opro 0.3.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. data/CHANGELOG.md +4 -0
  2. data/VERSION +1 -1
  3. data/app/models/opro/oauth/auth_grant.rb +12 -2
  4. data/app/models/opro/oauth/client_app.rb +4 -8
  5. data/lib/generators/active_record/templates/auth_grants.rb +4 -0
  6. data/lib/generators/active_record/templates/client_apps.rb +3 -0
  7. data/opro.gemspec +4 -2
  8. data/test/models/opro/oauth/auth_grant_test.rb +18 -0
  9. data/test/models/opro/oauth/client_app_test.rb +11 -0
  10. data/test/test_helper.rb +2 -0
  11. metadata +31 -29
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## 0.3.1
2
+
3
+ - [#7] Bugfix: Verify access_token, refresh_token, and code are unique before attempting to save (@twinge)
4
+
1
5
  ## 0.3.0
2
6
 
3
7
  - Properly set attr_accessible for those apps that are requiring all attributes to be whitelisted.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.3.0
1
+ 0.3.1
data/app/models/opro/oauth/auth_grant.rb CHANGED
@@ -9,6 +9,8 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
9
9
 
10
10
 
11
11
  validates :application_id, :uniqueness => {:scope => :user_id, :message => "Application is already authed for this user"}, :presence => true
12
+ validates :code, :uniqueness => true
13
+ validates :access_token, :uniqueness => true
12
14
 
13
15
  before_create :generate_tokens!, :generate_expires_at!
14
16
 
@@ -78,7 +80,15 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
78
80
  end
79
81
 
80
82
  def generate_tokens!
81
- self.code, self.access_token, self.refresh_token = SecureRandom.hex(16), SecureRandom.hex(16), SecureRandom.hex(16)
83
+ self.code, self.access_token, self.refresh_token = unique_token_for(:refresh_token), unique_token_for(:access_token), unique_token_for(:refresh_token)
84
+ end
85
+
86
+ # used to guarantee that we are generating unique codes, access_tokens and refresh_tokens
87
+ def unique_token_for(field, secure_token = SecureRandom.hex(16))
88
+ raise "bad field" unless self.respond_to?(field)
89
+ auth_grant = self.class.where(field => secure_token).first
90
+ return secure_token if auth_grant.blank?
91
+ unique_token_for(field)
82
92
  end
83
93
 
84
94
  def redirect_uri_for(redirect_uri, state = nil)
@@ -90,4 +100,4 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
90
100
  redirect_uri << "&state=#{state}" if state.present?
91
101
  redirect_uri
92
102
  end
93
- end
103
+ end
data/app/models/opro/oauth/client_app.rb CHANGED
@@ -20,16 +20,12 @@ class Opro::Oauth::ClientApp < ActiveRecord::Base
20
20
  end
21
21
 
22
22
  def self.create_with_user_and_name(user, name)
23
- create(:user => user, :name => name, :app_id => generate_id, :app_secret => SecureRandom.hex(16))
23
+ create(:user => user, :name => name, :app_id => generate_unique_app_id, :app_secret => SecureRandom.hex(16))
24
24
  end
25
25
 
26
- def self.generate_id
27
- app_id = SecureRandom.hex(16)
26
+ def self.generate_unique_app_id(app_id = SecureRandom.hex(16))
28
27
  client_app = where(:app_id => app_id)
29
- if client_app.present?
30
- generate_id
31
- else
32
- return app_id
33
- end
28
+ return app_id if client_app.blank?
29
+ generate_unique_app_id
34
30
  end
35
31
  end
data/lib/generators/active_record/templates/auth_grants.rb CHANGED
@@ -11,5 +11,9 @@ class CreateOproAuthGrants < ActiveRecord::Migration
11
11
 
12
12
  t.timestamps
13
13
  end
14
+
15
+ add_index :opro_auth_grants, :code, :unique => true
16
+ add_index :opro_auth_grants, :access_token, :unique => true
17
+ add_index :opro_auth_grants, :refresh_token, :unique => true
14
18
  end
15
19
  end
data/lib/generators/active_record/templates/client_apps.rb CHANGED
@@ -8,5 +8,8 @@ class CreateOproClientApps < ActiveRecord::Migration
8
8
  t.integer :user_id
9
9
  t.timestamps
10
10
  end
11
+
12
+ add_index :opro_client_apps, :app_id, :unique => true
13
+ add_index :opro_client_apps, [:app_id, :app_secret], :unique => true
11
14
  end
12
15
  end
data/opro.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "opro"
8
- s.version = "0.3.0"
8
+ s.version = "0.3.1"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["schneems"]
12
- s.date = "2012-07-05"
12
+ s.date = "2012-07-18"
13
13
  s.description = " Enable OAuth clients (iphone, android, web sites, etc.) to access and use your Rails application, what you do with it is up to you"
14
14
  s.email = "richard.schneeman@gmail.com"
15
15
  s.extra_rdoc_files = [
@@ -114,6 +114,8 @@ Gem::Specification.new do |s|
114
114
  "test/integration/docs_controller_test.rb",
115
115
  "test/integration/oauth_test.rb",
116
116
  "test/integration/refresh_token_test.rb",
117
+ "test/models/opro/oauth/auth_grant_test.rb",
118
+ "test/models/opro/oauth/client_app_test.rb",
117
119
  "test/opro_test.rb",
118
120
  "test/support/integration_case.rb",
119
121
  "test/test_helper.rb"
data/test/models/opro/oauth/auth_grant_test.rb ADDED
@@ -0,0 +1,18 @@
1
+ require 'test_helper'
2
+
3
+ class OproAuthGrantTest < ActiveSupport::TestCase
4
+ test "duplicate access_tokens can't happen" do
5
+ grant = create_auth_grant
6
+ dup_grant = create_auth_grant
7
+ dup_grant.access_token = grant.access_token
8
+ refute dup_grant.valid?
9
+ assert dup_grant.errors.present?
10
+ end
11
+
12
+ test "unique_secure_token_for" do
13
+ grant = create_auth_grant
14
+ token = grant.access_token
15
+ new_token = grant.unique_token_for(:access_token, token)
16
+ assert_not_equal token, new_token
17
+ end
18
+ end
data/test/models/opro/oauth/client_app_test.rb ADDED
@@ -0,0 +1,11 @@
1
+ require 'test_helper'
2
+
3
+ class OproClientAppTest < ActiveSupport::TestCase
4
+
5
+ test "generate_unique_app_id" do
6
+ client_app = create_client_app
7
+ app_id = client_app.app_id
8
+ new_app_id = Opro::Oauth::ClientApp.generate_unique_app_id(app_id)
9
+ assert_not_equal app_id, new_app_id
10
+ end
11
+ end
data/test/test_helper.rb CHANGED
@@ -78,6 +78,8 @@ def create_auth_grant_for_user(user = nil, app = nil)
78
78
  Opro::Oauth::AuthGrant.create(:user => user, :application => app)
79
79
  end
80
80
 
81
+ alias :create_auth_grant :create_auth_grant_for_user
82
+
81
83
 
82
84
  # Will run the given code as the user passed in
83
85
  def as_user(user=nil, &block)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: opro
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.3.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-07-05 00:00:00.000000000Z
12
+ date: 2012-07-18 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activesupport
16
- requirement: &70202055236780 !ruby/object:Gem::Requirement
16
+ requirement: &70290681694980 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: 3.1.0
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70202055236780
24
+ version_requirements: *70290681694980
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: rails
27
- requirement: &70202055235540 !ruby/object:Gem::Requirement
27
+ requirement: &70290681696520 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 3.1.0
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *70202055235540
35
+ version_requirements: *70290681696520
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: bluecloth
38
- requirement: &70202055228260 !ruby/object:Gem::Requirement
38
+ requirement: &70290681698080 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
43
43
  version: '0'
44
44
  type: :runtime
45
45
  prerelease: false
46
- version_requirements: *70202055228260
46
+ version_requirements: *70290681698080
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: mocha
49
- requirement: &70202055227520 !ruby/object:Gem::Requirement
49
+ requirement: &70290681699760 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
54
54
  version: '0'
55
55
  type: :development
56
56
  prerelease: false
57
- version_requirements: *70202055227520
57
+ version_requirements: *70290681699760
58
58
  - !ruby/object:Gem::Dependency
59
59
  name: timecop
60
- requirement: &70202055226840 !ruby/object:Gem::Requirement
60
+ requirement: &70290681717840 !ruby/object:Gem::Requirement
61
61
  none: false
62
62
  requirements:
63
63
  - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
65
65
  version: '0'
66
66
  type: :development
67
67
  prerelease: false
68
- version_requirements: *70202055226840
68
+ version_requirements: *70290681717840
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: jeweler
71
- requirement: &70202055225620 !ruby/object:Gem::Requirement
71
+ requirement: &70290681717140 !ruby/object:Gem::Requirement
72
72
  none: false
73
73
  requirements:
74
74
  - - ~>
@@ -76,10 +76,10 @@ dependencies:
76
76
  version: 1.6.4
77
77
  type: :development
78
78
  prerelease: false
79
- version_requirements: *70202055225620
79
+ version_requirements: *70290681717140
80
80
  - !ruby/object:Gem::Dependency
81
81
  name: bundler
82
- requirement: &70202055224960 !ruby/object:Gem::Requirement
82
+ requirement: &70290681716440 !ruby/object:Gem::Requirement
83
83
  none: false
84
84
  requirements:
85
85
  - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
87
87
  version: 1.1.3
88
88
  type: :development
89
89
  prerelease: false
90
- version_requirements: *70202055224960
90
+ version_requirements: *70290681716440
91
91
  - !ruby/object:Gem::Dependency
92
92
  name: capybara
93
- requirement: &70202055224040 !ruby/object:Gem::Requirement
93
+ requirement: &70290681715820 !ruby/object:Gem::Requirement
94
94
  none: false
95
95
  requirements:
96
96
  - - ! '>='
@@ -98,10 +98,10 @@ dependencies:
98
98
  version: 0.4.0
99
99
  type: :development
100
100
  prerelease: false
101
- version_requirements: *70202055224040
101
+ version_requirements: *70290681715820
102
102
  - !ruby/object:Gem::Dependency
103
103
  name: sqlite3
104
- requirement: &70202055223120 !ruby/object:Gem::Requirement
104
+ requirement: &70290681715300 !ruby/object:Gem::Requirement
105
105
  none: false
106
106
  requirements:
107
107
  - - ! '>='
@@ -109,10 +109,10 @@ dependencies:
109
109
  version: '0'
110
110
  type: :development
111
111
  prerelease: false
112
- version_requirements: *70202055223120
112
+ version_requirements: *70290681715300
113
113
  - !ruby/object:Gem::Dependency
114
114
  name: launchy
115
- requirement: &70202055222220 !ruby/object:Gem::Requirement
115
+ requirement: &70290681714720 !ruby/object:Gem::Requirement
116
116
  none: false
117
117
  requirements:
118
118
  - - ! '>='
@@ -120,10 +120,10 @@ dependencies:
120
120
  version: '0'
121
121
  type: :development
122
122
  prerelease: false
123
- version_requirements: *70202055222220
123
+ version_requirements: *70290681714720
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: devise
126
- requirement: &70202055221440 !ruby/object:Gem::Requirement
126
+ requirement: &70290681714060 !ruby/object:Gem::Requirement
127
127
  none: false
128
128
  requirements:
129
129
  - - ! '>='
@@ -131,10 +131,10 @@ dependencies:
131
131
  version: '0'
132
132
  type: :development
133
133
  prerelease: false
134
- version_requirements: *70202055221440
134
+ version_requirements: *70290681714060
135
135
  - !ruby/object:Gem::Dependency
136
136
  name: rcov
137
- requirement: &70202055220840 !ruby/object:Gem::Requirement
137
+ requirement: &70290681713180 !ruby/object:Gem::Requirement
138
138
  none: false
139
139
  requirements:
140
140
  - - ! '>='
@@ -142,10 +142,10 @@ dependencies:
142
142
  version: '0'
143
143
  type: :development
144
144
  prerelease: false
145
- version_requirements: *70202055220840
145
+ version_requirements: *70290681713180
146
146
  - !ruby/object:Gem::Dependency
147
147
  name: simplecov
148
- requirement: &70202055209840 !ruby/object:Gem::Requirement
148
+ requirement: &70290681712500 !ruby/object:Gem::Requirement
149
149
  none: false
150
150
  requirements:
151
151
  - - ! '>='
@@ -153,7 +153,7 @@ dependencies:
153
153
  version: '0'
154
154
  type: :development
155
155
  prerelease: false
156
- version_requirements: *70202055209840
156
+ version_requirements: *70290681712500
157
157
  description: ! ' Enable OAuth clients (iphone, android, web sites, etc.) to access
158
158
  and use your Rails application, what you do with it is up to you'
159
159
  email: richard.schneeman@gmail.com
@@ -260,6 +260,8 @@ files:
260
260
  - test/integration/docs_controller_test.rb
261
261
  - test/integration/oauth_test.rb
262
262
  - test/integration/refresh_token_test.rb
263
+ - test/models/opro/oauth/auth_grant_test.rb
264
+ - test/models/opro/oauth/client_app_test.rb
263
265
  - test/opro_test.rb
264
266
  - test/support/integration_case.rb
265
267
  - test/test_helper.rb
@@ -278,7 +280,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
278
280
  version: '0'
279
281
  segments:
280
282
  - 0
281
- hash: -4415944458233682145
283
+ hash: -1410749762090226826
282
284
  required_rubygems_version: !ruby/object:Gem::Requirement
283
285
  none: false
284
286
  requirements: