oauth2-client 1.0.0

data/lib/oauth2/client.rb

@@ -0,0 +1,63 @@
+module OAuth2
+  class Client
+    
+    attr_reader   :host, :connection_options
+    attr_accessor :client_id, :client_secret, :connection_client,
+                  :authorize_path, :token_path, :device_path
+
+    DEFAULTS_PATHS = {
+      :authorize_path     => '/oauth2/authorize',
+      :token_path         => '/oauth2/token',
+      :device_path        => '/oauth2/device/code',
+    }
+
+    def initialize(host, client_id, client_secret, options={})
+      @host               = host
+      @client_id          = client_id
+      @client_secret      = client_secret
+      @connection_options = options.fetch(:connection_options, {})
+      @connection_client  = options.fetch(:connection_client, OAuth2::HttpConnection)
+      DEFAULTS_PATHS.keys.each do |key|
+        instance_variable_set(:"@#{key}", options.fetch(key, DEFAULTS_PATHS[key]))
+      end
+    end
+
+    def host=(hostname)
+      @connection = nil
+      @host = hostname
+    end
+
+    def connection_options=(options)
+      @connection = nil
+      @connection_options = options
+    end
+
+    def implicit
+      OAuth2::Grant::Implicit.new(self)
+    end
+
+    def authorization_code
+      OAuth2::Grant::AuthorizationCode.new(self)
+    end
+
+    def refresh_token
+      OAuth2::Grant::RefreshToken.new(self)
+    end
+
+    def client_credentials
+      OAuth2::Grant::ClientCredentials.new(self)
+    end
+
+    def password
+      OAuth2::Grant::Password.new(self)
+    end
+
+    def device_code
+      OAuth2::Grant::DeviceCode.new(self)
+    end
+
+    def connection
+      @connection ||= @connection_client.new(@host, @connection_options)
+    end
+  end
+end

data/lib/oauth2/connection.rb

@@ -0,0 +1,188 @@
+begin
+  require 'net/https'
+rescue LoadError
+  warn "Warning: no such file to load -- net/https. Make sure openssl is installed if you want ssl support"
+  require 'net/http'
+end
+require 'zlib'
+require 'addressable/uri'
+
+module OAuth2
+  class HttpConnection
+
+    class UnhandledHTTPMethodError < StandardError; end
+    class UnsupportedSchemeError < StandardError; end
+
+    NET_HTTP_EXCEPTIONS = [
+      EOFError,
+      Errno::ECONNABORTED,
+      Errno::ECONNREFUSED,
+      Errno::ECONNRESET,
+      Errno::EINVAL,
+      Net::HTTPBadResponse,
+      Net::HTTPHeaderSyntaxError,
+      Net::ProtocolError,
+      SocketError,
+      Zlib::GzipFile::Error,
+    ]
+
+    attr_accessor :config, :scheme, :host, :port, :max_redirects, :ssl,
+                  :user_agent, :accept, :max_redirects, :headers
+
+    def self.default_options
+      {
+        :headers => {
+          'Accept'     => 'application/json',
+          'User-Agent' => "OAuth2 Ruby Gem #{OAuth2::Version}"
+        },
+        :ssl => {:verify => true},
+        :max_redirects => 5
+      }
+    end
+
+    def initialize(url, options={})
+      @uri = Addressable::URI.parse(url)
+      self.class.default_options.keys.each do |key|
+        instance_variable_set(:"@#{key}", options.fetch(key, self.class.default_options[key]))
+      end
+    end
+
+    def default_headers
+      self.class.default_options[:headers]
+    end
+
+    def scheme=(scheme)
+      unless ['http', 'https'].include? scheme
+        raise UnsupportedSchemeError.new "#{scheme} is not supported, only http and https"
+      end
+      @scheme = scheme
+    end
+
+    def scheme
+      @scheme ||= @uri.scheme
+    end
+
+    def host
+      @host ||= @uri.host
+    end
+
+    def port
+      _port = ssl? ? 443 : 80
+      @port = @uri.port || _port
+    end
+
+    def absolute_url(path='')
+      "#{scheme}://#{host}#{path}"
+    end
+
+    def ssl?
+      scheme == "https" ? true : false
+    end
+
+    def ssl=(opts)
+      raise "Expected Hash but got #{opts.class.name}" unless opts.is_a?(Hash)
+      @ssl.merge!(opts)
+    end
+
+    def http_connection(opts={})
+      _host   = opts[:host]   || host
+      _port   = opts[:port]   || port
+      _scheme = opts[:scheme] || scheme
+
+      @http_client = Net::HTTP.new(_host, _port)
+
+      configure_ssl(@http_client) if _scheme == 'https'
+
+      @http_client
+    end
+
+    def send_request(method, path, opts={})
+      headers         = @headers.merge(opts.fetch(:headers, {}))
+      params          = opts[:params] || {}
+      query           = Addressable::URI.form_encode(params)
+      method          = method.to_s.downcase
+      normalized_path = query.empty? ? path : [path, query].join("?")
+      client          = http_connection(opts.fetch(:connection_options, {}))
+
+      if (method == 'post' || method == 'put')
+        headers['Content-Type'] ||= 'application/x-www-form-urlencoded'
+      end
+
+      case method
+      when 'get'
+        response = client.get(normalized_path, headers)
+      when 'post'
+        response = client.post(path, query, headers)
+      when 'put'
+        response = client.put(path, query, headers)
+      when 'delete'
+        response = client.delete(normalized_path, headers)
+      else
+        raise UnhandledHTTPMethodError.new("Unsupported HTTP method, #{method.inspect}")
+      end
+
+      status = response.code.to_i
+
+      case status
+      when 301, 302, 303, 307
+        unless redirect_limit_reached?
+          if status == 303
+            method = :get
+            params = nil
+            headers.delete('Content-Type') 
+          end
+          redirect_uri = Addressable::URI.parse(response.header['Location'])
+          conn = {
+            :scheme => redirect_uri.scheme,
+            :host   => redirect_uri.host,
+            :port   => redirect_uri.port
+          }
+          return send_request(method, redirect_uri.path, :params => params, :headers => headers, :connection_options => conn)
+        end
+      when 100..599
+        @redirect_count = 0
+      else
+        raise "Unhandled status code value of #{response.code}"
+      end
+      response
+    rescue *NET_HTTP_EXCEPTIONS
+      raise "Error::ConnectionFailed, $!"
+    end
+
+  private
+
+    def configure_ssl(http)
+      http.use_ssl      = true
+      http.verify_mode  = ssl_verify_mode
+      http.cert_store   = ssl_cert_store
+
+      http.cert         = ssl[:client_cert]  if ssl[:client_cert]
+      http.key          = ssl[:client_key]   if ssl[:client_key]
+      http.ca_file      = ssl[:ca_file]      if ssl[:ca_file]
+      http.ca_path      = ssl[:ca_path]      if ssl[:ca_path]
+      http.verify_depth = ssl[:verify_depth] if ssl[:verify_depth]
+      http.ssl_version  = ssl[:version]      if ssl[:version]
+    end
+
+    def ssl_verify_mode
+      if ssl.fetch(:verify, true)
+          OpenSSL::SSL::VERIFY_PEER
+      else
+          OpenSSL::SSL::VERIFY_NONE
+      end
+    end
+
+    def ssl_cert_store
+      return ssl[:cert_store] if ssl[:cert_store]
+      cert_store = OpenSSL::X509::Store.new
+      cert_store.set_default_paths
+      cert_store
+    end
+
+    def redirect_limit_reached?
+      @redirect_count ||= 0
+      @redirect_count += 1
+      @redirect_count > @max_redirects
+    end
+  end
+end

data/lib/oauth2/error.rb

@@ -0,0 +1,3 @@
+module OAuth2
+    class Error < StandardError; end
+end

data/lib/oauth2/grant.rb

@@ -0,0 +1,7 @@
+require 'oauth2/grant/base'
+require 'oauth2/grant/implicit'
+require 'oauth2/grant/device'
+require 'oauth2/grant/authorization_code'
+require 'oauth2/grant/refresh_token'
+require 'oauth2/grant/client_credentials'
+require 'oauth2/grant/password'

data/lib/oauth2/grant/authorization_code.rb

@@ -0,0 +1,71 @@
+module OAuth2
+  module Grant
+    # Authorization Code Grant
+    # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1
+    class AuthorizationCode < Base
+
+      def response_type
+        "code"
+      end
+
+      def grant_type
+        "authorization_code"
+      end
+
+      # Authorization Request
+      # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1.1
+      def authorization_path(params={})
+        params = params.merge(authorization_params)
+        "#{@authorize_path}?#{to_query(params)}"
+      end
+
+      def authorization_url(params={})
+        params = params.merge(authorization_params)
+        build_url(host, :path => authorize_path, :params => params)
+      end
+
+      # Access Token Request
+      # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1.3
+      def token_path(params={})
+        unless params.empty?
+          return "#{@token_path}?#{to_query(params)}"
+        end
+        @token_path
+      end
+
+      # Retrieve page at authorization path
+      #
+      # @param [Hash] opts options
+      def fetch_authorization_url(opts={})
+        opts[:method] ||= :get
+        opts[:params] ||= {}
+        opts[:params].merge!(authorization_params)
+        method = opts.delete(:method) || :get
+        make_request(method, @authorize_path, opts)
+      end
+
+      # Retrieve an access token for a given auth code
+      #
+      # @param [String] code refresh token
+      # @param [Hash]   params additional params
+      # @param [Hash]   opts options
+      def get_token(code, opts={})
+        opts[:params] ||= {}
+        opts[:params][:code] = code
+        opts[:authenticate] ||= :headers
+        method = opts.delete(:method) || :post
+        make_request(method, token_path, opts)
+      end
+
+    private
+
+      # Default authorization request parameters
+      def authorization_params
+        {
+          :response_type => response_type,
+          :client_id  => @client_id
+        }
+      end
+    end
+  end
+end

data/lib/oauth2/grant/base.rb

@@ -0,0 +1,41 @@
+module OAuth2
+  module Grant
+    class Base
+      include OAuth2::UrlHelper
+
+      class InvalidAuthorizationTypeError < StandardError; end
+  
+      attr_accessor :client_id, :client_secret, :connection, :host,
+                    :authorize_path, :token_path, :device_path
+
+      def initialize(client)
+        @host           = client.host
+        @connection     = client.connection
+        @client_id      = client.client_id
+        @client_secret  = client.client_secret
+        @token_path     = client.token_path
+        @authorize_path = client.authorize_path
+        @device_path    = client.device_path
+      end
+
+      def make_request(method, path, opts={})
+        if auth_type = opts.delete(:authenticate)
+          case auth_type.to_sym
+          when :body
+            opts[:params] ||= {}
+            opts[:params].merge!({
+              :client_id     => @client_id,
+              :client_secret => @client_secret
+            })
+          when :headers
+            opts[:headers] ||= {}
+            opts[:headers]['Authorization'] = http_basic_encode(@client_id, @client_secret)
+          else
+            #do nothing
+          end
+        end
+        @connection.send_request(method, path, opts)
+      end
+    end
+  end
+end

data/lib/oauth2/grant/client_credentials.rb

@@ -0,0 +1,27 @@
+require "base64"
+
+module OAuth2
+  module Grant
+    # Client Credentials Grant
+    #
+    # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.4
+    class ClientCredentials < Base
+
+      def grant_type 
+        "client_credentials"
+      end
+
+      # Retrieve an access token for the given client credentials
+      #
+      # @param [Hash] params additional params
+      # @param [Hash] opts options
+      def get_token(opts={})
+        opts[:params] ||= {}
+        opts[:params][:grant_type] = grant_type
+        opts[:authenticate] ||= :headers
+        method = opts.delete(:method) || :post
+        make_request(method, @token_path, opts)
+      end
+    end
+  end
+end

data/lib/oauth2/grant/device.rb

@@ -0,0 +1,37 @@
+module OAuth2
+  module Grant
+    # Device Grant
+    # @see https://developers.google.com/accounts/docs/OAuth2ForDevices
+    class DeviceCode < Base
+
+      def grant_type
+        "http://oauth.net/grant_type/device/1.0"
+      end
+
+      # Generate the authorization path using the given parameters .
+      #
+      # @param [Hash] query parameters
+      def get_code(opts={})
+        opts[:params] ||= {}
+        opts[:params][:client_id] = @client_id
+        method = opts.delete(:method) || :post
+        make_request(method, @device_path, opts)
+      end
+
+      # Retrieve an access token given the specified client.
+      #
+      # @param [Hash] params additional params
+      # @param [Hash] opts options
+      def get_token(code, opts={})
+        opts[:params] ||= {}
+        opts[:params].merge!({
+          :code       => code,
+          :grant_type => grant_type
+        })
+        opts[:authenticate] ||= :headers
+        method = opts.delete(:method) || :post
+        make_request(method, @token_path, opts)
+      end
+    end
+  end
+end

data/lib/oauth2/grant/implicit.rb

@@ -0,0 +1,46 @@
+module OAuth2
+  module Grant
+    # Implicit Grant
+    # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.2
+    class Implicit < Base
+
+      def response_type
+        "token"
+      end
+
+      # Generate a token path using the given parameters .
+      #
+      # @param [Hash] query parameters
+      def token_path(params={})
+        params = params.merge(token_params)
+        "#{@authorize_path}?#{to_query(params)}"
+      end
+
+      def token_url(params={})
+        params = params.merge(token_params)
+        build_url(host, :path => authorize_path, :params => params)
+      end
+
+      # Retrieve an access token given the specified client.
+      #
+      # @param [Hash] params additional params
+      # @param [Hash] opts options
+      def get_token(opts={})
+        opts[:params] ||= {}
+        opts[:params].merge!(token_params)
+        opts[:authenticate] ||= :headers
+        method = opts.delete(:method) || :get
+        make_request(method, @token_path, opts)
+      end
+
+    private
+
+      def token_params
+        {
+          :response_type => response_type,
+          :client_id  => @client_id
+        }
+      end
+    end
+  end
+end