opro 0.0.1.pre

data/app/controllers/opro_application_controller.rb

@@ -0,0 +1,8 @@
+class ApplicationController < ActionController::Base
+
+  # Any code that would/should go into ApplicationController is
+  # no in lib/opro/conrollers/application_controller_helper.rb
+  # it is loaded into ApplicationController in lib/opro/engine.rb
+  # thanks for visiting, come back soon
+
+end

data/app/models/oauth/access_grant.rb

@@ -0,0 +1,42 @@
+class Oauth::AccessGrant < ActiveRecord::Base
+
+  self.table_name = :opro_access_grants
+
+  belongs_to :user
+  belongs_to :client_application, :class_name => "Oauth::ClientApplication"
+  belongs_to :application,        :class_name => "Oauth::ClientApplication"
+
+  validates :application_id, :uniqueness => {:scope => :user_id, :message => "Applicaiton is already authed for this user"}, :presence => true
+
+  before_create :generate_tokens
+
+  def self.prune!
+    # UPDATEME
+    # delete_all(["created_at < ?", 3.days.ago])
+  end
+
+  def self.find_user_for_token(token)
+    self.where(:access_token => token).first.try(:user)
+  end
+
+  def self.authenticate(code, application_id)
+    self.where("code = ? AND application_id = ?", code, application_id).first
+  end
+
+  def generate_tokens
+    self.code, self.access_token, self.refresh_token = SecureRandom.hex(16), SecureRandom.hex(16), SecureRandom.hex(16)
+  end
+
+  def redirect_uri_for(redirect_uri)
+    if redirect_uri =~ /\?/
+      redirect_uri + "&code=#{code}&response_type=code"
+    else
+      redirect_uri + "?code=#{code}&response_type=code"
+    end
+  end
+
+  def start_expiry_period!
+    # UPDATEME
+    # self.update_attribute(:access_token_expires_at, 2.days.from_now)
+  end
+end

data/app/models/oauth/client_application.rb

@@ -0,0 +1,30 @@
+class Oauth::ClientApplication < ActiveRecord::Base
+  self.table_name = :opro_client_applications
+
+  belongs_to :user
+  validates  :app_id, :uniqueness => true
+  validates  :name,   :uniqueness => true
+
+  alias_attribute :client_id, :app_id
+
+  alias_attribute :client_secret, :app_secret
+  alias_attribute :secret,        :app_secret
+
+  def self.authenticate(app_id, app_secret)
+    where(["app_id = ? AND app_secret = ?", app_id, app_secret]).first
+  end
+
+  def self.create_with_user_and_name(user, name)
+    create(:user => user, :name => name, :app_id => generate_id, :app_secret => SecureRandom.hex(16))
+  end
+
+  def self.generate_id
+    app_id     = SecureRandom.hex(16)
+    client_app = where(:app_id => app_id)
+    if client_app.present?
+      generate_id
+    else
+      return app_id
+    end
+  end
+end

data/app/views/oauth/auth/new.html.erb

@@ -0,0 +1,8 @@
+<h2><%= @client_app.name %> Would like to access your Data</h2>
+Do not accept if you do not know them or you would not like to authorize this url: <%= @redirect_uri %>
+
+<%= form_for @client_app, :url => oauth_authorize_path(:client_id => @client_app.client_id, :redirect_uri => @redirect_uri), :method => :post do |f| %>
+  <%= f.submit 'I Authorize This Application', :id => 'oauthAuthorize' %>
+<%- end -%>
+
+<%= button_to 'I Do Not Authorize This Application', request.referrer, :id => 'oauthNoAuthorize' %>

data/app/views/oauth/client_application/create.html.erb

@@ -0,0 +1,11 @@
+<h2>Success! Here is your App</h2>
+<table>
+  <tr><td>Name:  </td><td><%= @client_app.name       %></td></tr>
+  <tr><td>Client Id:    </td><td><%= @client_app.app_id     %></td></tr>
+  <tr><td>Secret:</td><td><%= @client_app.app_secret %></td></tr>
+</table>
+
+<div>
+  <%= link_to 'Register an New App', new_oauth_client_application_path %>
+</div>
+

data/app/views/oauth/client_application/index.html.erb

@@ -0,0 +1,18 @@
+<%- if @client_apps.blank? -%>
+  <h2>You have no Apps</h2>
+<%- else -%>
+  <h2>Your Apps</h2>
+  <% @client_apps.each do |client_app| %>
+    <table>
+      <tr><td>Name:   </td><td> <%= client_app.name       %></td></tr>
+      <tr><td>id:     </td><td> <%= client_app.app_id     %></td></tr>
+      <tr><td>Secret: </td><td> <%= client_app.app_secret %></td></tr>
+    </table>
+    <hr />
+  <%- end -%>
+<%- end -%>
+
+
+<div>
+  <%= link_to 'Register an New App', new_oauth_client_application_path %>
+</div>

data/app/views/oauth/client_application/new.html.erb

@@ -0,0 +1,13 @@
+<h2>Create An App</h2>
+<div>
+  <%= form_for @client_app do |f| %>
+    <%= f.label :name %>:
+    <%= f.text_field :name, :placeholder => 'App Name' %>
+    <%= f.submit 'Create Oauth Client', :id => 'submitApp' %>
+  <%- end -%>
+</div>
+
+
+<div>
+  <%= link_to 'My Aplications', oauth_client_applications_path %>
+</div>

data/app/views/oauth/docs/index.html.erb

@@ -0,0 +1,14 @@
+<h2>Oauth Docs</h2>
+
+
+<p>Oauth shouldn't be hard, and neither should docs</p>
+
+<h2>Quick Links</h2>
+
+<ul>
+  <li><%= link_to 'Quick Start',  oauth_doc_path(:quick_start) %></li>
+  <li><%= link_to 'Curl',   oauth_doc_path(:curl) %></li>
+  <li><%= link_to 'Oauth',  oauth_doc_path(:oauth) %></li>
+</ul>
+
+<%= render_doc(:quick_start) %>

data/app/views/oauth/docs/markdown/curl.md.erb

@@ -0,0 +1,6 @@
+This document explains what curl is and how to use it. 
+
+TODO
+
+
+In the future I would love to include Hurl in this project. If that interests you, submit a pull request ;)

data/app/views/oauth/docs/markdown/oauth.md.erb

@@ -0,0 +1 @@
+Oauth is ... TODO

data/app/views/oauth/docs/markdown/quick_start.md.erb

@@ -0,0 +1,70 @@
+## Quick Start Guide
+
+This site is providing OAuth through [Opro](http://github.com/schneems/opro). If this is your first time using Oauth, please visit [What is Oauth]() or follow along with this guide.
+
+## Step 1: Register your Application
+
+Sign in as a registered user then visit the [new client application page](/oauth_client_applications/new). Enter in the name of your application for this example we can use `foo`, you can change this later if you desire. Hit enter and you should see a screen that has your application name along with a `client id` and a `secret`, these behave like a username and password for your OAuth application.
+
+
+    Name:       foo
+    client id:  3234myClientId5678
+    Secret:     14321myClientSecret8765
+
+
+Once you've registered an app successfully we can start to build an OAuth application
+
+
+## Step 2: As a User Grant access to your App
+
+Now that you have a client id, you'll want to give it access to a  user account. Open a new browser window with your currently logged in account, then give your application permission by visiting the url below (please swap out '3234myClientId5678' for your client id)
+
+    <%= "#{request.base_url}/oauth/authorize?" %>client_id=3234myClientId5678&redirect_uri=/
+
+This should land you on a page asking if you would like to grant permission to the application. If not, make sure you're logged in and you put the correct client id in the url.
+
+Once you grant your application permission, you will be redirected back to the url provided. In this case we will go back to the home page of our app.
+
+Once redirected to the home page take a look in the address bar, we should see a `code` parameter. Copy this for use later:
+
+    <%= "#{request.base_url}?" %>?code=4857goldfish827423
+
+In the url above the `code` would be `4857goldfish827423`. This code can be used to obtain an access token for the user. Once you have a user's access token, you can perform actions for the user as if they were logged in. If you accidentally close this page, don't worry just visit first url and we'll show you the code again.
+
+
+
+## Step 3: Get AccessToken for User with Curl
+
+We'll be using [Curl]() to go through the process of getting an access for our first user, you'll likely use http client libraries in your actual applications, but most systems come with curl and it is a fairly easy way to get started. If you've never used it before read our [curl documentation]()
+
+(Note in all code examples the $ character indicates we are on the command line, it does not need to be coppied)
+
+
+    $ curl '<%= "#{request.base_url}/oauth/access_token?" %>?client_id=3234myClientId5678&client_secret=14321myClientSecret8765&code=4857goldfish827423'
+
+You'll want to make sure to replace `client_id`, `client_secret`, and `code` with your values.
+
+You should get back a response that looks like this
+
+    $ {"access_token":"9693accessTokena7ca570bbaf","refresh_token":"3a3c129ad02b573de78e65af06c293f1","expires_in":null}
+
+
+If not, double check the previous steps and ensure you are using the correct values in the query. Copy the `access_token` we'll use it for the rest of our application, in this example it is `9693accessTokena7ca570bbaf`. Treat this access_token as if it were the user's password. It is sensitive information.
+
+
+Step 4: Use the access token
+
+Now we've gone through all the hard work of getting this token, you can use it to make authenticated requests to the server. You'll just need to include the correct `access_token` parameter in your query and you'll be logged in as that user for that request.
+
+
+Try it out for yourself open up a browser and go to
+
+
+    <%= "#{request.base_url}/oauth/access_token?" %>
+
+
+## Security
+
+
+Don't share your client application's secret or any user's access_token with unknown or untrusted parties. Always use https when available and don't write any of these values to your application's logs.
+

data/app/views/oauth/docs/show.html.erb

@@ -0,0 +1 @@
+<%= render_doc(@doc) %>

data/config/routes.rb

@@ -0,0 +1,9 @@
+Rails.application.routes.draw do
+
+  match 'oauth/new'           => 'oauth/auth#new',          :as => 'oauth_new'
+  match '/oauth/authorize'    => 'oauth/auth#authorize',    :as => 'oauth_authorize'
+  match '/oauth/access_token' => 'oauth/auth#access_token', :as => 'oauth_token'
+
+  resources :oauth_docs,                :controller => 'oauth/docs'
+  resources :oauth_client_applications, :controller => 'oauth/client_application'
+end

data/lib/generators/active_record/opro_generator.rb

@@ -0,0 +1,28 @@
+require 'rails/generators/migration'
+
+
+module ActiveRecord
+  module Generators
+    class OproGenerator < ::Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path('../templates', __FILE__)
+
+      desc "add the migrations"
+
+      def self.next_migration_number(path)
+        unless @prev_migration_nr
+          @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+        else
+          @prev_migration_nr += 1
+        end
+        @prev_migration_nr.to_s
+      end
+
+
+      def copy_migrations
+        migration_template "access_grants.rb",       "db/migrate/create_opro_access_grants.rb"
+        migration_template "client_applications.rb", "db/migrate/create_opro_client_applications.rb"
+      end
+    end
+  end
+end

data/lib/generators/active_record/templates/access_grants.rb

@@ -0,0 +1,14 @@
+class CreateOproAccessGrants < ActiveRecord::Migration
+  def change
+    create_table :opro_access_grants do |t|
+      t.string   :code
+      t.string   :access_token
+      t.string   :refresh_token
+      t.datetime :access_token_expires_at
+      t.integer  :user_id
+      t.integer  :application_id
+
+      t.timestamps
+    end
+  end
+end

data/lib/generators/active_record/templates/client_applications.rb

@@ -0,0 +1,11 @@
+class CreateOproClientApplications < ActiveRecord::Migration
+  def change
+    create_table :opro_client_applications do |t|
+      t.string  :name
+      t.string  :app_id
+      t.string  :app_secret
+      t.integer :user_id
+      t.timestamps
+    end
+  end
+end

data/lib/generators/opro/install_generator.rb

@@ -0,0 +1,21 @@
+require 'securerandom'
+
+module Opro
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+
+      desc "Creates a Opro initializer"
+      class_option :orm
+
+      def copy_initializer
+        template "opro.rb", "config/initializers/opro.rb"
+      end
+
+      def run_other_generators
+        generate "active_record:opro"
+      end
+    end
+  end
+end
+

data/lib/generators/templates/opro.rb

@@ -0,0 +1,4 @@
+Opro.setup do |config|
+  ## Uncomment to configure devise
+  # config.auth_strategy = :devise
+end

data/lib/opro.rb

@@ -0,0 +1,86 @@
+module Opro
+
+  module Controllers
+  end
+  # Include helpers in the given scope to AC and AV.
+  def self.include_helpers(scope)
+    ActiveSupport.on_load(:action_controller) do
+      include scope::ApplicationControllerHelper if defined?(scope::ApplicationControllerHelper)
+    end
+  end
+
+
+  def self.setup
+    yield self
+    set_login_logout_methods
+  end
+
+  def self.set_login_logout_methods
+    case auth_strategy
+    when :devise
+      login_method             { |controller, current_user| controller.sign_in(current_user, :bypass => true) }
+      logout_method            { |controller, current_user| controller.sign_out(current_user) }
+      authenticate_user_method { |controller| controller.authenticate_user! }
+    else
+      # nothing
+      # TODO, be smart here, if they have devise gem in Gemfile and haven't specified auth_strategy use devise
+    end
+  end
+
+  # Used by application controller to log user in
+  def self.login(*args)
+    raise 'login method not set, please specify Opro auth_strategy' if login_method.blank?
+    login_method.call(*args)
+  end
+
+  # Used by application controller to log user out
+  def self.logout(*args)
+    raise 'login method not set, please specify Opro auth_strategy' if login_method.blank?
+    logout_method.call(*args)
+  end
+
+
+  def self.auth_strategy(auth_strategy = nil)
+    if auth_strategy.present?
+      @auth_strategy = auth_strategy
+    else
+      @auth_strategy
+    end
+  end
+
+  def self.auth_strategy=(auth_strategy)
+    @auth_strategy = auth_strategy
+  end
+
+
+  def self.login_method(&block)
+    if block.present?
+      @login_method = block
+    else
+      @login_method or raise 'login method not set, please specify Opro auth_strategy'
+    end
+  end
+
+
+  def self.logout_method(&block)
+    if block.present?
+      @logout_method = block
+    else
+      @logout_method or raise 'login method not set, please specify Opro auth_strategy'
+    end
+  end
+
+  def self.authenticate_user_method(&block)
+    if block.present?
+      @authenticate_user_method = block
+    else
+      @authenticate_user_method or raise 'authenticate user method not set, please specify Opro auth_strategy'
+    end
+  end
+end
+
+# require 'opro/controller/concerns/render_redirect'
+# require 'opro/controller/concerns/steps'
+# require 'opro/controller/concerns/path'
+require 'opro/controllers/application_controller_helper'
+require 'opro/engine'

data/lib/opro/controllers/application_controller_helper.rb

@@ -0,0 +1,38 @@
+# this concern gets put into ApplicationController
+
+module Opro
+  module Controllers
+    module ApplicationControllerHelper
+      extend ActiveSupport::Concern
+      
+      included do
+        around_filter      :oauth_auth!
+        skip_before_filter :verify_authenticity_token, :if => :valid_oauth?
+      end
+
+      def opro_authenticate_user!
+        Opro.authenticate_user_method.call(self)
+      end
+
+      protected
+      def oauth?
+        params[:access_token].present?
+      end
+
+      def oauth_user
+        @oauth_user ||= Oauth::AccessGrant.find_user_for_token(params[:access_token])
+      end
+
+      def valid_oauth?
+        oauth? && oauth_user.present?
+      end
+
+      def oauth_auth!
+        ::Opro.login(self, oauth_user)  if valid_oauth?
+        yield
+        ::Opro.logout(self, oauth_user) if valid_oauth?
+      end
+
+    end
+  end
+end