oauth2-provider 0.0.16
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +8 -0
- data/Gemfile +3 -0
- data/README.md +49 -0
- data/Rakefile +24 -0
- data/examples/client/Gemfile +6 -0
- data/examples/client/Gemfile.lock +20 -0
- data/examples/client/README +8 -0
- data/examples/client/app.rb +59 -0
- data/examples/client/config.ru +3 -0
- data/examples/client/views/home.haml +3 -0
- data/examples/client/views/response.haml +11 -0
- data/examples/rails3-example/.gitignore +4 -0
- data/examples/rails3-example/Gemfile +10 -0
- data/examples/rails3-example/Gemfile.lock +82 -0
- data/examples/rails3-example/README +9 -0
- data/examples/rails3-example/Rakefile +7 -0
- data/examples/rails3-example/app/controllers/account_controller.rb +14 -0
- data/examples/rails3-example/app/controllers/application_controller.rb +18 -0
- data/examples/rails3-example/app/controllers/authorization_controller.rb +18 -0
- data/examples/rails3-example/app/controllers/home_controller.rb +4 -0
- data/examples/rails3-example/app/controllers/session_controller.rb +24 -0
- data/examples/rails3-example/app/helpers/application_helper.rb +2 -0
- data/examples/rails3-example/app/models/account.rb +6 -0
- data/examples/rails3-example/app/views/authorization/new.html.erb +5 -0
- data/examples/rails3-example/app/views/home/show.html.erb +1 -0
- data/examples/rails3-example/app/views/layouts/application.html.erb +16 -0
- data/examples/rails3-example/app/views/session/new.html.erb +7 -0
- data/examples/rails3-example/config.ru +4 -0
- data/examples/rails3-example/config/application.rb +42 -0
- data/examples/rails3-example/config/boot.rb +6 -0
- data/examples/rails3-example/config/database.yml +22 -0
- data/examples/rails3-example/config/environment.rb +5 -0
- data/examples/rails3-example/config/environments/development.rb +26 -0
- data/examples/rails3-example/config/environments/production.rb +49 -0
- data/examples/rails3-example/config/environments/test.rb +35 -0
- data/examples/rails3-example/config/initializers/backtrace_silencers.rb +7 -0
- data/examples/rails3-example/config/initializers/inflections.rb +10 -0
- data/examples/rails3-example/config/initializers/mime_types.rb +5 -0
- data/examples/rails3-example/config/initializers/secret_token.rb +7 -0
- data/examples/rails3-example/config/initializers/session_store.rb +8 -0
- data/examples/rails3-example/config/locales/en.yml +5 -0
- data/examples/rails3-example/config/routes.rb +9 -0
- data/examples/rails3-example/db/migrate/20110508151935_add_account_table.rb +12 -0
- data/examples/rails3-example/db/migrate/20110508151948_add_oauth2_tables.rb +43 -0
- data/examples/rails3-example/db/schema.rb +52 -0
- data/examples/rails3-example/db/seeds.rb +11 -0
- data/examples/rails3-example/doc/README_FOR_APP +2 -0
- data/examples/rails3-example/lib/tasks/.gitkeep +0 -0
- data/examples/rails3-example/public/404.html +26 -0
- data/examples/rails3-example/public/422.html +26 -0
- data/examples/rails3-example/public/500.html +26 -0
- data/examples/rails3-example/public/favicon.ico +0 -0
- data/examples/rails3-example/public/images/rails.png +0 -0
- data/examples/rails3-example/public/robots.txt +5 -0
- data/examples/rails3-example/public/stylesheets/.gitkeep +0 -0
- data/examples/rails3-example/script/rails +6 -0
- data/lib/oauth2-provider.rb +3 -0
- data/lib/oauth2/provider.rb +39 -0
- data/lib/oauth2/provider/models.rb +40 -0
- data/lib/oauth2/provider/models/access_token.rb +54 -0
- data/lib/oauth2/provider/models/active_record.rb +30 -0
- data/lib/oauth2/provider/models/active_record/access_token.rb +13 -0
- data/lib/oauth2/provider/models/active_record/authorization.rb +16 -0
- data/lib/oauth2/provider/models/active_record/authorization_code.rb +13 -0
- data/lib/oauth2/provider/models/active_record/client.rb +15 -0
- data/lib/oauth2/provider/models/authorization.rb +40 -0
- data/lib/oauth2/provider/models/authorization_code.rb +27 -0
- data/lib/oauth2/provider/models/client.rb +28 -0
- data/lib/oauth2/provider/models/mongoid.rb +30 -0
- data/lib/oauth2/provider/models/mongoid/access_token.rb +40 -0
- data/lib/oauth2/provider/models/mongoid/authorization.rb +32 -0
- data/lib/oauth2/provider/models/mongoid/authorization_code.rb +43 -0
- data/lib/oauth2/provider/models/mongoid/client.rb +40 -0
- data/lib/oauth2/provider/rack.rb +11 -0
- data/lib/oauth2/provider/rack/access_token_handler.rb +103 -0
- data/lib/oauth2/provider/rack/authorization_code_request.rb +74 -0
- data/lib/oauth2/provider/rack/authorization_codes_support.rb +25 -0
- data/lib/oauth2/provider/rack/middleware.rb +28 -0
- data/lib/oauth2/provider/rack/resource_request.rb +91 -0
- data/lib/oauth2/provider/rack/responses.rb +34 -0
- data/lib/oauth2/provider/rails.rb +37 -0
- data/lib/oauth2/provider/rails/controller_authentication.rb +21 -0
- data/lib/oauth2/provider/random.rb +30 -0
- data/lib/oauth2/provider/version.rb +5 -0
- data/oauth2-provider.gemspec +35 -0
- data/spec/models/access_token_spec.rb +123 -0
- data/spec/models/authorization_code_spec.rb +115 -0
- data/spec/models/authorization_spec.rb +110 -0
- data/spec/models/client_spec.rb +75 -0
- data/spec/requests/access_tokens_controller_spec.rb +360 -0
- data/spec/requests/authentication_spec.rb +150 -0
- data/spec/requests/authorization_codes_support_spec.rb +157 -0
- data/spec/schema.rb +38 -0
- data/spec/set_backend_env_to_mongoid.rb +1 -0
- data/spec/spec_helper.rb +27 -0
- data/spec/support/activerecord_backend.rb +18 -0
- data/spec/support/factories.rb +56 -0
- data/spec/support/macros.rb +46 -0
- data/spec/support/mongoid_backend.rb +34 -0
- data/spec/support/rack.rb +32 -0
- metadata +373 -0
data/.gitignore
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
oauth2-provider
|
2
|
+
==
|
3
|
+
|
4
|
+
Simple OAuth2 provider code extracted from [hashblue.com](https://hashblue.com/)
|
5
|
+
|
6
|
+
Details
|
7
|
+
--
|
8
|
+
|
9
|
+
* Implements [draft 11](http://tools.ietf.org/html/draft-ietf-oauth-v2-11) of the oauth2 spec
|
10
|
+
* Handles the authorization_code and password grant types
|
11
|
+
* Supports ActiveRecord and Mongoid
|
12
|
+
|
13
|
+
Usage Instructions
|
14
|
+
--
|
15
|
+
|
16
|
+
In your Gemfile:
|
17
|
+
|
18
|
+
gem 'oauth2-provider', :git => 'git@github.com:freerange/oauth2-provider.git'
|
19
|
+
|
20
|
+
If you're using ActiveRecord, grab the schema out of `spec/schema.rb`, and run the migration.
|
21
|
+
|
22
|
+
To dish out authorization codes you will need to implement something like this:
|
23
|
+
|
24
|
+
class AuthorizationController < ApplicationController
|
25
|
+
include OAuth2::Provider::Rack::AuthorizationCodesSupport
|
26
|
+
|
27
|
+
before_filter :authenticate_user!
|
28
|
+
before_filter :block_invalid_authorization_code_requests
|
29
|
+
|
30
|
+
def new
|
31
|
+
@client = oauth2_authorization_request.client
|
32
|
+
end
|
33
|
+
|
34
|
+
def create
|
35
|
+
if params[:yes].present?
|
36
|
+
grant_authorization_code(current_user)
|
37
|
+
else
|
38
|
+
deny_authorization_code
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
end
|
43
|
+
|
44
|
+
And add a couple of routes:
|
45
|
+
|
46
|
+
match "/oauth/authorize", :via => :get, :to => "authorization#new"
|
47
|
+
match "/oauth/authorize", :via => :post, :to => "authorization#create"
|
48
|
+
|
49
|
+
oauth2-provider will handle requests to `/oauth/access_token` to handle conversion of authorization codes to access tokens.
|
data/Rakefile
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'bundler'
|
2
|
+
Bundler::GemHelper.install_tasks
|
3
|
+
|
4
|
+
require 'rspec/core/rake_task'
|
5
|
+
|
6
|
+
namespace :spec do
|
7
|
+
desc "Run specs using the active_record backend"
|
8
|
+
RSpec::Core::RakeTask.new(:activerecord) do |t|
|
9
|
+
t.rspec_opts = "-f n -c"
|
10
|
+
t.pattern = "spec/**/*_spec.rb"
|
11
|
+
end
|
12
|
+
|
13
|
+
desc "Run specs using the mongoid backend"
|
14
|
+
RSpec::Core::RakeTask.new(:mongoid) do |t|
|
15
|
+
t.rspec_opts = "-f n -c"
|
16
|
+
t.pattern = "spec/**/*_spec.rb"
|
17
|
+
t.ruby_opts = "-Ispec -rset_backend_env_to_mongoid"
|
18
|
+
end
|
19
|
+
|
20
|
+
desc "Run specs using both backends"
|
21
|
+
task :all => ['spec:activerecord', 'spec:mongoid']
|
22
|
+
end
|
23
|
+
|
24
|
+
task :default => 'spec:all'
|
@@ -0,0 +1,20 @@
|
|
1
|
+
GEM
|
2
|
+
remote: http://rubygems.org/
|
3
|
+
specs:
|
4
|
+
crack (0.1.8)
|
5
|
+
haml (3.0.18)
|
6
|
+
httparty (0.7.4)
|
7
|
+
crack (= 0.1.8)
|
8
|
+
rack (1.2.2)
|
9
|
+
sinatra (1.2.6)
|
10
|
+
rack (~> 1.1)
|
11
|
+
tilt (>= 1.2.2, < 2.0)
|
12
|
+
tilt (1.3)
|
13
|
+
|
14
|
+
PLATFORMS
|
15
|
+
ruby
|
16
|
+
|
17
|
+
DEPENDENCIES
|
18
|
+
haml
|
19
|
+
httparty
|
20
|
+
sinatra
|
@@ -0,0 +1,8 @@
|
|
1
|
+
This is a (very very) simple OAuth2 client, designed to work with the oauth2-provider examples. To get it running, cd to the client folder, then run:
|
2
|
+
|
3
|
+
1) bundle install
|
4
|
+
2) bundle exec rackup
|
5
|
+
|
6
|
+
This should start the client on port 9292
|
7
|
+
|
8
|
+
Assuming an example server is running (such as the one in examples/rails3-example), visit http://localhost:9292. To read content from the server you'll be asked to login (tomafro/secret) and then authorize the client. Finally some very simple content from the server will be shown.
|
@@ -0,0 +1,59 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'bundler/setup'
|
3
|
+
require 'sinatra'
|
4
|
+
require 'haml'
|
5
|
+
require 'httparty'
|
6
|
+
|
7
|
+
CLIENT_ID = 'abcdefgh12345678'
|
8
|
+
CLIENT_SECRET = 'secret'
|
9
|
+
RESOURCE_HOST = 'http://localhost:3000'
|
10
|
+
|
11
|
+
enable :sessions
|
12
|
+
|
13
|
+
helpers do
|
14
|
+
def redirect_uri
|
15
|
+
"http://" + request.host_with_port + "/callback"
|
16
|
+
end
|
17
|
+
|
18
|
+
def access_token
|
19
|
+
session[:access_token]
|
20
|
+
end
|
21
|
+
|
22
|
+
def get_with_access_token(path)
|
23
|
+
HTTParty.get(RESOURCE_HOST + path, :query => {:oauth_token => access_token})
|
24
|
+
end
|
25
|
+
|
26
|
+
def authorize_url
|
27
|
+
RESOURCE_HOST + "/oauth/authorize?client_id=#{CLIENT_ID}&client_secret=#{CLIENT_SECRET}&redirect_uri=#{redirect_uri}"
|
28
|
+
end
|
29
|
+
|
30
|
+
def access_token_url
|
31
|
+
RESOURCE_HOST + "/oauth/access_token"
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
get '/' do
|
36
|
+
haml :home
|
37
|
+
end
|
38
|
+
|
39
|
+
get '/callback' do
|
40
|
+
response = HTTParty.post(access_token_url, :body => {
|
41
|
+
:client_id => CLIENT_ID,
|
42
|
+
:client_secret => CLIENT_SECRET,
|
43
|
+
:redirect_uri => redirect_uri,
|
44
|
+
:code => params["code"],
|
45
|
+
:grant_type => 'authorization_code'}
|
46
|
+
)
|
47
|
+
|
48
|
+
session[:access_token] = response["access_token"]
|
49
|
+
redirect '/account'
|
50
|
+
end
|
51
|
+
|
52
|
+
get '/account' do
|
53
|
+
if access_token
|
54
|
+
@resource_response = get_with_access_token("/account.json")
|
55
|
+
haml :response
|
56
|
+
else
|
57
|
+
redirect authorize_url
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,82 @@
|
|
1
|
+
PATH
|
2
|
+
remote: ../..
|
3
|
+
specs:
|
4
|
+
oauth2-provider (0.0.15)
|
5
|
+
activesupport (~> 3.0.1)
|
6
|
+
addressable (~> 2.2)
|
7
|
+
|
8
|
+
GEM
|
9
|
+
remote: http://rubygems.org/
|
10
|
+
specs:
|
11
|
+
abstract (1.0.0)
|
12
|
+
actionmailer (3.0.7)
|
13
|
+
actionpack (= 3.0.7)
|
14
|
+
mail (~> 2.2.15)
|
15
|
+
actionpack (3.0.7)
|
16
|
+
activemodel (= 3.0.7)
|
17
|
+
activesupport (= 3.0.7)
|
18
|
+
builder (~> 2.1.2)
|
19
|
+
erubis (~> 2.6.6)
|
20
|
+
i18n (~> 0.5.0)
|
21
|
+
rack (~> 1.2.1)
|
22
|
+
rack-mount (~> 0.6.14)
|
23
|
+
rack-test (~> 0.5.7)
|
24
|
+
tzinfo (~> 0.3.23)
|
25
|
+
activemodel (3.0.7)
|
26
|
+
activesupport (= 3.0.7)
|
27
|
+
builder (~> 2.1.2)
|
28
|
+
i18n (~> 0.5.0)
|
29
|
+
activerecord (3.0.7)
|
30
|
+
activemodel (= 3.0.7)
|
31
|
+
activesupport (= 3.0.7)
|
32
|
+
arel (~> 2.0.2)
|
33
|
+
tzinfo (~> 0.3.23)
|
34
|
+
activeresource (3.0.7)
|
35
|
+
activemodel (= 3.0.7)
|
36
|
+
activesupport (= 3.0.7)
|
37
|
+
activesupport (3.0.7)
|
38
|
+
addressable (2.2.5)
|
39
|
+
arel (2.0.9)
|
40
|
+
builder (2.1.2)
|
41
|
+
erubis (2.6.6)
|
42
|
+
abstract (>= 1.0.0)
|
43
|
+
i18n (0.5.0)
|
44
|
+
mail (2.2.19)
|
45
|
+
activesupport (>= 2.3.6)
|
46
|
+
i18n (>= 0.4.0)
|
47
|
+
mime-types (~> 1.16)
|
48
|
+
treetop (~> 1.4.8)
|
49
|
+
mime-types (1.16)
|
50
|
+
polyglot (0.3.1)
|
51
|
+
rack (1.2.2)
|
52
|
+
rack-mount (0.6.14)
|
53
|
+
rack (>= 1.0.0)
|
54
|
+
rack-test (0.5.7)
|
55
|
+
rack (>= 1.0)
|
56
|
+
rails (3.0.7)
|
57
|
+
actionmailer (= 3.0.7)
|
58
|
+
actionpack (= 3.0.7)
|
59
|
+
activerecord (= 3.0.7)
|
60
|
+
activeresource (= 3.0.7)
|
61
|
+
activesupport (= 3.0.7)
|
62
|
+
bundler (~> 1.0)
|
63
|
+
railties (= 3.0.7)
|
64
|
+
railties (3.0.7)
|
65
|
+
actionpack (= 3.0.7)
|
66
|
+
activesupport (= 3.0.7)
|
67
|
+
rake (>= 0.8.7)
|
68
|
+
thor (~> 0.14.4)
|
69
|
+
rake (0.8.7)
|
70
|
+
sqlite3 (1.3.3)
|
71
|
+
thor (0.14.6)
|
72
|
+
treetop (1.4.9)
|
73
|
+
polyglot (>= 0.3.1)
|
74
|
+
tzinfo (0.3.27)
|
75
|
+
|
76
|
+
PLATFORMS
|
77
|
+
ruby
|
78
|
+
|
79
|
+
DEPENDENCIES
|
80
|
+
oauth2-provider!
|
81
|
+
rails (= 3.0.7)
|
82
|
+
sqlite3
|
@@ -0,0 +1,9 @@
|
|
1
|
+
This is a (very) basic app demonstrating the oauth2-provider library. To get it going, cd to the app folder, then:
|
2
|
+
|
3
|
+
1) Run `bundle install`
|
4
|
+
2) Run `bundle exec rake db:reset db:seed`
|
5
|
+
3) Run `bundle exec rails server`
|
6
|
+
|
7
|
+
This should start the app on port 3000
|
8
|
+
|
9
|
+
To try it out, you need an oauth client. Luckily there's a (very very) simple one in the examples/client folder. Keep this example running, follow the instructions to start the client, then have a play.
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
2
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
3
|
+
|
4
|
+
require File.expand_path('../config/application', __FILE__)
|
5
|
+
require 'rake'
|
6
|
+
|
7
|
+
Rails3Example::Application.load_tasks
|
@@ -0,0 +1,14 @@
|
|
1
|
+
class AccountController < ApplicationController
|
2
|
+
authenticate_with_oauth
|
3
|
+
before_filter :set_current_account_from_oauth
|
4
|
+
|
5
|
+
def show
|
6
|
+
render :json => {:login => current_account.login}
|
7
|
+
end
|
8
|
+
|
9
|
+
private
|
10
|
+
|
11
|
+
def set_current_account_from_oauth
|
12
|
+
@current_account = request.env['oauth2'].resource_owner
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
class ApplicationController < ActionController::Base
|
2
|
+
protect_from_forgery
|
3
|
+
|
4
|
+
def current_account
|
5
|
+
@current_account ||= session[:account_id] && Account.find_by_id(session[:account_id])
|
6
|
+
end
|
7
|
+
|
8
|
+
helper_method :current_account
|
9
|
+
|
10
|
+
private
|
11
|
+
|
12
|
+
def authenticate_account
|
13
|
+
unless current_account
|
14
|
+
session[:return_url] = request.request_uri
|
15
|
+
redirect_to new_session_url
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
class AuthorizationController < ApplicationController
|
2
|
+
include OAuth2::Provider::Rack::AuthorizationCodesSupport
|
3
|
+
|
4
|
+
before_filter :authenticate_account
|
5
|
+
before_filter :block_invalid_authorization_code_requests
|
6
|
+
|
7
|
+
def new
|
8
|
+
@client = oauth2_authorization_request.client
|
9
|
+
end
|
10
|
+
|
11
|
+
def create
|
12
|
+
if params[:commit] == "Yes"
|
13
|
+
grant_authorization_code(current_account)
|
14
|
+
else
|
15
|
+
deny_authorization_code
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
class SessionController < ApplicationController
|
2
|
+
class Session
|
3
|
+
attr_accessor :login, :password
|
4
|
+
end
|
5
|
+
|
6
|
+
def new
|
7
|
+
@session = Session.new
|
8
|
+
end
|
9
|
+
|
10
|
+
def create
|
11
|
+
if account = Account.authenticate(params[:session][:login], params[:session][:password])
|
12
|
+
session[:account_id] = account.id
|
13
|
+
redirect_to return_url
|
14
|
+
else
|
15
|
+
redirect_to :action => :new
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def return_url
|
22
|
+
session[:return_url] || root_url
|
23
|
+
end
|
24
|
+
end
|