oauth2-provider 0.0.16

data/examples/rails3-example/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/examples/rails3-example/public/500.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+    <p>We've been notified about this issue and we'll take a look at it shortly.</p>
+  </div>
+</body>
+</html>

data/examples/rails3-example/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-Agent: *
+# Disallow: /

data/examples/rails3-example/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/lib/oauth2-provider.rb

@@ -0,0 +1,3 @@
+require 'active_support/all'
+require 'oauth2/provider/rails' if defined?(Rails)
+require 'oauth2/provider'

data/lib/oauth2/provider.rb

@@ -0,0 +1,39 @@
+module OAuth2
+  module Provider
+    autoload :Rails, 'oauth2/provider/rails'
+    autoload :Models, 'oauth2/provider/models'
+    autoload :Random, 'oauth2/provider/random'
+    autoload :Rack, 'oauth2/provider/rack'
+
+    mattr_accessor :backend
+    self.backend = :activerecord
+
+    mattr_accessor :authorization_class_name
+    mattr_accessor :access_token_class_name
+    mattr_accessor :authorization_code_class_name
+    mattr_accessor :client_class_name
+
+    [:resource_owner, :client, :authorization, :access_token, :authorization_code].each do |model|
+      instance_eval %{
+        def #{model}_class
+          #{model}_class_name.constantize
+        end
+      }
+    end
+
+    mattr_accessor :resource_owner_class_name
+    self.resource_owner_class_name = 'ResourceOwner'
+
+    def self.configure
+      yield self
+      activate
+    end
+
+    def self.activate
+      case backend
+        when :mongoid then OAuth2::Provider::Models::Mongoid.activate
+        else OAuth2::Provider::Models::ActiveRecord.activate
+      end
+    end
+  end
+end

data/lib/oauth2/provider/models.rb

@@ -0,0 +1,40 @@
+module OAuth2::Provider::Models
+  autoload :ActiveRecord, 'oauth2/provider/models/active_record'
+  autoload :Mongoid, 'oauth2/provider/models/mongoid'
+
+  autoload :Authorization, 'oauth2/provider/models/authorization'
+  autoload :AccessToken, 'oauth2/provider/models/access_token'
+  autoload :AuthorizationCode, 'oauth2/provider/models/authorization_code'
+  autoload :Client, 'oauth2/provider/models/client'
+
+  module TokenExpiry
+    extend ActiveSupport::Concern
+
+    included do
+      mattr_accessor :default_token_lifespan
+    end
+
+    def initialize(*args, &block)
+      super
+      if default_token_lifespan
+        self.expires_at ||= default_token_lifespan.from_now
+      end
+    end
+
+    def fresh?
+      !expired?
+    end
+
+    def expired?
+      self.expires_at && self.expires_at < Time.now
+    end
+
+    def expires_in
+      if expired?
+        0
+      else
+        self.expires_at.to_i - Time.now.to_i
+      end
+    end
+  end
+end

data/lib/oauth2/provider/models/access_token.rb

@@ -0,0 +1,54 @@
+module OAuth2::Provider::Models::AccessToken
+  extend ActiveSupport::Concern
+
+  included do
+    include OAuth2::Provider::Models::TokenExpiry
+    self.default_token_lifespan = 1.month
+
+    validates_presence_of :authorization, :access_token, :expires_at
+    validate :expires_at_isnt_greater_than_authorization
+
+    delegate :scope, :has_scope?, :client, :resource_owner, :to => :authorization
+  end
+
+  def initialize(*args, &block)
+    super
+    self.access_token ||= OAuth2::Provider::Random.base62(32)
+    self.refresh_token ||= OAuth2::Provider::Random.base62(32)
+  end
+
+  def as_json(options = {})
+    {"access_token" => access_token, "expires_in" => expires_in}.tap do |result|
+      result["refresh_token"] = refresh_token if refresh_token.present?
+    end
+  end
+
+  def refreshable?
+    refresh_token.present? && authorization.fresh?
+  end
+
+  private
+
+  def expires_at_isnt_greater_than_authorization
+    if !authorization.nil? && authorization.expires_at
+      unless expires_at.nil? || expires_at <= authorization.expires_at
+        errors.add(:expires_at, :must_be_less_than_authorization)
+      end
+    end
+  end
+
+  module ClassMethods
+    def refresh_with(refresh_token)
+      if refresh_token && token = find_by_refresh_token(refresh_token)
+        if token.refreshable?
+          new(:authorization => token.authorization).tap do |result|
+            if result.authorization.expires_at && result.authorization.expires_at < result.expires_at
+              result.expires_at = result.authorization.expires_at
+            end
+            result.save!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/oauth2/provider/models/active_record.rb

@@ -0,0 +1,30 @@
+module OAuth2::Provider::Models::ActiveRecord
+  autoload :Authorization, 'oauth2/provider/models/active_record/authorization'
+  autoload :AccessToken, 'oauth2/provider/models/active_record/access_token'
+  autoload :AuthorizationCode, 'oauth2/provider/models/active_record/authorization_code'
+  autoload :Client, 'oauth2/provider/models/active_record/client'
+
+  mattr_accessor :client_table_name
+  self.client_table_name = 'oauth_clients'
+
+  mattr_accessor :access_token_table_name
+  self.access_token_table_name = 'oauth_access_tokens'
+
+  mattr_accessor :authorization_code_table_name
+  self.authorization_code_table_name = 'oauth_authorization_codes'
+
+  mattr_accessor :authorization_table_name
+  self.authorization_table_name = 'oauth_authorizations'
+
+  def self.activate(options = {})
+    OAuth2::Provider.client_class_name ||= "OAuth2::Provider::Models::ActiveRecord::Client"
+    OAuth2::Provider.access_token_class_name ||= "OAuth2::Provider::Models::ActiveRecord::AccessToken"
+    OAuth2::Provider.authorization_code_class_name ||= "OAuth2::Provider::Models::ActiveRecord::AuthorizationCode"
+    OAuth2::Provider.authorization_class_name ||= "OAuth2::Provider::Models::ActiveRecord::Authorization"
+
+    OAuth2::Provider.client_class.set_table_name client_table_name
+    OAuth2::Provider.access_token_class.set_table_name access_token_table_name
+    OAuth2::Provider.authorization_code_class.set_table_name authorization_code_table_name
+    OAuth2::Provider.authorization_class.set_table_name authorization_table_name
+  end
+end

data/lib/oauth2/provider/models/active_record/access_token.rb

@@ -0,0 +1,13 @@
+class OAuth2::Provider::Models::ActiveRecord::AccessToken < ActiveRecord::Base
+  module Behaviour
+    extend ActiveSupport::Concern
+
+    included do
+      include OAuth2::Provider::Models::AccessToken
+
+      belongs_to :authorization, :class_name => OAuth2::Provider.authorization_class_name, :foreign_key => 'authorization_id'
+    end
+  end
+
+  include Behaviour
+end

data/lib/oauth2/provider/models/active_record/authorization.rb

@@ -0,0 +1,16 @@
+class OAuth2::Provider::Models::ActiveRecord::Authorization < ActiveRecord::Base
+  module Behaviour
+    extend ActiveSupport::Concern
+
+    included do
+      include OAuth2::Provider::Models::Authorization
+
+      belongs_to :client, :class_name => OAuth2::Provider.client_class_name, :foreign_key => 'client_id'
+
+      has_many :access_tokens, :class_name => OAuth2::Provider.access_token_class_name, :foreign_key => 'authorization_id'
+      has_many :authorization_codes, :class_name => OAuth2::Provider.authorization_code_class_name, :foreign_key => 'authorization_id'
+    end
+  end
+
+  include Behaviour
+end

data/lib/oauth2/provider/models/active_record/authorization_code.rb

@@ -0,0 +1,13 @@
+class OAuth2::Provider::Models::ActiveRecord::AuthorizationCode < ActiveRecord::Base
+  module Behaviour
+    extend ActiveSupport::Concern
+
+    included do
+      include OAuth2::Provider::Models::AuthorizationCode
+
+      belongs_to :authorization, :class_name => OAuth2::Provider.authorization_class_name, :foreign_key => 'authorization_id'
+    end
+  end
+
+  include Behaviour
+end

data/lib/oauth2/provider/models/active_record/client.rb

@@ -0,0 +1,15 @@
+class OAuth2::Provider::Models::ActiveRecord::Client < ActiveRecord::Base
+  module Behaviour
+    extend ActiveSupport::Concern
+
+    included do
+      include OAuth2::Provider::Models::Client
+
+      has_many :authorizations, :class_name => OAuth2::Provider.authorization_class_name, :foreign_key => 'client_id'
+      has_many :authorization_codes, :through => :authorizations, :class_name => OAuth2::Provider.authorization_code_class_name
+      has_many :access_tokens, :through => :authorizations, :class_name => OAuth2::Provider.access_token_class_name
+    end
+  end
+
+  include Behaviour
+end

data/lib/oauth2/provider/models/authorization.rb

@@ -0,0 +1,40 @@
+module OAuth2::Provider::Models::Authorization
+  extend ActiveSupport::Concern
+
+  included do
+    include OAuth2::Provider::Models::TokenExpiry
+    self.default_token_lifespan = nil
+
+    validates_presence_of :client
+  end
+
+  def has_scope?(s)
+    scope && scope.split(" ").include?(s)
+  end
+
+  def revoke
+    authorization_codes.destroy_all
+    access_tokens.destroy_all
+    destroy
+  end
+
+  def resource_owner=(ro)
+    self.resource_owner_id = ro && ro.id
+    self.resource_owner_type = ro && ro.class.name
+  end
+
+  def resource_owner
+    resource_owner_id && resource_owner_class.find(resource_owner_id)
+  end
+
+  def resource_owner_class
+    resource_owner_type.constantize
+  end
+
+  module ClassMethods
+    def all_for(ro)
+      return [] unless ro
+      self.where(:resource_owner_id => ro.id, :resource_owner_type => ro.class.name).all
+    end
+  end
+end

data/lib/oauth2/provider/models/authorization_code.rb

@@ -0,0 +1,27 @@
+module OAuth2::Provider::Models::AuthorizationCode
+  extend ActiveSupport::Concern
+
+  included do
+    include OAuth2::Provider::Models::TokenExpiry
+    self.default_token_lifespan = 1.minute
+
+    delegate :client, :resource_owner, :to => :authorization
+    validates_presence_of :authorization, :code, :expires_at, :redirect_uri
+  end
+
+  def initialize(attributes = {})
+    super
+    self.code ||= OAuth2::Provider::Random.base62(32)
+  end
+
+  module ClassMethods
+    def claim(code, redirect_uri)
+      if authorization_code = find_by_code_and_redirect_uri(code, redirect_uri)
+        if authorization_code.fresh?
+          authorization_code.destroy
+          authorization_code.authorization.access_tokens.create!
+        end
+      end
+    end
+  end
+end

data/lib/oauth2/provider/models/client.rb

@@ -0,0 +1,28 @@
+module OAuth2::Provider::Models::Client
+  extend ActiveSupport::Concern
+
+  included do
+    validates_presence_of :oauth_identifier, :oauth_secret, :name
+    validates_uniqueness_of :oauth_identifier
+  end
+
+  def initialize(*args, &block)
+    super
+    self.oauth_identifier ||= OAuth2::Provider::Random.base62(16)
+    self.oauth_secret ||= OAuth2::Provider::Random.base62(32)
+  end
+
+  def to_param
+    new_record? ? nil : oauth_identifier
+  end
+
+  def allow_grant_type?(grant_type)
+    true
+  end
+
+  module ClassMethods
+    def from_param(identifier)
+      self.find_by_oauth_identifier(identifier)
+    end
+  end
+end

data/lib/oauth2/provider/models/mongoid.rb

@@ -0,0 +1,30 @@
+module OAuth2::Provider::Models::Mongoid
+  autoload :Authorization, 'oauth2/provider/models/mongoid/authorization'
+  autoload :AccessToken, 'oauth2/provider/models/mongoid/access_token'
+  autoload :AuthorizationCode, 'oauth2/provider/models/mongoid/authorization_code'
+  autoload :Client, 'oauth2/provider/models/mongoid/client'
+
+  mattr_accessor :client_collection_name
+  self.client_collection_name = 'oauth_clients'
+
+  mattr_accessor :access_token_collection_name
+  self.access_token_collection_name = 'oauth_access_tokens'
+
+  mattr_accessor :authorization_code_collection_name
+  self.authorization_code_collection_name = 'oauth_authorization_codes'
+
+  mattr_accessor :authorization_collection_name
+  self.authorization_collection_name = 'oauth_authorizations'
+
+  def self.activate(options = {})
+    OAuth2::Provider.client_class_name ||= "OAuth2::Provider::Models::Mongoid::Client"
+    OAuth2::Provider.access_token_class_name ||= "OAuth2::Provider::Models::Mongoid::AccessToken"
+    OAuth2::Provider.authorization_code_class_name ||= "OAuth2::Provider::Models::Mongoid::AuthorizationCode"
+    OAuth2::Provider.authorization_class_name ||= "OAuth2::Provider::Models::Mongoid::Authorization"
+
+    OAuth2::Provider.client_class.collection_name = client_collection_name
+    OAuth2::Provider.access_token_class.collection_name = access_token_collection_name
+    OAuth2::Provider.authorization_code_class.collection_name = authorization_code_collection_name
+    OAuth2::Provider.authorization_class.collection_name = authorization_collection_name
+  end
+end