oauth2-provider 0.0.16

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle
+/log
+/pkg
+/spec/*.db
+/*.db
+/doc
+/Gemfile.lock
+.idea

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gemspec

data/README.md

@@ -0,0 +1,49 @@
+oauth2-provider
+==
+
+Simple OAuth2 provider code extracted from [hashblue.com](https://hashblue.com/)
+
+Details
+--
+
+* Implements [draft 11](http://tools.ietf.org/html/draft-ietf-oauth-v2-11) of the oauth2 spec
+* Handles the authorization_code and password grant types
+* Supports ActiveRecord and Mongoid
+
+Usage Instructions
+--
+
+In your Gemfile:
+
+    gem 'oauth2-provider', :git => 'git@github.com:freerange/oauth2-provider.git'
+
+If you're using ActiveRecord, grab the schema out of `spec/schema.rb`, and run the migration.
+
+To dish out authorization codes you will need to implement something like this:
+
+    class AuthorizationController < ApplicationController
+      include OAuth2::Provider::Rack::AuthorizationCodesSupport
+
+      before_filter :authenticate_user!
+      before_filter :block_invalid_authorization_code_requests
+
+      def new
+        @client = oauth2_authorization_request.client
+      end
+
+      def create
+        if params[:yes].present?
+          grant_authorization_code(current_user)
+        else
+          deny_authorization_code
+        end
+      end
+
+    end
+        
+And add a couple of routes:
+
+    match "/oauth/authorize", :via => :get, :to => "authorization#new"
+    match "/oauth/authorize", :via => :post, :to => "authorization#create"
+
+oauth2-provider will handle requests to `/oauth/access_token` to handle conversion of authorization codes to access tokens.

data/Rakefile

@@ -0,0 +1,24 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core/rake_task'
+
+namespace :spec do
+  desc "Run specs using the active_record backend"
+  RSpec::Core::RakeTask.new(:activerecord) do |t|
+    t.rspec_opts = "-f n -c"
+    t.pattern = "spec/**/*_spec.rb"
+  end
+
+  desc "Run specs using the mongoid backend"
+  RSpec::Core::RakeTask.new(:mongoid) do |t|
+    t.rspec_opts = "-f n -c"
+    t.pattern = "spec/**/*_spec.rb"
+    t.ruby_opts = "-Ispec -rset_backend_env_to_mongoid"
+  end
+
+  desc "Run specs using both backends"
+  task :all => ['spec:activerecord', 'spec:mongoid']
+end
+
+task :default => 'spec:all'

data/examples/client/Gemfile

@@ -0,0 +1,6 @@
+source :rubygems
+
+gem 'sinatra'
+gem 'haml'
+
+gem 'httparty'

data/examples/client/Gemfile.lock

@@ -0,0 +1,20 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    crack (0.1.8)
+    haml (3.0.18)
+    httparty (0.7.4)
+      crack (= 0.1.8)
+    rack (1.2.2)
+    sinatra (1.2.6)
+      rack (~> 1.1)
+      tilt (>= 1.2.2, < 2.0)
+    tilt (1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  haml
+  httparty
+  sinatra

data/examples/client/README

@@ -0,0 +1,8 @@
+This is a (very very) simple OAuth2 client, designed to work with the oauth2-provider examples.  To get it running, cd to the client folder, then run:
+
+1) bundle install
+2) bundle exec rackup
+
+This should start the client on port 9292
+
+Assuming an example server is running (such as the one in examples/rails3-example), visit http://localhost:9292.  To read content from the server you'll be asked to login (tomafro/secret) and then authorize the client.  Finally some very simple content from the server will be shown.

data/examples/client/app.rb

@@ -0,0 +1,59 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'sinatra'
+require 'haml'
+require 'httparty'
+
+CLIENT_ID = 'abcdefgh12345678'
+CLIENT_SECRET = 'secret'
+RESOURCE_HOST = 'http://localhost:3000'
+
+enable :sessions
+
+helpers do
+  def redirect_uri
+    "http://" + request.host_with_port + "/callback"
+  end
+
+  def access_token
+    session[:access_token]
+  end
+
+  def get_with_access_token(path)
+    HTTParty.get(RESOURCE_HOST + path, :query => {:oauth_token => access_token})
+  end
+
+  def authorize_url
+    RESOURCE_HOST + "/oauth/authorize?client_id=#{CLIENT_ID}&client_secret=#{CLIENT_SECRET}&redirect_uri=#{redirect_uri}"
+  end
+  
+  def access_token_url
+    RESOURCE_HOST + "/oauth/access_token"
+  end
+end
+
+get '/' do
+  haml :home
+end
+
+get '/callback' do
+  response = HTTParty.post(access_token_url, :body => {
+    :client_id => CLIENT_ID, 
+    :client_secret => CLIENT_SECRET, 
+    :redirect_uri => redirect_uri, 
+    :code => params["code"],
+    :grant_type => 'authorization_code'}
+  )
+
+  session[:access_token] = response["access_token"]
+  redirect '/account'
+end
+
+get '/account' do
+  if access_token
+    @resource_response = get_with_access_token("/account.json")
+    haml :response
+  else
+    redirect authorize_url
+  end
+end

data/examples/client/config.ru

@@ -0,0 +1,3 @@
+require 'app'
+
+run Sinatra::Application

data/examples/client/views/home.haml

@@ -0,0 +1,3 @@
+To use this client, 
+%a{:href => '/account'}
+  click here

data/examples/client/views/response.haml

@@ -0,0 +1,11 @@
+%div
+  The response from the RESOURCE SERVER loading "/account.json :"
+  %h2 
+    Headers
+  %pre
+    =@resource_response.headers.inspect
+  %h2 
+    Body
+  %pre
+    =@resource_response.body.inspect
+      

data/examples/rails3-example/.gitignore

@@ -0,0 +1,4 @@
+.bundle
+db/*.sqlite3
+log/*.log
+tmp/

data/examples/rails3-example/Gemfile

@@ -0,0 +1,10 @@
+source 'http://rubygems.org'
+
+gem 'rails', '3.0.7'
+
+# Bundle edge Rails instead:
+# gem 'rails', :git => 'git://github.com/rails/rails.git'
+
+gem 'sqlite3'
+
+gem 'oauth2-provider', :path => '../..'

data/examples/rails3-example/Gemfile.lock

@@ -0,0 +1,82 @@
+PATH
+  remote: ../..
+  specs:
+    oauth2-provider (0.0.15)
+      activesupport (~> 3.0.1)
+      addressable (~> 2.2)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    abstract (1.0.0)
+    actionmailer (3.0.7)
+      actionpack (= 3.0.7)
+      mail (~> 2.2.15)
+    actionpack (3.0.7)
+      activemodel (= 3.0.7)
+      activesupport (= 3.0.7)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.5.0)
+      rack (~> 1.2.1)
+      rack-mount (~> 0.6.14)
+      rack-test (~> 0.5.7)
+      tzinfo (~> 0.3.23)
+    activemodel (3.0.7)
+      activesupport (= 3.0.7)
+      builder (~> 2.1.2)
+      i18n (~> 0.5.0)
+    activerecord (3.0.7)
+      activemodel (= 3.0.7)
+      activesupport (= 3.0.7)
+      arel (~> 2.0.2)
+      tzinfo (~> 0.3.23)
+    activeresource (3.0.7)
+      activemodel (= 3.0.7)
+      activesupport (= 3.0.7)
+    activesupport (3.0.7)
+    addressable (2.2.5)
+    arel (2.0.9)
+    builder (2.1.2)
+    erubis (2.6.6)
+      abstract (>= 1.0.0)
+    i18n (0.5.0)
+    mail (2.2.19)
+      activesupport (>= 2.3.6)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.16)
+    polyglot (0.3.1)
+    rack (1.2.2)
+    rack-mount (0.6.14)
+      rack (>= 1.0.0)
+    rack-test (0.5.7)
+      rack (>= 1.0)
+    rails (3.0.7)
+      actionmailer (= 3.0.7)
+      actionpack (= 3.0.7)
+      activerecord (= 3.0.7)
+      activeresource (= 3.0.7)
+      activesupport (= 3.0.7)
+      bundler (~> 1.0)
+      railties (= 3.0.7)
+    railties (3.0.7)
+      actionpack (= 3.0.7)
+      activesupport (= 3.0.7)
+      rake (>= 0.8.7)
+      thor (~> 0.14.4)
+    rake (0.8.7)
+    sqlite3 (1.3.3)
+    thor (0.14.6)
+    treetop (1.4.9)
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.27)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  oauth2-provider!
+  rails (= 3.0.7)
+  sqlite3

data/examples/rails3-example/README

@@ -0,0 +1,9 @@
+This is a (very) basic app demonstrating the oauth2-provider library.  To get it going, cd to the app folder, then:
+
+1) Run `bundle install`
+2) Run `bundle exec rake db:reset db:seed`
+3) Run `bundle exec rails server`
+
+This should start the app on port 3000
+
+To try it out, you need an oauth client.  Luckily there's a (very very) simple one in the examples/client folder.  Keep this example running, follow the instructions to start the client, then have a play.

data/examples/rails3-example/Rakefile

@@ -0,0 +1,7 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+require 'rake'
+
+Rails3Example::Application.load_tasks

data/examples/rails3-example/app/controllers/account_controller.rb

@@ -0,0 +1,14 @@
+class AccountController < ApplicationController
+  authenticate_with_oauth
+  before_filter :set_current_account_from_oauth
+
+  def show
+    render :json => {:login => current_account.login}
+  end
+
+  private
+
+  def set_current_account_from_oauth
+    @current_account = request.env['oauth2'].resource_owner
+  end
+end

data/examples/rails3-example/app/controllers/application_controller.rb

@@ -0,0 +1,18 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+
+  def current_account
+    @current_account ||= session[:account_id] && Account.find_by_id(session[:account_id])
+  end
+
+  helper_method :current_account
+
+  private
+
+  def authenticate_account
+    unless current_account
+      session[:return_url] = request.request_uri
+      redirect_to new_session_url
+    end
+  end
+end

data/examples/rails3-example/app/controllers/authorization_controller.rb

@@ -0,0 +1,18 @@
+class AuthorizationController < ApplicationController
+  include OAuth2::Provider::Rack::AuthorizationCodesSupport
+
+  before_filter :authenticate_account
+  before_filter :block_invalid_authorization_code_requests
+
+  def new
+    @client = oauth2_authorization_request.client
+  end
+
+  def create
+    if params[:commit] == "Yes"
+      grant_authorization_code(current_account)
+    else
+      deny_authorization_code
+    end
+  end
+end

data/examples/rails3-example/app/controllers/home_controller.rb

@@ -0,0 +1,4 @@
+class HomeController < ApplicationController
+  def show
+  end
+end

data/examples/rails3-example/app/controllers/session_controller.rb

@@ -0,0 +1,24 @@
+class SessionController < ApplicationController
+  class Session
+    attr_accessor :login, :password
+  end
+
+  def new
+    @session = Session.new
+  end
+
+  def create
+    if account = Account.authenticate(params[:session][:login], params[:session][:password])
+      session[:account_id] = account.id
+      redirect_to return_url
+    else
+      redirect_to :action => :new
+    end
+  end
+
+  private
+
+  def return_url
+    session[:return_url] || root_url
+  end
+end

data/examples/rails3-example/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/examples/rails3-example/app/models/account.rb

@@ -0,0 +1,6 @@
+class Account < ActiveRecord::Base
+  def self.authenticate(login, password)
+    # N.B. Don't use this for authentication in a real app
+    find_by_login_and_password(login, password)
+  end
+end

data/examples/rails3-example/app/views/authorization/new.html.erb

@@ -0,0 +1,5 @@
+<%= form_for :authorization, :url => oauth_authorize_path(params.slice(:redirect_uri, :client_id, :client_secret)) do |form| %>
+Authorize
+<%= form.submit "Yes", :value => 'Yes'  %>
+<%= form.submit "No", :value => 'No'  %>
+<% end %>