opro 0.0.1 → 0.0.2

data/app/controllers/oauth/client_app_controller.rb

@@ -0,0 +1,24 @@
+class Oauth::ClientAppController < OproController
+  before_filter :opro_authenticate_user!
+
+  def new
+    @client_app = Oauth::ClientApp.new
+  end
+
+  # Show all client applications belonging to the current user
+  def index
+    @client_apps = Oauth::ClientApp.where(:user_id => current_user.id)
+  end
+
+
+  def create
+    @client_app = Oauth::ClientApp.find_by_user_id_and_name(current_user.id, params[:oauth_client_app][:name])
+    @client_app ||= Oauth::ClientApp.create_with_user_and_name(current_user, params[:oauth_client_app][:name])
+    if @client_app.save
+      # do nothing
+    else
+      render :new
+    end
+  end
+
+end

data/app/controllers/oauth/docs_controller.rb

@@ -4,7 +4,7 @@ require 'bluecloth'
 OPRO_MD_ROOT=File.join(File.dirname(__FILE__), '../../views/oauth/docs/markdown/')
 
 
-class Oauth::DocsController < ApplicationController
+class Oauth::DocsController < OproController
   helper_method :render_doc
 
   def index

data/app/controllers/oauth/tests_controller.rb

@@ -1,4 +1,4 @@
-class Oauth::TestsController < ApplicationController
+class Oauth::TestsController < OproController
   allow_oauth!
   disallow_oauth! :only => [:destroy]
 
@@ -10,7 +10,7 @@ class Oauth::TestsController < ApplicationController
     result = if valid_oauth?
       {:status => 200, :message => 'OAuth Worked!!', :params => params, :user_id => oauth_user.id }
     else
-      {:status => 401, :message => "OAuth Did not Work :(  #{generate_oauth_error_message!}", :params => params}
+      {:status => :unauthorized, :message => "OAuth Did not Work :(  #{generate_oauth_error_message!}", :params => params}
     end
 
     respond_to do |format|
@@ -27,7 +27,7 @@ class Oauth::TestsController < ApplicationController
     result = if valid_oauth?
       {:status => 200, :message => 'OAuth Worked!!', :params => params, :user_id => oauth_user.id }
     else
-      {:status => 401, :message => "OAuth Did not Work D:  #{generate_oauth_error_message!}", :params => params}
+      {:status => :unauthorized, :message => "OAuth Did not Work D:  #{generate_oauth_error_message!}", :params => params}
     end
 
     respond_to do |format|
@@ -44,7 +44,7 @@ class Oauth::TestsController < ApplicationController
     result = if valid_oauth?
       {:status => 200, :message => 'OHNO!!! OAuth is Disabled on this Action, this is bad', :params => params}
     else
-      {:status => 401, :message => "Oauth is Disabled on this Action, this is the correct result!", :params => params}
+      {:status => :unauthorized, :message => "Oauth is Disabled on this Action, this is the correct result!", :params => params}
     end
 
     respond_to do |format|
@@ -56,26 +56,4 @@ class Oauth::TestsController < ApplicationController
       end
     end
   end
-
-  private
-
-  def generate_oauth_error_message!
-    msg = ""
-    msg << ' - No OAuth Token Provided!'    if params[:access_token].blank?
-    msg << ' - Allow OAuth set to false!'   if allow_oauth? == false
-    msg << ' - OAuth user not found!'       if oauth_user.blank?
-    generate_oauth_permissions_error_message!(msg)
-    msg
-  end
-
-  def generate_oauth_permissions_error_message!(msg = '')
-    if !oauth_client_has_permissions?
-      msg << ' - OAuth client not permitted'
-      oauth_required_permissions.each do |permission|
-        msg << "- #{permission} permission required;" unless oauth_client_has_permission?(permission)
-      end
-    end
-    msg
-  end
-
 end

data/app/controllers/oauth/token_controller.rb

@@ -0,0 +1,40 @@
+# This controller is where clients can exchange
+# codes and refresh_tokens for access_tokens
+
+class Oauth::TokenController < OproController
+  before_filter      :opro_authenticate_user!,    :except => [:create]
+  skip_before_filter :verify_authenticity_token,  :only   => [:create]
+
+
+  def create
+    # Find the client application
+    application = Oauth::ClientApp.authenticate(params[:client_id], params[:client_secret])
+
+    if application.nil?
+      render :json => {:error => "Could not find application based on client_id=#{params[:client_id]}
+                                  and client_secret=#{params[:client_secret]}"}, :status => :unauthorized
+      return
+    end
+
+
+    if params[:code]
+      auth_grant = Oauth::AuthGrant.authenticate(params[:code], application.id)
+    else
+      auth_grant = Oauth::AuthGrant.refresh_tokens!(params[:refresh_token], application.id)
+    end
+
+    if auth_grant.nil?
+      msg = "Could not find a user that belongs to this application & "
+      msg << " has a refresh_token=#{params[:refresh_token]}" if params[:refresh_token]
+      msg << " has been granted a code=#{params[:code]}"      if params[:code]
+      render :json => {:error => msg }, :status => :unauthorized
+      return
+    end
+
+    auth_grant.generate_expires_at!
+    render :json => { :access_token   => auth_grant.access_token,
+                      :refresh_token  => auth_grant.refresh_token,
+                      :expires_in     => auth_grant.expires_in }
+  end
+
+end

data/app/controllers/opro_controller.rb

@@ -0,0 +1,4 @@
+class OproController < ApplicationController
+
+
+end

data/app/models/oauth/access_grant.rb

@@ -1,14 +1,14 @@
-class Oauth::AccessGrant < ActiveRecord::Base
+class Oauth::AuthGrant < ActiveRecord::Base
 
   self.table_name = :opro_access_grants
 
   belongs_to :user
-  belongs_to :client_application, :class_name => "Oauth::ClientApplication"
-  belongs_to :application,        :class_name => "Oauth::ClientApplication"
+  belongs_to :client_application, :class_name => "Oauth::ClientApp"
+  belongs_to :application,        :class_name => "Oauth::ClientApp"
 
-  validates :application_id, :uniqueness => {:scope => :user_id, :message => "Applicaiton is already authed for this user"}, :presence => true
+  validates :application_id, :uniqueness => {:scope => :user_id, :message => "Application is already authed for this user"}, :presence => true
 
-  before_create :generate_tokens
+  before_create :generate_tokens!, :generate_expires_at!
 
   alias_attribute :token, :access_token
 
@@ -19,8 +19,27 @@ class Oauth::AccessGrant < ActiveRecord::Base
   end
 
   def self.prune!
-    # UPDATEME
-    # delete_all(["created_at < ?", 3.days.ago])
+    return false unless ::Opro.require_refresh_within.present?
+
+    time_to_expire = ::Opro.require_refresh_within.ago.in_time_zone
+    find_each(:conditions => ["created_at < ?", time_to_expire]) do |grant|
+      # grant.
+    end
+  end
+
+  def expired?
+    return false unless ::Opro.require_refresh_within.present?
+    return expires_in < 0
+  end
+
+  def not_expired?
+    !expired?
+  end
+
+  def expires_in
+    return false unless access_token_expires_at.present?
+    time = access_token_expires_at - Time.now
+    time.to_i
   end
 
   def self.find_for_token(token)
@@ -32,10 +51,29 @@ class Oauth::AccessGrant < ActiveRecord::Base
   end
 
   def self.authenticate(code, application_id)
-    self.where("code = ? AND application_id = ?", code, application_id).first
+    auth_grant = self.where("code = ? AND application_id = ?", code, application_id).first
   end
 
-  def generate_tokens
+  def self.refresh_tokens!(refresh_token, application_id)
+    auth_grant = self.where("refresh_token = ? AND application_id = ?", refresh_token, application_id).first
+    if auth_grant.present?
+      auth_grant.generate_tokens!
+      auth_grant.generate_expires_at!
+      auth_grant.save!
+    end
+    auth_grant
+  end
+
+  def generate_expires_at!
+    if ::Opro.require_refresh_within.present?
+      self.access_token_expires_at = Time.now + ::Opro.require_refresh_within
+    else
+      self.access_token_expires_at = nil
+    end
+    true
+  end
+
+  def generate_tokens!
     self.code, self.access_token, self.refresh_token = SecureRandom.hex(16), SecureRandom.hex(16), SecureRandom.hex(16)
   end
 
@@ -46,9 +84,4 @@ class Oauth::AccessGrant < ActiveRecord::Base
       redirect_uri + "?code=#{code}&response_type=code"
     end
   end
-
-  def start_expiry_period!
-    # UPDATEME
-    # self.update_attribute(:access_token_expires_at, 2.days.from_now)
-  end
 end

data/app/models/oauth/{client_application.rb → client_appl.rb}

@@ -1,4 +1,4 @@
-class Oauth::ClientApplication < ActiveRecord::Base
+class Oauth::ClientApp < ActiveRecord::Base
   self.table_name = :opro_client_applications
 
   belongs_to :user

data/app/views/oauth/{client_application → client_app}/create.html.erb

@@ -10,6 +10,6 @@
 <p>
   Read the
   <%= link_to 'Quick Start Documentation', oauth_doc_path(:quick_start) %> or
-    <%= link_to 'Register Another Oauth Client App', new_oauth_client_application_path %>
+    <%= link_to 'Register Another Oauth Client App', new_oauth_client_app_path %>
 </p>
 

data/app/views/oauth/{client_application → client_app}/index.html.erb

@@ -14,5 +14,5 @@
 
 
 <div>
-  <%= link_to 'Register an New App', new_oauth_client_application_path %>
+  <%= link_to 'Register an New App', new_oauth_client_app_path %>
 </div>

data/app/views/oauth/{client_application → client_app}/new.html.erb

@@ -10,5 +10,5 @@
 
 
 <div>
-  <%= link_to 'My Aplications', oauth_client_applications_path %>
+  <%= link_to 'My Aplications', oauth_client_apps_path %>
 </div>

data/app/views/oauth/docs/index.html.erb

@@ -9,6 +9,14 @@
   <li><%= link_to 'Quick Start',  oauth_doc_path(:quick_start) %></li>
   <li><%= link_to 'Curl',   oauth_doc_path(:curl) %></li>
   <li><%= link_to 'Oauth',  oauth_doc_path(:oauth) %></li>
+  <% if ::Opro.request_permissions.present? %>
+    <li><%= link_to 'Permisions',  oauth_doc_path(:permissions) %></li>
+  <% end %>
+  <% if ::Opro.require_refresh_within.blank? %>
+    <li><%= link_to 'Refresh Tokens',  oauth_doc_path(:refresh_tokens) %></li>
+  <% end %>
+
+
 </ul>
 
 <%= render_doc(:quick_start) %>

data/app/views/oauth/docs/markdown/oauth.md.erb

@@ -1,6 +1,6 @@
 ## Opro Oauth
 
-OAuth comes in a few different flavors, the implementation of OAuth comes from <%= link_to "Facebook's Server Side OAuth Authentication", 'http://developers.facebook.com/docs/authentication/server-side/'%>.
+OAuth comes in a few different flavors, the implementation of OAuth comes from [Facebook's Server Side OAuth Authentication](http://developers.facebook.com/docs/authentication/server-side/).
 
 
 ## What is It?
@@ -23,6 +23,6 @@ OAuth is simple in concept, but can be tricky to implement right. Many services
 
 This website is an OAuth Provider, and you can create an OAuth client to access this website as a logged in user for select url's.
 
-To get started getting your first OAuth token follow the <%= view_context.link_to 'quick start guide', oauth_doc_path(:quick_start) %>. 
+To get started getting your first OAuth token follow the <%= view_context.link_to 'quick start guide', oauth_doc_path(:quick_start) %>.
 
 

data/app/views/oauth/docs/markdown/permissions.md.erb

@@ -0,0 +1,30 @@
+<%= "# Individual Permissions are not implemented in this application" if ::Opro.request_permissions.blank? %>
+
+
+# Permissions
+
+Permissions give the user a way to control the scope of access that a client application has to their data. This is similar to how Facebook will ask users what actions an app can take on their part.
+
+
+<% if ::Opro.request_permissions.present? && ::Opro.request_permissions.map(&:to_s).include?("write") %>
+
+## Write Access
+
+To perform any type of request other than a GET ([HTTP Request methods](http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods)), your application must have `write` access to the user. You can specify this scope (see Request Scope below) or by default all permissions will be requested.
+
+<% end %>
+
+## Request Scope
+
+As a client app you can request specific scopes while you are authing a user, if no scope is specified all permissions will be requested.
+
+      <%= "#{request.base_url}/oauth/authorize?" %>scope[]=write&#... %>
+
+While authorizing your app a user can choose to accept or deny individual permissions.
+
+
+## Available Permissions/Scopes
+
+These are the available permissions you can request as a client application. If no scope is provided, all permissions will be requested.
+
+      <%= ::Opro.request_permissions.inspect %>

data/app/views/oauth/docs/markdown/quick_start.md.erb

@@ -40,7 +40,7 @@ We'll be using [Curl](<%= oauth_doc_path(:curl) %>) to go through the process of
 (Note in all code examples the $ character indicates we are on the command line, it does not need to be coppied)
 
 
-    $ curl '<%= "#{request.base_url}/oauth/access_token?" %>?client_id=3234myClientId5678&client_secret=14321myClientSecret8765&code=4857goldfish827423'
+    $ curl '<%= "#{request.base_url}/oauth/token?" %>?client_id=3234myClientId5678&client_secret=14321myClientSecret8765&code=4857goldfish827423'
 
 You'll want to make sure to replace `client_id`, `client_secret`, and `code` with your values.
 

data/app/views/oauth/docs/markdown/refresh_tokens.md.erb

@@ -0,0 +1,18 @@
+<%= "# Refresh Tokens are not required in this application" if ::Opro.require_refresh_within.blank? %>
+
+# Refresh Tokens
+
+Refresh tokens can be used to refresh an expiring `access_token`. When you receive your initial `access_token` you will receive a `request_token` in the json as well as an `expires_in` value. The `expires_in` value marks the seconds that the current `access_token` is still valid. After this value reaches zero a client application will not be able to use the existing `access_token`.
+
+## Refreshing an Access Token
+
+If a token has expired or you simply wish to receive a new `access_token` you can send your `refresh_token` along with your `app_id` and `app_secret` to `/oauth/token` and your access_token will be refreshed.
+
+
+    $ curl '<%= "#{request.base_url}/oauth/token?" %>?client_id=3234myClientId5678&client_secret=14321myClientSecret8765&refresh_token=4857goldfish827423'
+
+You'll want to make sure to replace `client_id`, `client_secret`, and `refresh_token` with your values.
+
+You should get back a response that looks like this
+
+    $ {"access_token":"9693accessTokena7ca570bbaf","refresh_token":"3a3c129ad02b573de78e65af06c293f1","expires_in":7300 }

data/config/routes.rb

@@ -1,10 +1,5 @@
-Rails.application.routes.draw do
-
-  match 'oauth/new'           => 'oauth/auth#new',          :as => 'oauth_new'
-  match '/oauth/authorize'    => 'oauth/auth#authorize',    :as => 'oauth_authorize'
-  match '/oauth/access_token' => 'oauth/auth#access_token', :as => 'oauth_token'
-
-  resources :oauth_docs,                :controller => 'oauth/docs'
-  resources :oauth_tests,               :controller => 'oauth/tests'
-  resources :oauth_client_applications, :controller => 'oauth/client_application'
-end
+# look in lib/opro/rails/routes.rb
+  # they get added to a users config/routes.rb when the user runs
+  # rails g opro:install
+  # this functionality is added in `add_opro_routes` of
+  # lib/generators/opro/install_generator.rb

data/lib/generators/active_record/opro_generator.rb

@@ -7,7 +7,7 @@ module ActiveRecord
       include Rails::Generators::Migration
       source_root File.expand_path('../templates', __FILE__)
 
-      desc "add the migrations"
+      desc "add the migrations needed for opro oauth"
 
       def self.next_migration_number(path)
         unless @prev_migration_nr

data/lib/generators/active_record/templates/access_grants.rb

@@ -1,4 +1,4 @@
-class CreateOproAccessGrants < ActiveRecord::Migration
+class CreateOproAuthGrants < ActiveRecord::Migration
   def change
     create_table  :opro_access_grants do |t|
       t.string    :code

data/lib/generators/active_record/templates/client_applications.rb

@@ -1,4 +1,4 @@
-class CreateOproClientApplications < ActiveRecord::Migration
+class CreateOproClientApps < ActiveRecord::Migration
   def change
     create_table :opro_client_applications do |t|
       t.string  :name

data/lib/generators/opro/install_generator.rb

@@ -15,6 +15,11 @@ module Opro
       def run_other_generators
         generate "active_record:opro"
       end
+
+      def add_opro_routes
+        opro_routes = "mount_opro_oauth"
+        route opro_routes
+      end
     end
   end
 end

data/lib/generators/templates/opro.rb

@@ -3,8 +3,15 @@ Opro.setup do |config|
   config.auth_strategy = :devise
 
   ## Add or remove application permissions
-    # Read permission is turned on by default (any request with [GET])
-    # Write permission is requestable by default (any request other than [GET])
-    # Custom permissions can be configured by adding them to the request_permissions Array and configuring require_oauth_permissions in the controller
+  # Read permission (any request with [GET]) is turned on by default
+  # Write permission (any request other than [GET]) is requestable by default
+  # Custom permissions can be configured by adding them to `config.request_permissions`
+  # You can then require that permission on individual actions by calling
+  # `require_oauth_permissions` in the controller
   config.request_permissions = [:write]
+
+  ## Refresh Token config
+  # uncomment `config.require_refresh_within` to require refresh tokens
+  # this will expire tokens within the given time duration
+  # config.require_refresh_within = 1.month
 end

data/lib/opro.rb

@@ -25,7 +25,6 @@ module Opro
       authenticate_user_method { |controller| controller.authenticate_user! }
     else
       # nothing
-      # TODO, be smart here, if they have devise gem in Gemfile and haven't specified auth_strategy use devise
     end
   end
 
@@ -71,6 +70,13 @@ module Opro
     @request_permissions || []
   end
 
+  def self.require_refresh_within=(require_refresh_within)
+    @require_refresh_within = require_refresh_within
+  end
+
+  def self.require_refresh_within
+    @require_refresh_within
+  end
 
   def self.logout_method(&block)
     if block.present?