oauth2_provider_engine 0.0.1

data/app/models/oauth2_provider/scope.rb

@@ -0,0 +1,39 @@
+module Oauth2Provider
+class Scope
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Document::Base
+
+  field :name
+  field :uri
+  field :values, type: Array, default: []
+
+  attr_accessible :name
+
+  validates :name, presence: true
+  validates :values, presence: true
+  validates :uri, url: true
+
+  def normalize(val)
+    separator = Oauth2Provider.settings["scope_separator"]
+    val = val.split(separator)
+  end
+
+  def values_pretty
+    separator = Oauth2Provider.settings["scope_separator"]
+    values.join(separator)
+  end
+
+  class << self
+    # Sync all scopes with the correct exploded scope when a
+    # scope is modified (changed or removed)
+    def sync_scopes_with_scope(scope)
+      scopes_to_sync = any_in(scope: [scope])
+      scopes_to_sync.each do |client|
+        scope.values = Oauth2Provider.normalize_scope(scope.values)
+        scope.save
+      end
+    end
+  end
+end
+end

data/app/views/layouts/oauth2_provider/application.html.erb

@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8"> 
+  <title>OAuth 2.0 Provider Engine</title>
+  <%= stylesheet_link_tag 'oauth2_provider/reset', 'oauth2_provider/template', 'oauth2_provider/jquery.tagsinput', 'oauth2_provider/gh-buttons' %>
+  <%= javascript_include_tag :jquery, 'oauth2_provider/highcharts', 'oauth2_provider/jquery.tagsinput', 'oauth2_provider/application' %>
+  <%= csrf_meta_tag %>
+</head>
+
+<body">
+  <div class="container">
+    <% unless request.path == oauth2_provider_engine.oauth2_provider_authorize_path %>
+      <a class="ribbon" href="https://github.com/lelylan/rest-oauth2-server" target="_blank"><img src="http://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub"></a>
+
+      <div class="header">
+        <h1>OAuth 2.0 Provider Engine</h1>
+        <p>
+          <b><a href="https://github.com/lelylan/rest-oauth2-server" title="GitHub repository">OAuth 2.0 Provider Engine</a> 
+            let you open up your API and manage end-user authentication and client application authorization 
+            implementing the OAuth 2.0 Specifications (draft 13). Read more on <a href="https://github.com/lelylan/rest-oauth2-server" title="GitHub readme">Github</a>
+          </b>
+        </p>
+      </div>
+    <% end %>
+      <div class="navigation">
+        <% if current_user %>
+          <div>
+            <%= link_to("Base Application", '/')  %> |
+            <%= link_to("Accesses", oauth2_provider_engine.oauth2_provider_accesses_path)  %> |
+            <%= link_to("Clients", oauth2_provider_engine.oauth2_provider_clients_path)  %>
+            <% if current_user.admin? %> |
+              <%= link_to("Scopes", oauth2_provider_engine.oauth2_provider_scopes_path) %>
+            <% end %>
+          </div>
+        <% end %>
+      </div>
+      <br/>
+
+
+    <% if flash.notice %>
+      <div class="flash_notice">
+        <%= flash.notice %>
+      </div>
+    <% end %>
+
+    <% if flash.alert %>
+      <div class=flash_alert>
+        <%= flash.alert %>
+        <% if @info %>
+          <p>Additional information: 
+          <%= @info.to_json%>
+          </p>
+        <% end %>
+      </div>
+    <% end %>
+
+    <%= yield %>
+
+  </div>
+</body>
+</html>

data/app/views/oauth2_provider/accesses/index.html.erb

@@ -0,0 +1,25 @@
+<h2>Show Accesses</h2>
+
+<table>
+  <tr>
+    <th>Client URI</th>
+    <th></th>
+    <th></th>
+  </tr>
+
+<% @accesses.each do |access| %>
+  <tr>
+    <td><%= access.client_uri %></td>
+    <td><%= link_to 'Show stats', oauth2_provider_engine.oauth2_provider_access_path(access), class: "button icon settings" %></td>
+
+    <% if access.blocked? %>
+      <td><%= link_to 'Unblock!', oauth2_provider_engine.unblock_oauth2_provider_access_path(access), method: :put, class: "button danger" %></td>
+    <% else %>
+      <td><%= link_to 'Block!', oauth2_provider_engine.block_oauth2_provider_access_path(access), method: :put, class: "button danger" %></td>
+    <% end %>
+
+  </tr>
+<% end %>
+</table>
+
+<br/>

data/app/views/oauth2_provider/accesses/show.html.erb

@@ -0,0 +1,35 @@
+<h2>Show Access</h2>
+
+<div class="field_show">
+  <b>Client URI:</b>
+  <%= @access.client_uri %>
+</div>
+
+<div class="field_show">
+  <b>Today requests:</b>
+  <%= @access.daily_requests.times %>
+</div>
+
+<div id="chart" style="width: 100%; height: 250px"></div>
+
+<div class="footer_buttons"> 
+<%= link_to 'Back', oauth2_provider_engine.oauth2_provider_accesses_path, class: "button icon arrowleft" %>
+<% if @access.blocked? %>
+  <%= link_to 'Unblock!', oauth2_provider_engine.unblock_oauth2_provider_access_path(@access), method: :put, class: "button danger" %>
+<% else %>
+  <%= link_to 'Block!', oauth2_provider_engine.block_oauth2_provider_access_path(@access), method: :put, class: "button danger" %>
+<% end %>
+<div>
+
+
+<script>
+  $(document).ready(function() {
+    createChart(
+      <%=raw @access.chart_days %>,
+      <%= @access.chart_times.to_json %>,
+      "<%= @access.client_uri %>"
+    )  
+  });
+</script>
+
+

data/app/views/oauth2_provider/clients/_form.html.erb

@@ -0,0 +1,50 @@
+<%
+  form_options = { as: :client }
+  if @client.new_record?
+    form_options.merge! :url => oauth2_provider_engine.oauth2_provider_clients_path, :method => :post
+  else
+    form_options.merge! :url => oauth2_provider_engine.oauth2_provider_client_path(@client.id), :method => :put
+  end
+%>
+<%= form_for @client, form_options do |f| %>
+
+  <% if @client.errors.any? %>
+    <div id="error_explanation">
+      <div><%= pluralize(@client.errors.count, "error") %> prohibited this resource from being saved</div>
+      <ul>
+      <% @client.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </div>
+
+  <div class="field">
+    <%= f.label :site_uri %><br />
+    <%= f.text_field :site_uri %>
+  </div>
+
+  <div class="field">
+    <%= f.label :redirect_uri %><br />
+    <%= f.text_field :redirect_uri %>
+  </div>
+
+  <div class="field">
+    <%= f.label :scope %> (separated by spaces)<br />
+    <input id="client_scope" class="tags" name="client[scope]" size="30" type="text" value="<%=@client.scope_pretty%>">
+  </div>
+
+  <div class="field">
+    <%= f.label :info %><br />
+    <%= f.text_field :info %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit nil, {class: "button"} %>
+  </div>
+<% end %>

data/app/views/oauth2_provider/clients/edit.html.erb

@@ -0,0 +1,9 @@
+<h2>Editing Client</h2>
+
+<div class="header_buttons button-group">
+  <%= link_to 'Back', oauth2_provider_engine.oauth2_provider_clients_path, class: "button icon arrowleft" %>
+  <%= link_to 'Show', oauth2_provider_engine.oauth2_provider_client_path(@client), class: "button" %>
+</div>
+
+<%= render 'form' %>
+

data/app/views/oauth2_provider/clients/index.html.erb

@@ -0,0 +1,43 @@
+<h2>Show Clients</h2>
+<div class="header_buttons">
+  <%= link_to 'Create a new client', oauth2_provider_engine.new_oauth2_provider_client_path, class: "button icon add" %>
+</div>
+
+<table>
+  <tr>
+    <% if current_user.admin? %>
+      <th>User</th>
+    <% end %>
+    <th>Name</th>
+    <th>Active</th>
+    <th></th>
+    <th></th>
+    <th></th>
+    <th></th>
+  </tr>
+
+<% @clients.each do |client| %>
+  <tr>
+    <% if current_user.admin? %>
+      <td><%= link_to User, client.created_from %></td>
+    <% end %>
+    <td><%= client.name %></td>
+    <% unless current_user.admin? %>
+      <td><%= client.blocked? ? "Not Active" : "Active" %></td>
+    <% end %>
+    <td><%= link_to 'Show', oauth2_provider_engine.oauth2_provider_client_path(client), class: "button" %></td>
+    <td><%= link_to 'Edit', oauth2_provider_engine.edit_oauth2_provider_client_path(client), class: "button" %></td>
+    <td><%= link_to 'Destroy', oauth2_provider_engine.oauth2_provider_client_path(client), confirm: 'Are you sure?', method: :delete, class: "button danger" %></td>
+    <% if current_user.admin? %>
+      <% if client.blocked? %>
+        <td><%= link_to 'Unblock!', oauth2_provider_engine.unblock_oauth2_provider_client_path(client), method: :put, class: "button danger icon unlock" %></td>
+      <% else %>
+        <td><%= link_to 'Block!', oauth2_provider_engine.block_oauth2_provider_client_path(client), method: :put, class: "button danger icon lock" %></td>
+      <% end %>
+    <% end %>
+
+  </tr>
+<% end %>
+</table>
+
+<br/>

data/app/views/oauth2_provider/clients/new.html.erb

@@ -0,0 +1,8 @@
+<h2>New Client</h2>
+
+<div class="button-group header_buttons">
+  <%= link_to 'Back', oauth2_provider_engine.oauth2_provider_clients_path, class: "button icon arrowleft" %>
+</div>
+
+<%= render 'form' %>
+

data/app/views/oauth2_provider/clients/show.html.erb

@@ -0,0 +1,49 @@
+<h2>Show Client</h2>
+
+<div class="field_show">
+  <b>Client URI:</b>
+  <%= @client.uri %>
+</div>
+
+<div class="field_show">
+  <b>Name:</b>
+  <%= @client.name %>
+</div>
+
+<div class="field_show">
+  <b>Secret:</b>
+  <%= @client.secret %>
+</div>
+
+<div class="field_show">
+  <b>Site URI:</b>
+  <%= @client.site_uri %>
+</div>
+
+<div class="field_show">
+  <b>Redirect URI:</b>
+  <%= @client.redirect_uri %>
+</div>
+
+<div class="field_show">
+  <b>Scope:</b>
+  <%= @client.scope_pretty %> 
+  <span class="details">(includes <%= @client.scope_values_pretty %>)</span>
+</div>
+
+<div class="field_show">
+  <b>Info:</b>
+  <%= @client.info %>
+</div>
+
+<div class="actions button-container footer_buttons">
+  <div class="button-group">
+    <%= link_to 'Back', oauth2_provider_engine.oauth2_provider_clients_path, class: "button icon arrowleft" %>
+    <%= link_to 'Edit', oauth2_provider_engine.edit_oauth2_provider_client_path(@client), class: "button" %>
+    <%= link_to 'Destroy', oauth2_provider_engine.oauth2_provider_client_path(@client), :confirm => 'Are you sure?', :method => :delete, class: "button danger" %>
+  </div>
+
+  <div class="button-group">
+    <%= link_to 'Simulate Authorization', authorization_uri(@client, "all"), class: "button icon search" %>
+  </div>
+</div>

data/app/views/oauth2_provider/scopes/_form.html.erb

@@ -0,0 +1,35 @@
+<%
+  form_options = { as: :scope }
+  if @scope.new_record?
+    form_options.merge! :url => oauth2_provider_engine.oauth2_provider_scopes_path, :method => :post
+  else
+    form_options.merge! :url => oauth2_provider_engine.oauth2_provider_scope_path(@scope.id), :method => :put
+  end
+%>
+<%= form_for @scope, form_options do |f| %>
+
+  <% if @scope.errors.any? %>
+    <div id="error_explanation">
+      <div><%= pluralize(@scope.errors.count, "error") %> prohibited this resource from being saved</div>
+      <ul>
+      <% @scope.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </div>
+
+  <div class="field">
+    <%= f.label :values %> (separated by spaces)<br />
+    <input id="scope_values" class="tags" name="scope[values]" size="30" type="text" value="<%=@scope.values.join(" ") if @scope.values%>">
+  </div>
+
+  <div class="actions">
+    <%= f.submit nil, {class: "button" } %>
+  </div>
+<% end %>

data/app/views/oauth2_provider/scopes/edit.html.erb

@@ -0,0 +1,8 @@
+<h2>Editing Scope</h2>
+
+<div class="button-group header_buttons">
+  <%= link_to 'Back', oauth2_provider_engine.oauth2_provider_scopes_path, class: "button icon arrowleft" %>
+  <%= link_to 'Show', oauth2_provider_engine.oauth2_provider_scope_path(@scope), class: "button" %>
+</div>
+
+<%= render 'form' %>

data/app/views/oauth2_provider/scopes/index.html.erb

@@ -0,0 +1,27 @@
+<h2>Show Scope</h2>
+
+<div class="header_buttons">
+  <%= link_to 'Create a new scope', oauth2_provider_engine.new_oauth2_provider_scope_path, class: "button icon add" %>
+</div>
+
+<table>
+  <tr>
+    <th>Name</th>
+    <th>Values</th>
+    <th></th>
+    <th></th>
+    <th></th>
+  </tr>
+
+<% @scopes.each do |scope| %>
+  <tr>
+    <td><b><%= scope.name %></b></td>
+    <td><%= scope.values_pretty %></td>
+    <td><%= link_to 'Show', oauth2_provider_engine.oauth2_provider_scope_path(scope), class: "button" %></td>
+    <td><%= link_to 'Edit', oauth2_provider_engine.edit_oauth2_provider_scope_path(scope), class: "button" %></td>
+    <td><%= link_to 'Destroy', oauth2_provider_engine.oauth2_provider_scope_path(scope), :confirm => 'Are you sure?', :method => :delete, class: "button danger" %></td>
+  </tr>
+<% end %>
+</table>
+
+<br/>

data/app/views/oauth2_provider/scopes/new.html.erb

@@ -0,0 +1,7 @@
+<h2>New Scope</h2>
+
+<div class="button-group header_buttons">
+  <%= link_to 'Back', oauth2_provider_engine.oauth2_provider_scopes_path, class: "button icon arrowleft" %>
+</div>
+
+<%= render 'form' %>

data/app/views/oauth2_provider/scopes/show.html.erb

@@ -0,0 +1,19 @@
+<h2>Show Scope</h2>
+
+<div class="field_show">
+  <b>Name:</b>
+  <%= @scope.name %>
+</div>
+
+<div class="field_show">
+  <b>Values:</b>
+  <%= @scope.values_pretty %>
+  <span class="details">(includes <%= Oauth2Provider.normalize_scope(@scope.values_pretty).join(" ") %></span>
+</div>
+
+
+<div class="button-group footer_buttons">
+<%= link_to 'Back', oauth2_provider_engine.oauth2_provider_scopes_path, class: "button icon arrowleft" %> 
+<%= link_to 'Edit', oauth2_provider_engine.edit_oauth2_provider_scope_path(@scope), class: "button" %>
+<%= link_to 'Destroy', oauth2_provider_engine.oauth2_provider_scope_path(@scope), :confirm => 'Are you sure?', :method => :delete, class: "button danger" %>
+</div>

data/app/views/shared/authorize.html.erb

@@ -0,0 +1,34 @@
+<% unless flash.alert %>
+    <h2>Authorization request</h2>
+    <div>
+      <b>The application <span class="green"><%=@client.name%></span> would like to access your resources</b>
+      <div class="details"> You are giving access to <%= params[:scope].join(" ") %></div>
+
+    <div id="grant" class="footer_buttons">
+      <form method="POST" action="/oauth/authorize">
+        <input type="text" style="display:none" name="response_type" value="<%=params[:response_type]%>">
+        <input type="text" style="display:none" name="client_id" value="<%=params[:client_id]%>">
+        <input type="text" style="display:none" name="redirect_uri" value="<%=params[:redirect_uri]%>">
+        <input type="text" style="display:none" name="scope" value="<%=params[:scope].join(" ")%>">
+        <% if params[:state] %>
+          <input type="text" style="display:none" name="state" value="<%=params[:state]%>">
+        <% end %>
+        <button class="button big icon approve">Grant Access</button>
+      </form>
+    </div>
+
+    <div id="deny">
+      <form method="POST" action="/oauth/authorize">
+        <input type="text" style="display:none" name="_method" value="delete">
+        <input type="text" style="display:none" name="response_type" value="<%=params[:response_type]%>">
+        <input type="text" style="display:none" name="client_id" value="<%=params[:client_id]%>">
+        <input type="text" style="display:none" name="redirect_uri" value="<%=params[:redirect_uri]%>">
+        <input type="text" style="display:none" name="scope" value="<%=params[:scope].join(" ")%>">
+        <% if params[:state] %>
+          <input type="text" style="display:none" name="state" value="<%=params[:state]%>">
+        <% end %>
+        <button class="button big danger icon lock">Deny Access</button>
+      </form>
+    </div>
+
+  <% end %>