oauth2_provider 0.2.0 → 0.3.0

data/config/routes.rb

@@ -3,17 +3,23 @@
 
 ActionController::Routing::Routes.draw do |map|
 
-  admin_prefix=ENV['ADMIN_OAUTH_URL_PREFIX']
+  admin_prefix= ENV['ADMIN_OAUTH_URL_PREFIX']
+  user_prefix= ENV['USER_OAUTH_URL_PREFIX']
 
-  map.resources :oauth_clients, :controller => 'Oauth2::Provider::OauthClients', :as => "#{admin_prefix}oauth/clients"
+  admin_prefix = "" if admin_prefix.blank?
+  user_prefix = "" if user_prefix.blank?
 
-  user_prefix=ENV['USER_OAUTH_URL_PREFIX']
+  admin_prefix = admin_prefix.gsub(%r{^/}, '').gsub(%r{/$}, '')
+  user_prefix = user_prefix.gsub(%r{^/}, '').gsub(%r{/$}, '')
 
-  map.connect "#{user_prefix}/oauth/authorize", :controller => 'Oauth2::Provider::OauthAuthorize', :action => :authorize, :conditions => {:method => :post}
-  map.connect "#{user_prefix}/oauth/authorize", :controller => 'Oauth2::Provider::OauthAuthorize', :action => :index, :conditions => {:method => :get}
-  map.connect "#{user_prefix}/oauth/token", :controller => 'Oauth2::Provider::OauthToken', :action => :get_token, :conditions => {:method => :post}
-
-  map.connect "#{user_prefix}/oauth/user_tokens/revoke/:token_id", :controller => 'Oauth2::Provider::OauthUserTokens', :action => :revoke, :conditions => {:method => :delete}
-  map.connect "#{user_prefix}/oauth/user_tokens", :controller => 'Oauth2::Provider::OauthUserTokens', :action => :index, :conditions => {:method => :get}
+  map.resources :oauth_clients, :controller => 'oauth_clients', :as => admin_prefix + (admin_prefix.blank? ? "" : "/") + "oauth/clients"
+  
+  map.connect "#{admin_prefix}/oauth/user_tokens/revoke_by_admin", :controller => 'oauth_user_tokens', :action => :revoke_by_admin, :conditions => {:method => :delete}
+  
+  map.connect "#{user_prefix}/oauth/authorize", :controller => 'oauth_authorize', :action => :authorize, :conditions => {:method => :post}
+  map.connect "#{user_prefix}/oauth/authorize", :controller => 'oauth_authorize', :action => :index, :conditions => {:method => :get}
+  map.connect "#{user_prefix}/oauth/token", :controller => 'oauth_token', :action => :get_token, :conditions => {:method => :post}
+  map.connect "#{user_prefix}/oauth/user_tokens/revoke/:token_id", :controller => 'oauth_user_tokens', :action => :revoke, :conditions => {:method => :delete}
+  map.connect "#{user_prefix}/oauth/user_tokens", :controller => 'oauth_user_tokens', :action => :index, :conditions => {:method => :get}
 
 end

data/generators/oauth2_provider/USAGE

@@ -0,0 +1,12 @@
+Description:
+    Generates configuration and migrations necessary to configure
+    and run this plugin!
+
+Example:
+    ./script/generate oauth2_provider
+
+    This will create:
+        config/initializers/oauth2_provider.rb
+        db/migrate/TIMESTAMP_create_oauth_authorizations.rb
+        db/migrate/TIMESTAMP_create_oauth_clients.rb
+        db/migrate/TIMESTAMP_create_oauth_tokens.rb

data/generators/oauth2_provider/templates/config/initializers/oauth2_provider.rb

@@ -25,5 +25,8 @@ module Oauth2
     # use host app's custom authorization filter to protect OauthClientsController
     OauthClientsController.before_filter(:ensure_admin_user)
     
+    # use host app's custom authorization filter to protect admin actions on OauthUserTokensController
+    OauthUserTokensController.before_filter(:ensure_admin_user, :only => [:revoke_by_admin])
+
   end
 end

data/lib/ext/validatable_ext.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2010 ThoughtWorks Inc. (http://thoughtworks.com)
+# Licenced under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+
+require 'validatable'
+
+module Validatable
+  class Errors
+    unless method_defined?(:add_without_humanize_options)
+      alias :add_without_humanize_options :add
+      def add(attribute, message, humanized_name=nil) #:nodoc:
+        humanized_names[attribute.to_sym] = humanized_name
+        add_without_humanize_options(attribute, message)
+      end
+    
+      alias :humanize_without_humanize_options :humanize
+    
+      def humanize(lower_case_and_underscored_word) #:nodoc:
+        humanized_names[lower_case_and_underscored_word.to_sym] || humanize_without_humanize_options(lower_case_and_underscored_word)
+      end
+
+      private
+      def humanized_names
+        @humanized_names ||= {}
+      end
+    end
+  end
+end

data/lib/oauth2/provider/a_r_datasource.rb

@@ -22,6 +22,10 @@ if defined?(ActiveRecord)
         def reset
 
         end
+        
+        def transaction(&block)
+          ActiveRecord::Base.transaction(&block)
+        end
 
         def find_oauth_client_by_id(id)
           OauthClientDto.find_by_id(id)
@@ -30,6 +34,14 @@ if defined?(ActiveRecord)
         def find_oauth_client_by_client_id(client_id)
           OauthClientDto.find_by_client_id(client_id)
         end
+        
+        def find_oauth_client_by_name(name)
+          OauthClientDto.find_by_name(name)
+        end
+        
+        def find_oauth_client_by_redirect_uri(redirect_uri)
+          OauthClientDto.find_by_redirect_uri(redirect_uri)
+        end
 
         def find_all_oauth_client
           OauthClientDto.all
@@ -94,7 +106,7 @@ if defined?(ActiveRecord)
         private
 
         def save(dto_klass, attrs)
-          dto = dto_klass.find_by_id(attrs[:id])
+          dto = dto_klass.find_by_id(attrs[:id]) unless attrs[:id].blank?
           if dto
             dto.update_attributes(attrs)
           else

data/lib/oauth2/provider/application_controller_methods.rb

@@ -3,44 +3,56 @@
 
 module Oauth2
   module Provider
+
+    class HttpsRequired < StandardError
+    end
+
     module ApplicationControllerMethods
 
       def self.included(controller_class)
-        controller_class.cattr_accessor :oauth_options, :oauth_options_proc
-    
-        def controller_class.oauth_allowed(options = {}, &block)
-          raise 'options cannot contain both :only and :except' if options[:only] && options[:except]
+        controller_class.extend(ClassMethods)
+      end
       
+      module ClassMethods
+        def oauth_allowed(options = {}, &block)
+          raise 'options cannot contain both :only and :except' if options[:only] && options[:except]
+
           [:only, :except].each do |k|
             if values = options[k]
               options[k] = Array(values).map(&:to_s).to_set
             end
-          end
-          self.oauth_options = options
-          self.oauth_options_proc = block
+          end          
+          write_inheritable_attribute(:oauth_options, options)
+          write_inheritable_attribute(:oauth_options_proc, block)
         end
-    
       end
       
       protected
-      
+
       def user_id_for_oauth_access_token
         return nil unless oauth_allowed?
-        header_field = request.headers["Authorization"]
-        
-        if header_field =~ /Token token="(.*)"/          
-          token = OauthToken.find_one(:access_token, $1)
+
+        if looks_like_oauth_request?
+          raise HttpsRequired.new("HTTPS is required for OAuth Authorizations") unless (request.ssl? || !::Oauth2::Provider::Configuration.require_ssl_for_oauth)
+          token = OauthToken.find_one(:access_token, oauth_token_from_request_header)
           token.user_id if (token && !token.expired?)
         end
       end
-  
+
+      def oauth_token_from_request_header
+        if request.headers["Authorization"] =~ /Token token="(.*)"/
+          return $1
+        end
+      end
+
       def looks_like_oauth_request?
-        header_field = request.headers["Authorization"]
-        header_field =~ /Token token="(.*)"/
+        !!oauth_token_from_request_header
       end
-    
+
       def oauth_allowed?
-        if (oauth_options_proc && !oauth_options_proc.call(self))
+        oauth_options_proc = self.class.read_inheritable_attribute(:oauth_options_proc)
+        oauth_options = self.class.read_inheritable_attribute(:oauth_options)
+        if oauth_options_proc && !oauth_options_proc.call(self)
           false
         else
           return false if oauth_options.nil?
@@ -49,7 +61,7 @@ module Oauth2
             (oauth_options[:except] && !oauth_options[:except].include?(action_name))
         end
       end
-  
+
     end
   end
-end
+end

data/lib/oauth2/provider/configuration.rb

@@ -0,0 +1,39 @@
+# Copyright (c) 2010 ThoughtWorks Inc. (http://thoughtworks.com)
+# Licenced under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+
+module Oauth2
+  module Provider
+    module Configuration
+      def self.def_properties(*names)
+        names.each do |name|
+          class_eval(<<-EOS, __FILE__, __LINE__)
+            @@__#{name} = nil
+            def #{name}
+              @@__#{name}.respond_to?(:call) ? @@__#{name}.call : @@__#{name}
+            end
+            
+            def #{name}=(value_or_proc)
+              @@__#{name} = value_or_proc
+            end
+            module_function :#{name}, :#{name}=
+          EOS
+
+          self.send(:module_function, name, "#{name}=")
+        end
+      end
+
+      def_properties :ssl_base_url, :require_ssl_for_oauth
+
+      def self.ssl_base_url_as_url_options
+        result = {:only_path => false}
+        return result if ssl_base_url.blank?
+        uri = URIParser.parse(ssl_base_url)
+        raise "SSL base URL must be https" unless uri.scheme == 'https'
+        result.merge!(:protocol => uri.scheme, :host => uri.host, :port => uri.port)
+        result.delete(:port) if (uri.port == uri.default_port || uri.port == -1)
+        result
+      end
+    end
+
+  end
+end

data/lib/oauth2/provider/in_memory_datasource.rb

@@ -36,6 +36,14 @@ module Oauth2
       def find_oauth_client_by_client_id(client_id)
         @@oauth_clients.find{|i| i.client_id.to_s == client_id.to_s}
       end
+      
+      def find_oauth_client_by_name(name)
+        @@oauth_clients.find{|i| i.name == name}
+      end
+
+      def find_oauth_client_by_redirect_uri(redirect_uri)
+        @@oauth_clients.find{|i| i.redirect_uri == redirect_uri}
+      end
 
       def find_all_oauth_client
         @@oauth_clients

data/lib/oauth2/provider/model_base.rb

@@ -1,5 +1,6 @@
 # Copyright (c) 2010 ThoughtWorks Inc. (http://thoughtworks.com)
 # Licenced under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+require 'validatable'
 
 module Oauth2
   module Provider
@@ -12,24 +13,27 @@ module Oauth2
     class ModelBase
       include Validatable
       CONVERTORS =  {
-        :integer => Proc.new { |v| v.to_i },
-        :string  => Proc.new { |v| v.to_s }
+            :integer => Proc.new { |v| v ? v.to_i : nil },
+            :string  => Proc.new { |v| v.to_s }
       }.with_indifferent_access
 
       class_inheritable_hash :db_columns
       self.db_columns = {}
 
       def self.columns(*names)
-        names.each do |name|
-          column_name, convertor = (Hash === name) ?
-            [name.keys.first, CONVERTORS[name.values.first]] :
-            [name, CONVERTORS[:string]]
+        options = names.extract_options!
+        names.each do |column_name|
           attr_accessor column_name
-          self.db_columns[column_name.to_s] = convertor
+          self.db_columns[column_name.to_s] = CONVERTORS[:string]
+        end
+
+        options.each do |column_name, converter|
+          attr_accessor column_name
+          self.db_columns[column_name.to_s] = CONVERTORS[converter]
         end
       end
 
-      columns :id
+      columns :id => :integer
 
       def initialize(attributes={})
         assign_attributes(attributes)
@@ -49,7 +53,23 @@ module Oauth2
                           ds
                         end
       end
-
+      
+      def self.validates_uniqueness_of(*columns)
+        options = columns.extract_options!
+        columns.each do |column_name|
+          self.validates_each column_name, :logic => lambda {
+            if scope = options[:scope]
+              dtos = self.class.find_all_with(column_name, self.send(column_name))
+              dtos = dtos.select{ |o| o.send(scope) == self.send(scope) }
+              errors.add(column_name, 'is a duplicate.', options[:humanized_name]) if dtos.size == 1 && dtos.first.id != self.id
+            else
+              dto = datasource.send("find_#{self.class.compact_name}_by_#{column_name}", read_attribute(column_name))
+              errors.add(column_name, 'is a duplicate.', options[:humanized_name]) if dto && dto.id != self.id
+            end
+          }
+        end
+      end
+      
       def self.datasource
         @@datasource ||= default_datasource
       end
@@ -70,6 +90,22 @@ module Oauth2
           InMemoryDatasource.new
         end
       end
+      
+      def self.transaction(&block)
+        if datasource.respond_to?(:transaction)
+          result = nil
+          datasource.transaction do
+            result = yield
+          end
+          result
+        else
+          yield
+        end
+      end
+      
+      def transaction(&block)
+        self.class.transaction(&block)
+      end
 
       def self.find(id)
         find_by_id(id) || raise(NotFoundException.new("Record not found!"))
@@ -132,6 +168,7 @@ module Oauth2
 
       def save
         before_create if new_record?
+        before_save
         attrs = db_columns.keys.inject({}) do |result, column_name|
           result[column_name] = read_attribute(column_name)
           result
@@ -151,13 +188,17 @@ module Oauth2
 
       def destroy
         before_destroy
-        datasource.send("delete_#{self.class.compact_name}", convert(:id, id) )
+        datasource.send("delete_#{self.class.compact_name}", convert(:id, id))
       end
 
       def before_create
         # for subclasses to override to support hooks.
       end
 
+      def before_save
+        # for subclasses to override to support hooks.
+      end
+
       def before_destroy
         # for subclasses to override to support hooks.
       end
@@ -181,6 +222,14 @@ module Oauth2
         attrs.each { |k, v| write_attribute(k, v) }
       end
 
+      def to_xml(options = {})
+        acc = self.db_columns.keys.sort.inject(ActiveSupport::OrderedHash.new) do |acc, key|
+          acc[key] = self.send(key)
+          acc
+        end
+        acc.to_xml({:root => self.class.name.demodulize.underscore.downcase}.merge(options))
+      end
+
       private
 
       def self.convert(column_name, value)

data/lib/oauth2/provider/ssl_helper.rb

@@ -0,0 +1,42 @@
+# Copyright (c) 2010 ThoughtWorks Inc. (http://thoughtworks.com)
+# Licenced under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+
+module Oauth2
+  module Provider
+    module SslHelper
+
+      def self.included(controller_class)
+        controller_class.before_filter :mandatory_ssl
+      end
+
+      protected
+      def mandatory_ssl
+        return true if !Oauth2::Provider::Configuration.require_ssl_for_oauth
+        return true if request.ssl?
+
+        if ssl_enabled?
+          redirect_to params.merge(ssl_base_url_as_url_options)
+        else
+          error = 'This page can only be accessed using HTTPS.'
+          flash.now[:error] = error
+          render(:text => '', :layout => true, :status => :forbidden)
+        end
+        false
+      end
+
+      private
+
+      def ssl_base_url_as_url_options
+        Oauth2::Provider::Configuration.ssl_base_url_as_url_options
+      end
+
+      def ssl_base_url
+        Oauth2::Provider::Configuration.ssl_base_url
+      end
+
+      def ssl_enabled?
+        !ssl_base_url.blank? && ssl_base_url_as_url_options[:protocol] == 'https'
+      end
+    end
+  end
+end

data/lib/oauth2/provider/transaction_helper.rb

@@ -0,0 +1,24 @@
+# Copyright (c) 2010 ThoughtWorks Inc. (http://thoughtworks.com)
+# Licenced under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+
+module Oauth2
+  module Provider
+    module TransactionHelper
+      def self.included(receiver)
+        receiver.extend         ClassMethods
+      end
+      
+      class TransactionFilter
+        def filter(controller, &block)
+          ModelBase.transaction(&block)
+        end
+      end
+  
+      module ClassMethods
+        def transaction_actions(*actions)
+          self.around_filter TransactionFilter.new, :only => actions
+        end
+      end
+    end
+  end
+end