
|
assert_not_nil @token.authorized_at
|
39
39
|
assert_equal users(:quentin), @token.user
|
40
40
|
end
|
41
|
-
|
41
|
+
|
42
42
|
def test_should_not_exchange_without_approval
|
43
43
|
assert_equal false, @token.exchange!
|
44
44
|
assert_equal false, @token.invalidated?
|
45
45
|
end
|
46
|
-
|
46
|
+
|
47
47
|
def test_should_not_exchange_without_approval
|
48
48
|
@token.authorize!(users(:quentin))
|
49
49
|
@access = @token.exchange!
|
50
50
|
assert_not_equal false, @access
|
51
51
|
assert @token.invalidated?
|
52
|
-
|
52
|
+
|
53
53
|
assert_equal users(:quentin), @access.user
|
54
54
|
assert @access.authorized?
|
55
55
|
end
|
56
|
-
|
56
|
+
|
57
57
|
end
|