oo_auth 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +78 -28
- data/lib/oo_auth/nonce.rb +14 -15
- data/lib/oo_auth/nonce/abstract_store.rb +1 -1
- data/lib/oo_auth/nonce/redis_store.rb +1 -1
- data/lib/oo_auth/signature.rb +1 -1
- data/lib/oo_auth/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c1f195a813ed4592a12273dafcf4421832150ef
|
|
4
|
+
data.tar.gz: ac91fdf7df2ae7900608a9ff10324ce672989c26
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 119fedaad30ed7871268feae52e1eba5f5946482dfd6ba8589ca40abc5402b5443ed1a0ed6db527d3f450c5ac607b7c80f67f220909db38da102eb0868dbaf40
|
|
7
|
+
data.tar.gz: 26dd994008db1eb664dbc754c41e10225226a057aa9a1540af5d3b0c34c31b89e9e4607bbf870f7b04bf04f05388245518f0fc27c7f7c39416a9e53bc23753c2
|
data/README.md
CHANGED
|
@@ -26,32 +26,6 @@ In your Gemfile:
|
|
|
26
26
|
gem 'oo_auth'
|
|
27
27
|
```
|
|
28
28
|
|
|
29
|
-
## Prerequisites
|
|
30
|
-
|
|
31
|
-
OoAuth requires your application to provide stores for authorization tokens
|
|
32
|
-
and OAuth nonces.
|
|
33
|
-
|
|
34
|
-
OoAuth stores can be simple lambdas or regular ruby objects.
|
|
35
|
-
|
|
36
|
-
### Authorization store
|
|
37
|
-
|
|
38
|
-
The authorization store should return an instance of ```OoAuth::Credentials```.
|
|
39
|
-
It can either be a lambda or an object implementing the `authorization` method.
|
|
40
|
-
|
|
41
|
-
```ruby
|
|
42
|
-
# your own implementation in SomeClass model
|
|
43
|
-
OoAuth.authorization_store = lambda { |consumer_key, token| SomeClass.find_by_tokens(consumer_key, token) }
|
|
44
|
-
```
|
|
45
|
-
```ruby
|
|
46
|
-
# direct lookup
|
|
47
|
-
OoAuth.authorization_store = User
|
|
48
|
-
```
|
|
49
|
-
### Nonce store
|
|
50
|
-
```ruby
|
|
51
|
-
require 'oo_auth/nonce/redis_store'
|
|
52
|
-
|
|
53
|
-
OoAuth.nonce_store = OoAuth::Nonce::RedisStore.new(namespace: 'foobar')
|
|
54
|
-
```
|
|
55
29
|
## Use
|
|
56
30
|
|
|
57
31
|
### OAuth consumer
|
|
@@ -74,7 +48,7 @@ request['Authorization']
|
|
|
74
48
|
### OAuth provider
|
|
75
49
|
|
|
76
50
|
```ruby
|
|
77
|
-
class
|
|
51
|
+
class ApiController < ApplicationController
|
|
78
52
|
|
|
79
53
|
before_filter :oauth_required
|
|
80
54
|
|
|
@@ -85,11 +59,87 @@ class FoobarController < ApplicationController
|
|
|
85
59
|
self.current_user = authorization.user
|
|
86
60
|
else
|
|
87
61
|
render nothing: true, status: 401
|
|
62
|
+
false
|
|
88
63
|
end
|
|
89
64
|
end
|
|
65
|
+
end
|
|
90
66
|
```
|
|
91
67
|
|
|
68
|
+
## Prerequisites for OAuth providers
|
|
69
|
+
|
|
70
|
+
OoAuth requires your provider application to provide stores for authorization tokens
|
|
71
|
+
and OAuth nonces. (You won't need these stores if you're only using OoAuth's client
|
|
72
|
+
functionality.)
|
|
73
|
+
|
|
74
|
+
OoAuth stores can be as simple lambdas or regular ruby objects.
|
|
75
|
+
|
|
76
|
+
### Authorization store
|
|
77
|
+
|
|
78
|
+
The authorization store is used for looking up OAuth credentials. It could for example
|
|
79
|
+
be an API account or user model. OoAuth will query the authorization store by calling
|
|
80
|
+
its method `authorization(consumer_key, token)` if it is a regular object, or just
|
|
81
|
+
call it with the same arguments if it is a lambda.
|
|
82
|
+
|
|
83
|
+
When the consumer key and token combination actually exists, the call should return
|
|
84
|
+
an object representing the API account (e.g. user instance, API account instance).
|
|
85
|
+
|
|
86
|
+
This instance again must implement the method `:credentials`, and return an instance
|
|
87
|
+
of `OoAuth::Credentials` initialized with the account's full credential set.
|
|
88
|
+
|
|
89
|
+
```ruby
|
|
90
|
+
|
|
91
|
+
# app/models/api_account.rb
|
|
92
|
+
class ApiAccount < ActiveRecord::Base
|
|
93
|
+
|
|
94
|
+
def self.authorization(consumer_key, token)
|
|
95
|
+
where(consumer_key: consumer_key, token: token).first
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
def credentials
|
|
99
|
+
OoAuth::Credentials.new(consumer_key, consumer_secret, token, token_secret)
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
# config/initializers/oo_auth.rb
|
|
104
|
+
OoAuth.authorization_store = ApiAccount
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
### Nonce store
|
|
108
|
+
|
|
109
|
+
The nonce store is needed by provider applications to temporarily store OAuth nonces.
|
|
110
|
+
It must provide a `remember(nonce)` method or be a callable proc, where `nonce` is an
|
|
111
|
+
instance of `OoAuth::Nonce`.
|
|
112
|
+
|
|
113
|
+
The store must ensure that each tuple `(timestamp, nonce value)` is only created once.
|
|
114
|
+
This is required by the OAuth spec in order to prevent replay attacks.
|
|
115
|
+
|
|
116
|
+
```ruby
|
|
117
|
+
# app/models/nonce.rb
|
|
118
|
+
class Nonce < ActiveRecord::Base
|
|
119
|
+
validates_presence_of :value, :timestamp
|
|
120
|
+
validates_uniqueness_of :value, scope: :timestamp
|
|
121
|
+
|
|
122
|
+
def self.remember(ooauth_nonce)
|
|
123
|
+
new(value: ooauth_nonce.value, ooauth_nonce.timestamp).save
|
|
124
|
+
end
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# config/initializers/oo_auth.rb
|
|
128
|
+
OoAuth.nonce_store = Nonce
|
|
129
|
+
```
|
|
130
|
+
|
|
131
|
+
OoAuth comes with a pre-defined Redis nonce store, which can be enabled as following:
|
|
132
|
+
```ruby
|
|
133
|
+
# Gemfile
|
|
134
|
+
gem 'redis'
|
|
135
|
+
|
|
136
|
+
# config/initializers/oo_auth.rb
|
|
137
|
+
require 'oo_auth/nonce/redis_store'
|
|
138
|
+
|
|
139
|
+
OoAuth.nonce_store = OoAuth::Nonce::RedisStore.new(namespace: 'foobar')
|
|
140
|
+
```
|
|
92
141
|
|
|
93
142
|
## TODO
|
|
94
143
|
|
|
95
|
-
* Support POST body signing
|
|
144
|
+
* Support POST body signing for non-formencoded data
|
|
145
|
+
http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html
|
data/lib/oo_auth/nonce.rb
CHANGED
|
@@ -5,20 +5,6 @@ module OoAuth
|
|
|
5
5
|
attr_reader :value, :timestamp, :errors
|
|
6
6
|
|
|
7
7
|
class << self
|
|
8
|
-
def store
|
|
9
|
-
OoAuth.nonce_store || fail(ConfigurationError, 'no nonce store set')
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
def create(nonce)
|
|
13
|
-
if store.respond_to?(:call)
|
|
14
|
-
store.call(nonce)
|
|
15
|
-
elsif store.respond_to?(:create)
|
|
16
|
-
store.create(nonce)
|
|
17
|
-
else
|
|
18
|
-
fail ConfigurationError, 'nonce store not callable'
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
|
|
22
8
|
def remember(value, timestamp)
|
|
23
9
|
new(value, timestamp).save
|
|
24
10
|
end
|
|
@@ -41,7 +27,20 @@ module OoAuth
|
|
|
41
27
|
end
|
|
42
28
|
|
|
43
29
|
def save
|
|
44
|
-
|
|
30
|
+
return false unless valid?
|
|
31
|
+
if store.respond_to?(:call)
|
|
32
|
+
store.call(self)
|
|
33
|
+
elsif store.respond_to?(:remember)
|
|
34
|
+
store.remember(self)
|
|
35
|
+
else
|
|
36
|
+
fail ConfigurationError, 'nonce store not callable'
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
private
|
|
41
|
+
|
|
42
|
+
def store
|
|
43
|
+
OoAuth.nonce_store || fail(ConfigurationError, 'no nonce store set')
|
|
45
44
|
end
|
|
46
45
|
|
|
47
46
|
end
|
data/lib/oo_auth/signature.rb
CHANGED
|
@@ -33,7 +33,7 @@ module OoAuth
|
|
|
33
33
|
|
|
34
34
|
# Verify signature and remember nonce - use this to authorize actual requests
|
|
35
35
|
def verify!(proxy, credentials)
|
|
36
|
-
valid?(proxy, credentials) && remember_nonce!(proxy)
|
|
36
|
+
!!(valid?(proxy, credentials) && remember_nonce!(proxy))
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
private
|
data/lib/oo_auth/version.rb
CHANGED