oauth20 0.1.1

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,14 @@
+source "http://rubygems.org"
+
+group :development do
+  gem "rspec", "~> 2.3.0"
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.6.4"
+  gem "rcov", ">= 0"
+  gem 'shoulda'
+  gem 'mocha'
+end
+
+gem 'timecop'
+gem 'json'
+gem 'redis'

data/Gemfile.lock

@@ -0,0 +1,40 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.2)
+    git (1.2.5)
+    jeweler (1.6.4)
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      rake
+    json (1.6.1)
+    metaclass (0.0.1)
+    mocha (0.10.0)
+      metaclass (~> 0.0.1)
+    rake (0.8.7)
+    rcov (0.9.9)
+    redis (2.2.2)
+    rspec (2.3.0)
+      rspec-core (~> 2.3.0)
+      rspec-expectations (~> 2.3.0)
+      rspec-mocks (~> 2.3.0)
+    rspec-core (2.3.1)
+    rspec-expectations (2.3.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.3.0)
+    shoulda (2.11.3)
+    timecop (0.3.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  jeweler (~> 1.6.4)
+  json
+  mocha
+  rcov
+  redis
+  rspec (~> 2.3.0)
+  shoulda
+  timecop

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Petr Janda
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,19 @@
+= oauth20
+
+Description goes here.
+
+== Contributing to oauth20
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+== Copyright
+
+Copyright (c) 2011 Petr Janda. See LICENSE.txt for
+further details.
+

data/Rakefile

@@ -0,0 +1,52 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "oauth20"
+  gem.homepage = "http://github.com/petrjanda/oauth20"
+  gem.license = "MIT"
+  gem.summary = "OAuth 2.0"
+  gem.description = "OAuth 2.0"
+  gem.email = "petrjanda@me.com"
+  gem.authors = ["Petr Janda"]
+  gem.add_dependency 'timecop'
+  gem.add_dependency 'json'
+  gem.add_dependency 'redis'
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "oauth20 #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.1

data/lib/oauth20/access_token.rb

@@ -0,0 +1,71 @@
+module OAuth2
+  
+  # Access token represents aceess created on behalf of specific user
+  # which first successfully authenticated with authroization server.
+  # It can be used to access resource server protected resources
+  # until it expires.
+  #
+  class AccessToken
+    attr_reader :client_key, :user_id, :expires_in, :expires_at, :created_at, 
+                :scope, :key, :token_type
+    
+    # Default timeout in seconds for access token expiration.
+    EXPIRES_IN = 3600
+    
+    # Beared token type.
+    TYPE_BEARED = 'Beared'
+    
+    # Initialize new access token instance with given attributes.
+    #
+    # @param [OAuth2::Client] Client for which the token is created.
+    # @param [OAuth2::User] User on which behalf token is created.
+    # @param [Hash] Hash of additional options.
+    #
+    def initialize(data)
+      @client_key = data[:client_key]
+      @user_id    = data[:user_id]
+      @expires_in = data[:expires_in] || EXPIRES_IN
+      @created_at = data[:created_at] || Time.now
+      @expires_at = data[:expires_at] || Time.now + EXPIRES_IN
+      @scope      = data[:scope]
+      @key        = data[:key] || OAuth2::Utils.generate_key
+      @token_type = data[:token_type] || TYPE_BEARED
+    end
+    
+    # Check if the access token is valid to be used to access protected
+    # resource on the server.
+    #
+    def expired?
+      Time.now >= @expires_at
+    end
+    
+    # Revoke the access token. Its no longer valid to be used to access protected
+    # resources.
+    #
+    def revoke!
+      @expires_at = Time.now
+      save
+    end
+    
+    # Return the token description data according to oauth protocol specification.
+    # Rest of token attributes is avoided.
+    #
+    def to_json
+      data = {
+        'access_token' => @key,
+        'expires_in' => @expires_in,
+        'token_type' => @token_type
+      }
+      
+      data.to_json
+    end
+    
+    def self.find_by_key(key)
+      Storage.instance.access_token_find_by_key(key)
+    end
+    
+    def save
+      Storage.instance.access_token_save(self)
+    end
+  end
+end

data/lib/oauth20/auth_code.rb

@@ -0,0 +1,50 @@
+module OAuth2
+  
+  # Authorization code class represents short-lived authorization for user
+  # which should be exchanged for access token until it expires.
+  #
+  class AuthCode
+    attr_reader :client_key, :user_id, :key, :created_at, :expires_at, :access_token
+    
+    # Expires in 10 minutes.
+    EXPIRES_IN = 10 * 60
+    
+    # Initialize new authorization code.
+    #
+    # @param [OAuth2::User] User which signed authorization request.
+    # @param [OAuth2::Client] Client used to get the auth code.
+    #
+    def initialize(data)
+      @key          = data[:key]
+      @created_at   = data[:created_at] || Time.now
+      @expires_at   = data[:expires_at] || Time.now + EXPIRES_IN
+      @access_token = data[:access_token]
+      @user_id      = data[:user_id]
+      @client_key   = data[:client_key]
+    end
+    
+    # Check if the authorization code is still valid to generate new access
+    # token.
+    #
+    def expired?
+      Time.now > @expires_at
+    end    
+    
+    def used?
+      not @access_token.nil?
+    end
+    
+    def invalidate(access_token)
+      @access_token = access_token.key
+      save
+    end
+    
+    def self.find_by_key(key)
+      Storage.instance.auth_code_find_by_key(key)
+    end
+    
+    def save
+      Storage.instance.auth_code_save(self)
+    end
+  end
+end

data/lib/oauth20/auth_error.rb

@@ -0,0 +1,28 @@
+module OAuth2
+  
+  ERROR_UNSUPPORTED_GRANT_TYPE = 'unsupported_grant_type'
+  ERROR_INVALID_CLIENT = 'invalid_client'
+  ERROR_INVALID_GRANT = 'invalid_grant'
+  
+  ERROR_INVALID_REQUEST = 'invalid_request'
+  ERROR_UNAUTHORIZED_CLIENT = 'unauthorized_client'
+  ERROR_ACCESS_DENIED = 'access_denied'
+  ERROR_UNSUPPORTED_RESPONSE_TYPE = 'unsupported_response_type'
+  ERROR_INVALID_SCOPE = 'invalid_scope'
+  ERROR_SERVER_ERROR = 'server_error'
+  ERROR_TEMPORARILY_UNAVAILABLE = 'temporarily_unavailable'
+  
+  class AuthError < RuntimeError
+    attr_reader :description
+    
+    def initialize(message, description = nil)
+      super(message)
+      @description = description
+    end
+    
+    def to_error_info
+      desc = "&error_description=#{self.description}" unless description.nil?
+      "error=#{message}#{desc}"
+    end
+  end
+end

data/lib/oauth20/auth_request.rb

@@ -0,0 +1,62 @@
+module OAuth2
+  
+  # Class to represent incoming authorization request.
+  #
+  class AuthRequest
+    attr_reader :user, :client, :client_id, :response_type, :redirect_uri, :scope, :state
+    attr_writer :user
+    
+    # Initialize OAuth flow request with given attributes.
+    #
+    # @param [String] Unique client identifier.
+    # @param [String] Type of the response expected.
+    # @param [Hash] Additional hash of commands (recirect_uri, scope, state).
+    #
+    def initialize(client_key, response_type, options = {})
+      @client_id = client_key
+      @response_type = response_type
+      @redirect_uri = options[:redirect_uri] || nil
+      @scope = options[:scope] || nil
+      @state = options[:state] || nil
+      
+      validate!
+    end
+    
+    # Get the response object. Its gonna raise error unless user was stored
+    # to the request. That should happen after user had used valid credentials
+    # to login to authorization server.
+    #
+    # @throw [AuthError] Exception thrown in case of any error.    
+    # @return [AuthResponse] AuthResponse object with all necessary attributes.
+    #
+    def response
+      raise AuthError.new(OAuth2::ERROR_ACCESS_DENIED) unless @user
+      
+      AuthResponse.new(self)
+    end
+    
+    
+    # Validate if the request parameters match to the protocol specification.
+    # @throw [AuthError] Exception thrown in case of any error.
+    #
+    def validate!
+      unless @response_type && @client_id
+        raise AuthError.new(OAuth2::ERROR_INVALID_REQUEST)
+      end
+      
+      @client = Client.find_by_key(@client_id)
+      raise AuthError.new(OAuth2::ERROR_INVALID_CLIENT) unless @client
+      
+      #if @redirect_uri && @client.redirect_uri
+      #  raise AuthError.new(OAuth2::ERROR_INVALID_REQUEST) unless @redirect_uri == @client.redirect_uri
+      #end
+      
+      @redirect_uri = @client.redirect_uri unless @redirect_uri && @client.redirect_uri
+      
+      
+      unless @response_type == 'code'
+        raise AuthError.new(OAuth2::ERROR_UNSUPPORTED_RESPONSE_TYPE)
+      end
+    end
+  end
+end

data/lib/oauth20/auth_response.rb

@@ -0,0 +1,31 @@
+module OAuth2
+  # Authorization code response. It contains all the important data
+  # to build response with new authorization code.
+  #
+  class AuthResponse
+    
+    # Initialize new authorization response.
+    #
+    # @params [OAuth2::AuthRequest] Request for the auth code.
+    #
+    def initialize(request)
+      @scope = request.scope
+      @state = request.state
+      @redirect_uri = request.redirect_uri
+      
+      @code = OAuth2::AuthCode.new({
+        :user_id => request.user.id, 
+        :client_key => request.client.key,
+        :key => OAuth2::Utils.generate_key
+      })
+      
+      @code.save
+    end
+    
+    # Get the redirect URI based on response attributes.
+    #
+    def to_url
+      "#{@redirect_uri}?code=#{@code.key}&state=#{@state}&scope=#{@scope}"
+    end
+  end
+end

data/lib/oauth20/client.rb

@@ -0,0 +1,29 @@
+module OAuth2
+  class Client
+    attr_reader :name, :key, :secret, :redirect_uri, :client_type
+    
+    def initialize(name, options = {})
+      @name = name
+      @client_type = 'confidential'
+      @key = options[:key] || OAuth2::Utils.generate_key
+      @secret = options[:secret] || OAuth2::Utils.generate_key
+      @redirect_uri = options[:redirect_uri] || nil
+    end
+    
+    def create_access_token(user)
+      OAuth2::AccessToken.new({:client_key => key, :user_id => user.id})
+    end
+    
+    def self.find_by_key(key)
+      OAuth2::Storage.instance.client_find_by_key(key)
+    end
+    
+    def save
+      OAuth2::Storage.instance.client_save(self)
+    end
+    
+    def self.all
+      OAuth2::Storage.instance.client_all()
+    end
+  end
+end

data/lib/oauth20/storage.rb

@@ -0,0 +1,30 @@
+require 'forwardable'
+require 'singleton'
+
+module OAuth2
+  class Storage
+    include Singleton
+    extend Forwardable
+    
+    def_delegators :@strategy, 
+      :access_token_save,
+      :access_token_find_by_key,
+      :auth_code_save,
+      :auth_code_find_by_key,
+      :client_save,
+      :client_find_by_key,
+      :client_find_by_secret,
+      :client_all,
+      :user_find_by_email,
+      :user_all,
+      :user_save
+    
+    def initialize
+      @strategy = OAuth2::Storages::Strategy.new
+    end
+    
+    def strategy=(strategy)
+      @strategy = strategy
+    end
+  end
+end

data/lib/oauth20/storages/mysql_strategy.rb

@@ -0,0 +1,22 @@
+#module OAuth2
+#  module Storages
+#    class MySQLStrategy < Strategy
+#      DB = 'oauth20'
+#      USER = 'root'
+#      HOST = 'localhost'
+#
+#      def client_save(client)
+#        db = Mysql2::Client.new(:database => 'oauth2', :host => HOST, :username => USER)
+#        
+#        name = db.escape(client.name)
+#        key = db.escape(client.key)
+#        secret = db.escape(client.secret)
+#        redirect_uri = db.escape(client.redirect_uri) if client.redirect_uri
+#        client_type = db.escape(client.client_type) if client.client_type
+#        
+#        results = db.query("INSERT INTO clients(`name`, `key`, `secret`, `redirect_uri`, `client_type`) VALUES ('#{name}', '#{key}', '#{secret}', '#{redirect_uri}', '#{client_type}')")
+#        pp results
+#      end
+#    end
+#  end
+#end

data/lib/oauth20/storages/redis_strategy.rb

@@ -0,0 +1,137 @@
+require "redis"
+require 'json'
+require 'uri'
+
+module OAuth2
+  module Storages
+    class RedisStrategy < Strategy
+      @@redis = nil
+      
+      def initialize(uri)
+        @@uri = URI.parse(uri)
+      end
+      
+      def redis
+        @@redis ||= Redis.new(:host => @@uri.host, :port => @@uri.port, :password => @@uri.password)
+      end
+      
+      # 
+      # ACCESS TOKEN
+      # 
+      
+      def access_token_save(access_token)
+        data = {
+          :client_key => access_token.client_key,
+          :user_id => access_token.user_id,
+          :expires_in => access_token.expires_in,
+          :created_at => access_token.created_at.to_i,
+          :expires_at => access_token.expires_at.to_i,
+          :scope => access_token.scope,
+          :key => access_token.key,
+          :token_type => access_token.token_type
+        }
+        
+        redis.set "access_token:#{access_token.key}", data.to_json 
+      end
+      
+      def access_token_find_by_key(key)
+        data = JSON.parse(redis.get("access_token:#{key}"))
+        data['expires_at'] = Time.at(data['expires_at'])
+        data['created_at'] = Time.at(data['created_at'])
+        
+        AccessToken.new(symbolize(data))
+      end   
+      
+      # 
+      # AUTHORIZATION CODE
+      # 
+      
+      def auth_code_save(auth_code)
+        data = {
+          :client_key => auth_code.client_key,
+          :user_id => auth_code.user_id,
+          :created_at => auth_code.created_at.to_i,
+          :expires_at => auth_code.expires_at.to_i,
+          :access_token => auth_code.access_token,
+          :key => auth_code.key
+        }
+        
+        redis.set "auth_code:#{auth_code.key}", data.to_json
+      end
+      
+      def auth_code_find_by_key(key)
+        data = JSON.parse(redis.get("auth_code:#{key}"))
+        data['expires_at'] = Time.at(data['expires_at'])
+        data['created_at'] = Time.at(data['created_at'])
+        AuthCode.new(symbolize(data))
+      end         
+      
+      # 
+      # CLIENT
+      # 
+      
+      def client_save(client)
+        data = {
+          :key => client.key,
+          :secret => client.secret,
+          :redirect_uri => client.redirect_uri,
+          :name => client.name
+        }
+
+        redis.set "client:#{client.key}", data.to_json 
+        redis.set "client_secret:#{client.secret}:key", client.key
+      end
+      
+      def client_find_by_key(key)
+        begin
+          data = JSON.parse(redis.get("client:#{key}"))
+          Client.new(data.delete('name'), symbolize(data))
+        rescue 
+          nil
+        end
+      end
+      
+      def client_find_by_secret(secret)
+        key = redis.get("client_secret:#{secret}:key")
+        client_find_by_key(key)
+      end
+      
+      def client_all
+        redis.keys("client:*").map! do |key|
+          client_find_by_key(key.split(':').last)
+        end
+      end
+      
+      def user_save(user)
+        data = {
+          :email => user.email,
+          :password => user.password
+        }
+        
+        redis.set "user:#{user.email}", data.to_json
+      end
+      
+      def user_find_by_email(email)
+        begin
+          data = JSON.parse(redis.get("user:#{email}"))
+          User.new(symbolize(data))
+        rescue 
+          nil
+        end
+      end
+      
+      def user_all
+        redis.keys("user:*").map! do |email|
+          user_find_by_email(email.split(':').last)
+        end
+      end
+        
+      
+      private
+      
+      def symbolize(hash)
+        Hash[hash.map{|a| [a.first.to_sym, a.last]}]
+      end
+    end
+  end
+end

data/lib/oauth20/storages/strategy.rb

@@ -0,0 +1,55 @@
+module OAuth2
+  module Storages
+    class Strategy
+      
+      # Save new access token.
+      #
+      # @param [Auth2::AccessToken] Access token instance.
+      #
+      def access_token_save(access_token)
+        raise NotImplementedError
+      end
+      
+      # Find access token by given key.
+      #
+      # @param [String] Access token key to search.
+      #
+      def access_token_find_by_key(key)
+        raise NotImplementedError        
+      end
+      
+      # Save new authorization code.
+      #
+      # @param [Auth2::AuthCode] Authorization code instance.
+      #
+      def auth_code_save(auth_code)
+        raise NotImplementedError
+      end
+      
+      # Find authorization code by the given key.
+      #
+      # @param [String] Authorization code key.
+      #
+      def auth_code_find_by_key(key)
+        raise NotImplementedError
+      end
+      
+      # Save new client.
+      #
+      # @param [Auth2::Client] Client instance.
+      #
+      #
+      def client_save(client)
+        raise NotImplementedError
+      end
+      
+      def client_find_by_key(key)
+        raise NotImplementedError
+      end
+      
+      def client_find_by_secret(secret)
+        raise NotImplementedError
+      end
+    end
+  end
+end