oauth2-auth-server 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +5 -0
- data/.rspec +2 -0
- data/.travis.yml +3 -0
- data/Gemfile +10 -0
- data/README.md +3 -0
- data/Rakefile +6 -0
- data/lib/oauth2-auth-server.rb +41 -0
- data/lib/oauth2-auth-server/authentication.rb +58 -0
- data/lib/oauth2-auth-server/endpoints/authorize.rb +10 -0
- data/lib/oauth2-auth-server/endpoints/token.rb +38 -0
- data/lib/oauth2-auth-server/models/access_token.rb +62 -0
- data/lib/oauth2-auth-server/models/client.rb +22 -0
- data/lib/oauth2-auth-server/routes.rb +15 -0
- data/lib/oauth2-auth-server/schema.rb +26 -0
- data/lib/oauth2-auth-server/secure_token.rb +11 -0
- data/lib/oauth2-auth-server/version.rb +7 -0
- data/oauth2-auth-server.gemspec +22 -0
- data/spec/oauth2-auth-server_spec.rb +9 -0
- data/spec/spec_helper.rb +2 -0
- metadata +79 -0
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
data/Rakefile
ADDED
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'rack/oauth2'
|
2
|
+
|
3
|
+
require 'oauth2-auth-server/version'
|
4
|
+
require 'oauth2-auth-server/schema'
|
5
|
+
require 'oauth2-auth-server/routes'
|
6
|
+
|
7
|
+
module Oauth2
|
8
|
+
module Auth
|
9
|
+
module Server
|
10
|
+
autoload :SecureToken, 'oauth2-auth-server/secure_token'
|
11
|
+
autoload :Authentication, 'oauth2-auth-server/authentication'
|
12
|
+
|
13
|
+
module Endpoints
|
14
|
+
autoload :Authorize, 'oauth2-auth-server/endpoints/authorize'
|
15
|
+
autoload :Token, 'oauth2-auth-server/endpoints/token'
|
16
|
+
end
|
17
|
+
|
18
|
+
module Models
|
19
|
+
autoload :AccessToken, 'oauth2-auth-server/models/access_token'
|
20
|
+
autoload :Client, 'oauth2-auth-server/models/client'
|
21
|
+
end
|
22
|
+
|
23
|
+
mattr_accessor :default_lifetime
|
24
|
+
@@default_lifetime = nil
|
25
|
+
|
26
|
+
def self.setup
|
27
|
+
yield self
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.use_middleware(type)
|
31
|
+
token_type = case type
|
32
|
+
when :bearer then Rack::OAuth2::Server::Resource::Bearer
|
33
|
+
else raise("Token type '#{type}' is not supported")
|
34
|
+
end
|
35
|
+
Rails.application.config.middleware.use token_type, 'Rack::OAuth2 Protected Resources' do |req|
|
36
|
+
AccessToken.valid.find_by_token(req.access_token) || req.invalid_token!
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
module Oauth2
|
2
|
+
module Auth
|
3
|
+
module Server
|
4
|
+
module Authentication
|
5
|
+
|
6
|
+
def self.included(base)
|
7
|
+
base.send(:include, Authentication::HelperMethods)
|
8
|
+
base.send(:include, Authentication::ControllerMethods)
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.extended(base)
|
12
|
+
base.send(:extend, Authentication::ClassMethods)
|
13
|
+
end
|
14
|
+
|
15
|
+
module HelperMethods
|
16
|
+
def current_token
|
17
|
+
@current_token
|
18
|
+
end
|
19
|
+
|
20
|
+
def current_client
|
21
|
+
@current_client
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
module ControllerMethods
|
26
|
+
def require_oauth_token(options = {})
|
27
|
+
@current_token = request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN]
|
28
|
+
raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized unless @current_token
|
29
|
+
raise Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope) unless @current_token.has_scope?(options[:scope])
|
30
|
+
end
|
31
|
+
|
32
|
+
def require_oauth_client_token(options = {})
|
33
|
+
require_oauth_token(options)
|
34
|
+
raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:invalid_token, 'Client token is required') if @current_token.user
|
35
|
+
@current_client = @current_token.client
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
module ClassMethods
|
40
|
+
def oauth_required(options = {})
|
41
|
+
scope = options.delete(:scope)
|
42
|
+
before_filter options do |controller|
|
43
|
+
controller.require_oauth_token(:scope => scope)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
def oauth_client_required(options = {})
|
48
|
+
scope = options.delete(:scope)
|
49
|
+
before_filter options do |controller|
|
50
|
+
controller.require_oauth_client_token(:scope => scope)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module Oauth2
|
2
|
+
module Auth
|
3
|
+
module Server
|
4
|
+
module Endpoints
|
5
|
+
class Token
|
6
|
+
|
7
|
+
def call(env)
|
8
|
+
authenticator.call(env)
|
9
|
+
end
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
def authenticator
|
14
|
+
Rack::OAuth2::Server::Token.new do |req, res|
|
15
|
+
client = Client.find_by_identifier(req.client_id) || req.invalid_client!
|
16
|
+
client.secret == req.client_secret || req.invalid_client!
|
17
|
+
case req.grant_type
|
18
|
+
when :authorization_code
|
19
|
+
req.unsupported_grant_type!
|
20
|
+
when :password
|
21
|
+
req.unsupported_grant_type!
|
22
|
+
when :client_credentials
|
23
|
+
# scope is a list of space delimited scopes. Rack::OAuth2 converts to an array.
|
24
|
+
res.access_token = client.access_tokens.create(:scope => req.scope).to_bearer_token
|
25
|
+
when :refresh_token
|
26
|
+
req.unsupported_grant_type!
|
27
|
+
else
|
28
|
+
# NOTE: extended assertion grant_types are not supported yet.
|
29
|
+
req.unsupported_grant_type!
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
module Oauth2
|
2
|
+
module Auth
|
3
|
+
module Server
|
4
|
+
module Models
|
5
|
+
class AccessToken < ActiveRecord::Base
|
6
|
+
cattr_accessor :default_lifetime
|
7
|
+
self.default_lifetime = Oauth2::Auth::Server.default_lifetime
|
8
|
+
|
9
|
+
belongs_to :client
|
10
|
+
|
11
|
+
before_validation :setup, :on => :create
|
12
|
+
before_validation :scope_to_string
|
13
|
+
validates :client, :presence => true
|
14
|
+
validates :token, :presence => true, :uniqueness => true
|
15
|
+
|
16
|
+
scope :valid, lambda {
|
17
|
+
where("expires_at is null or expires_at >= :date", :date => Time.now.utc)
|
18
|
+
}
|
19
|
+
|
20
|
+
def expires_in
|
21
|
+
(expires_at - Time.now.utc).to_i if expires_at
|
22
|
+
end
|
23
|
+
|
24
|
+
def expired!
|
25
|
+
self.expires_at = Time.now.utc
|
26
|
+
self.save!
|
27
|
+
end
|
28
|
+
|
29
|
+
def has_scope?(scope)
|
30
|
+
scope = Array(scope)
|
31
|
+
scope.collect! {|a| a.to_s }
|
32
|
+
current_scope = scope_to_array
|
33
|
+
(scope - current_scope).empty?
|
34
|
+
end
|
35
|
+
|
36
|
+
def to_bearer_token
|
37
|
+
Rack::OAuth2::AccessToken::Bearer.new(
|
38
|
+
:access_token => self.token,
|
39
|
+
:expires_in => self.expires_in,
|
40
|
+
:scope => self.scope
|
41
|
+
)
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
def setup
|
47
|
+
self.token = SecureToken.generate
|
48
|
+
self.expires_at ||= self.default_lifetime.from_now if self.default_lifetime
|
49
|
+
end
|
50
|
+
|
51
|
+
def scope_to_string
|
52
|
+
self.scope = self.scope.join(' ') if self.scope.is_a?(Array)
|
53
|
+
end
|
54
|
+
|
55
|
+
def scope_to_array
|
56
|
+
(self.scope.split(' ') if self.scope.is_a?(String)) or []
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
module Oauth2
|
2
|
+
module Auth
|
3
|
+
module Server
|
4
|
+
module Models
|
5
|
+
class Client < ActiveRecord::Base
|
6
|
+
has_many :access_tokens
|
7
|
+
|
8
|
+
before_validation :setup, :on => :create
|
9
|
+
validates :name, :redirect_uri, :secret, :presence => true
|
10
|
+
validates :identifier, :presence => true, :uniqueness => true
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def setup
|
15
|
+
self.identifier = SecureToken.generate(16)
|
16
|
+
self.secret = SecureToken.generate
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# require 'action_dispatch/routing/mapper'
|
2
|
+
|
3
|
+
module Oauth2
|
4
|
+
module Auth
|
5
|
+
module Server
|
6
|
+
module ActionDispatch::Routing
|
7
|
+
class Mapper
|
8
|
+
def oauth2_token_endpoint(path = 'oauth2/token')
|
9
|
+
post path, :to => proc { |env| Endpoints::Token.new.call(env) }
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'active_record/connection_adapters/abstract/schema_definitions'
|
2
|
+
|
3
|
+
module Oauth2
|
4
|
+
module Auth
|
5
|
+
module Server
|
6
|
+
module Schema
|
7
|
+
|
8
|
+
def oauth2_client
|
9
|
+
string :identifier, :secret, :name, :redirect_uri, :null => false
|
10
|
+
end
|
11
|
+
|
12
|
+
def oauth2_access_token
|
13
|
+
belongs_to :client
|
14
|
+
|
15
|
+
string :token, :null => false
|
16
|
+
string :scope
|
17
|
+
datetime :expires_at
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
ActiveRecord::ConnectionAdapters::Table.send :include, Oauth2::Auth::Server::Schema
|
26
|
+
ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Oauth2::Auth::Server::Schema
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "oauth2-auth-server/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = "oauth2-auth-server"
|
7
|
+
s.version = Oauth2::Auth::Server::VERSION
|
8
|
+
s.authors = ["Renato Neves"]
|
9
|
+
s.email = ["renatosn_rg@yahoo.com.br"]
|
10
|
+
s.homepage = ""
|
11
|
+
s.summary = %q{An implementation of OAuth2 Authorization Server}
|
12
|
+
s.description = %q{An implementation of OAuth2 Authorization Server}
|
13
|
+
|
14
|
+
s.rubyforge_project = "oauth2-auth-server"
|
15
|
+
|
16
|
+
s.files = `git ls-files`.split("\n")
|
17
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
18
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
|
+
s.require_paths = ["lib"]
|
20
|
+
|
21
|
+
s.add_dependency("rack-oauth2", "~> 0.14.0")
|
22
|
+
end
|
data/spec/spec_helper.rb
ADDED
metadata
ADDED
@@ -0,0 +1,79 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: oauth2-auth-server
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Renato Neves
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-02-16 00:00:00.000000000 -02:00
|
13
|
+
default_executable:
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: rack-oauth2
|
17
|
+
requirement: &2156427280 !ruby/object:Gem::Requirement
|
18
|
+
none: false
|
19
|
+
requirements:
|
20
|
+
- - ~>
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 0.14.0
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: *2156427280
|
26
|
+
description: An implementation of OAuth2 Authorization Server
|
27
|
+
email:
|
28
|
+
- renatosn_rg@yahoo.com.br
|
29
|
+
executables: []
|
30
|
+
extensions: []
|
31
|
+
extra_rdoc_files: []
|
32
|
+
files:
|
33
|
+
- .gitignore
|
34
|
+
- .rspec
|
35
|
+
- .travis.yml
|
36
|
+
- Gemfile
|
37
|
+
- README.md
|
38
|
+
- Rakefile
|
39
|
+
- lib/oauth2-auth-server.rb
|
40
|
+
- lib/oauth2-auth-server/authentication.rb
|
41
|
+
- lib/oauth2-auth-server/endpoints/authorize.rb
|
42
|
+
- lib/oauth2-auth-server/endpoints/token.rb
|
43
|
+
- lib/oauth2-auth-server/models/access_token.rb
|
44
|
+
- lib/oauth2-auth-server/models/client.rb
|
45
|
+
- lib/oauth2-auth-server/routes.rb
|
46
|
+
- lib/oauth2-auth-server/schema.rb
|
47
|
+
- lib/oauth2-auth-server/secure_token.rb
|
48
|
+
- lib/oauth2-auth-server/version.rb
|
49
|
+
- oauth2-auth-server.gemspec
|
50
|
+
- spec/oauth2-auth-server_spec.rb
|
51
|
+
- spec/spec_helper.rb
|
52
|
+
has_rdoc: true
|
53
|
+
homepage: ''
|
54
|
+
licenses: []
|
55
|
+
post_install_message:
|
56
|
+
rdoc_options: []
|
57
|
+
require_paths:
|
58
|
+
- lib
|
59
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
60
|
+
none: false
|
61
|
+
requirements:
|
62
|
+
- - ! '>='
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: '0'
|
65
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
66
|
+
none: false
|
67
|
+
requirements:
|
68
|
+
- - ! '>='
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '0'
|
71
|
+
requirements: []
|
72
|
+
rubyforge_project: oauth2-auth-server
|
73
|
+
rubygems_version: 1.6.2
|
74
|
+
signing_key:
|
75
|
+
specification_version: 3
|
76
|
+
summary: An implementation of OAuth2 Authorization Server
|
77
|
+
test_files:
|
78
|
+
- spec/oauth2-auth-server_spec.rb
|
79
|
+
- spec/spec_helper.rb
|