oauth-plugin 0.3.14 → 0.4.0.pre1

data/CHANGELOG

@@ -1,3 +1,13 @@
+  0.4.0
+	- mongoid support in rails 3 [Alexander Semyonov]
+	- OAUTH 2.0 authorization_code and password grant types
+	- Supports OAuth 2.0 draft 10 (Note this is incompatible with previous drafts)
+	- Refactored application_controller_methods to be a lot less intrusive
+	- Increased default token and key size in anticipation of OAuth2 support
+	- Rails 3 support
+	- Rails 3 generators [Paul Rosiana] and patches by [Alexander Flatter]
+	- Modularized Rails 3 generators [Alexander Semyonov]
+	- Callback urls now allow query parameters. Multiple patches but I used [Unk]'s.
 10/08/2009
   0.3.14
   - Fixed the class generation when you have a custom token defined. [Brian Morearty]

data/README.rdoc

@@ -6,6 +6,10 @@ We support the revised OAuth 1.0a specs at:
 
 http://oauth.net/core/1.0a
 
+As well as support for OAuth 2.0:
+
+http://tools.ietf.org/html/draft-ietf-oauth-v2-10
+
 and the OAuth site at:
 
 http://oauth.net
@@ -16,7 +20,7 @@ http://mojodna.net/2009/05/20/an-idiots-guide-to-oauth-10a.html
 
 == Requirements
 
-You need to install the oauth gem (0.3.5) which is the core OAuth ruby library. It will NOT work on any previous version of the gem.
+You need to install the oauth gem (0.4.1) which is the core OAuth ruby library. It will NOT work on any previous version of the gem.
   
   sudo gem install oauth
 
@@ -35,7 +39,7 @@ Alternatively you can install it in vendors/plugin:
 
   script/plugin install git://github.com/pelle/oauth-plugin.git
 
-The Generator currently creates code (in particular views) that only work in Rails 2.
+The Generator currently creates code (in particular views) that only work in Rails 2 and 3.
 
 It should not be difficult to manually modify the code to work on Rails 1.2.x
 
@@ -43,7 +47,34 @@ I think the only real issue is that the views have .html.erb extensions. So thes
 
 Please let me know if this works and I will see if I can make the generator conditionally create .rhtml for pre 2.0 versions of RAILS.
 
-== OAuth Provider generator
+== OAuth Provider generator (Rails 3)
+
+This currently supports rspec, test_unit, haml, erb, active_record and mongoid:
+
+  rails g oauth_provider
+
+This generates OAuth and OAuth client controllers as well as the required models.
+
+It requires an authentication framework such as acts_as_authenticated, restful_authentication or restful_open_id_authentication. It also requires Rails 2.0.
+
+=== Generator Options
+
+The generator supports the defaults you have created in your application.rb file. eg:
+
+  config.generators do |g|
+    g.orm             :mongoid
+    g.template_engine :haml
+    g.test_framework  :rspec
+  end
+
+=== User Model
+
+Add the following lines to your user model:
+
+  has_many :client_applications
+  has_many :tokens, :class_name=>"OauthToken",:order=>"authorized_at desc",:include=>[:client_application]
+
+== OAuth Provider generator (Rails 2)
 
 While it isn't very flexible at the moment there is an oauth_provider generator which you can use like this:
 
@@ -255,18 +286,24 @@ You could add application specific information to the OauthToken and ClientAppli
 
 The oauth_consumer generator creates a controller to manage the authentication flow between your application and any number of external OAuth secured applications that you wish to connect to.
 
-To run it simply run:
+To run it in Rails 3 simply run:
+  
+  rails g oauth_consumer
+
+In previous versions:
 
   ./script/generate oauth_consumer
 
 This generates the OauthConsumerController as well as the ConsumerToken model.
 
-=== Generator Options
+=== Generator Options (Rails 2)
 
 By default the generator generates ERB templates. The generator can instead create HAML templates. To do this use the following options:
 
   ./script/generate oauth_consumer --haml
 
+Rails 3 respects your application defaults, see the oauth provider generator section above for more info. 
+
 === Configuration
 
 All configuration of applications is done in
@@ -315,7 +352,7 @@ eg. If you connect to Yahoo's FireEagle you would add the :fire_eagle entry to O
 
 This allows you to add a has_one association in your user model:
 
-  has_one  :fire_eagle,:class_name=>"FireEagleToken", :dependent=>:destroy
+  has_one  :fire_eagle, :class_name=>"FireEagleToken", :dependent=>:destroy
 
 And you could do:
 
@@ -359,8 +396,6 @@ Run them as any other normal migration in rails with:
 
 == More
 
-The Google Code project is http://code.google.com/p/oauth-plugin/
-
 The Mailing List for all things OAuth in Ruby is:
 
 http://groups.google.com/group/oauth-ruby
@@ -373,4 +408,4 @@ The OAuth Ruby Gem home page is http://oauth.rubyforge.org
 
 Please help documentation, patches and testing.
 
-Copyright (c) 2007-2009 Pelle Braendgaard, released under the MIT license
+Copyright (c) 2007-2010 Pelle Braendgaard and contributors, released under the MIT license

data/Rakefile

@@ -15,7 +15,7 @@ end
 desc 'Generate documentation for the oauth plugin.'
 Rake::RDocTask.new(:rdoc) do |rdoc|
   rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'Oauth'
+  rdoc.title    = 'OAuth Plugin'
   rdoc.options << '--line-numbers' << '--inline-source'
   rdoc.rdoc_files.include('README')
   rdoc.rdoc_files.include('lib/**/*.rb')
@@ -30,7 +30,7 @@ begin
     gemspec.email = "oauth-ruby@googlegroups.com"
     gemspec.homepage = "http://github.com/pelle/oauth-plugin"
     gemspec.authors = ["Pelle Braendgaard"]
-    gemspec.add_dependency('oauth', '>= 0.3.5')
+    gemspec.add_dependency('oauth', '>= 0.4.4')
     gemspec.rubyforge_project = 'oauth'
   end
   

data/VERSION

@@ -1 +1 @@
-0.3.14
+0.4.0.pre1

data/generators/oauth_consumer/templates/migration.rb

@@ -9,7 +9,7 @@ class CreateOauthConsumerTokens < ActiveRecord::Migration
       t.timestamps
     end
     
-    add_index :consumer_tokens, :token, :unique
+    add_index :consumer_tokens, :token, :unique => true
     
   end
 

data/generators/oauth_provider/oauth_provider_generator.rb

@@ -43,6 +43,8 @@ class OauthProviderGenerator < Rails::Generator::Base
       m.template 'oauth_token.rb',    File.join('app/models',"oauth_token.rb")
       m.template 'request_token.rb',  File.join('app/models',"request_token.rb")
       m.template 'access_token.rb',   File.join('app/models',"access_token.rb")
+      m.template 'oauth2_token.rb',    File.join('app/models',"oauth2_token.rb")
+      m.template 'oauth2_verifier.rb',    File.join('app/models',"oauth2_verifier.rb")
       m.template 'oauth_nonce.rb',    File.join('app/models',"oauth_nonce.rb")
 
       m.template 'controller.rb',File.join('app/controllers',controller_class_path,"#{controller_file_name}_controller.rb")
@@ -52,6 +54,7 @@ class OauthProviderGenerator < Rails::Generator::Base
       m.route_name 'authorize', '/oauth/authorize',:controller=>'oauth',:action=>'authorize'
       m.route_name 'request_token', '/oauth/request_token',:controller=>'oauth',:action=>'request_token'
       m.route_name 'access_token', '/oauth/access_token',:controller=>'oauth',:action=>'access_token'
+      m.route_name 'token', '/oauth/token',:controller=>'oauth',:action=>'token'
       m.route_name 'test_request', '/oauth/test_request',:controller=>'oauth',:action=>'test_request'
 
       m.route_resources "#{controller_file_name}_clients".to_sym
@@ -64,6 +67,8 @@ class OauthProviderGenerator < Rails::Generator::Base
         
         m.template 'client_application_spec.rb',File.join('spec/models',"client_application_spec.rb")
         m.template 'oauth_token_spec.rb',    File.join('spec/models',"oauth_token_spec.rb")
+        m.template 'oauth2_token_spec.rb',    File.join('spec/models',"oauth2_token_spec.rb")
+        m.template 'oauth2_verifier_spec.rb', File.join('spec/models',"oauth2_verifier_spec.rb")
         m.template 'oauth_nonce_spec.rb',    File.join('spec/models',"oauth_nonce_spec.rb")
         m.template 'client_applications.yml',File.join('spec/fixtures',"client_applications.yml")
         m.template 'oauth_tokens.yml',    File.join('spec/fixtures',"oauth_tokens.yml")
@@ -96,6 +101,7 @@ class OauthProviderGenerator < Rails::Generator::Base
       m.template "show.html.#{@template_extension}",  File.join('app/views', controller_class_path, 'oauth_clients', "show.html.#{@template_extension}")
       m.template "edit.html.#{@template_extension}",  File.join('app/views', controller_class_path, 'oauth_clients', "edit.html.#{@template_extension}")
       m.template "authorize.html.#{@template_extension}",  File.join('app/views', controller_class_path, controller_file_name, "authorize.html.#{@template_extension}")
+      m.template "oauth2_authorize.html.#{@template_extension}",  File.join('app/views', controller_class_path, controller_file_name, "oauth2_authorize.html.#{@template_extension}")
       m.template "authorize_success.html.#{@template_extension}",  File.join('app/views', controller_class_path, controller_file_name, "authorize_success.html.#{@template_extension}")
       m.template "authorize_failure.html.#{@template_extension}",  File.join('app/views', controller_class_path, controller_file_name, "authorize_failure.html.#{@template_extension}")
       

data/generators/oauth_provider/templates/access_token.rb

@@ -1,5 +1,5 @@
 class AccessToken < OauthToken
-  validates_presence_of :user
+  validates_presence_of :user, :secret
   before_create :set_authorized_at
   
   # Implement this to return a hash or array of the capabilities the access token has
@@ -13,4 +13,4 @@ class AccessToken < OauthToken
   def set_authorized_at
     self.authorized_at = Time.now
   end
-end
+end

data/generators/oauth_provider/templates/client_application.rb

@@ -2,6 +2,9 @@ require 'oauth'
 class ClientApplication < ActiveRecord::Base
   belongs_to :user
   has_many :tokens, :class_name => "OauthToken"
+  has_many :access_tokens
+  has_many :oauth2_verifiers
+  has_many :oauth_tokens
   validates_presence_of :name, :url, :key, :secret
   validates_uniqueness_of :key
   before_validation_on_create :generate_keys
@@ -28,7 +31,6 @@ class ClientApplication < ActiveRecord::Base
       value = signature.verify
       value
     rescue OAuth::Signature::UnknownSignatureMethod => e
-      logger.info "ERROR"+e.to_s
       false
     end
   end
@@ -41,15 +43,15 @@ class ClientApplication < ActiveRecord::Base
     @oauth_client ||= OAuth::Consumer.new(key, secret)
   end
     
-  def create_request_token
-    RequestToken.create :client_application => self,:callback_url=>self.token_callback_url
+  # If your application requires passing in extra parameters handle it here
+  def create_request_token(params={}) 
+    RequestToken.create :client_application => self, :callback_url=>self.token_callback_url
   end
   
 protected
   
   def generate_keys
-    oauth_client = oauth_server.generate_consumer_credentials
-    self.key = oauth_client.key[0,20]
-    self.secret = oauth_client.secret[0,40]
+    self.key = OAuth::Helper.generate_key(40)[0,40]
+    self.secret = OAuth::Helper.generate_key(40)[0,40]
   end
 end

data/generators/oauth_provider/templates/client_applications.yml

@@ -2,9 +2,9 @@
 one:
   id: 1
   name: MyString
-  url: MyString
-  support_url: MyString
-  callback_url: MyString
+  url: http://test.com
+  support_url: http://test.com/support
+  callback_url: http://test.com/callback
   key: one_key
   secret: MyString
   user_id: 1
@@ -13,9 +13,9 @@ one:
 two:
   id: 2
   name: MyString
-  url: MyString
-  support_url: MyString
-  callback_url: MyString
+  url: http://test.com
+  support_url: http://test.com/support
+  callback_url: http://test.com/callback
   key: two_key
   secret: MyString
   user_id: 1

data/generators/oauth_provider/templates/clients_controller_spec.rb

@@ -2,238 +2,175 @@ require File.dirname(__FILE__) + '/../spec_helper'
 require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
 require 'oauth/client/action_controller_request'
 
-describe OauthClientsController, "index" do
+describe OauthClientsController do
+  if defined?(Devise)
+    include Devise::TestHelpers
+  end  
   include OAuthControllerSpecHelper
+  fixtures :client_applications, :oauth_tokens, :users
   before(:each) do
     login_as_application_owner
   end
   
-  def do_get
-    get :index
-  end
-  
-  it "should be successful" do
-    do_get
-    response.should be_success
-  end
+  describe "index" do
+    before do
+      @client_applications = @user.client_applications
+    end
+    
+    def do_get
+      get :index
+    end
   
-  it "should query current_users client applications" do
-    @user.should_receive(:client_applications).and_return(@client_applications)
-    do_get
-  end
+    it "should be successful" do
+      do_get
+      response.should be_success
+    end
   
-  it "should assign client_applications" do
-    do_get
-    assigns[:client_applications].should equal(@client_applications)
-  end
+    it "should assign client_applications" do
+      do_get
+      assigns[:client_applications].should==@client_applications
+    end
   
-  it "should render index template" do
-    do_get
-    response.should render_template('index')
+    it "should render index template" do
+      do_get
+      response.should render_template('index')
+    end
   end
-end
 
-describe OauthClientsController, "show" do
-  include OAuthControllerSpecHelper
-  before(:each) do
-    login_as_application_owner
-  end
-  
-  def do_get
-    get :show, :id => '3'
-  end
-  
-  it "should be successful" do
-    do_get
-    response.should be_success
-  end
-  
-  it "should query current_users client applications" do
-    @user.should_receive(:client_applications).and_return(@client_applications)
-    @client_applications.should_receive(:find).with('3').and_return(@client_application)
-    do_get
-  end
-  
-  it "should assign client_applications" do
-    do_get
-    assigns[:client_application].should equal(@client_application)
-  end
-  
-  it "should render show template" do
-    do_get
-    response.should render_template('show')
-  end
-  
-end
+  describe "show" do
 
-describe OauthClientsController, "new" do
-  include OAuthControllerSpecHelper
-  before(:each) do
-    login_as_application_owner
-    ClientApplication.stub!(:new).and_return(@client_application)
-  end
+    def do_get
+      get :show, :id => '1'
+    end
   
-  def do_get
-    get :new
-  end
+    it "should be successful" do
+      do_get
+      response.should be_success
+    end
   
-  it "should be successful" do
-    do_get
-    response.should be_success
-  end
+    it "should assign client_applications" do
+      do_get
+      assigns[:client_application].should==current_client_application
+    end
   
-  it "should assign client_applications" do
-    do_get
-    assigns[:client_application].should equal(@client_application)
-  end
+    it "should render show template" do
+      do_get
+      response.should render_template('show')
+    end
   
-  it "should render show template" do
-    do_get
-    response.should render_template('new')
   end
-  
-end
 
-describe OauthClientsController, "edit" do
-  include OAuthControllerSpecHelper
-  before(:each) do
-    login_as_application_owner
-  end
-  
-  def do_get
-    get :edit, :id => '3'
-  end
-  
-  it "should be successful" do
-    do_get
-    response.should be_success
-  end
+  describe "new" do
   
-  it "should query current_users client applications" do
-    @user.should_receive(:client_applications).and_return(@client_applications)
-    @client_applications.should_receive(:find).with('3').and_return(@client_application)
-    do_get
-  end
+    def do_get
+      get :new
+    end
   
-  it "should assign client_applications" do
-    do_get
-    assigns[:client_application].should equal(@client_application)
-  end
+    it "should be successful" do
+      do_get
+      response.should be_success
+    end
   
-  it "should render edit template" do
-    do_get
-    response.should render_template('edit')
-  end
-  
-end
-
-describe OauthClientsController, "create" do
-  include OAuthControllerSpecHelper
+    it "should assign client_applications" do
+      do_get
+      assigns[:client_application].class.should==ClientApplication
+    end
   
-  before(:each) do
-    login_as_application_owner
-    @client_applications.stub!(:build).and_return(@client_application)
-    @client_application.stub!(:save).and_return(true)
-  end
+    it "should render show template" do
+      do_get
+      response.should render_template('new')
+    end
   
-  def do_valid_post
-    @client_application.should_receive(:save).and_return(true)
-    post :create, 'client_application'=>{'name' => 'my site'}
   end
 
-  def do_invalid_post
-    @client_application.should_receive(:save).and_return(false)
-    post :create, :client_application=>{:name => 'my site'}
-  end
+  describe "edit" do
+    def do_get
+      get :edit, :id => '1'
+    end
   
-  it "should query current_users client applications" do
-    @client_applications.should_receive(:build).and_return(@client_application)
-    do_valid_post
-  end
+    it "should be successful" do
+      do_get
+      response.should be_success
+    end
   
-  it "should redirect to new client_application" do
-    do_valid_post
-    response.should be_redirect
-    response.should redirect_to(:action => "show", :id => @client_application.id)
-  end
+    it "should assign client_applications" do
+      do_get
+      assigns[:client_application].should==current_client_application
+    end
   
-  it "should assign client_applications" do
-    do_invalid_post
-    assigns[:client_application].should equal(@client_application)
-  end
+    it "should render edit template" do
+      do_get
+      response.should render_template('edit')
+    end
   
-  it "should render show template" do
-    do_invalid_post
-    response.should render_template('new')
   end
-end
 
-describe OauthClientsController, "destroy" do
-  include OAuthControllerSpecHelper
-  before(:each) do
-    login_as_application_owner
-    @client_application.stub!(:destroy)
-  end
-  
-  def do_delete
-    delete :destroy, :id => '3'
-  end
+  describe "create" do
     
-  it "should query current_users client applications" do
-    @user.should_receive(:client_applications).and_return(@client_applications)
-    @client_applications.should_receive(:find).with('3').and_return(@client_application)
-    do_delete
-  end
+    def do_valid_post
+      post :create, 'client_application'=>{'name' => 'my site', :url=>"http://test.com"}
+      @client_application = ClientApplication.last
+    end
 
-  it "should destroy client applications" do
-    @client_application.should_receive(:destroy)
-    do_delete
-  end
+    def do_invalid_post
+      post :create
+    end
     
-  it "should redirect to list" do
-    do_delete
-    response.should be_redirect
-    response.should redirect_to(:action => 'index')
-  end
-  
-end
-
-describe OauthClientsController, "update" do
-  include OAuthControllerSpecHelper
-  
-  before(:each) do
-    login_as_application_owner
-  end
+    it "should redirect to new client_application" do
+      do_valid_post
+      response.should be_redirect
+      response.should redirect_to(:action => "show", :id => @client_application.id)
+    end
   
-  def do_valid_update
-    @client_application.should_receive(:update_attributes).and_return(true)
-    put :update, :id => '1', 'client_application'=>{'name' => 'my site'}
+    it "should render show template" do
+      do_invalid_post
+      response.should render_template('new')
+    end
   end
 
-  def do_invalid_update
-    @client_application.should_receive(:update_attributes).and_return(false)
-    put :update, :id => '1', 'client_application'=>{'name' => 'my site'}
-  end
-  
-  it "should query current_users client applications" do
-    @user.should_receive(:client_applications).and_return(@client_applications)
-    @client_applications.should_receive(:find).with('1').and_return(@client_application)
-    do_valid_update
-  end
+  describe "destroy" do
   
-  it "should redirect to new client_application" do
-    do_valid_update
-    response.should be_redirect
-    response.should redirect_to(:action => "show", :id => @client_application.id)
-  end
+    def do_delete
+      delete :destroy, :id => '1'
+    end
+    
+    it "should destroy client applications" do
+      do_delete
+      ClientApplication.should_not be_exists(1)
+    end
+    
+    it "should redirect to list" do
+      do_delete
+      response.should be_redirect
+      response.should redirect_to(:action => 'index')
+    end
   
-  it "should assign client_applications" do
-    do_invalid_update
-    assigns[:client_application].should equal(@client_application)
   end
+
+  describe "update" do
   
-  it "should render show template" do
-    do_invalid_update
-    response.should render_template('edit')
+    def do_valid_update
+      put :update, :id => '1', 'client_application'=>{'name' => 'updated site'}
+    end
+
+    def do_invalid_update
+      put :update, :id => '1', 'client_application'=>{'name' => nil}
+    end
+  
+    it "should redirect to show client_application" do
+      do_valid_update
+      response.should be_redirect
+      response.should redirect_to(:action => "show", :id => 1)
+    end
+  
+    it "should assign client_applications" do
+      do_invalid_update
+      assigns[:client_application].should == ClientApplication.find(1)
+    end
+  
+    it "should render show template" do
+      do_invalid_update
+      response.should render_template('edit')
+    end
   end
 end

data/generators/oauth_provider/templates/controller.rb

@@ -2,10 +2,22 @@ require 'oauth/controllers/provider_controller'
 class OauthController < ApplicationController
   include OAuth::Controllers::ProviderController
   
+  protected
   # Override this to match your authorization page form
   # It currently expects a checkbox called authorize
   # def user_authorizes_token?
   #   params[:authorize] == '1'
   # end
   
+  # should authenticate and return a user if valid password.
+  # This example should work with most Authlogic or Devise. Uncomment it
+  # def authenticate_user(username,password)
+  #   user = User.find_by_email params[:username]
+  #   if user && user.valid_password?(params[:password])
+  #     user
+  #   else
+  #     nil
+  #   end
+  # end
+  
 end