oauth_provider_engine 0.0.2 → 0.0.3

data/.gitignore

@@ -0,0 +1,7 @@
+.bundle/
+log/*.log
+pkg/
+test/dummy/db/*.sqlite3
+test/dummy/log/*.log
+test/dummy/tmp/
+*.swp

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+gemspec
+

data/Gemfile.lock

@@ -0,0 +1,93 @@
+PATH
+  remote: .
+  specs:
+    oauth_provider_engine (0.0.1)
+      oauth (~> 0.4.0)
+      rails (>= 3.0.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.2.3)
+      actionpack (= 3.2.3)
+      mail (~> 2.4.4)
+    actionpack (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.2)
+    activemodel (3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+    activerecord (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+    activesupport (3.2.3)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    arel (3.0.2)
+    builder (3.0.0)
+    erubis (2.7.0)
+    hike (1.2.1)
+    i18n (0.6.0)
+    journey (1.0.3)
+    json (1.6.1)
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.18)
+    multi_json (1.3.4)
+    oauth (0.4.6)
+    polyglot (0.3.3)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rails (3.2.3)
+      actionmailer (= 3.2.3)
+      actionpack (= 3.2.3)
+      activerecord (= 3.2.3)
+      activeresource (= 3.2.3)
+      activesupport (= 3.2.3)
+      bundler (~> 1.0)
+      railties (= 3.2.3)
+    railties (3.2.3)
+      actionpack (= 3.2.3)
+      activesupport (= 3.2.3)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (~> 0.14.6)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    sprockets (2.1.3)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thor (0.14.6)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.33)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  oauth_provider_engine!

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,29 @@
+# encoding: UTF-8
+require 'rubygems'
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rake'
+require 'rake/rdoctask'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task :default => :test
+
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'OauthProviderEngine'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/app/controllers/applications_controller.rb

@@ -0,0 +1,54 @@
+class ApplicationsController < ApplicationController
+
+  before_filter :ensure_admin
+  layout :admin_layout
+
+  def index
+    @applications = OauthProviderEngine::Application.all
+  end
+
+  def show
+    @application = OauthProviderEngine::Application.find(params[:id])
+  end
+
+  def new
+    @application = OauthProviderEngine::Application.new(params[:oauth_provider_engine_application])
+  end
+
+  def create
+    @application = OauthProviderEngine::Application.new(params[:oauth_provider_engine_application])
+    if @application.save
+      redirect_to oauth_provider_engine_applications_path
+    else
+      render :new
+    end
+  end
+
+  def edit
+    @application = OauthProviderEngine::Application.find(params[:id])
+  end
+
+  def update
+    @application = OauthProviderEngine::Application.find(params[:id])
+    if @application.update_attributes(params[:oauth_provider_engine_application])
+      redirect_to @application
+    else
+      render :edit
+    end
+  end
+
+  def destroy
+    @application = OauthProviderEngine::Application.find(params[:id])
+  end
+
+  protected
+
+  def ensure_admin
+    OauthProviderEngine.admin_authenticate_method.call(self)
+  end
+
+  def admin_layout
+    OauthProviderEngine.admin_layout
+  end
+
+end

data/app/controllers/oauth_controller.rb

@@ -0,0 +1,106 @@
+class OauthController < ApplicationController
+
+  layout nil
+
+  # ignore the csrf token
+  skip_before_filter :verify_authenticity_token
+
+  before_filter :ensure_logged_in, :only => [:authorize]
+  before_filter :load_application, :except => [:authorize]
+
+  def authorize
+    # ensure we have a valid request token
+    @request_token = OauthProviderEngine::RequestToken.where(:token => params[:oauth_token]).first
+    return render_403("invalid request token") unless @request_token
+
+    # check to see if the user has already authorized
+    user_id = OauthProviderEngine.user_method.call(self)
+    if @access_token = OauthProviderEngine::AccessToken.not_expired.for_user(user_id).first
+      @request_token.authorize!(user_id)
+      render_authorize_success(@request_token)
+      return
+    end
+
+    if request.post?
+      # create an access token for the current user
+      @request_token.authorize!(user_id)
+      render_authorize_success(@request_token)
+    else
+      # render the allow/disallow form
+      @application = @request_token.application
+      render :authorize, :layout => OauthProviderEngine.oauth_layout
+    end
+  end
+
+  def request_token
+    # ensure that the OAuth request was properly signed
+    return render_401("invalid signature") unless OAuth::Signature.verify(oauth_request, :consumer_secret => @application.secret)
+
+    @request_token = @application.request_tokens.build()
+    @request_token.save
+
+    render :text => @request_token.to_query
+  end
+
+  def access_token
+    token = params.fetch(:oauth_token, oauth_params.fetch("oauth_token"))
+    @request_token = OauthProviderEngine::RequestToken.authorized.where(:token => token).first
+
+    # ensure we have a valid request token
+    return render_403("invalid request token") unless @request_token
+
+    # ensure that the OAuth request was properly signed
+    return render_401("invalid signature") unless OAuth::Signature.verify(oauth_request, :consumer_secret => @application.secret, :token_secret => @request_token.secret) 
+
+    if @access_token =  OauthProviderEngine::AccessToken.not_expired.for_user(@request_token.user_id).first
+      # user already has a valid access token
+      @request_token.destroy
+    else
+      # upgrade the request token to an access token (deletes the request token)
+      @access_token = @request_token.upgrade!
+    end
+
+    render :text => @access_token.to_query
+  end
+
+  protected
+
+  def ensure_logged_in
+    OauthProviderEngine.authenticate_method.call(self)
+  end
+
+  def oauth_request
+    @oauth_request ||= OAuth::RequestProxy.proxy(request)
+  end
+
+  def oauth_params
+    @oauth_params ||= oauth_request.parameters
+  end
+
+  def load_application
+    @application = OauthProviderEngine::Application.where(:key => oauth_params.fetch("oauth_consumer_key")).first
+    render_403('invalid application') unless @application.present?
+  end
+
+  def render_401(message)
+    render :text => message, :status => 401
+  end
+
+  def render_403(message)
+    render :text => message, :status => 403
+  end
+
+  def render_authorize_success(request_token)
+    callback_uri = URI.parse(params.fetch(:oauth_callback, request_token.application.url))
+    token_params = {
+      :oauth_token => request_token.token
+    }.to_query
+    if callback_uri.query.present?
+      callback_uri.query = callback_uri.query + "&" + token_params
+    else
+      callback_uri.query = token_params
+    end
+    redirect_to callback_uri.to_s
+  end
+
+end

data/app/models/oauth_provider_engine/access_token.rb

@@ -0,0 +1,41 @@
+module OauthProviderEngine
+  class AccessToken < OauthProviderEngine::Base
+
+    belongs_to :application, :class_name => "::OauthProviderEngine::Application"
+
+    before_validation :generate_keys
+    before_create :generate_expiry
+    validates_presence_of :application_id, :user_id, :token, :secret
+    validates_numericality_of :application_id, :user_id, :allow_nil => true
+
+    scope :expired, where("expires_at <= NOW()")
+    scope :not_expired, where("expires_at IS NULL OR expires_at > NOW()")
+    scope :for_user, lambda{|user_id| where(:user_id => user_id)}
+
+    def to_query
+      params = {
+        :oauth_token => token,
+        :oauth_token_secret => secret
+      }
+      params[:oauth_authorization_expires_at] = expires_at.to_i if expires_at.present?
+      params.to_query
+    end
+
+    protected
+
+    def generate_keys
+      self.token ||= OauthProviderEngine.generate_key
+      self.secret ||= OauthProviderEngine.generate_key
+    end
+
+    def generate_expiry
+      return true unless OauthProviderEngine.access_token_expiry
+
+      if OauthProviderEngine.access_token_expiry.respond_to?(:call)
+        self.expires_at = OauthProviderEngine.access_token_expiry.call(self)
+      else
+        self.expires_at = Time.now + OauthProviderEngine.access_token_expiry
+      end
+    end
+  end
+end

data/app/models/oauth_provider_engine/application.rb

@@ -0,0 +1,22 @@
+module OauthProviderEngine
+  class Application < OauthProviderEngine::Base
+    has_many :access_tokens, :class_name => "::OauthProviderEngine::AccessToken", :dependent => :destroy
+    has_many :request_tokens, :class_name => "::OauthProviderEngine::RequestToken", :dependent => :destroy
+
+    before_validation :generate_keys
+
+    validates_presence_of :name, :url, :key, :secret
+    attr_accessible :name, :url
+
+    validate do
+      errors.add(:url, "is invalid") unless URI.parse(url)
+    end
+
+    protected
+
+    def generate_keys
+      self.key ||= OauthProviderEngine.generate_key
+      self.secret ||= OauthProviderEngine.generate_key
+    end
+  end
+end

data/app/models/oauth_provider_engine/base.rb

@@ -0,0 +1,5 @@
+module OauthProviderEngine
+  class Base < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/oauth_provider_engine/request_token.rb

@@ -0,0 +1,44 @@
+module OauthProviderEngine
+  class RequestToken < OauthProviderEngine::Base
+
+    belongs_to :application, :class_name => "::OauthProviderEngine::Application"
+
+    before_validation :generate_keys
+    validates_presence_of :application_id, :token, :secret
+    validates_numericality_of :application_id, :allow_nil => true
+
+    scope :authorized, where("user_id is not null")
+
+    def authorize!(user_id)
+      update_attribute(:user_id, user_id)
+    end
+
+    # this method with upgrade the RequestToken to an AccessToken
+    #   note that this will destroy the current RequestToken
+    def upgrade!
+      access_token = nil
+      transaction do
+        access_token = OauthProviderEngine::AccessToken.create!({
+          :application_id => self.application_id,
+          :user_id => self.user_id,
+        })
+        self.destroy || raise(ActiveRecord::Rollback)
+      end
+      return access_token
+    end
+
+    def to_query
+      {
+        :oauth_token => token,
+        :oauth_token_secret => secret
+      }.to_query
+    end
+
+    protected
+
+    def generate_keys
+      self.token ||= OauthProviderEngine.generate_key
+      self.secret ||= OauthProviderEngine.generate_key
+    end
+  end
+end

data/app/views/applications/_form.html.erb

@@ -0,0 +1,9 @@
+<%= form_for(application) do |form| %>
+  <label for="oauth_provider_engine_application_name">Application Name:</label>
+  <%= form.text_field :name %>
+
+  <label for="oauth_provider_engine_application_url">Application Url:</label>
+  <%= form.text_field :url %>
+
+  <%= form.submit %>
+<% end %>