RubyGems - oauth2_provider_engine - Versions diffs - 0.0.1 - Mend

oauth2_provider_engine 0.0.1

Files changed (132) hide show

data/MIT-LICENSE +20 -0
data/README.rdoc +3 -0
data/Rakefile +40 -0
data/app/assets/javascripts/oauth2_provider/application.js +52 -0
data/app/assets/javascripts/oauth2_provider/highcharts.js +162 -0
data/app/assets/javascripts/oauth2_provider/jquery.tagsinput.js +218 -0
data/app/assets/stylesheets/oauth2_provider/gh-buttons.css +388 -0
data/app/assets/stylesheets/oauth2_provider/gh-icons.png +0 -0
data/app/assets/stylesheets/oauth2_provider/jquery.tagsinput.css +6 -0
data/app/assets/stylesheets/oauth2_provider/reset.css +2 -0
data/app/assets/stylesheets/oauth2_provider/template.css +52 -0
data/app/controllers/oauth2_provider/accesses_controller.rb +39 -0
data/app/controllers/oauth2_provider/application_controller.rb +17 -0
data/app/controllers/oauth2_provider/authorize_controller.rb +141 -0
data/app/controllers/oauth2_provider/clients_controller.rb +85 -0
data/app/controllers/oauth2_provider/scopes_controller.rb +63 -0
data/app/controllers/oauth2_provider/token_controller.rb +187 -0
data/app/helpers/clients_helper.rb +5 -0
data/app/helpers/oauth2_provider/application_helper.rb +4 -0
data/app/models/oauth2_provider/client.rb +129 -0
data/app/models/oauth2_provider/document.rb +15 -0
data/app/models/oauth2_provider/oauth_access.rb +80 -0
data/app/models/oauth2_provider/oauth_authorization.rb +70 -0
data/app/models/oauth2_provider/oauth_daily_request.rb +54 -0
data/app/models/oauth2_provider/oauth_refresh_token.rb +20 -0
data/app/models/oauth2_provider/oauth_token.rb +78 -0
data/app/models/oauth2_provider/scope.rb +39 -0
data/app/views/layouts/oauth2_provider/application.html.erb +62 -0
data/app/views/oauth2_provider/accesses/index.html.erb +25 -0
data/app/views/oauth2_provider/accesses/show.html.erb +35 -0
data/app/views/oauth2_provider/clients/_form.html.erb +50 -0
data/app/views/oauth2_provider/clients/edit.html.erb +9 -0
data/app/views/oauth2_provider/clients/index.html.erb +43 -0
data/app/views/oauth2_provider/clients/new.html.erb +8 -0
data/app/views/oauth2_provider/clients/show.html.erb +49 -0
data/app/views/oauth2_provider/scopes/_form.html.erb +35 -0
data/app/views/oauth2_provider/scopes/edit.html.erb +8 -0
data/app/views/oauth2_provider/scopes/index.html.erb +27 -0
data/app/views/oauth2_provider/scopes/new.html.erb +7 -0
data/app/views/oauth2_provider/scopes/show.html.erb +19 -0
data/app/views/shared/authorize.html.erb +34 -0
data/app/views/shared/token.json.erb +8 -0
data/config/locales/en.yml +31 -0
data/config/oauth.yml +4 -0
data/config/routes.rb +25 -0
data/lib/oauth2_provider.rb +38 -0
data/lib/oauth2_provider/controller_mixin.rb +53 -0
data/lib/oauth2_provider/engine.rb +4 -0
data/lib/oauth2_provider_engine.rb +1 -0
data/lib/oauth2_provider_engine/version.rb +3 -0
data/test/dummy/CHANGELOG.rdoc +67 -0
data/test/dummy/Gemfile +53 -0
data/test/dummy/Gemfile.lock +254 -0
data/test/dummy/README.rdoc +522 -0
data/test/dummy/Rakefile +7 -0
data/test/dummy/VERSION +1 -0
data/test/dummy/app/assets/stylesheets/reset.css +2 -0
data/test/dummy/app/assets/stylesheets/template.css +52 -0
data/test/dummy/app/controllers/application_controller.rb +52 -0
data/test/dummy/app/controllers/pastas_controller.rb +23 -0
data/test/dummy/app/controllers/pizzas_controller.rb +23 -0
data/test/dummy/app/controllers/sessions_controller.rb +26 -0
data/test/dummy/app/controllers/users_controller.rb +59 -0
data/test/dummy/app/models/user.rb +50 -0
data/test/dummy/app/views/layouts/application.html.erb +65 -0
data/test/dummy/app/views/sessions/new.html.erb +25 -0
data/test/dummy/app/views/shared/403.json.erb +4 -0
data/test/dummy/app/views/shared/404.json.erb +6 -0
data/test/dummy/app/views/shared/422.json.erb +5 -0
data/test/dummy/app/views/shared/500.json.erb +4 -0
data/test/dummy/app/views/shared/html/404.html.erb +0 -0
data/test/dummy/app/views/shared/html/422.html.erb +0 -0
data/test/dummy/app/views/users/_form.html.erb +27 -0
data/test/dummy/app/views/users/edit.html.erb +8 -0
data/test/dummy/app/views/users/index.html.erb +20 -0
data/test/dummy/app/views/users/new.html.erb +46 -0
data/test/dummy/app/views/users/show.html.erb +15 -0
data/test/dummy/app/views/users/show.json.erb +6 -0
data/test/dummy/config.ru +4 -0
data/test/dummy/config/application.rb +57 -0
data/test/dummy/config/boot.rb +13 -0
data/test/dummy/config/cucumber.yml +8 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/development.rb +32 -0
data/test/dummy/config/environments/production.rb +58 -0
data/test/dummy/config/environments/test.rb +35 -0
data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/test/dummy/config/initializers/inflections.rb +10 -0
data/test/dummy/config/initializers/mime_types.rb +5 -0
data/test/dummy/config/initializers/secret_token.rb +7 -0
data/test/dummy/config/initializers/session_store.rb +8 -0
data/test/dummy/config/initializers/test.rb +3 -0
data/test/dummy/config/locales/en.yml +1 -0
data/test/dummy/config/mongoid.yml +20 -0
data/test/dummy/config/routes.rb +22 -0
data/test/dummy/db/seeds.rb +7 -0
data/test/dummy/doc/README_FOR_APP +2 -0
data/test/dummy/lib/tasks/cucumber.rake +53 -0
data/test/dummy/lib/tasks/watchr.rake +5 -0
data/test/dummy/public/404.html +26 -0
data/test/dummy/public/422.html +26 -0
data/test/dummy/public/500.html +4 -0
data/test/dummy/public/favicon.ico +0 -0
data/test/dummy/public/robots.txt +5 -0
data/test/dummy/script/cucumber +10 -0
data/test/dummy/script/rails +6 -0
data/test/dummy/spec/acceptance/acceptance_helper.rb +5 -0
data/test/dummy/spec/acceptance/accesses_controller_spec.rb +77 -0
data/test/dummy/spec/acceptance/clients_controller_spec.rb +218 -0
data/test/dummy/spec/acceptance/oauth_authorize_controller_spec.rb +241 -0
data/test/dummy/spec/acceptance/oauth_token_controller_spec.rb +196 -0
data/test/dummy/spec/acceptance/resource_controller_spec.rb +143 -0
data/test/dummy/spec/acceptance/scopes_controller_spec.rb +227 -0
data/test/dummy/spec/acceptance/support/helpers.rb +81 -0
data/test/dummy/spec/acceptance/support/paths.rb +9 -0
data/test/dummy/spec/acceptance/support/view_helpers.rb +52 -0
data/test/dummy/spec/acceptance/users_controller_spec.rb +198 -0
data/test/dummy/spec/extras/scope_spec.rb +105 -0
data/test/dummy/spec/factories/oauth.rb +106 -0
data/test/dummy/spec/models/oauth/client_spec.rb +123 -0
data/test/dummy/spec/models/oauth/oauth_access_spec.rb +48 -0
data/test/dummy/spec/models/oauth/oauth_authorization_spec.rb +50 -0
data/test/dummy/spec/models/oauth/oauth_daily_request_spec.rb +14 -0
data/test/dummy/spec/models/oauth/oauth_refresh_token_spec.rb +11 -0
data/test/dummy/spec/models/oauth/oauth_token_spec.rb +55 -0
data/test/dummy/spec/models/scope_spec.rb +17 -0
data/test/dummy/spec/spec_helper.rb +39 -0
data/test/dummy/spec/support/settings_helper.rb +28 -0
data/test/dummy/test/initializers/capybara_headers_hack.rb +23 -0
data/test/oauth2_provider_test.rb +7 -0
data/test/test_helper.rb +15 -0
metadata +387 -0

@@ -0,0 +1,7 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+require File.expand_path('../config/application', __FILE__)
+require 'rake'
+Lelylan::Application.load_tasks

data/test/dummy/VERSION ADDED

	@@ -0,0 +1 @@
1	+ v0.3.1

data/test/dummy/app/assets/stylesheets/reset.css ADDED

	@@ -0,0 +1,2 @@
1	+ html, body, div, form, p,
2	+ code, pre { margin: 0; padding: 0; border: 0; vertical-align: baseline; }

data/test/dummy/app/assets/stylesheets/template.css ADDED

@@ -0,0 +1,52 @@
+body { font: 14px/1.333 sans-serif; color: #444; background: #eee; }
+a { color: #980905; }
+a:hover, a:focus, a:active { text-decoration: none; }
+h1 { margin: 0 0 0.2em; font-size: 36px; }
+h2 { margin: 0 0 0.75em; font-size: 21px; }
+h3 { margin: 0 0 0.333em; font-size: 16px; font-weight: normal; }
+p { margin: 0 0 1.333em; }
+em { font-style: italic; }
+table { border-collapse: separate; border-spacing: 0; margin: 0; vertical-align: middle; }
+th { font-weight: bold; }
+th, td { padding: 5px 8px 5px 5px; text-align: left; vertical-align: middle; }
+pre, code { font-family: monospace, sans-serif; font-size: 1em; color:#080; }
+.container { position:relative; overflow:hidden; width: 780px; padding: 40px 60px; border: 1px solid #ccc; margin: 40px auto 20px; background: #fff; -webkit-box-shadow: 0 0 15px rgba(0,0,0,0.1); -moz-box-shadow: 0 0 15px rgba(0,0,0,0.1); box-shadow: 0 0 15px rgba(0,0,0,0.1); }
+.container pre,
+.container .prettyprint { padding: 0; border: 0; margin: 0 0 20px; font-size: 13px; background: #fff; }
+.ribbon { position: absolute; top: -1px; right: -1px; opacity: 0.9; }
+.ribbon:hover, .ribbon:focus, .ribbon:active { opacity: 1; }
+.ribbon img { display: block; border: 0; }
+.header { padding-right:80px; }
+.header, .navigation { border-bottom: 1px solid #ccc; }
+.navigation { padding: 10px; margin: 0px; background-color: #EEE }
+.section { margin: 40px 0 20px; }
+.example { padding: 20px; border: 1px solid #ccc; margin: 10px -20px 20px; }
+.footer { margin: 20px 0 50px; font-size: 11px; color: #666; text-align: center; }
+.footer a { color: #666; }
+.field, .actions { margin: 0 0 1.333em; }
+.field_show { margin: 0 0 0.666em; }
+.admin_notice { color: green }
+.details { color: #CCC; padding: 5px 0 }
+.header_buttons { margin: -8px 0px 20px 0px }
+.footer_buttons { margin: 1em 0 0 0 }
+.flash_notice { margin: 0 0 1em 0; color: green; font-weight: bold }
+.flash_alert { margin: 0 0 1em 0; color: #980905; font-weight: bold }
+.field input { width: 300px; height: 25px; font: 14px/1.333 sans-serif; padding-left: 4px; }
+.field input { border: 1px solid #CCC; }
+#grant, #deny { padding: 5px 0px }
+.green { color: green }

data/test/dummy/app/controllers/application_controller.rb ADDED

@@ -0,0 +1,52 @@
+class ApplicationController < ActionController::Base
+  include Oauth2Provider::ControllerMixin
+  protect_from_forgery
+  before_filter :authenticate
+  helper_method :current_user
+  helper_method :admin_does_not_exist
+  rescue_from BSON::InvalidObjectId,        with: :bson_invalid_object_id
+  rescue_from JSON::ParserError,            with: :json_parse_error
+  rescue_from Mongoid::Errors::InvalidType, with: :mongoid_errors_invalid_type
+  protected
+  def authenticate
+    if api_request
+      oauth_authorized   # uncomment to make all json API protected
+    else
+      session_auth
+    end
+  end
+  def session_auth
+    @current_user ||= User.where(:_id => session[:user_id]).first if session[:user_id]
+    unless current_user
+      session[:back] = request.url
+      redirect_to(log_in_path) and return false
+    end
+    return @current_user
+  end
+  def current_user
+    @current_user
+  end
+  def admin_does_not_exist
+    User.where(admin: true).first.nil?
+  end
+  def bson_invalid_object_id(e)
+    redirect_to root_path, alert: "Resource not found."
+  end
+  def json_parse_error(e)
+    redirect_to root_path, alert: "Json not valid"
+  end
+  def mongoid_errors_invalid_type(e)
+    redirect_to root_path, alert: "Json values is not an array"
+  end
+end

data/test/dummy/app/controllers/pastas_controller.rb ADDED

@@ -0,0 +1,23 @@
+class PastasController < ApplicationController
+  before_filter :oauth_authorized
+  def index
+    render json: {action: :index}
+  end
+  def show
+    render json: {action: :show}
+  end
+  def create
+    render json: {action: :create}
+  end
+  def update
+    render json: {action: :update}
+  end
+  def destroy
+    render json: {action: :destroy}
+  end
+end

data/test/dummy/app/controllers/pizzas_controller.rb ADDED

@@ -0,0 +1,23 @@
+class PizzasController < ApplicationController
+  before_filter :oauth_authorized
+  def index
+    render json: {action: :index}
+  end
+  def show
+    render json: {action: :show}
+  end
+  def create
+    render json: {action: :create}
+  end
+  def update
+    render json: {action: :update}
+  end
+  def destroy
+    render json: {action: :destroy}
+  end
+end

data/test/dummy/app/controllers/sessions_controller.rb ADDED

@@ -0,0 +1,26 @@
+class SessionsController < ApplicationController
+  skip_before_filter :authenticate
+  def new
+  end
+  def create
+    user = User.authenticate(params[:email], params[:password])
+    if user
+      session[:user_id] = user.id
+      session[:back] ||= user_path(user)
+      redirect_to session[:back], notice: "Logged in!"
+      session[:back] = nil
+    else
+      flash.now.alert = "Invalid email or password"
+      render "new"
+    end
+  end
+  def destroy
+    session[:user_id] = nil
+    redirect_to root_url, :notice => "Logged out!"
+  end
+end

data/test/dummy/app/controllers/users_controller.rb ADDED

@@ -0,0 +1,59 @@
+class UsersController < ApplicationController
+  skip_before_filter :authenticate, only: ["new", "create"]
+  before_filter :admin?, only: ["index"]
+  before_filter :find_user, only: ["show", "edit", "update", "destroy"]
+  def index
+    @users = User.all
+  end
+  def show
+  end
+  def new
+    @user = User.new
+  end
+  def create
+    @user = User.new(params[:user])
+    @user.admin = true if admin_does_not_exist
+    if @user.save
+      redirect_to root_url, :notice => "Signed up!"
+    else
+      render "new"
+    end
+  end
+  def edit
+  end
+  def update
+    params[:user].delete_if { |key, value| key == "password" and value.empty? }
+    if @user.update_attributes(params[:user])
+      render "show"
+    else
+      render action: "edit"
+    end
+  end
+  private
+    def find_user
+      @user = current_user.admin? ? User.criteria : User.where(_id: current_user.id.to_s)
+      @user = @user.where(_id: params[:id]).first
+      unless @user
+        redirect_to root_path, alert: "Resource not found."
+      end
+    end
+    def admin?
+      unless current_user.admin?
+        flash.alert = "Unauthorized access."
+        redirect_to root_path
+        return false
+      end
+    end
+end

data/test/dummy/app/models/user.rb ADDED

@@ -0,0 +1,50 @@
+class User
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  field :email
+  field :name
+  field :password_hash
+  field :password_salt
+  field :admin, type: Boolean, default: false
+  attr_accessible :email, :name, :password
+  attr_accessor :password
+  before_save :encrypt_password
+  validates :password, presence: true, on: :create
+  # TODO: add password length
+  #validates :password, length: {min: 6}, empty: true
+  validates :email, presence: true
+  validates :email, uniqueness: true
+  validates :email, email: true
+  def self.authenticate(email, password)
+    user = where(email: email).first
+    user.verify(password) if user
+  end
+  def verify(password)
+    if password_hash == BCrypt::Engine.hash_secret(password, password_salt)
+      self
+    else
+      nil
+    end
+  end
+  def encrypt_password
+    if password.present?
+      self.password_salt = BCrypt::Engine.generate_salt
+      self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
+    end
+  end
+  def admin?
+    self.admin
+  end
+  def self.find_by_id(id)
+    self.where(:_id => id).first
+  end
+end

data/test/dummy/app/views/layouts/application.html.erb ADDED

@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Rest OAuth 2.0 Server</title>
+  <%= stylesheet_link_tag :reset, :template %>
+  <%= csrf_meta_tag %>
+</head>
+<body">
+  <div class="container">
+      <a class="ribbon" href="https://github.com/lelylan/rest-oauth2-server" target="_blank"><img src="http://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub"></a>
+      <div class="header">
+        <h1>Rest OAuth 2.0 Server</h1>
+        <p>
+          <b><a href="https://github.com/lelylan/rest-oauth2-server" title="GitHub repository">Rest OAuth 2.0 Server</a>
+            let you open up your API and manage end-user authentication and client application authorization
+            implementing the OAuth 2.0 Specifications (draft 13). Read more on <a href="https://github.com/lelylan/rest-oauth2-server" title="GitHub readme">Github</a>
+          </b>
+        </p>
+      </div>
+      <div class="navigation">
+        <% if current_user %>
+          <div style="float: right">
+            Logged in as <%= current_user.email %>.
+            <%= link_to "Log out", log_out_path %>
+          </div>
+          <div>
+            <%= link_to("Home", current_user)  %>
+            <% if current_user.admin? %> |
+              <%= link_to("Users", users_path) %> |
+              <%= link_to("OAuth", oauth2_provider_engine.oauth2_provider_root_path) %> |
+            <% end %>
+          </div>
+        <% else %>
+          <%= link_to "Sign up", sign_up_path %> or
+          <%= link_to "log in", log_in_path %>
+        <% end %>
+      </div>
+      <br/>
+    <% if flash.notice %>
+      <div class="flash_notice">
+        <%= flash.notice %>
+      </div>
+    <% end %>
+    <% if flash.alert %>
+      <div class=flash_alert>
+        <%= flash.alert %>
+        <% if @info %>
+          <p>Additional information:
+          <%= @info.to_json%>
+          </p>
+        <% end %>
+      </div>
+    <% end %>
+    <%= yield %>
+  </div>
+</body>
+</html>

data/test/dummy/app/views/sessions/new.html.erb ADDED

@@ -0,0 +1,25 @@
+<html>
+  <head></head>
+  <body>
+    <h2>Log in</h2>
+    <%= form_tag sessions_path do %>
+      <div class="field">
+        <%= label_tag :email %><br />
+        <%= text_field_tag :email, params[:email] %>
+      </div>
+      <div class="field">
+        <%= label_tag :password %><br />
+        <%= password_field_tag :password %>
+      </div>
+      <div class="actions">
+        <%= submit_tag "Log in", class: "button" %>
+      </div>
+    <% end %>
+  </body>
+</html>

data/test/dummy/app/views/shared/403.json.erb ADDED

@@ -0,0 +1,4 @@
+{
+  "request" => "<%=request.url%>",
+  "message" => "to define"
+}

data/test/dummy/app/views/shared/404.json.erb ADDED

@@ -0,0 +1,6 @@
+{
+  "request": "<%=raw request.url%>",
+  "message": "<%=raw @message%>",
+  "info": "<%=@info%>"
+}

data/test/dummy/app/views/shared/422.json.erb ADDED

@@ -0,0 +1,5 @@
+{
+  "request": "<%=raw request.url%>",
+  "message": "<%=raw @message%>",
+  "info":    <%=raw @info%>
+}

data/test/dummy/app/views/shared/500.json.erb ADDED

@@ -0,0 +1,4 @@
+{
+  "request": "<%=request.url%>",
+  "message": "<%=@message%>"
+}

data/test/dummy/app/views/shared/html/404.html.erb ADDED

File without changes

data/test/dummy/app/views/shared/html/422.html.erb ADDED

File without changes

data/test/dummy/app/views/users/_form.html.erb ADDED

@@ -0,0 +1,27 @@
+<%= form_for(@user) do |f| %>
+  <% if @user.errors.any? %>
+    <div id="error_explanation">
+      <div><%= pluralize(@user.errors.count, "error") %> prohibited this resource from being saved</div>
+      <ul>
+      <% @user.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="field">
+    <%= f.label :name%><br />
+    <%= f.text_field :name%>
+  </div>
+  <div class="field">
+    <%= f.label :password %><br />
+    <%= f.text_field :password %>
+  </div>
+  <div class="actions">
+    <%= f.submit nil, {class: "button"} %>
+  </div>
+<% end %>