oauth2c 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 97d040c802c43d0eb1e4f0c6ea2884699e58fc16
-  data.tar.gz: 64b1657921b0c240465bf84a352b7ab71714bf52
+  metadata.gz: 6697c2a55898049be8fa0ce834bc70692fa74a4e
+  data.tar.gz: 75faff5bcd7f7666f5d0944b0c13e3efef607825
 SHA512:
-  metadata.gz: 47f34578cb60dc843c7d5a3badd18d6b11b74de81514cbbfa894e2929389e674241e6d43dcad1416a7b37d875ec28724ffa106f9e01edce704aca222c0d19ef2
-  data.tar.gz: 838e1f16877989fa75b8644872ea5f7deb15bc25bce877206268b71d4f9e408557ffece729ed97012441ddc00bc84c640b5d92e8fc8e32df1b14d6d92222bd64
+  metadata.gz: 953c28244c6d6d30a258f9c8a07e84ab68a8293a8e28075b0986fd221e54e0f1a853da2bb4de8cf34f55eda0ef301c4c7bc75e936eedfa8a7d2e0dcc76f0ab68
+  data.tar.gz: 37dcfb0f767d88f62e24aecc032e5f85c4bb3e5b97adadda90fe4f61f239eb1b19d26c7774ee75f88f74a9e5f4d9102149a007075a75af11df914b7d97cfa713

data/README.md

@@ -46,7 +46,7 @@ This gem ships with following grant types:
 
 #### Authorization Code Grant
 
-As described by https://tools.ietf.org/html/rfc6749#section-4.1, the client generates a URL and redirects the user-agent it:
+As described by https://tools.ietf.org/html/rfc6749#section-4.1, the client generates a URL and redirects the user-agent:
 
 ```ruby
 grant = OAUTH2C_CLIENT.authorization_code(state: "STATE", scope: ["profile", "email"])
@@ -60,9 +60,9 @@ grant = OAUTH2C_CLIENT.authorization_code(state: "STATE", scope: ["profile", "em
 grant.token(url)
 ```
 
-#### Implicit Flow
+#### Implicit Grant
 
-As described by https://tools.ietf.org/html/rfc6749#section-4.2, the client generates a URL and redirects the user-agent it:
+As described by https://tools.ietf.org/html/rfc6749#section-4.2, the client generates a URL and redirects the user-agent:
 
 ```ruby
 grant = OAUTH2C_CLIENT.implicit(state: "STATE", scope: ["profile", "email"])
@@ -102,7 +102,7 @@ grant.token
 As described by https://tools.ietf.org/html/rfc7521 and https://tools.ietf.org/html/rfc7523, the client issues a token on behalf of user without requiring the user approval. Instead, the client provides a assertion with the information about the user.
 
 ```ruby
-profile = OAuth2c::Grants::Assertion::JWT.new(
+profile = OAuth2c::Grants::Assertion::JWTProfile.new(
   "HS512",
   "assertion-key",
   iss: "https://myapp.example",
@@ -154,6 +154,8 @@ For example, if the cached access token for a key is present and has the scope `
 
 However, whenever there is a cached token without the necessary scopes, a new token will be issued with a scope matching the union of the cached token's scope and the scope of the token being requested. In the example above, a new token with the scopes `["basic", "profile", "other"]` would be requested.
 
+In addition to `OAuth2c::Cache::Backends::InMemoryLRU`, the gem also ships a Redis backend `OAuth2c::Cache::Backends::Redis` and a null service backend `OAuth2c::Cache::Backends::Null` which is useful to prevent caching while still using the cache manager and keeping the API the same.
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/lib/oauth2c/access_token.rb

@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "time"
+
 module OAuth2c
   class AccessToken
     attr_reader(
@@ -23,7 +25,7 @@ module OAuth2c
       :extra,
     )
 
-    def initialize(access_token:, token_type:, expires_in:, refresh_token: nil, **extra)
+    def initialize(access_token:, token_type:, expires_in:, expires_at: nil, refresh_token: nil, **extra)
       @access_token  = access_token
       @token_type    = token_type
       @expires_in    = Integer(expires_in)
@@ -33,7 +35,7 @@ module OAuth2c
       extra.delete(:expires_at)
       @extra = extra
 
-      @expires_at = Time.now + @expires_in
+      @expires_at = normalize_time(expires_at) || Time.now + @expires_in
     end
 
     def attributes
@@ -47,12 +49,33 @@ module OAuth2c
       }
     end
 
+    def expired?(leeway = 0)
+      @expires_at - leeway < Time.now
+    end
+
     def ==(other)
+      return false unless other.is_a?(self.class)
+
       access_token == other.access_token &&
       token_type == other.token_type &&
       expires_in == other.expires_in &&
       refresh_token == other.refresh_token &&
       extra == other.extra
     end
+
+    private
+
+    def normalize_time(time)
+      case time
+      when Time, NilClass
+        time
+      when String
+        Time.parse(time)
+      when Integer
+        Time.at(time)
+      else
+        raise ArgumentError, "invalid time #{time.inspect}"
+      end
+    end
   end
 end

data/lib/oauth2c/cache/manager.rb

@@ -19,18 +19,39 @@ module OAuth2c
     class Manager
       extend Forwardable
 
+      def_delegators(:@client,
+        :authz_url,
+        :token_url,
+        :client_id,
+        :client_secret,
+        :redirect_uri,
+        :default_scope,
+      )
+
       def initialize(client, cache_backend)
         @client = client
         @cache  = Cache::Store.new(cache_backend)
       end
 
-      def_delegators :@cache, :cached?, :cached
+      def cached?(key, scope: @client.default_scope)
+        @cache.cached?(key, scope: scope)
+      end
+
+      def cached(key, scope: @client.default_scope)
+        @cache.cached(key, scope: scope)
+      end
 
       def method_missing(name, key, *args, **opts)
         grant = @client.public_send(name, *args, **opts)
         CacheProxy.new(@cache, key, grant)
       end
 
+      def respond_to_missing?(name, include_private = false)
+        @client.respond_to?(name) || super
+      end
+
+      private
+
       class CacheProxy < BasicObject
         def initialize(cache, key, grant)
           @cache = cache

data/lib/oauth2c/cache/store.rb

@@ -17,8 +17,9 @@ module OAuth2c
     class Store
       Bucket = Struct.new(:access_token, :scope)
 
-      def initialize(backend)
-        @backend = backend
+      def initialize(backend, exp_leeway: 300)
+        @backend    = backend
+        @exp_leeway = exp_leeway
       end
 
       def cached?(key, scope: [])
@@ -26,21 +27,23 @@ module OAuth2c
       end
 
       def cached(key, scope: [])
+        return nil if key.nil?
+
         cache = @backend.lookup(key)
-        return false if cache.nil?
-        return false unless scope.all? { |s| cache.scope.include?(s) }
+        return nil if cache.nil?
+        return nil unless scope.all? { |s| cache.scope.include?(s) }
 
-        if cache.access_token.expires_at >= Time.now
+        if cache.access_token.expires_at - @exp_leeway >= Time.now
           cache.access_token
         end
       end
 
       def issue(key, scope:, &block)
-        cached = @backend.lookup(key)
+        cached = @backend.lookup(key) unless key.nil?
         scope  = cached[:scope] | scope if cached
 
         access_token = block.call(scope)
-        @backend.store(key, Bucket.new(access_token, scope))
+        @backend.store(key, Bucket.new(access_token, scope)) unless key.nil?
         access_token
       end
     end

data/lib/oauth2c/client.rb

@@ -22,22 +22,32 @@ module OAuth2c
       :client_id,
       :client_secret,
       :redirect_uri,
+      :default_scope,
     )
 
-    def initialize(authz_url: nil, token_url:, client_id:, client_secret: nil, redirect_uri: nil)
+    def initialize(authz_url: nil, token_url:, client_id:, client_secret: nil, redirect_uri: nil, default_scope: [])
       @authz_url     = authz_url
       @token_url     = token_url
       @client_id     = client_id
       @client_secret = client_secret
       @redirect_uri  = redirect_uri
-    end
+      @default_scope = default_scope
 
-    def method_missing(name, *_, **opts)
-      Grants.const_get(name.to_s.camelize).new(build_agent, **opts)
+      define_grant_methods!
     end
 
     private
 
+    def define_grant_methods!
+      Grants.constants.each do |name|
+        const = Grants.const_get(name)
+
+        define_singleton_method("#{name.to_s.underscore}") do |*_, scope: @default_scope, **opts|
+          const.new(build_agent, scope: scope, **opts)
+        end
+      end
+    end
+
     def build_agent
       Agent.new(
         authz_url: @authz_url,

data/lib/oauth2c/grants/refresh_token.rb

@@ -15,8 +15,8 @@
 module OAuth2c
   module Grants
     class RefreshToken < OAuth2c::TwoLegged::Base
-      def initialize(agent, refresh_token:)
-        super(agent)
+      def initialize(agent, refresh_token:, **opts)
+        super(agent, **opts)
         @refresh_token = refresh_token
       end
 

data/lib/oauth2c/grants/resource_owner_credentials.rb

@@ -15,8 +15,8 @@
 module OAuth2c
   module Grants
     class ResourceOwnerCredentials < OAuth2c::TwoLegged::Base
-      def initialize(agent, username:, password:)
-        super(agent)
+      def initialize(agent, username:, password:, **opts)
+        super(agent, **opts)
         @username = username
         @password = password
       end

data/lib/oauth2c/refinements.rb

@@ -4,6 +4,10 @@ module OAuth2c
       def camelize
         gsub(/(?:\A|_)([a-z])/) { $1.upcase }
       end
+
+      def underscore
+        gsub(/(\A|[a-z])([A-Z])/) { $1.empty?? $2.downcase : "#{$1}_#{$2.downcase}" }
+      end
     end
 
     refine Hash do
@@ -13,7 +17,7 @@ module OAuth2c
       end
 
       def symbolize_keys
-        transform_keys{ |key| key.to_sym rescue key }
+        transform_keys { |key| key.to_sym rescue key }
       end
 
       def stringify_keys

data/lib/oauth2c/three_legged.rb

@@ -35,8 +35,15 @@ module OAuth2c
         @agent.authz_url(state: @state, scope: @scope, **authz_params)
       end
 
-      def token(callback_url)
-        query_params, fragment_params = parse_callback_url(callback_url)
+      def token(callback_url_or_params, fragment_params = nil)
+        case callback_url_or_params
+        when String
+          query_params, fragment_params = parse_callback_url(callback_url_or_params)
+        when Hash
+          query_params, fragment_params = callback_url_or_params, fragment_params
+        else
+          raise ArgumentError, "invalid arguments, expects URL or hash with params"
+        end
 
         if query_params[:error]
           raise Error.new(query_params[:error], query_params[:error_description])

data/lib/oauth2c/version.rb

@@ -13,5 +13,5 @@
 # limitations under the License.
 
 module OAuth2c
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oauth2c
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Rodrigo Kochenburger
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-03-10 00:00:00.000000000 Z
+date: 2017-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: http
@@ -197,7 +197,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: OAuth2c is a extensible OAuth2 client implementation