oauth2-provider-jonrowe 0.1.0

data/example/config.ru

@@ -0,0 +1,3 @@
+require File.dirname(__FILE__) + '/application'
+run Sinatra::Application
+

data/example/environment.rb

@@ -0,0 +1,11 @@
+dir = File.expand_path(File.dirname(__FILE__))
+$:.unshift(dir + '/../lib')
+$:.unshift(dir)
+
+require 'oauth2/provider'
+OAuth2::Provider.realm = 'Notes App'
+
+require 'models/connection'
+require 'models/user'
+require 'models/note'
+

data/example/models/connection.rb

@@ -0,0 +1,9 @@
+require 'rubygems'
+require 'active_record'
+
+dir = File.expand_path(File.dirname(__FILE__))
+
+ActiveRecord::Base.establish_connection(
+  :adapter  => 'sqlite3',
+  :database => dir + '/../db/notes.sqlite3')
+

data/example/models/note.rb

@@ -0,0 +1,4 @@
+class Note < ActiveRecord::Base
+  belongs_to :user
+end
+

data/example/models/user.rb

@@ -0,0 +1,6 @@
+class User < ActiveRecord::Base
+  include OAuth2::Model::ResourceOwner
+  include OAuth2::Model::ClientOwner
+  has_many :notes
+end
+

data/example/public/style.css

@@ -0,0 +1,78 @@
+body {
+  font: 16px/1.4 FreeSans, Helvetica, Arial, sans-serif;
+  background: #353e4b;
+}
+
+.sub {
+  width: 640px;
+  margin: 0 auto;
+  padding: 1em 2em;
+}
+
+.header {
+  text-shadow: #23282e 0px -2px 0px;
+}
+
+.header h1 {
+  color: #e5dec7;
+  font-size: 4em;
+  letter-spacing: -0.06em;
+  margin: 0;
+}
+
+.header h2 {
+  color: #b3a784;
+  font-size: 1.5em;
+  font-weight: normal;
+  letter-spacing: -0.06em;
+  margin: 0 0 0.5em;
+}
+
+.content .sub {
+  background: #fff;
+  color: #333;
+  -webkit-border-radius: 16px;
+  -moz-border-radius: 16px;
+  border-radius: 16px;
+}
+
+h3 {
+  color: #888;
+  font-size: 1.5em;
+  font-weight: normal;
+  margin: 0 0 1em;
+}
+
+fieldset {
+  border: none;
+  border-top: 1px solid #ccc;
+  padding: 12px 0 0 0;
+  margin: 12px 0 0 0;
+}
+
+table {
+  border-collapse: collapse;
+}
+
+table th, table td {
+  border-top: 1px solid #eee;
+  padding: 8px 16px;
+}
+
+table th {
+  border-right: 2px solid #ccc;
+  text-align: left;
+}
+
+a {
+  color: #9ba749;
+  font-weight: bold;
+  text-decoration: none;
+}
+
+.footer {
+  font-size: 0.8em;
+  color: #999;
+  text-shadow: #23282e 0px -1px 0px;
+}
+

data/example/schema.rb

@@ -0,0 +1,27 @@
+dir = File.expand_path(File.dirname(__FILE__))
+$:.unshift(dir + '/../lib')
+
+require 'rubygems'
+require 'oauth2/provider'
+require 'fileutils'
+
+require dir + '/models/connection'
+
+FileUtils.mkdir_p(dir + '/db')
+
+ActiveRecord::Schema.define do |version|
+  create_table :users, :force => true do |t|
+    t.timestamps
+    t.string :username
+  end
+  
+  create_table :notes, :force => true do |t|
+    t.timestamps
+    t.belongs_to :user
+    t.string     :title
+    t.text       :body
+  end
+end
+
+OAuth2::Model::Schema.up
+

data/example/views/authorize.erb

@@ -0,0 +1,28 @@
+<h3>Authorize OAuth client</h3>
+
+<p>This application <b><%= @oauth2.client.name %></b> wants
+  the following permissions:</p>
+
+<ul>
+  <% @oauth2.scopes.each do |scope| %>
+    <% next unless PERMISSIONS[scope] %>
+    <li><%= PERMISSIONS[scope] %></li>
+  <% end %>
+</ul>
+
+<form method="post" action="/oauth/allow">
+  <% @oauth2.params.each do |key, value| %>
+    <input type="hidden" name="<%= key %>" value="<%= value %>">
+  <% end %>
+  <input type="hidden" name="user_id" value="<%= @user.id %>">
+  
+  <fieldset>
+    <input type="checkbox" name="allow" id="allow" value="1">
+    <label for="allow">Allow this application</label>
+  </fieldset>
+  
+  <fieldset>
+    <input type="submit" value="Go!">
+  </fieldset>
+</form>
+

data/example/views/create_user.erb

@@ -0,0 +1,3 @@
+<h3>New User Created</h3>
+
+<p>Your username is: <%= @user.username %></p>

data/example/views/home.erb

@@ -0,0 +1,25 @@
+<p>Welcome to the <b>Songkick OAuth 2.0 demo</b>. The endpoint you should direct
+  users to is:</p>
+
+<pre>    <%= host %>/oauth/authorize</pre>
+
+<p>This handles both user authorization and token exchange requests. Before you
+can use this though, you&rsquo;ll need to register your application.</p>
+
+<ul>
+  <li><a href="/oauth/apps/new">Register your application</a></li>
+</ul>
+
+<p>This application is a note-taking app. It exposes a JSON API for reading a
+  user&rsquo;s notes, but you need an access token for this. Use the OAuth
+  protocol to get one, or see if you can hack in without permission!</p>
+
+<p>The following resources are available. You&rsquo;ll need to ask the user for
+  the <b><code>read_notes</code></b> permission scope to get at them.</p>
+
+<ul>
+  <li><code>/me</code> &mdash; returns the current user&rsquo;s data</li>
+  <li><code>/users/:username/notes</code></li>
+  <li><code>/users/:username/notes/:note_id</code></li>
+</ul>
+

data/example/views/layout.erb

@@ -0,0 +1,25 @@
+<!doctype html>
+<html>
+  <head>
+    <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+    <title>OAuth 2.0 demo</title>
+    <link rel="stylesheet" href="/style.css">
+  </head>
+  <body>
+    
+    <div class="header"><div class="sub">
+      <h1>OAuth 2.0 demo</h1>
+      <h2>Steal my notes, why don&rsquo;t you</h2>
+    </div></div>
+    
+    <div class="content"><div class="sub">
+      <%= yield %>
+    </div></div>
+    
+    <div class="footer"><div class="sub">
+      <p>Copyright &copy; 2010 Songkick.com</p>
+    </div></div>
+    
+  </body>
+</html>
+

data/example/views/login.erb

@@ -0,0 +1,20 @@
+<h3>Sign in</h3>
+
+<p>Who are you? We&rsquo;d ask for a password usually, but seeing as
+  it&rsquo;s <em>you</em>&hellip;</p>
+
+<form method="post" action="/login">
+  <% @oauth2.params.each do |key, value| %>
+    <input type="hidden" name="<%= key %>" value="<%= value %>">
+  <% end %>
+  
+  <fieldset>
+    <label for="username">Username</label>
+    <input type="text" name="username" id="username">
+  </fieldset>
+  
+  <fieldset>
+    <input type="submit" value="Sign in">
+  </fieldset>
+</form>
+

data/example/views/new_client.erb

@@ -0,0 +1,25 @@
+<h3>Register you application</h3>
+
+<% if @client.errors.any? %>
+  <ul class="errors">
+    <% @client.errors.full_messages.each do |message| %>
+      <li><%= message %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+<form method="post" action="/oauth/apps">
+  <fieldset>
+    <label for="name">Application name</label>
+    <input type="text" name="name" id="name">
+  </fieldset>
+  <fieldset>
+    <label for="redirect_uri">Callback URI</label>
+    <input type="text" name="redirect_uri" id="redirect_uri">
+  </fieldset>
+  
+  <fieldset>
+    <input type="submit" value="Register">
+  </fieldset>
+</form>
+

data/example/views/new_user.erb

@@ -0,0 +1,22 @@
+<h3>Register a User</h3>
+
+<% if @user.errors.any? %>
+  <ul class="errors">
+    <% @user.errors.full_messages.each do |message| %>
+      <li><%= message %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+<form method="post" action="/users/create">
+  <fieldset>
+    <label for="name">Username</label>
+    <input type="text" name="username" id="username">
+  </fieldset>
+  
+  <fieldset>
+    <input type="submit" value="Register">
+  </fieldset>
+</form>
+
+

data/example/views/show_client.erb

@@ -0,0 +1,15 @@
+<h3>Client app: <%= @client.name %></h3>
+
+<table>
+  <tbody>
+    <tr>
+      <th scope="row">client_id</th>
+      <td><%= @client.client_id %></td>
+    </tr>
+    <tr>
+      <th scope="row">client_secret</th>
+      <td><%= @client_secret %></td>
+    </tr>
+  </tbody>
+</table>
+

data/lib/oauth2/model.rb

@@ -0,0 +1,17 @@
+require 'active_record'
+
+module OAuth2
+  module Model
+    autoload :ClientOwner,   ROOT + '/oauth2/model/client_owner'
+    autoload :ResourceOwner, ROOT + '/oauth2/model/resource_owner'
+    autoload :Hashing,       ROOT + '/oauth2/model/hashing'
+    autoload :Authorization, ROOT + '/oauth2/model/authorization'
+    autoload :Client,        ROOT + '/oauth2/model/client'
+    autoload :Schema,        ROOT + '/oauth2/model/schema'
+    
+    def self.find_access_token(access_token)
+      Authorization.find_by_access_token_hash(OAuth2.hashify(access_token))
+    end
+  end
+end
+

data/lib/oauth2/model/authorization.rb

@@ -0,0 +1,113 @@
+module OAuth2
+  module Model
+    
+    class Authorization < ActiveRecord::Base
+      set_table_name :oauth2_authorizations
+      
+      belongs_to :oauth2_resource_owner, :polymorphic => true
+      alias :owner  :oauth2_resource_owner
+      alias :owner= :oauth2_resource_owner=
+      
+      belongs_to :client, :class_name => 'OAuth2::Model::Client'
+      
+      validates_presence_of :client, :owner
+      
+      validates_uniqueness_of :code,               :scope => :client_id, :allow_nil => true
+      validates_uniqueness_of :refresh_token_hash, :scope => :client_id, :allow_nil => true
+      validates_uniqueness_of :access_token_hash,                        :allow_nil => true
+      
+      extend Hashing
+      hashes_attributes :access_token, :refresh_token
+      
+      def self.for(resource_owner, client)
+        return nil unless resource_owner and client
+        resource_owner.oauth2_authorizations.find_by_client_id(client.id)
+      end
+      
+      def self.create_code(client)
+        OAuth2.generate_id do |code|
+          client.authorizations.count(:conditions => {:code => code}).zero?
+        end
+      end
+      
+      def self.create_access_token
+        OAuth2.generate_id do |token|
+          hash = OAuth2.hashify(token)
+          count(:conditions => {:access_token_hash => hash}).zero?
+        end
+      end
+      
+      def self.create_refresh_token(client)
+        OAuth2.generate_id do |refresh_token|
+          hash = OAuth2.hashify(refresh_token)
+          client.authorizations.count(:conditions => {:refresh_token_hash => hash}).zero?
+        end
+      end
+      
+      def self.for_response_type(response_type, attributes = {})
+        instance = self.for(attributes[:owner], attributes[:client]) ||
+                   new(:owner => attributes[:owner], :client => attributes[:client])
+        
+        case response_type
+          when CODE
+            instance.code ||= create_code(attributes[:client])
+          when TOKEN
+            instance.access_token  ||= create_access_token
+            instance.refresh_token ||= create_refresh_token(attributes[:client])
+          when CODE_AND_TOKEN
+            instance.code = create_code(attributes[:client])
+            instance.access_token  ||= create_access_token
+            instance.refresh_token ||= create_refresh_token(attributes[:client])
+        end
+        
+        if attributes[:duration]
+          instance.expires_at = Time.now + attributes[:duration].to_i
+        else
+          instance.expires_at = nil
+        end
+        
+        if attributes[:scope]
+          scopes = instance.scopes + attributes[:scope].split(/\s+/)
+          instance.scope = scopes.join(' ')
+        end
+        
+        instance.save && instance
+      end
+      
+      def exchange!
+        self.code          = nil
+        self.access_token  = self.class.create_access_token
+        self.refresh_token = nil
+        save!
+      end
+      
+      def expired?
+        return false unless expires_at
+        expires_at < Time.now
+      end
+      
+      def expires_in
+        expires_at && (expires_at - Time.now).ceil
+      end
+      
+      def generate_code
+        self.code ||= self.class.create_code(client)
+        save && code
+      end
+      
+      def grants_access?(user, *scopes)
+        not expired? and user == owner and in_scope?(scopes)
+      end
+      
+      def in_scope?(request_scope)
+        [*request_scope].all?(&scopes.method(:include?))
+      end
+      
+      def scopes
+        scope ? scope.split(/\s+/) : []
+      end
+    end
+    
+  end
+end
+