opro 0.4.3 → 0.5.0

data/app/controllers/opro/oauth/client_app_controller.rb

@@ -7,19 +7,19 @@ class Opro::Oauth::ClientAppController < OproController
 
   # Show all client applications belonging to the current user
   def index
-    @client_apps = Opro::Oauth::ClientApp.where(:user_id => current_user.id)
+    @client_apps = Opro::Oauth::ClientApp.where(user_id: current_user.id)
   end
 
   def show
-    @client_app = Opro::Oauth::ClientApp.where(:id => params[:id], :user_id => current_user.id).first
+    @client_app = Opro::Oauth::ClientApp.where(id: params[:id], user_id: current_user.id).first
   end
 
   def edit
-    @client_app = Opro::Oauth::ClientApp.where(:id => params[:id], :user_id => current_user.id).first
+    @client_app = Opro::Oauth::ClientApp.where(id: params[:id], user_id: current_user.id).first
   end
 
   def update
-    @client_app = Opro::Oauth::ClientApp.where(:id => params[:id], :user_id => current_user.id).first
+    @client_app = Opro::Oauth::ClientApp.where(id: params[:id], user_id: current_user.id).first
     @client_app.name = params[:opro_oauth_client_app][:name]
     if @client_app.save
       redirect_to oauth_client_app_path(@client_app)

data/app/controllers/opro/oauth/tests_controller.rb

@@ -8,38 +8,29 @@ class Opro::Oauth::TestsController < OproController
 
   def show
     result = oauth_result(params)
-    respond_to do |format|
-      format.html do
-        render :text => result.to_json, :status => result[:status], :layout => true
-      end
-      format.json do
-        render :json => result, :status => result[:status]
-      end
-    end
+    render_result(result)
   end
 
   def create
     result = oauth_result(params)
-    respond_to do |format|
-      format.html do
-        render :text => result.to_json, :status => result[:status], :layout => true
-      end
-      format.json do
-        render :json => result, :status => result[:status]
-      end
-    end
+    render_result(result)
   end
 
   def destroy
     result = if valid_oauth?
-      {:status => 200, :message => 'OH NO!!! OAuth is disabled on this action; this is bad', :params => params}
+      {status: 200, message: 'OH NO!!! OAuth is disabled on this action; this is bad', params: params}
     else
-      {:status => :unauthorized, :message => "OAuth is disabled on this action; this is the correct result!", :params => params}
+      {status: :unauthorized, message: "OAuth is disabled on this action; this is the correct result!", params: params}
     end
+    render_result(result)
+  end
 
+  private
+
+  def render_result(result)
     respond_to do |format|
       format.html do
-        render :text => result.to_json,   :status => result[:status], :layout => true
+        render :text => result.to_json, :status => result[:status], :layout => true
       end
       format.json do
         render :json => result, :status => result[:status]
@@ -47,13 +38,11 @@ class Opro::Oauth::TestsController < OproController
     end
   end
 
-  private
-
   def oauth_result(options)
     if valid_oauth?
-      {:status => 200, :message => 'OAuth worked!', :params => options, :user_id => oauth_user.id }
+      {status: 200, message: 'OAuth worked!', params: options, user_id: oauth_user.id }
     else
-      {:status => :unauthorized, :message => "OAuth did not work :(  #{generate_oauth_error_message!}", :params => params}
+      {status: :unauthorized, message: "OAuth did not work :(  #{generate_oauth_error_message!}", params: params}
     end
   end
 end

data/app/controllers/opro/oauth/token_controller.rb

@@ -9,42 +9,49 @@ class Opro::Oauth::TokenController < OproController
   def create
     # Find the client application
     application = Opro::Oauth::ClientApp.authenticate(params[:client_id], params[:client_secret])
-
-    if application.nil?
-      render :json => {:error => app_not_found_error(params)}, :status => :unauthorized and return
+    auth_grant  = auth_grant_for(application, params)
+
+    if auth_grant.present?
+      auth_grant.refresh!
+      render :json => { access_token:  auth_grant.access_token,
+                        # http://tools.ietf.org/html/rfc6749#section-5.1
+                        token_type:    Opro.token_type || 'bearer',
+                        refresh_token: auth_grant.refresh_token,
+                        expires_in:    auth_grant.expires_in }
+    else
+      render_error debug_msg(params, application)
     end
+  end
 
+  private
+
+  def auth_grant_for(application, params)
     if params[:code]
-      auth_grant = Opro::Oauth::AuthGrant.auth_with_code!(params[:code], application.id)
+      Opro::Oauth::AuthGrant.find_by_code_app(params[:code], application)
     elsif params[:refresh_token]
-      auth_grant = Opro::Oauth::AuthGrant.find_for_refresh(params[:refresh_token], application.id)
+      Opro::Oauth::AuthGrant.find_by_refresh_app(params[:refresh_token], application)
     elsif params[:password].present? || params[:grant_type] == "password"|| params[:grant_type] == "bearer"
-      user       = ::Opro.find_user_for_all_auths!(self, params) if Opro.password_exchange_enabled? && oauth_valid_password_auth?(params[:client_id], params[:client_secret])
-      auth_grant = Opro::Oauth::AuthGrant.auth_with_user!(user, application.id) if user.present?
+      return false unless Opro.password_exchange_enabled?
+      return false unless oauth_valid_password_auth?(params[:client_id], params[:client_secret])
+      user       = ::Opro.find_user_for_all_auths!(self, params)
+      return false unless user.present?
+      auth_grant = Opro::Oauth::AuthGrant.find_or_create_by_user_app(user, application)
+      auth_grant.update_permissions if auth_grant.present?
+      auth_grant
     end
-
-    if auth_grant.blank?
-      render :json => {:error => debug_error_msg(params) }, :status => :unauthorized and return
-    end
-
-    auth_grant.refresh!
-    render :json => { :access_token   => auth_grant.access_token,
-                      :refresh_token  => auth_grant.refresh_token,
-                      :expires_in     => auth_grant.expires_in }
   end
 
-  private
-
-  def debug_error_msg(options)
+  def debug_msg(options, app)
     msg = "Could not find a user that belongs to this application"
+    msg << " based on client_id=#{options[:client_id]} and client_secret=#{options[:client_secret]}" if app.blank?
     msg << " & has a refresh_token=#{options[:refresh_token]}" if options[:refresh_token]
     msg << " & has been granted a code=#{options[:code]}"      if options[:code]
     msg << " using username and password"                      if options[:password]
     msg
   end
 
-  def app_not_found_error(options)
-    "Could not find application based on client_id=#{options[:client_id]} and client_secret=#{options[:client_secret]}"
+  def render_error(msg)
+    render :json => {:error => msg }, :status => :unauthorized
   end
 
-end
+end

data/app/models/opro/oauth/auth_grant.rb

@@ -18,7 +18,7 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
 
   serialize :permissions, Hash
 
-  attr_accessible :code, :access_token, :refresh_token, :access_token_expires_at, :permissions, :user_id, :user, :application_id, :application
+  # attr_accessible :code, :access_token, :refresh_token, :access_token_expires_at, :permissions, :user_id, :user, :application_id, :application
 
   def can?(value)
     HashWithIndifferentAccess.new(permissions)[value]
@@ -47,20 +47,34 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
     find_app_for_token.try(:user)
   end
 
-  def self.auth_with_code!(code, application_id)
-    auth_grant = self.where("code = ? AND application_id = ?", code, application_id).first
+  def self.find_by_code_app(code, app)
+    app_id = app.is_a?(Integer) ? app : app.id
+    auth_grant = self.where("code = ? AND application_id = ?", code, app_id).first
   end
 
-  def self.auth_with_user!(user, applicaiton_id, permissions = ::Opro.request_permissions)
-    return false unless user
-    permissions_hash =   permissions.each_with_object({}) {|element, hash| hash[element] = true }
-    auth_grant  =   self.where(:user_id  => user.id, :application_id => applicaiton_id).first
-    auth_grant  ||= self.create(:user_id => user.id, :application_id => applicaiton_id)
-    auth_grant.update_attributes(:permissions => permissions_hash)
-    auth_grant
+  # turns array of permissions into a hash
+  # [:write, :read] => {write: true, read: true}
+  def default_permissions
+    ::Opro.request_permissions.each_with_object({}) {|element, hash| hash[element] = true }
   end
 
-  def self.find_for_refresh(refresh_token, application_id)
+  def self.find_or_create_by_user_app(user, app)
+    app_id = app.is_a?(Integer) ? app : app.id
+    auth_grant  =   self.where(:user_id  => user.id, :application_id => app_id).first
+    auth_grant  ||= begin
+      auth_grant                = self.new
+      auth_grant.user_id        = user.id
+      auth_grant.application_id = app_id
+      auth_grant.save
+      auth_grant
+    end
+  end
+
+  def update_permissions(permissions = default_permissions)
+    self.permissions = permissions and save if self.permissions != permissions
+  end
+
+  def self.find_by_refresh_app(refresh_token, application_id)
     self.where("refresh_token = ? AND application_id = ?", refresh_token, application_id).first
   end
 

data/app/models/opro/oauth/client_app.rb

@@ -12,15 +12,24 @@ class Opro::Oauth::ClientApp < ActiveRecord::Base
 
   serialize :permissions, Hash
 
-  attr_accessible :user, :name, :app_id, :client_secret, :app_secret, :secret
+  # attr_accessible :user, :name, :app_id, :client_secret, :app_secret, :secret
 
+  def self.find_by_client_id(client_id)
+    where(app_id: client_id).first
+  end
 
   def self.authenticate(app_id, app_secret)
     where(["app_id = ? AND app_secret = ?", app_id, app_secret]).first
   end
 
   def self.create_with_user_and_name(user, name)
-    create(:user => user, :name => name, :app_id => generate_unique_app_id, :app_secret => SecureRandom.hex(16))
+    client_app            = self.new
+    client_app.user       = user
+    client_app.name       = name
+    client_app.app_id     = generate_unique_app_id
+    client_app.app_secret = SecureRandom.hex(16)
+    client_app.save
+    client_app
   end
 
   def self.generate_unique_app_id(app_id = SecureRandom.hex(16))

data/app/views/opro/oauth/auth/new.html.erb

@@ -20,7 +20,7 @@
       <% end %>
     </ul>
 
-    <%= f.submit 'Authorize This Application', :id => 'oauthAuthorize' %>
+    <%= f.submit 'Authorize This Application', :id => 'oauthAuthorize', :class => 'btn btn-primary' %>
   <%- end -%>
 
   <%= button_to 'Decline this Request', request.referrer||'/', :id => 'oauthNoAuthorize' %>

data/app/views/opro/oauth/docs/index.html.erb

@@ -5,8 +5,8 @@
   <h2>Quick Links</h2>
   <ul>
     <li><%= link_to 'Quick Start',  oauth_doc_path(:quick_start) %></li>
-    <li><%= link_to 'Curl',         oauth_doc_path(:curl)        %></li>
     <li><%= link_to 'OAuth',        oauth_doc_path(:oauth)       %></li>
+    <li><%= link_to 'Curl',         oauth_doc_path(:curl)        %></li>
 
     <% if ::Opro.request_permissions.present? %>
       <li><%= link_to 'Permisions',  oauth_doc_path(:permissions) %></li>

data/app/views/opro/oauth/docs/markdown/curl.md.erb

@@ -6,9 +6,6 @@
 
 With curl, we're able to arbitrarily add parameters to our requests and send using arbitrary HTTP verbs (GET/POST/DELETE) that are difficult to simulate in the browser. If you need to `POST` data to a url, doing so with curl is much easier than constructing a form for testing.
 
-# Hurl
-
-[Hurl](http://hurl.it/) is an open source browser-based `curl` implementation. If you're going to do quite a few curl requests, using it can be easier than the command line.
 
 ## How do I use it?
 
@@ -26,6 +23,9 @@ You can get the entire contents of a web document by simply calling curl with th
 You can ask for the headers of a request by adding the `-I` flag to a curl command:
 
     $ curl https://www.google.com -I
+
+The response may look something like this:
+
     HTTP/1.1 200 OK
     Expires: -1
     Cache-Control: private, max-age=0
@@ -48,4 +48,6 @@ You can specify the type of request you make in curl (GET, POST, PUT, DELETE, et
 
     $ curl -X POST <%= root_url %>products
 
+# Hurl
 
+[Hurl](http://hurl.it/) is an open source browser-based `curl` implementation. If you're going to do quite a few curl requests, using it can be easier than the command line.

data/app/views/opro/oauth/docs/markdown/permissions.md.erb

@@ -19,7 +19,7 @@ To perform any type of request other than a [GET](http://en.wikipedia.org/wiki/H
 As a client application, you can request specific scopes while you are authorizing a user. If no scope is specified, all permissions will be requested. This is an example of an application with client id of `3234myClientId5678` specifying that they want `write` access for their app:
 
 
-    <%= oauth_authorize_url(:client_id => "3234myClientId5678", :protocol => @protocol) + "&scope[]=write" %>
+    <%= oauth_new_url(:client_id => "3234myClientId5678", :protocol => @protocol) + "&scope[]=write" %>
 
 
 While authorizing your application a user can choose to grant or reject individual permissions.

data/app/views/opro/oauth/docs/markdown/quick_start.md.erb

@@ -30,7 +30,7 @@ Once you've registered an app successfully we can start to build an OAuth applic
 
 Now that you have a client application, you'll want to give it access to a user account. Open a new browser window and log in with a user account, then give your application permission by visiting the url below (swap out '3234myClientId5678' for your client id and '14321myClientSecret8765' for your client secret)
 
-    <%= oauth_authorize_url(:protocol => @protocol, :redirect_uri => "/", :client_id => "3234myClientId5678", :client_secret => "14321myClientSecret8765" ) %>
+    <%= oauth_new_url(:protocol => @protocol, :redirect_uri => "/", :client_id => "3234myClientId5678", :client_secret => "14321myClientSecret8765" ) %>
 
 
 This should land you on a page asking if you would like to grant permission to the application. If not, make sure you're logged in and you put the correct client id in the url.
@@ -53,10 +53,12 @@ We'll be using [Curl](<%= oauth_doc_path(:curl) %>) to go through the process of
 You'll want to make sure to replace `client_id`, `client_secret`, and `code` with your values.
 
 
-    $ curl '<%= oauth_token_url(:protocol      => @protocol,
+    $ curl -X POST -d '' '<%= oauth_token_url(
+                                :protocol      => @protocol,
                                 :client_id     => "3234myClientId5678",
                                 :client_secret => "14321myClientSecret8765",
-                                :code          => "4857goldfish827423") %>'
+                                :code          => "4857goldfish827423",
+                                :format        => "json") %>'
 
 
 You should get back a response that looks like this:
@@ -73,7 +75,7 @@ Now that we've gone through all the hard work of getting an access token, you ca
 
 Try it out for yourself. Replace the access token below with the one you received and run this curl command:
 
-    $ curl "<%= oauth_test_url(:show_me_the_money, :access_token => '9693accessTokena7ca570bbaf') %>"
+    $ curl "<%= oauth_test_url(:show_me_the_money, :access_token => '9693accessTokena7ca570bbaf', :format => 'json') %>"
 
 
 
@@ -81,7 +83,7 @@ You should see a successful result (again, don't forget to replace the example a
 
 You can also use a header to pass the OAuth token:
 
-    $ curl -H "Authorization: token 9693accessTokena7ca570bbaf" "<%= oauth_test_url(:show_me_the_money) %>"
+    $ curl -H "Authorization: token 9693accessTokena7ca570bbaf" "<%= oauth_test_url(:show_me_the_money, :format => 'json') %>"
 
 
 ## Security
@@ -89,3 +91,5 @@ You can also use a header to pass the OAuth token:
 Don't share your client application's secret or any user's access_token with unknown or untrusted parties. Always use https when available and don't write any of these values to your application's logs.
 
 
+
+

data/app/views/opro/oauth/docs/markdown/refresh_tokens.md.erb

@@ -10,7 +10,7 @@ If a token has expired or you simply wish to receive a new `access_token` you ca
 
 
 
-    $ curl '<%= oauth_token_url(:protocol      => @protocol,
+    $ curl -X POST -d '' '<%= oauth_token_url(:protocol      => @protocol,
                                 :client_id     => "3234myClientId5678",
                                 :client_secret => "14321myClientSecret8765",
                                 :refresh_token => "4857goldfish827423") %>'

data/lib/opro.rb

@@ -19,29 +19,19 @@ module Opro
     set_login_logout_methods
   end
 
+  # sets up defaults for common auth providers
   def self.set_login_logout_methods
-    case auth_strategy
+    klass = case auth_strategy
     when :devise
-      login_method             { |controller, current_user| controller.sign_in(current_user, :bypass => true) }
-      logout_method            { |controller, current_user| controller.sign_out(current_user) }
-      authenticate_user_method { |controller| controller.authenticate_user! }
-
-      find_user_for_auth do |controller, params|
-        return false if params[:password].blank?
-        find_params = params.each_with_object({}) {|(key,value), hash| hash[key] = value if Devise.authentication_keys.include?(key.to_sym) }
-        # Try to get fancy, some clients have :username hardcoded, if we have nothing in our find hash
-        # we can make an educated guess here
-        if find_params.blank? && params[:username].present?
-          find_params = { Devise.authentication_keys.first => params[:username] }
-        end
-        user = User.where(find_params).first if find_params.present?
-        return false unless user.present?
-        return false unless user.valid_password?(params[:password])
-        user
-      end
+      AuthProvider::Devise
     else
-      # nothing
+      auth_strategy if auth_strategy.is_a? Class
     end
+    return false unless klass.present?
+    login_method             { |controller, current_user| klass.new(controller).login_method(current_user)  }
+    logout_method            { |controller, current_user| klass.new(controller).logout_method(current_user) }
+    find_user_for_auth       { |controller, params|       klass.new(controller).find_user_for_auth(params)  }
+    authenticate_user_method { |controller|               klass.new(controller).authenticate_user_method    }
   end
 
   # Used by application controller to log user in
@@ -120,13 +110,21 @@ module Opro
     @user
   end
 
-
   # default to no match
   def self.header_auth_regex
     @header_auth_regex || /$^/
   end
 
-  # Allows a user to set define a custom authorization regular expression
+
+  def self.token_type=(token_type)
+    @token_type = token_type
+  end
+
+  def self.token_type
+    @token_type
+  end
+
+  # Allows a user to define a custom authorization regular expression
   def self.header_auth_regex=(regexstring)
     raise "not a regex" unless regexstring.is_a? Regexp
     @header_auth_regex = regexstring
@@ -152,7 +150,7 @@ module Opro
       @find_for_authentication ||= []
       @find_for_authentication << convert_to_lambda(&block)
     else
-      @find_for_authentication or raise 'find_for_authentication not set, please specify an oPRO auth_strategy in config/initializers/opro.rb'
+      @find_for_authentication or raise 'find_user_for_auth not set, please specify an oPRO auth_strategy in config/initializers/opro.rb'
     end
   end
 
@@ -165,8 +163,10 @@ module Opro
   end
 end
 
+
 require 'opro/controllers/concerns/rate_limits'
 require 'opro/controllers/concerns/error_messages'
 require 'opro/controllers/concerns/permissions'
 require 'opro/controllers/application_controller_helper'
+require 'opro/auth_provider/devise'
 require 'opro/engine'

data/lib/opro/auth_provider/devise.rb

@@ -0,0 +1,37 @@
+module Opro
+  module AuthProvider
+    class Devise
+      attr_reader :controller
+
+      def initialize(controller)
+        @controller = controller
+      end
+
+      def login_method(current_user)
+        controller.sign_in(current_user, :bypass => true)
+      end
+
+      def logout_method(current_user)
+        controller.sign_out(current_user)
+      end
+
+      def authenticate_user_method
+        controller.authenticate_user!
+      end
+
+      def find_user_for_auth(params)
+        return false if params[:password].blank?
+        find_params = params.each_with_object({}) {|(key,value), hash| hash[key] = value if ::Devise.authentication_keys.include?(key.to_sym) }
+        # Try to get fancy, some clients have :username hardcoded, if we have nothing in our find hash
+        # we can make an educated guess here
+        if find_params.blank? && params[:username].present?
+          find_params = { ::Devise.authentication_keys.first => params[:username] }
+        end
+        user = User.where(find_params).first if find_params.present?
+        return false unless user.present?
+        return false unless user.valid_password?(params[:password])
+        user
+      end
+    end
+  end
+end