oauth_doorman 0.1.0

data/lib/oauth_doorman.rb

@@ -0,0 +1,120 @@
+# -*- encoding : utf-8 -*-
+
+require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/hash/keys'
+require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/core_ext/object/to_query'
+require 'active_support/core_ext/object/to_param'
+require 'json'
+require 'httpclient'
+
+require 'rubygems'
+
+require "oauth_doorman/oauth_sender"
+require "oauth_doorman/oauth_error"
+require "oauth_doorman/oauth_access_api"
+require "oauth_doorman/oauth_user_info_api"
+require "oauth_doorman/oauth_domain_groups_api"
+
+module OauthDoorman 
+  class Api
+    include OauthSender
+    include AccessAPI
+    include UserInfoAPI
+    include DomainGroupsAPI
+    
+    attr_accessor :access_token, :refresh_token, :start_time, :expires_in
+
+    DEFAULT_CONFIG =
+    {
+      :redirect_uri => "http://localhost:3000/oauth2callback",
+      :client_id => "393121346607.apps.googleusercontent.com",
+      :client_secret => "O1biKD-F1IX9h5t8LNQUFQk7",
+      :scopes => ["https://www.googleapis.com/auth/userinfo.email", "https://apps-apis.google.com/a/feeds/groups/"],
+      :auth_url => "https://accounts.google.com/o/oauth2/auth",
+      :token_url => "https://accounts.google.com/o/oauth2/token",
+      :response_type => "code",
+      :state => "ATAXO",
+      :user_info_url => "https://www.googleapis.com/oauth2/v1/userinfo",
+      :groups_info_url => "https://apps-apis.google.com/a/feeds/group/2.0/%s/?member=%s",
+      :groups_info_auth_header_name => "Authorization",
+      :groups_info_auth_header_content => "OAuth %s",
+      :groups_info_request_timeout => 5,
+    }
+
+    def config= conf
+      @config = DEFAULT_CONFIG.merge(conf)
+    end
+
+    def config
+      return @config ||= DEFAULT_CONFIG
+    end
+
+    def access_token
+      if(!@access_token)
+        raise "call init_connection() in your callback function first before using API methods"
+      end
+
+      if(access_token_has_expired)
+        if(@refresh_token)
+          @access_token = get_access_token_from_refresh_token(@refresh_token)
+          return @access_token
+        else
+          raise "No refresh_token to refresh access_token"
+        end
+      end
+
+      return @access_token
+    end
+
+    def initialize(custom_config = nil)
+      if(custom_config)
+        self.config = custom_config
+      end
+    end
+
+    def init_connection_by_code(code)
+      init_connection(code, nil)
+    end
+
+    def init_connection_by_refresh_token(refresh_token)
+      init_connection(nil, refresh_token)
+    end
+
+    def remaining_seconds_to_expiration()
+      return @expires_in - (Time.now - @start_time)
+    end
+
+    private
+    def init_connection(code, refresh_token)
+      result_hash = nil
+
+      if(code)
+        result_hash = get_access_or_request_token(code);
+
+        if(result_hash.keys.include?("refresh_token"))
+          @refresh_token = result_hash["refresh_token"]
+        end
+      end
+
+      if(refresh_token)
+        @refresh_token = refresh_token
+
+        result_hash = get_access_token_from_refresh_token(@refresh_token)
+      end
+
+      @access_token = result_hash["access_token"]
+      @expires_in = result_hash["expires_in"]
+
+      @start_time = Time.now()
+    end
+
+    def access_token_has_expired()
+      if((Time.now - @start_time) > (@expires_in - 10))
+        return true
+      end
+
+      return false
+    end
+  end
+end

data/lib/oauth_doorman/oauth_access_api.rb

@@ -0,0 +1,61 @@
+# -*- encoding : utf-8 -*-
+
+module OauthDoorman
+  module AccessAPI
+    include Error
+
+    #considering force_refresh_token flag of OauthSender redirection (both or access_token only)
+    def get_access_or_request_token(code)
+      return call_grant_request_token(code, nil)
+    end
+
+    def get_access_token_from_refresh_token(refresh_token)
+      return call_grant_request_token(nil, refresh_token)
+    end
+
+    private
+    #returns
+    #{
+    # "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
+    # "expires_in":3920,
+    # "token_type":"Bearer"
+    #} if ["authorization_code"] = "refresh_token"
+    # or
+    #{
+    #  "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
+    #  "expires_in":3920,
+    #  "token_type":"Bearer",
+    #  "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
+    #} if ["authorization_code"] = "authorization_code"
+    def call_grant_request_token(code, refresh_token)
+      hash_params = {}
+      hash_params["client_id"] = config[:client_id]
+      hash_params["client_secret"] = config[:client_secret]
+      if(refresh_token)
+        hash_params["grant_type"] = "refresh_token"
+        hash_params["refresh_token"] = refresh_token
+      else
+        hash_params["code"] = code
+        hash_params["grant_type"] = "authorization_code"
+        hash_params["redirect_uri"] = config[:redirect_uri]
+      end
+
+      result = nil
+
+      begin
+        hash_params.each_key { |key|
+          hash_params[key] = URI.escape(hash_params[key])
+        }
+
+        http = HTTPClient.new
+        result = http.post(config[:token_url], hash_params).body
+        
+        process_error(result)
+      rescue Exception => exception
+        raise exception
+      end
+
+      return JSON.parse(result)
+    end
+  end
+end

data/lib/oauth_doorman/oauth_domain_groups_api.rb

@@ -0,0 +1,32 @@
+# -*- encoding : utf-8 -*-
+
+require "nokogiri"
+
+module OauthDoorman
+  module DomainGroupsAPI
+    include Error
+
+    def get_user_groups(domain, current_user)
+      result = nil
+
+      begin
+        url = config[:groups_info_url] % [domain, current_user]
+
+        http = HTTPClient.new
+        result = http.get(url, :header => {config[:groups_info_auth_header_name] => config[:groups_info_auth_header_content] % [access_token]}).body
+
+        process_error(result)
+      rescue Exception => exception
+        raise exception
+      end
+
+      user_groups = get_user_group_ids_from_xml(result)
+      return user_groups
+    end
+
+    def get_user_group_ids_from_xml(groups_xml)
+      return Nokogiri::XML(groups_xml).xpath('//apps:property[@name="groupId"]').map { |x| x['value'] }
+    end
+    
+  end
+end

data/lib/oauth_doorman/oauth_error.rb

@@ -0,0 +1,20 @@
+# -*- encoding : utf-8 -*-
+class OauthError < Exception; end
+
+module OauthDoorman
+  module Error
+
+    def process_error(request_result)
+      if request_result == nil
+        raise OauthError, "nil response content"
+      end
+
+      json = JSON.parse(request_result) rescue nil
+
+      if json && json.has_key?("error")
+        raise OauthError, json
+      end 
+    end
+
+  end
+end

data/lib/oauth_doorman/oauth_sender.rb

@@ -0,0 +1,24 @@
+# -*- encoding : utf-8 -*-
+
+module OauthDoorman
+  module OauthSender
+    #force_refresh_token flag for refresh_token enforcement
+    def compose_authentification_request_url(force_refresh_token)
+      hash_params = {}
+      hash_params["client_id"] = config[:client_id]
+      hash_params["response_type"] = config[:response_type]
+      hash_params["redirect_uri"] = config[:redirect_uri]
+      hash_params["state"] = config[:state]
+      hash_params["scope"] = config[:scopes].join(" ")
+      if(force_refresh_token)
+        hash_params["access_type"] = "offline"
+        hash_params["approval_prompt"] = "force"
+      else
+        hash_params["approval_prompt"] = "auto"
+      end
+
+      return "#{config[:auth_url]}?#{hash_params.to_query}"
+    end
+  end
+end
+

data/lib/oauth_doorman/oauth_user_info_api.rb

@@ -0,0 +1,30 @@
+# -*- encoding : utf-8 -*-
+
+module OauthDoorman
+  module UserInfoAPI
+    include Error
+
+    def get_user_email()
+      result_hash = get_user_info()
+
+      return result_hash["email"]
+    end
+
+    def get_user_info()
+      result = nil
+
+      begin
+        url = "#{config[:user_info_url]}?access_token=#{access_token}"
+
+        http = HTTPClient.new
+        result = http.get(url).body
+
+        process_error(result)
+      rescue Exception => exception
+        raise exception
+      end
+
+      return JSON.parse(result)
+    end
+  end
+end

data/lib/oauth_doorman/sinatra.rb

@@ -0,0 +1,76 @@
+# -*- encoding : utf-8 -*-
+
+require 'sinatra/base'
+require 'digest/sha1'
+
+class OauthAuthorizationInvalid < Exception ; end
+class OauthAuthorizationError < Exception ; end
+
+module Sinatra
+  module DoormanAuth
+
+    module Helpers
+
+      def protected
+        redirect doorman_sign_in_url unless session[:email] && authorize_user(session[:email])
+      end
+
+      def doorman_sign_in_url
+        doorman.compose_authentification_request_url(false)
+      end 
+
+      def doorman 
+        OauthDoorman::Api.new( 
+          redirect_uri: oauth_callback_url, 
+          client_id: settings.doorman_client_id, 
+          client_secret: settings.doorman_client_secret, 
+          state: "Overseer"
+        )
+      end
+
+      def oauth_callback_url
+        "http://#{request.env["HTTP_HOST"]}/oauth2callback"
+      end
+
+      def authorize_user email
+        raise NoMethodError, "Please implement into your sinatra 'authorize_user' method with one parameter (email). \n Return true if user is known."
+      end
+    end
+
+    def self.registered(app)
+      app.helpers DoormanAuth::Helpers
+
+      app.set :sessions, true
+      app.set :session_secret, Digest::SHA1.hexdigest("#{self.class} #{ENV['RACK_ENV']}")
+
+      #Set url to show after logout
+      app.set :default_url_after_sign_out, "/"
+      #Set url to show after login
+      app.set :default_url_after_sign_in, "/"
+
+      # oauth settings
+      app.set :doorman_app_name, "#{self.class}"
+      app.set :doorman_client_id, "FILL"
+      app.set :doorman_client_secret, "FILL"
+
+      app.get "/oauth2callback" do
+        door = doorman
+        door.init_connection_by_code(request.params["code"])
+        user_email = door.get_user_email
+        if authorize_user user_email
+          session[:email] = user_email
+          redirect settings.default_url_after_sign_in
+        else
+          raise OauthAuthorizationInvalid, "Sorry but your email: #{user_email} is not valid for authorization into #{settings.doorman_app_name}."
+        end
+
+        raise OauthAuthorizationError, "Sorry but your attemp to atuhorizate was not succesfull, try again..."
+      end
+
+      app.get "/sign_out" do
+        session[:email] = nil
+        redirect settings.default_url_after_sign_out
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,250 @@
+--- !ruby/object:Gem::Specification
+name: oauth_doorman
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- jan pospisil
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-07-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+- !ruby/object:Gem::Dependency
+  name: json_pure
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shoulda
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+- !ruby/object:Gem::Dependency
+  name: shoulda-context
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: turn
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.6
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shotgun
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: composes authentification url, gets google acces_token of user account
+  and gets access to user Google API
+email: jan.pospisil@ataxo.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/oauth_doorman.rb
+- lib/oauth_doorman/oauth_sender.rb
+- lib/oauth_doorman/oauth_access_api.rb
+- lib/oauth_doorman/oauth_error.rb
+- lib/oauth_doorman/oauth_user_info_api.rb
+- lib/oauth_doorman/oauth_domain_groups_api.rb
+- lib/oauth_doorman/sinatra.rb
+homepage: https://github.com/Ataxo/oauth_doorman
+licenses: []
+post_install_message: 
+rdoc_options:
+- --title
+- Rake -- Ruby Make
+- --main
+- README
+- --line-numbers
+require_paths:
+- lib
+- lib/oauth_doorman
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: google 3rd party authentification
+test_files: []