oauth-provider 0.5.0rc1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +12 -0
- data/CHANGELOG +180 -0
- data/Gemfile +27 -0
- data/Guardfile +8 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +393 -0
- data/Rakefile +2 -0
- data/UPGRADE.rdoc +21 -0
- data/generators/oauth_consumer/USAGE +10 -0
- data/generators/oauth_consumer/oauth_consumer_generator.rb +50 -0
- data/generators/oauth_consumer/templates/consumer_token.rb +11 -0
- data/generators/oauth_consumer/templates/controller.rb +27 -0
- data/generators/oauth_consumer/templates/index.html.erb +29 -0
- data/generators/oauth_consumer/templates/index.html.haml +18 -0
- data/generators/oauth_consumer/templates/migration.rb +20 -0
- data/generators/oauth_consumer/templates/oauth_config.rb +73 -0
- data/generators/oauth_consumer/templates/show.html.erb +7 -0
- data/generators/oauth_consumer/templates/show.html.haml +8 -0
- data/generators/oauth_provider/USAGE +20 -0
- data/generators/oauth_provider/lib/insert_routes.rb +67 -0
- data/generators/oauth_provider/oauth_provider_generator.rb +127 -0
- data/generators/oauth_provider/templates/_form.html.erb +17 -0
- data/generators/oauth_provider/templates/_form.html.haml +21 -0
- data/generators/oauth_provider/templates/access_token.rb +16 -0
- data/generators/oauth_provider/templates/authorize.html.erb +14 -0
- data/generators/oauth_provider/templates/authorize.html.haml +16 -0
- data/generators/oauth_provider/templates/authorize_failure.html.erb +1 -0
- data/generators/oauth_provider/templates/authorize_failure.html.haml +1 -0
- data/generators/oauth_provider/templates/authorize_success.html.erb +1 -0
- data/generators/oauth_provider/templates/authorize_success.html.haml +1 -0
- data/generators/oauth_provider/templates/client_application.rb +57 -0
- data/generators/oauth_provider/templates/client_application_spec.rb +29 -0
- data/generators/oauth_provider/templates/client_application_test.rb +42 -0
- data/generators/oauth_provider/templates/client_applications.yml +23 -0
- data/generators/oauth_provider/templates/clients_controller.rb +52 -0
- data/generators/oauth_provider/templates/clients_controller_spec.rb +176 -0
- data/generators/oauth_provider/templates/clients_controller_test.rb +280 -0
- data/generators/oauth_provider/templates/controller.rb +23 -0
- data/generators/oauth_provider/templates/edit.html.erb +7 -0
- data/generators/oauth_provider/templates/edit.html.haml +4 -0
- data/generators/oauth_provider/templates/index.html.erb +43 -0
- data/generators/oauth_provider/templates/index.html.haml +39 -0
- data/generators/oauth_provider/templates/migration.rb +47 -0
- data/generators/oauth_provider/templates/new.html.erb +5 -0
- data/generators/oauth_provider/templates/new.html.haml +5 -0
- data/generators/oauth_provider/templates/oauth2_authorize.html.erb +16 -0
- data/generators/oauth_provider/templates/oauth2_authorize.html.haml +17 -0
- data/generators/oauth_provider/templates/oauth2_token.rb +20 -0
- data/generators/oauth_provider/templates/oauth2_token_spec.rb +52 -0
- data/generators/oauth_provider/templates/oauth2_verifier.rb +35 -0
- data/generators/oauth_provider/templates/oauth2_verifier_spec.rb +44 -0
- data/generators/oauth_provider/templates/oauth_nonce.rb +13 -0
- data/generators/oauth_provider/templates/oauth_nonce_spec.rb +24 -0
- data/generators/oauth_provider/templates/oauth_nonce_test.rb +26 -0
- data/generators/oauth_provider/templates/oauth_nonces.yml +13 -0
- data/generators/oauth_provider/templates/oauth_token.rb +30 -0
- data/generators/oauth_provider/templates/oauth_token_spec.rb +309 -0
- data/generators/oauth_provider/templates/oauth_token_test.rb +57 -0
- data/generators/oauth_provider/templates/oauth_tokens.yml +17 -0
- data/generators/oauth_provider/templates/request_token.rb +40 -0
- data/generators/oauth_provider/templates/show.html.erb +27 -0
- data/generators/oauth_provider/templates/show.html.haml +30 -0
- data/init.rb +1 -0
- data/install.rb +2 -0
- data/lib/generators/active_record/oauth_provider_generator.rb +39 -0
- data/lib/generators/active_record/oauth_provider_templates/access_token.rb +16 -0
- data/lib/generators/active_record/oauth_provider_templates/client_application.rb +57 -0
- data/lib/generators/active_record/oauth_provider_templates/migration.rb +47 -0
- data/lib/generators/active_record/oauth_provider_templates/oauth2_token.rb +20 -0
- data/lib/generators/active_record/oauth_provider_templates/oauth2_verifier.rb +35 -0
- data/lib/generators/active_record/oauth_provider_templates/oauth_nonce.rb +13 -0
- data/lib/generators/active_record/oauth_provider_templates/oauth_token.rb +30 -0
- data/lib/generators/active_record/oauth_provider_templates/request_token.rb +40 -0
- data/lib/generators/erb/oauth_provider_generator.rb +23 -0
- data/lib/generators/erb/oauth_provider_templates/_form.html.erb +17 -0
- data/lib/generators/erb/oauth_provider_templates/authorize.html.erb +14 -0
- data/lib/generators/erb/oauth_provider_templates/authorize_failure.html.erb +1 -0
- data/lib/generators/erb/oauth_provider_templates/authorize_success.html.erb +1 -0
- data/lib/generators/erb/oauth_provider_templates/edit.html.erb +7 -0
- data/lib/generators/erb/oauth_provider_templates/index.html.erb +43 -0
- data/lib/generators/erb/oauth_provider_templates/new.html.erb +5 -0
- data/lib/generators/erb/oauth_provider_templates/oauth2_authorize.html.erb +16 -0
- data/lib/generators/erb/oauth_provider_templates/show.html.erb +27 -0
- data/lib/generators/haml/oauth_provider_generator.rb +28 -0
- data/lib/generators/haml/oauth_provider_templates/_form.html.haml +21 -0
- data/lib/generators/haml/oauth_provider_templates/authorize.html.haml +16 -0
- data/lib/generators/haml/oauth_provider_templates/authorize_failure.html.haml +1 -0
- data/lib/generators/haml/oauth_provider_templates/authorize_success.html.haml +1 -0
- data/lib/generators/haml/oauth_provider_templates/edit.html.haml +4 -0
- data/lib/generators/haml/oauth_provider_templates/index.html.haml +39 -0
- data/lib/generators/haml/oauth_provider_templates/new.html.haml +5 -0
- data/lib/generators/haml/oauth_provider_templates/oauth2_authorize.html.haml +17 -0
- data/lib/generators/haml/oauth_provider_templates/show.html.haml +30 -0
- data/lib/generators/mongoid/oauth_provider_generator.rb +21 -0
- data/lib/generators/mongoid/oauth_provider_templates/access_token.rb +16 -0
- data/lib/generators/mongoid/oauth_provider_templates/client_application.rb +71 -0
- data/lib/generators/mongoid/oauth_provider_templates/oauth2_token.rb +20 -0
- data/lib/generators/mongoid/oauth_provider_templates/oauth2_verifier.rb +35 -0
- data/lib/generators/mongoid/oauth_provider_templates/oauth_nonce.rb +24 -0
- data/lib/generators/mongoid/oauth_provider_templates/oauth_token.rb +44 -0
- data/lib/generators/mongoid/oauth_provider_templates/request_token.rb +36 -0
- data/lib/generators/oauth_inflections.rb +6 -0
- data/lib/generators/oauth_provider/USAGE +18 -0
- data/lib/generators/oauth_provider/oauth_provider_generator.rb +37 -0
- data/lib/generators/oauth_provider/templates/clients_controller.rb +52 -0
- data/lib/generators/oauth_provider/templates/controller.rb +23 -0
- data/lib/generators/rspec/oauth_provider_generator.rb +35 -0
- data/lib/generators/rspec/templates/client_application_spec.rb +29 -0
- data/lib/generators/rspec/templates/client_applications.yml +23 -0
- data/lib/generators/rspec/templates/clients_controller_spec.rb +176 -0
- data/lib/generators/rspec/templates/oauth2_token_spec.rb +52 -0
- data/lib/generators/rspec/templates/oauth2_verifier_spec.rb +44 -0
- data/lib/generators/rspec/templates/oauth_nonce_spec.rb +24 -0
- data/lib/generators/rspec/templates/oauth_nonces.yml +13 -0
- data/lib/generators/rspec/templates/oauth_token_spec.rb +309 -0
- data/lib/generators/rspec/templates/oauth_tokens.yml +17 -0
- data/lib/generators/test_unit/oauth_provider_generator.rb +33 -0
- data/lib/generators/test_unit/templates/client_application_test.rb +42 -0
- data/lib/generators/test_unit/templates/client_applications.yml +23 -0
- data/lib/generators/test_unit/templates/clients_controller_test.rb +280 -0
- data/lib/generators/test_unit/templates/oauth_nonce_test.rb +26 -0
- data/lib/generators/test_unit/templates/oauth_nonces.yml +13 -0
- data/lib/generators/test_unit/templates/oauth_token_test.rb +57 -0
- data/lib/generators/test_unit/templates/oauth_tokens.yml +17 -0
- data/lib/oauth-provider.rb +24 -0
- data/lib/oauth-provider/version.rb +5 -0
- data/lib/oauth/controllers/application_controller_methods.rb +136 -0
- data/lib/oauth/controllers/provider_controller.rb +181 -0
- data/lib/oauth/provider/authorizer.rb +83 -0
- data/lib/oauth/rack/oauth_filter.rb +93 -0
- data/oauth-provider.gemspec +37 -0
- data/rails/init.rb +1 -0
- data/spec/dummy_provider_models.rb +53 -0
- data/spec/oauth/provider/authorizer_spec.rb +202 -0
- data/spec/rack/oauth_filter_spec.rb +244 -0
- data/spec/spec_helper.rb +3 -0
- data/tasks/oauth_tasks.rake +4 -0
- data/uninstall.rb +1 -0
- metadata +286 -0
@@ -0,0 +1,17 @@
|
|
1
|
+
# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
|
2
|
+
one:
|
3
|
+
id: 1
|
4
|
+
user_id: 1
|
5
|
+
client_application_id: 1
|
6
|
+
token: one
|
7
|
+
secret: MyString
|
8
|
+
created_at: 2007-11-19 07:31:46
|
9
|
+
updated_at: 2007-11-19 07:31:46
|
10
|
+
two:
|
11
|
+
id: 2
|
12
|
+
user_id: 1
|
13
|
+
client_application_id: 1
|
14
|
+
token: two
|
15
|
+
secret: MyString
|
16
|
+
created_at: 2007-11-19 07:31:46
|
17
|
+
updated_at: 2007-11-19 07:31:46
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'oauth'
|
2
|
+
require 'oauth/signature/hmac/sha1'
|
3
|
+
require 'oauth/request_proxy/rack_request'
|
4
|
+
require 'oauth/server'
|
5
|
+
require 'oauth/controllers/application_controller_methods'
|
6
|
+
if Rails.version =~ /^3\./
|
7
|
+
require 'oauth/request_proxy/rack_request'
|
8
|
+
else
|
9
|
+
require 'oauth/request_proxy/action_controller_request'
|
10
|
+
ActionController::Base.send :include, OAuth::Controllers::ApplicationControllerMethods
|
11
|
+
end
|
12
|
+
|
13
|
+
|
14
|
+
if Rails.version =~ /^3\./
|
15
|
+
module OAuth
|
16
|
+
module Provider
|
17
|
+
class OAuthRailtie < Rails::Railtie
|
18
|
+
initializer "oauth-plugin.configure_rails_initialization" do |app|
|
19
|
+
ActionController::Base.send :include, OAuth::Controllers::ApplicationControllerMethods
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,136 @@
|
|
1
|
+
module OAuth
|
2
|
+
module Controllers
|
3
|
+
|
4
|
+
module ApplicationControllerMethods
|
5
|
+
|
6
|
+
def self.included(controller)
|
7
|
+
controller.class_eval do
|
8
|
+
extend ClassMethods
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
module ClassMethods
|
13
|
+
def oauthenticate(options={})
|
14
|
+
filter_options = {}
|
15
|
+
filter_options[:only] = options.delete(:only) if options[:only]
|
16
|
+
filter_options[:except] = options.delete(:except) if options[:except]
|
17
|
+
before_filter Filter.new(options), filter_options
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
class Filter
|
22
|
+
def initialize(options={})
|
23
|
+
@options={
|
24
|
+
:interactive=>true,
|
25
|
+
:strategies => [:token,:two_legged]
|
26
|
+
}.merge(options)
|
27
|
+
@strategies = Array(@options[:strategies])
|
28
|
+
@strategies << :interactive if @options[:interactive]
|
29
|
+
end
|
30
|
+
|
31
|
+
def filter(controller)
|
32
|
+
Authenticator.new(controller,@strategies).allow?
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
class Authenticator
|
37
|
+
attr_accessor :controller, :strategies, :strategy
|
38
|
+
def initialize(controller,strategies)
|
39
|
+
@controller = controller
|
40
|
+
@strategies = strategies
|
41
|
+
end
|
42
|
+
|
43
|
+
def allow?
|
44
|
+
if @strategies.include?(:interactive) && interactive
|
45
|
+
true
|
46
|
+
elsif !(@strategies & env["oauth.strategies"].to_a).empty?
|
47
|
+
@controller.send :current_user=, token.user if token
|
48
|
+
true
|
49
|
+
else
|
50
|
+
if @strategies.include?(:interactive)
|
51
|
+
controller.send :access_denied
|
52
|
+
else
|
53
|
+
controller.send :invalid_oauth_response
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
def oauth20_token
|
59
|
+
env["oauth.version"]==2 && env["oauth.token"]
|
60
|
+
end
|
61
|
+
|
62
|
+
def oauth10_token
|
63
|
+
env["oauth.version"]==1 && env["oauth.token"]
|
64
|
+
end
|
65
|
+
|
66
|
+
def oauth10_request_token
|
67
|
+
oauth10_token && oauth10_token.is_a?(::RequestToken) ? oauth10_token : nil
|
68
|
+
end
|
69
|
+
|
70
|
+
def oauth10_access_token
|
71
|
+
oauth10_token && oauth10_token.is_a?(::AccessToken) ? oauth10_token : nil
|
72
|
+
end
|
73
|
+
|
74
|
+
def token
|
75
|
+
oauth20_token || oauth10_access_token || nil
|
76
|
+
end
|
77
|
+
|
78
|
+
def client_application
|
79
|
+
env["oauth.version"]==1 && env["oauth.client_application"] || oauth20_token.try(:client_application)
|
80
|
+
end
|
81
|
+
|
82
|
+
def two_legged
|
83
|
+
env["oauth.version"]==1 && client_application
|
84
|
+
end
|
85
|
+
|
86
|
+
def interactive
|
87
|
+
@controller.send :logged_in?
|
88
|
+
end
|
89
|
+
|
90
|
+
def env
|
91
|
+
request.env
|
92
|
+
end
|
93
|
+
|
94
|
+
def request
|
95
|
+
controller.send :request
|
96
|
+
end
|
97
|
+
|
98
|
+
end
|
99
|
+
|
100
|
+
protected
|
101
|
+
|
102
|
+
def current_token
|
103
|
+
request.env["oauth.token"]
|
104
|
+
end
|
105
|
+
|
106
|
+
def current_client_application
|
107
|
+
request.env["oauth.version"]==1 && request.env["oauth.client_application"] || current_token.try(:client_application)
|
108
|
+
end
|
109
|
+
|
110
|
+
def oauth?
|
111
|
+
current_token
|
112
|
+
end
|
113
|
+
|
114
|
+
# use in a before_filter. Note this is for compatibility purposes. Better to use oauthenticate now
|
115
|
+
def oauth_required
|
116
|
+
Authenticator.new(self,[:oauth10_access_token]).allow?
|
117
|
+
end
|
118
|
+
|
119
|
+
# use in before_filter. Note this is for compatibility purposes. Better to use oauthenticate now
|
120
|
+
def login_or_oauth_required
|
121
|
+
Authenticator.new(self,[:oauth10_access_token,:interactive]).allow?
|
122
|
+
end
|
123
|
+
|
124
|
+
def invalid_oauth_response(code=401,message="Invalid OAuth Request")
|
125
|
+
render :text => message, :status => code
|
126
|
+
false
|
127
|
+
end
|
128
|
+
|
129
|
+
# override this in your controller
|
130
|
+
def access_denied
|
131
|
+
head 401
|
132
|
+
end
|
133
|
+
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
@@ -0,0 +1,181 @@
|
|
1
|
+
require 'oauth/provider/authorizer'
|
2
|
+
module OAuth
|
3
|
+
module Controllers
|
4
|
+
|
5
|
+
module ProviderController
|
6
|
+
def self.included(controller)
|
7
|
+
controller.class_eval do
|
8
|
+
before_filter :login_required, :only => [:authorize,:revoke]
|
9
|
+
oauthenticate :only => [:test_request]
|
10
|
+
oauthenticate :strategies => :token, :interactive => false, :only => [:invalidate,:capabilities]
|
11
|
+
oauthenticate :strategies => :two_legged, :interactive => false, :only => [:request_token]
|
12
|
+
oauthenticate :strategies => :oauth10_request_token, :interactive => false, :only => [:access_token]
|
13
|
+
skip_before_filter :verify_authenticity_token, :only=>[:request_token, :access_token, :invalidate, :test_request, :token]
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
def request_token
|
18
|
+
@token = current_client_application.create_request_token params
|
19
|
+
if @token
|
20
|
+
render :text => @token.to_query
|
21
|
+
else
|
22
|
+
render :nothing => true, :status => 401
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def access_token
|
27
|
+
@token = current_token && current_token.exchange!
|
28
|
+
if @token
|
29
|
+
render :text => @token.to_query
|
30
|
+
else
|
31
|
+
render :nothing => true, :status => 401
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def token
|
36
|
+
@client_application = ClientApplication.find_by_key! params[:client_id]
|
37
|
+
if @client_application.secret != params[:client_secret]
|
38
|
+
oauth2_error "invalid_client"
|
39
|
+
return
|
40
|
+
end
|
41
|
+
# older drafts used none for client_credentials
|
42
|
+
params[:grant_type] = 'client_credentials' if params[:grant_type] == 'none'
|
43
|
+
logger.info "grant_type=#{params[:grant_type]}"
|
44
|
+
if ["authorization_code", "password", "client_credentials"].include?(params[:grant_type])
|
45
|
+
send "oauth2_token_#{params[:grant_type].underscore}"
|
46
|
+
else
|
47
|
+
oauth2_error "unsupported_grant_type"
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def test_request
|
52
|
+
render :text => params.collect{|k,v|"#{k}=#{v}"}.join("&")
|
53
|
+
end
|
54
|
+
|
55
|
+
def authorize
|
56
|
+
if params[:oauth_token]
|
57
|
+
@token = ::RequestToken.find_by_token! params[:oauth_token]
|
58
|
+
oauth1_authorize
|
59
|
+
else
|
60
|
+
if request.post?
|
61
|
+
@authorizer = OAuth::Provider::Authorizer.new current_user, user_authorizes_token?, params
|
62
|
+
redirect_to @authorizer.redirect_uri
|
63
|
+
else
|
64
|
+
@client_application = ClientApplication.find_by_key! params[:client_id]
|
65
|
+
render :action => "oauth2_authorize"
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
def revoke
|
71
|
+
@token = current_user.tokens.find_by_token! params[:token]
|
72
|
+
if @token
|
73
|
+
@token.invalidate!
|
74
|
+
flash[:notice] = "You've revoked the token for #{@token.client_application.name}"
|
75
|
+
end
|
76
|
+
redirect_to oauth_clients_url
|
77
|
+
end
|
78
|
+
|
79
|
+
# Invalidate current token
|
80
|
+
def invalidate
|
81
|
+
current_token.invalidate!
|
82
|
+
head :status=>410
|
83
|
+
end
|
84
|
+
|
85
|
+
# Capabilities of current_token
|
86
|
+
def capabilities
|
87
|
+
if current_token.respond_to?(:capabilities)
|
88
|
+
@capabilities=current_token.capabilities
|
89
|
+
else
|
90
|
+
@capabilities={:invalidate=>url_for(:action=>:invalidate)}
|
91
|
+
end
|
92
|
+
|
93
|
+
respond_to do |format|
|
94
|
+
format.json {render :json=>@capabilities}
|
95
|
+
format.xml {render :xml=>@capabilities}
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
protected
|
100
|
+
|
101
|
+
def oauth1_authorize
|
102
|
+
unless @token
|
103
|
+
render :action=>"authorize_failure"
|
104
|
+
return
|
105
|
+
end
|
106
|
+
|
107
|
+
unless @token.invalidated?
|
108
|
+
if request.post?
|
109
|
+
if user_authorizes_token?
|
110
|
+
@token.authorize!(current_user)
|
111
|
+
callback_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url
|
112
|
+
@redirect_url = URI.parse(callback_url) unless callback_url.blank?
|
113
|
+
|
114
|
+
unless @redirect_url.to_s.blank?
|
115
|
+
@redirect_url.query = @redirect_url.query.blank? ?
|
116
|
+
"oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" :
|
117
|
+
@redirect_url.query + "&oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}"
|
118
|
+
redirect_to @redirect_url.to_s
|
119
|
+
else
|
120
|
+
render :action => "authorize_success"
|
121
|
+
end
|
122
|
+
else
|
123
|
+
@token.invalidate!
|
124
|
+
render :action => "authorize_failure"
|
125
|
+
end
|
126
|
+
end
|
127
|
+
else
|
128
|
+
render :action => "authorize_failure"
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
|
133
|
+
# http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1.1
|
134
|
+
def oauth2_token_authorization_code
|
135
|
+
@verification_code = @client_application.oauth2_verifiers.find_by_token params[:code]
|
136
|
+
unless @verification_code
|
137
|
+
oauth2_error
|
138
|
+
return
|
139
|
+
end
|
140
|
+
if @verification_code.redirect_url != params[:redirect_uri]
|
141
|
+
oauth2_error
|
142
|
+
return
|
143
|
+
end
|
144
|
+
@token = @verification_code.exchange!
|
145
|
+
render :json=>@token
|
146
|
+
end
|
147
|
+
|
148
|
+
# http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1.2
|
149
|
+
def oauth2_token_password
|
150
|
+
@user = authenticate_user( params[:username], params[:password])
|
151
|
+
unless @user
|
152
|
+
oauth2_error
|
153
|
+
return
|
154
|
+
end
|
155
|
+
@token = Oauth2Token.create :client_application=>@client_application, :user=>@user, :scope=>params[:scope]
|
156
|
+
render :json=>@token
|
157
|
+
end
|
158
|
+
|
159
|
+
# should authenticate and return a user if valid password. Override in your own controller
|
160
|
+
def authenticate_user(username,password)
|
161
|
+
User.authenticate(username,password)
|
162
|
+
end
|
163
|
+
|
164
|
+
# autonomous authorization which creates a token for client_applications user
|
165
|
+
def oauth2_token_client_credentials
|
166
|
+
@token = Oauth2Token.create :client_application=>@client_application, :user=>@client_application.user, :scope=>params[:scope]
|
167
|
+
render :json=>@token
|
168
|
+
end
|
169
|
+
|
170
|
+
# Override this to match your authorization page form
|
171
|
+
def user_authorizes_token?
|
172
|
+
params[:authorize] == '1'
|
173
|
+
end
|
174
|
+
|
175
|
+
def oauth2_error(error="invalid_grant")
|
176
|
+
render :json=>{:error=>error}.to_json, :status => 400
|
177
|
+
end
|
178
|
+
|
179
|
+
end
|
180
|
+
end
|
181
|
+
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
require 'uri'
|
2
|
+
|
3
|
+
module OAuth
|
4
|
+
module Provider
|
5
|
+
class Authorizer
|
6
|
+
attr_accessor :user, :params, :app
|
7
|
+
|
8
|
+
def initialize(user, authorized, params = {})
|
9
|
+
@user = user
|
10
|
+
@params = params
|
11
|
+
@authorized = authorized
|
12
|
+
end
|
13
|
+
|
14
|
+
def app
|
15
|
+
@app ||= ::ClientApplication.find_by_key!(params[:client_id])
|
16
|
+
end
|
17
|
+
|
18
|
+
def code
|
19
|
+
@code ||= ::Oauth2Verifier.create! :client_application => app,
|
20
|
+
:user => @user,
|
21
|
+
:scope => @params[:scope],
|
22
|
+
:callback_url => @params[:redirect_uri]
|
23
|
+
end
|
24
|
+
|
25
|
+
def token
|
26
|
+
@token ||= ::Oauth2Token.create! :client_application => app,
|
27
|
+
:user => @user,
|
28
|
+
:scope => @params[:scope],
|
29
|
+
:callback_url => @params[:redirect_uri]
|
30
|
+
end
|
31
|
+
|
32
|
+
def authorized?
|
33
|
+
@authorized == true
|
34
|
+
end
|
35
|
+
|
36
|
+
def redirect_uri
|
37
|
+
uri = base_uri
|
38
|
+
if params[:response_type] == 'code'
|
39
|
+
if uri.query
|
40
|
+
uri.query << '&'
|
41
|
+
else
|
42
|
+
uri.query = ''
|
43
|
+
end
|
44
|
+
uri.query << encode_response
|
45
|
+
else
|
46
|
+
uri.fragment = encode_response
|
47
|
+
end
|
48
|
+
uri.to_s
|
49
|
+
end
|
50
|
+
|
51
|
+
def response
|
52
|
+
r = {}
|
53
|
+
if ['token','code'].include? params[:response_type]
|
54
|
+
if authorized?
|
55
|
+
if params[:response_type] == 'code'
|
56
|
+
r[:code] = code.token
|
57
|
+
else
|
58
|
+
r[:access_token] = token.token
|
59
|
+
end
|
60
|
+
else
|
61
|
+
r[:error] = 'access_denied'
|
62
|
+
end
|
63
|
+
else
|
64
|
+
r[:error] = 'unsupported_response_type'
|
65
|
+
end
|
66
|
+
r[:state] = params[:state] if params[:state]
|
67
|
+
r
|
68
|
+
end
|
69
|
+
|
70
|
+
def encode_response
|
71
|
+
response.map do |k, v|
|
72
|
+
[URI.escape(k.to_s),URI.escape(v)] * "="
|
73
|
+
end * "&"
|
74
|
+
end
|
75
|
+
|
76
|
+
protected
|
77
|
+
|
78
|
+
def base_uri
|
79
|
+
URI.parse(params[:redirect_uri] || app.callback_url)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|