RubyGems - oauth_doorman - Versions diffs - 0.1.0 - Mend

oauth_doorman 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

data/lib/oauth_doorman.rb +120 -0
data/lib/oauth_doorman/oauth_access_api.rb +61 -0
data/lib/oauth_doorman/oauth_domain_groups_api.rb +32 -0
data/lib/oauth_doorman/oauth_error.rb +20 -0
data/lib/oauth_doorman/oauth_sender.rb +24 -0
data/lib/oauth_doorman/oauth_user_info_api.rb +30 -0
data/lib/oauth_doorman/sinatra.rb +76 -0
metadata +250 -0

data/lib/oauth_doorman.rb ADDED Viewed

@@ -0,0 +1,120 @@
+# -*- encoding : utf-8 -*-
+require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/hash/keys'
+require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/core_ext/object/to_query'
+require 'active_support/core_ext/object/to_param'
+require 'json'
+require 'httpclient'
+require 'rubygems'
+require "oauth_doorman/oauth_sender"
+require "oauth_doorman/oauth_error"
+require "oauth_doorman/oauth_access_api"
+require "oauth_doorman/oauth_user_info_api"
+require "oauth_doorman/oauth_domain_groups_api"
+module OauthDoorman
+  class Api
+    include OauthSender
+    include AccessAPI
+    include UserInfoAPI
+    include DomainGroupsAPI
+    attr_accessor :access_token, :refresh_token, :start_time, :expires_in
+    DEFAULT_CONFIG =
+    {
+      :redirect_uri => "http://localhost:3000/oauth2callback",
+      :client_id => "393121346607.apps.googleusercontent.com",
+      :client_secret => "O1biKD-F1IX9h5t8LNQUFQk7",
+      :scopes => ["https://www.googleapis.com/auth/userinfo.email", "https://apps-apis.google.com/a/feeds/groups/"],
+      :auth_url => "https://accounts.google.com/o/oauth2/auth",
+      :token_url => "https://accounts.google.com/o/oauth2/token",
+      :response_type => "code",
+      :state => "ATAXO",
+      :user_info_url => "https://www.googleapis.com/oauth2/v1/userinfo",
+      :groups_info_url => "https://apps-apis.google.com/a/feeds/group/2.0/%s/?member=%s",
+      :groups_info_auth_header_name => "Authorization",
+      :groups_info_auth_header_content => "OAuth %s",
+      :groups_info_request_timeout => 5,
+    }
+    def config= conf
+      @config = DEFAULT_CONFIG.merge(conf)
+    end
+    def config
+      return @config ||= DEFAULT_CONFIG
+    end
+    def access_token
+      if(!@access_token)
+        raise "call init_connection() in your callback function first before using API methods"
+      end
+      if(access_token_has_expired)
+        if(@refresh_token)
+          @access_token = get_access_token_from_refresh_token(@refresh_token)
+          return @access_token
+        else
+          raise "No refresh_token to refresh access_token"
+        end
+      end
+      return @access_token
+    end
+    def initialize(custom_config = nil)
+      if(custom_config)
+        self.config = custom_config
+      end
+    end
+    def init_connection_by_code(code)
+      init_connection(code, nil)
+    end
+    def init_connection_by_refresh_token(refresh_token)
+      init_connection(nil, refresh_token)
+    end
+    def remaining_seconds_to_expiration()
+      return @expires_in - (Time.now - @start_time)
+    end
+    private
+    def init_connection(code, refresh_token)
+      result_hash = nil
+      if(code)
+        result_hash = get_access_or_request_token(code);
+        if(result_hash.keys.include?("refresh_token"))
+          @refresh_token = result_hash["refresh_token"]
+        end
+      end
+      if(refresh_token)
+        @refresh_token = refresh_token
+        result_hash = get_access_token_from_refresh_token(@refresh_token)
+      end
+      @access_token = result_hash["access_token"]
+      @expires_in = result_hash["expires_in"]
+      @start_time = Time.now()
+    end
+    def access_token_has_expired()
+      if((Time.now - @start_time) > (@expires_in - 10))
+        return true
+      end
+      return false
+    end
+  end
+end

data/lib/oauth_doorman/oauth_access_api.rb ADDED Viewed

@@ -0,0 +1,61 @@
+# -*- encoding : utf-8 -*-
+module OauthDoorman
+  module AccessAPI
+    include Error
+    #considering force_refresh_token flag of OauthSender redirection (both or access_token only)
+    def get_access_or_request_token(code)
+      return call_grant_request_token(code, nil)
+    end
+    def get_access_token_from_refresh_token(refresh_token)
+      return call_grant_request_token(nil, refresh_token)
+    end
+    private
+    #returns
+    #{
+    # "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
+    # "expires_in":3920,
+    # "token_type":"Bearer"
+    #} if ["authorization_code"] = "refresh_token"
+    # or
+    #{
+    #  "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
+    #  "expires_in":3920,
+    #  "token_type":"Bearer",
+    #  "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
+    #} if ["authorization_code"] = "authorization_code"
+    def call_grant_request_token(code, refresh_token)
+      hash_params = {}
+      hash_params["client_id"] = config[:client_id]
+      hash_params["client_secret"] = config[:client_secret]
+      if(refresh_token)
+        hash_params["grant_type"] = "refresh_token"
+        hash_params["refresh_token"] = refresh_token
+      else
+        hash_params["code"] = code
+        hash_params["grant_type"] = "authorization_code"
+        hash_params["redirect_uri"] = config[:redirect_uri]
+      end
+      result = nil
+      begin
+        hash_params.each_key { |key|
+          hash_params[key] = URI.escape(hash_params[key])
+        }
+        http = HTTPClient.new
+        result = http.post(config[:token_url], hash_params).body
+        process_error(result)
+      rescue Exception => exception
+        raise exception
+      end
+      return JSON.parse(result)
+    end
+  end
+end

data/lib/oauth_doorman/oauth_domain_groups_api.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# -*- encoding : utf-8 -*-
+require "nokogiri"
+module OauthDoorman
+  module DomainGroupsAPI
+    include Error
+    def get_user_groups(domain, current_user)
+      result = nil
+      begin
+        url = config[:groups_info_url] % [domain, current_user]
+        http = HTTPClient.new
+        result = http.get(url, :header => {config[:groups_info_auth_header_name] => config[:groups_info_auth_header_content] % [access_token]}).body
+        process_error(result)
+      rescue Exception => exception
+        raise exception
+      end
+      user_groups = get_user_group_ids_from_xml(result)
+      return user_groups
+    end
+    def get_user_group_ids_from_xml(groups_xml)
+      return Nokogiri::XML(groups_xml).xpath('//apps:property[@name="groupId"]').map { |x| x['value'] }
+    end
+  end
+end

data/lib/oauth_doorman/oauth_error.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# -*- encoding : utf-8 -*-
+class OauthError < Exception; end
+module OauthDoorman
+  module Error
+    def process_error(request_result)
+      if request_result == nil
+        raise OauthError, "nil response content"
+      end
+      json = JSON.parse(request_result) rescue nil
+      if json && json.has_key?("error")
+        raise OauthError, json
+      end
+    end
+  end
+end

data/lib/oauth_doorman/oauth_sender.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# -*- encoding : utf-8 -*-
+module OauthDoorman
+  module OauthSender
+    #force_refresh_token flag for refresh_token enforcement
+    def compose_authentification_request_url(force_refresh_token)
+      hash_params = {}
+      hash_params["client_id"] = config[:client_id]
+      hash_params["response_type"] = config[:response_type]
+      hash_params["redirect_uri"] = config[:redirect_uri]
+      hash_params["state"] = config[:state]
+      hash_params["scope"] = config[:scopes].join(" ")
+      if(force_refresh_token)
+        hash_params["access_type"] = "offline"
+        hash_params["approval_prompt"] = "force"
+      else
+        hash_params["approval_prompt"] = "auto"
+      end
+      return "#{config[:auth_url]}?#{hash_params.to_query}"
+    end
+  end
+end

data/lib/oauth_doorman/oauth_user_info_api.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# -*- encoding : utf-8 -*-
+module OauthDoorman
+  module UserInfoAPI
+    include Error
+    def get_user_email()
+      result_hash = get_user_info()
+      return result_hash["email"]
+    end
+    def get_user_info()
+      result = nil
+      begin
+        url = "#{config[:user_info_url]}?access_token=#{access_token}"
+        http = HTTPClient.new
+        result = http.get(url).body
+        process_error(result)
+      rescue Exception => exception
+        raise exception
+      end
+      return JSON.parse(result)
+    end
+  end
+end

data/lib/oauth_doorman/sinatra.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# -*- encoding : utf-8 -*-
+require 'sinatra/base'
+require 'digest/sha1'
+class OauthAuthorizationInvalid < Exception ; end
+class OauthAuthorizationError < Exception ; end
+module Sinatra
+  module DoormanAuth
+    module Helpers
+      def protected
+        redirect doorman_sign_in_url unless session[:email] && authorize_user(session[:email])
+      end
+      def doorman_sign_in_url
+        doorman.compose_authentification_request_url(false)
+      end
+      def doorman
+        OauthDoorman::Api.new(
+          redirect_uri: oauth_callback_url,
+          client_id: settings.doorman_client_id,
+          client_secret: settings.doorman_client_secret,
+          state: "Overseer"
+        )
+      end
+      def oauth_callback_url
+        "http://#{request.env["HTTP_HOST"]}/oauth2callback"
+      end
+      def authorize_user email
+        raise NoMethodError, "Please implement into your sinatra 'authorize_user' method with one parameter (email). \n Return true if user is known."
+      end
+    end
+    def self.registered(app)
+      app.helpers DoormanAuth::Helpers
+      app.set :sessions, true
+      app.set :session_secret, Digest::SHA1.hexdigest("#{self.class} #{ENV['RACK_ENV']}")
+      #Set url to show after logout
+      app.set :default_url_after_sign_out, "/"
+      #Set url to show after login
+      app.set :default_url_after_sign_in, "/"
+      # oauth settings
+      app.set :doorman_app_name, "#{self.class}"
+      app.set :doorman_client_id, "FILL"
+      app.set :doorman_client_secret, "FILL"
+      app.get "/oauth2callback" do
+        door = doorman
+        door.init_connection_by_code(request.params["code"])
+        user_email = door.get_user_email
+        if authorize_user user_email
+          session[:email] = user_email
+          redirect settings.default_url_after_sign_in
+        else
+          raise OauthAuthorizationInvalid, "Sorry but your email: #{user_email} is not valid for authorization into #{settings.doorman_app_name}."
+        end
+        raise OauthAuthorizationError, "Sorry but your attemp to atuhorizate was not succesfull, try again..."
+      end
+      app.get "/sign_out" do
+        session[:email] = nil
+        redirect settings.default_url_after_sign_out
+      end
+    end
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,250 @@
+--- !ruby/object:Gem::Specification
+name: oauth_doorman
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease:
+platform: ruby
+authors:
+- jan pospisil
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2012-07-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+- !ruby/object:Gem::Dependency
+  name: json_pure
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shoulda
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+- !ruby/object:Gem::Dependency
+  name: shoulda-context
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: turn
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shotgun
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: composes authentification url, gets google acces_token of user account
+  and gets access to user Google API
+email: jan.pospisil@ataxo.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/oauth_doorman.rb
+- lib/oauth_doorman/oauth_sender.rb
+- lib/oauth_doorman/oauth_access_api.rb
+- lib/oauth_doorman/oauth_error.rb
+- lib/oauth_doorman/oauth_user_info_api.rb
+- lib/oauth_doorman/oauth_domain_groups_api.rb
+- lib/oauth_doorman/sinatra.rb
+homepage: https://github.com/Ataxo/oauth_doorman
+licenses: []
+post_install_message:
+rdoc_options:
+- --title
+- Rake -- Ruby Make
+- --main
+- README
+- --line-numbers
+require_paths:
+- lib
+- lib/oauth_doorman
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.23
+signing_key:
+specification_version: 3
+summary: google 3rd party authentification
+test_files: []