oauth2-auth-server 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +5 -0
- data/.rspec +2 -0
- data/.travis.yml +3 -0
- data/Gemfile +10 -0
- data/README.md +3 -0
- data/Rakefile +6 -0
- data/lib/oauth2-auth-server.rb +41 -0
- data/lib/oauth2-auth-server/authentication.rb +58 -0
- data/lib/oauth2-auth-server/endpoints/authorize.rb +10 -0
- data/lib/oauth2-auth-server/endpoints/token.rb +38 -0
- data/lib/oauth2-auth-server/models/access_token.rb +62 -0
- data/lib/oauth2-auth-server/models/client.rb +22 -0
- data/lib/oauth2-auth-server/routes.rb +15 -0
- data/lib/oauth2-auth-server/schema.rb +26 -0
- data/lib/oauth2-auth-server/secure_token.rb +11 -0
- data/lib/oauth2-auth-server/version.rb +7 -0
- data/oauth2-auth-server.gemspec +22 -0
- data/spec/oauth2-auth-server_spec.rb +9 -0
- data/spec/spec_helper.rb +2 -0
- metadata +79 -0
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
data/Rakefile
ADDED
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'rack/oauth2'
|
2
|
+
|
3
|
+
require 'oauth2-auth-server/version'
|
4
|
+
require 'oauth2-auth-server/schema'
|
5
|
+
require 'oauth2-auth-server/routes'
|
6
|
+
|
7
|
+
module Oauth2
|
8
|
+
module Auth
|
9
|
+
module Server
|
10
|
+
autoload :SecureToken, 'oauth2-auth-server/secure_token'
|
11
|
+
autoload :Authentication, 'oauth2-auth-server/authentication'
|
12
|
+
|
13
|
+
module Endpoints
|
14
|
+
autoload :Authorize, 'oauth2-auth-server/endpoints/authorize'
|
15
|
+
autoload :Token, 'oauth2-auth-server/endpoints/token'
|
16
|
+
end
|
17
|
+
|
18
|
+
module Models
|
19
|
+
autoload :AccessToken, 'oauth2-auth-server/models/access_token'
|
20
|
+
autoload :Client, 'oauth2-auth-server/models/client'
|
21
|
+
end
|
22
|
+
|
23
|
+
mattr_accessor :default_lifetime
|
24
|
+
@@default_lifetime = nil
|
25
|
+
|
26
|
+
def self.setup
|
27
|
+
yield self
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.use_middleware(type)
|
31
|
+
token_type = case type
|
32
|
+
when :bearer then Rack::OAuth2::Server::Resource::Bearer
|
33
|
+
else raise("Token type '#{type}' is not supported")
|
34
|
+
end
|
35
|
+
Rails.application.config.middleware.use token_type, 'Rack::OAuth2 Protected Resources' do |req|
|
36
|
+
AccessToken.valid.find_by_token(req.access_token) || req.invalid_token!
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
module Oauth2
|
2
|
+
module Auth
|
3
|
+
module Server
|
4
|
+
module Authentication
|
5
|
+
|
6
|
+
def self.included(base)
|
7
|
+
base.send(:include, Authentication::HelperMethods)
|
8
|
+
base.send(:include, Authentication::ControllerMethods)
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.extended(base)
|
12
|
+
base.send(:extend, Authentication::ClassMethods)
|
13
|
+
end
|
14
|
+
|
15
|
+
module HelperMethods
|
16
|
+
def current_token
|
17
|
+
@current_token
|
18
|
+
end
|
19
|
+
|
20
|
+
def current_client
|
21
|
+
@current_client
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
module ControllerMethods
|
26
|
+
def require_oauth_token(options = {})
|
27
|
+
@current_token = request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN]
|
28
|
+
raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized unless @current_token
|
29
|
+
raise Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope) unless @current_token.has_scope?(options[:scope])
|
30
|
+
end
|
31
|
+
|
32
|
+
def require_oauth_client_token(options = {})
|
33
|
+
require_oauth_token(options)
|
34
|
+
raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:invalid_token, 'Client token is required') if @current_token.user
|
35
|
+
@current_client = @current_token.client
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
module ClassMethods
|
40
|
+
def oauth_required(options = {})
|
41
|
+
scope = options.delete(:scope)
|
42
|
+
before_filter options do |controller|
|
43
|
+
controller.require_oauth_token(:scope => scope)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
def oauth_client_required(options = {})
|
48
|
+
scope = options.delete(:scope)
|
49
|
+
before_filter options do |controller|
|
50
|
+
controller.require_oauth_client_token(:scope => scope)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module Oauth2
|
2
|
+
module Auth
|
3
|
+
module Server
|
4
|
+
module Endpoints
|
5
|
+
class Token
|
6
|
+
|
7
|
+
def call(env)
|
8
|
+
authenticator.call(env)
|
9
|
+
end
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
def authenticator
|
14
|
+
Rack::OAuth2::Server::Token.new do |req, res|
|
15
|
+
client = Client.find_by_identifier(req.client_id) || req.invalid_client!
|
16
|
+
client.secret == req.client_secret || req.invalid_client!
|
17
|
+
case req.grant_type
|
18
|
+
when :authorization_code
|
19
|
+
req.unsupported_grant_type!
|
20
|
+
when :password
|
21
|
+
req.unsupported_grant_type!
|
22
|
+
when :client_credentials
|
23
|
+
# scope is a list of space delimited scopes. Rack::OAuth2 converts to an array.
|
24
|
+
res.access_token = client.access_tokens.create(:scope => req.scope).to_bearer_token
|
25
|
+
when :refresh_token
|
26
|
+
req.unsupported_grant_type!
|
27
|
+
else
|
28
|
+
# NOTE: extended assertion grant_types are not supported yet.
|
29
|
+
req.unsupported_grant_type!
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
module Oauth2
|
2
|
+
module Auth
|
3
|
+
module Server
|
4
|
+
module Models
|
5
|
+
class AccessToken < ActiveRecord::Base
|
6
|
+
cattr_accessor :default_lifetime
|
7
|
+
self.default_lifetime = Oauth2::Auth::Server.default_lifetime
|
8
|
+
|
9
|
+
belongs_to :client
|
10
|
+
|
11
|
+
before_validation :setup, :on => :create
|
12
|
+
before_validation :scope_to_string
|
13
|
+
validates :client, :presence => true
|
14
|
+
validates :token, :presence => true, :uniqueness => true
|
15
|
+
|
16
|
+
scope :valid, lambda {
|
17
|
+
where("expires_at is null or expires_at >= :date", :date => Time.now.utc)
|
18
|
+
}
|
19
|
+
|
20
|
+
def expires_in
|
21
|
+
(expires_at - Time.now.utc).to_i if expires_at
|
22
|
+
end
|
23
|
+
|
24
|
+
def expired!
|
25
|
+
self.expires_at = Time.now.utc
|
26
|
+
self.save!
|
27
|
+
end
|
28
|
+
|
29
|
+
def has_scope?(scope)
|
30
|
+
scope = Array(scope)
|
31
|
+
scope.collect! {|a| a.to_s }
|
32
|
+
current_scope = scope_to_array
|
33
|
+
(scope - current_scope).empty?
|
34
|
+
end
|
35
|
+
|
36
|
+
def to_bearer_token
|
37
|
+
Rack::OAuth2::AccessToken::Bearer.new(
|
38
|
+
:access_token => self.token,
|
39
|
+
:expires_in => self.expires_in,
|
40
|
+
:scope => self.scope
|
41
|
+
)
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
def setup
|
47
|
+
self.token = SecureToken.generate
|
48
|
+
self.expires_at ||= self.default_lifetime.from_now if self.default_lifetime
|
49
|
+
end
|
50
|
+
|
51
|
+
def scope_to_string
|
52
|
+
self.scope = self.scope.join(' ') if self.scope.is_a?(Array)
|
53
|
+
end
|
54
|
+
|
55
|
+
def scope_to_array
|
56
|
+
(self.scope.split(' ') if self.scope.is_a?(String)) or []
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
module Oauth2
|
2
|
+
module Auth
|
3
|
+
module Server
|
4
|
+
module Models
|
5
|
+
class Client < ActiveRecord::Base
|
6
|
+
has_many :access_tokens
|
7
|
+
|
8
|
+
before_validation :setup, :on => :create
|
9
|
+
validates :name, :redirect_uri, :secret, :presence => true
|
10
|
+
validates :identifier, :presence => true, :uniqueness => true
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def setup
|
15
|
+
self.identifier = SecureToken.generate(16)
|
16
|
+
self.secret = SecureToken.generate
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# require 'action_dispatch/routing/mapper'
|
2
|
+
|
3
|
+
module Oauth2
|
4
|
+
module Auth
|
5
|
+
module Server
|
6
|
+
module ActionDispatch::Routing
|
7
|
+
class Mapper
|
8
|
+
def oauth2_token_endpoint(path = 'oauth2/token')
|
9
|
+
post path, :to => proc { |env| Endpoints::Token.new.call(env) }
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'active_record/connection_adapters/abstract/schema_definitions'
|
2
|
+
|
3
|
+
module Oauth2
|
4
|
+
module Auth
|
5
|
+
module Server
|
6
|
+
module Schema
|
7
|
+
|
8
|
+
def oauth2_client
|
9
|
+
string :identifier, :secret, :name, :redirect_uri, :null => false
|
10
|
+
end
|
11
|
+
|
12
|
+
def oauth2_access_token
|
13
|
+
belongs_to :client
|
14
|
+
|
15
|
+
string :token, :null => false
|
16
|
+
string :scope
|
17
|
+
datetime :expires_at
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
ActiveRecord::ConnectionAdapters::Table.send :include, Oauth2::Auth::Server::Schema
|
26
|
+
ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Oauth2::Auth::Server::Schema
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "oauth2-auth-server/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = "oauth2-auth-server"
|
7
|
+
s.version = Oauth2::Auth::Server::VERSION
|
8
|
+
s.authors = ["Renato Neves"]
|
9
|
+
s.email = ["renatosn_rg@yahoo.com.br"]
|
10
|
+
s.homepage = ""
|
11
|
+
s.summary = %q{An implementation of OAuth2 Authorization Server}
|
12
|
+
s.description = %q{An implementation of OAuth2 Authorization Server}
|
13
|
+
|
14
|
+
s.rubyforge_project = "oauth2-auth-server"
|
15
|
+
|
16
|
+
s.files = `git ls-files`.split("\n")
|
17
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
18
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
|
+
s.require_paths = ["lib"]
|
20
|
+
|
21
|
+
s.add_dependency("rack-oauth2", "~> 0.14.0")
|
22
|
+
end
|
data/spec/spec_helper.rb
ADDED
metadata
ADDED
@@ -0,0 +1,79 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: oauth2-auth-server
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Renato Neves
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-02-16 00:00:00.000000000 -02:00
|
13
|
+
default_executable:
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: rack-oauth2
|
17
|
+
requirement: &2156427280 !ruby/object:Gem::Requirement
|
18
|
+
none: false
|
19
|
+
requirements:
|
20
|
+
- - ~>
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 0.14.0
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: *2156427280
|
26
|
+
description: An implementation of OAuth2 Authorization Server
|
27
|
+
email:
|
28
|
+
- renatosn_rg@yahoo.com.br
|
29
|
+
executables: []
|
30
|
+
extensions: []
|
31
|
+
extra_rdoc_files: []
|
32
|
+
files:
|
33
|
+
- .gitignore
|
34
|
+
- .rspec
|
35
|
+
- .travis.yml
|
36
|
+
- Gemfile
|
37
|
+
- README.md
|
38
|
+
- Rakefile
|
39
|
+
- lib/oauth2-auth-server.rb
|
40
|
+
- lib/oauth2-auth-server/authentication.rb
|
41
|
+
- lib/oauth2-auth-server/endpoints/authorize.rb
|
42
|
+
- lib/oauth2-auth-server/endpoints/token.rb
|
43
|
+
- lib/oauth2-auth-server/models/access_token.rb
|
44
|
+
- lib/oauth2-auth-server/models/client.rb
|
45
|
+
- lib/oauth2-auth-server/routes.rb
|
46
|
+
- lib/oauth2-auth-server/schema.rb
|
47
|
+
- lib/oauth2-auth-server/secure_token.rb
|
48
|
+
- lib/oauth2-auth-server/version.rb
|
49
|
+
- oauth2-auth-server.gemspec
|
50
|
+
- spec/oauth2-auth-server_spec.rb
|
51
|
+
- spec/spec_helper.rb
|
52
|
+
has_rdoc: true
|
53
|
+
homepage: ''
|
54
|
+
licenses: []
|
55
|
+
post_install_message:
|
56
|
+
rdoc_options: []
|
57
|
+
require_paths:
|
58
|
+
- lib
|
59
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
60
|
+
none: false
|
61
|
+
requirements:
|
62
|
+
- - ! '>='
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: '0'
|
65
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
66
|
+
none: false
|
67
|
+
requirements:
|
68
|
+
- - ! '>='
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '0'
|
71
|
+
requirements: []
|
72
|
+
rubyforge_project: oauth2-auth-server
|
73
|
+
rubygems_version: 1.6.2
|
74
|
+
signing_key:
|
75
|
+
specification_version: 3
|
76
|
+
summary: An implementation of OAuth2 Authorization Server
|
77
|
+
test_files:
|
78
|
+
- spec/oauth2-auth-server_spec.rb
|
79
|
+
- spec/spec_helper.rb
|