RubyGems - oauth2_provider - Versions diffs - 0.0.1 - Mend

oauth2_provider 0.0.1

Files changed (27) hide show

@@ -0,0 +1,21 @@
+The MIT License
+Copyright (c) 2010 ThoughtWorks, Inc. (http://thoughtworks.com)
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.textile ADDED

@@ -0,0 +1,271 @@
+h1. Introduction
+This plugin implements v09 of the OAuth2 draft spec "http://tools.ietf.org/html/draft-ietf-oauth-v2-09":http://tools.ietf.org/html/draft-ietf-oauth-v2-09.
+The latest version of the spec is available at "http://tools.ietf.org/html/draft-ietf-oauth-v2":http://tools.ietf.org/html/draft-ietf-oauth-v2
+Currently only the web-server profile "http://tools.ietf.org/html/draft-ietf-oauth-v2-09#section-1.4.1":http://tools.ietf.org/html/draft-ietf-oauth-v2-09#section-1.4.1 is supported.
+h1. What is OAuth?
+OAuth is an open-source specification for building a framework for allowing a third-party app (the "client") to access protected resources from another application (the "provider," or "resource owner") at the request of a "user" of the client app.  Oauth allows the user to enter his user credentials (ex. username and password) only to the provider app, which then grants the client app permission to view the protected resources on behalf of the user.
+A very good overview of the basic OAuth workflow is "here":http://hueniverse.com/2007/10/beginners-guide-to-oauth-part-ii-protocol-workflow/.
+Common terms:
+* Provider/Resource Owner - the app that hosts the protected resource.  A real world example is Twitter which uses OAuth as the protocol for all its clients.
+* Client - the app that requests to see the resource data on behalf of the user.  Any Twitter client that shows tweets is an example of this.
+* User/end user - the entity who initiates the OAuth flow to allow the client to access protected data from the provider.
+* Client id/client secret - Often, provider apps will maintain a list of clients that are allowed to access their data.  Client apps can be identified in a number of ways, including with an id and a secret.
+h1. What's Included
+* The OAuth 2.0 (v9) plugin (RAILS_ROOT/vendor/plugins/oauth2_provider)
+* Units and functional tests (RAILS_ROOT/test)
+* A sample host Rails application (RAILS_ROOT)
+** Create sample app user at /users/new
+** Create sample app OAuth client at /oauth/clients
+** Access OAuth-allowed protected resource /protected_resource
+** List and revoke a user's tokens at /oauth/user_tokens
+h1.  Assumptions
+Usage of this plugin assumes that you already have a RAILS app that has unique users who access user-specific data by logging in, or some other method of user authentication.
+h1. Supported Features
+* Web server flow as described at "http://tools.ietf.org/html/draft-ietf-oauth-v2-09#section-1.4.1":http://tools.ietf.org/html/draft-ietf-oauth-v2-09#section-1.4.1
+* Endpoint for clients to request authorization 'code'
+* Endpoint to request an access token using the authorization 'code'
+* Admin screens for:
+ * End users to manage/revoke access tokens given out to 3rd party OAuth2 clients
+ * Admins to manage OAuth2 clients
+h1. Available Endpoint URLs
+See config/routes.rb in the plugin for more details.
+*API only URLs*
+* /oauth/authorize (Oauth2::Provider::OauthAuthorizeController) - used by the user-agent (browser) to request an authorization 'code'
+* /oauth/token (Oauth2::Provider::OauthTokenController) - used by the OAuth2 client to request access token to access protected resources
+*Accessed from the browser*
+* /oauth/user_tokens (Oauth2::Provider::OauthUserTokensController) - used by end users to view and revoke access to 3rd party OAuth2 clients.
+* /oauth/clients (Oauth2::Provider::OauthClientsController) - to manage oauth clients (should be available only to admins)
+It is the responsibility of the host application to avoid routing conflicts. The simplest thing to do is avoid defining any paths starting with /oauth
+h1. Installation
+Copy the plugin into your rails application's vendor/plugins directory.
+Execute the configuration script from your RAILS_ROOT:
+ $ ./script/generate oauth2_provider
+This will create:
+* config/initializers/oauth2_provider.rb
+* db/migrate/TIMESTAMP_create_oauth_authorizations.rb
+* db/migrate/TIMESTAMP_create_oauth_clients.rb
+* db/migrate/TIMESTAMP_create_oauth_tokens.rb
+h2. Configuration
+h3. Host Application
+h4. Rails initializer
+Edit the file config/initializers/oauth2_provider.rb in which you
+* must call filter skipping methods on OauthTokenController, ensuring any authentication filters to not run for this controllers actions
+* must setup authorization for OauthClientsController, limiting access to only application administrators
+* must setup authorization for OauthUserTokensController, limiting access to logged in users  (this step might not actually require you to write code, we're just putting it here to make sure you consider this issue)
+* might call filter skipping or similar methods on the other provided controllers should it be necessary for them to run
+A sample initializer:
+<pre>
+module Oauth2
+  module Provider
+    # make sure no authentication for OauthTokenController
+    OauthTokenController.skip_before_filter(:login_required)
+    # use host app's custom authorization filter to protect OauthClientsController
+    OauthClientsController.before_filter(:ensure_admin_user)
+  end
+end
+</pre>
+h4. ApplicationController
+Make the following changes:
+* Include Oauth2::Provider::ApplicationControllerMethods module
+* Define a 'current_user_id_for_oauth' method that returns the id of the currently logged-in user, serving as a foreign-key to any tokens that are stored in the database.
+* alias_method_chain 'user_id_for_oauth_access_token' into your authentication filter. This method is supplied by Oauth2::Provider::ApplicationControllerMethods and converts an Oauth access token passed in a request's header to a user_id known by the host application. This user_id corresponds to whatever your current_user_id method returns.
+*Before*
+<pre>
+class ApplicationController < ActionController::Base
+  # the host application's authentication filter, you'll
+  # see in the 'After' section below that you can user
+  # alias_method_chain to merge OAuth 2.0 authentication
+  # with your current authentication filter.
+  before_filter :login_required
+  # this checks whether the user is logged in for purposes
+  # of an authentication filter. obviously, your host application
+  # will have very different code than this.  this example is
+  # pulled from the sample host application with which the plugin ships.
+  def login_required
+    current_user_id = session[:user_id]
+    if current_user_id
+      User.current = User.new(current_user_id)
+    else
+      raise "Lack of rights!"
+    end
+  end
+end
+</pre>
+*After*
+<pre>
+class ApplicationController < ActionController::Base
+  # the host application's authentication filter
+  before_filter :login_required
+  # include Oauth2::Provider::ApplicationControllerMethods
+  include Oauth2::Provider::ApplicationControllerMethods
+  # this checks whether the user is logged in for purposes
+  # of an authentication filter. obviously, your host application
+  # will have very different code than this.  this example is
+  # pulled from the sample host application with which the plugin ships.
+  def login_required
+    current_user_id = session[:user_id]
+    if current_user_id
+      User.current = User.new(current_user_id)
+    else
+      raise "Lack of rights!"
+    end
+  end
+  # required by the OAuth plugin to figure out the currently logged in user
+  # must be a string representation of the user.
+  # A 'username', 'email' or a db primary key are good candidates.
+  protected def current_user_id_for_oauth
+    super
+  end
+  # use alias_method_chain to wrap your existing authentication filter
+  # with behavior that will use any valid passed Oauth access token header,
+  # falling back to your standard filter if the request is not an Oauth request.
+  #
+  # clearly, your host application will have different code than
+  # this example, with different authentication models and different filter
+  # method names.
+  #
+  # As for this example, OAuth2::Provider::ApplicationControllerMethods supplies
+  # a user_id_for_oauth_access_token to lookup the user_id for a given access token.
+  # The host app must then use that
+  # user_id to setup the user session, do any authorization checks, etc.  in this
+  # example (from the included sample host app) we simply store the user_id in
+  # the user's session.
+  #
+  # Note that user_id_for_oauth_access_token returns nil if an action
+  # has not been enabled for Oauth (see below).
+  def login_required_with_oauth
+    if user_id = self.user_id_for_oauth_access_token
+      session[:user_id] = user_id
+    elsif looks_like_oauth_request?
+      render :text => "Denied!", :status => :unauthorized
+    else
+      login_required_without_oauth
+    end
+  end
+  alias_method_chain :login_required, :oauth
+end
+</pre>
+h4. Oauth enable particular controller actions
+By default, no action supports OAuth.  That is, if you would like for OAuth to work for any particular action you must declare that in the controller. Below is a simple example where a concrete controller definition specifies where Oauth is allowed. If you look at the plugin source you'll see that oauth_allowed can also be passed a block, returning true or false, for more sophisticated implementations.
+<pre>
+class ProtectedResourceController < ApplicationController
+  # Supported options are:
+  #  :only => [:oauth_protected_action...]
+  #  :except => [:oauth_unprotected_action...]
+  # If no options are specified, defaults to oauth for all actions
+  oauth_allowed :only => :index
+  def index
+    render :text => "current user is #{current_user.email}"
+  end
+  def no_oauth_here
+    render :text => "this content not available via Oauth"
+  end
+end
+</pre>
+h3. Database
+This plugin stores OAuth2 client, authorization codes, and access token into a DB table. It is therefore required that a host app create the necessary ActiveRecord migrations in their application.
+* In your RAILS_ROOT, run rake db:migrate, this will run all the migrations that were created as when you executed the oauth2_provider generator.  You can't do this step until you do the initializers file.
+h1. Verify plugin working correctly in your application
+* OAuth enable the actions for which you wish to allow OAuth as an authentication means
+* Setup a new OAuth client at /oauth/clients
+* Open /oauth/authorize?redirect_uri=REDIRECT_URI&client_id=CLIENT_ID&response_type=code in a browser. You should see a form asking you to authorize the client to access the host application on your behalf. Check the tickbox and submit.
+* Your browser is redirected to your redirect URI (hint: use example.com for this test) and you should now see your authorization code as the "code" parameter.  Save this code, you will need it for the next step.
+* For this step you'll need to use curl as you need to perform a POST and there is no form provided by the plugin. Use curl to POST to /oauth/token, passing the following key/value pairs as form data: code=AUTHORIZATION_CODE&grant_type=authorization-code&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=REDIRECT_URI
+* The response to the above POST will be JSON containing your access token, and its expiration time in seconds.
+<pre>{:access_token => ACCESS_TOKEN, :expires_in => ACCESS_TOKEN_EXPIRES_IN, :refresh_token => REFRESH_TOKEN}</pre>
+* You can now use the ACCESS_TOKEN to access the protected resource. This would require the 'Authorization' HTTP header (NOTE that the quotes are required around the ACCESS_TOKEN)
+<pre>Authorization: Token token="ACCESS_TOKEN"</pre>
+* You should expect to see the contents of the protected resource now.
+h1. License (Stuff that lawyers make us say)
+OAuth2 Provider Generator is MIT Licensed.
+The MIT License
+Copyright © 2010 ThoughtWorks, Inc. (http://thoughtworks.com)
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the “Software”), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/app/controllers/oauth2/provider/oauth_authorize_controller.rb ADDED

@@ -0,0 +1,65 @@
+module Oauth2
+  module Provider
+    class OauthAuthorizeController < ::ApplicationController
+      def index
+        return unless validate_params
+      end
+      def authorize
+        return unless validate_params
+        unless params[:authorize] == '1'
+          redirect_to "#{params[:redirect_uri]}?error=access-denied"
+          return
+        end
+        authorization = @client.create_authorization_for_user_id(current_user_id_for_oauth)
+        state_param = if params[:state].blank?
+          ""
+        else
+          "&state=#{CGI.escape(params[:state])}"
+        end
+        redirect_to "#{params[:redirect_uri]}?code=#{authorization.code}&expires_in=#{authorization.expires_in}#{state_param}"
+      end
+      private
+      # TODO: support 'code', 'token', 'code-and-token'
+      VALID_RESPONSE_TYPES = ['code']
+      def validate_params
+        if params[:client_id].blank? || params[:response_type].blank?
+          redirect_to "#{params[:redirect_uri]}?error=invalid-request"
+          return false
+        end
+        unless VALID_RESPONSE_TYPES.include?(params[:response_type])
+          redirect_to "#{params[:redirect_uri]}?error=unsupported-response-type"
+          return
+        end
+        if params[:redirect_uri].blank?
+          render :text => "You did not specify the 'redirect_uri' parameter!", :status => :bad_request
+          return false
+        end
+        @client = OauthClient.find_by_client_id(params[:client_id])
+        if @client.nil?
+          redirect_to "#{params[:redirect_uri]}?error=invalid-client-id"
+          return false
+        end
+        if @client.redirect_uri != params[:redirect_uri]
+          redirect_to "#{params[:redirect_uri]}?error=redirect-uri-mismatch"
+          return false
+        end
+        true
+      end
+    end
+  end
+end

data/app/controllers/oauth2/provider/oauth_clients_controller.rb ADDED

@@ -0,0 +1,51 @@
+module Oauth2
+  module Provider
+    class OauthClientsController < ApplicationController
+      def index
+        @oauth_clients = OauthClient.all
+      end
+      def show
+        @oauth_client = OauthClient.find(params[:id])
+      end
+      def new
+        @oauth_client = OauthClient.new
+      end
+      def edit
+        @oauth_client = OauthClient.find(params[:id])
+      end
+      def create
+        @oauth_client = OauthClient.new(params[:oauth_client])
+        if @oauth_client.save
+          flash[:notice] = 'OauthClient was successfully created.'
+          redirect_to(@oauth_client)
+        else
+          render :action => "new"
+        end
+      end
+      def update
+        @oauth_client = OauthClient.find(params[:id])
+        if @oauth_client.update_attributes(params[:oauth_client])
+          flash[:notice] = 'OauthClient was successfully updated.'
+          redirect_to(@oauth_client)
+        else
+          render :action => "edit"
+        end
+      end
+      def destroy
+        @oauth_client = OauthClient.find(params[:id])
+        @oauth_client.destroy
+        redirect_to(oauth_clients_url)
+      end
+    end
+  end
+end

data/app/controllers/oauth2/provider/oauth_token_controller.rb ADDED

@@ -0,0 +1,56 @@
+module Oauth2
+  module Provider
+    class OauthTokenController < ApplicationController
+      def get_token
+        authorization = OauthAuthorization.find_by_code(params[:code])
+        authorization.delete unless authorization.nil?
+        original_token = OauthToken.find_by_refresh_token(params[:refresh_token])
+        original_token.delete unless original_token.nil?
+        unless ['authorization-code', 'refresh-token'].include?(params[:grant_type])
+          render_error('unsupported-grant-type')
+          return
+        end
+        client = OauthClient.find_by_client_id_and_client_secret(
+          params[:client_id], params[:client_secret]
+        )
+        if client.nil?
+          render_error('invalid-client-credentials')
+          return
+        end
+        if client.redirect_uri != params[:redirect_uri]
+          render_error('invalid-grant')
+          return
+        end
+        if params[:grant_type] == 'authorization-code'
+          if authorization.nil? || authorization.expired? || authorization.oauth_client != client
+            render_error('invalid-grant')
+            return
+          end
+          token = authorization.generate_access_token
+        else # refresh-token
+          if original_token.nil? || original_token.oauth_client != client
+            render_error('invalid-grant')
+            return
+          end
+          token = original_token.refresh
+        end
+        render :content_type => 'application/json', :text => token.access_token_attributes.to_json
+      end
+      private
+      def render_error(error_code)
+         render :status => :bad_request, :json => {:error => error_code}.to_json
+      end
+    end
+  end
+end

data/app/controllers/oauth2/provider/oauth_user_tokens_controller.rb ADDED

@@ -0,0 +1,26 @@
+module Oauth2
+  module Provider
+    class OauthUserTokensController < ApplicationController
+      def index
+        @tokens = OauthToken.find_all_by_user_id(current_user_id_for_oauth)
+      end
+      def revoke
+        token = OauthToken.find_by_id(params[:token_id])
+        if token.nil?
+          render :text => "User not authorized to perform this action!", :status => :bad_request
+          return
+        end
+        if token.user_id != current_user_id_for_oauth
+          render :text => "User not authorized to perform this action!", :status => :bad_request
+          return
+        end
+        token.delete
+        redirect_to :action => :index
+      end
+    end
+  end
+end

data/app/models/oauth2/provider/oauth_authorization.rb ADDED

@@ -0,0 +1,31 @@
+module Oauth2
+  module Provider
+    class OauthAuthorization < ::ActiveRecord::Base
+      belongs_to :oauth_client, :class_name => "Oauth2::Provider::OauthClient"
+      EXPIRY_TIME = 1.hour
+      def generate_access_token
+        token = oauth_client.create_token_for_user_id(user_id)
+        self.delete
+        token
+      end
+      def expires_in
+        (Time.at(expires_at.to_i) - Clock.now).to_i
+      end
+      def expired?
+        expires_in <= 0
+      end
+      protected
+      def before_create
+        self.expires_at = Clock.now + EXPIRY_TIME
+        self.code = ActiveSupport::SecureRandom.hex(32)
+      end
+    end
+  end
+end

data/app/models/oauth2/provider/oauth_client.rb ADDED

@@ -0,0 +1,31 @@
+module Oauth2
+  module Provider
+    class OauthClient < ActiveRecord::Base
+      validates_presence_of :name, :redirect_uri
+      before_create :generate_keys
+      has_many :oauth_tokens, :class_name => "Oauth2::Provider::OauthToken", :dependent => :delete_all
+      has_many :oauth_authorizations, :class_name => "Oauth2::Provider::OauthAuthorization", :dependent => :delete_all
+      validates_format_of :redirect_uri, :with => Regexp.new("^(https|http)://.+$")
+      def create_token_for_user_id(user_id)
+        oauth_tokens.create!(:user_id => user_id)
+      end
+      def create_authorization_for_user_id(user_id)
+        oauth_authorizations.create!(:user_id => user_id)
+      end
+      def self.model_name
+        ActiveSupport::ModelName.new('OauthClient')
+      end
+      private
+      def generate_keys
+        self.client_id = ActiveSupport::SecureRandom.hex(32)
+        self.client_secret = ActiveSupport::SecureRandom.hex(32)
+      end
+    end
+  end
+end

data/app/models/oauth2/provider/oauth_token.rb ADDED

@@ -0,0 +1,35 @@
+module Oauth2
+  module Provider
+    class OauthToken < ::ActiveRecord::Base
+      belongs_to :oauth_client, :class_name => "Oauth2::Provider::OauthClient"
+      EXPIRY_TIME = 90.days
+      def access_token_attributes
+        {:access_token => access_token, :expires_in => expires_in, :refresh_token => refresh_token}
+      end
+      def expires_in
+        (Time.at(expires_at.to_i) - Clock.now).to_i
+      end
+      def expired?
+        expires_in <= 0
+      end
+      def refresh
+        self.delete
+        oauth_client.create_token_for_user_id(user_id)
+      end
+      protected
+      def before_create
+        self.access_token = ActiveSupport::SecureRandom.hex(32)
+        self.expires_at = Clock.now + EXPIRY_TIME
+        self.refresh_token = ActiveSupport::SecureRandom.hex(32)
+      end
+    end
+  end
+end

data/app/views/oauth2/provider/layouts/oauth_clients.html.erb ADDED

@@ -0,0 +1,17 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+  <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
+  <title>OauthClients: <%= controller.action_name %></title>
+  <%= stylesheet_link_tag 'scaffold' %>
+</head>
+<body>
+Currently Logged in: <%= current_user.email if logged_in? %>
+<p style="color: green"><%= flash[:notice] %></p>
+<%= yield %>
+</body>
+</html>

data/app/views/oauth2/provider/oauth_authorize/index.html.erb ADDED

@@ -0,0 +1,8 @@
+<form action="<%= url_for(:action => :authorize) %>" method="post" id="oauth_authorize">
+  Do you wish to allow the service named '<%= @client.name %>' to access this application on your behalf? <input type="checkbox" name="authorize" id="authorize" value="1" />
+  <input type="hidden" name="client_id" id="client_id" value="<%= params[:client_id] %>" />
+  <input type="hidden" name="redirect_uri" id="redirect_uri" value="<%= params[:redirect_uri] %>" />
+  <input type="hidden" name="response_type" id="response_type" value="<%= params[:response_type] %>" />
+  <input type="hidden" name="state" id="state" value="<%= params[:state] %>" />
+  <input type="submit" value="Submit" />
+</form>

data/app/views/oauth2/provider/oauth_clients/edit.html.erb ADDED

@@ -0,0 +1,20 @@
+<h1>Editing oauth_client</h1>
+<% form_for(@oauth_client) do |f| %>
+  <%= f.error_messages %>
+  <p>
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </p>
+  <p>
+    <%= f.label :redirect_uri %><br />
+    <%= f.text_field :redirect_uri %>
+  </p>
+  <p>
+    <%= f.submit 'Update' %>
+  </p>
+<% end %>
+<%= link_to 'Show', @oauth_client %> |
+<%= link_to 'Back', oauth_clients_path %>

data/app/views/oauth2/provider/oauth_clients/index.html.erb ADDED

@@ -0,0 +1,26 @@
+<h1>Listing oauth_clients</h1>
+<table>
+  <tr>
+    <th>Name</th>
+    <th>Client id</th>
+    <th>Client secret</th>
+    <th>Redirect URI</th>
+  </tr>
+<% @oauth_clients.each do |oauth_client| %>
+  <tr>
+    <td><%=h oauth_client.name %></td>
+    <td><%=h oauth_client.client_id %></td>
+    <td><%=h oauth_client.client_secret %></td>
+    <td><%=h oauth_client.redirect_uri %></td>
+    <td><%= link_to 'Show', oauth_client %></td>
+    <td><%= link_to 'Edit', edit_oauth_client_path(oauth_client) %></td>
+    <td><%= link_to 'Destroy', oauth_client, :confirm => 'Are you sure?', :method => :delete %></td>
+  </tr>
+<% end %>
+</table>
+<br />
+<%= link_to 'New oauth_client', new_oauth_client_path %>

data/app/views/oauth2/provider/oauth_clients/new.html.erb ADDED

@@ -0,0 +1,19 @@
+<h1>New oauth_client</h1>
+<% form_for(@oauth_client) do |f| %>
+  <%= f.error_messages %>
+  <p>
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </p>
+  <p>
+    <%= f.label :redirect_uri %><br />
+    <%= f.text_field :redirect_uri %>
+  </p>
+  <p>
+    <%= f.submit 'Create' %>
+  </p>
+<% end %>
+<%= link_to 'Back', oauth_clients_path %>

data/app/views/oauth2/provider/oauth_clients/show.html.erb ADDED

@@ -0,0 +1,22 @@
+<p>
+  <b>Name:</b>
+  <%=h @oauth_client.name %>
+</p>
+<p>
+  <b>Client:</b>
+  <%=h @oauth_client.client_id %>
+</p>
+<p>
+  <b>Client secret:</b>
+  <%=h @oauth_client.client_secret %>
+</p>
+<p>
+  <b>Redirect URI:</b>
+  <%=h @oauth_client.redirect_uri %>
+</p>
+<%= link_to 'Edit', edit_oauth_client_path(@oauth_client) %> |
+<%= link_to 'Back', oauth_clients_path %>

data/app/views/oauth2/provider/oauth_user_tokens/index.html.erb ADDED

@@ -0,0 +1,14 @@
+<table>
+  <tr>
+    <th>Client</th>
+    <th>Token</th>
+    <th>&nbsp;</th>
+  </tr>
+  <% @tokens.each do |token| -%>
+    <tr>
+      <td><%= token.oauth_client.name %></td>
+      <td><%= token.access_token %></td>
+      <td><%= link_to('Destroy', {:action => :revoke, :token_id => token.id, :controller => 'Oauth2::Provider::OauthUserTokens'}, {:confirm => 'Are you sure?', :method => :delete})%></td>
+    </tr>
+  <% end -%>
+</table>

data/config/routes.rb ADDED

@@ -0,0 +1,11 @@
+ActionController::Routing::Routes.draw do |map|
+  map.resources :oauth_clients, :controller => 'Oauth2::Provider::OauthClients', :as => 'oauth/clients'
+  map.connect '/oauth/authorize', :controller => 'Oauth2::Provider::OauthAuthorize', :action => :authorize, :conditions => {:method => :post}
+  map.connect '/oauth/authorize', :controller => 'Oauth2::Provider::OauthAuthorize', :action => :index, :conditions => {:method => :get}
+  map.connect '/oauth/token', :controller => 'Oauth2::Provider::OauthToken', :action => :get_token, :conditions => {:method => :post}
+  map.connect '/oauth/user_tokens/revoke/:token_id', :controller => 'Oauth2::Provider::OauthUserTokens', :action => :revoke, :conditions => {:method => :delete}
+  map.connect '/oauth/user_tokens', :controller => 'Oauth2::Provider::OauthUserTokens', :action => :index, :conditions => {:method => :get}
+end

data/generators/oauth2_provider/oauth2_provider_generator.rb ADDED

@@ -0,0 +1,25 @@
+class Oauth2ProviderGenerator < Rails::Generator::Base
+  def manifest
+    record do |m|
+      m.template 'config/initializers/oauth2_provider.rb', "config/initializers/oauth2_provider.rb"
+      ['create_oauth_clients', 'create_oauth_tokens', 'create_oauth_authorizations'].each_with_index do |file_name, index|
+        m.template "db/migrate/#{file_name}.rb", "db/migrate/#{version_with_prefix(index)}_#{file_name}.rb", :migration_file_name => file_name
+      end
+    end
+  end
+  def after_generate
+    puts "*"*80
+    puts "Please edit the file 'config/initializers/oauth2_provider.rb' as per your needs!"
+    puts "The readme file in the plugin contains more information about configuration."
+    puts "*"*80
+  end
+  private
+  def version_with_prefix(prefix)
+    Time.now.utc.strftime("%Y%m%d%H%M%S") + "#{prefix}"
+  end
+end

data/generators/oauth2_provider/templates/config/initializers/oauth2_provider.rb ADDED

@@ -0,0 +1,14 @@
+module Oauth2
+  module Provider
+    raise 'OAuth2 provider not configured yet!'
+    # please go through the readme and configure this file before you can use this plugin!
+    # make sure no authentication for OauthTokenController
+    OauthTokenController.skip_before_filter(:login_required)
+    # use host app's custom authorization filter to protect OauthClientsController
+    OauthClientsController.before_filter(:ensure_admin_user)
+  end
+end

data/generators/oauth2_provider/templates/db/migrate/create_oauth_authorizations.rb ADDED

@@ -0,0 +1,18 @@
+class CreateOauthAuthorizations < ActiveRecord::Migration
+  def self.up
+    create_table :oauth_authorizations do |t|
+      t.string :user_id
+      t.integer :oauth_client_id
+      t.string :code
+      t.timestamp :expires_at
+      t.timestamps
+    end
+  end
+  def self.down
+    drop_table :oauth_authorizations
+  end
+end

data/generators/oauth2_provider/templates/db/migrate/create_oauth_clients.rb ADDED

@@ -0,0 +1,16 @@
+class CreateOauthClients < ActiveRecord::Migration
+  def self.up
+    create_table :oauth_clients do |t|
+      t.string :name
+      t.string :client_id
+      t.string :client_secret
+      t.string :redirect_uri
+      t.timestamps
+    end
+  end
+  def self.down
+    drop_table :oauth_clients
+  end
+end

data/generators/oauth2_provider/templates/db/migrate/create_oauth_tokens.rb ADDED

@@ -0,0 +1,19 @@
+class CreateOauthTokens < ActiveRecord::Migration
+  def self.up
+    create_table :oauth_tokens do |t|
+      t.string :user_id
+      t.integer :oauth_client_id
+      t.string :access_token
+      t.string :refresh_token
+      t.timestamp :expires_at
+      t.timestamps
+    end
+  end
+  def self.down
+    drop_table :oauth_tokens
+  end
+end

data/init.rb ADDED

@@ -0,0 +1,3 @@
+if RAILS_ENV == 'development'
+  ActiveSupport::Dependencies.load_once_paths.reject!{|x| x =~ /^#{Regexp.escape(File.dirname(__FILE__))}/}
+end

data/lib/oauth2/provider/application_controller_methods.rb ADDED

@@ -0,0 +1,52 @@
+module Oauth2
+  module Provider
+    module ApplicationControllerMethods
+      def self.included(controller_class)
+        controller_class.cattr_accessor :oauth_options, :oauth_options_proc
+        def controller_class.oauth_allowed(options = {}, &block)
+          raise 'options cannot contain both :only and :except' if options[:only] && options[:except]
+          [:only, :except].each do |k|
+            if values = options[k]
+              options[k] = Array(values).map(&:to_s).to_set
+            end
+          end
+          self.oauth_options = options
+          self.oauth_options_proc = block
+        end
+      end
+      protected
+      def user_id_for_oauth_access_token
+        return nil unless oauth_allowed?
+        header_field = request.headers["Authorization"]
+        if header_field =~ /Token token="(.*)"/
+          token = OauthToken.find_by_access_token($1)
+          token.user_id if token
+        end
+      end
+      def looks_like_oauth_request?
+        header_field = request.headers["Authorization"]
+        header_field =~ /Token token="(.*)"/
+      end
+      def oauth_allowed?
+        if (oauth_options_proc && !oauth_options_proc.call(self))
+          false
+        else
+          return false if oauth_options.nil?
+          oauth_options.empty? ||
+            (oauth_options[:only] && oauth_options[:only].include?(action_name)) ||
+            (oauth_options[:except] && !oauth_options[:except].include?(action_name))
+        end
+      end
+    end
+  end
+end

data/lib/oauth2/provider/clock.rb ADDED

@@ -0,0 +1,20 @@
+module Oauth2
+  module Provider
+    class Clock
+      def self.fake_now=(time_now)
+        @fake_now = time_now
+      end
+      def self.now
+        @fake_now || Time.now
+      end
+      def self.reset
+        @fake_now = nil
+      end
+    end
+  end
+end

data/tasks/gem.rake ADDED

@@ -0,0 +1,33 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+desc 'Create a the oauth2_provider gem'
+task :gem do
+  cd File.join(File.expand_path(File.dirname(__FILE__)), '..') do
+    cp "#{RAILS_ROOT}/../README.textile", '.'
+    cp "#{RAILS_ROOT}/../MIT-LICENSE.txt", '.'
+    spec = Gem::Specification.new do |s|
+      s.name = "oauth2_provider"
+      s.version           = "0.0.1"
+      s.author            = "ThoughtWorks, Inc."
+      s.email             = "ketan@thoughtworks.com"
+      s.homepage          = "http://github.com/ThoughtWorksStudios/oauth2_provider"
+      s.platform          = Gem::Platform::RUBY
+      s.summary           = "A Rails plugin to OAuth v2.0 enable your rails application"
+      s.description       = "A Rails plugin to OAuth v2.0 enable your rails application"
+      s.files             = Dir["**/*.*"]
+      s.has_rdoc          = false
+      s.extra_rdoc_files  = ["README.textile", "MIT-LICENSE.txt"]
+    end
+    File.open("oauth2_provider.gemspec", "w") { |f| f << spec.to_ruby }
+    rm_rf "#{RAILS_ROOT}/pkg"
+    sh "gem build #{spec.name}.gemspec"
+    mkdir "#{RAILS_ROOT}/pkg"
+    mv "#{spec.name}-#{spec.version}.gem", "#{RAILS_ROOT}/pkg"
+    rm "README.textile"
+    rm "MIT-LICENSE.txt"
+  end
+end

metadata ADDED

@@ -0,0 +1,81 @@
+--- !ruby/object:Gem::Specification
+name: oauth2_provider
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- ThoughtWorks, Inc.
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2010-07-22 00:00:00 -07:00
+default_executable:
+dependencies: []
+description: A Rails plugin to OAuth v2.0 enable your rails application
+email: ketan@thoughtworks.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.textile
+- MIT-LICENSE.txt
+files:
+- app/controllers/oauth2/provider/oauth_authorize_controller.rb
+- app/controllers/oauth2/provider/oauth_clients_controller.rb
+- app/controllers/oauth2/provider/oauth_token_controller.rb
+- app/controllers/oauth2/provider/oauth_user_tokens_controller.rb
+- app/models/oauth2/provider/oauth_authorization.rb
+- app/models/oauth2/provider/oauth_client.rb
+- app/models/oauth2/provider/oauth_token.rb
+- app/views/oauth2/provider/layouts/oauth_clients.html.erb
+- app/views/oauth2/provider/oauth_authorize/index.html.erb
+- app/views/oauth2/provider/oauth_clients/edit.html.erb
+- app/views/oauth2/provider/oauth_clients/index.html.erb
+- app/views/oauth2/provider/oauth_clients/new.html.erb
+- app/views/oauth2/provider/oauth_clients/show.html.erb
+- app/views/oauth2/provider/oauth_user_tokens/index.html.erb
+- config/routes.rb
+- generators/oauth2_provider/oauth2_provider_generator.rb
+- generators/oauth2_provider/templates/config/initializers/oauth2_provider.rb
+- generators/oauth2_provider/templates/db/migrate/create_oauth_authorizations.rb
+- generators/oauth2_provider/templates/db/migrate/create_oauth_clients.rb
+- generators/oauth2_provider/templates/db/migrate/create_oauth_tokens.rb
+- init.rb
+- lib/oauth2/provider/application_controller_methods.rb
+- lib/oauth2/provider/clock.rb
+- MIT-LICENSE.txt
+- README.textile
+- tasks/gem.rake
+has_rdoc: true
+homepage: http://github.com/ThoughtWorksStudios/oauth2_provider
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+requirements: []
+rubyforge_project:
+rubygems_version: 1.3.5
+signing_key:
+specification_version: 3
+summary: A Rails plugin to OAuth v2.0 enable your rails application
+test_files: []