oauth2_facebook_grantable 0.5.0

data/.gitignore

@@ -0,0 +1,5 @@
+.DS_Store
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/Gemfile

@@ -0,0 +1,8 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in oauth2_providable_facebook.gemspec
+gemspec
+
+gem 'rspec'
+gem 'devise_oauth2_providable', '~> 1.1.0'
+gem 'koala', '~> 1.4.1'

data/LICENSE.txt

@@ -0,0 +1,19 @@
+Copyright (C) 2012 Pierre-Luc Simard
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,81 @@
+# oauth2_facebook_grantable
+
+Adds a grant_type "facebook" to the existing installation of
+[devise_oauth2_providable](https://github.com/socialcast/devise_oauth2_providable)
+
+## Features
+
+* Allows to provide facebook_id and facebook_access_token to authenticate
+  against an OAuth2 API made with [devise_oauth2_providable](https://github.com/socialcast/devise_oauth2_providable)
+
+
+## Requirements
+
+* [Devise](https://github.com/plataformatec/devise) authentication library
+* [Rails](http://rubyonrails.org/) 3.1 or higher
+* [Devise OAuth2 Providable](https://github.com/socialcast/devise_oauth2_providable)
+
+## Installation
+
+#### Install gem
+```ruby
+# Gemfile
+gem 'oauth2_facebook_grantable'
+```
+
+#### Migrate database
+
+It essentially adds a facebook_identifier column to the User model. It's
+required so the plugin can find a user based on its facebook_id
+
+```
+$ rails g oauth2_facebook_grantable:install
+$ rake db:migrate
+```
+
+
+#### Configure User model to support Facebook authentication
+
+Add `:oauth2_facebook_grantable` to your `devise` declaration as seen bellow.
+
+```ruby
+class User
+  devise :oauth2_providable,
+    :oauth2_password_grantable,
+    :oauth2_refresh_token_grantable,
+    :oauth2_facebook_grantable
+end
+```
+
+
+## Using with Facebook grant_type on the client-side
+
+To authentitcate against to the API using Facebook credentials you need to post
+the API with the parameter `facebook_identifier` and `facebook_access_token` as
+shown bellow:
+
+```ruby
+post("/oauth/token",
+  :format => :json,
+  :facebook_identifier => facebook_id,
+  :facebook_access_token => facebook_access_token,
+  :grant_type => "facebook",
+  :client_secret => client_secret,
+  :client_id => client_identifier)
+```
+
+
+## Contributing
+
+* Fork the project
+* Fix the issue
+* Add unit tests
+* Submit pull request on github
+
+
+
+## License
+
+Copyright (C) 2012 Pierre-Luc Simard
+See LICENSE.txt for further details.
+

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/devise/oauth2_facebook_grantable/models/oauth2_facebook_grantable.rb

@@ -0,0 +1,23 @@
+module Devise
+  module Models
+    module Oauth2FacebookGrantable
+      extend ActiveSupport::Concern
+      def valid_facebook_access_token?(token)
+        begin
+          @graph = Koala::Facebook::API.new(token)
+          fb_user = @graph.get_object("me")
+          if(fb_user && fb_user["id"])
+            Devise::Oauth2ProvidableFacebook.logger.debug("Oauth2FacebookGrantable => User with facebook identifier \"#{fb_user["id"]}\" was authenticated successfully by Facebook")
+            return (fb_user["id"].to_s == self.facebook_identifier.to_s)
+          else
+            Devise::Oauth2ProvidableFacebook.logger.debug("Oauth2FacebookGrantable => Could not authenticate user against Facebook (#{fb_user})")
+            return false
+          end
+        rescue => e
+          Devise::Oauth2ProvidableFacebook.logger.error("Oauth2FacebookGrantable => Could not authenticate user: #{e}")
+          return false
+        end
+      end
+    end
+  end
+end

data/lib/devise/oauth2_facebook_grantable/strategies/facebook_grant_type.rb

@@ -0,0 +1,25 @@
+module Devise
+  module Strategies
+    class Oauth2FacebookGrantTypeStrategy < Oauth2GrantTypeStrategy
+      def grant_type
+        Devise::Oauth2ProvidableFacebook.logger.debug("Facebook Grant Loaded")
+        'facebook'
+      end
+
+      def authenticate_grant_type(client)
+        Devise::Oauth2ProvidableFacebook.logger.debug("Oauth2FacebookGrantTypeStrategy => Searching for user with facebook identifier:\"#{params[:facebook_identifier]}\"")
+        resource = mapping.to.find_for_authentication(:facebook_identifier => params[:facebook_identifier])
+        Devise::Oauth2ProvidableFacebook.logger.debug("Oauth2FacebookGrantTypeStrategy => Validating access token for user with facebook identifier:\"#{params[:facebook_identifier]}\"")
+        if validate(resource) { resource.valid_facebook_access_token?(params[:facebook_access_token]) }
+          Devise::Oauth2ProvidableFacebook.logger.debug("Oauth2FacebookGrantTypeStrategy => Token is valid")
+          success! resource
+        elsif !halted?
+          Devise::Oauth2ProvidableFacebook.logger.debug("Oauth2FacebookGrantTypeStrategy => Token is not valid")
+          oauth_error! :invalid_grant, 'could not authenticate to facebook'
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:oauth2_facebook_grantable, Devise::Strategies::Oauth2FacebookGrantTypeStrategy)

data/lib/devise/oauth2_facebook_grantable/version.rb

@@ -0,0 +1,5 @@
+module Devise
+  module OAuth2FacebookGrantable
+    VERSION = "0.5.0"
+  end
+end

data/lib/generators/oauth2_facebook_grantable/install_generator.rb

@@ -0,0 +1,32 @@
+require 'rails/generators'
+
+module Oauth2FacebookGrantable
+  class InstallGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+    source_root File.expand_path('../../templates', __FILE__)
+    desc "Add facebook_identifier column to the 'User' model"
+
+    # Commandline options can be defined here using Thor-like options:
+    class_option :table_name, :type => :string, :default => "users", :desc => "User model name"
+
+    def self.source_root
+      @source_root ||= File.join(File.dirname(__FILE__), 'templates')
+    end
+
+    # Generator Code. Remember this is just suped-up Thor so methods are executed in order
+    def copy_migrations
+      @table_name = options[:table_name]
+      migration_template "migration_add_column.rb", "db/migrate/add_facebook_identifier_to_#{@table_name}"
+    end
+
+    def self.next_migration_number(path)
+       unless @prev_migration_nr
+         @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+       else
+         @prev_migration_nr += 1
+       end
+       @prev_migration_nr.to_s
+     end
+
+  end
+end

data/lib/generators/oauth2_facebook_grantable/templates/migration_add_column.rb

@@ -0,0 +1,6 @@
+class AddFacebookIdentifierTo<%= @table_name.camelize %> < ActiveRecord::Migration
+  def change
+    add_column :<%= @table_name %>, :facebook_identifier, :string
+    add_index :<%= @table_name %> , :facebook_identifier, :unique => true
+  end
+end

data/lib/oauth2_facebook_grantable.rb

@@ -0,0 +1,43 @@
+require 'devise'
+require 'rack/oauth2'
+require 'koala'
+require 'devise_oauth2_providable'
+
+require 'devise/oauth2_facebook_grantable/strategies/facebook_grant_type'
+require 'devise/oauth2_facebook_grantable/models/oauth2_facebook_grantable'
+
+module Devise
+  module Oauth2ProvidableFacebook
+    def self.logger
+      @@logger
+    end
+    def self.logger=(logger)
+      @@logger = logger
+    end
+    def self.debugging?
+      @@debugging
+    end
+    def self.debugging=(boolean)
+      @@debugging = boolean
+    end
+
+    class Railties < ::Rails::Railtie
+      initializer 'Rails logger' do
+        Devise::Oauth2ProvidableFacebook.logger = Rails.logger
+      end
+    end
+
+    class Engine < Rails::Engine
+      engine_name 'oauth2_facebook_grantable'
+      isolate_namespace Devise::Oauth2ProvidableFacebook
+      initializer "oauth2_facebook_grantable.initialize_application", :before=> :load_config_initializers do |app|
+        app.config.filter_parameters << :facebook_access_token
+      end
+    end
+    
+  end
+end
+
+Devise.add_module(:oauth2_facebook_grantable,
+  :strategy => true,
+  :model => "devise/oauth2_facebook_grantable/models/oauth2_facebook_grantable")

data/oauth2_facebook_grantable.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require 'devise/oauth2_facebook_grantable/version'
+
+Gem::Specification.new do |s|
+  s.name        = "oauth2_facebook_grantable"
+  s.version     = Devise::OAuth2FacebookGrantable::VERSION
+  s.authors     = ["Pierre-Luc Simard"]
+  s.email       = ["p-l@6x9.ca"]
+  s.homepage    = "http://github.com/p-l/oauth2_facebook_grantable"
+  s.summary     = %q{Facebook grant type for OAuth2 authentication}
+  s.description = %q{Add facebook as a grant_type to the authentication done through devise_oauth2_providable}
+
+  s.rubyforge_project = "oauth2_facebook_grantable"
+
+  # specify any dependencies here; for example:
+  s.add_runtime_dependency "koala", "~> 1.4.1"
+  s.add_runtime_dependency "devise_oauth2_providable", "~> 1.1.0"
+  s.files         = `git ls-files`.split("\n")
+
+  s.test_files    = `git ls-files -- {tests,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,8 @@
+require 'rubygems'
+require 'bundler/setup'
+
+require 'oauth2_facebook_grantable'
+
+RSpec.configure do |config|
+  # some (optional) config here
+end

data/tests/.gitignore

@@ -0,0 +1,15 @@
+# See http://help.github.com/ignore-files/ for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile ~/.gitignore_global
+
+# Ignore bundler config
+/.bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+
+# Ignore all logfiles and tempfiles.
+/log/*.log
+/tmp

data/tests/Gemfile

@@ -0,0 +1,41 @@
+source 'https://rubygems.org'
+
+gem 'rails', '3.2.2'
+
+# Bundle edge Rails instead:
+# gem 'rails', :git => 'git://github.com/rails/rails.git'
+
+gem 'sqlite3'
+
+
+# Gems used only for assets and not required
+# in production environments by default.
+group :assets do
+  gem 'sass-rails',   '~> 3.2.3'
+  gem 'coffee-rails', '~> 3.2.1'
+
+  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
+  # gem 'therubyracer'
+
+  gem 'uglifier', '>= 1.0.3'
+end
+
+gem 'jquery-rails'
+
+gem 'oauth2_facebook_grantable', :path => '..'
+gem 'yettings'
+
+# To use ActiveModel has_secure_password
+# gem 'bcrypt-ruby', '~> 3.0.0'
+
+# To use Jbuilder templates for JSON
+# gem 'jbuilder'
+
+# Use unicorn as the app server
+# gem 'unicorn'
+
+# Deploy with Capistrano
+# gem 'capistrano'
+
+# To use debugger
+# gem 'ruby-debug19', :require => 'ruby-debug'

data/tests/README.rdoc

@@ -0,0 +1,261 @@
+== Welcome to Rails
+
+Rails is a web-application framework that includes everything needed to create
+database-backed web applications according to the Model-View-Control pattern.
+
+This pattern splits the view (also called the presentation) into "dumb"
+templates that are primarily responsible for inserting pre-built data in between
+HTML tags. The model contains the "smart" domain objects (such as Account,
+Product, Person, Post) that holds all the business logic and knows how to
+persist themselves to a database. The controller handles the incoming requests
+(such as Save New Account, Update Product, Show Post) by manipulating the model
+and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting Started
+
+1. At the command prompt, create a new Rails application:
+       <tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
+
+2. Change directory to <tt>myapp</tt> and start the web server:
+       <tt>cd myapp; rails server</tt> (run with --help for options)
+
+3. Go to http://localhost:3000/ and you'll see:
+       "Welcome aboard: You're riding Ruby on Rails!"
+
+4. Follow the guidelines to start developing your application. You can find
+the following resources handy:
+
+* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
+* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
+
+
+== Debugging Rails
+
+Sometimes your application goes wrong. Fortunately there are a lot of tools that
+will help you debug it and get it back on the rails.
+
+First area to check is the application log files. Have "tail -f" commands
+running on the server.log and development.log. Rails will automatically display
+debugging and runtime information to these files. Debugging info will also be
+shown in the browser on requests from 127.0.0.1.
+
+You can also log your own messages directly into the log file from your code
+using the Ruby logger class from inside your controllers. Example:
+
+  class WeblogController < ActionController::Base
+    def destroy
+      @weblog = Weblog.find(params[:id])
+      @weblog.destroy
+      logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
+    end
+  end
+
+The result will be a message in your log file along the lines of:
+
+  Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
+
+More information on how to use the logger is at http://www.ruby-doc.org/core/
+
+Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
+several books available online as well:
+
+* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
+* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
+
+These two books will bring you up to speed on the Ruby language and also on
+programming in general.
+
+
+== Debugger
+
+Debugger support is available through the debugger command when you start your
+Mongrel or WEBrick server with --debugger. This means that you can break out of
+execution at any point in the code, investigate and change the model, and then,
+resume execution! You need to install ruby-debug to run the server in debugging
+mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.all
+      debugger
+    end
+  end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the server window. Here you can do things like:
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8
+          @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
+       #<Post:0x14a6620
+          @attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
+  >> @posts.first.title = "hello from a debugger"
+  => "hello from a debugger"
+
+...and even better, you can examine how your runtime objects actually work:
+
+  >> f = @posts.first
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you can enter "cont".
+
+
+== Console
+
+The console is a Ruby shell, which allows you to interact with your
+application's domain model. Here you'll have all parts of the application
+configured, just like it is when the application is running. You can inspect
+domain models, change values, and save to the database. Starting the script
+without arguments will launch it in the development environment.
+
+To start the console, run <tt>rails console</tt> from the application
+directory.
+
+Options:
+
+* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
+  made to the database.
+* Passing an environment name as an argument will load the corresponding
+  environment. Example: <tt>rails console production</tt>.
+
+To reload your controllers and models after launching the console run
+<tt>reload!</tt>
+
+More information about irb can be found at:
+link:http://www.rubycentral.org/pickaxe/irb.html
+
+
+== dbconsole
+
+You can go to the command line of your database directly through <tt>rails
+dbconsole</tt>. You would be connected to the database with the credentials
+defined in database.yml. Starting the script without arguments will connect you
+to the development database. Passing an argument will connect you to a different
+database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
+PostgreSQL and SQLite 3.
+
+== Description of Contents
+
+The default directory structure of a generated Ruby on Rails application:
+
+  |-- app
+  |   |-- assets
+  |       |-- images
+  |       |-- javascripts
+  |       `-- stylesheets
+  |   |-- controllers
+  |   |-- helpers
+  |   |-- mailers
+  |   |-- models
+  |   `-- views
+  |       `-- layouts
+  |-- config
+  |   |-- environments
+  |   |-- initializers
+  |   `-- locales
+  |-- db
+  |-- doc
+  |-- lib
+  |   `-- tasks
+  |-- log
+  |-- public
+  |-- script
+  |-- test
+  |   |-- fixtures
+  |   |-- functional
+  |   |-- integration
+  |   |-- performance
+  |   `-- unit
+  |-- tmp
+  |   |-- cache
+  |   |-- pids
+  |   |-- sessions
+  |   `-- sockets
+  `-- vendor
+      |-- assets
+          `-- stylesheets
+      `-- plugins
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/assets
+  Contains subdirectories for images, stylesheets, and JavaScript files.
+
+app/controllers
+  Holds controllers that should be named like weblogs_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ApplicationController which itself descends from ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb. Models descend from
+  ActiveRecord::Base by default.
+
+app/views
+  Holds the template files for the view that should be named like
+  weblogs/index.html.erb for the WeblogsController#index action. All views use
+  eRuby syntax by default.
+
+app/views/layouts
+  Holds the template files for layouts to be used with views. This models the
+  common header/footer method of wrapping views. In your views, define a layout
+  using the <tt>layout :default</tt> and create a file named default.html.erb.
+  Inside default.html.erb, call <% yield %> to render the view using this
+  layout.
+
+app/helpers
+  Holds view helpers that should be named like weblogs_helper.rb. These are
+  generated for you automatically when using generators for controllers.
+  Helpers can be used to wrap functionality for your views into methods.
+
+config
+  Configuration files for the Rails environment, the routing map, the database,
+  and other dependencies.
+
+db
+  Contains the database schema in schema.rb. db/migrate contains all the
+  sequence of Migrations for your schema.
+
+doc
+  This directory is where your application documentation will be stored when
+  generated using <tt>rake doc:app</tt>
+
+lib
+  Application specific libraries. Basically, any kind of custom code that
+  doesn't belong under controllers, models, or helpers. This directory is in
+  the load path.
+
+public
+  The directory available for the web server. Also contains the dispatchers and the
+  default HTML files. This should be set as the DOCUMENT_ROOT of your web
+  server.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures. When using the rails generate
+  command, template test files will be generated for you and placed in this
+  directory.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins
+  subdirectory. If the app has frozen rails, those gems also go here, under
+  vendor/rails/. This directory is in the load path.