oo_auth 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +78 -28
- data/lib/oo_auth/nonce.rb +14 -15
- data/lib/oo_auth/nonce/abstract_store.rb +1 -1
- data/lib/oo_auth/nonce/redis_store.rb +1 -1
- data/lib/oo_auth/signature.rb +1 -1
- data/lib/oo_auth/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c1f195a813ed4592a12273dafcf4421832150ef
|
|
4
|
+
data.tar.gz: ac91fdf7df2ae7900608a9ff10324ce672989c26
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 119fedaad30ed7871268feae52e1eba5f5946482dfd6ba8589ca40abc5402b5443ed1a0ed6db527d3f450c5ac607b7c80f67f220909db38da102eb0868dbaf40
|
|
7
|
+
data.tar.gz: 26dd994008db1eb664dbc754c41e10225226a057aa9a1540af5d3b0c34c31b89e9e4607bbf870f7b04bf04f05388245518f0fc27c7f7c39416a9e53bc23753c2
|
data/README.md
CHANGED
|
@@ -26,32 +26,6 @@ In your Gemfile:
|
|
|
26
26
|
gem 'oo_auth'
|
|
27
27
|
```
|
|
28
28
|
|
|
29
|
-
## Prerequisites
|
|
30
|
-
|
|
31
|
-
OoAuth requires your application to provide stores for authorization tokens
|
|
32
|
-
and OAuth nonces.
|
|
33
|
-
|
|
34
|
-
OoAuth stores can be simple lambdas or regular ruby objects.
|
|
35
|
-
|
|
36
|
-
### Authorization store
|
|
37
|
-
|
|
38
|
-
The authorization store should return an instance of ```OoAuth::Credentials```.
|
|
39
|
-
It can either be a lambda or an object implementing the `authorization` method.
|
|
40
|
-
|
|
41
|
-
```ruby
|
|
42
|
-
# your own implementation in SomeClass model
|
|
43
|
-
OoAuth.authorization_store = lambda { |consumer_key, token| SomeClass.find_by_tokens(consumer_key, token) }
|
|
44
|
-
```
|
|
45
|
-
```ruby
|
|
46
|
-
# direct lookup
|
|
47
|
-
OoAuth.authorization_store = User
|
|
48
|
-
```
|
|
49
|
-
### Nonce store
|
|
50
|
-
```ruby
|
|
51
|
-
require 'oo_auth/nonce/redis_store'
|
|
52
|
-
|
|
53
|
-
OoAuth.nonce_store = OoAuth::Nonce::RedisStore.new(namespace: 'foobar')
|
|
54
|
-
```
|
|
55
29
|
## Use
|
|
56
30
|
|
|
57
31
|
### OAuth consumer
|
|
@@ -74,7 +48,7 @@ request['Authorization']
|
|
|
74
48
|
### OAuth provider
|
|
75
49
|
|
|
76
50
|
```ruby
|
|
77
|
-
class
|
|
51
|
+
class ApiController < ApplicationController
|
|
78
52
|
|
|
79
53
|
before_filter :oauth_required
|
|
80
54
|
|
|
@@ -85,11 +59,87 @@ class FoobarController < ApplicationController
|
|
|
85
59
|
self.current_user = authorization.user
|
|
86
60
|
else
|
|
87
61
|
render nothing: true, status: 401
|
|
62
|
+
false
|
|
88
63
|
end
|
|
89
64
|
end
|
|
65
|
+
end
|
|
90
66
|
```
|
|
91
67
|
|
|
68
|
+
## Prerequisites for OAuth providers
|
|
69
|
+
|
|
70
|
+
OoAuth requires your provider application to provide stores for authorization tokens
|
|
71
|
+
and OAuth nonces. (You won't need these stores if you're only using OoAuth's client
|
|
72
|
+
functionality.)
|
|
73
|
+
|
|
74
|
+
OoAuth stores can be as simple lambdas or regular ruby objects.
|
|
75
|
+
|
|
76
|
+
### Authorization store
|
|
77
|
+
|
|
78
|
+
The authorization store is used for looking up OAuth credentials. It could for example
|
|
79
|
+
be an API account or user model. OoAuth will query the authorization store by calling
|
|
80
|
+
its method `authorization(consumer_key, token)` if it is a regular object, or just
|
|
81
|
+
call it with the same arguments if it is a lambda.
|
|
82
|
+
|
|
83
|
+
When the consumer key and token combination actually exists, the call should return
|
|
84
|
+
an object representing the API account (e.g. user instance, API account instance).
|
|
85
|
+
|
|
86
|
+
This instance again must implement the method `:credentials`, and return an instance
|
|
87
|
+
of `OoAuth::Credentials` initialized with the account's full credential set.
|
|
88
|
+
|
|
89
|
+
```ruby
|
|
90
|
+
|
|
91
|
+
# app/models/api_account.rb
|
|
92
|
+
class ApiAccount < ActiveRecord::Base
|
|
93
|
+
|
|
94
|
+
def self.authorization(consumer_key, token)
|
|
95
|
+
where(consumer_key: consumer_key, token: token).first
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
def credentials
|
|
99
|
+
OoAuth::Credentials.new(consumer_key, consumer_secret, token, token_secret)
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
# config/initializers/oo_auth.rb
|
|
104
|
+
OoAuth.authorization_store = ApiAccount
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
### Nonce store
|
|
108
|
+
|
|
109
|
+
The nonce store is needed by provider applications to temporarily store OAuth nonces.
|
|
110
|
+
It must provide a `remember(nonce)` method or be a callable proc, where `nonce` is an
|
|
111
|
+
instance of `OoAuth::Nonce`.
|
|
112
|
+
|
|
113
|
+
The store must ensure that each tuple `(timestamp, nonce value)` is only created once.
|
|
114
|
+
This is required by the OAuth spec in order to prevent replay attacks.
|
|
115
|
+
|
|
116
|
+
```ruby
|
|
117
|
+
# app/models/nonce.rb
|
|
118
|
+
class Nonce < ActiveRecord::Base
|
|
119
|
+
validates_presence_of :value, :timestamp
|
|
120
|
+
validates_uniqueness_of :value, scope: :timestamp
|
|
121
|
+
|
|
122
|
+
def self.remember(ooauth_nonce)
|
|
123
|
+
new(value: ooauth_nonce.value, ooauth_nonce.timestamp).save
|
|
124
|
+
end
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# config/initializers/oo_auth.rb
|
|
128
|
+
OoAuth.nonce_store = Nonce
|
|
129
|
+
```
|
|
130
|
+
|
|
131
|
+
OoAuth comes with a pre-defined Redis nonce store, which can be enabled as following:
|
|
132
|
+
```ruby
|
|
133
|
+
# Gemfile
|
|
134
|
+
gem 'redis'
|
|
135
|
+
|
|
136
|
+
# config/initializers/oo_auth.rb
|
|
137
|
+
require 'oo_auth/nonce/redis_store'
|
|
138
|
+
|
|
139
|
+
OoAuth.nonce_store = OoAuth::Nonce::RedisStore.new(namespace: 'foobar')
|
|
140
|
+
```
|
|
92
141
|
|
|
93
142
|
## TODO
|
|
94
143
|
|
|
95
|
-
* Support POST body signing
|
|
144
|
+
* Support POST body signing for non-formencoded data
|
|
145
|
+
http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html
|
data/lib/oo_auth/nonce.rb
CHANGED
|
@@ -5,20 +5,6 @@ module OoAuth
|
|
|
5
5
|
attr_reader :value, :timestamp, :errors
|
|
6
6
|
|
|
7
7
|
class << self
|
|
8
|
-
def store
|
|
9
|
-
OoAuth.nonce_store || fail(ConfigurationError, 'no nonce store set')
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
def create(nonce)
|
|
13
|
-
if store.respond_to?(:call)
|
|
14
|
-
store.call(nonce)
|
|
15
|
-
elsif store.respond_to?(:create)
|
|
16
|
-
store.create(nonce)
|
|
17
|
-
else
|
|
18
|
-
fail ConfigurationError, 'nonce store not callable'
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
|
|
22
8
|
def remember(value, timestamp)
|
|
23
9
|
new(value, timestamp).save
|
|
24
10
|
end
|
|
@@ -41,7 +27,20 @@ module OoAuth
|
|
|
41
27
|
end
|
|
42
28
|
|
|
43
29
|
def save
|
|
44
|
-
|
|
30
|
+
return false unless valid?
|
|
31
|
+
if store.respond_to?(:call)
|
|
32
|
+
store.call(self)
|
|
33
|
+
elsif store.respond_to?(:remember)
|
|
34
|
+
store.remember(self)
|
|
35
|
+
else
|
|
36
|
+
fail ConfigurationError, 'nonce store not callable'
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
private
|
|
41
|
+
|
|
42
|
+
def store
|
|
43
|
+
OoAuth.nonce_store || fail(ConfigurationError, 'no nonce store set')
|
|
45
44
|
end
|
|
46
45
|
|
|
47
46
|
end
|
data/lib/oo_auth/signature.rb
CHANGED
|
@@ -33,7 +33,7 @@ module OoAuth
|
|
|
33
33
|
|
|
34
34
|
# Verify signature and remember nonce - use this to authorize actual requests
|
|
35
35
|
def verify!(proxy, credentials)
|
|
36
|
-
valid?(proxy, credentials) && remember_nonce!(proxy)
|
|
36
|
+
!!(valid?(proxy, credentials) && remember_nonce!(proxy))
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
private
|
data/lib/oo_auth/version.rb
CHANGED