oauth2_provider_engine 0.0.1

data/app/views/shared/token.json.erb

@@ -0,0 +1,8 @@
+<%=
+  {
+    'access_token' => @token.token,
+    'expires_in' => Oauth2Provider.settings["token_expires_in"],
+    'refresh_token' => @refresh_token.refresh_token,
+    'resource_owner_uri' => @resource_owner_uri
+  }.to_json.html_safe
+%>

data/config/locales/en.yml

@@ -0,0 +1,31 @@
+en:
+  notifications:
+    oauth:
+      client:
+        not_found: "Client not found with the provided params"
+        not_authorized: "Client not authorized with the provided scope"
+        blocked: "Client blocked"
+      response_type:
+        not_valid: "Not valid response type"
+      authorization:
+        not_found: "Authorization not found with the provided params"
+        expired: "Authorization expired"
+      resource_owner:
+        not_found: "User not found with the provided params"
+        blocked_client: "Client blocked from the user (check preferences)"
+      token:
+        not_found: "Access token not found with the provided params"
+        expired: "Access token authorization expired"
+        blocked_token: "Access token blocked from the user (logged out)"
+      refresh_token:
+        not_found: "Refresh token not found with the provided params"
+    document:
+      not_found: "Resource not found"
+      not_valid: "Not valid attributes"
+    json:
+      not_valid: "Not valid JSON"
+      not_array: "Not a valid JSON type associated"
+    pagination:
+      not_valid_page: "Not a valid page"
+      not_valid_per_page: "Not a valid per_page"
+ 

data/config/oauth.yml

@@ -0,0 +1,4 @@
+token_expires_in: "1800"
+authorization_expires_in: "150"
+random_length: 32
+scope_separator: " "

data/config/routes.rb

@@ -0,0 +1,25 @@
+Oauth2Provider::Engine.routes.draw do
+  namespace :oauth2_provider, path: '' do
+
+    get    "authorize" => "authorize#show", defaults: { format: "html" }
+    post   "authorize" => "authorize#create", defaults: { format: "html" }
+    delete "authorize" => "authorize#destroy", defaults: { format: "html" }
+    delete "token/:id" => "token#destroy", defaults: { format: "json" }
+    post   "token" => "token#create", defaults: { format: "json" }
+
+    resources :scopes
+
+    resources :clients do
+      put :block, on: :member
+      put :unblock, on: :member
+    end
+
+    resources :accesses do
+      put :block, on: :member
+      put :unblock, on: :member
+    end
+
+    root :to => "clients#index"
+  end
+
+end

data/lib/oauth2_provider.rb

@@ -0,0 +1,38 @@
+require 'mongoid'
+require 'validate_url'
+require 'chronic'
+require 'orm_adapter'
+require "oauth2_provider/engine"
+require "oauth2_provider/controller_mixin"
+
+module Oauth2Provider
+  def self.settings
+    @settings ||= YAML.load_file("#{Oauth2Provider::Engine.root}/config/oauth.yml")
+  end
+
+  def self.normalize_scope(scope = [])
+    scope = scope.split(" ") if scope.kind_of? String
+    normalized = self::Scope.any_in(name: scope)
+    normalized = normalized.map(&:values).flatten
+
+    if normalized.empty?
+      return self.clean(scope)
+    else
+      return self.clean(scope) + self.normalize_scope(normalized)
+    end
+  end
+
+  # Remove 'no action' keys. For example during normalization
+  # we add keys like 'pizza' (resource names) or 'pizza/read'
+  # wihch we have to remove to easily make the access recognition
+  # with the bearer token.
+  #
+  # NOTE: at the moment are not allowed methods which contain
+  # the word "read" because it will be removed
+  def self.clean(scope)
+    scope = scope.keep_if   {|scope| scope =~ /\// }
+    scope = scope.delete_if {|scope| scope =~ /read/ }
+    scope = scope.uniq
+    return scope
+  end
+end

data/lib/oauth2_provider/controller_mixin.rb

@@ -0,0 +1,53 @@
+module Oauth2Provider
+  module ControllerMixin
+    def _oauth_provider_authenticate
+      if api_request
+        oauth_authorized   # uncomment to make all json API protected
+      else
+        session_auth
+      end
+    end
+
+    def api_request
+      json?
+    end
+
+    def json?
+      request.format == "application/json"
+    end
+
+    def _oauth_provider_json_body
+      body = request.body.read.to_s
+      @body = if body.empty?
+        HashWithIndifferentAccess.new({})
+      else
+        HashWithIndifferentAccess.new(Rack::Utils.parse_nested_query body)
+      end
+    end
+
+    def oauth_authorized
+      action = params[:controller] + "/" + params[:action]
+      _oauth_provider_normalize_token
+      @token = Oauth2Provider::OauthToken.to_adapter.find_first(token: params[:token], scope: action)
+      if @token.nil? or @token.blocked?
+        render text: "Unauthorized access.", status: 401
+        return false
+      else
+        access = Oauth2Provider::OauthAccess.to_adapter.find_first(client_uri: @token.client_uri , resource_owner_uri: @token.resource_owner_uri)
+        access.accessed!
+        @current_user = User.to_adapter.find_first(id: @token.resource_owner_uri.split('/').last)
+      end
+    end
+
+    def _oauth_provider_normalize_token
+      # Token in the body
+      if (_oauth_provider_json_body and @body[:token])
+        params[:token] = @body[:token]
+      end
+      # Token in the header
+      if request.env["Authorization"]
+        params[:token] = request.env["Authorization"].split(" ").last
+      end
+    end
+  end
+end

data/lib/oauth2_provider/engine.rb

@@ -0,0 +1,4 @@
+module Oauth2Provider
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/oauth2_provider_engine.rb

@@ -0,0 +1 @@
+require 'oauth2_provider'

data/lib/oauth2_provider_engine/version.rb

@@ -0,0 +1,3 @@
+module Oauth2ProviderEngine
+  VERSION = "0.0.1"
+end

data/test/dummy/CHANGELOG.rdoc

@@ -0,0 +1,67 @@
+= Changelog
+
+
+== Release v0.3.1 (2011/04/22)
+
+* Added documentation with screenshots
+* Added tag system on scope definition
+* Added basic graph with access token stats
+
+
+== Release v0.3.0 (2011/04/21)
+
+* Added refined UI for the dashboard section
+* Updated documentation
+
+
+== Release v0.2.3 (2011/04/19)
+
+* Added redirect to last URI before logging in
+* Added functionality to block the access of a user resource in
+behalf of a specific client
+* Added client access and stats to every user in the dashboard
+* Added functionality to block a client (only admin can do this)
+* Added UI to automatically set admin the first user which 
+register into the OAuth Server
+* Added autoupdate of scopes to all clients when one of them 
+changes
+
+
+== Release v0.2.2 (2011/04/18)
+
+* Added documentation on scope definition, action authorization, testing 
+framework and oauth flow testing code.
+
+
+== Release v0.2.1 (2011/04/15)
+
+* Added bearer token protection simply adding the filter 
+<tt>before_filter :oauth_authorized<tt> on the conrtoller
+* Added dynamic scope setting. Now is possible to set the 
+scopes directly in the admin interface, and easily protect 
+every method inside a controller.
+* Added dashboard for admin to add scopes and monitor all
+registered users
+* Added dashboard to control and create clients
+* Added dashboard to edit user info
+
+
+== Release v0.2.0 (2011/04/06)
+
+* Added refresh token mechanisms
+* Removed unuseful gems
+* Changed denied message from access=denied to error=access_denied
+* Introduced test to block of single token (idea of logout)
+* Changed oauth/authorize with /oauth/authorization to make sistem more REST
+* Redefinition of all documentation, more simple and complete
+
+
+== Release v0.1.1 (2011/03/29)
+
+* Added documentation explaining the authorization flows
+
+
+== Release v0.1.0 (2011/03/29)
+
+* Added documentation explaining the existing flows
+* Added OAuth2 server with acceptance tests

data/test/dummy/Gemfile

@@ -0,0 +1,53 @@
+source 'http://rubygems.org'
+source 'http://gemcutter.org'
+
+gem 'rails', '3.2.5'
+
+# Gems used only for assets and not required
+# in production environments by default.
+group :assets do
+  gem 'sass-rails',   '~> 3.2.3'
+  gem 'coffee-rails', '~> 3.2.1'
+
+  # See https://github.com/sstephenson/execjs#readme for more supported runtime
+  # gem 'therubyracer'
+
+  gem 'uglifier', '>= 1.0.3'
+end
+
+gem "jquery-rails"
+gem 'mongoid'
+gem 'bson_ext'
+gem 'yajl-ruby'
+gem 'will_paginate'
+gem 'rack-ssl'
+gem "bcrypt-ruby", :require => "bcrypt"
+gem 'validate_url'
+gem 'email_validator'
+gem 'chronic'
+gem 'jquery-rails'
+gem 'orm_adapter', :git => 'git://github.com/timgaleckas/orm_adapter.git'
+gem 'oauth2_provider', :path => '../..'
+
+group :development, :test do
+  gem 'debugger'
+  gem 'rspec-rails'
+end
+
+group :test do
+  gem 'steak'
+  gem 'capybara'
+  gem 'selenium-client'
+  gem 'selenium-webdriver'
+  gem 'launchy'
+  gem 'shoulda'
+  gem 'factory_girl_rails'
+  gem 'webrat'
+  gem 'autotest'
+  gem 'autotest-growl'
+  gem 'database_cleaner'
+  gem 'fuubar'
+  gem 'watchr'
+  gem 'delorean'
+  gem 'rspec-set'
+end

data/test/dummy/Gemfile.lock

@@ -0,0 +1,254 @@
+GIT
+  remote: git://github.com/timgaleckas/orm_adapter.git
+  revision: e4ae617d8eea6c50ca1a4db9de4a12669868119a
+  specs:
+    orm_adapter (0.1.0)
+
+PATH
+  remote: ../..
+  specs:
+    oauth2_provider (0.0.1)
+      bson_ext
+      chronic
+      jquery-rails
+      mongoid
+      orm_adapter
+      rails (~> 3.2.5)
+      validate_url
+
+GEM
+  remote: http://rubygems.org/
+  remote: http://gemcutter.org/
+  specs:
+    ZenTest (4.8.1)
+    actionmailer (3.2.5)
+      actionpack (= 3.2.5)
+      mail (~> 2.4.4)
+    actionpack (3.2.5)
+      activemodel (= 3.2.5)
+      activesupport (= 3.2.5)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.3)
+    activemodel (3.2.5)
+      activesupport (= 3.2.5)
+      builder (~> 3.0.0)
+    activerecord (3.2.5)
+      activemodel (= 3.2.5)
+      activesupport (= 3.2.5)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.5)
+      activemodel (= 3.2.5)
+      activesupport (= 3.2.5)
+    activesupport (3.2.5)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    addressable (2.2.8)
+    arel (3.0.2)
+    autotest (4.4.6)
+      ZenTest (>= 4.4.1)
+    autotest-growl (0.2.16)
+    bcrypt-ruby (3.0.1)
+    bson (1.6.4)
+    bson_ext (1.6.4)
+      bson (~> 1.6.4)
+    builder (3.0.0)
+    capybara (1.1.2)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      selenium-webdriver (~> 2.0)
+      xpath (~> 0.1.4)
+    childprocess (0.3.2)
+      ffi (~> 1.0.6)
+    chronic (0.6.7)
+    coffee-rails (3.2.2)
+      coffee-script (>= 2.2.0)
+      railties (~> 3.2.0)
+    coffee-script (2.2.0)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.3.3)
+    columnize (0.3.6)
+    database_cleaner (0.8.0)
+    debugger (1.1.4)
+      columnize (>= 0.3.1)
+      debugger-linecache (~> 1.1.1)
+      debugger-ruby_core_source (~> 1.1.3)
+    debugger-linecache (1.1.1)
+      debugger-ruby_core_source (>= 1.1.1)
+    debugger-ruby_core_source (1.1.3)
+    delorean (1.2.0)
+      chronic
+    diff-lcs (1.1.3)
+    email_validator (1.3.0)
+      activemodel
+    erubis (2.7.0)
+    execjs (1.4.0)
+      multi_json (~> 1.0)
+    factory_girl (3.4.0)
+      activesupport (>= 3.0.0)
+    factory_girl_rails (3.4.0)
+      factory_girl (~> 3.4.0)
+      railties (>= 3.0.0)
+    ffi (1.0.11)
+    fuubar (1.0.0)
+      rspec (~> 2.0)
+      rspec-instafail (~> 0.2.0)
+      ruby-progressbar (~> 0.0.10)
+    hike (1.2.1)
+    i18n (0.6.0)
+    journey (1.0.3)
+    jquery-rails (2.0.2)
+      railties (>= 3.2.0, < 5.0)
+      thor (~> 0.14)
+    json (1.7.3)
+    launchy (2.1.0)
+      addressable (~> 2.2.6)
+    libwebsocket (0.1.3)
+      addressable
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.18)
+    mongo (1.6.2)
+      bson (~> 1.6.2)
+    mongoid (2.4.11)
+      activemodel (~> 3.1)
+      mongo (<= 1.6.2)
+      tzinfo (~> 0.3.22)
+    multi_json (1.3.6)
+    nokogiri (1.5.4)
+    polyglot (0.3.3)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rails (3.2.5)
+      actionmailer (= 3.2.5)
+      actionpack (= 3.2.5)
+      activerecord (= 3.2.5)
+      activeresource (= 3.2.5)
+      activesupport (= 3.2.5)
+      bundler (~> 1.0)
+      railties (= 3.2.5)
+    railties (3.2.5)
+      actionpack (= 3.2.5)
+      activesupport (= 3.2.5)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    rspec (2.10.0)
+      rspec-core (~> 2.10.0)
+      rspec-expectations (~> 2.10.0)
+      rspec-mocks (~> 2.10.0)
+    rspec-core (2.10.1)
+    rspec-expectations (2.10.0)
+      diff-lcs (~> 1.1.3)
+    rspec-instafail (0.2.4)
+    rspec-mocks (2.10.1)
+    rspec-rails (2.10.1)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec (~> 2.10.0)
+    rspec-set (0.0.1)
+      rspec (>= 2)
+    ruby-progressbar (0.0.10)
+    rubyzip (0.9.8)
+    sass (3.1.19)
+    sass-rails (3.2.5)
+      railties (~> 3.2.0)
+      sass (>= 3.1.10)
+      tilt (~> 1.3)
+    selenium-client (1.2.18)
+    selenium-webdriver (2.22.2)
+      childprocess (>= 0.2.5)
+      ffi (~> 1.0)
+      libwebsocket (~> 0.1.3)
+      multi_json (~> 1.0)
+      rubyzip
+    shoulda (3.0.1)
+      shoulda-context (~> 1.0.0)
+      shoulda-matchers (~> 1.0.0)
+    shoulda-context (1.0.0)
+    shoulda-matchers (1.0.0)
+    sprockets (2.1.3)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    steak (2.0.0)
+      capybara (>= 1.0.0)
+      rspec-rails (>= 2.5.0)
+    thor (0.15.2)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.33)
+    uglifier (1.2.4)
+      execjs (>= 0.3.0)
+      multi_json (>= 1.0.2)
+    validate_url (0.2.0)
+      activemodel (>= 3.0.0)
+    watchr (0.7)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+    will_paginate (3.0.3)
+    xpath (0.1.4)
+      nokogiri (~> 1.3)
+    yajl-ruby (1.1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  autotest
+  autotest-growl
+  bcrypt-ruby
+  bson_ext
+  capybara
+  chronic
+  coffee-rails (~> 3.2.1)
+  database_cleaner
+  debugger
+  delorean
+  email_validator
+  factory_girl_rails
+  fuubar
+  jquery-rails
+  launchy
+  mongoid
+  oauth2_provider!
+  orm_adapter!
+  rack-ssl
+  rails (= 3.2.5)
+  rspec-rails
+  rspec-set
+  sass-rails (~> 3.2.3)
+  selenium-client
+  selenium-webdriver
+  shoulda
+  steak
+  uglifier (>= 1.0.3)
+  validate_url
+  watchr
+  webrat
+  will_paginate
+  yajl-ruby