oauth2_provider_engine 0.0.1

data/test/dummy/Rakefile

@@ -0,0 +1,7 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+require 'rake'
+
+Lelylan::Application.load_tasks

data/test/dummy/VERSION

@@ -0,0 +1 @@
+v0.3.1

data/test/dummy/app/assets/stylesheets/reset.css

@@ -0,0 +1,2 @@
+html, body, div, form, p,
+code, pre { margin: 0; padding: 0; border: 0; vertical-align: baseline; }

data/test/dummy/app/assets/stylesheets/template.css

@@ -0,0 +1,52 @@
+body { font: 14px/1.333 sans-serif; color: #444; background: #eee; }
+
+a { color: #980905; }
+a:hover, a:focus, a:active { text-decoration: none; }
+
+h1 { margin: 0 0 0.2em; font-size: 36px; }
+h2 { margin: 0 0 0.75em; font-size: 21px; }
+h3 { margin: 0 0 0.333em; font-size: 16px; font-weight: normal; }
+p { margin: 0 0 1.333em; }
+em { font-style: italic; }
+table { border-collapse: separate; border-spacing: 0; margin: 0; vertical-align: middle; }
+th { font-weight: bold; }
+th, td { padding: 5px 8px 5px 5px; text-align: left; vertical-align: middle; }
+pre, code { font-family: monospace, sans-serif; font-size: 1em; color:#080; }
+
+.container { position:relative; overflow:hidden; width: 780px; padding: 40px 60px; border: 1px solid #ccc; margin: 40px auto 20px; background: #fff; -webkit-box-shadow: 0 0 15px rgba(0,0,0,0.1); -moz-box-shadow: 0 0 15px rgba(0,0,0,0.1); box-shadow: 0 0 15px rgba(0,0,0,0.1); }
+
+.container pre,
+.container .prettyprint { padding: 0; border: 0; margin: 0 0 20px; font-size: 13px; background: #fff; }
+
+.ribbon { position: absolute; top: -1px; right: -1px; opacity: 0.9; }
+.ribbon:hover, .ribbon:focus, .ribbon:active { opacity: 1; }
+.ribbon img { display: block; border: 0; }
+
+.header { padding-right:80px; }
+.header, .navigation { border-bottom: 1px solid #ccc; }
+.navigation { padding: 10px; margin: 0px; background-color: #EEE }
+
+.section { margin: 40px 0 20px; }
+
+.example { padding: 20px; border: 1px solid #ccc; margin: 10px -20px 20px; }
+
+.footer { margin: 20px 0 50px; font-size: 11px; color: #666; text-align: center; }
+.footer a { color: #666; }
+
+.field, .actions { margin: 0 0 1.333em; }
+.field_show { margin: 0 0 0.666em; }
+
+.admin_notice { color: green }
+.details { color: #CCC; padding: 5px 0 }
+
+.header_buttons { margin: -8px 0px 20px 0px }
+.footer_buttons { margin: 1em 0 0 0 }
+
+.flash_notice { margin: 0 0 1em 0; color: green; font-weight: bold }
+.flash_alert { margin: 0 0 1em 0; color: #980905; font-weight: bold }
+
+.field input { width: 300px; height: 25px; font: 14px/1.333 sans-serif; padding-left: 4px; }
+.field input { border: 1px solid #CCC; }
+
+#grant, #deny { padding: 5px 0px }
+.green { color: green }

data/test/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,52 @@
+class ApplicationController < ActionController::Base
+  include Oauth2Provider::ControllerMixin
+
+  protect_from_forgery
+
+  before_filter :authenticate
+  helper_method :current_user
+  helper_method :admin_does_not_exist
+
+  rescue_from BSON::InvalidObjectId,        with: :bson_invalid_object_id
+  rescue_from JSON::ParserError,            with: :json_parse_error
+  rescue_from Mongoid::Errors::InvalidType, with: :mongoid_errors_invalid_type
+
+  protected
+
+  def authenticate
+    if api_request
+      oauth_authorized   # uncomment to make all json API protected
+    else
+      session_auth
+    end
+  end
+
+  def session_auth
+    @current_user ||= User.where(:_id => session[:user_id]).first if session[:user_id]
+    unless current_user
+      session[:back] = request.url
+      redirect_to(log_in_path) and return false
+    end
+    return @current_user
+  end
+
+  def current_user
+    @current_user
+  end
+
+  def admin_does_not_exist
+    User.where(admin: true).first.nil?
+  end
+
+  def bson_invalid_object_id(e)
+    redirect_to root_path, alert: "Resource not found."
+  end
+
+  def json_parse_error(e)
+    redirect_to root_path, alert: "Json not valid"
+  end
+
+  def mongoid_errors_invalid_type(e)
+    redirect_to root_path, alert: "Json values is not an array"
+  end
+end

data/test/dummy/app/controllers/pastas_controller.rb

@@ -0,0 +1,23 @@
+class PastasController < ApplicationController
+  before_filter :oauth_authorized
+
+  def index
+    render json: {action: :index}
+  end
+
+  def show
+    render json: {action: :show}
+  end
+
+  def create
+    render json: {action: :create}
+  end
+
+  def update 
+    render json: {action: :update}
+  end
+
+  def destroy
+    render json: {action: :destroy}
+  end
+end

data/test/dummy/app/controllers/pizzas_controller.rb

@@ -0,0 +1,23 @@
+class PizzasController < ApplicationController
+  before_filter :oauth_authorized
+
+  def index
+    render json: {action: :index}
+  end
+
+  def show
+    render json: {action: :show}
+  end
+
+  def create
+    render json: {action: :create}
+  end
+
+  def update 
+    render json: {action: :update}
+  end
+
+  def destroy
+    render json: {action: :destroy}
+  end
+end

data/test/dummy/app/controllers/sessions_controller.rb

@@ -0,0 +1,26 @@
+class SessionsController < ApplicationController
+
+  skip_before_filter :authenticate
+
+  def new
+  end
+
+  def create
+    user = User.authenticate(params[:email], params[:password])
+    if user
+      session[:user_id] = user.id
+      session[:back] ||= user_path(user)
+      redirect_to session[:back], notice: "Logged in!"
+      session[:back] = nil
+    else
+      flash.now.alert = "Invalid email or password"
+      render "new"
+    end
+  end
+
+  def destroy
+    session[:user_id] = nil
+    redirect_to root_url, :notice => "Logged out!"
+  end
+
+end

data/test/dummy/app/controllers/users_controller.rb

@@ -0,0 +1,59 @@
+class UsersController < ApplicationController
+
+  skip_before_filter :authenticate, only: ["new", "create"]
+  before_filter :admin?, only: ["index"]
+  before_filter :find_user, only: ["show", "edit", "update", "destroy"]
+
+  def index
+    @users = User.all
+  end
+
+  def show
+  end
+
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(params[:user])
+    @user.admin = true if admin_does_not_exist
+    if @user.save
+      redirect_to root_url, :notice => "Signed up!"
+    else
+      render "new"
+    end
+  end
+
+  def edit
+  end
+
+  def update
+    params[:user].delete_if { |key, value| key == "password" and value.empty? }
+    if @user.update_attributes(params[:user])
+      render "show"
+    else
+      render action: "edit"
+    end
+  end
+
+
+  private
+
+    def find_user
+      @user = current_user.admin? ? User.criteria : User.where(_id: current_user.id.to_s)
+      @user = @user.where(_id: params[:id]).first
+      unless @user
+        redirect_to root_path, alert: "Resource not found."
+      end
+    end
+
+    def admin?
+      unless current_user.admin?
+        flash.alert = "Unauthorized access."
+        redirect_to root_path
+        return false
+      end
+    end
+
+end

data/test/dummy/app/models/user.rb

@@ -0,0 +1,50 @@
+class User
+  include Mongoid::Document
+  include Mongoid::Timestamps
+
+  field :email
+  field :name
+  field :password_hash
+  field :password_salt
+  field :admin, type: Boolean, default: false
+
+  attr_accessible :email, :name, :password
+
+  attr_accessor :password
+  before_save :encrypt_password
+
+  validates :password, presence: true, on: :create
+  # TODO: add password length
+  #validates :password, length: {min: 6}, empty: true
+  validates :email, presence: true
+  validates :email, uniqueness: true
+  validates :email, email: true
+
+  def self.authenticate(email, password)
+    user = where(email: email).first
+    user.verify(password) if user
+  end
+
+  def verify(password)
+    if password_hash == BCrypt::Engine.hash_secret(password, password_salt)
+      self
+    else
+      nil
+    end
+  end
+
+  def encrypt_password
+    if password.present?
+      self.password_salt = BCrypt::Engine.generate_salt
+      self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
+    end
+  end
+
+  def admin?
+    self.admin
+  end
+
+  def self.find_by_id(id)
+    self.where(:_id => id).first
+  end
+end

data/test/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8"> 
+  <title>Rest OAuth 2.0 Server</title>
+  <%= stylesheet_link_tag :reset, :template %>
+  <%= csrf_meta_tag %>
+</head>
+
+<body">
+  <div class="container">
+      <a class="ribbon" href="https://github.com/lelylan/rest-oauth2-server" target="_blank"><img src="http://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub"></a>
+
+      <div class="header">
+        <h1>Rest OAuth 2.0 Server</h1>
+        <p>
+          <b><a href="https://github.com/lelylan/rest-oauth2-server" title="GitHub repository">Rest OAuth 2.0 Server</a> 
+            let you open up your API and manage end-user authentication and client application authorization 
+            implementing the OAuth 2.0 Specifications (draft 13). Read more on <a href="https://github.com/lelylan/rest-oauth2-server" title="GitHub readme">Github</a>
+          </b>
+        </p>
+      </div>
+      <div class="navigation">
+        <% if current_user %>
+          <div style="float: right">
+            Logged in as <%= current_user.email %>.
+            <%= link_to "Log out", log_out_path %>
+          </div>
+          <div>
+            <%= link_to("Home", current_user)  %>
+            <% if current_user.admin? %> |
+              <%= link_to("Users", users_path) %> |
+              <%= link_to("OAuth", oauth2_provider_engine.oauth2_provider_root_path) %> |
+            <% end %>
+          </div>
+        <% else %>
+          <%= link_to "Sign up", sign_up_path %> or
+          <%= link_to "log in", log_in_path %>
+        <% end %>
+      </div>
+      <br/>
+
+
+    <% if flash.notice %>
+      <div class="flash_notice">
+        <%= flash.notice %>
+      </div>
+    <% end %>
+
+    <% if flash.alert %>
+      <div class=flash_alert>
+        <%= flash.alert %>
+        <% if @info %>
+          <p>Additional information: 
+          <%= @info.to_json%>
+          </p>
+        <% end %>
+      </div>
+    <% end %>
+
+    <%= yield %>
+
+  </div>
+</body>
+</html>

data/test/dummy/app/views/sessions/new.html.erb

@@ -0,0 +1,25 @@
+<html>
+  <head></head>
+  <body>
+    <h2>Log in</h2>
+
+    <%= form_tag sessions_path do %>
+      <div class="field">
+        <%= label_tag :email %><br />
+        <%= text_field_tag :email, params[:email] %>
+      </div>
+
+      <div class="field">
+        <%= label_tag :password %><br />
+        <%= password_field_tag :password %>
+      </div>
+
+      <div class="actions">
+        <%= submit_tag "Log in", class: "button" %>
+      </div>
+    <% end %>
+
+  </body>
+</html>
+
+

data/test/dummy/app/views/shared/403.json.erb

@@ -0,0 +1,4 @@
+{
+  "request" => "<%=request.url%>",
+  "message" => "to define"
+}

data/test/dummy/app/views/shared/404.json.erb

@@ -0,0 +1,6 @@
+{
+  "request": "<%=raw request.url%>",
+  "message": "<%=raw @message%>",
+  "info": "<%=@info%>"
+}
+

data/test/dummy/app/views/shared/422.json.erb

@@ -0,0 +1,5 @@
+{
+  "request": "<%=raw request.url%>",
+  "message": "<%=raw @message%>",
+  "info":    <%=raw @info%>
+}

data/test/dummy/app/views/shared/500.json.erb

@@ -0,0 +1,4 @@
+{
+  "request": "<%=request.url%>",
+  "message": "<%=@message%>"
+}

data/test/dummy/app/views/users/_form.html.erb

@@ -0,0 +1,27 @@
+<%= form_for(@user) do |f| %>
+
+  <% if @user.errors.any? %>
+    <div id="error_explanation">
+      <div><%= pluralize(@user.errors.count, "error") %> prohibited this resource from being saved</div>
+      <ul>
+      <% @user.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :name%><br />
+    <%= f.text_field :name%>
+  </div>
+
+  <div class="field">
+    <%= f.label :password %><br />
+    <%= f.text_field :password %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit nil, {class: "button"} %>
+  </div>
+<% end %>