oauth-provider 0.5.0rc1

data/lib/generators/mongoid/oauth_provider_templates/oauth2_token.rb

@@ -0,0 +1,20 @@
+class Oauth2Token < AccessToken
+  attr_accessor :state
+  def as_json(options={})
+    d = {:access_token=>token, :token_type => 'bearer'}
+    d[:expires_in] = expires_in if expires_at
+    d
+  end
+
+  def to_query
+    q = "access_token=#{token}&token_type=bearer"
+    q << "&state=#{URI.escape(state)}" if @state
+    q << "&expires_in=#{expires_in}" if expires_at
+    q << "&scope=#{URI.escape(scope)}" if scope
+    q
+  end
+
+  def expires_in
+    expires_at.to_i - Time.now.to_i
+  end
+end

data/lib/generators/mongoid/oauth_provider_templates/oauth2_verifier.rb

@@ -0,0 +1,35 @@
+class Oauth2Verifier < OauthToken
+  validates_presence_of :user
+  attr_accessor :state
+
+  def exchange!(params={})
+    OauthToken.transaction do
+      token = Oauth2Token.create! :user=>user,:client_application=>client_application, :scope => scope
+      invalidate!
+      token
+    end
+  end
+
+  def code
+    token
+  end
+
+  def redirect_url
+    callback_url
+  end
+
+  def to_query
+    q = "code=#{token}"
+    q << "&state=#{URI.escape(state)}" if @state
+    q
+  end
+
+  protected
+
+  def generate_keys
+    self.token = OAuth::Helper.generate_key(20)[0,20]
+    self.expires_at = 10.minutes.from_now
+    self.authorized_at = Time.now
+  end
+
+end

data/lib/generators/mongoid/oauth_provider_templates/oauth_nonce.rb

@@ -0,0 +1,24 @@
+# Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique.
+# Thus you can use the same nonce with a different timestamp and viceversa.
+class OauthNonce
+  include Mongoid::Document
+  include Mongoid::Timestamps
+
+  field :nonce,     :type => String
+  field :timestamp, :type => Integer
+
+  index [
+    [:nonce, Mongo::ASCENDING],
+    [:timestamp, Mongo::ASCENDING]
+  ], :unique => true
+
+  validates_presence_of :nonce, :timestamp
+  validates_uniqueness_of :nonce, :scope => :timestamp
+
+  # Remembers a nonce and it's associated timestamp. It returns false if it has already been used
+  def self.remember(nonce, timestamp)
+    oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp)
+    return false if oauth_nonce.new_record?
+    oauth_nonce
+  end
+end

data/lib/generators/mongoid/oauth_provider_templates/oauth_token.rb

@@ -0,0 +1,44 @@
+class OauthToken
+  include Mongoid::Document
+  include Mongoid::Timestamps
+
+  field :token, :type => String
+  field :secret, :type => String
+  field :callback_url, :type => String
+  field :verifier, :type => String
+  field :scope, :type => String
+  field :authorized_at, :type => Time
+  field :invalidated_at, :type => Time
+  field :expires_at, :type => Time
+
+  index :token, :unique => true
+
+  referenced_in :user
+  referenced_in :client_application
+
+  validates_uniqueness_of :token
+  validates_presence_of :client_application, :token
+  before_validation :generate_keys, :on => :create
+
+  def invalidated?
+    !invalidated_at.nil?
+  end
+
+  def invalidate!
+    update_attribute(:invalidated_at, Time.now)
+  end
+
+  def authorized?
+    !authorized_at.nil? && !invalidated?
+  end
+
+  def to_query
+    "oauth_token=#{token}&oauth_token_secret=#{secret}"
+  end
+
+  protected
+  def generate_keys
+    self.token = OAuth::Helper.generate_key(40)[0,40]
+    self.secret = OAuth::Helper.generate_key(40)[0,40]
+  end
+end

data/lib/generators/mongoid/oauth_provider_templates/request_token.rb

@@ -0,0 +1,36 @@
+class RequestToken < OauthToken
+  attr_accessor :provided_oauth_verifier
+
+  def authorize!(user)
+    return false if authorized?
+    self.user           = user
+    self.authorized_at  = Time.now
+    self.verifier       = OAuth::Helper.generate_key(20)[0,20] unless oauth10?
+    self.save
+  end
+
+  def exchange!
+    return false unless authorized?
+    return false unless oauth10? || verifier == provided_oauth_verifier
+
+    AccessToken.create(:user => user, :client_application => client_application).tap do
+      invalidate!
+    end
+  end
+
+  def to_query
+    if oauth10?
+      super
+    else
+      "#{super}&oauth_callback_confirmed=true"
+    end
+  end
+
+  def oob?
+    callback_url.nil? || callback_url.downcase == 'oob'
+  end
+
+  def oauth10?
+    (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
+  end
+end

data/lib/generators/oauth_inflections.rb

@@ -0,0 +1,6 @@
+require 'active_support'
+require 'active_support/inflector'
+
+ActiveSupport::Inflector.inflections do |inflect|
+  inflect.uncountable %w(oauth)
+end

data/lib/generators/oauth_provider/USAGE

@@ -0,0 +1,18 @@
+This creates an OAuth Provider controller as well as the requisite models.
+
+It requires an authentication framework such as acts_as_authenticated, restful_authentication or restful_open_id_authentication.
+
+If you generated the migration file (true by default), make sure you run
+
+  rake db:migrate
+
+include the following in your user.rb
+
+  has_many :client_applications
+  has_many :tokens, :class_name=>"OauthToken",:order=>"authorized_at desc",:include=>[:client_application]
+
+For legacy OAUTH 1.0 support add the following constant in your environment.rb
+
+  OAUTH_10_SUPPORT = true
+
+Note, you should only do this if you really positively require to support old OAuth1.0 clients. There is a serious security issue with this.

data/lib/generators/oauth_provider/oauth_provider_generator.rb

@@ -0,0 +1,37 @@
+require 'generators/oauth_inflections'
+
+class OauthProviderGenerator < Rails::Generators::NamedBase
+  source_root File.expand_path("../templates", __FILE__)
+
+  argument :name, :type => :string, :default => 'Oauth'
+
+  desc 'This creates an OAuth Provider controller as well as the requisite models.'
+
+  hook_for :orm
+
+  def check_class_collisions
+    # Check for class naming collisions.
+    class_collisions class_path, "#{class_name}Controller", # Oauth Controller
+                                 "#{class_name}Helper",
+                                 "#{class_name}ClientsController",
+                                 "#{class_name}ClientsHelper"
+  end
+
+  def copy_controller_files
+    template 'controller.rb',         File.join('app/controllers', class_path, "#{file_name}_controller.rb")
+    template 'clients_controller.rb', File.join('app/controllers', class_path, "#{file_name}_clients_controller.rb")
+  end
+
+  hook_for :test_framework, :template_engine
+
+  def add_routes
+    route "match '/oauth',               :to => 'oauth#index',         :as => :oauth"
+    route "match '/oauth/authorize',     :to => 'oauth#authorize',     :as => :authorize"
+    route "match '/oauth/request_token', :to => 'oauth#request_token', :as => :request_token"
+    route "match '/oauth/access_token',  :to => 'oauth#access_token',  :as => :access_token"
+    route "match '/oauth/token',         :to => 'oauth#token',         :as => :token"
+    route "match '/oauth/test_request',  :to => 'oauth#test_request',  :as => :test_request"
+
+    route "resources :#{file_name}_clients"
+  end
+end

data/lib/generators/oauth_provider/templates/clients_controller.rb

@@ -0,0 +1,52 @@
+class OauthClientsController < ApplicationController
+  before_filter :login_required
+  before_filter :get_client_application, :only => [:show, :edit, :update, :destroy]
+
+  def index
+    @client_applications = current_user.client_applications
+    @tokens = current_user.tokens.find :all, :conditions => 'oauth_tokens.invalidated_at is null and oauth_tokens.authorized_at is not null'
+  end
+
+  def new
+    @client_application = ClientApplication.new
+  end
+
+  def create
+    @client_application = current_user.client_applications.build(params[:client_application])
+    if @client_application.save
+      flash[:notice] = "Registered the information successfully"
+      redirect_to :action => "show", :id => @client_application.id
+    else
+      render :action => "new"
+    end
+  end
+
+  def show
+  end
+
+  def edit
+  end
+
+  def update
+    if @client_application.update_attributes(params[:client_application])
+      flash[:notice] = "Updated the client information successfully"
+      redirect_to :action => "show", :id => @client_application.id
+    else
+      render :action => "edit"
+    end
+  end
+
+  def destroy
+    @client_application.destroy
+    flash[:notice] = "Destroyed the client application registration"
+    redirect_to :action => "index"
+  end
+
+  private
+  def get_client_application
+    unless @client_application = current_user.client_applications.find(params[:id])
+      flash.now[:error] = "Wrong application id"
+      raise ActiveRecord::RecordNotFound
+    end
+  end
+end

data/lib/generators/oauth_provider/templates/controller.rb

@@ -0,0 +1,23 @@
+require 'oauth/controllers/provider_controller'
+class OauthController < ApplicationController
+  include OAuth::Controllers::ProviderController
+
+  protected
+  # Override this to match your authorization page form
+  # It currently expects a checkbox called authorize
+  # def user_authorizes_token?
+  #   params[:authorize] == '1'
+  # end
+
+  # should authenticate and return a user if valid password.
+  # This example should work with most Authlogic or Devise. Uncomment it
+  # def authenticate_user(username,password)
+  #   user = User.find_by_email params[:username]
+  #   if user && user.valid_password?(params[:password])
+  #     user
+  #   else
+  #     nil
+  #   end
+  # end
+
+end

data/lib/generators/rspec/oauth_provider_generator.rb

@@ -0,0 +1,35 @@
+require 'generators/rspec'
+
+module Rspec
+  module Generators
+    class OauthProviderGenerator < Rails::Generators::NamedBase
+      source_root File.expand_path('../templates', __FILE__)
+
+      argument :name, :type => :string, :default => 'Oauth'
+      class_option :fixture, :type => :boolean
+
+      def copy_controller_spec_files
+        template 'clients_controller_spec.rb',
+          File.join('spec/controllers', class_path, "#{file_name}_clients_controller_spec.rb")
+      end
+
+      def copy_models_spec_files
+        template 'client_application_spec.rb',  File.join('spec/models', 'client_application_spec.rb')
+        template 'oauth_token_spec.rb',         File.join('spec/models', 'oauth_token_spec.rb')
+        template 'oauth2_token_spec.rb',        File.join('spec/models', 'oauth2_token_spec.rb')
+        template 'oauth2_verifier_spec.rb',     File.join('spec/models', 'oauth2_verifier_spec.rb')
+        template 'oauth_nonce_spec.rb',         File.join('spec/models', 'oauth_nonce_spec.rb')
+      end
+
+      hook_for :fixture_replacement
+
+      def create_fixture_file
+        if options[:fixtures] && options[:fixture_replacement].nil?
+          template 'client_applications.yml', File.join('test/fixtures', 'client_applications.yml')
+          template 'oauth_tokens.yml',        File.join('test/fixtures', 'oauth_tokens.yml')
+          template 'oauth_nonces.yml',        File.join('test/fixtures', 'oauth_nonces.yml')
+        end
+      end
+    end
+  end
+end

data/lib/generators/rspec/templates/client_application_spec.rb

@@ -0,0 +1,29 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+describe ClientApplication do
+  fixtures :users, :client_applications, :oauth_tokens
+  before(:each) do
+    @application = ClientApplication.create :name => "Agree2", :url => "http://agree2.com", :user => users(:quentin)
+  end
+
+  it "should be valid" do
+    @application.should be_valid
+  end
+
+
+  it "should not have errors" do
+    @application.errors.full_messages.should == []
+  end
+
+  it "should have key and secret" do
+    @application.key.should_not be_nil
+    @application.secret.should_not be_nil
+  end
+
+  it "should have credentials" do
+    @application.credentials.should_not be_nil
+    @application.credentials.key.should == @application.key
+    @application.credentials.secret.should == @application.secret
+  end
+
+end
+

data/lib/generators/rspec/templates/client_applications.yml

@@ -0,0 +1,23 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+one:
+  id: 1
+  name: MyString
+  url: http://test.com
+  support_url: http://test.com/support
+  callback_url: http://test.com/callback
+  key: one_key
+  secret: MyString
+  user_id: 1
+  created_at: 2007-11-17 16:56:51
+  updated_at: 2007-11-17 16:56:51
+two:
+  id: 2
+  name: MyString
+  url: http://test.com
+  support_url: http://test.com/support
+  callback_url: http://test.com/callback
+  key: two_key
+  secret: MyString
+  user_id: 1
+  created_at: 2007-11-17 16:56:51
+  updated_at: 2007-11-17 16:56:51

data/lib/generators/rspec/templates/clients_controller_spec.rb

@@ -0,0 +1,176 @@
+require File.dirname(__FILE__) + '/../spec_helper'
+require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
+require 'oauth/client/action_controller_request'
+
+describe OauthClientsController do
+  if defined?(Devise)
+    include Devise::TestHelpers
+  end
+  include OAuthControllerSpecHelper
+  fixtures :client_applications, :oauth_tokens, :users
+  before(:each) do
+    login_as_application_owner
+  end
+
+  describe "index" do
+    before do
+      @client_applications = @user.client_applications
+    end
+
+    def do_get
+      get :index
+    end
+
+    it "should be successful" do
+      do_get
+      response.should be_success
+    end
+
+    it "should assign client_applications" do
+      do_get
+      assigns[:client_applications].should==@client_applications
+    end
+
+    it "should render index template" do
+      do_get
+      response.should render_template('index')
+    end
+  end
+
+  describe "show" do
+
+    def do_get
+      get :show, :id => '1'
+    end
+
+    it "should be successful" do
+      do_get
+      response.should be_success
+    end
+
+    it "should assign client_applications" do
+      do_get
+      assigns[:client_application].should==current_client_application
+    end
+
+    it "should render show template" do
+      do_get
+      response.should render_template('show')
+    end
+
+  end
+
+  describe "new" do
+
+    def do_get
+      get :new
+    end
+
+    it "should be successful" do
+      do_get
+      response.should be_success
+    end
+
+    it "should assign client_applications" do
+      do_get
+      assigns[:client_application].class.should==ClientApplication
+    end
+
+    it "should render show template" do
+      do_get
+      response.should render_template('new')
+    end
+
+  end
+
+  describe "edit" do
+    def do_get
+      get :edit, :id => '1'
+    end
+
+    it "should be successful" do
+      do_get
+      response.should be_success
+    end
+
+    it "should assign client_applications" do
+      do_get
+      assigns[:client_application].should==current_client_application
+    end
+
+    it "should render edit template" do
+      do_get
+      response.should render_template('edit')
+    end
+
+  end
+
+  describe "create" do
+
+    def do_valid_post
+      post :create, 'client_application'=>{'name' => 'my site', :url=>"http://test.com"}
+      @client_application = ClientApplication.last
+    end
+
+    def do_invalid_post
+      post :create
+    end
+
+    it "should redirect to new client_application" do
+      do_valid_post
+      response.should be_redirect
+      response.should redirect_to(:action => "show", :id => @client_application.id)
+    end
+
+    it "should render show template" do
+      do_invalid_post
+      response.should render_template('new')
+    end
+  end
+
+  describe "destroy" do
+
+    def do_delete
+      delete :destroy, :id => '1'
+    end
+
+    it "should destroy client applications" do
+      do_delete
+      ClientApplication.should_not be_exists(1)
+    end
+
+    it "should redirect to list" do
+      do_delete
+      response.should be_redirect
+      response.should redirect_to(:action => 'index')
+    end
+
+  end
+
+  describe "update" do
+
+    def do_valid_update
+      put :update, :id => '1', 'client_application'=>{'name' => 'updated site'}
+    end
+
+    def do_invalid_update
+      put :update, :id => '1', 'client_application'=>{'name' => nil}
+    end
+
+    it "should redirect to show client_application" do
+      do_valid_update
+      response.should be_redirect
+      response.should redirect_to(:action => "show", :id => 1)
+    end
+
+    it "should assign client_applications" do
+      do_invalid_update
+      assigns[:client_application].should == ClientApplication.find(1)
+    end
+
+    it "should render show template" do
+      do_invalid_update
+      response.should render_template('edit')
+    end
+  end
+end