oauth2-auth-server 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+vendor

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 1.9.2

data/Gemfile

@@ -0,0 +1,10 @@
+source "http://rubygems.org"
+
+gem 'rails', '~> 3.0.10'
+
+group :test, :development do
+  gem 'rspec', '~> 2.8.0'
+end
+
+# Specify your gem's dependencies in oauth2-auth-server.gemspec
+gemspec

data/README.md

@@ -0,0 +1,3 @@
+# Oauth2::Auth::Server
+
+[![Build Status](https://secure.travis-ci.org/renatosnrg/oauth2-auth-server.png?branch=master)](http://travis-ci.org/renatosnrg/oauth2-auth-server)

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/oauth2-auth-server.rb

@@ -0,0 +1,41 @@
+require 'rack/oauth2'
+
+require 'oauth2-auth-server/version'
+require 'oauth2-auth-server/schema'
+require 'oauth2-auth-server/routes'
+
+module Oauth2
+  module Auth
+    module Server
+      autoload :SecureToken, 'oauth2-auth-server/secure_token'
+      autoload :Authentication, 'oauth2-auth-server/authentication'
+
+      module Endpoints
+        autoload :Authorize, 'oauth2-auth-server/endpoints/authorize'
+        autoload :Token, 'oauth2-auth-server/endpoints/token'
+      end
+
+      module Models
+        autoload :AccessToken, 'oauth2-auth-server/models/access_token'
+        autoload :Client, 'oauth2-auth-server/models/client'
+      end
+
+      mattr_accessor :default_lifetime
+      @@default_lifetime = nil
+
+      def self.setup
+        yield self
+      end
+
+      def self.use_middleware(type)
+        token_type = case type
+          when :bearer then Rack::OAuth2::Server::Resource::Bearer
+          else raise("Token type '#{type}' is not supported")
+        end
+        Rails.application.config.middleware.use token_type, 'Rack::OAuth2 Protected Resources' do |req|
+          AccessToken.valid.find_by_token(req.access_token) || req.invalid_token!
+        end
+      end
+    end
+  end
+end

data/lib/oauth2-auth-server/authentication.rb

@@ -0,0 +1,58 @@
+module Oauth2
+  module Auth
+    module Server
+      module Authentication
+
+        def self.included(base)
+          base.send(:include, Authentication::HelperMethods)
+          base.send(:include, Authentication::ControllerMethods)
+        end
+
+        def self.extended(base)
+          base.send(:extend, Authentication::ClassMethods)
+        end
+
+        module HelperMethods
+          def current_token
+            @current_token
+          end
+
+          def current_client
+            @current_client
+          end
+        end
+
+        module ControllerMethods
+          def require_oauth_token(options = {})
+            @current_token = request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN]
+            raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized unless @current_token
+            raise Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope) unless @current_token.has_scope?(options[:scope])
+          end
+
+          def require_oauth_client_token(options = {})
+            require_oauth_token(options)
+            raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:invalid_token, 'Client token is required') if @current_token.user
+            @current_client = @current_token.client
+          end
+        end
+
+        module ClassMethods
+          def oauth_required(options = {})
+            scope = options.delete(:scope)
+            before_filter options do |controller|
+              controller.require_oauth_token(:scope => scope)
+            end
+          end
+
+          def oauth_client_required(options = {})
+            scope = options.delete(:scope)
+            before_filter options do |controller|
+              controller.require_oauth_client_token(:scope => scope)
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/oauth2-auth-server/endpoints/authorize.rb

@@ -0,0 +1,10 @@
+module Oauth2
+  module Auth
+    module Server
+      module Endpoints
+        class Authorize
+        end
+      end
+    end
+  end
+end

data/lib/oauth2-auth-server/endpoints/token.rb

@@ -0,0 +1,38 @@
+module Oauth2
+  module Auth
+    module Server
+      module Endpoints
+        class Token
+
+          def call(env)
+            authenticator.call(env)
+          end
+
+          private
+
+          def authenticator
+            Rack::OAuth2::Server::Token.new do |req, res|
+              client = Client.find_by_identifier(req.client_id) || req.invalid_client!
+              client.secret == req.client_secret || req.invalid_client!
+              case req.grant_type
+                when :authorization_code
+                  req.unsupported_grant_type!
+                when :password
+                  req.unsupported_grant_type!
+                when :client_credentials
+                  # scope is a list of space delimited scopes. Rack::OAuth2 converts to an array.
+                  res.access_token = client.access_tokens.create(:scope => req.scope).to_bearer_token
+                when :refresh_token
+                  req.unsupported_grant_type!
+                else
+                  # NOTE: extended assertion grant_types are not supported yet.
+                  req.unsupported_grant_type!
+              end
+            end
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/oauth2-auth-server/models/access_token.rb

@@ -0,0 +1,62 @@
+module Oauth2
+  module Auth
+    module Server
+      module Models
+        class AccessToken < ActiveRecord::Base
+          cattr_accessor :default_lifetime
+          self.default_lifetime = Oauth2::Auth::Server.default_lifetime
+
+          belongs_to :client
+
+          before_validation :setup, :on => :create
+          before_validation :scope_to_string
+          validates :client, :presence => true
+          validates :token, :presence => true, :uniqueness => true
+
+          scope :valid, lambda {
+            where("expires_at is null or expires_at >= :date", :date => Time.now.utc)
+          }
+
+          def expires_in
+            (expires_at - Time.now.utc).to_i if expires_at
+          end
+
+          def expired!
+            self.expires_at = Time.now.utc
+            self.save!
+          end
+
+          def has_scope?(scope)
+            scope = Array(scope)
+            scope.collect! {|a| a.to_s }
+            current_scope = scope_to_array
+            (scope - current_scope).empty?
+          end
+
+          def to_bearer_token
+            Rack::OAuth2::AccessToken::Bearer.new(
+              :access_token => self.token,
+              :expires_in => self.expires_in,
+              :scope => self.scope
+            )
+          end
+
+          private
+
+          def setup
+            self.token = SecureToken.generate
+            self.expires_at ||= self.default_lifetime.from_now if self.default_lifetime
+          end
+
+          def scope_to_string
+            self.scope = self.scope.join(' ') if self.scope.is_a?(Array)
+          end
+
+          def scope_to_array
+            (self.scope.split(' ') if self.scope.is_a?(String)) or []
+          end
+        end
+      end
+    end
+  end
+end

data/lib/oauth2-auth-server/models/client.rb

@@ -0,0 +1,22 @@
+module Oauth2
+  module Auth
+    module Server
+      module Models
+        class Client < ActiveRecord::Base
+          has_many :access_tokens
+
+          before_validation :setup, :on => :create
+          validates :name, :redirect_uri, :secret, :presence => true
+          validates :identifier, :presence => true, :uniqueness => true
+
+          private
+
+          def setup
+            self.identifier = SecureToken.generate(16)
+            self.secret = SecureToken.generate
+          end
+        end
+      end
+    end
+  end
+end

data/lib/oauth2-auth-server/routes.rb

@@ -0,0 +1,15 @@
+# require 'action_dispatch/routing/mapper'
+
+module Oauth2
+  module Auth
+    module Server
+      module ActionDispatch::Routing
+        class Mapper
+          def oauth2_token_endpoint(path = 'oauth2/token')
+            post path, :to => proc { |env| Endpoints::Token.new.call(env) }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/oauth2-auth-server/schema.rb

@@ -0,0 +1,26 @@
+require 'active_record/connection_adapters/abstract/schema_definitions'
+
+module Oauth2
+  module Auth
+    module Server
+      module Schema
+
+        def oauth2_client
+          string :identifier, :secret, :name, :redirect_uri, :null => false
+        end
+
+        def oauth2_access_token
+          belongs_to :client
+
+          string :token, :null => false
+          string :scope
+          datetime :expires_at
+        end
+
+      end
+    end
+  end
+end
+
+ActiveRecord::ConnectionAdapters::Table.send :include, Oauth2::Auth::Server::Schema
+ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Oauth2::Auth::Server::Schema

data/lib/oauth2-auth-server/secure_token.rb

@@ -0,0 +1,11 @@
+module Oauth2
+  module Auth
+    module Server
+      module SecureToken
+        def self.generate(bytes = 64)
+          ActiveSupport::SecureRandom.base64(bytes)
+        end
+      end
+    end
+  end
+end

data/lib/oauth2-auth-server/version.rb

@@ -0,0 +1,7 @@
+module Oauth2
+  module Auth
+    module Server
+      VERSION = "0.0.1"
+    end
+  end
+end

data/oauth2-auth-server.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "oauth2-auth-server/version"
+
+Gem::Specification.new do |s|
+  s.name        = "oauth2-auth-server"
+  s.version     = Oauth2::Auth::Server::VERSION
+  s.authors     = ["Renato Neves"]
+  s.email       = ["renatosn_rg@yahoo.com.br"]
+  s.homepage    = ""
+  s.summary     = %q{An implementation of OAuth2 Authorization Server}
+  s.description = %q{An implementation of OAuth2 Authorization Server}
+
+  s.rubyforge_project = "oauth2-auth-server"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency("rack-oauth2", "~> 0.14.0")
+end

data/spec/oauth2-auth-server_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe Oauth2::Auth::Server do
+
+  it 'has a non-null VERSION constant' do
+    Oauth2::Auth::Server::VERSION.should_not be_nil
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+RSpec.configure do |config|
+end

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: oauth2-auth-server
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Renato Neves
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-02-16 00:00:00.000000000 -02:00
+default_executable: 
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack-oauth2
+  requirement: &2156427280 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+  type: :runtime
+  prerelease: false
+  version_requirements: *2156427280
+description: An implementation of OAuth2 Authorization Server
+email:
+- renatosn_rg@yahoo.com.br
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- Gemfile
+- README.md
+- Rakefile
+- lib/oauth2-auth-server.rb
+- lib/oauth2-auth-server/authentication.rb
+- lib/oauth2-auth-server/endpoints/authorize.rb
+- lib/oauth2-auth-server/endpoints/token.rb
+- lib/oauth2-auth-server/models/access_token.rb
+- lib/oauth2-auth-server/models/client.rb
+- lib/oauth2-auth-server/routes.rb
+- lib/oauth2-auth-server/schema.rb
+- lib/oauth2-auth-server/secure_token.rb
+- lib/oauth2-auth-server/version.rb
+- oauth2-auth-server.gemspec
+- spec/oauth2-auth-server_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: oauth2-auth-server
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: An implementation of OAuth2 Authorization Server
+test_files:
+- spec/oauth2-auth-server_spec.rb
+- spec/spec_helper.rb