oauth2_provider 0.2.0 → 0.3.0

data/app/controllers/oauth_authorize_controller.rb

@@ -0,0 +1,69 @@
+# Copyright (c) 2010 ThoughtWorks Inc. (http://thoughtworks.com)
+# Licenced under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+
+class OauthAuthorizeController < ::ApplicationController
+
+  include Oauth2::Provider::SslHelper
+  include Oauth2::Provider::TransactionHelper
+
+  transaction_actions :authorize
+
+  def index
+    return unless validate_params
+  end
+
+  def authorize
+    return unless validate_params
+
+    unless params[:authorize] == 'Yes'
+      redirect_to "#{params[:redirect_uri]}?error=access-denied"
+      return
+    end
+
+    authorization = @client.create_authorization_for_user_id(current_user_id_for_oauth)
+    state_param = if params[:state].blank?
+      ""
+    else
+      "&state=#{CGI.escape(params[:state])}"
+    end
+
+    redirect_to "#{params[:redirect_uri]}?code=#{authorization.code}&expires_in=#{authorization.expires_in}#{state_param}"
+  end
+
+  private
+
+  # TODO: support 'code', 'token', 'code-and-token'
+  VALID_RESPONSE_TYPES = ['code']
+
+  def validate_params
+    if params[:client_id].blank? || params[:response_type].blank?
+      redirect_to "#{params[:redirect_uri]}?error=invalid-request"
+      return false
+    end
+
+    unless VALID_RESPONSE_TYPES.include?(params[:response_type])
+      redirect_to "#{params[:redirect_uri]}?error=unsupported-response-type"
+      return
+    end
+
+    if params[:redirect_uri].blank?
+      render :text => "You did not specify the 'redirect_uri' parameter!", :status => :bad_request
+      return false
+    end
+
+    @client = Oauth2::Provider::OauthClient.find_one(:client_id, params[:client_id])
+
+    if @client.nil?
+      redirect_to "#{params[:redirect_uri]}?error=invalid-client-id"
+      return false
+    end
+
+    if @client.redirect_uri != params[:redirect_uri]
+      redirect_to "#{params[:redirect_uri]}?error=redirect-uri-mismatch"
+      return false
+    end
+
+    true
+  end
+
+end

data/app/controllers/oauth_clients_controller.rb

@@ -0,0 +1,79 @@
+# Copyright (c) 2010 ThoughtWorks Inc. (http://thoughtworks.com)
+# Licenced under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+
+class OauthClientsController < ApplicationController
+
+  include Oauth2::Provider::SslHelper
+  include Oauth2::Provider::TransactionHelper
+
+  transaction_actions :create, :update, :destroy
+
+
+  def index
+    @oauth_clients = Oauth2::Provider::OauthClient.all.sort{|a, b| a.name.casecmp(b.name)}
+    respond_to do |format|
+      format.html
+      format.xml  { render :xml => @oauth_clients.to_xml(:root => 'oauth_clients', :dasherize => false) }
+    end
+  end
+
+  def show
+    @oauth_client = Oauth2::Provider::OauthClient.find(params[:id])
+    respond_to do |format|
+      format.html
+      format.xml  { render :xml => @oauth_client.to_xml(:dasherize => false) }
+    end
+  end
+
+  def new
+    @oauth_client = Oauth2::Provider::OauthClient.new
+  end
+
+  def edit
+    @oauth_client = Oauth2::Provider::OauthClient.find(params[:id])
+  end
+
+  def create
+    @oauth_client = Oauth2::Provider::OauthClient.new(params[:oauth_client])
+
+    respond_to do |format|
+      if @oauth_client.save
+        flash[:notice] = 'OAuth client was successfully created.'
+        format.html { redirect_to :action => 'index' }
+        format.xml  { render :xml => @oauth_client, :status => :created, :location => @oauth_client }
+      else
+        flash.now[:error] = @oauth_client.errors.full_messages
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @oauth_client.errors, :status => :unprocessable_entity }
+      end
+    end
+  end
+
+  def update
+    @oauth_client = Oauth2::Provider::OauthClient.find(params[:id])
+
+    respond_to do |format|
+      if @oauth_client.update_attributes(params[:oauth_client])
+        flash[:notice] = 'OAuth client was successfully updated.'
+        format.html { redirect_to :action => 'index' }
+        format.xml  { head :ok }
+      else
+        flash.now[:error] = @oauth_client.errors.full_messages
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @oauth_client.errors, :status => :unprocessable_entity }
+      end
+    end
+
+  end
+
+  def destroy
+    @oauth_client = Oauth2::Provider::OauthClient.find(params[:id])
+    @oauth_client.destroy
+
+    respond_to do |format|
+      flash[:notice] = 'OAuth client was successfully deleted.'
+      format.html { redirect_to(oauth_clients_url) }
+      format.xml  { head :ok }
+    end
+  end
+end

data/app/controllers/oauth_token_controller.rb

@@ -0,0 +1,59 @@
+# Copyright (c) 2010 ThoughtWorks Inc. (http://thoughtworks.com)
+# Licenced under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+
+class OauthTokenController < ApplicationController
+  skip_before_filter :verify_authenticity_token
+
+  include Oauth2::Provider::SslHelper
+  include Oauth2::Provider::TransactionHelper
+  
+  transaction_actions :get_token
+
+  def get_token
+
+    authorization = Oauth2::Provider::OauthAuthorization.find_one(:code, params[:code])
+    authorization.destroy unless authorization.nil?
+
+    original_token = Oauth2::Provider::OauthToken.find_one(:refresh_token, params[:refresh_token])
+    original_token.destroy unless original_token.nil?
+
+    unless ['authorization-code', 'refresh-token'].include?(params[:grant_type])
+      render_error('unsupported-grant-type', "Grant type #{params[:grant_type]} is not supported!")
+      return
+    end
+
+    client = Oauth2::Provider::OauthClient.find_one(:client_id, params[:client_id])
+
+    if client.nil? || client.client_secret != params[:client_secret]
+      render_error('invalid-client-credentials', 'Invalid client credentials!')
+      return
+    end
+
+    if client.redirect_uri != params[:redirect_uri]
+      render_error('invalid-grant', 'Redirect uri mismatch!')
+      return
+    end
+
+    if params[:grant_type] == 'authorization-code'
+      if authorization.nil? || authorization.expired? || authorization.oauth_client.id != client.id
+        render_error('invalid-grant', "Authorization expired or invalid!")
+        return
+      end
+      token = authorization.generate_access_token
+    else # refresh-token
+      if original_token.nil? || original_token.oauth_client.id != client.id
+        render_error('invalid-grant', 'Refresh token is invalid!')
+        return
+      end
+      token = original_token.refresh
+    end
+
+    render :content_type => 'application/json', :text => token.access_token_attributes.to_json
+  end
+
+  private
+  def render_error(error_code, description)
+     render :status => :bad_request, :json => {:error => error_code, :error_description => description}.to_json
+  end
+
+end

data/app/controllers/oauth_user_tokens_controller.rb

@@ -0,0 +1,61 @@
+# Copyright (c) 2010 ThoughtWorks Inc. (http://thoughtworks.com)
+# Licenced under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+
+class OauthUserTokensController < ApplicationController
+
+  include Oauth2::Provider::TransactionHelper
+
+  transaction_actions :revoke, :revoke_by_admin
+
+  def index
+    @tokens = Oauth2::Provider::OauthToken.find_all_with(:user_id, current_user_id_for_oauth)
+  end
+
+  def revoke
+    token = Oauth2::Provider::OauthToken.find_by_id(params[:token_id])
+    if token.nil?
+      render_not_authorized
+      return
+    end
+    if token.user_id.to_s != current_user_id_for_oauth
+      render_not_authorized
+      return
+    end
+
+    token.destroy
+    redirect_after_revoke
+  end
+  
+  def revoke_by_admin
+    
+    if params[:token_id].blank? && params[:user_id].blank?
+      render_not_authorized
+      return
+    end
+    
+    if !params[:token_id].blank?
+      token = Oauth2::Provider::OauthToken.find_by_id(params[:token_id])
+      if token.nil?
+        render_not_authorized
+        return
+      end
+      token.destroy
+    else
+      Oauth2::Provider::OauthToken.find_all_with(:user_id, params[:user_id]).map(&:destroy)
+    end
+
+    redirect_after_revoke
+  end
+  
+  private 
+  
+  def render_not_authorized
+    render :text => "You are not authorized to perform this action!", :status => :bad_request
+  end
+  
+  def redirect_after_revoke
+    flash[:notice] = "OAuth access token was successfully deleted."
+    redirect_to params[:redirect_url] || {:action => 'index'}
+  end
+    
+end

data/app/models/oauth2/provider/oauth_authorization.rb

@@ -13,6 +13,10 @@ module Oauth2
       end
 
       def generate_access_token
+        OauthToken.find_all_with(:user_id, user_id).each do |token|
+          token.destroy if token.oauth_client_id == oauth_client_id
+        end
+        
         token = oauth_client.create_token_for_user_id(user_id)
         self.destroy
         token

data/app/models/oauth2/provider/oauth_client.rb

@@ -6,7 +6,8 @@ module Oauth2
     class OauthClient < ModelBase
       
       validates_presence_of :name, :redirect_uri
-      validates_format_of :redirect_uri, :with => Regexp.new("^(https|http)://.+$")
+      validates_format_of :redirect_uri, :with => Regexp.new("^(https|http)://.+$"), :if => proc { |client| !client.redirect_uri.blank? }
+      validates_uniqueness_of :name
       
       columns :name, :client_id, :client_secret, :redirect_uri
 
@@ -15,8 +16,12 @@ module Oauth2
       end
       
       def create_authorization_for_user_id(user_id)
+        oauth_authorizations.each do |authorization|
+          authorization.destroy if authorization.user_id == user_id
+        end
         OauthAuthorization.create!(:user_id => user_id, :oauth_client_id => id)
       end
+      
       def self.model_name
         ActiveSupport::ModelName.new('OauthClient')
       end
@@ -38,7 +43,13 @@ module Oauth2
         oauth_tokens.each(&:destroy)
         oauth_authorizations.each(&:destroy)
       end
-    
+
+      def before_save
+        self.name.strip! if self.name
+        self.redirect_uri.strip! if self.redirect_uri
+      end
+
     end
   end
-end
+end
+

data/app/views/oauth_authorize/index.html.erb

@@ -0,0 +1,17 @@
+<div class="content_wrapper_outer">
+  <div class="content_wrapper_inner">
+    <% form_for(url_for(:action => :authorize), :html => {:id => 'oauth_authorize_form'}) do |f| -%>
+      <div class="label">Do you wish to allow the service named '<%= @client.name %>' to access this application on your behalf?</div>
+      <div>
+        <%= link_to_function 'Yes', 'document.getElementById("oauth_authorize_allow").value="Yes";document.getElementById("oauth_authorize_form").submit()', {:class => 'link_as_button primary_link_as_button primary', :href => 'javascript:void(0)', :id => 'authorize-yes'} %>
+        <%= link_to_function 'No', 'document.getElementById("oauth_authorize_allow").value="No";document.getElementById("oauth_authorize_form").submit()', {:class => 'link_as_button link_as_button', :href => 'javascript:void(0)', :id => "authorize-no"} %>
+      </div>
+
+      <input type="hidden" name="authorize" id="oauth_authorize_allow" value="No"/>
+      <input type="hidden" name="client_id" id="client_id" value="<%= params[:client_id] %>" />
+      <input type="hidden" name="redirect_uri" id="redirect_uri" value="<%= params[:redirect_uri] %>" />
+      <input type="hidden" name="response_type" id="response_type" value="<%= params[:response_type] %>" />
+      <input type="hidden" name="state" id="state" value="<%= params[:state] %>" />
+    <% end -%>
+  </div>
+</div>

data/app/views/oauth_clients/_form.html.erb

@@ -0,0 +1,27 @@
+<% form_for(@oauth_client, :html => {:id => 'oauth_client_edit_form', :class => nil}) do |f| %>
+
+  <div class="form_item">
+    <label for='name'>
+        Name:
+        <span class="notes">
+          (The name of the client which will be accessing data from this server.)
+        </span>
+    </label>
+    <%= f.text_field :name, :class => 'width-large' %>
+  </div>
+  
+  <div class="form_item">
+    <label for='redirect_uri'>
+        OAuth Redirect URI:
+        <span class="notes">
+          (The redirect URI provided by the client.)
+        </span>
+    </label>
+    <%= f.text_field :redirect_uri, :class => 'width-large' %>
+  </div>
+  
+  <div class="action-bar">
+    <%= link_to_function 'Submit', 'document.getElementById("oauth_client_edit_form").submit()', {:class => 'link_as_button primary', :href => 'javascript:void(0)'} %>
+    <%= link_to 'Cancel', {:controller => 'oauth_clients'}, {:class => 'link_as_button back_link'} %>
+  </div>
+<% end %>

data/app/views/oauth_clients/edit.html.erb

@@ -0,0 +1,7 @@
+<div id="oauth_page">
+  <%= render_help_link('OAuth 2.0 Application', :class => 'page-help-at-action-bar') if defined?(render_help_link)  %>
+
+  <h1>Edit OAuth client</h1>
+
+  <%= render :partial => "form", :locals => { :oauth_client => @oauth_client } %>
+</div>

data/app/views/oauth_clients/index.html.erb

@@ -0,0 +1,53 @@
+<div id="oauth_page">
+  <%= render_help_link('OAuth 2.0 Clients', :class => 'page-help-at-action-bar') if defined?(render_help_link)  %>
+
+  <h1>OAuth clients configuration</h1>
+
+  <% if request.ssl? || !::Oauth2::Provider::Configuration.require_ssl_for_oauth %>
+    <h2>OAuth 2.0 (v9) provider endpoints for this server</h2>
+
+    <% if Oauth2::Provider::Configuration.ssl_base_url_as_url_options[:protocol] == 'https' %>
+      <div class='summary info-box oauth_config_info'>
+        <p><span>Authorization URL:</span> <%= url_for Oauth2::Provider::Configuration.ssl_base_url_as_url_options.merge(:controller => :oauth_authorize, :action => :index) %></p>
+        <p><span>Token URL:</span> <%= url_for Oauth2::Provider::Configuration.ssl_base_url_as_url_options.merge(:controller => :oauth_token, :action => :get_token) %></p>
+      </div>
+    <% else %>
+      <div class="error-box">Please set mingle.secureSiteURL property in mingle.properties in order to see both the Authorization URL and Token URL in this box.</div>
+    <% end %>
+  <% end %>
+
+  <% if @oauth_clients.empty? %>
+    <div class="info-box">You have not configured any OAuth clients. Click the 'Add client' button to add one.</div>
+  <% else %>
+
+    <h2>OAuth clients configured for this server</h2>
+
+    <table id="oauth_clients_table" class="list_table">
+      <tr>
+        <th>Name</th>
+        <th>OAuth Redirect URI</th>
+        <th>OAuth Client Credentials</th>
+        <th>Action</th>
+      </tr>
+
+      <% @oauth_clients.each do |oauth_client| %>
+        <tr>
+          <td><%= link_to h(oauth_client.name), {:controller => 'oauth_clients', :action => :edit, :id => oauth_client.id}, {:class => 'edit_link'} %></td>
+          <td><%=h oauth_client.redirect_uri %></td>
+          <td>
+            <p><b>Client ID</b>: <%=h oauth_client.client_id %></p>
+            <p><b>Client Secret</b>: <%=h oauth_client.client_secret %></p>
+          </td>
+          <td>
+            <%= link_to '<span>Delete</span>', {:controller => 'oauth_clients', :action => :destroy, :id => oauth_client.id}, {:confirm => 'Are you sure?', :method => :delete, :class => 'delete_link', :title => 'Click to delete this client'} %>
+          </td>
+        </tr>
+      <% end %>
+    </table>
+
+  <% end %>
+
+  <div class="table_actions">
+    <%= link_to 'Add client', {:controller => 'oauth_clients', :action => :new}, {:class => 'link_as_button primary', :id => 'new_oauth_client_button'} %>
+  </div>
+</div>

data/app/views/oauth_clients/new.html.erb

@@ -0,0 +1,7 @@
+<div id="oauth_page">
+  <%= render_help_link('OAuth 2.0 Application', :class => 'page-help-at-action-bar') if defined?(render_help_link)  %>
+
+  <h1>New OAuth client</h1>
+
+  <%= render :partial => "form", :locals => { :oauth_client => @oauth_client } %>
+</div>

data/app/views/oauth_user_tokens/index.html.erb

@@ -0,0 +1,28 @@
+<div id="oauth_page">
+    <%= render_help_link('OAuth 2.0 User Token', :class => 'page-help-at-action-bar') if defined?(render_help_link)  %>
+
+<div class="page_header"><h1 class="entity_title">OAuth Tokens</h1></div>
+
+<div class="content_wrapper_outer">
+    <div class="content_wrapper_inner">
+<% if @tokens.empty? %>
+  <div class="info-box">There are no tokens.</div>
+<% else %>
+  <table id="oauth_user_token_table" class="list_table">
+    <tr>
+      <th>Client</th>
+      <th>Action</th>
+    </tr>
+    <% @tokens.each do |token| -%>
+      <tr>
+        <td><%= h(token.oauth_client.name) %></td>
+        <td><%= link_to '<span>Delete</span>',
+            {:action => :revoke, :token_id => token.id, :controller => 'oauth_user_tokens'},
+            {:confirm => 'Are you sure?', :method => :delete,  :class => 'delete_link', :title => 'Click to revoke this token'}%></td>
+      </tr>
+    <% end -%>
+  </table>
+<% end %>
+</div>
+</div>
+</div>