oauth_provider_engine 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (39) hide show
  1. data/.gitignore +7 -0
  2. data/Gemfile +4 -0
  3. data/Gemfile.lock +93 -0
  4. data/MIT-LICENSE +20 -0
  5. data/Rakefile +29 -0
  6. data/app/controllers/applications_controller.rb +54 -0
  7. data/app/controllers/oauth_controller.rb +106 -0
  8. data/app/models/oauth_provider_engine/access_token.rb +41 -0
  9. data/app/models/oauth_provider_engine/application.rb +22 -0
  10. data/app/models/oauth_provider_engine/base.rb +5 -0
  11. data/app/models/oauth_provider_engine/request_token.rb +44 -0
  12. data/app/views/applications/_form.html.erb +9 -0
  13. data/app/views/applications/edit.html.erb +3 -0
  14. data/app/views/applications/index.html.erb +24 -0
  15. data/app/views/applications/new.html.erb +3 -0
  16. data/app/views/applications/show.html.erb +23 -0
  17. data/app/views/oauth/authorize.html.erb +5 -0
  18. data/config/routes.rb +11 -0
  19. data/lib/generators/oauth_provider_engine/USAGE +0 -0
  20. data/lib/oauth_provider_engine/version.rb +1 -1
  21. data/oauth_provider_engine.gemspec +19 -0
  22. data/test/dummy/Rakefile +7 -0
  23. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  24. data/test/dummy/config.ru +4 -0
  25. data/test/dummy/config/database.yml +22 -0
  26. data/test/dummy/config/locales/en.yml +5 -0
  27. data/test/dummy/public/404.html +26 -0
  28. data/test/dummy/public/422.html +26 -0
  29. data/test/dummy/public/500.html +26 -0
  30. data/test/dummy/public/favicon.ico +0 -0
  31. data/test/dummy/public/javascripts/application.js +2 -0
  32. data/test/dummy/public/javascripts/controls.js +965 -0
  33. data/test/dummy/public/javascripts/dragdrop.js +974 -0
  34. data/test/dummy/public/javascripts/effects.js +1123 -0
  35. data/test/dummy/public/javascripts/prototype.js +6001 -0
  36. data/test/dummy/public/javascripts/rails.js +202 -0
  37. data/test/dummy/public/stylesheets/.gitkeep +0 -0
  38. data/test/dummy/script/rails +6 -0
  39. metadata +55 -18
data/.gitignore ADDED
@@ -0,0 +1,7 @@
1
+ .bundle/
2
+ log/*.log
3
+ pkg/
4
+ test/dummy/db/*.sqlite3
5
+ test/dummy/log/*.log
6
+ test/dummy/tmp/
7
+ *.swp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "http://rubygems.org"
2
+
3
+ gemspec
4
+
data/Gemfile.lock ADDED
@@ -0,0 +1,93 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ oauth_provider_engine (0.0.1)
5
+ oauth (~> 0.4.0)
6
+ rails (>= 3.0.0)
7
+
8
+ GEM
9
+ remote: http://rubygems.org/
10
+ specs:
11
+ actionmailer (3.2.3)
12
+ actionpack (= 3.2.3)
13
+ mail (~> 2.4.4)
14
+ actionpack (3.2.3)
15
+ activemodel (= 3.2.3)
16
+ activesupport (= 3.2.3)
17
+ builder (~> 3.0.0)
18
+ erubis (~> 2.7.0)
19
+ journey (~> 1.0.1)
20
+ rack (~> 1.4.0)
21
+ rack-cache (~> 1.2)
22
+ rack-test (~> 0.6.1)
23
+ sprockets (~> 2.1.2)
24
+ activemodel (3.2.3)
25
+ activesupport (= 3.2.3)
26
+ builder (~> 3.0.0)
27
+ activerecord (3.2.3)
28
+ activemodel (= 3.2.3)
29
+ activesupport (= 3.2.3)
30
+ arel (~> 3.0.2)
31
+ tzinfo (~> 0.3.29)
32
+ activeresource (3.2.3)
33
+ activemodel (= 3.2.3)
34
+ activesupport (= 3.2.3)
35
+ activesupport (3.2.3)
36
+ i18n (~> 0.6)
37
+ multi_json (~> 1.0)
38
+ arel (3.0.2)
39
+ builder (3.0.0)
40
+ erubis (2.7.0)
41
+ hike (1.2.1)
42
+ i18n (0.6.0)
43
+ journey (1.0.3)
44
+ json (1.6.1)
45
+ mail (2.4.4)
46
+ i18n (>= 0.4.0)
47
+ mime-types (~> 1.16)
48
+ treetop (~> 1.4.8)
49
+ mime-types (1.18)
50
+ multi_json (1.3.4)
51
+ oauth (0.4.6)
52
+ polyglot (0.3.3)
53
+ rack (1.4.1)
54
+ rack-cache (1.2)
55
+ rack (>= 0.4)
56
+ rack-ssl (1.3.2)
57
+ rack
58
+ rack-test (0.6.1)
59
+ rack (>= 1.0)
60
+ rails (3.2.3)
61
+ actionmailer (= 3.2.3)
62
+ actionpack (= 3.2.3)
63
+ activerecord (= 3.2.3)
64
+ activeresource (= 3.2.3)
65
+ activesupport (= 3.2.3)
66
+ bundler (~> 1.0)
67
+ railties (= 3.2.3)
68
+ railties (3.2.3)
69
+ actionpack (= 3.2.3)
70
+ activesupport (= 3.2.3)
71
+ rack-ssl (~> 1.3.2)
72
+ rake (>= 0.8.7)
73
+ rdoc (~> 3.4)
74
+ thor (~> 0.14.6)
75
+ rake (0.9.2.2)
76
+ rdoc (3.12)
77
+ json (~> 1.4)
78
+ sprockets (2.1.3)
79
+ hike (~> 1.2)
80
+ rack (~> 1.0)
81
+ tilt (~> 1.1, != 1.3.0)
82
+ thor (0.14.6)
83
+ tilt (1.3.3)
84
+ treetop (1.4.10)
85
+ polyglot
86
+ polyglot (>= 0.3.1)
87
+ tzinfo (0.3.33)
88
+
89
+ PLATFORMS
90
+ ruby
91
+
92
+ DEPENDENCIES
93
+ oauth_provider_engine!
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright 2012 YOURNAME
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/Rakefile ADDED
@@ -0,0 +1,29 @@
1
+ # encoding: UTF-8
2
+ require 'rubygems'
3
+ begin
4
+ require 'bundler/setup'
5
+ rescue LoadError
6
+ puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
7
+ end
8
+
9
+ require 'rake'
10
+ require 'rake/rdoctask'
11
+
12
+ require 'rake/testtask'
13
+
14
+ Rake::TestTask.new(:test) do |t|
15
+ t.libs << 'lib'
16
+ t.libs << 'test'
17
+ t.pattern = 'test/**/*_test.rb'
18
+ t.verbose = false
19
+ end
20
+
21
+ task :default => :test
22
+
23
+ Rake::RDocTask.new(:rdoc) do |rdoc|
24
+ rdoc.rdoc_dir = 'rdoc'
25
+ rdoc.title = 'OauthProviderEngine'
26
+ rdoc.options << '--line-numbers' << '--inline-source'
27
+ rdoc.rdoc_files.include('README.rdoc')
28
+ rdoc.rdoc_files.include('lib/**/*.rb')
29
+ end
@@ -0,0 +1,54 @@
1
+ class ApplicationsController < ApplicationController
2
+
3
+ before_filter :ensure_admin
4
+ layout :admin_layout
5
+
6
+ def index
7
+ @applications = OauthProviderEngine::Application.all
8
+ end
9
+
10
+ def show
11
+ @application = OauthProviderEngine::Application.find(params[:id])
12
+ end
13
+
14
+ def new
15
+ @application = OauthProviderEngine::Application.new(params[:oauth_provider_engine_application])
16
+ end
17
+
18
+ def create
19
+ @application = OauthProviderEngine::Application.new(params[:oauth_provider_engine_application])
20
+ if @application.save
21
+ redirect_to oauth_provider_engine_applications_path
22
+ else
23
+ render :new
24
+ end
25
+ end
26
+
27
+ def edit
28
+ @application = OauthProviderEngine::Application.find(params[:id])
29
+ end
30
+
31
+ def update
32
+ @application = OauthProviderEngine::Application.find(params[:id])
33
+ if @application.update_attributes(params[:oauth_provider_engine_application])
34
+ redirect_to @application
35
+ else
36
+ render :edit
37
+ end
38
+ end
39
+
40
+ def destroy
41
+ @application = OauthProviderEngine::Application.find(params[:id])
42
+ end
43
+
44
+ protected
45
+
46
+ def ensure_admin
47
+ OauthProviderEngine.admin_authenticate_method.call(self)
48
+ end
49
+
50
+ def admin_layout
51
+ OauthProviderEngine.admin_layout
52
+ end
53
+
54
+ end
@@ -0,0 +1,106 @@
1
+ class OauthController < ApplicationController
2
+
3
+ layout nil
4
+
5
+ # ignore the csrf token
6
+ skip_before_filter :verify_authenticity_token
7
+
8
+ before_filter :ensure_logged_in, :only => [:authorize]
9
+ before_filter :load_application, :except => [:authorize]
10
+
11
+ def authorize
12
+ # ensure we have a valid request token
13
+ @request_token = OauthProviderEngine::RequestToken.where(:token => params[:oauth_token]).first
14
+ return render_403("invalid request token") unless @request_token
15
+
16
+ # check to see if the user has already authorized
17
+ user_id = OauthProviderEngine.user_method.call(self)
18
+ if @access_token = OauthProviderEngine::AccessToken.not_expired.for_user(user_id).first
19
+ @request_token.authorize!(user_id)
20
+ render_authorize_success(@request_token)
21
+ return
22
+ end
23
+
24
+ if request.post?
25
+ # create an access token for the current user
26
+ @request_token.authorize!(user_id)
27
+ render_authorize_success(@request_token)
28
+ else
29
+ # render the allow/disallow form
30
+ @application = @request_token.application
31
+ render :authorize, :layout => OauthProviderEngine.oauth_layout
32
+ end
33
+ end
34
+
35
+ def request_token
36
+ # ensure that the OAuth request was properly signed
37
+ return render_401("invalid signature") unless OAuth::Signature.verify(oauth_request, :consumer_secret => @application.secret)
38
+
39
+ @request_token = @application.request_tokens.build()
40
+ @request_token.save
41
+
42
+ render :text => @request_token.to_query
43
+ end
44
+
45
+ def access_token
46
+ token = params.fetch(:oauth_token, oauth_params.fetch("oauth_token"))
47
+ @request_token = OauthProviderEngine::RequestToken.authorized.where(:token => token).first
48
+
49
+ # ensure we have a valid request token
50
+ return render_403("invalid request token") unless @request_token
51
+
52
+ # ensure that the OAuth request was properly signed
53
+ return render_401("invalid signature") unless OAuth::Signature.verify(oauth_request, :consumer_secret => @application.secret, :token_secret => @request_token.secret)
54
+
55
+ if @access_token = OauthProviderEngine::AccessToken.not_expired.for_user(@request_token.user_id).first
56
+ # user already has a valid access token
57
+ @request_token.destroy
58
+ else
59
+ # upgrade the request token to an access token (deletes the request token)
60
+ @access_token = @request_token.upgrade!
61
+ end
62
+
63
+ render :text => @access_token.to_query
64
+ end
65
+
66
+ protected
67
+
68
+ def ensure_logged_in
69
+ OauthProviderEngine.authenticate_method.call(self)
70
+ end
71
+
72
+ def oauth_request
73
+ @oauth_request ||= OAuth::RequestProxy.proxy(request)
74
+ end
75
+
76
+ def oauth_params
77
+ @oauth_params ||= oauth_request.parameters
78
+ end
79
+
80
+ def load_application
81
+ @application = OauthProviderEngine::Application.where(:key => oauth_params.fetch("oauth_consumer_key")).first
82
+ render_403('invalid application') unless @application.present?
83
+ end
84
+
85
+ def render_401(message)
86
+ render :text => message, :status => 401
87
+ end
88
+
89
+ def render_403(message)
90
+ render :text => message, :status => 403
91
+ end
92
+
93
+ def render_authorize_success(request_token)
94
+ callback_uri = URI.parse(params.fetch(:oauth_callback, request_token.application.url))
95
+ token_params = {
96
+ :oauth_token => request_token.token
97
+ }.to_query
98
+ if callback_uri.query.present?
99
+ callback_uri.query = callback_uri.query + "&" + token_params
100
+ else
101
+ callback_uri.query = token_params
102
+ end
103
+ redirect_to callback_uri.to_s
104
+ end
105
+
106
+ end
@@ -0,0 +1,41 @@
1
+ module OauthProviderEngine
2
+ class AccessToken < OauthProviderEngine::Base
3
+
4
+ belongs_to :application, :class_name => "::OauthProviderEngine::Application"
5
+
6
+ before_validation :generate_keys
7
+ before_create :generate_expiry
8
+ validates_presence_of :application_id, :user_id, :token, :secret
9
+ validates_numericality_of :application_id, :user_id, :allow_nil => true
10
+
11
+ scope :expired, where("expires_at <= NOW()")
12
+ scope :not_expired, where("expires_at IS NULL OR expires_at > NOW()")
13
+ scope :for_user, lambda{|user_id| where(:user_id => user_id)}
14
+
15
+ def to_query
16
+ params = {
17
+ :oauth_token => token,
18
+ :oauth_token_secret => secret
19
+ }
20
+ params[:oauth_authorization_expires_at] = expires_at.to_i if expires_at.present?
21
+ params.to_query
22
+ end
23
+
24
+ protected
25
+
26
+ def generate_keys
27
+ self.token ||= OauthProviderEngine.generate_key
28
+ self.secret ||= OauthProviderEngine.generate_key
29
+ end
30
+
31
+ def generate_expiry
32
+ return true unless OauthProviderEngine.access_token_expiry
33
+
34
+ if OauthProviderEngine.access_token_expiry.respond_to?(:call)
35
+ self.expires_at = OauthProviderEngine.access_token_expiry.call(self)
36
+ else
37
+ self.expires_at = Time.now + OauthProviderEngine.access_token_expiry
38
+ end
39
+ end
40
+ end
41
+ end
@@ -0,0 +1,22 @@
1
+ module OauthProviderEngine
2
+ class Application < OauthProviderEngine::Base
3
+ has_many :access_tokens, :class_name => "::OauthProviderEngine::AccessToken", :dependent => :destroy
4
+ has_many :request_tokens, :class_name => "::OauthProviderEngine::RequestToken", :dependent => :destroy
5
+
6
+ before_validation :generate_keys
7
+
8
+ validates_presence_of :name, :url, :key, :secret
9
+ attr_accessible :name, :url
10
+
11
+ validate do
12
+ errors.add(:url, "is invalid") unless URI.parse(url)
13
+ end
14
+
15
+ protected
16
+
17
+ def generate_keys
18
+ self.key ||= OauthProviderEngine.generate_key
19
+ self.secret ||= OauthProviderEngine.generate_key
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,5 @@
1
+ module OauthProviderEngine
2
+ class Base < ActiveRecord::Base
3
+ self.abstract_class = true
4
+ end
5
+ end
@@ -0,0 +1,44 @@
1
+ module OauthProviderEngine
2
+ class RequestToken < OauthProviderEngine::Base
3
+
4
+ belongs_to :application, :class_name => "::OauthProviderEngine::Application"
5
+
6
+ before_validation :generate_keys
7
+ validates_presence_of :application_id, :token, :secret
8
+ validates_numericality_of :application_id, :allow_nil => true
9
+
10
+ scope :authorized, where("user_id is not null")
11
+
12
+ def authorize!(user_id)
13
+ update_attribute(:user_id, user_id)
14
+ end
15
+
16
+ # this method with upgrade the RequestToken to an AccessToken
17
+ # note that this will destroy the current RequestToken
18
+ def upgrade!
19
+ access_token = nil
20
+ transaction do
21
+ access_token = OauthProviderEngine::AccessToken.create!({
22
+ :application_id => self.application_id,
23
+ :user_id => self.user_id,
24
+ })
25
+ self.destroy || raise(ActiveRecord::Rollback)
26
+ end
27
+ return access_token
28
+ end
29
+
30
+ def to_query
31
+ {
32
+ :oauth_token => token,
33
+ :oauth_token_secret => secret
34
+ }.to_query
35
+ end
36
+
37
+ protected
38
+
39
+ def generate_keys
40
+ self.token ||= OauthProviderEngine.generate_key
41
+ self.secret ||= OauthProviderEngine.generate_key
42
+ end
43
+ end
44
+ end
@@ -0,0 +1,9 @@
1
+ <%= form_for(application) do |form| %>
2
+ <label for="oauth_provider_engine_application_name">Application Name:</label>
3
+ <%= form.text_field :name %>
4
+
5
+ <label for="oauth_provider_engine_application_url">Application Url:</label>
6
+ <%= form.text_field :url %>
7
+
8
+ <%= form.submit %>
9
+ <% end %>