opro 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (37) hide show
  1. data/.travis.yml +1 -0
  2. data/CHANGELOG.md +13 -0
  3. data/Gemfile +6 -22
  4. data/Gemfile.lock +13 -9
  5. data/README.md +48 -34
  6. data/Rakefile +2 -2
  7. data/VERSION +1 -1
  8. data/app/controllers/opro/oauth/client_app_controller.rb +19 -1
  9. data/app/controllers/opro/oauth/docs_controller.rb +21 -11
  10. data/app/controllers/opro/oauth/tests_controller.rb +6 -6
  11. data/app/models/opro/oauth/auth_grant.rb +6 -4
  12. data/app/views/opro/oauth/auth/new.html.erb +21 -22
  13. data/app/views/opro/oauth/client_app/edit.html.erb +14 -0
  14. data/app/views/opro/oauth/client_app/index.html.erb +17 -16
  15. data/app/views/opro/oauth/client_app/new.html.erb +19 -13
  16. data/app/views/opro/oauth/client_app/show.html.erb +15 -0
  17. data/app/views/opro/oauth/docs/index.html.erb +20 -21
  18. data/app/views/opro/oauth/docs/markdown/curl.md.erb +10 -10
  19. data/app/views/opro/oauth/docs/markdown/oauth.md.erb +6 -6
  20. data/app/views/opro/oauth/docs/markdown/password_exchange.md.erb +9 -9
  21. data/app/views/opro/oauth/docs/markdown/permissions.md.erb +1 -1
  22. data/app/views/opro/oauth/docs/markdown/quick_start.md.erb +21 -21
  23. data/app/views/opro/oauth/docs/markdown/refresh_tokens.md.erb +4 -4
  24. data/app/views/opro/oauth/docs/show.html.erb +4 -2
  25. data/app/views/opro/oauth/tests/index.html.erb +7 -7
  26. data/lib/generators/opro/install_generator.rb +1 -1
  27. data/lib/opro.rb +6 -6
  28. data/lib/opro/controllers/concerns/error_messages.rb +3 -3
  29. data/lib/opro/controllers/concerns/permissions.rb +1 -1
  30. data/lib/opro/rails/routes.rb +12 -3
  31. data/opro.gemspec +15 -17
  32. data/test/integration/client_app_controller_test.rb +28 -1
  33. data/test/integration/docs_controller_test.rb +1 -0
  34. data/test/models/opro/oauth/auth_grant_test.rb +7 -0
  35. data/test/test_helper.rb +6 -3
  36. metadata +91 -41
  37. data/app/views/opro/oauth/client_app/create.html.erb +0 -15
@@ -1,3 +1,4 @@
1
1
  language: ruby
2
2
  rvm:
3
3
  - 1.9.3
4
+ - jruby-19mode
@@ -1,3 +1,16 @@
1
+ ## master
2
+
3
+
4
+ ## 0.4.1
5
+
6
+ - jRuby compatibility
7
+ - [#9] Bugfix: Allow developers to enable refresh tokens by setting `require_refresh_within` even if they were running without it previously. (@robe5)
8
+ - [#10] Bugfix check the correct field when generating unique tokens (@carols10cents)
9
+ - [#12] Bugfix: client app names are now changeable
10
+ - All oPRO related html is wrapped with `opro` class (@carols10cents)
11
+ - Switch from bluecloth to kramdown gem for jRuby compatibility while parsing markdown
12
+
13
+
1
14
  ## 0.4.0
2
15
 
3
16
  - Enable configurable authorization headers based on regex.
data/Gemfile CHANGED
@@ -4,7 +4,7 @@ gem "activesupport" , ">= 3.1.0"
4
4
  gem "rails" , ">= 3.1.0"
5
5
 
6
6
 
7
- gem 'bluecloth'
7
+ gem 'kramdown' # pure ruby markdown parser
8
8
 
9
9
  group :development, :test do
10
10
  gem 'mocha'
@@ -14,31 +14,15 @@ group :development, :test do
14
14
 
15
15
 
16
16
  gem "capybara", ">= 0.4.0"
17
- gem "sqlite3"
17
+
18
18
  gem "launchy"
19
- end
20
19
 
21
- group :test do
22
- gem 'database_cleaner'
23
- end
20
+ gem "sqlite3", :platform => [:ruby, :mswin, :mingw]
21
+ gem "activerecord-jdbcsqlite3-adapter", :platform => :jruby
24
22
 
25
- group :test, :development do
26
23
  gem 'devise'
27
24
  end
28
25
 
29
-
30
- platforms :mri_18 do
31
- group :development, :test do
32
- gem "rcov"
33
- end
34
- end
35
-
36
- platforms :mri_19 do
37
- group :development, :test do
38
- gem "simplecov"
39
- end
26
+ group :test do
27
+ gem 'database_cleaner'
40
28
  end
41
-
42
- # To use debugger (ruby-debug for Ruby 1.8.7+, ruby-debug19 for Ruby 1.9.2+)
43
- # gem 'ruby-debug'
44
- # gem 'ruby-debug19'
@@ -31,7 +31,7 @@ GEM
31
31
  addressable (2.2.7)
32
32
  arel (3.0.2)
33
33
  bcrypt-ruby (3.0.1)
34
- bluecloth (2.2.0)
34
+ bcrypt-ruby (3.0.1-java)
35
35
  builder (3.0.0)
36
36
  capybara (1.1.2)
37
37
  mime-types (>= 1.16)
@@ -50,6 +50,7 @@ GEM
50
50
  warden (~> 1.1.1)
51
51
  erubis (2.7.0)
52
52
  ffi (1.0.11)
53
+ ffi (1.0.11-java)
53
54
  git (1.2.5)
54
55
  hike (1.2.1)
55
56
  i18n (0.6.0)
@@ -59,8 +60,14 @@ GEM
59
60
  rake
60
61
  journey (1.0.4)
61
62
  json (1.7.3)
63
+ json (1.7.3-java)
64
+ kramdown (0.14.0)
62
65
  launchy (2.1.0)
63
66
  addressable (~> 2.2.6)
67
+ launchy (2.1.0-java)
68
+ addressable (~> 2.2.6)
69
+ ffi (~> 1.0.9)
70
+ spoon (~> 0.0.1)
64
71
  mail (2.4.4)
65
72
  i18n (>= 0.4.0)
66
73
  mime-types (~> 1.16)
@@ -71,6 +78,7 @@ GEM
71
78
  metaclass (~> 0.0.1)
72
79
  multi_json (1.3.6)
73
80
  nokogiri (1.5.2)
81
+ nokogiri (1.5.2-java)
74
82
  orm_adapter (0.0.7)
75
83
  polyglot (0.3.3)
76
84
  rack (1.4.1)
@@ -96,7 +104,6 @@ GEM
96
104
  rdoc (~> 3.4)
97
105
  thor (>= 0.14.6, < 2.0)
98
106
  rake (0.9.2.2)
99
- rcov (1.0.0)
100
107
  rdoc (3.12)
101
108
  json (~> 1.4)
102
109
  rubyzip (0.9.7)
@@ -105,10 +112,7 @@ GEM
105
112
  ffi (~> 1.0)
106
113
  multi_json (~> 1.0)
107
114
  rubyzip
108
- simplecov (0.6.1)
109
- multi_json (~> 1.0)
110
- simplecov-html (~> 0.5.3)
111
- simplecov-html (0.5.3)
115
+ spoon (0.0.1)
112
116
  sprockets (2.1.3)
113
117
  hike (~> 1.2)
114
118
  rack (~> 1.0)
@@ -127,20 +131,20 @@ GEM
127
131
  nokogiri (~> 1.3)
128
132
 
129
133
  PLATFORMS
134
+ java
130
135
  ruby
131
136
 
132
137
  DEPENDENCIES
138
+ activerecord-jdbcsqlite3-adapter
133
139
  activesupport (>= 3.1.0)
134
- bluecloth
135
140
  bundler (>= 1.1.3)
136
141
  capybara (>= 0.4.0)
137
142
  database_cleaner
138
143
  devise
139
144
  jeweler (~> 1.6.4)
145
+ kramdown
140
146
  launchy
141
147
  mocha
142
148
  rails (>= 3.1.0)
143
- rcov
144
- simplecov
145
149
  sqlite3
146
150
  timecop
data/README.md CHANGED
@@ -1,15 +1,21 @@
1
- ## Opro
1
+ ## oPRO
2
2
 
3
- A production ready Rails Engine that turns your app into an [Oauth2](http://oauth.net/2/) Provider.
3
+ A production ready Rails Engine that turns your app into an [OAuth2](http://oauth.net/2/) Provider.
4
4
 
5
- * [Demo OAuth Provider app with Opro](http://opro-demo.herokuapp.com/) on Heroku
6
- * [Built in Opro docs](http://opro-demo.herokuapp.com/oauth_docs)
5
+ * [Demo OAuth Provider app with oPRO](http://opro-demo.herokuapp.com/) on Heroku
6
+ * [Built in oPRO docs](http://opro-demo.herokuapp.com/oauth_docs)
7
+ * [Example iOS App](https://github.com/opro/opro_iphone_demo)
8
+ * [Would you like a Mobile app with that (oPRO tutorial)](http://schneems.com/post/33781154129/would-you-like-a-mobile-app-with-that)
9
+
10
+ oPRO is short for (O)Auth (Pro)vider and is pronounced "oh proh". Not to be confused with [Oprah](http://www.oprah.com/index.html), who does not support or endorse this ruby gem in any way (yet).
11
+
12
+ [![Build Status](https://secure.travis-ci.org/opro/opro.png)](http://travis-ci.org/opro/opro)
7
13
 
8
14
  ## Why would I use this?
9
15
 
10
16
  Lets say you've built a Rails app, awesome. Now you want to build a mobile app on say, the iPhone... cool. You start throwing around `#to_json` like nobody's business, but then you realize you need to authenticate users somehow. "Basic Auth!!", you exclaim, but then you realize that's not the most secure solution. You also realize that some users already signed up with Facebook & Twitter so they don't have a username/password combo. What ever shall you do?
11
17
 
12
- Wouldn't it be great if we could have a token exchange where the user goes to a mobile web view and grants permission, and then we return back an auth token just like the big boys (Facebook, Twitter, *cough* Foursquare *cough*). With Opro, we can add this functionality pretty easily. We'll use your existing authentication strategy and provide some integration end points for your clients to use out of the box.
18
+ Wouldn't it be great if we could have a token exchange where the user goes to a mobile web view and grants permission, and then we return back an auth token just like the big boys (Facebook, Twitter, *cough* Foursquare *cough*). With oPRO, we can add this functionality pretty easily. We'll use your existing authentication strategy and provide some integration end points for your clients to use out of the box.
13
19
 
14
20
 
15
21
  ## Install
@@ -32,7 +38,7 @@ and don't forget
32
38
  $ rails g opro:install
33
39
  ```
34
40
 
35
- This will put a file in `initializers/opro.rb` and generate some migrations, and add `mount_opro_oauth` to your routes.
41
+ This will put a file in `initializers/opro.rb`, generate some migrations, and add `mount_opro_oauth` to your routes.
36
42
 
37
43
 
38
44
  Now we're ready to migrate the database
@@ -41,11 +47,11 @@ Now we're ready to migrate the database
41
47
  $ rake db:migrate
42
48
  ````
43
49
 
44
- This will add `Opro::Oauth::AuthGrant` and `Opro::Oauth::ClientApp` to your database. An iPhone app would need to register for a `client_id` and `client_secret` before using Oauth as a ClientApp. Once created they could get authorization from users by going through the oauth flow, thus creating AuthGrants. In other words a ClientApp has many users through AuthGrants.
50
+ This will add `Opro::Oauth::AuthGrant` and `Opro::Oauth::ClientApp` to your database. An iPhone app would need to register for a `client_id` and `client_secret` before using OAuth as a ClientApp. Once created they could get authorization from users by going through the OAuth flow, thus creating AuthGrants. In other words, a ClientApp has many users through AuthGrants.
45
51
 
46
52
  ## Setup
47
53
 
48
- Go to `initializers/opro.rb` and configure your app for your authentication scheme, if you're not using devise see "Custom Auth" below.
54
+ Go to `initializers/opro.rb` and configure your app for your authentication scheme. If you're not using devise, see "Custom Auth" below.
49
55
 
50
56
  ```ruby
51
57
  Opro.setup do |config|
@@ -72,24 +78,24 @@ You can also disallow OAuth on specific actions. Disallowing will always over-ri
72
78
  end
73
79
  ```
74
80
 
75
- By default all OAuth access is blacklisted. To whitelist all access, add `allow_oauth!` to your `ApplicationController` (this is not recommended). The best practice is to add `allow_oauth!` or `disallow_oauth` to each and every controller.
81
+ By default, all OAuth access is blacklisted. To whitelist all access, add `allow_oauth!` to your `ApplicationController` (this is not recommended). The best practice is to add `allow_oauth!` or `disallow_oauth` to each and every controller.
76
82
 
77
- That should be all you need to do to get setup, congrats you're now able to authenticate users using OAuth!!
83
+ That should be all you need to do to get set up. Congrats, you're now able to authenticate users using OAuth!!
78
84
 
79
85
 
80
86
  ## Use it
81
87
 
82
- Opro comes with built in documentation, so if you start your server you can view them at [http://localhost:3000/oauth_docs](http://localhost:3000/oauth_docs). Or you can [view the guide](http://opro-demo.herokuapp.com/oauth_docs) on the example app. This guide will walk you through creating your first OAuth client application, giving access to that app as a logged in user, getting an access token for that user, and using that token to access the server as an authenticated user!
88
+ oPRO comes with built in documentation, so if you start your server you can view the docs at [http://localhost:3000/oauth_docs](http://localhost:3000/oauth_docs). Or you can [view the guide](http://opro-demo.herokuapp.com/oauth_docs) on the example app. This guide will walk you through creating your first OAuth client application, giving access to that app as a logged in user, getting an access token for that user, and using that token to access the server as an authenticated user!
83
89
 
84
90
 
85
91
  # Advanced Setup
86
92
 
87
- Opro is simple by default, but easily configurable for a number of common use cases. Check out the options below.
93
+ oPRO is simple by default, but easily configurable for a number of common use cases. Check out the options below.
88
94
 
89
95
 
90
96
  ## Custom Auth
91
97
 
92
- If you're not using devise you can manually configure your own auth strategy. In the future I plan on adding more auth strategies, ping me or submit a pull request for your desired authentication scheme.
98
+ If you're not using devise, you can manually configure your own auth strategy. In the future I plan on adding more auth strategies; ping me or submit a pull request for your desired authentication scheme.
93
99
 
94
100
 
95
101
  Opro.setup do |config|
@@ -100,12 +106,12 @@ If you're not using devise you can manually configure your own auth strategy. In
100
106
 
101
107
  ## Permissions
102
108
 
103
- When a user auth's with a client they automatically are granting read permission to any action that you `allow_oauth!`. Read only clients are restricted to using GET requests. By default Opro will ask users for write permission on a client by client application. Client apps with `:write` permission can use all HTTP verbs including POST, PATCH, PUT, DESTROY on any url you whitelist using `allow_oauth!`.
109
+ When a user authenticates with a client, they are automatically granting read permission to any action that you `allow_oauth!`. Read-only clients are restricted to using GET requests. By default, oPRO will ask users for write permission on a client by the client application. Client apps with `:write` permission can use all HTTP verbs including POST, PATCH, PUT, DESTROY on any url you whitelist using `allow_oauth!`.
104
110
 
105
111
 
106
112
  ### Custom Permissions
107
113
 
108
- To remove write permissions comment out this line in the Opro initializer:
114
+ To remove write permissions, comment out this line in the oPRO initializer:
109
115
 
110
116
  config.request_permissions = [:write]
111
117
 
@@ -113,11 +119,11 @@ You can add custom permissions by adding to the array:
113
119
 
114
120
  config.request_permissions = [:write, :email, :picture, :whatever]
115
121
 
116
- You can then restrict access using the custom permissions by calling `require_oauth_permissions` which takes the same arguments as `before_filter`
122
+ You can then restrict access using the custom permissions by calling `require_oauth_permissions`, which takes the same arguments as `before_filter`:
117
123
 
118
124
  require_oauth_permissions :email, :only => :index
119
125
 
120
- You can also skip permissions using `skip_oauth_permissions`. By default permissions will just check to see if a client has the permission, and will allow the action if it is present. If you want to implement custom permission checks you can write custom methods using the pattern `oauth_client_can_#{permission}?` for example if you were restricting the `:email` permission, you would create a method.
126
+ You can also skip permissions using `skip_oauth_permissions`. By default, permissions will just check to see if a client has the permission and will allow the action if it is present. If you want to implement custom permission checks, you can write custom methods using the pattern `oauth_client_can_#{permission}?`. For example, if you were restricting the `:email` permission, you would create a method:
121
127
 
122
128
  def oauth_client_can_email?
123
129
  # ...
@@ -128,36 +134,44 @@ The result is expected to be true or false.
128
134
 
129
135
  ## Refresh Tokens
130
136
 
131
- For added security you can require access_tokens be refreshed by client applications. This will help to mitigate risk of a leaked access_token, and enable an all around more secure system. This security comes at a price however, since implementing the `refresh_token` functionality in a client can be more difficult.
137
+ For added security, you can require access_tokens to be refreshed by client applications. This will help to mitigate the risk of a leaked access_token and enable an all around more secure system. This security comes at a price, however, since implementing the `refresh_token` functionality in a client can be more difficult.
132
138
 
133
- By default refresh tokens are enabled, you can disable them in your application and set the timeout period of the tokens by adding this line to your configuration.
139
+ By default, refresh tokens are enabled. You can disable them in your application and set the timeout period of the tokens by adding this line to your configuration:
134
140
 
135
- config.require_refresh_within = 1.month
141
+ config.require_refresh_within = false
136
142
 
143
+ # Toggling Refresh Tokens
137
144
 
145
+ If you disable refresh tokens and then re-enable it you may have authorization grants that do not have a timeout listed, you can keep it like this or you can fix by iterating through all auth grants and setting their `access_token_expires_at` like this:
146
+
147
+ Opro::Oauth::AuthGrant.find_each(:conditions => "access_token_expires_at is null") do |grant|
148
+ grant.access_token_expires_at = Time.now + ::Opro.require_refresh_within
149
+ grant.save
150
+ end
138
151
 
152
+ You may also need to inform clients that they need to update their credentials and start using refresh tokens.
139
153
 
140
154
  ## Password Token Exchange
141
155
 
142
- If a client application has a user's password and username/email they can exchange these for a token. This is much safer than storing username and password on a local device, but does not offer the traditional OAuth "Flow". Because of this all available permissions will be granted to the client application. If you want to disable this feature you can set the configuration below to false:
156
+ If a client application has a user's password and username/email, they can exchange these for a token. This is much safer than storing the username and password on a local device, but it does not offer the traditional OAuth "Flow". Because of this, all available permissions will be granted to the client application. If you want to disable this feature you can set the configuration below to false:
143
157
 
144
158
  config.password_exchange_enabled = true
145
159
 
146
- If you have this feature enabled you can further control what applications can use the feature. Some providers may wish to have "Blessed" client applications that have this ability while restricting all other clients. To accomplish this you can create a method in your ApplicationController called `oauth_valid_password_auth?` that accepts a client_id and client_secret, and returns a true or false based on whether that application can use password auth
160
+ If you have this feature enabled, you can further control what applications can use the feature. Some providers may wish to have "Blessed" client applications that have this ability while restricting all other clients. To accomplish this, you can create a method in your ApplicationController called `oauth_valid_password_auth?` that accepts a client_id and client_secret and returns true or false based on whether that application can use password auth:
147
161
 
148
162
  def oauth_valid_password_auth?(client_id, client_secret)
149
163
  BLESSED_APP_IDS.include?(client_id)
150
164
  end
151
165
 
152
166
 
153
- If you are using this password functionality without a supported authorization engine (like devise), you will need to add an additional method that supports validating whether or not a user's credentials are valid. The method for this is called `find_user_for_auth` and accepts a controller and the parameters. The output is expected to be a user. Add this to your config like you did to the other required methods in the Custom Auth section.
167
+ If you are using this password functionality without a supported authorization engine (like devise), you will need to add an additional method that supports validating whether or not a user's credentials are valid. The method for this is called `find_user_for_auth` and accepts a controller and the parameters. The output is expected to be a user. Add this to your config like you did to the other required methods in the "Custom Auth" section:
154
168
 
155
169
  config.find_user_for_auth do |controller, params|
156
170
  # user = User.find(params[:something])
157
171
  # return user.valid_password?(params[:password]) ? user : false
158
172
  end
159
173
 
160
- If you're authenticating exchanging something other than a password (such as a facebook auth token) client's can still enable this functionality by setting `params[:grant_type] == 'password'` in their initial request. You can then use `find_user_for_auth` method from above and implement your custom behavior. You can call `find_user_for_auth` multiple times and the application will try calling each auth method in order. It is suggested that you return from this block early if the params are missing a vital key like this:
174
+ If you're authenticating by exchanging something other than a password (such as a facebook auth token), clients can still enable this functionality by setting `params[:grant_type] == 'password'` in their initial request. You can then use the `find_user_for_auth` method from above and implement your custom behavior. You can call `find_user_for_auth` multiple times and the application will try calling each auth method in order. It is suggested that you return from this block early if the params are missing a vital key like this:
161
175
 
162
176
 
163
177
  config.find_user_for_auth do |controller, params|
@@ -168,7 +182,7 @@ If you're authenticating exchanging something other than a password (such as a f
168
182
 
169
183
  ## Rate Limiting
170
184
 
171
- If your API becomes a runaway success and people starte abusing your api, you might chose to limit the rate that client applications can access your API. It is common for popular read only API's to have an hourly, or daily rate limit to help prevent abuse. If you want this type of functionality you can use Opro's built in hooks, one to record the number of times a client application has accessed your api. And another to let the application know if the Client app has gone over it's alloted rate.
185
+ If your API becomes a runaway success and people start abusing your API, you might choqse to limit the rate that client applications can access your API. It is common for popular read-only APIs to have an hourly or daily rate limit to help prevent abuse. If you want this type of functionality, you can use oPRO's built in hooks: one to record the number of times a client application has accessed your API and another to let the application know if the Client app has gone over its allotted rate.
172
186
 
173
187
  To record the number of times an application has accessed your site add this method to your ApplicationController:
174
188
 
@@ -176,26 +190,26 @@ To record the number of times an application has accessed your site add this met
176
190
  # implement your rate counting mechanism here
177
191
  end
178
192
 
179
- Then to let our server know if a given client has reached add this method, the output is expected to be true if the client has gone over their limit, and false if they have not:
193
+ Then to let our server know if a given client has reached its limit, add the method below. The output is expected to be true if the client has gone over their limit and false if they have not:
180
194
 
181
195
  def oauth_client_rate_limited?(client_id, params)
182
196
  # implement your own custom rate limiting logic here
183
197
  end
184
198
 
185
- Rate limited clients will receive an "unsuccessful" response to any query with a message letting them know they've been rate limited. Using redis with a rotating key generator based on (hour, daty, etc.) is one very common way to count rate, and implement the rate limits. Since there are so many different ways to implement this, we decided to give you a blank slate and implement it however you like. The default is that apps are not rate limited, and in general unlimited API access is the way to go, but if you do find abusive behavior you can always easily add in a rate limit.
199
+ Rate limited clients will receive an "unsuccessful" response to any query with a message letting them know they've been rate limited. Using redis with a rotating key generator based on (hour, day, etc.) is one very common way to count accesses and implement the rate limits. Since there are so many different ways to implement this, we decided to give you a blank slate and let you implement it however you would like. The default is that apps are not rate limited, and in general unlimited API access is the way to go, but if you do find abusive behavior you can always easily add in a rate limit.
186
200
 
187
201
 
188
202
  ## Configurable Authorization Header
189
203
 
190
- By default oPRO allows clients to send their authorization token in a header. For example someone using an auth token of `9693accessTokena7ca570bbaf` could set the `Authorization` header in a request like this:
204
+ By default, oPRO allows clients to send their authorization token in a header. For example, someone using an auth token of `9693accessTokena7ca570bbaf` could set the `Authorization` header in a request like this:
191
205
 
192
206
  $ curl -H "Authorization: Bearer 9693accessTokena7ca570bbaf" "http://localhost:3000/oauth_test/show_me_the_money"
193
207
 
194
- By default oPRO will accept `Bearer` and `token` in the authorization header, but if your client needs to send a custom auth header, you can add a custom extra regular expression to parse parse and return the token. For example if a client was setting the auth header like this:
208
+ By default, oPRO will accept `Bearer` and `token` in the authorization header, but if your client needs to send a custom auth header, you can add a custom extra regular expression to parse and return the token. For example, if a client was setting the auth header like this:
195
209
 
196
210
  $ curl -H "Authorization: cUsTomAuthHeader 9693accessTokena7ca570bbaf" "http://localhost:3000/oauth_test/show_me_the_money"
197
211
 
198
- You could pull out the auth token using this regular expression `/cUsTomAuthHeader\s(.*)/`. If you're not great with regular expressions I highly recommend using [Rubular](http://rubular.com) to test regex matches. It is very important that we are "capturing" data with in between the `()` characters. The data returned inside of the parens are expected to be the auth token with no spaces or special characters such as new lines or quotes. To set parse this auth header in oPRO, you can specify the `header_auth_regex` in an initializer like this:
212
+ You could pull out the auth token using the regular expression `/cUsTomAuthHeader\s(.*)/`. If you're not great with regular expressions, I highly recommend using [Rubular](http://rubular.com) to test regex matches. It is very important that we are "capturing" data in between the `()` characters. The data returned inside of the parens is expected to be the auth token with no spaces or special characters such as new lines or quotes. To parse this auth header in oPRO, you can specify the `header_auth_regex` in an initializer like this:
199
213
 
200
214
 
201
215
  Opro.setup do |config|
@@ -204,17 +218,17 @@ You could pull out the auth token using this regular expression `/cUsTomAuthHead
204
218
  config.header_auth_regex = /cUsTomAuthHeader\s(.*)/
205
219
  end
206
220
 
207
- Now when a client sends your custom auth header it will be parsed correctly. Custom authorization headers should not be used for security through obscurity. They may be exposed in the docs or tests in a later iteration of oPRO, if you have strong feelings against this, then please open a pull request or send me a message stating your case.
221
+ Now when a client sends your custom auth header, it will be parsed correctly. Custom authorization headers should not be used for security through obscurity. They may be exposed in the docs or tests in a later iteration of oPRO. If you have strong feelings against this, then please open a pull request or send me a message stating your case.
208
222
 
209
223
 
210
224
 
211
225
  ## Assumptions
212
226
 
213
- * You have a user model and that is what your authenticating
214
- * You're using Active::Record
227
+ * You have a user model and that is what you're authenticating
228
+ * You're using Active Record
215
229
 
216
230
  ## About
217
231
 
218
- If you have a question file an issue or, find me on the Twitters [@schneems](http://twitter.com/schneems). Another good library for turning your app into an OAuth provider is [Doorkeeper](https://github.com/applicake/doorkeeper), if this project doesn't meet your needs let me know why and use them :)
232
+ If you have a question file an issue or find me on the Twitters [@schneems](http://twitter.com/schneems). Another good library for turning your app into an OAuth provider is [Doorkeeper](https://github.com/applicake/doorkeeper), if this project doesn't meet your needs let me know why and use them :)
219
233
 
220
234
  This project rocks and uses MIT-LICENSE.
data/Rakefile CHANGED
@@ -26,7 +26,7 @@ task :default => :test
26
26
 
27
27
  Rake::RDocTask.new(:rdoc) do |rdoc|
28
28
  rdoc.rdoc_dir = 'rdoc'
29
- rdoc.title = 'Opro'
29
+ rdoc.title = 'oPRO'
30
30
  rdoc.options << '--line-numbers' << '--inline-source'
31
31
  rdoc.rdoc_files.include('README.rdoc')
32
32
  rdoc.rdoc_files.include('lib/**/*.rb')
@@ -47,7 +47,7 @@ Jeweler::Tasks.new do |gem|
47
47
  gem.name = "opro"
48
48
  gem.homepage = "http://github.com/schneems/opro"
49
49
  gem.license = "MIT"
50
- gem.summary = %Q{ Opro turns your Rails application into an OAuth Provider }
50
+ gem.summary = %Q{ oPRO turns your Rails application into an OAuth Provider }
51
51
  gem.description = %Q{ Enable OAuth clients (iphone, android, web sites, etc.) to access and use your Rails application, what you do with it is up to you}
52
52
  gem.email = "richard.schneeman@gmail.com"
53
53
  gem.authors = ["schneems"]
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.4.0
1
+ 0.4.1
@@ -10,12 +10,30 @@ class Opro::Oauth::ClientAppController < OproController
10
10
  @client_apps = Opro::Oauth::ClientApp.where(:user_id => current_user.id)
11
11
  end
12
12
 
13
+ def show
14
+ @client_app = Opro::Oauth::ClientApp.where(:id => params[:id], :user_id => current_user.id).first
15
+ end
16
+
17
+ def edit
18
+ @client_app = Opro::Oauth::ClientApp.where(:id => params[:id], :user_id => current_user.id).first
19
+ end
20
+
21
+ def update
22
+ @client_app = Opro::Oauth::ClientApp.where(:id => params[:id], :user_id => current_user.id).first
23
+ @client_app.name = params[:opro_oauth_client_app][:name]
24
+ if @client_app.save
25
+ redirect_to oauth_client_app_path(@client_app)
26
+ else
27
+ render :edit
28
+ end
29
+ end
30
+
13
31
 
14
32
  def create
15
33
  @client_app = Opro::Oauth::ClientApp.find_by_user_id_and_name(current_user.id, params[:opro_oauth_client_app][:name])
16
34
  @client_app ||= Opro::Oauth::ClientApp.create_with_user_and_name(current_user, params[:opro_oauth_client_app][:name])
17
35
  if @client_app.save
18
- # do nothing
36
+ redirect_to oauth_client_app_path(@client_app)
19
37
  else
20
38
  render :new
21
39
  end
@@ -1,19 +1,18 @@
1
1
  require 'erb'
2
- require 'bluecloth'
3
-
4
- OPRO_MD_ROOT=File.join(File.dirname(__FILE__), '../../../views/opro/oauth/docs/markdown/')
2
+ require 'kramdown'
5
3
 
4
+ OPRO_MD_ROOT = File.join(File.dirname(__FILE__), '../../../views/opro/oauth/docs/markdown/')
6
5
 
7
6
  class Opro::Oauth::DocsController < OproController
7
+ before_filter :set_protocol!
8
8
  helper_method :render_doc
9
9
 
10
10
  def index
11
- @protocol = protocol
12
11
  end
13
12
 
14
13
  def show
15
- @protocol = protocol
16
- @doc = params[:id]
14
+ @doc = params[:id]
15
+ render :file => default_404, :status => 404 and return unless md_exists?(@doc)
17
16
  end
18
17
 
19
18
  def render_doc(name)
@@ -25,8 +24,12 @@ class Opro::Oauth::DocsController < OproController
25
24
 
26
25
  private
27
26
 
28
- def protocol
29
- Rails.env.production? ? "https" : "http"
27
+ def default_404
28
+ Rails.root.join("public", "404")
29
+ end
30
+
31
+ def set_protocol!
32
+ @protocol = Rails.env.production? ? "https" : "http"
30
33
  end
31
34
 
32
35
  def parse_erb(str)
@@ -34,11 +37,18 @@ class Opro::Oauth::DocsController < OproController
34
37
  end
35
38
 
36
39
  def parse_markdown(str)
37
- BlueCloth.new(str).to_html
40
+ Kramdown::Document.new(str).to_html
41
+ end
42
+
43
+ def doc_md_filename(name)
44
+ OPRO_MD_ROOT + name + '.md.erb'
45
+ end
46
+
47
+ def md_exists?(name)
48
+ File.exists?(doc_md_filename(name.to_s))
38
49
  end
39
50
 
40
51
  def read_file(name)
41
- name = OPRO_MD_ROOT + name
42
- File.open(name + '.md.erb' ).read.to_s
52
+ File.open(doc_md_filename(name)).read.to_s
43
53
  end
44
54
  end